Hackers likely to target Canadian parties, says Conservative campaign chair
We're 'naive' if we think Canada is immune, says Microsoft executive
There is a very real risk of Canada's political parties being hacked in the lead-up to next year's federal election, says the campaign manager for one of the country's largest political parties.
"I am worried about the hacking of political parties," Conservative campaign manager Hamish Marshall told an Ottawa audience Monday night.
"I think we've seen it happen in the United States. We saw it happen in France. I think that it's going to happen here and I think that political parties who have strained budgets that they want to spend on lots of other, much more exciting and sexy things — spending a whole lot of money on cyber security is a difficult pitch in those budget meetings."
Marshall said those involved in federal politics also have to be wary of people who might try to engage with them online before attempting extortion — something that allegedly happened to Conservative MP Tony Clement.
"Now you can create fake accounts and create online relationships with anyone involved in the political process," he told the discussion organized by the Ottawa-based group thePanel.
Marshall's comments come after Defence Minister Harjit Sajjan warned that Russia is likely to target Canadian voters with fake news and cyberattacks during next year's federal election.
Parties still aren't subject to privacy laws
The comments also come as calls are mounting for Canada's political parties to be made subject to federal privacy law. Unlike private companies and government departments, political parties are not subject to any privacy law — despite the fact that they have been accumulating information about millions of Canadian voters.
And because they're not subject to privacy laws, political parties aren't required by law to inform the people in their databases when their information is breached.
At a recent parliamentary committee hearing, the New Democratic Party called on the federal government to bring political parties under privacy law. Prime Minister Justin Trudeau's Liberal Party has opposed the idea, saying it could deter volunteers.
The Conservative Party has adopted a neutral stance, saying it would be guided by Parliament.
Marlene Floyd, national director of corporate affairs for Microsoft, said there is a very real threat of cyberattacks on Canadian democracy.
"This is real," she said. "Canada is vulnerable and I think we're naive if we think we're not."
Floyd said Microsoft has been working with companies, platforms and lawmakers around the world on problems such as how to create more consistent standards for cyber security. She said Microsoft is working with the FBI in the U.S. to call out state actors attacking democratic institutions and processes — and brought down three websites in the U.S. that were spoofing in the lead-up to the U.S. midterms.
"What they are trying to do with disinformation is they are really trying to find a schism that is pre-existing in society and then to amplify it," she said.
Fen Hampson, director of the global security and politics program at the Centre for International Governance Innovation, said the last few years have seen major cyberattacks on electoral systems in both advanced and transitional democracies.
An Orwellian future for democracy?
"We're seeing more of it. We're seeing it on a bigger scale," he said. "We're also seeing that they're getting pretty sophisticated in terms of adapting to efforts to shut them down."
Hampson said those attacks and the scandal surrounding Cambridge Analytica — a political consultancy firm which used data from tens of millions of Facebook users to profile voters — amount to just the tip of the iceberg.
"That problem of AI and artificial intelligence and manipulation of data, the political purposes to which that can be put ... will make the world of George Orwell's 1984 look like a child's picnic," he said.
Hampson said the decision made at the G7 meeting in Charlevoix in June to create 'rapid reaction' capacity to respond to cyberattacks is a start. However, he said, legislation is needed to bring political parties under privacy law and countries have to begin working together.
"We can't do it on our own."
Elizabeth Thompson can be reached at firstname.lastname@example.org