Dr Einar Thorsen
Associate Professor of Journalism and Communication at Bournemouth University.
Section 4: Parties and the Campaign
- The battle for authenticity
- Was it the Labour doorstep or the Labour smartphone that swung it for Jeremy?
- The election at constituency level
- Over-managing the media: how it all went wrong
- Aristotle and persuasive copywriting in the 2017 General Election
- Rhetoric of the 2017 General Election campaign
- When is an electoral ‘bribe’ not a bribe?
- PEBs in 2017: not gone, but largely forgotten?
- ‘Strong and stable’ to ‘weak and wobbly’: Tory campaign, media reaction and GE2017
- The Greens and the “progressive alliance”
- It’s the way I tell ‘em: car crash politics and the gendered turn
- Dogwhistle sexism
- The Women’s Equality Party and the 2017 General Election
- The resurrection of ethical foreign policy
- Why immigration faded from view in election 2017
- Invisible enemies, wars without winners: when ‘khaki elections’ fail
Cybersecurity and surveillance circumvention are not famed as classic election campaign issues. Yet both figured prominently at different times throughout the 2017 UK General Election, triggered by three devastating attacks during the campaign: the WannaCry ransomware attack that ground the NHS to a halt in early May; the Manchester Arena bombing on 22nd May that killed 23 and injured 119 people; and the London terrorist attack 3rd June that left 8 dead and 48 wounded.
The WannaCry ransomware attack , propagated through a vulnerability in computers running older versions of Windows. It across the UK with thousands of computers locked down, rendering patient records, appointment schedules and internal phone lines inaccessible. While the NHS was keen to stress that , blame was quickly attributed to Government underspending on NHS IT infrastructure.
The Guardian that the Government refused to renew a £5.5M million deal with Microsoft to extend support for end-of-life software. The NHS was singled out as one of several public bodies perceived as “exploitable by relatively low-skilled attackers”. Much maligned Jeremy Hunt was attacked again in May 2017, “‘extensive warning signs’ that could have prevented an unprecedented global cyber-attack which has plunged the NHS into chaos”.
In the immediate aftermath of the Manchester Arena attack, the Conservative Government briefed reporters that they intended to enact parts of the Investigative Powers Act called Technical Capability Orders that would to facilitate access for security services. According to anonymous ‘senior ministers’, “The social media companies have been laughing in our faces for too long” – with WhatsApp and Telegram messenger apps often singled out as having been used by terrorists.
May reignited the same calls for crackdown on encryption following the London Bridge attack. In what was , she called for international collaboration to “regulate cyberspace” and argued that “We need to deprive the extremists of safe spaces online”. This seemed to revive former PM David Cameron’s , which was and even opposed by Conservative stalwarts like Brexit Minister David Davis (who in none other than the European Court of Justice). May’s calls for stronger surveillance capabilities also triggered detailed scrutiny of the Conservative record – and Theresa May’s six year tenure as Home Secretary in particular – on national security and cuts to policing.
May’s comments on encryption were entirely consistent with her previous record on internet regulation. The echoed this tough stance, proclaiming that “we do not believe that there should be a safe space for terrorists to be able to communicate online and will work to prevent them from having this capability” (p. 79). It is important to remember that these manifesto promises come in the context of the recently passed Investigative Powers Act, which . And that this is broadly speaking a Conservative crusade.
Whilst “provide our security agencies with the resources and the powers they need to protect our country”, they also took care to balance this against ensuring “such powers do not weaken our individual rights or civil liberties” and to “reintroduce effective judicial oversight over how and when they are used, when the circumstances demand that our collective security outweighs an individual freedom” (p. 77).
The , by promising to “Roll back state surveillance powers by ending the indiscriminate bulk collection of communications data, bulk hacking, and the collection of internet connection records.” (p. 76), alongside other commitments to control and regulate surveillance. It was also the only manifesto to overtly pledge to “Oppose Conservative attempts to undermine encryption”.
for the internet to “be free of state and corporate surveillance, with our rights and freedoms protected.” (p. 21). The Conservative party’s new bedfellows, the DUP, merely to “support the expansion of cybersecurity research in Northern Ireland” (p. 17). The (it received only 2,321 votes in total), while others – including , , , or – failed to make any specific mention of cybersecurity, internet regulation or surveillance in their manifestoes.
The lack of detailed policies or manifesto pledges in this area should be of considerable concern. Opponents as diverse as and , highlight that the entire premise for all of our everyday digital interactions (from banking to the health sector) is predicated on the ability to communicate securely. However well intended, any backdoor into such processes will paradoxically undermine not only the ability of your adversary to communicate securely, but also enable them to strategically target weaknesses in our own communicative systems. Case in point: the WannaCry ransomware that nearly brought the NHS to a halt at the start of the election campaign, was . That is, the NSA identified the vulnerability and used it to create a backdoor for its own offensive surveillance work rather than reporting it to Microsoft to be patched – exposing weaknesses in the very same principles and methods advocated by Theresa May.