Countering Disinformation in Israel: Lacking Coherence, Planning, and Responsiveness

There is existing, yet limited, legislature enabling the Israeli government to counter internal disinformation swiftly and effectively. Specifically, the Knesset Elections Law, otherwise known as the Propaganda Methods Law, was created in 1959 to define campaign advertising regulations during Israeli elections (Shwartz Altshuler & Lurie, Reference Shwartz Altshuler and Lurie2015). Elements of the 1959 law are outdated and require updated amendments that address the powerful effects of social media and the internet during campaign seasons, though the law remains an important regulatory baseline for modern political elections (Shwartz Altshuler & Lurie, Reference Shwartz Altshuler and Lurie2015). Finding and securing an opportune occasion to remediate these flaws has been a difficult task for the Israeli judiciary and legislature, as compressed and fast-changing results of five elections in three years offered few periods of enough political stability to craft and establish such improved legislation. Israel’s Central Election Committee proposed recommendations to the Propaganda Methods Law in 2017 that included a principle of transparency, which required political advertisements to identify themselves as such. Under this principle of transparency, political actors or parties must identify themselves within political adverts, including ones on social media (TOI Staff, 2019). This principle was transferred into a judiciary ruling led by then Supreme Court Justice and Chairman of the Central Elections Committee Hanan Melcer (Surkes, Reference Surkes2019; TOI Staff, 2019). This ruling followed insistent objections from the Likud party to ban anonymous political ads online via legislation in 2019 (Surkes, Reference Surkes2019; TOI Staff, 2019). Even without solid legislative backing, new transparency processes enabled the chairperson of the Election Committee to give out injunctions during the 2019 and 2022 campaign season for campaign advertising posing as news stories on social media channels, such as Facebook and WhatsApp. However, Lurie noted that while this principle of transparency is a positive effort toward stopping the spread of political disinformation, more needs to be done:

However, as noted by Lurie and additional experts, the government’s ability to curb disinformation through legislation enters the sensitive, important realm of freedom of speech debates.

In this regard, CEO and co-founder of tech company ActiveFence, Noam Schwartz, believes that the most effective fight against disinformation cannot be from the government because of the potential for freedom of speech violations. If the government were to aggressively fight disinformation, they would be “rightly so accused of censorship. The only way to curb disinformation is to go to where the disinformation is being distributed.” Illiberal and authoritarian figures can claim political speech from opponents as disinformation to silence and deter dissent and plurality of voices, such as examples in Egypt or Russia have shown (Jack, Reference Jack2022; Jumet, Reference Jumet, Cavatorta, Mekouar and Topak2022). Researchers invested in preserving Israeli democracy strive to imagine a balance of freedom of political speech while still holding malicious parties accountable. Additionally, Schwartz contemplated what the Israeli government would look like if it did block swaths of domains from the internet because they deemed it “disinformation.” “We’ll have a very different regime if they do that,” said Schwartz. “All of the sudden the government is not a democracy anymore. They are deciding for you.” Who needs to regulate, what should be regulated, and how to regulate are complex and universal questions for any democratic government approaching legislation toward fighting disinformation. Even the plausible applications of government interference in the disinformation fight are questioned by Schwartz:

Even with the creation of a more robust landscape for countering disinformation, deciding who is responsible to create and enforce legislation is unclear. “The problem is Israel cannot find a dedicated team to countering disinformation,” said Barel. “Efforts are ad hoc, not systematic.” It is also unclear what is appropriate to regulate and how to regulate it. For example, campaign advertising and campaign finance laws are entirely different domains in Israel that would both need to be addressed through robust regulatory efforts. The recent flux of governments, minister officials, and civil servants in Israel has left a noted void in both expertise about and legislative enthusiasm to counter internal disinformation.

Countering Disinformation in Israel: What About the Private Sector?

Benjakob, defeatedly, believes that the only real solutions currently on the table are stemming from social media companies who are primarily concerned with attracting eyeballs to screens for advertising dollars.

