The UK’s Electoral Commission (EC) has come clean about a cyber-security breach between 2021 and 2022 that laid bare the data of 40 million voters. This cyber-breach happened around the same time the EC’s systems failed a cyber-security test.
The EC is not a government institution per se, but a government-backed independent body. It oversees the election process and, just as important, has regulatory control over political financing in the electioneering process. It’s an organisation held in public trust. And it’s held up as the gold standard in democratic sovereign states for honesty and due diligence. It has guided the United Kingdom through the last six elections. For your interest, this counts as the 52nd election won by Tony Blair’s Labour Party, to the 57th election which rather messily triggered three different Conservative Prime Ministers; Boris Johnson, Liz Truss and the incumbent, Rishi Sunak.
Silence is not Golden
A whistleblower from within the EC prompted the organisation to inform the public of the breach. But this has come after it had known for almost a year about the ‘hostile actors’ who breached the system. Why?A hostile actor, by the way, is defined broadly as one of the following; cyber-criminal, terrorist or hacktivist. A hacktivist, as the name suggests, is someone who gains unauthorised access to files or networks for social or political ends.
The test the EC failed is known as Cyber Essentials, a system that’s voluntary, not mandated, to assist organisations achieve the minimum in best practice security. A certificate from Cyber Essentials is a marketing tool to reassure customers of safe practice.
On the EC site is a list of the data which was exposed to the cyber burglars. It appears to be relatively unthreatening. Addresses, contact numbers, that sort of thing. But unthreatening in terms of not being life-threatening, certainly. But not in terms of who wants to buy this sort of information. We’ve already had a pretty devastating display of the data manipulation which almost certainly resulted in Brexit.
In this uneasy era of generative AI and at the threshold of AGI (Artifical General Intelligence), our minds default too quickly to worst case scenarios. But there’s going to be enough suspicion surrounding the next general election in the UK, whatever the outcome. The same doubt will be cast over the US election.
We hope this incident won’t fan the flames. Well, too much.
Inside Telecom provides you with an extensive list of content covering all aspects of the Tech industry. Keep an eye on our News section to stay informed and updated with our daily articles.