Even before 2024 began, world leaders and industry professionals voiced concerns over the potential threat posed by artificial intelligence technologies to democracy, as 50 countries were scheduled to hold elections throughout the year. Ireland, home to the European headquarters of major global technology companies in its capital city of Dublin was no exception to these international worries.
On March 8, Irish citizens cast their votes in two referendums, making Ireland one of the first countries to conduct elections this year. Another election is scheduled for June. Along with the other 26 European Union member states, Ireland will participate in selecting the 720 members who will make up the European Parliament.
Over a week after the referendum, on March 16, The Readable sat down with Ossian Smyth, Minister of State with responsibility for cybersecurity, to discuss Ireland’s strategy for safeguarding its citizens against AI-driven cyber threats. This meeting was scheduled during his visit to South Korea, both to celebrate St. Patrick’s Day and to attend the third Summit for Democracy, which took place on March 18.
◇ Simple but powerful: the influence operation of social bots
Minister Smyth took office in May 2021 after the Irish government established his new role in response to Ireland becoming a prominent target for cyber threats. Despite constituting only 1% of the EU member states’ population, Ireland is responsible for storing about one-third of Europe’s data. The cybersecurity minister’s main responsibilities include overseeing education and incident response, with the National Cyber Security Center (NCSC) serving as the operational arm.
The Minister noted that no foreign influence campaigns were detected during the March election. However, he referenced the German Foreign Ministry’s announcement in January, which revealed a significant Russian disinformation campaign targeting citizens to sway their opinions on the Ukraine war. According to international media reports, the German government identified that these malicious activities originated from around 50,000 fake accounts on the social media platform X, formerly known as Twitter, starting in December of the previous year.
“Currently, deepfake technology is more of a theoretical threat than it is a practical concern. What we’re seeing on a daily basis are simple influence bot operations,” emphasized Minister Smyth. “AI has the potential to significantly transform the operation of these bots, however. And, when this occurs, it will present a clear and present danger.”
He detailed the threat by explaining that foreign governments could exploit cutting-edge technology to effectively polarize public opinion and divide society. While traditional tactics in running an influence bot operation typically involve individuals working standard hours to create bot accounts promoting specific viewpoints, AI technology can empower operators to generate thousands of fictitious personas with diverse backstories and characteristics around the clock. In the worst-case scenario, this amplification of intensity is likely to unfairly shift the balance in closely contested elections.
The Minister underscored that the latest technology is poised to play a role not just in offensive strategies but also defense, heralding a new era in protecting the public against influence operations. “We will be deploying AI defensively in order to identify malicious networks. There’s an AI arms race underway, with all sides advancing both in defense and attack,” stated Minister Smyth.
◇ Transparency: a powerful form of defense
As the European Parliamentary Election draws near, member states are identifying bot account influence operations with the help of their Electoral Commissions and cybersecurity experts. The EU’s Digital Services Act (DSA), which became fully applicable in February, imposes specific regulations on social media platforms and search engines. This legislation, approved by the European Parliament in 2022, aims to prevent harmful activities and the spread of disinformation online.
In conjunction with transnational efforts, Ireland’s Electoral Commission and Media Commission, established in 2023 and 2022 respectively, are developing a new anti-disinformation strategy set to be unveiled in the coming weeks. The Minister detailed that this strategy will encompass various components, such as public awareness campaigns, operation detection, responsive actions, and establishing communication channels with social media companies and messaging firms.
The Minister emphasized that the strategy would be made public. “We are very transparent,” said Minister Smyth. “We are openly collaborating with the public. If people suspect our activities are shrouded in secrecy, they won’t trust us or the conclusions we reach. That would give our adversaries the opportunity to spread disinformation, framing our work as a conspiracy against the public. Therefore, to avoid that, all the documents will be accessible online.”
For Ireland, transparency has proven to be a formidable defense against emerging cyber threats. In December 2021, the Health Service Executive (HSE) published a 157-page report following what might have been the largest cyberattack in the country’s history: an attack targeting the national healthcare system. This comprehensive report meticulously outlined every action taken by both the attackers and the defenders throughout the incident, providing a detailed account of the nationwide disruption.
“The policy of transparency in what we’re doing, not just in general governance but also in politics in Ireland, extends to our approach to cybersecurity,” the Minister emphasized. “The report is exceptionally clear about the causes of the attack. This openness helps build trust in the public that the organization is addressing and rectifying the issues fairly. If the reasons for a failure are left as a mystery and criticism is not acknowledged, we’re destined to see a recurrence of such problems.”
