On June 14, the European Commission released a report assessing the efficacy of the Action Plan against Disinformation and Elections Package in the context of the 2019 European Parliamentary elections. The report underscores Europe’s shifting posture towards disinformation, and provides valuable lessons for the United States as it inches closer to the 2020 presidential election.
First, the European Commission formally attributes specific disinformation campaigns to Russian sources, a notable step given the EU’s weak overall record on attribution. This is particularly important in light of a new EU framework that allows the Union to impose sanctions against persons and entities responsible for cyberattacks originating outside the EU. If this report signifies an increased willingness by the EU to attribute attacks in the information and cyber domains, it could portend a more robust European response to Russian malfeasance.
Second, the report notes that “[Russia’s] objective remains the same: dividing our society and undermining the trust of citizens in democratic processes and institutions.” Yet despite clear similarities with past interference efforts orchestrated by Russian actors, the report details new trends and practices used by Russian and other malign actors to manipulate online discourse. Here are the key takeaways:
- Russian sources engaged in a sustained and continued campaign “to suppress turnout and influence voter preferences.” Efforts on this front ranged “from challenging the Union’s democratic legitimacy to exploiting divisive public debates on issues such as migration and sovereignty.”
- Consistent with Russia’s modus operandi, the operations “promote[d] extreme views and polarise[d] local debates.”
- In a sign of increasing overlap between foreign and domestic manipulators, “domestic political actors often adopted the tactics and narratives used by Russian sources to attack the EU and its values.”
- Perhaps in response to more robust enforcement from social media companies, bad actors, including those linked to Russia, forewent “large-scale operations on digital platforms” and instead opted “for smaller-scale, localised operations that are harder to detect and expose.”
- Echoing narratives promoted in the United States, Russian-linked actors advanced a narrative of a European “deep state.” In particular, there was an effort to shift blame for the collapse of the Austrian government away from Strache’s wiliness to entertain overtures from a woman purporting to be a Russian oligarch to conventional political actors. Clearly, the same rhetoric is being used on both sides of the Atlantic.
Although the tactics and techniques outlined above are largely consistent with those used to interfere in other recent elections, the United States and other transatlantic democracies should closely examine these trends to prepare for their own upcoming elections.
Third, the EU is still dissatisfied with progress on the Code of Practice. The report praised some social media companies’ actions – namely, increased scrutiny of ad placements, the creation of searchable libraries for political ads, and takedowns of accounts spreading disinformation, hate speech, or using false profiles. But the Commission and High Representative are clearly unhappy with the platforms’ lack of transparency on issue ad policies and on websites hosting ads, as well as a lack of meaningful access to data for the research community, and independent oversight of the platforms’ algorithms. The report alludes to the fact that the Commission may impose addition regulations after the initial 12-month implementation period of the Code of Practice.
Fourth, the report found that the EU’s Elections Package – implemented in 2018 to help secure free and fair elections – improved the coordination of election authorities among EU member states and between the national and EU levels. The most practical steps concerned cyber security. The European Network Information Security Agency, the EU’s center of expertise for cybersecurity, convened more than 70 cyber security experts in May to conduct exercises to “prepare national authorities for incidents aiming to create doubt about the legitimacy of the elections and for a scenario in which cyber-attacks were performed over critical infrastructures before and during the European elections.” The report also celebrated the aforementioned new legal framework that allows the EU to impose sanctions in response to cyber-attacks “that constitute an external threat to the Union or its Member States.”
Finally, it is important to stress that this report is a first assessment; therefore, it is possible, if not likely, that the EU’s comprehensive elections report in October will uncover additional evidence of manipulation. The report also notes that despite the generally positive preliminary analysis, there is work to be done, including strengthening the Rapid Alert System, developing stronger partnerships with the G7 and NATO, and providing additional human and financial resources to detect, analyze, and expose disinformation campaigns. At the same time, the fact that the EU has published such a report is clearly a step in the right direction, as it suggests that the EU and its member states take the threat of disinformation seriously and are prepared to respond accordingly.