In a Post-Truth World, Can Cybersecurity Save Democracy?
AICGS Senior Cyber Fellow
Dr. Sarah Lohmann is currently the Senior Cyber Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University. She manages projects which aim to increase agreement between Germany and the United States on improving cybersecurity and creating cybernorms. Since 2010, Dr. Lohmann has served as a university instructor at the Universität der Bundeswehr. She achieved her doctorate in political science there in 2013, when she became a senior researcher working for the political science department. Dr. Lohmann also serves as Communications Lead Faculty at the University of Washington, where she teaches classes on big data and preventing disinformation and misinformation and has helped develop a new Emerging Technology Certificate.
Prior to her tenure at the Universität der Bundeswehr, Dr. Lohmann was a press spokesman for the U.S. Department of State for human rights as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist. She has been published in multiple books, including a handbook on digital transformation, Redesigning Organizations: Concepts for the Connected Society (Springer, 2020) and written over a thousand articles in international press outlets. Her current areas of research include cybersecurity as it relates to election security, national security, transatlantic relations, energy, international law, and big data.
The Munich Security Conference this year was as much about who was in the main hall at the Bayerischer Hof, as who wasn’t. Lurking in the shadows of empty words about supporting an alliance that is in truth unraveling, were 4.9 million Syrian refugees who have been displaced and killed, with 5,079 migrants dying in 2016 at European borders, while many countries in the West watched. At the same time, hundreds of journalists are being silenced, while fake news, troll farms, and automated social media bots are shaping the way we view the post-truth world.
While many defense ministers and even members of the U.S. Congress spent their time blaming the challenges of the “Post-West” order on America’s new president, directly or indirectly, many participants failed to take responsibility for the wave of isolationism and nationalism that has consumed European nations as well as American society on the ground level since the MSC last met a year ago. Then, Serbian Foreign Affairs Minister Ivica Dačić had declared from the Bayerischer Hof on the eve of the conference that his country would not stand by and watch refugees be locked into his country, and within days, Serbia, Croatia, Slovenia, Macedonia, and Austria had shut their borders.
Many panels during the three-day conference this year concluded with a “We’ll have to wait and see” what the Trump administration does, who joins his team, and what he tweets next approach. Yet time is not on the side of Western leaders. Across Europe and North America, civil society is being challenged by nationalist ideals that have sown a spike in violent anti-Semitism, xenophobia, electoral interference, and a clamp down on press freedom.
What does this look like across the countries of the alliance? Since October, hundreds of headstones at Jewish cemeteries across the United States and Europe have been destroyed, and in North America, there have been 68 bomb threats at 53 Jewish Community Centers in the last two months alone. In Germany in 2016, there were 3,500 attacks on refugees and asylum centers, resulting in refugees’ homes being burned, and 560 people being injured, 43 of them children. The electoral process in the United States was interfered with through a Russian influence campaign that included hacks on the servers of the Democratic Party and isolated Republican accounts, as well as support for fake news outlets and social bots that spread fake news in rapid, repetitive patterns over social media networks. In Germany, the parliament’s network has been hacked by the same group that hacked into the Democratic Party’s servers, but with elections being held in Germany, France, and the Netherlands this year, any such cybersecurity breaches could sway results. To add to that, it is becoming increasingly difficult for the press to hold the government to account. In 2016, 259 journalists were imprisoned and 127 killed in retaliation for their press work.
The response from NATO nations’ leaders to the challenge on civil society should have been: “We must urgently fight extremism at home to ensure the alliance’s bedrock of democracy does not fail.” Instead, Europeans spent three days wringing their hands about America’s lost values, and whether European expenditures for state building and refugee integration should count toward the 2 percent of their GDP to be spent on defense committed to by every NATO member in the Wales Agreement of 2014. The United States preached about securing borders and the alliance’s eroding foundation due to Europe’s lack of commitment.