Placing the responsibility on the tech companies to counter internal disinformation in Israel is a double-edged sword. On the one hand, the tech companies have the technological accessibility into their platforms and the expertise to find, identify, report, and remove harmful content online. According to Schwartz, platforms have vastly improved the identification and removal of harmful content online over Israel’s past five election campaigns in three years. Online disinformation surrounding these recent, reiterative elections has served as an optimal test ground for tech companies to improve their strategies to fight disinformation. However, while technologists at platforms are improving, so are the producers of disinformation:

Within the past five elections, political parties across the spectrum – including the ruling right Likud party and the opposition centrist party Yesh Atid – have reportedly employed disinformation campaigns that attempted to emotionally resonate with Israeli citizens, observed Schwartz. For example, recent and ongoing judicial reform protests in the first half of 2023 are complex, deeply resonant political fights that have wide-ranging implications for the democratic institutions within Israel. As Schwartz and his team monitored the online space, he commented that:

Since the judicial reforms and the charged debates over Prime Minister Netanyahu spark an intimate, emotional touchpoint for many Israelis, much disinformation – particularly one party lying about what another party said – is propagated through social media channels that hold personal family chats, such as WhatsApp. Thus, these encrypted messaging apps that host private conversations are much more difficult to monitor by content moderators at tech companies. The extent to which these social media platforms can help fight internal disinformation is limited. On the other hand, tech companies do not exist to serve the best interest of the public. As a corporate entity, naturally tech companies aim to grow profit and appease stakeholders. “I don’t think the platforms owe you anything. It’s not a public service. It’s not a penchant fund,” commented Schwartz. While partnerships between the Israeli government and social media companies exist to help fight election season disinformation, for example, Facebook banned certain political ads that aggressively discouraged people to vote in Israel in the November 2022 election, their effectiveness and reach are short term (Jerusalem Post Staff, 2022). As previously noted, the social media companies’ accessibility and expertise toward their tech is not comprehensively understood or effectively regulated by constantly fluctuating government workers. Therefore, Israel’s private spaces – with advanced tech expertise and limited regulation – can flourish in ways that best serve their entrepreneurial interest, rather than prioritizing the public good. Israel’s high-tech culture and expertise in cybersecurity threats also pose reasons for both pessimism and optimism in the fight against disinformation. Often coined as a “start-up nation,” Israel has advanced technological skills to fight external information threats, most notably from Iran. “The capabilities of the intelligence community – with an emphasis on the cyber field – can be a reason for optimism regarding the attempts of foreign campaigns,” noted Siman-Tov. While Israel may be adept at pinpointing information threats from foreign entities, this privatization of intelligence is seen as worrisome by Siman-Tov who noted, “At the same time, in front of the internal processes there are not many reasons for optimism.”

According to Benjakob, the privatization of Israel’s high-tech culture and expertise is noticeably increasing, specifically within the past fifteen to twenty years. Journalistic investigations in Israel within the past year have exposed privatized and professional Israeli-led disinformation operations, for example, the infamous Team Jorge’s undemocratic influence and information operations were exposed by journalistic teams at Haaretz and TheMarker in 2023 (Megiddo & Benjakob, Reference Megiddo and Benjakob2023). Privatized, for-hire intelligence efforts in Israel complicate the systematic fight against disinformation. Benjakob compared Israel’s disinformation boutiques to a larger country like the United States:

However, the rapid development of artificial intelligence (AI) tools may prove to be more dangerous than high-tech boutique disinformation firms in Israel. Organized, coherent fights against internal disinformation in Israel have been complicated by limited jurisdiction over tech platforms, legislative gridlock, and lack of regulative fervor from the Likud government. Therefore, it is unclear whether swift, effective governmental regulation or other advocacy movements will be created to fight against AI tools spreading disinformation, for example, generative AI or robocalls. Schwartz observed the criticalness and long-term nature of the future of disinformation campaigns in Israel:

Governmental regulation and overreliance on tech companies to counter disinformation in Israel are not the only solutions. Interviewees suggested that Israel seriously partake in a movement already enacted within other democracies, such as the UK or the United States: systemic investment in information and media digital literacy (Horrigan, Reference Horrigan2016). Promoting and investing in digital literacy, specifically media or information digital literacy, may help cultivate helpful habits in social media users, such as critically analyzing the source material (i.e., news outlet, sources) and reporting malicious activity online.

