Data security experts are concerned about the potential for voter manipulation following the revelation that hackers managed to access the data of 40 million UK voters. The hack was discovered in October 2022 but was only reported to the public in early August this year. It is not yet known who is behind the attack.
The data breach
According to The Guardian, it’s believed that the breach occurred in 2021 but went undetected for nearly a year. The Electoral Commission is not certain of the exact information the malicious actors accessed, but it likely includes the names and addresses of anyone registered to vote in the UK between 2014 and 2022. The Commission mainly used this information to check permissibility with regards to political donations, as well as research purposes. The data is not permitted to be used for marketing or commercial purposes. The public can access the data only through local electoral registration officers. Any amendments made to it are by handwritten notes only.
The Commission has somewhat played down the gravity of the situation, arguing that most of the data was already in the public domain. It believes that it would be difficult to influence the outcome of an election using the data as the UK has a largely paper-based electoral system.
However, some security experts disagree.
The potential for harm
While it might be challenging to utilize the leaked data alone, some security experts believe it could be combined with other leaked datasets to help state-backed threat actors target voters with disinformation via text, images, and fake voices generated by AI.
Speaking to The Guardian, Michael Veale, associate professor in digital rights at University College London, explained:
“Risk of misuse is only amplified by the extremely convincing personalized text or voice generation possible with generative AI systems. The more data you collate on people, the more convincing fake calls, text messages or emails can seem, based on writing styles and information about individuals and their social connections.”
Veale points to a voter scandal in Canada in 2011 as an example of voter data being used for harm. A campaign worker for Canada’s Conservative party implemented automated phone calls to voters impersonating election officials, informing them that their polling stations had moved. In reality, the polling stations had not been moved, and those voters did not get to cast their ballot.
However, some experts are doubtful that generative AI could be used to target voters on a large scale just yet. Director of the Institute for People-Centred AI at the University of Surrey, Dr Andrew Rogoyski, told The Guardian that the amount of time and resources it would take to craft a scam with generative AI would only be worth it for a high-net-worth individual, not so much your average Joe.
Still, it’s always concerning when a breach like this occurs, highlighting the need for more robust security measures across public institutions everywhere.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.