Generative AI systems are increasingly being used by threat actors to influence elections around the world, including in Canada, says the latest report by Canada’s electronic spy agency on threats to this country’s democratic process.
“We assess that AI synthetic content generation related to national elections will almost certainly increase in the next two years, as this technology becomes more widely available.” says the biannual report of the Communications Security Establishment (CSE).
“As synthetic content generation increases and becomes more widespread, it will almost certainly become more difficult to detect, making it harder for Canadians to trust online information about politicians or elections.”
Cyber threat activity targeting democratic processes are likely viewed by adversaries as “an obscure and risk-averse way of impacting Canada’s policy outcomes,” the report says.
The report comes just over a month before the start of a national public inquiry into foreign interference in Canadian elections and democratic institutions. The Foreign Interference Commission’s website is here.
Related content: Federal budget includes millions for fighting foreign interference
Since the 2021 version of the report, the CSE says there has been an increase in the amount of synthetic content — such as deepfake images, videos and news — relating to elections.
This is almost certainly because of the increased accessibility of technologies to create synthetic content.
“On the other hand, the use of synthetic content for disinformation about elections remains relatively low,” the report adds.
Disinformation about the next Canadian federal election will almost certainly be found online, the report says, and foreign adversaries will likely use generative AI to target Canada’s federal election in the next two years.
“Cyber incidents are also more likely to happen in Canada’s next federal election than they have been in the past,” the report adds.
Related content: Parliamentary hearing continues into foreign use of social media
The CSE, part of the Defence Department, has the responsibility for protecting federal IT networks, including intercepting and breaking foreign codes and creating secure codes for government employees.
About 85 per cent of cyber threat activity targeting national elections last year couldn’t be attributed to a state-sponsored cyber threat actor, the report says, a tribute to the techniques they use — either because the attackers obfuscate their origins, or because they outsource attacks to third parties. Sometimes these third parties are commercial public relations or marketing firms.
Of the 15 per cent of activity that can be identified, most is linked to Russia and China.
This includes attempted distributed denial of service attacks, attacks against election authority websites, accessing voter personal information or information relating to the election, and vulnerability scanning of online election systems. In Canadian federal elections, the report notes, residents only vote by paper ballots.
However, some municipalities here have allowed online voting. Almost half of Ontario’s 444 municipalities, and 42 of Nova Scotia’s 49 municipalities (86 per cent) used online voting in at least one of their past elections, the report notes.
Generally, threat actors targeting elections favour manipulating the information environment over attempts to directly impact the voting process, the report adds.
Russia and China will continue to be responsible for most of the attributed cyber threat activity targeting foreign elections, the report says, and will focus on targeting countries of strategic significance to them.
It notes that upcoming European elections in 2023 and 2024 “could be a significant target for Russia due to the military and economic importance of Europe’s support to Ukraine.”
The CSE’s outward-facing department, the Canadian Centre for Cyber Security, has published a Cyber Security Guide for Campaign Teams and Cyber Security Advice for Political Candidates.