However, the responsibility of teaching digital literacy to help counter disinformation in Israel should not just be allocated toward the schools or parents. An onus on the tech platforms to help their users navigate and not believe whatever they read, hear, or see is critical. Just as efforts in the United States have recently put the onus on social media platforms to help young users’ mental health, so should governments put the onus on the platforms to encourage digital literacy (Richtel, Pearson, & Levenson, Reference Richtel, Pearson and Levenson2023). Digital and media literacy research have demonstrated mixed results, as some scholars emphasize the “disconnect between accuracy judgments and sharing intentions” (Sirlin et al., Reference Sirlin, Epstein, Arechar and Rand2021). However, interviewees believed in the value of using their “conscience and their brain,” as interviewee Schwartz put it. For example, when news articles filled with propaganda about recent judicial reforms are shared within family group chats on WhatsApp, it is up to the individual to assess the information presented to them. Information literacy contributes to a healthy, safe online lifestyle. As Schwartz described it:

The Limited Successes and Failures of Hasbara

As a concept, Hasbara involves producing and disseminating a narrative to target audiences with the aim of influencing public opinion on a specific political issue related to Israel. Its aim is to win public support and legitimize Israel’s action and creation. But Hasbara’s effectiveness has produced little effect, except perhaps before the creation of Israel.

Public Diplomacy and Cognitive Campaigning: Two Complementary Approaches to Hasbara

It was in the early 2000s that Israel realized its inefficiency and inability to transform Hasbara into an operational communication doctrine. The evolution of conflicts combined with the transformation of means of communication, in a strong desire for doctrinal renewal, led to the emergence of two other approaches that were to become fully integrated into Israel’s communication strategy: public diplomacy and the cognitive campaign or psychological warfare (discussed later in the chapter).

The Various Concentric Circles of the System

At the heart of the system is the Army Spokesman’s Unit, which has been strengthened and supported by other state bodies. These include the Coordination of Government Activities in the Territories (COGAT), responsible for communicating Israeli policy in the occupied territories; the Government Press Office and the National Information Directorate, which report to the Prime Minister’s Office; and, of course, the Ministry of Foreign Affairs, which can rely on its network of embassies and consulates to amplify the Israeli narrative abroad. These institutions form the first circle of actors in public diplomacy.

Next come pro-Israeli NGOs, which are not necessarily Israeli. Among the most active are American NGOs. These are the ones with the biggest budgets, influence, and resources. Some have been around for a long time, such as the American Israel Public Affairs Committee (AIPAC), the main American Jewish pro-Israeli lobby, or the American Jewish Committee (AJC).

Others have been created more recently, precisely to respond in their own way to the failures of Israeli communication and to fight against the intense boycott campaign of Israel initiated by the pro-Palestinian boycott movement BDS (Boycott Divestment Sanction). One of the most active is undoubtedly Stand with Israel, a Los Angeles-based NGO founded in 2001 by three Jewish Americans. With an annual budget in excess of $20 million and offices in eighteen different countries, this NGO carries out actions in favor of Israel in the digital field and on the ground, particularly on campuses. There are many others,Footnote ⁷ and most of them are now organized into networks to amplify their action. All these NGOs are thus, in one way or another, integrated and taken into account in Israel’s global communications system.

