On December 6, 2024, the Constitutional Court of Romania made a groundbreaking decision by annulling the first round of the nation’s presidential election. This remarkable act did not stem from the typical issues of ballot box fraud or irregularities in vote counting. Instead, the annulment was triggered by the unexpected surge of a little-known candidate, Călin Georgescu, who managed to secure the leading position through a sophisticated influence operation on TikTok, with strong indications of foreign state involvement.

This incident marks a historic first in the European Union, where an electoral process has been nullified due to social media manipulation. The Romanian situation exemplifies a worrying new trend: electoral processes are increasingly becoming battlegrounds for hybrid threats, where social media platforms and artificial intelligence act as accelerators for those seeking to sway democratic outcomes.

Transformation Since 2016

Since the Cambridge Analytica scandal erupted in 2018, revealing how data from 87 million Facebook profiles had been utilized to build sophisticated voter profiles for both the 2016 U.S. presidential elections and the Brexit referendum, the landscape of political campaigning has dramatically evolved. While the microtargeting techniques employed back then seemed advanced, they pale in comparison to today’s innovations.

With the inception of 2023, three key factors have become instrumental in reshaping this landscape:

1. Democratization of Generative AI: Tools like ChatGPT, Midjourney, and various open-source voice-synthesis models have democratized content creation. Anyone, regardless of technical know-how, can now produce convincing text, visual art, audio, and video.

2. Engagement-Driven Algorithms: Platforms like TikTok employ recommendation algorithms based purely on user behavior, rather than a user’s social connections, allowing obscure profiles to go viral almost overnight.

3. Professionalization of Influence Networks: State actors have intricately woven social media into their operations for psychological warfare and hybrid strategies. The European Union has adopted a formal framework for countering these threats, termed Foreign Information Manipulation and Interference (FIMI).

The year 2024 was particularly notable, as 3.7 billion people from 72 different countries participated in elections. This marked an unprecedented scale of electoral engagement, juxtaposed sharply with the equally unprecedented accessibility and effectiveness of manipulation tools.

Tools of Election Manipulation

The current election-manipulation arsenal includes several disturbing innovations:

1. AI-Powered Microtargeting: Advanced data analytics from social media interactions allow for detailed psychographic profiles. Machine learning enables campaigns to segment electorates into numerous categories, delivering tailored messages that can often conflict with one another. This poses a significant threat not only to privacy but also to the essence of public political discourse itself.

2. Deepfakes and Synthetic Media: The rise of deepfake technology has birthed AI-generated content that distorts reality. Instances of this disturbing trend have been reported in various elections around the globe. For example, in January 2024, a deepfake robocall featuring a synthetic voice of President Biden urged voters in New Hampshire not to participate in primary elections. Similarly, fabricated audio clips and deepfake videos have emerged in Slovakia, Argentina, and Ireland, demonstrating the vulnerable state of political discourse.

3. Bots and Inauthentic Networks: Romania’s intelligence services have unveiled the coordinated efforts of thousands of TikTok accounts used to artificially enhance Georgescu’s visibility. These accounts employed various tactics, including unapproved paid promotions and coordinated posting, to amplify his profile. Research indicates that TikTok’s algorithms disproportionately favored content advocating for Georgescu, highlighting the unprecedented power of algorithmic manipulation.

4. Poisoning AI Models: This newer threat involves the deliberate contamination of the digital landscape with fabricated narratives, designed not for human consumption but to be incorporated into the training sets of future AI models. This results in AI systems generating misleading information perceived as credible.

The Cybersecurity Perspective

Traditionally, electoral security has centered around safeguarding infrastructure, such as digital voter registries and electronic counting systems. While this approach remains essential, it is no longer sufficient. The information ecosystem has become a new battleground, necessitating an understanding of how cognitive biases and psychological vulnerabilities can be exploited.

Viewed through this lens, electoral influence strategies closely parallel advanced persistent threat (APT) cyberattacks, involving stages such as reconnaissance, initial access, dissemination through algorithmic amplification, and sustaining narratives through repeated campaigns.

Many organizations, including government agencies and media outlets, are now equipping themselves with frameworks traditionally used to detect cyberattacks, adopting metrics and tools familiar from the cybersecurity domain.

The European Regulatory Framework

The European Union stands as the world’s most vigilant regulatory body in this domain, leveraging key instruments to articulate its approach:

1. Digital Services Act (DSA): Now fully active as of February 2024, this legislation mandates Very Large Online Platforms (VLOPs) to assess systemic risks, particularly those related to election processes. Following the Romanian case, the European Commission has initiated formal proceedings against TikTok.

2. AI Act (Regulation 2024/1689): Enforced from August 2024, it outlines transparency obligations, requiring labeling for deepfakes and AI-generated content. Violations can attract penalties of up to €15 million or 3% of annual global turnover.

3. Codes of Practice: These voluntary frameworks aim to ensure transparency and cooperation in labeling synthetic content and sharing data among stakeholders, serving as interim measures until the full implementation of the AI Act.

Additionally, pan-European political parties have pledged to refrain from using deceptive AI-generated content in elections.

A Collective Defense Approach

Addressing these challenges is not solely the responsibility of a single actor; it calls for coordinated efforts at multiple levels.

1. Citizen Level: Enhancing digital and information literacy serves as the first line of defense. Initiatives like EUvsDisinfo and national fact-checking programs should be embedded in educational curricula, teaching citizens to critically evaluate emotionally charged content.

2. Organizational Level: Political parties, media entities, and regulatory bodies must treat FIMI risks as standard cybersecurity concerns, implementing robust policies, executive training, and rapid response frameworks.

3. Platform Level: Calls for greater transparency in algorithms, stringent labeling of political advertisements, and identity verification for mass communication accounts have become vital in electoral contexts.

4. State Level: Inter-agency cooperation involving electoral authorities, national CERTs, and intelligence services is paramount for coordinated, effective responses.

Conclusion

While artificial intelligence and social media are not inherently threats to democracy, the potential for manipulation through these platforms is alarming. Romania’s situation serves not just as an isolated example, but as a cautionary tale for democracies worldwide. Protecting electoral integrity now requires sophisticated strategies comparable to those employed in safeguarding critical infrastructure. Upholding democracy necessitates vigilance and a proactive stance against manipulation at every level, whether institutional, organizational, or individual.

Source link