Story image

Leveling the playing field: Why clean data makes for clean elections

30 Jul 2018

As we approach August 2018, opening the newspaper or browsing through social media feeds one would think we are stuck in November 2016. The reason for this is that the result and mechanics of the American election is still very much relevant due to revelations about Cambridge Analytica, Facebook and how the misappropriation of private data played in influencing an election.

Data is the lifeblood of political parties. It enables them to plan their campaign, target campaign spend and make important decisions relating to policy. Parties traditionally only have access to limited pools of data and rely on surveys, polls, and public reports to garner insights. This is because existing privacy legislation prevents political parties (or anyone for that matter) from gleaning private citizen’s data without their consent.  

This system engenders a level playing field during elections and prevents the public from being exploited for political gain. However, in the case of the 2016 U.S. election, private data was suddenly in play and the result is still being debated today in courts and the public domain. Essentially, because of a data breach we are stuck in a Groundhog Day with no end in sight.

Future elections under a cloud

So what does this mean for elections moving forward? Are we to assume they will all be compromised by private data falling into the wrong hands? For Australia, which will be holding a number of state elections and the strong possibility of a federal election, the answer lies in the cloud.

While Cambridge Analytica has deleted its illegal private data and vowed never to utilise it again, it is certainly not ‘mission accomplished.’ This is because, unlike selfies, your private data is not confined to social media alone.

Citizen data lives in public library databases, such as Centrelink, Medicare, local transport authorities, the DHS and thousands of other places. As such, it is important to consider what effect a Cambridge Analytica style overreach into our public sector’s data might have on our nation. Especially in the context of the Federal Government’s Cloud First Policy which underpins its Digital Transformation strategy.

As more government agencies move to the cloud, they are also moving data. Not physically but geographically. For example, while local Council’s voter data was once stored on a server in its building, a move to the cloud could see the files being stored in a data centre located anywhere from Melbourne, Victoria to Melbourne, Florida.

A tale of two cities

Exploring these two hypothetical scenarios further reveals significant issues around data security and data sovereignty. When data is entrusted to an Australian cloud provider with data centres in Australia, its data is safe under Australian jurisdiction and cannot be tampered with by foreign or private parties.

When government data is entrusted to international cloud providers, the outlooks is not so clear. Suppose Australian data is stored in Melbourne, Florida; the recent U.S. Cloud Act dictates that the government can legally access this data on the basis of it being managed by a U.S. company. Furthermore, if the U.S. company is operating the data centre in Australia, the U.S. government can still express legal claim over the data if it chooses.

Protective measures in place

With these threats in mind, The Australian Signals Directorate (ASD) have in place strict requirements for the provision of cloud services amongst government bodies dealing with private data. Those being that they must be Australian companies exclusively operating Australian data centres which are operated by security cleared IT staff.

It may sound extreme, but when you consider that almost two years on we are still picking up the pieces of a U.S. election data scandal… perhaps ‘extreme’ is what data security measures need to be to ensure clean, fair and transparent elections in Australia. Hence, government departments need to be thoughtful about how they move to the cloud and understand what they are doing. We live in a world where trust in government is easily lost and hard to gain.

Article by Vault Systems founder and CEO, Rupert Taylor-Price.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.