Misinformation and the Loss of Public Trust
December 29, 2016 | Security and Risk | John Worrall
Misinformation—and the misuse of information—came to the fore of public attention during the 2016 U.S. presidential election. Exactly who was behind the well-publicized hackings, leaks and fake news stories, and their impact, remains under investigation and might not be known for months, if ever. However, what is clear is that the ability to use misinformation for political gain or otherwise will continue to be a significant cyber security issue in 2017 and beyond. In fact, concerns have already been raised about similar attacks on trust in connection with the German Parliament elections in 2017.
Ensuring the integrity of data and controlling its use is critical to maintaining trust not only in organizations, but in public institutions and leaders’ ability to make decisions.
It’s Not New
The use or control of information to sway public opinion or gain political or military advantage is not new. In a Washington Post opinion piece, John Maxwell Hamilton of the Woodrow Wilson Center for International Scholars dated the birth of information warfare to the opening days of the First World War when the British cut German undersea cables to disrupt communications. The theft and manipulation of information for espionage and propaganda is as old as warfare itself. The use of propaganda continues today.
What is new in information warfare is the proliferation of digital data that can be remotely accessed and manipulated as well as disseminated globally. Data has become not only a resource and an asset, but also a weapon as demonstrated during the presidential campaign with the release of stolen e-mails.
That and the proliferation of fake “news” stories that often outperformed real news in social media. According to a survey by the Pew Research Center, 64 percent say fabricated news stories cause a great deal of confusion about the basic facts of current issues and events. In the same survey, 23 percent said they had shared fake stories – either knowingly or not.
This raises questions about the responsibility for protecting the integrity of data.
Manipulating the Data
Most of us (according to the Pew survey) are confident we can spot phony news. Sifting the real from the false is not always easy, however. A story about a love triangle with Elvis can be easily dismissed, but an article that shaves numbers off a political poll or the selective release of documents without context are more difficult to evaluate. Manipulating real data can be more insidious than making something of whole cloth.
A challenge of digital data is that it can be altered in ways that are difficult to detect. Data can be altered in servers and databases so that its owners are not even aware of the changes. When released or accessed under normal circumstances, this altered information can appear to be credible if available from a “trusted” source. Audio and video files can also be edited to deceive. Seeing and hearing are no longer believing, and as a result, trusted sources lose integrity.
The internet has blurred the distinction between publishers and readers/viewers. Phony or doctored information can be distributed globally at little cost and amplified through social media. Identifying the original source of falsified data or information can be difficult.
Defending our institutions
Defending ourselves and our institutions against misinformation requires a combination of personal skills and technology.
People must be media and information literate. Whether a baby boomer or a digital native, it is increasingly important to have the ability to evaluate the credibility of information and its sources. This requires a mix of critical thinking and enough knowledge/healthy skepticism to question things that just do not seem to be right. Understanding the nature of digital data and the challenges of cyber security contribute to these skills.
The creators, owners and distributors of data also have an obligation to integrity. Reputations are at stake, and the integrity of institutions could be damaged through a loss of public trust and confidence.
We have already written about the importance of data integrity as a part of a complete cyber security program. Basic practices such as encrypting data can help protect it, and hashing can help assure it has not been altered. Monitoring network activity and controlling access to privileged accounts that have permission to make changes in data also are critical.
Instilling trust in the data relied on to make decisions and protect citizens must be part of advanced cyber security strategies. Raising visibility of this challenge and spurring ongoing discussions will help maintain global awareness, even as elections fade from the front page.