Defending Democracies Against Information Attacks

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may damage democracy as a whole.

Our initial account is necessarily limited. Building a truly comprehensive understanding of democracy as an information system will be a Herculean labor, involving the collective endeavors of political scientists and theorists, computer scientists, scholars of complexity, and others.

In this short paper, we undertake a more modest task: providing policy advice to improve the resilience of democracy against these attacks. Specifically, we can show how policy makers not only need to think about how to strengthen systems against attacks, but also need to consider how these efforts intersect with public beliefs­—or common political knowledge­—about these systems, since public beliefs may themselves be an important vector for attacks.

In democracies, many important political decisions are taken by ordinary citizens (typically, in electoral democracies, by voting for political representatives). This means that citizens need to have some shared understandings about their political system, and that the society needs some means of generating shared information regarding who their citizens are and what they want. We call this common political knowledge, and it is largely generated through mechanisms of social aggregation (and the institutions that implement them), such as voting, censuses, and the like. These are imperfect mechanisms, but essential to the proper functioning of democracy. They are often compromised or non-existent in autocratic regimes, since they are potentially threatening to the rulers.

In modern democracies, the most important such mechanism is voting, which aggregates citizens’ choices over competing parties and politicians to determine who is to control executive power for a limited period. Another important mechanism is the census process, which play an important role in the US and in other democracies, in providing broad information about the population, in shaping the electoral system (through the allocation of seats in the House of Representatives), and in policy making (through the allocation of government spending and resources). Of lesser import are public commenting processes, through which individuals and interest groups can comment on significant public policy and regulatory decisions.

All of these systems are vulnerable to attack. Elections are vulnerable to a variety of illegal manipulations, including vote rigging. However, many kinds of manipulation are currently legal in the US, including many forms of gerrymandering, gimmicking voting time, allocating polling booths and resources so as to advantage or disadvantage particular populations, imposing onerous registration and identity requirements, and so on.

Censuses may be manipulated through the provision of bogus information or, more plausibly, through the skewing of policy or resources so that some populations are undercounted. Many of the political battles over the census over the past few decades have been waged over whether the census should undertake statistical measures to counter undersampling bias for populations who are statistically less likely to return census forms, such as minorities and undocumented immigrants. Current efforts to include a question about immigration status may make it less likely that undocumented or recent immigrants will return completed forms.

Finally, public commenting systems too are vulnerable to attacks intended to misrepresent the support for or opposition to specific proposals, including the formation of astroturf (artificial grassroots) groups and the misuse of fake or stolen identities in large-scale mail, fax, email or online commenting systems.

All these attacks are relatively well understood, even if policy choices might be improved by a better understanding of their relationship to shared political knowledge. For example, some voting ID requirements are rationalized through appeals to security concerns about voter fraud. While political scientists have suggested that these concerns are largely unwarranted, we currently lack a framework for evaluating the trade-offs, if any. Computer security concepts such as confidentiality, integrity, and availability could be combined with findings from political science and political theory to provide such a framework.

Even so, the relationship between social aggregation institutions and public beliefs is far less well understood by policy makers. Even when social aggregation mechanisms and institutions are robust against direct attacks, they may be vulnerable to more indirect attacks aimed at destabilizing public beliefs about them.

Democratic societies are vulnerable to (at least) two kinds of knowledge attacks that autocratic societies are not. First are flooding attacks that create confusion among citizens about what other citizens believe, making it far more difficult for them to organize among themselves. Second are confidence attacks. These attempt to undermine public confidence in the institutions of social aggregation, so that their results are no longer broadly accepted as legitimate representations of the citizenry.

Most obviously, democracies will function poorly when citizens do not believe that voting is fair. This makes democracies vulnerable to attacks aimed at destabilizing public confidence in voting institutions. For example, some of Russia’s hacking efforts against the 2016 presidential election were designed to undermine citizens’ confidence in the result. Russian hacking attacks against Ukraine, which targeted the systems through which election results were reported out, were intended to create confusion among voters about what the outcome actually was. Similarly, the “Guccifer 2.0” hacking identity, which has been attributed to Russian military intelligence, sought to suggest that the US electoral system had been compromised by the Democrats in the days immediately before the presidential vote. If, as expected, Donald Trump had lost the election, these claims could have been combined with the actual evidence of hacking to create the appearance that the election was fundamentally compromised.

Similar attacks against the perception of fairness are likely to be employed against the 2020 US census. Should efforts to include a citizenship question fail, some political actors who are disadvantaged by demographic changes such as increases in foreign-born residents and population shift from rural to urban and suburban areas will mount an effort to delegitimize the census results. Again, the genuine problems with the census, which include not only the citizenship question controversy but also serious underfunding, may help to bolster these efforts.

Mechanisms that allow interested actors and ordinary members of the public to comment on proposed policies are similarly vulnerable. For example, the Federal Communication Commission (FCC) announced in 2017 that it was proposing to repeal its net neutrality ruling. Interest groups backing the FCC rollback correctly anticipated a widespread backlash from a politically active coalition of net neutrality supporters. The result was warfare through public commenting. More than 22 million comments were filed, most of which appeared to be either automatically generated or form letters. Millions of these comments were apparently fake, and attached unsuspecting people’s names and email addresses to comments supporting the FCC’s repeal efforts. The vast majority of comments that were not either form letters or automatically generated opposed the FCC’s proposed ruling. The furor around the commenting process was magnified by claims from inside the FCC (later discredited) that the commenting process had also been subjected to a cyberattack.

