Twitter accused of dodging Brexit botnet questions again

Once again Twitter stands accused of dodging questions from a parliamentary committee that’s investigating Russian bot activity during the UK’s 2016 Brexit referendum.

In a letter sent yesterday to Twitter CEO Jack Dorsey, DCMS committee chair Damian Collins writes: “I’m afraid there are outstanding questions… that Twitter have not yet answered, and some further ones that come from your most recent letter.”

In Twitter’s letter — sent last Friday — the company says it has now conducted an analysis of a dataset underpinning a City University study from last October (which had identified a ~13,500-strong botnet of fake Twitter accounts that had tweeted extensively about the Brexit referendum and vanished shortly after the vote).

And it says that 1% of these accounts were “registered in Russia”.

But Twitter’s letter doesn’t say very much else.

“While many of the accounts identified by City University were in violation of the Twitter Rules regarding spam, at this time, we do not have sufficiently strong evidence to enable us to conclusively link them with Russia or indeed the Internet Research Agency [a previously identified Russian trollfarm],” it writes.

Twitter goes on to state that 6,508 of the total accounts had already been suspended prior to the study’s publication (which we knew already, per the study itself) — and says that more than 99% of these suspensions “specifically related to the violation of our spam policies”.

So it’s saying that a major chunk of these accounts were engaged in spamming other Twitter users. And that — as a consequence — tweets from those accounts would not have been very visible because of its anti-spam measures.

“Of the remaining accounts, approximately 44.2% were deactivated permanently,” it continues, without exactly explaining why they were shuttered. “Of these, 1,093 accounts had been labelled as spam or low quality by Twitter prior to deletion, which would have resulted in their Tweets being hidden in Search for all users and not contributing to trending topics in any way.

“As we said in our previous letter, these defensive actions are not visible to researchers using our public APIs; however they are an important part of our proactive, technological approach to addressing these issues.”

Twitter’s letter writer, UK head of public policy Nick Pickles, adds that “a very small number of accounts identified by City University are still active on Twitter and are not currently in breach of our rules”.

He does not say how small.

tl;dr a small portion of this Brexit botnet is actually still live on

While Twitter’s letter runs to two pages, the second of which points to a December 2017 Brexit bot study by researchers at the Oxford Internet Institute, also relying on data from Twitter’s public streaming API, which Twitter says “found little evidence of links to Russian sources” — literally right after shitting on research conducted by “researchers using our public APIs” — Collins is clearly not wooed by either the quantity or the quality of the intelligence being so tardily provided.

Cutting to the chase, he asks Twitter to specify how many of the accounts “were being controlled from agencies in Russia, even if they were not registered there”.

He also wants to know: “How many of the accounts share the characteristics of the accounts that have already been identified as being linked to Russia, even if you are yet to establish conclusively that that link exists.”

And he points out that Twitter still hasn’t told the committee whether the 13,493 suspected bot accounts were “legitimate users or bots; who controlled these accounts, what the audience was for their activity during the referendum, and who deleted the tweets from these accounts”.

So many questions, still lacking robust answers.

“I’m afraid that the failure to obtain straight answers to these questions, whatever they might be, is simply increasing concerns about these issues, rather than reassuring people,” Collins adds.

We reached out to Twitter for a response to his letter but the company declined to provide a public statement.

Last week, after Collins had accused both Twitter and Facebook of essentially ignoring his requests for information, Facebook wrote to the committee saying it would take a more thorough look into its historic data around the event — though how comprehensive that follow up will be remains to be seen. (Facebook has also said the process will take “some weeks”, giving itself no firm deadline).

Both companies also disclosed some information last month, in response to a parallel Electoral Commission probe that’s looking at digital spending around the Brexit vote — but then they just revealed details of paid-for advertising by Russian entities that had targeted Brexit (saying this was: ~$1k and ~$1, respectively).

So they made no attempt to cast their net wider and look for Russian-backed non-paid content being freely created and spread on their platforms.

To date Collins has reserved his most withering criticisms for Twitter over this issue but he’s warned both they could face sanctions if they continued to stonewall his enquiry.

The DCMS committee is traveling to Washington next month for a public evidence session that Facebook and Twitter reps have been asked to attend.

It’s clearly hoping that proximity to Washington — and the recent memory of the companies’ grilling at the hands of US lawmakers over US election-related disinformation — might shame them into a more fulsome kind of co-operation.

Meanwhile, the UK’s Intelligence and Security Committee, which is able to take closed door evidence from domestic spy agencies, discussed the security threat from state actors in its annual report last year.

And although its report did not explicitly identify Brexit as having been a definitive target for Russian meddling, it did raise concerns around Russia’s invigorated cyber activities and warn that elections and referenda could be targets for disinformation attacks.

“State actors are highly capable of carrying out advanced cyber attacks; however, their use of these methods has historically been restricted by the diplomatic and geopolitical consequences that would follow should the activity be uncovered. Recent Russian cyber activity appears to indicate that this may no longer be the case,” the committee wrote, citing the hacking of the DNC and John Podesta’s emails as indications that Russia is adopting a “more brazen approach to its cyber activities”.

Evidence it took from the UK’s GCHQ and MI5 spy agencies is redacted in the report — including in a section discussing the security of the UK’s political system.

Here the committee writes that cyber attacks by hostile foreign states and terrorist groups could “potentially include planting fake information on legitimate political and current affairs websites, or otherwise interfering with the online presence of political parties and institutions”.

Another redacted section of evidence from GCHQ then details how the agency “is already alert to the risks surrounding the integrity of data”.

The ISC goes on to speculate that such state attacks could have a variety of motives, including:

  • generally undermining the integrity of the UK’s political processes, with a view to weakening the UK Government in the eyes of both the British population and the wider world;
  • subverting a specific election or referendum by undermining or supporting particular campaigns, with a countervailing benefit to the hostile actor’s preferred side;
  • poisoning public discourse about a sensitive political issue in a manner that suits the hostile state’s foreign policy aims; or
  • in the case of political parties’ sensitive data on the electorate, obtaining the political predilections and other characteristics of a large proportion of the UK population, thereby identifying people who might be open to subversion or political extremism in the hostile actor’s interests

“The combination of the high capability of state actors with an increasingly brazen approach places an ever greater importance on ensuring the security of systems in the UK which control the Critical National Infrastructure. Detecting and countering high-end cyber activity must remain a top priority for the government,” it adds.

In related news, this week the UK government announced plans to set up a dedicated national security unit to combat state-led disinformation campaigns.