In May, just days before the Polish presidential election was scheduled, the coronavirus pandemic and a government-ordered lockdown threw preparations for the election into disarray. The conservative ruling party and its opponents could not agree on an alternative date, and the ruling party appeared intent on organizing an unprecedented mail ballot election on short notice. Whether such an election could have been accessible, secure, and perceived as legitimate by Poles was far from certain.
Fortunately, an agreement was reached, and the election was postponed until the end of June. The runoff vote between the top two vote-getters, incumbent President Andrzej Duda and Warsaw Mayor Rafal Trzakowski, held on July 12 had the highest turnout—68.18 percent—in any election in Poland since 1995; President Duda eked out a narrow victory. While the Office for Democratic Institutions and Human Rights (ODIHR) Special Election Assessment Mission found both rounds to be well administered, there were steps taken in response to the pandemic that left Poland’s elections criticized, more vulnerable to foreign interference, and potentially susceptible to annulment. Addressing these challenges can help ensure that countries holding elections during the pandemic may learn from Poland’s example.
1. Timely and reliable information-sharing is necessary for secure and democratic elections
Rather than offering balanced and impartial coverage, Poland’s public broadcasters continued to promote the ruling party’s views and attacks on its opponents. Their coverage favored Duda and could have undermined some voters’ ability to make an informed electoral choice. The lack of public media impartiality and trust in Poland’s media landscape was so polarizing that the candidates could not even agree on a news channel to host a joint debate. Instead, they appeared separately in broadcasts on two different channels that they felt were not biased against them. Many of these campaign-related disagreements have been consistently promoted by Russia Today. Repeatedly, the information presented by foreign sources like Russia Today has been truncated or decontextualized, emphasizing the alleged negative impact of Western media in Poland and reviving controversial statements referring to “repolonization” of media by the government to “bring them under Polish control.”
Researchers from the Stanford Internet Observatory exposed how hack and leak operations and “politicized spam,” or manipulated information seeking to influence voters’ political preferences, were actively deployed shortly before the Polish elections. Though not definitively attributed to Russia, they concluded that the tactics used resembled Russia’s playbook. Since Poland has been targeted by foreign actors’ operations before, the pre-election turmoil made it even more vulnerable to such efforts. Providing clear, accessible and accurate information, and exposing inauthentic behavior and manipulated information can limit the effectiveness of disinformation operations, both foreign and domestic.
2. Changes to voting processes must be organized and well-tested
As countries rush to change their electoral systems to account for the novel coronavirus, they should ideally build infrastructure well in advance that can handle the strains of elections under challenging circumstances while remaining secure and democratic. Such adjustments reduce the likelihood of interference in actual elections processes. An election that is not conducted as planned can contribute to the effectiveness of a foreign interference attack, whether it is information manipulation or a cyberattack on election infrastructure. While there are almost always changes from one election to the next, particularly during an ongoing pandemic, elections procedures should remain consistent. It is imperative that adopted changes be widely publicized, adequately tested, and carried out far in advance of the election, so that voters, candidates and other stakeholders can prepare for them as well.
Poland made a number of significant changes to its election voting processes to account for the coronavirus, such as providing all voters the option of voting by mail and outfitting polling stations to reduce the spread of the virus. Poland’s 2 June Act gave all voters for the first time a choice to apply for a postal ballot to provide an alternative to in-person voting during the pandemic. Unfortunately, the law did not provide all voters a reasonable period of time in which to request a postal ballot for either the first or the second round of the elections. The date for the June 28 election was not set until June 2, almost four weeks after the original May election date was postponed. This compressed timeframe not only made it more challenging to implement certain election changes, such as the delivery and return of postal voting abroad, but could have been potential fodder for adversaries such as Russia, which has been known to capitalize on similar changes to the voting process to weaken other democracies.
