Digital Propaganda and Cyber Threats: The Role of Politics and the State

Gregor Kutzschbach

Federal Ministry of the Interior, Building, and Community

Gregor Kutzschbach is Head of the Division M5, IT and statistics in the field of migration and asylum, at the Federal Ministry of the Interior, Building, and Community. Dr. Kutzschbach has worked at the Ministry since 2002, working in the fields of data protection, cybersecurity, IT systems of the Federal Police, cyber capacities of the Bundesamt für Verfassungsschutz, the domestic intelligence service of the Federal Republic of Germany, and IT and statistics in the field of migration and asylum. He was previously an attorney at Andersen Legal in Berlin and a Research Assistant in the Faculty of Law at the Humboldt-Universität zu Berlin. He earned a Doctorate in Law from the Humboldt-Universität zu Berlin.

In Moving Beyond Cyber Wars: A Transatlantic Dialogue, Gregor Kutzschbach addresses the influence propaganda efforts can have on public thinking, and what the government is doing about it.

Politics and the state are facing new challenges posed by digital propaganda and cyber threats since the obvious aim of those digital propaganda campaigns and cyberattacks is to undermine democracy, to weaken the credibility of the government and the elected, and to jeopardize state institutions and critical infrastructures. There are several ways for governments to counter digital propaganda, “fake news,” and cyber threats posed by state actors, although governmental institutions can sometimes only provide a small contribution to the solution of this problem.

Download Publication

Digital Propaganda

As far as digital propaganda is concerned, the so-called “Lisa Case” in Germany illustrates that official statements won’t stop a good fake news campaign. People who—for whatever reason—believe that the authorities are against them or not willing to protect them will trust in the rumor-spreading campaign rather than officials denying those rumors.

“Lisa Case”

Lisa was a girl who, according to the outcome of the official investigations, ran away from home for one day and stayed at a friend’s place where they had sexual intercourse. Since she was only 13 at this time, this person later was charged with sexual intercourse with a minor and producing child pornography. Since “Lisa” and her family were immigrants from Russia, Russian media, especially RTV, started a campaign saying that she was kidnapped and raped by refugees, which rapidly spread throughout social media channels. Even the Russian Minister for Foreign Affairs Sergey Lavrov gave a statement and accused German authorities of covering up the crime. This narrative took place in January 2016, the year after nearly a million refugees from Syria and other mainly Arabic countries came to Germany. The local police authorities quickly denied that the girl had been kidnapped or even raped, but nevertheless the campaign went on and led to concern, agitation, and even demonstrations within the local group of Russian immigrants. The rumors were fueled by the fact that the authorities in the first statement denied that any crime had been committed, but later had to clarify that they were investigating a criminal case of sexual intercourse with minors. The police justified the initial statements with their aim to protect the girl.

However, that does not mean that official statements aren’t crucial for the damage digital propaganda may cause. Bad public relations on the official side may even fortify the propaganda campaign. Therefore, a conclusion one should draw from the “Lisa case” is that official communiques should be quick, transparent, and accurate. If the official reaction to serious rumors comes too late, this will be understood by some people as a confession of guilt. The withdrawal of information, even if for the best of reasons, as well as the fact that authorities may have to correct their statement later on, may be taken as an affirmation of the rumors.

This is nothing new and has been true for “offline propaganda” as well. But thanks to social media and electronic forms of communications, digital propaganda and fake news spread much faster and can reach more people in the target audience than before. This means that authorities have to react much more quickly and precisely when accusations start to spread via social media channels. The government and authorities should make every step and decision transparent and comprehensible to the furthest extent possible.

Although the possibilities to react directly in this battle of information and propaganda are limited for authorities and politicians, there still remain some fields of activity on which the state may act.

People are more vulnerable to digital propaganda the less they are informed about democratic institutions, the political system, and the constitutional state. Since people cannot be forced to read or learn about these things, the state can at least provide influencers like teachers, local politicians, NGO activists, and other “active citizens” with information and educational material.

People are more vulnerable to digital propaganda the less they are informed about democratic institutions, the political system, and the constitutional state.

For instance, in Germany the German Federal Agency for Civic Education (Bundeszentrale für politische Bildung, BPB) was established in 1952 in order to educate the German people about democratic principles and prevent any moves to re-establish a totalitarian regime. It provides citizenship education and information on political issues to all people in Germany. To foster an awareness of what democracy is and to encourage participation in politics and social life, the BPB publishes books, leaflets, films, and other educational material on the major issues of our times and in all areas of politics. This is not the only way the state can encourage citizens to engage in the democratic process. A lot of political and scientific foundations, institutes, and other NGOs have devoted themselves to political education. In helping to fund these institutions—in a way and with an amount of money that does not challenge their independence—the state can contribute to these goals without having to engage directly in this field.

Another example is the public service broadcasting system in Germany (and other European countries like the BBC in the UK). The idea of a public service broadcasting system is that those broadcasting stations are—unlike private enterprises—funded by taxes or fees and do not have to rely on advertising revenue to finance their program. In return, the public service broadcasting systems are obliged to provide citizens with politically neutral or well-balanced information on political, educational, and cultural issues. To maintain their political independence, there are several safeguards in place to prevent politicians or governments from influencing the program and news coverage, bearing in mind the misuse of state-owned media for state propaganda during the Third Reich in Germany.

