The ‘one-tweet hacker’ slipped through the fingers of law enforcement once more last week when the Australian Federal Police dropped its investigation into the alleged hacking of Liberal candidate Jessica Whelan’s Facebook account during the federal election campaign, after she failed to provide the referral needed for the investigation to proceed.
This case is the latest in a troubling pattern of political figures attributing embarrassing social media activity to ‘hackers’, only to see law enforcement investigations either not proceed or fail to find any evidence of unauthorised access to the complainants’ accounts when they do.
When former defence minister Christopher Pyne’s and Health Minister Greg Hunt’s Twitter accounts were each caught favouriting a porn tweet, they blamed it on a hacker with the peculiar MO of breaching high-profile political accounts and using this extraordinary access to favourite a single embarrassing tweet. Australia’s ambassador to the US, Joe Hockey, did the same when his account liked a tweet criticising former PM Malcolm Turnbull. Even Prime Minister Scott Morrison claimed an ‘unauthorised’ person accessed his account when it liked a tweet questioning China’s human rights record while he was treasurer. After their initial claims, neither Morrison, Pyne nor Hockey proceeded with a formal referral to the AFP. Hunt did, but after investigation, the AFP found no evidence that his account was hacked.
I don’t call out this trend just to be snarky.
Foreign interference through cyber-enabled information operations is a real and serious threat facing Australia and other liberal democracies. The most high-profile example of this was Russia’s weaponisation of information obtained through the hacking of Hillary Clinton’s campaign and the Democratic National Committee in the lead-up to the 2016 US election. Since then, we’ve seen a flurry of similar operations around the world. ASPI’s Hacking democracies report found that 20 countries have experienced cyber-enabled foreign interference of electoral and democratic institutions since 2016. The most common form of interference wasn’t direct tampering with election results but disinformation campaigns aimed at undermining candidates, increasing polarisation and reducing public trust in institutions that underpin our democracies.
It’s entirely plausible that a hostile foreign actor could seek to embarrass a political figure by hacking their social media accounts. But when politicians cry ‘I’ve been hacked!’ in the wake of online embarrassments without giving the claim the gravity it deserves and fully engaging with law enforcement investigations, it undermines the ability of responsible actors to call out real incidents. It makes us more vulnerable to subsequent information operations by feeding ‘truth decay’ — the public perception that it’s impossible to establish the objective facts of such an incident.
Preventing cyber-enabled information operations is challenging because they are cheap and easy to run and are hard to detect in a timely manner. Responding to them is difficult, too, as it’s hard to identify perpetrators with 100% certainty. The best protection we have against these attacks is healthy, robust democratic institutions that the public trusts. When functioning well, these institutions can act as a national immune system that can identify and alert the public to disinformation campaigns.
A society in which the public trusts media organisations, political parties, electoral institutions, courts, law enforcement agencies and government is the best inoculation against foreign disinformation campaigns. Trusted democratic institutions are our ‘magic weapons’.
Unfortunately, trust in democracy and politics is at a low point in Australian history. Only 41% of Australians are satisfied with the way democracy works, down from 86% in 2007. More than 60% of Australians believe the honesty and integrity of politicians are very low.
Restoring public trust and confidence in our democratic institutions should be viewed as a national security imperative for liberal democracies.
Policy reforms and institutional innovation are part of the solution to restoring this trust. The federal government should combat public perceptions of corruption by establishing a national integrity commission. We need to protect our independent media by ensuring they are free from intimidation and political interference. Our media can only be independent if they are appropriately funded. Ensuring that would mean looking seriously at the recommendations of the Australian Competition and Consumer Commission’s digital platforms inquiry and properly funding our public broadcasters.
But the personal conduct of individual actors within our democratic institutions matters too. In an environment of declining public trust, people in our democratic institutions need to constantly reflect on how their conduct affects the health of the system. When politicians make claims of hacking that aren’t validated by subsequent law enforcement investigations, their behaviour further erodes public trust in our democratic system.
When political figures face incidents of online embarrassment, we should expect them to ensure that the potential for ‘insider’ responsibility is properly investigated before they make public allegations of ‘hacking’. Similarly, it should be a strong norm that when political figures make public claims of hacking, they fully cooperate with law enforcement.
Sociologists will tell you that the best way to enforce a norm is through social sanction. The case of the ‘one-tweet hacker’ certainly attracted its share of snarky tweets — the 21st-century social sanction. Given the context, the mocking tweeters can reassure themselves that their tweets weren’t just cathartic — they were small contributions to strengthening our democratic resilience and national security.