For the first round, Poles living abroad had until June 13 to request a ballot, while domestic voters had until June 16. And for the second round, the deadline to request a postal ballot was June 29 for voters abroad and June 30 for in-country voters—only 1 and 2 days, respectively, after the first round of the election. Consequently, the Office of the Human Rights Commissioner received numerous complaints “relating to postal voting abroad, in particular with respect to short timeframes.” The newness of this process, as well as the compressed timelines, likely contributed to many voters not receiving and/or returning their postal ballot in a timely manner. Going forward, Poland and other countries that substantially adjust election procedures in response to the pandemic should stress-test and audit their voting infrastructure to identify any trouble spots and consider adopting additional security and resiliency measures. For example, Poland could consider adopting more generous deadlines for requesting and delivering mail ballots to mitigate the above issues and lessen potential doubts about the integrity of their elections.
Poland should also ensure that any future changes to its election procedures are on sound legal footing. For example, to amend electoral deadlines in response to the coronavirus, Poland passed the 2 June Act under an expedited procedure without sufficient discussion, which violated Paragraph 5.8 of the 1990 Copenhagen Agreement. One of the Act’s provisions mandated that the Speaker of the Sejm (lower house of the Parliament) alter the deadlines for all presidential electoral activities in consultation with the National Election Commission (NEC) and the minister of health. Placing this authority in the hands of a political figure risks undermining the independence and impartiality of the election administration, and going forward, the NEC should have the authority to make election changes in response to emergencies such as epidemics. If such changes are enacted by political figures, they can create doubt within Poland about its ability to conduct free and fair elections—doubt that foreign adversaries could exploit through social media campaigns and/or disinformation operations.
Transparent, well-conducted elections are expected and especially important during a pandemic. They allow for a consistent, democratic, and secure process that ensures the election’s legitimacy and the perception of it as such.
3. Responses by election officials during the coronavirus pandemic should mitigate potential security risks
It is important that election officials’ responses to the coronavirus pandemic do not create new election vulnerabilities, either in the infrastructure that underpins elections or the information space. Initially, the Polish government intended to hold the presidential election exclusively by mail-in ballot. Shortly before the initial May election date, it mandated that voter registration data be handed over to the postal service, an entity inexperienced in conducting elections. Shortly thereafter, the Polish Post (Poczta Polska) required from municipalities personal data of Polish citizens via email without any additional data protections, such as a password.
While email is convenient for sharing information, it has limited security protections and should not be used for sending sensitive information. Email can be viewed or tampered with at multiple places in the transmission process and is often used in cyber-attacks on organizations. As a result, some Polish local authorities voiced their concerns about potential privacy violations and refused to provide such data, and the election was subsequently conducted in a different manner. Even a cursory analysis of this debacle illustrates the peril of rushed and inapt digital election infrastructure. Moreover, putting the security of citizens personal information at risk can make it vulnerable to a hack and leak operation from adversaries, such as Russia’s military intelligence agency, the GRU, which is widely acknowledged to have been behind several high profile election hack and leak operations, including those of the Democratic National Committee during the 2016 U.S. presidential campaign and French President Emmanuel Macron’s presidential campaign in 2017. It could also lead to citizens’ disengagement in democratic processes.
Conclusion
The latest Polish presidential elections illustrate some of the challenges with changing voting processes and conducting secure elections during a pandemic. For future elections, voters need to obtain more timely, impartial and relevant information from reliable trusted sources, especially from the highly-followed public broadcasters. Election officials need a reasonable amount of time to prepare for an election, particularly for one as large and challenging as a presidential election conducted during a pandemic. Legal changes made to elections should be done in a transparent manner with sufficient time for public debate. And lastly, each country needs to make sure that when it makes changes to the digital infrastructure that underpins its elections, as well as its voting procedures, that it avoids creating any significant additional vulnerabilities. A failure to adequately address these issues made Poland more vulnerable to disinformation operations and cyberattacks.
The views expressed in GMF publications and commentary are the views of the author alone.