Albanians face the dual challenge of safeguarding themselves from foreign cyber-attacks – while worrying about the potential misuse of their personal data by their own government and political parties.
As local elections approach in Albania, the debate surrounding the use of IT tools by political parties for collecting and utilizing citizens’ information is intensifying.
The governing Socialist Party has increasingly leveraged IT tools to generate and utilize citizens’ information, including data suspected to be acquired by government agencies, to create political advantages during election campaigns.
This has met strong opposition from civil society, the opposition, and other actors. The use of sensitive data by political parties or other entities remains inadequately regulated in Albania, and awareness of this issue is still low.
The governing party has been accused of exceeding legal restrictions in at least two instances: the “Patronazhist” electoral tool, structured with citizens’ data, and the Activist application, another tool with advanced capabilities that processes voter data for use in election campaigns.
The use of such tools in elections in Albania is a new phenomenon, with unknown implications. Political parties remain unaware of the implications of the use of citizens’ sensitive data in election campaigns and of its potential to lead to citizen blackmail. Citizens’ awareness of new technological tools and the cyber sphere, meanwhile, remains low, which also limits their engagement in debates on cybersecurity and sensitive data security.
Unfortunately, Albania is experiencing the destructive potential of technological tools, as it increasingly becomes a target for cyber attacks. In 2022, Iranian-linked cyber terrorists brought down government e-services, and an unknown number of businesses fell victim to cyber piracy. This led to a break in diplomatic relations between Albania and Iran.
Conversely, many cyber pirates in Albania have been cheating people worldwide, stealing their money with various financial fraud schemes. The full extent of this phenomenon also remains unknown, except for some legal prosecutions. Recently, it has become a popular topic of political debate between the majority and the opposition parties.
Albania has established the institutional architecture and approved the necessary legal documents over the last decade to address cybersecurity challenges. The law on cybersecurity and the National Strategy for Cybersecurity and National Action Plan were approved, and the National Authority for Cybersecurity was established. Almost $200 million US were spent by the government on cybersecurity during the last decade.
Despite this, however, Albania’s preparation for the challenge of the century remains below the required level, as demonstrated by its lack of preparation for the cyberattacks of the summer of 2022.
The United States and other partners of Albania have committed to helping the country financially and technically to increase appropriate human and technical capacities to better address cybersecurity challenges in the future.
But much work remains to be done. A paradigm shift is essential in how we perceive the implications of technology on people’s lives and how we deal with cybersecurity issues. Cybersecurity must be viewed as substantially interdisciplinary, necessitating input and proficiency from individuals with diverse backgrounds.
To effectively tackle the challenge of cybersecurity, a new approach is needed that combines the four key components of science, policy, industry, and society.
This can be achieved through a model that involves collaboration between government institutions, universities, private businesses and civil societies. By working together, these entities can pool their expertise and resources to create a comprehensive and interdisciplinary approach to cybersecurity that considers all stakeholders’ needs and concerns.
Apart from meeting the goals outlined in national documents, Albania should establish a comprehensive National Training Program that focuses on cyber-related issues. The program should prioritize educating citizens, especially students and the general public, on the significance of safe Internet practices and potential advantages and threats associated with online activities.
Albania needs to prioritize research and development (R&D) in the field of cybersecurity to effectively safeguard its citizens against constantly evolving cyber threats. While traditional measures of cybersecurity such as firewalls, intrusion detection systems, and antivirus software remain important, they are no longer sufficient. By promoting innovation and collaboration among academia, government institutions and the private sector, Albania can develop novel cybersecurity technologies and strategies. Investing in R&D can help create effective measures to mitigate the impact of sophisticated cyber threats.
The government should also prioritize the development of domestic cybersecurity talent through educational programmes and initiatives. Encouraging and supporting domestic talent can increase the capacity to deal with cyber threats effectively. In addition to investing in research and development, Albania must prioritize international partnerships and cooperation to enhance its cybersecurity.
The United States and other partners have committed to providing financial and technical assistance to increase appropriate human and technical capacities to better address cybersecurity challenges in the country. The government should take advantage of these partnerships and prioritize cooperation with other nations to share best practices, intelligence, and expertise.
It should adopt a proactive approach to regulate the use of citizen data by political parties and other entities. Stricter laws and regulations are needed to prevent the abuse of sensitive data during election campaigns. Political parties should be required to obtain explicit consent from citizens before collecting and using their data, and should be held accountable for any misuse of the data.
Albania’s recent experience necessitates a paradigm shift that combines the four key components of science, policy, industry, and society through a quadruple helix model to deal with cyberattacks and potential misuse of sensitive data.
It should prioritize research and development in cybersecurity, establish a comprehensive strategy of training and awareness and adopt stricter laws and regulations to prevent the abuse of sensitive data during election campaigns.