A new and completely different approach to foster civil society in the age of social media and digital communications in Germany is the Network Enforcement Act (Netzwerkdurchsetzungsgesetz). This legal act was adopted by the German parliament in 2017 and went into force on January 1, 2018, is the reaction of the German legislature to the increasing amount of hate speech, fake news, and illegal content in social networks. The aim is not to prohibit this content, which is already illegal anyway, but to encourage the social media providers to do more to prevent this illegal content from being distributed through their services.

One of the main principles of German telecommunication and internet law is that access and content providers cannot be held responsible for third-party content distributed throughout their networks. They are only obliged to delete questionable content if they are informed about it by someone or if it comes to their attention in some way. Since the legislature observed that too much illegal content stays online for too long, the new law obliges social media providers to maintain a functioning system to alert, identify, and delete illegal content. If they provide their services in Germany or to German customers, they have to react to each notification of illegal content and have to make sure that obviously illegal content is deleted within 24 hours and all other illegal content within 7 days. High fines of up to €50 million are possible in cases of non-compliance.

The Network Enforcement Act was controversial in the public discourse. The criticism focused on the fact that the providers may be forced to act as a judge instead of the courts and that they may tend to “overblock” content in fear of the high fines for not complying with the law. But after the first seven months it can be stated that these worries were baseless: The amount of content deleted due to the new law is very low compared to the content deleted for other reasons, especially for non-compliance with the terms of use. And there have been virtually zero complaints about content deleted or “censored” without reason due to the Network Enforcement Act. On the other hand, the providers massively increased their German-speaking staff working in the departments for reviewing and deleting questionable postings.

Whether the Network Enforcement Act will achieve the aim of reducing hate speech and illegal content in social networks is still under review, but at least it seems to be a little step forward to maintain some minimum etiquette on social networks and to reduce the misuse of social networks for digital propaganda.

There have been discussions on additional regulatory measures not covered by the Network Enforcement Act or other laws. One proposal is an obligation to detect and label non-human contributions or contributors in social network discussions. Those so-called social bots played an important part in earlier digital propaganda campaigns by commenting, supporting, sharing, and even issuing politically extreme postings and fake news. The development of technologies to detect such bots is still in an early phase; there will never be a 100 percent correct detection rate since the creation of social media bots is ongoing. But at least such a measure can raise awareness of the fact that a lot of the supporters of a specific campaign may in fact be computer programs.

Last but not least, it should be mentioned that very severe cases of fake news may result in criminal investigation and charges. This may be the case if the assumptions are insulting or defamatory. In Germany, the incitement of the people and the denial of the Holocaust are criminal offenses, whereas those expressions may be protected by freedom of speech in the U.S.

But it is also clear that the contribution of criminal courts in the field of digital propaganda will only have minimal results since a well-planned propaganda campaign will be able to avoid crossing this line. And in the rare case that an individual may be sentenced, this bears the risk that he or she may become a martyr among his or her supporters and fuels the campaign instead of stopping it.

Cyber Threats in General

But it is not only digital propaganda jeopardizing the reliability and stability of democratic states and institutions. Governmental institutions as well as companies and society must be able to face all kinds of cyber threats posed to them by state and non-state actors. As such, the German government and the EU took several measures in the last few years.

The main legislative measure aside from the Network Enforcement Act on the European level is the Network and Information Security (NIS) Directive from 2016, which had to be transposed into national law by May 2018. It aims at establishing Computer Security Incident Response Teams (CSIRT) and National NIS Authorities in the EU member states, an EU-wide cooperation group, and a CSIRT network. It also provides security standards and obligations to notify operators of so-called essential services, including energy, transport, water, banking, financial market, and digital service providers of serious incidents.

One of the most important measures needed in light of growing cyber threats is capacity building within the competent authorities and companies.

One of the most important measures needed in light of growing cyber threats is capacity building within the competent authorities and companies. The German Federal Government already established the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) in 1991. Its main tasks in the beginning were the encryption and security of governmental communication and the certification of IT systems for the handling of restricted information. More recently, the BSI Act, which established the office, has faced two major amendments in 2009 and 2015 adding competences to protect governmental networks, develop IT security standards, and set standards for essential service providers. These regulations became the blueprint for the previously-mentioned NIS Directive). The BSI has also acted as the CERT for the federal government since 1994 and the CSIRT since 2017 and is—since 2018—the National NIS Authority in Germany.

Since 2011, the work of the BSI is complemented by the National Cyber Defense Center (Nationales Cyber-Abwehr Zentrum, CyberAZ)). This is a cooperation platform of several federal authorities (BSI, Federal Police and Federal Criminal Police, the intelligence services, the civil protection and disaster assistance, and the German armed forces) with the task of collecting information on cyber threats and cyber incidents. Its main products are situation reports and detailed warnings and recommendations concerning cyber incidents for state authorities and companies.

One of the most recent developments in the field of cyber capacity building is the Center for Information Technology in the Field of Homeland Security (Zentralstelle für Informationstechnik im Sicherheitsbereich, ZITiS), founded in 2017. It is meant to act as a center of expertise for technical questions concerning security authorities. It is doing research and development on methods, tools, and advice for security authorities, e.g., in the fields of digital forensics, lawful interception, and crypto analysis.

With technology changing and rapidly developing, the threats posed to and by information technology are developing as well. This means that policymakers and governments have to be aware of the cyber challenges and to keep their eyes on new developments to be able to react appropriately to cyber threats and digital propaganda.

The views expressed are those of the author alone and do not represent the views of the Ministry.

The views expressed are those of the author(s) alone. They do not necessarily reflect the views of the American-German Institute.