We do not yet know the identity and motives of the actors behind the flood of fake comments, although the New York State Attorney-General’s office has issued subpoenas for records from a variety of lobbying and advocacy organizations. However, by demonstrating that the commenting process was readily manipulated, the attack made it less likely that the apparently genuine comments of those opposing the FCC’s proposed ruling would be treated as useful evidence of what the public believed. The furor over purported cyberattacks, and the FCC’s unwillingness itself to investigate the attack, have further undermined confidence in an online commenting system that was intended to make the FCC more open to the US public.

We do not know nearly enough about how democracies function as information systems. Generating a better understanding is itself a major policy challenge, which will require substantial resources and, even more importantly, common understandings and shared efforts across a variety of fields of knowledge that currently don’t really engage with each other.

However, even this basic sketch of democracy’s informational aspects can provide policy makers with some key lessons. The most important is that it may be as important to bolster shared public beliefs about key institutions such as voting, public commenting, and census taking against attack, as to bolster the mechanisms and related institutions themselves.

Specifically, many efforts to mitigate attacks against democratic systems begin with spreading public awareness and alarm about their vulnerabilities. This has the benefit of increasing awareness about real problems, but it may ­ especially if exaggerated for effect ­ damage public confidence in the very social aggregation institutions it means to protect. This may mean, for example, that public awareness efforts about Russian hacking that are based on flawed analytic techniques may themselves damage democracy by exaggerating the consequences of attacks.

More generally, this poses important challenges for policy efforts to secure social aggregation institutions against attacks. How can one best secure the systems themselves without damaging public confidence in them? At a minimum, successful policy measures will not simply identify problems in existing systems, but provide practicable, publicly visible, and readily understandable solutions to mitigate them.

We have focused on the problem of confidence attacks in this short essay, because they are both more poorly understood and more profound than flooding attacks. Given historical experience, democracy can probably survive some amount of disinformation about citizens’ beliefs better than it can survive attacks aimed at its core institutions of aggregation. Policy makers need a better understanding of the relationship between political institutions and social beliefs: specifically, the importance of the social aggregation institutions that allow democracies to understand themselves.

There are some low-hanging fruit. Very often, hardening these institutions against attacks on their confidence will go hand in hand with hardening them against attacks more generally. Thus, for example, reforms to voting that require permanent paper ballots and random auditing would not only better secure voting against manipulation, but would have moderately beneficial consequences for public beliefs too.

There are likely broadly similar solutions for public commenting systems. Here, the informational trade-offs are less profound than for voting, since there is no need to balance the requirement for anonymity (so that no-one can tell who voted for who ex post) against other requirements (to ensure that no-one votes twice or more, no votes are changed and so on). Instead, the balance to be struck is between general ease of access and security, making it easier, for example, to leverage secondary sources to validate identity.

Both the robustness of and public confidence in the US census and the other statistical systems that guide the allocation of resources could be improved by insulating them better from political control. For example, a similar system could be used to appoint the director of the census to that for the US Comptroller-General, requiring bipartisan agreement for appointment, and making it hard to exert post-appointment pressure on the official.

Our arguments also illustrate how some well-intentioned efforts to combat social influence operations may have perverse consequences for general social beliefs. The perception of security is at least as important as the reality of security, and any defenses against information attacks need to address both.

However, we need far better developed intellectual tools if we are to properly understand the trade-offs, instead of proposing clearly beneficial policies, and avoiding straightforward mistakes. Forging such tools will require computer security specialists to start thinking systematically about public beliefs as an integral part of the systems that they seek to defend. It will mean that more military oriented cybersecurity specialists need to think deeply about the functioning of democracy and the capacity of internal as well as external actors to disrupt it, rather than reaching for their standard toolkit of state-level deterrence tools. Finally, specialists in the workings of democracy have to learn how to think about democracy and its trade-offs in specifically informational terms.

This essay was written with Henry Farrell, and has previously appeared on Defusing Disinfo.

Posted on April 30, 2019 at 6:59 AM46 Comments


RogerBW April 30, 2019 7:29 AM

I see an interesting parallel here.

Intelligence/police agencies don’t want secure computing, because they want to exploit the vulnerabilities for their own purposes.

Political classes don’t want secure societies, because they want to exploit the vulnerabilities for their own purposes.

Denton Scratch April 30, 2019 8:29 AM

I think that for an essay about defending democracy, you need to explain what you think ‘democracy’ is.

Is it really correct to say that democracy is when the people get to vote on who is supposed to represent them for the next four/five years; and then they have to shut up? I mean, maybe it is; but if that’s all it means, why the big deal about democracy? What’s the point in fighting for such a thin, watery pot of gruel?

The ancient Athenians allowed all citizens to participate in all decisions (a bit like the modern Swiss). Of course, in ancient Athens, most of the hard work was done by slaves, who of course were not allowed to participate.