Finally, a third circle has been devised for individuals, opinion leaders or influential Israelis, or people with strong ties to Israel, who live outside Israel and are encouraged to improve Israel’s image and disseminate pro-Israeli narratives to their entourage abroad. To structure these individual initiatives, the Israeli government launched the Masbirim (“explanations”Footnote ⁸) project in 2010, which aimed to provide ready-to-use narratives on various topics concerning Israel. The initiative was not as successful as had been hoped, but it does demonstrate the willingness shown some fifteen years ago to integrate diaspora personalities, who will play an important role from October 7, 2023, onwards, as discussed later in the chapter.

The Failed Beginnings of the Psychological Approach

Things changed with the Second Intifada (2000–2005), when Israel realized that Palestinians were making abundant use of this communication tactic, producing narratives and images for foreign journalists that amplified or distorted reality.Footnote ⁹

In 2005, the Center for Cognitive Operations was created. Its primary objective is to develop a doctrine and concepts for cognitive campaigns within the army in order to influence the perception, political position, and feelings and sentiments of a target audience. It is within this center that influence methods and various tools for evaluating the impact of campaigns are developed. These concepts were immediately put into practice the following year, with the war against Lebanon (2006). The challenge was to document the war “from the inside,” so as to accompany Israeli victories with a communications campaign tailored to reach the Israeli and Lebanese public. For example, the town of Bint Jbeil in Lebanon was chosen as a target by the Israeli army, which succeeded in occupying it; six years earlier, it was from this town that Hezbollah leader Hassan Nasrallah had given a victorious speech after Israel’s withdrawal from the subject of Lebanon (2000). As part of a cognitive warfare operation, an Israeli colonel decided to hold a speech there after the capture of the town, in front of his soldiers, some of whom filmed and photographed with their own equipment, immortalizing the installation of an Israeli flag replacing that of Hezbollah. But, the doctrine of psychological warfare had not yet been fully integrated: The army spokesman decided not to broadcast the images, which were deemed too amateurish, leaving foreign journalists with no images of the event other than those eventually supplied by Hezbollah.

A first consequence to be drawn from this: Tsahal decided to reinforce its control over information from war zones by preventing the deployment of journalists, particularly foreign journalists, in contact with soldiers. But this strategy quickly backfired, as Tsahal found out during its next conflict: Operation Cast Lead in Gaza against Hamas, in December 2008–January 2009. Israel banned foreign journalists from entering the country, leaving them dependent on sources and correspondents in Gaza, some of whom were working under the control and threat of Hamas. As a result, foreign journalists found themselves inundated with images of Israeli attacks, while Israel, on the defensive, spent most of its communication time minimizing civilian casualties.

The publication of the GoldstoneFootnote ¹⁰ report in September 2009 was yet another political setback for Israel, as the document drew up a long list of accusations against the Israeli authorities (and, to a lesser extent, Hamas), accusing them of having committed acts that could constitute war crimes or even crimes against humanity. This shows that, despite the Israeli government’s manifest determination, its communication strategy, even when incorporating new concepts, is still faltering.

The Use of Social Networks

Even so, the army continues its mission and adapts to new means of communication. The early 2000s saw the development of the internet, social networks, and smartphones, revolutionizing the means of communication. In 2009, the Israel Defense Forces (IDF) Spokesman’s Unit opened its own Facebook page, Twitter (rebranded as X since July 2023) account, and YouTube channel to communicate information directly to internet users. A dedicated “new media” unit was created (Amsellem, Reference Amsellem2020).

The first effects were quickly felt. First, during the Gaza flotilla episode (May 2010).Footnote ¹¹ In reaction to the incriminating images provided by the pro-Palestinian activists aboard the flotilla and widely relayed by the mainstream media, Tsahal decided to broadcast its own images just a few hours after the operation. This time, they showed militants armed with iron bars attacking the soldiers as soon as they arrived on the ship. The army had thus chosen to bypass the traditional media to give its perspective on the facts by broadcasting its own content; a procedure which was not common ten years ago and which paid off: international newsrooms were broadcasting the army’s images, which presented the pro-Palestinian militants as violent aggressors, faced with victimized soldiers.

