Canada’s Minister of Democratic Institutions Karina Gould has a new mandate to focus on defending against cyber security threats to elections instead of reforming the process by which the country votes, following an open mandate letter from Prime Minister Justin Trudeau.
Electoral reform had been one of the promises the Liberal government campaigned on leading up to their election, with Trudeau going so far as to say the October 2015 federal vote would be the last under a first past the post system. But now the government is turning away from that promise and identifying new top priorities. Defending against cyber threats along with other transparency measures are named as elements of the Minister’s new mandate.
“You will lead on improving our democratic institutions and Senate reform to restore Canadians’ trust and participation in our democratic processes,” the letter states. “In collaboration with the Minister of National Defence and the Minister of Public Safety and Emergency Preparedness, lead the Government of Canada’s efforts to defend the Canadian electoral process from cyber threats.”
That includes asking the Communications Security Establishment (CSE) to analyze risks to Canada’s political and electoral activities from hackers, it continues, and to release a public assessment. CSE should also offer advice to the political parties and to Elections Canada for cyber security best practices.
Part of the CSE’s overall mandate is to detect and mitigate malicious cyber activity coming from foreign sources. As part of that effort, the CSE reviews metadata under its foreign signals intelligence activities. According to its annual report for 2015-2016, this helps CSE understand global information infrastructure and direct its activities directed at foreign entities, mitigating the risk of interception of private communications of Canadians.
Trudeau’s directive to focus on cyber security follows a U.S. election that was overshadowed by intelligence agency claims that Russia tried to exercise influence over the outcome, favouring the winning candidate Donald Trump.
For example, a report released at the tail-end of 2016 by the U.S. Office of the Director of National Intelligence stated:
“Russian intelligence services collected against the U.S. primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future U.S. policies. In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016. The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the U.S. election by March 2016. We assess that the GRU operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the DNC.”