We have a situation in the UK where a referendum ‘decided’ that the UK would leave the EU. Elected representatives are now calling for a new referendum, in the hope of overturning the last referendum (and a good number of these representatives have now abandoned the parties on whose manifestos they won their seats and are now sitting as members of a completely new party, but refuse to resign their seats so that a by-election can be run). The government here is being “run” by a party that lost the last general election.

Something similar happened in Norway; they also had a second referendum. And in Ireland. It seems that some of our “democratic” representatives don’t think that the people’s vote is decisive. So which version of democracy is it that we are trying to defend – the version that our representatives want, or the will of the people? And how do you tell what is the will of the people, if their representatives obviously disagree with their own electorates?

To misquote Ian Hislop (the editor of Private Eye), “If this is democracy, I’m a banana”.

Bruce Schneier April 30, 2019 8:35 AM


The way I like to say it is that everyone wants you to have security, except from them.

Clive Robinson April 30, 2019 8:45 AM

@ Jack,

There is evidence that some Russia interests did try and use social media.

What is not clear is who the “Russian interests” were working for. There is some evidence that infact certain US hedgefund managers diverted money through Russia.

What has also become clear is that the traffic that has been claimed to have come from Russia was of absolutly miniscule amount compared to US generated traffic.

However there is increasing evidence that Facebook in colaboration with Cambridge Analytica was very much selling “Election manipulation” to various people. And that senior political figures such ad John Bolton were in it upto and beyond their eyeballs… But then you won’t read much about that in US MSM many of whom had also been touched by Cambridge Analytica and their associated entities.

The investigation of Cambridge Analytica in the UK by the Met Police had started to unearth all sorts of US funding and involvment. Then suddenly the investigation was halted. Why is unknown but certainly some UK Politician’s feel it was by intervention through the supposed “Special Relationship” where by the UK toadies to US whims, much as Australia and Canada do. As was reveiled by the Manning / Wikileaks release of US diplomatic “cables” and other entities Emails.

Thus was there influance attempted from Russia in the US 2008/2016 elections? Yes, though who payed for it suggests US interests at quite a high level were involved. Was the influance successfull? We don’t know as we realy do not know what the people paying for it wanted to get out of it.

That is as increasing evidence shows the influence was way way to small to actually compeate with home grown US propaganda. Thus some have reasoned that those paying for it, must have known that would be the case. Thus like the Steel Report there are question marks over the Who, What and Why of what was realy happening and where the influance/motivation if not money realy came from.

When you compare the sums of money involved against those of US Agency spending to try to change South American election outcomes, –that again John Bolton is more than peripheraly involved with– it is just a tiny fraction.

Thus some are looking to see if it was a “false flag” operation, as a backup if other efforts or outcomes did not go as desired.

Now before you get into saying much else please remember I have no skin in the game of US politics. From my point of view nearly all the “Political Insiders” up on the Hill are crooks on the take, and have been for decades or more to the point of being endemic. Something the Special Council Robert Mueller Investigation certainly made abundantly clear.

Quidnam April 30, 2019 9:35 AM

“Similar attacks against the perception of fairness are likely to be employed against the 2020 US census. Should efforts to include a citizenship question fail, some political actors who are disadvantaged by demographic changes such as increases in foreign-born residents and population shift from rural to urban and suburban areas will mount an effort to delegitimize the census results.”

It is just as likely that critics on the opposite side will deride the results of the 2020 census to the extent that it does include a citizenship question, as that will be viewed as suppression.

The biggest problem with your essay above is that you don’t seem to have clearly defined what makes something a “knowledge attack” versus a legitimate exercise of political speech — much less who gets to decide which is which, if a clear and consistent distinction were even possible to make.

Sok Puppette April 30, 2019 9:38 AM

There are likely broadly similar solutions for public commenting systems. Here, the informational trade-offs are less profound than for voting, since there is no need to balance the requirement for anonymity ([cut]) against other requirements ([cut]).

Bald, unevidenced, and false assertion. In fact, anonymity is a critically important requirement for all discussion and comment systems.

Malgond April 30, 2019 10:05 AM

Democracy cannot be defended from information attacks. It relies on information attacks – attacks executed by politicos on the voters.

This is only a power struggle on who gets to scam the voters.

Seegras April 30, 2019 10:48 AM

Democracy is broadly defined government by the people. Perhaps direct, more often indirect. Even in Switzerland, most decisions are made by elected representatives, and not voted directly on by the people.

However, there are several things a democracy is based on. First off, the rule of law. You can’t have a democracy when it is possible for rulers to take out a part of their constituents because they might not vote for them, or because they might be competition. If it is possible to loose the right to vote for instance, then the incumbents can subvert the democratic process, and the democracy itself looses its legitimacy. Please note that the fact alone that a state doesn’t adhere to the rule of law, already makes it loose its legitimacy as a democracy.

Something similar goes with census that’s problem-riddled in a few states, most notably the USA. Same here: You loose your legitimacy if it’s possible to throw out constituents out of the political process.