What has resulted is a Europe and a United States hiding in their respective corners, ready only to emerge when the carnage has ended. In such an environment, it is no wonder that only 22 percent of Germans trust the United States, just 1 percent more than trust Russia, according to a Deutschland Trend survey, conducted by Infratest dimap pollsters for ARD television. This is down 37 percent from pre-election rates in November.
Amid such discord and lack of trust, is there any platform where Germany and the United States can work together as partners, without nationalist forces from within yipping at their heels? One place to start could be cybersecurity. If there is anything the last year has shown us, it is that when cybersecurity is compromised, so is civil society. Troll farms and botnets have sabotaged truth, compromising objective press efforts. Cyber information campaigns and hacks have tampered with elections, and continue to do so. Their false propaganda inflames hatred against certain people groups: refugees, minorities, those who are “other”.
Working together on cybersecurity means enabling progress on cybersecurity norms, but also working together to ensure defenses are strong. Already the Organization for Security and Co-operation in Europe, the UN General Assembly, the United States and China, and the G20 have come to agreements on isolated norms and confidence-building measures related to cybersecurity. Global information and communication technology (ICT) companies, such as Microsoft, already have proposed cybersecurity norms for their ICT networks, including collaborating “to proactively defend against nation-state attacks and to remediate the impact of any such attacks” as well as committing to “not traffic in cyber vulnerabilities for offensive purposes.” All those discussions involve larger groups challenged with rapid change due to competition, number of players, and politics. But if Germany and the United States can jump over their own shadows, collaboration between militaries, intelligence agencies, and ICTs in their countries in this critical phase could prevent destruction of infrastructure, decrease damage from disinformation campaigns, and curtail election interference and social media hate crimes.
Sharing information on threat assessments, best practices, and coordinating responses to cyber threats is a good place to start for the two countries, who have similarly been impacted by hacking in the last year. And while troll farms and botnets spreading fake news are not yet illegal, that soon may change. Already Facebook has created a “fake news” tool to be used in the United States and Germany to call out fabrications. In Germany, hate speech via social media can be punishable through fines and prison terms, but this could be difficult to get through the courts in the United States.
Cooperation on calling out propaganda and increasing the number of anti-propaganda tools across social networks, working together on creating early warning systems, feeding them with risk data available in both countries, increasing government infrastructure cyber defense systems, and informing government users of risks, are just a few ways Germany and the United States could work together in the coming year to make their countries safer for democracy. If we wait in our corners until the carnage is over, there might not be much left to save.
 “Forced Migration: Here to Stay” in Munich Security Report 2017, February 2017, p.46.
 Incidents occurred in 26 states and 1 Canadian province. See: “JCCs Respond to New Wave of Bomb Threats Quickly, Effectively with Practiced Security Protocols to Keep Communities Safe,” JCC Association of North America, 21 February 2017.
 “Nearly 10 anti-immigrant attacks a day in Germany in 2016,” Agence France Press, 26 February 2017.
 “Disinformation: Fake It, Leak It, Spread It” in Munich Security Report 2017, February 2017, p. 42.
 “Turkey’s crackdown propels number of journalists in jail worldwide to record high,” Committee to Protect Journalists, 13 December 2016.
 “Journalists Killed in 2016,“ Canadian Journalists for Free Expression, 2 January 2017. For inclusion in the list of journalists killed, the person must be at least one or more of the following: reporting at the time of his/her death, working for a media organization at the time of his/her death; the individual’s death can be reliably linked to a history of threats in retribution for his/her reporting; be targeted for his/her profession; have died while in detention for his/her reporting; or died in captivity after being kidnapped for his/her reporting.
 “Germans‘ Trust in United States Fall to Russia’s Level,“ Handelsblatt, 3 February 2017.
 “From Articulation to Implementation: Enabling progress on cybersecurity norms,” Microsoft, June 2016, p. 8.
 Ibid, p. 4.
 “Facebook to roll out fake news tools in Germany,“ BBC, 15 January 2017.