Democracy is the political and moral foundation of the European Union and its Member States. Its smooth functioning guarantees civil peace and the prosperity of European societies. The value of democracy is a tool of the Union’s power and influence. In the absence of a functioning democracy the Union and its Member States would lose their capacity to act and defend their interests, either via the upkeep of rules-based multilateralism or the projection of their values and standards that are emulated by others.
The U.S. presidential election of 2020, after that of 2016, is a reminder of the challenges facing the most established democracies, as well as a demonstration of the importance of the effective functioning and respect for institutions. The multiplication of the ways and means of undermining our democratic societies and systems is reflected in the concept of hybrid threats. The response adopted over the past few years has therefore relied on a variety of means but also, in the European context, on coordination between the national level, which remains sovereign in many areas, and the European level.
On 3 December, the European Commission presented its Action Plan for European Democracy, the result of several consultations and the experience of recent years. The plan is structured along three lines that cover more than just hybrid threats: the integrity of elections and political advertising; the fight against misinformation; and the strengthening of media freedom and pluralism. It is complementary to the actions already taken by the institutions.
Progressive increase in awareness
Since the first cyber-attack organised with the aim of destabilising a European state, in 2007 in Estonia, and the Ukrainian crisis in 2014, the Union came to understand the hybrid threat. Its response has been continuous, with the aim of gaining an overview and supporting Member States in preventing and responding to threats. In 2016, it developed a Joint Framework on countering Hybrid Threats, comprising 22 operational measures, which was completed in 2018 with a plan “to increase the resilience and bolster capabilities to address hybrid threats.”
In early 2020, the European Centre of Excellence for Hybrid Threat Assessment (Hybrid CoE) and the Commission presented Member States with a “conceptual model” for the analysis of hybrid threats, which was tested during the Covid-19 crisis. Joined up work has become the norm within European institutions and agencies, but an established government level coordination and sufficient societal awareness within societies are still lacking.
Subscribe to the Voxeurop newsletter in English
Cyberattacks and hacking
In the context of the protection of democracy, cyberthreats concern both the electoral process (the integrity of the ballot) and the environment in which it can take place (the security of the infrastructures necessary for the proper functioning of society).
In addition to businesses, hospitals are regularly targeted, for example in the UK in 2017, France in 2019 and the Czech Republic in 2020. Attacks are often attributed to Russian hackers, but in June 2020, the President of the Commission pointed to China, warning that cyber-attacks on hospitals, in the midst of a coronavirus crisis, “cannot be tolerated”.
The integrity of an election can be jeopardised by hacking into voter lists or results collection systems, but also by “hack and leak”, the hacking of a candidate’s or party’s internal systems, followed by the publication of real or faked documents in order to weaken or discredit the candidate.
The two main examples, attributed to Russia, are the hacking of US Democratic Party emails and their publication by Wikileaks prior to the 2016 presidential election, and the “Macron Leaks” resulting from the hacking of the candidate’s “En Marche” political movement during the 2017 presidential campaign. Prior to the 2019 European elections, denial of service attacks were reported on websites providing information on the European elections in several states including Finland and the Czech Republic. More recently, computer attacks against local authority networks have been observed. This was the case in Marseille and its surrounding area, two days before the first round of local elections in March 2020.
In the spring of 2019 the European Network and Information Security Agency (ENISA) published a series of recommandations for the Member States and undertook a simulation exercise with Parliament and the Commission to test the capabilities already in place. A cooperation group of Member States set out a “compendium on cybersecurity of electoral technologies”, whose recommendations have been adopted by at least 16 Member States in terms of making safe the European elections.
In the field of cybersecurity, threats have therefore been identified, and the priority is above all to pool information, methodologies and means of action in an area where the sovereignty of States remains clearly established and risk analysis is unequally shared.
Ensuring the integrity of elections
Prior to the last European elections, in September 2018, the Commission proposed a series of measures and recommendations, which has served as a base to date for joint action to ensure the security of the electoral processes in Europe. The Commission placed the accent on cybersecurity, transparency and data protection.
One of the main measures in this “election package” was the creation of the European Cooperation Network on Elections, in which Member States exchange views on their electoral legislation, risk assessment and awareness campaigns, as well as on data protection rules or cybersecurity.
Before the end of 2021, the Commission will present a legislative proposal to increase transparency requirements on the financing on political parties. Documenting circumventions of the law is one of the objectives of the European Parliament’s special committee on foreign interference, which was established in September 2020 and which is looking, in particular, into allegations of political financing, legal or otherwise, through intermediary companies or donors using a third-country nominee.
As the Cambridge Analytica scandal in the United Kingdom and the United States has shown, platform users’ personal data can be used for online campaigns. Within the framework of the Code of Good Practice against Disinformation, put in place in 2018, platforms have introduced the obligation to clearly indicate the names of parties, movements or candidates behind political content. The system was then applied in the Member States. They have also created databases of political advertisements. Today the Commission, the Parliament and the Member States are calling the platforms to make the criteria for the display of political advertisements more transparent and, in particular, to open up their algorithms to researchers.
Regulation of the platforms
To date, the European approach has been to favour the self, albeit supervised, regulation of the platforms. This was reflected in the introduction in October 2018 of a Code of Practice on Disinformation. In an assessment published in September 2020, the Commission estimates that, in order to be more effective, the Code should develop common definitions, clear procedures and precise commitments that are applicable to all signatories and in all Member States. The Commission’s approach is therefore more offensive and committed to a logic of co-regulation, with more concrete obligations to be imposed on the platforms in 2021.
The EU Strategy also includes support to information and media. The European Digital Media Observatory (EDMO), set up in June 2020, brings together fact checkers, researchers and different actors to develop tools to better understand the mechanisms and effects of disinformation and its propagation, identify those responsible and organise the battle with actors in civil society.
At present the Union is financing ten projects in support of the media and pluralism, to a total of 7 million €. A further €62 million is provided for in the Multi-annual Financial Framework for 2021-2027, to launch other projects in support of media and pluralism, including a database for transparency on media ownership (Media Ownership Monitor).
The action plan on European democracy, which extends and develops the strategy introduced since 2016-2018, is taking place in an ever-changing context. The underlying trend of mistrust towards governments and elites, compounded by events such as the Gilets Jaunes (Yellow Vest) movement in France and, even more so, the Covid-19 pandemic, has altered the origin and course of current disinformation attacks.
Manipulation and lies are no longer only spread from abroad, especially from Russia. The Member States and the Union are no longer facing just foreign interference, but also an endogenous phenomenon, even if though is still encouraged or financed from outside. The recourse to conspiracy theories and the rejection of pluralism that is apparent in the United States is also developing in Europe and cannot be tackled solely by a hybrid response or the regulation of platforms. The response is political and largely based on economic and social factors, especially in European societies that have been weakened by the pandemic.
From this point of view, developments in the United States since 2016 may shed some light on the situation in Europe. On the one hand, if “fake news” is spreading through malicious sites and social networks, the extent of the mistrust thus created is strengthened by the attitude of certain media and political forces. On the other hand, Donald Trump broke a taboo – that of a head of a democratic State challenging the conduct of the elections and refusing to recognise the result. Strong institutional and civic counterbalances are therefore still needed. While two governments in the Union, in Hungary and Poland, already partly reject the foundations of the rule of law and have media at their disposal, the defence of checks and balances by the other Member States and the European institutions is of additional importance.
👉 Download the policy paper on the Robert Schuman Foundation website (in French).