And the same is true for artificial hurdles like percentiles (where a minimum percentage of votes is need to be represented in the first place. Which basically stacks the deck towards incumbents and against smaller parties).

[ran out of time; there’s more I wanted to say. Maybe later]

Denton Scratch April 30, 2019 11:45 AM


“First off, the rule of law.”

Nicely-made point, and I agree.

“If it is possible to loose the right to vote for instance, then the incumbents can subvert the democratic process, and the democracy itself looses its legitimacy.”

Many (most? all?) US states bar convicts in prison from voting. Some states also bar convicts who have served their sentence from voting, or require them to petition (i.e. beg) their state government to restore the vote to them, after they are released. Wikipedia says that 40% of prisoners in the US are black, against 13% of the general population. That’s some serious disenfranchisement.

US voting arrangements are also subject to gerrymandered voting districts, so that all the “undesirables” get to vote in some weird snake-shaped district, and are excluded from the district where their more-desirable neighbours get to vote. So desirable voters get more representatives. This has been going on since the Civil War, and many such districts still exist.

I don’t mean to be preachy about this; the European Court of Human Rights has denounced the UK government for refusing to grant voting rights to jailed convicts (and I believe that is one of the reasons why some rightists wanted to escape from the EU).

I think prison should only be used to confine people who are objectively a danger to others; and I believe they should even in prison be allowed to vote.

But I’m not at all sure that voting is the same as democracy; I’m afraid of a dictatorship of the majority. The Irish reached something like a consensus on abortion law by means of a Citizen’s Council (yes, I know, followed by a referendum). That was an interesting result.

Sergey Babkin April 30, 2019 12:53 PM

It seems like the way to secure the democracy is to make it as transparent as possible, so that nobody has any doubt of how things actually work.

For example, this means that the citizenship question must obviously be included in the census. The extra information and extra transparency doesn’t hurt anything. The attempts to exclude this question are based on an attempt to extract extra benefits (including the political power) through the lack of transparency, or to put it in simpler words, cheating. If someone openly cheats, that obviously creates the suspicions towards the cheater. Lamenting these suspicions and the attempts to stop them do not help the democracy at all, on the contrary, these efforts only promote the cheating. And lack of trust in the democracy with high level of cheating is a natural consequence. The way to promote the democracy is to prevent the cheating.

Putin’s regime is actually a great example in this respect: it’s nominally a democracy but with a high level of cheating gradually built into it in the last 20 years. If the cheating is not stopped early, it develops over time, and becomes harder and harder to stop.

Michel April 30, 2019 1:12 PM

The solution is Diebold-mediated voting.
Especially since Courts approved it – at least UFN.

The citizenry is hopefully misinformed by the current crop of media.

There used to be safeguards against many of the abuses we see today; somehow they started to disappears about 6 years ago.

Denton Scratch April 30, 2019 1:57 PM

@Ergo Sum

“And that’s just great…”

Yeah. Well, that’s kind of inevitable, right? Countries always try to influence one-another’s internal processes. Even if it was banned by treaty, it would still go on – that is almost a mathematical truth.

I think that @Sergey is right that transparency is a strong defence.

John Feeney April 30, 2019 3:01 PM

Any new system to filter the news and info is going to suffer from the same problem i.e. who controls that system. The only real defense is a body of voters who know world history, American history and how our government works and who look at both sides of an issue based on their own efforts. Virtually all media content is controlled by who owns the media so one only gets the owner’s version. And the voter needs to think and think again based what they have learned on their own. Too many voters are swayed by sound bites and what looks good on TV. If you don’t know the history of a candidate or the history of what he or she is proposing, then you are voting out of ignorance.

vas pup April 30, 2019 4:07 PM

@Ergo Sum • April 30, 2019 1:15 PM
Yes, you are right.
I stated many times on this respectful blog that democracy and republican form of government are NOT the same.
Democracy is about political regime: real rights and freedoms on the regular folks (not tycoons or high level elected/appointed officials). Government not legislate morality, not interfere with personal choice which are not affected other people, but provide protection against violence, disasters, etc.
Most important that those rights are not just declared, but real transparent mechanism of their usage and protection exists through clear legislation, responsible executive branch (LEAs as part of it), unbiased and politically neutral judiciary.
Democracy is spectrum category. You may have monarchy with more democracy than presidential or parliamentary republic. Many example are in history. So, election by itself as main feature as republican form does not automatically transformed to democracy. If (as respected bloggers pointed out) elected officials could not be recalled if they do not follow their pre-election promises, if they pretend they are listening to the needs of their constituents, but in reality more concern about needs of powerful lobbyists, if there is no term limits and they consider their position as representative kind of life time employment, then your transform republican form of government to serve interests of few, not majority. Just my humble opinion based on observations.

VinnyG April 30, 2019 4:12 PM

Democracy describes a form (or forms) of government. The essential good is liberty, along with any other rights that can be demonstrated to be on equal footing (I believe that all other human rights are derivative of liberty,) not the design of whatever bulwark may have been erected at a particular time to attempt its preservation. The historical performance of forms of government claiming to be “democracy” in regard to preserving liberty is far from encouraging.

