Story image

Leveling the playing field: Why clean data makes for clean elections

30 Jul 2018

As we approach August 2018, opening the newspaper or browsing through social media feeds one would think we are stuck in November 2016. The reason for this is that the result and mechanics of the American election is still very much relevant due to revelations about Cambridge Analytica, Facebook and how the misappropriation of private data played in influencing an election.

Data is the lifeblood of political parties. It enables them to plan their campaign, target campaign spend and make important decisions relating to policy. Parties traditionally only have access to limited pools of data and rely on surveys, polls, and public reports to garner insights. This is because existing privacy legislation prevents political parties (or anyone for that matter) from gleaning private citizen’s data without their consent.  

This system engenders a level playing field during elections and prevents the public from being exploited for political gain. However, in the case of the 2016 U.S. election, private data was suddenly in play and the result is still being debated today in courts and the public domain. Essentially, because of a data breach we are stuck in a Groundhog Day with no end in sight.

Future elections under a cloud

So what does this mean for elections moving forward? Are we to assume they will all be compromised by private data falling into the wrong hands? For Australia, which will be holding a number of state elections and the strong possibility of a federal election, the answer lies in the cloud.

While Cambridge Analytica has deleted its illegal private data and vowed never to utilise it again, it is certainly not ‘mission accomplished.’ This is because, unlike selfies, your private data is not confined to social media alone.

Citizen data lives in public library databases, such as Centrelink, Medicare, local transport authorities, the DHS and thousands of other places. As such, it is important to consider what effect a Cambridge Analytica style overreach into our public sector’s data might have on our nation. Especially in the context of the Federal Government’s Cloud First Policy which underpins its Digital Transformation strategy.

As more government agencies move to the cloud, they are also moving data. Not physically but geographically. For example, while local Council’s voter data was once stored on a server in its building, a move to the cloud could see the files being stored in a data centre located anywhere from Melbourne, Victoria to Melbourne, Florida.

A tale of two cities

Exploring these two hypothetical scenarios further reveals significant issues around data security and data sovereignty. When data is entrusted to an Australian cloud provider with data centres in Australia, its data is safe under Australian jurisdiction and cannot be tampered with by foreign or private parties.

When government data is entrusted to international cloud providers, the outlooks is not so clear. Suppose Australian data is stored in Melbourne, Florida; the recent U.S. Cloud Act dictates that the government can legally access this data on the basis of it being managed by a U.S. company. Furthermore, if the U.S. company is operating the data centre in Australia, the U.S. government can still express legal claim over the data if it chooses.

Protective measures in place

With these threats in mind, The Australian Signals Directorate (ASD) have in place strict requirements for the provision of cloud services amongst government bodies dealing with private data. Those being that they must be Australian companies exclusively operating Australian data centres which are operated by security cleared IT staff.

It may sound extreme, but when you consider that almost two years on we are still picking up the pieces of a U.S. election data scandal… perhaps ‘extreme’ is what data security measures need to be to ensure clean, fair and transparent elections in Australia. Hence, government departments need to be thoughtful about how they move to the cloud and understand what they are doing. We live in a world where trust in government is easily lost and hard to gain.

Article by Vault Systems founder and CEO, Rupert Taylor-Price.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.