MarkH April 30, 2019 4:24 PM

Whilst I accept Sergey’s notion that transparency is to the good …

… how is transparency served by changing the U.S. census in a way which will surely damage the accuracy of its results?

And how is it “cheating” to conduct the census without asking about citizenship, when the Constitution demands “counting the whole number of persons in each State”?

Note well that the language is PERSONS, not CITIZENS.

If any cheating is implicated, it is by modifying the census in manner guaranteed to make it less accurate.

MarkH April 30, 2019 4:52 PM

@VinnyG, who wrote “the historical performance of forms of government claiming to be ‘democracy’ in regard to preserving liberty is far from encouraging”

That is indisputable, considering that the most suffocating totalitarian state of recent times (and perhaps, in all history) calls itself the Democratic People’s Republic of Korea.

It’s a tribute to the power of the democratic idea, that almost all modern totalitarian and authoritarian regimes lay claim to the label.

The fallacy on which they capitalize, is the conflation of democracy with elections.

The conduct of elections is a necessary condition for democracy, but far from sufficient. Putin knows this well; national elections in Russia are not only predetermined, but to borrow a math term are also overdetermined.

Other necessary conditions include:

• candidacy for elections must be accessible, and the conduct of elections open and accurate
• freedom of the press
• rule of law (government of laws, not of men)
• courts whose rulings are potent, and whose judgments have significant independence from the executive power
• a substantial regime for the protection of civil rights
• a widely shared civil ethic of respect for the foregoing institutions

Considering states which have all of these elements — even when they function with many imperfections — their performance in safeguarding liberty is unmistakably superior, to states lacking them.

Clive Robinson April 30, 2019 6:38 PM

@ Sergey Babkin,

For example, this means that the citizenship question must obviously be included in the census. The extra information and extra transparency doesn’t hurt anything.

History would disagree with you. Various invading totalitarian forces have discovered “collected data” invaluable as a source of oppression. Even things like church and club records can be and have been used.

The two golden rules for any organisation that has significant potential to do harm is “Keep information to the minimum to do the specific task”, that way there is less to do harm with. The second is “Keep specific tasks and their collected data segregated by law”, again to minimize the potential for harm. Entirely seperate databases means also that “errors are localized” which makes them a lot easier to find and fix.

Also lots of entirely seperated databases actually improves security for individuals as well, which in these days of identity theft is usefull.

Unfortunatly the one rule that appears missing in alledged democracies these days is the true meaning of “Civil Servant”. It means “to serve the people” not as many in such employment give signs of thinking these days of “to rule the people”.

David Leppik April 30, 2019 7:19 PM

…it may be as important to bolster shared public beliefs about key institutions such as voting, public commenting, and census taking against attack, as to bolster the mechanisms and related institutions themselves

Hmmm… makes me think of security theater. Although many forms of security theater might not survive propaganda attacks, some might.

I’m reminded of how in nature many forms of signaling are difficult to mimic, due to some combination of being expensive (in calories) and related to the thing they are signaling. Famously, a peacock’s feathers show a strong immune system, since a large display with a weak immune system results in tattered feathers. Similarly a howler monkey’s howl requires a lot of stamina. In our society, banks don’t need expensive lobbies to store your money, but it signals that they have the cash to weather downturns. (Although displays of wealth may also indicate a lack of fiscal responsibility.)

This implies we want systems which bolster confidence in ways that signal that we’re not skimping on security. Big, heavy, expensive-looking locks on ballot boxes, for example. Or a small army of volunteers at polling booths. Or fancy uniforms for census takers.

justinacolmena April 30, 2019 7:33 PM

how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist

That’s precisely the way we want it in a democracy. We the people have to be capable of getting off the pot, educating ourselves, and sorting out the truth from the lies, and forming our own opinions.

We don’t want or need the government to control everything we speak, read, and write, and dictate the socially acceptable way of thinking about thus and such an issue.

Freedom of speech does not need to be that complicated.

Humdee April 30, 2019 8:43 PM

@bruxe writes, “influence attacks”

I don’t know what value “attack” adds to “influence”. Is there non-attack influence? If so, what does it look like? How does one distinguish between plain-old fashioned political lobbying and an “influence attack?” Is one formal and the other informal?

Influence attack sounds like a buzzword, and a bad one at that.

MarkH April 30, 2019 9:10 PM

Clive’s observation brought to mind a concrete example (admittedly, very extreme).

A friend who lived in Germany for some time told me that when she was there (1970s I believe) local police kept a registry of every resident in each town.

Perhaps the details had changed by then, but she had learned that in the 1930s these registries included religion and ethnicity.

When the Nazis were ready to arrest all of the Jews, they only needed to visit the police office and scan the registry …

Mike May 1, 2019 4:53 AM

@Clive Robinson wrote, “History would disagree with you. Various invading totalitarian forces have discovered “collected data” invaluable as a source of oppression. Even things like church and club records can be and have been used.”

The missing factor is that people often lie. The fact that census is often viewed as a way to measure public policy and perhaps selective punishment. In a true democracy, people are compulsive liars. Likewise, while Christians were dogmatized not to lie, you do not know who are the real Christians.

Thus, the study of political engineering requires a set of metrics and ways to effectively measure. This can often be viewed as system paradigm such as model view controller design. The Model is a well-defined sample. The View is a feedback scheme with metrics. Controller is the mechanism by which the behaivor of the sample can be incremnetally altered thru rule/policy adjustments.

A “totalitarian” force has all three aspects under crisp control, but if the “sample” is aware of its existence it will adapt to deviate. Thus, an effective “totalitarian” force is one which isn’t discovered by the sample of which it manipulates.

Wesley Parish May 1, 2019 4:54 AM

One thing that kept ringing through my mind as I read this article was: “Read Isabel Allende’s Paula” It contains details of how the Chilean military and the right wing used the conservative discontent with President Salvador Allende and his non-violent means of changing Chilean society, to destroy democracy.

A very similar thing is currently going on in Venezuela, with the current US presidential recumbent boasting of interferring in Venezuela’s internal affairs.

From that we can justly ask: how can democracy (such as it is, such as we have it) be bolstered against the combination of treason and deep wallets?

Mike May 1, 2019 5:16 AM

@Humdee, wrote, “How does one distinguish between plain-old fashioned political lobbying and an “influence attack?” ”

IMHO, it would be quite easy to do so. An “influence attack” is one which you attribute as illegitimate. This is more to just a pot calling a kettle black. In a democratic society, people are not guaranteed to act like gentlemen. A chaotic atmosphere breaths like democracy because the participants were not “influenced” by a set of standard known as “common political knowledge”. “Political education” is in fact a very commie thing to do.

Ergo Sum May 1, 2019 6:30 AM


May I ask why my yesterday’s post had been removed?

I initially believed that I didn’t actually posted it, but two people replied to my yesterday’s post.


Peter May 1, 2019 8:30 AM

Democracy in its original Greek meaning is ‘rule by the people’.

The most important principle was not ‘each citizen had a vote’, but ‘each citizen is equal to the law’.
Meaning a simple worker could lodge a complaint against the ruler and he or she would be sure to get an honest and transparent judgement by a jury overseen by the other citizens.

We have diverted from this over time and come up with many variants of democracy.

Taking the original principle as the base reference then a lot of so-called democracies today (where they have ‘elections and votes’) are not that (for example Russia or the predecessor the USSR).

Even the USA would be not compliant seeing al the things happening against certain groups in the population as mentioned in some of the post above.

A Dutch professor of Law (Uni Leiden) has written a very interesting book about just this subject.
Bastiaan Rijpkema “Militant Democracy , the limits of democratic tolerance – 2018” (US version

Strongly recommended.

Bruce Schneier May 1, 2019 6:35 PM

@Ergo Sum

“May I ask why my yesterday’s post had been removed?”

Almost certainly it was too much politics not directly related to the topic of the blog post.

I need to do another round of comment culling….

tz May 1, 2019 7:54 PM

Democracies always die. Plato observed it first, but it was later noted it happens when they vote for tax money.

Beyond that, the demos, the polis, are stupid and react to rhetoric instead of reason and evidence – see Aristotle.

Remember before A17 the Senate was appointed by the states so they avoided stupid demogogues.

But now, “FREE STUFF! FREE STUFF! FREE STUFF!”, just elect me.

Venezuela died because of it.

Africa is one man, one vote, one time.

Democracy must be limited and controlled. Just enough to make government legitimate, but not so much to make for mob rule.

Denton Scratch May 1, 2019 9:30 PM


“Almost certainly it was too much politics not directly related to the topic of the blog post.”

I fear that might have been my fault; I suspect that my comment was not deleted, because quite a lot of the rest of the thread was about the meaning of democracy, a question that I raised, and deleting my comment might have rendered senseless much of the rest of the comments.

But I’d like to know what @Ergo Sum said.

I used to work with a group called Indymedia (now sadly mostly deceased). Our policy was that all posts were permitted; but we would “hide” posts that violated certain (published) rules. Hidden posts could be viewed by appending a specific query-string to the URL, but were blocked from search engines. We did do moderation; we would completely blank (not hide) egregious libel, and incitement to violence. And we would redact posts that contained personal information such as addresses. But in general, the Indymedia websites worked pretty well, without silently deleting posts. There were even critical websites that tracked the posts that we were hiding.

We occasionally received legal threats; but we had no money, and we were pseudonymous, and had no leaders. I’m not aware that any Indymedia collective was ever sued – it’s often been said that it is foolish to sue a man of straw (i.e. someone who has no money).

Indymedia was not a private blog, like this is; it was meant to be a sort of public news resource that anyone could contribute to. And it wasn’t devoted to a single topic, in the way that this blog is devoted to security.

I’m sorry that some of my contributions don’t bear directly on matters of security! I’m trying to do better. But I wonder if you’d consider allowing a little more transparency about what is being deleted?

fajensen May 2, 2019 3:38 AM

@Denton Scratch
The ancient Athenians allowed all citizens to participate in all decisions (a bit like the modern Swiss). Of course, in ancient Athens, most of the hard work was done by slaves, who of course were not allowed to participate.

The ancient Greeks had a much more realistic take on voting and the kind of people running for elections than we have.

For them, corruption and election fraud was a given thing. They designed systems to allow elections while minimising the influence of corruption and election fraud.

One of the ways was election by lottery.

They used a pachinko-type machine for randomising the votes, called the ‘Kleorterion’ ( and they held elections very often sometimes electing judges for the days trials.

Loading up the Supreme Court with cronies was probably both tried and abandoned in ancient Greece, yet here we are!

Dennis May 2, 2019 5:41 AM

@fajensen wrote, “The ancient Greeks had a much more realistic take on voting and the kind of people running for elections than we have. ”

I suspect this is due to they cared for democracy. The present politicos appear to care less as long as they are voted into the office. There weren’t any complaints of “fake news” during the Obama elections to undermine his legitimacy, as long as he gets elected. It is very easy to identify the common complainers as those on the losing end of democracy. The MSM has never been so low in the past.

Signals and Systems May 2, 2019 11:19 PM

I don’t get why FCC couldn’t just ask people to send their comments via paper mail. Yes, it’s more expensive for everyone, but only marginally and it would prevent easy automation.

For example, some of Russia’s hacking efforts against the 2016 presidential election were designed to undermine citizens’ confidence in the result.

This might be true, but in light of mainstream media spending the last two+ years doing exactly the same thing, this concern rings a bit hollow.

Benkic May 3, 2019 6:05 AM

I don’t think that you can usefully conceptualize democracy as a ‘system’. Otherwise it would have been a cinch for the US to ‘install’ it in Iraq.

Neither is democracy a method for arriving at the ‘best’ answer. It is a method for avoiding civil war when different groups of people disagree about who and how they are governed. That’s all.

So, for me, democracy is a culture: the losers have to accept that they lost, without taking up arms or destroying everything. The winners have to be graceful. The population has to have a sufficiently strong feeling of “we” to overcome the winner/loser divide.

As you should know, it’s all about trust. But not trust in a ‘system’, but trust in each other, in “people in general”.

So arguably, anything which increases divergence and disunity in a population is going to increase fragility of the democracy. This could apply to mass immigration of people from a very different background who don’t easily assimilate. It could also be seen the increasing tendency towards “identity politics” where people are classified according to various categories, and portrayed as being eternally and irreversibly antagonistic.

Fake news is a very Roschachian thing: everyone seems to know exactly what it is, or isn’t, and the also believe that everyone else has been manipulated by fake news, but not themselves.

The Pull May 3, 2019 11:28 AM


Love your cynicism


Russia won, in their ‘agents of influence’ campaign in 2016. Now, we have a new Presidential race coming up. Russia hacked people’s minds. They figured out what Trump’s base wanted to believe, and used that as a passkey into their hearts. They also rightly figured that the US could do nothing in return.

There was, that is, no cost to what they did.

So, the chance of this happening in the next election, is very high.

Russia’s behavior here, has been much like their behavior in Ukrainia, and with their assassinations. They wanted people to know they did it. This was a mistake on their part, it is a ‘signature’. In crimes where a criminal includes a ‘signature’, they show a flaw their own self. (The concept of a criminal leaving a ‘signature’ is from FBI BSU.)

Russia is very good at playing ‘agents of influence’, and they have been doing this since Czarist times. It certainly tends to backfire on them. Czarist secret police were a major motivator for the revolution.

My understanding is both US intel & mil take this very seriously, and are preparing for 2020. To do so requires, foremost, strong pressure on the major social forums which have been used in these battles: reddit & facebook, looking at you.

Almost ironically, “the American left” do have control of mainstream media. This leaves Fox News & Breitbart as key fronts Russia is likely to attempt to influence.

Finally, there is the problem of “moles”. Russia likes to find smart people in intelligence, and provide them with easy wins, so as to advance their career.

Last election, we saw a guy in charge of the DIA willing to spread the story that Pizzagate was real. This fact did not seem to stun anyone.

Finally, as for “cost”, I do not think there is anything US can do, besides lame sanctions, sadly. The best bet is probably to ‘turn the other cheek’, and simply play the defensive.

disclaimer: Just some armchair, amateur musings.

The Pull May 3, 2019 11:52 AM

@ convo, on “Democracies sucking”

I am surprised by the negative statements on democracy. While we can certainly point to the fact that democracies are flawed, isn’t it because the people are flawed? And, is there truly no progress being made?

Is there any other system that could keep rights such a ‘freedom of speech’, ‘freedom of religion’, ‘freedom of press’ alive? Where you can have the right to be critical of your government?

Aren’t people getting better, as a whole, more educated?

Remembering in the first of the twentieth century, eugenics was popular, as was Adolph Hitler. Back before the days of easy video cameras chronicalling, for instance, Hitler military buildup. Or, freedom of video to capture, say, abuse from rogue law enforcement?

Surely, there remain a lot of flaws, but how would any other system not make those flaws even worse? Isn’t the only real alternative to Democracy tyranny? Some manner of totalitarianism?

Alyer Babtu May 3, 2019 12:46 PM

@The Pull

Is there any other system that could keep rights

It is important for political freedom that historical rights be maintained, and “experts” be kept in their place i.e. “meritocracy” be narrowly constrained. The mixed regime is probably best, some form of constitutional aristocratic-monarchical rule informed by the mutual faith and obligation precepts characteristic of feudalism.

Also people are not really being better educated, but rather are becoming habituated to expecting “systems”, and reduced to “expert” button-pushers for all aspects of life.

Some good political reading: writings of Aurel Kolnai.

Mike May 6, 2019 4:53 AM

@Alternate Delegate wrote, “An IS analysis also fails as a model for the larger challenges of democracy by failing to account for the dominant role of money.”

Money, in one of its many faces, is a way of democracy by voting with your dollars. However, this thinking has many fallacies. The major one being money is elastic. The amount of money is a changing variable because it can expand and contract at a very fast pace due to demand and supply. Thus, money is never a true measure of democratic demand.

Wesley Parish May 7, 2019 3:11 AM

To add to the discussion, we could do worse than remember that homo sapiens’ basic unit is the band, generally of related individuals plus additions. In that context the individual members are in constant contact with the leader and are able to continually give feedback. The result is that all decisions need to be okayed with as many members of the band as possible, unless it is so obvious that nobody would want to waste any time.

Now as we climb the ladder to more and ever more complex communities, the distance between the leader and the followers becomes ever greater. The simple division of labour between the sexes has other divisions added to it, divisions of labour between the ranks of the followers.

Democracy as I understand it from my reading of Plato and Aristotle a fair few years ago, was put in place in Athens to replace a system of kingship which relied on kings who lead by their charismatic personalities: after Theseos, the legend goes, they just didn’t come along any more.

So, to fill the gaps due to the lack of kings leading by charismatic personality, we have a more ordered, defined approach, where leaders are encouraged to emerge from the population and earn a place by showing their ability to lead. (If you’ve ever read any of Jane Goodall’s books on chimpanzees, or any number of other primatologists, you’ll understand this: it’s the way chimpanzees and bonobos work as well.) (Actually, one major reason why kings were phased out was their regrettable habit of inbreeding to keep the fruits of their pilfering in the family, with the inevitable results that their leadership became a danger to their followers by very definition.)

Democracy then is the attempt to keep the feedback advantages of the nomadic band while retaining the economic and defense advantages of the larger settled communities. A democracy is supposed to be accountable; it is supposed to be able to justify every decision affecting the community it operates in.

JG4 May 7, 2019 11:29 AM

@Wes – A nice articulation of some aspects of the scaling problem of government. I think that I explicitly said that destructive capacity scales at a very different rate than trust. Defense systems should be engineered to reflect that, so that they don’t make the situation less stable. I’m pretty sure that I posted the link to “How The End Begins.” Having the button in the hands of one unstable person isn’t a good idea. Just like relying on input from one sensor wasn’t a good idea. Generalizing Shannon’s concept of “arbitrarily reliable systems from arbitrarily unreliable components,” to “trustworthy systems of government from untrustworthy people,” would require a system of checks and balances. Figuring out how and why that failed won’t be easy. I definitely said that it involves entropy maximization and that their entropy maximization is different from yours. Feeding on low entropy to make high entropy is gradient minimization in Dorion’s paper on the topic.

“Erwin Schrodinger (1945) has described life as a system in steady-state thermodynamic disequilibrium that maintains its constant distance from equilibrium (death) by feeding on low entropy from its environment – that is, by exchanging high-entropy outputs for low-entropy inputs. The same statement would hold verbatim as a physical description of our economic process. A corollary of this statement is that an organism cannot live in a medium of its own waste products.”

Big Brother is Watching You Watch

Refunds For 300 Million Phone Users Sought In Lawsuits Over Location-Data Sales ars technica

Microsoft offers software tools to secure elections Associated Press. Kevin W: “Microsoft security for Voting? (Insert joke here)”

Facebook Contractors Categorize Your Private Posts To Train AI Engadget

Mike May 12, 2019 2:35 AM

@Signals and Systems wrote, “This might be true, but in light of mainstream media spending the last two+ years doing exactly the same thing, this concern rings a bit hollow.”

This is a very good point. If the MSM alleged that Russians “meddled” in 2016 elections in order to undermine citizen’s confidence on the result, then it (MSM) magnified the alleged Russian plan exponentially over the past two years by bombarding us with such allegations day and night.

thus, going by its own logic, it’s easy to say the MSM is in cahoots with Russia, not the sitting President Trump.

It still bemuses me that the general american population has such pedestrian intellect that they cannot recognize this type of propaganda.

Ryan May 15, 2019 3:31 AM

This post should have been titled “Defending the DNC against Information Attacks”

“Democracy” just means “one person, one vote”. However, none of that really matters… We have millions of people voting, which is plenty.

The TRUE biggest weakness of democracy is that lazy people can vote to steal from people that aren’t lazy.

The 2nd biggest weakness is that relatively small but organized groups can force their personal agenda on all the rest of us, because we’re all busy living our lives or raising our kids.

We should add another 10 amendments to the bill of rights.
We should also rewrite the original 10 to make the language clear.

Media: Freedom of the press applies to the Internet, yet no Internet in 1776
Also Media: Right to bear arms was only about muskets

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.