With its new capabilities, Israel is breaking new ground in the digital field of warfare. During the Operation Pillar of Defense (November 2012), the IDF was the first army in the world to use Twitter to announce an imminent attack against an enemy actor on foreign soil. It was during this new conflict that psychological warfare was massively extended on social networks. It was possible to follow, minute by minute, the progress of Israel’s operations, testifying to its determination to impose its information content and combat its critics.

At the same time, and in order to wage psychological warfare, Israel was broadcasting on its networks videos of Palestinian rockets aimed at civilian targets in Israel; Hamas’ executions of Palestinians regarded as collaborators; and, in parallel, other content showing the army’s efforts to avoid civilian deaths. Each of these informational materials served a clear political purpose: to justify the Israeli attack, criminalize Hamas, and defend Israeli tactics on the ground. Noting the effects of its new communication, the IDF Spokesman’s Unit decided to create a unit dedicated to combat documentaries, to produce professional images directly from the battlefield.

Undoubtedly, Israel’s communication strategy was better. The Israeli authorities were able to produce and disseminate their narratives from their images, which were picked up massively on social networks and by foreign media. Psychological warfare worked this time, prompting Israel to strengthen this pole within its army: In 2018, a Department of Influence was created and placed under the control of the Operations Directorate, responsible for force deployment, reflecting a desire to integrate this aspect of Israel’s strategic communication at the very heart of its military operations.

Strong Digital Presence

The digital world is clearly a new theater of operations for Israeli communications. To maximize its influence, Tsahal does not hesitate to break with the reserve of other armies around the world, which are more circumspect when it comes to using social networks. Indeed, for some of its publications, the army seems to have adopted the language, codes, and vocabulary of social networks, sometimes even using ironic and sarcastic humor on sensitive subjects.Footnote ¹² This surprising tone is, in fact, a clever strategy on the part of the “new media” unit to broaden its audience beyond its subscribers and detractors. This style of publication, which no other similar player takes on so frankly, is often widely relayed on social networks, precisely because they seem inappropriate – even if it means being criticized.

And it works. The Israeli army accumulates tens of millions of subscribers on various social networks (3.8 million on Facebook, nearly a million on YouTube), sometimes surpassing the US army’s account (on Twitter, e.g., with nearly 2.5 million subscribers); a considerable audience for a country of less than 9 million inhabitants, which also demonstrates the extent to which it is observed.

The advent of social networks radically changes the game for Israel. The traditional tools used by the Hasbara are not adapted to new needs and new ways of communicating. By the 2010s, Israel understood that its operations in the Palestinian territories were difficult to justify to an international audience. At the same time, groups and organizations hostile to Israel continued their work of delegitimization and virulent criticism, themselves producing biased information to broaden their audience via social networks. Where Hasbara used to campaign on university campuses and in international organizations, psychological warfare and public diplomacy are now being deployed more massively in the infosphere, with the aim of producing its own narrative to attack its adversaries head-on and disseminate its own version of the conflict, and more broadly, of Israeli society. All these doctrines have been put to the test in real-life conditions, during armed conflicts whose succession in recent years has required the Israeli authorities to be highly agile in measuring problems, evaluating successes and, finally, continually adapting. This experience proved invaluable for the vast campaign that the country launched on October 7.

Raising Public Awareness

To raise international public awareness of the attacks of October 7, Israel will carry out four informational actions to produce and disseminate its narratives. For the Hebrew state, this communication has several sub-objectives: Internally, the aim is to unite and mobilize the country, whose unity has been weakened, while responding to the high expectations of the population following the attacks; internationally, the challenge is to raise public awareness of the unprecedented nature of the attacks to create a feeling of empathy and support. The ambitions are therefore immense, which explains the extensive resources deployed by the Israeli authorities and their relays around the world.

The Means Deployed

To support these narratives, Israel chose, for the first time in such a rapid and massive way, to sponsor content, photos, or videos, to enable its messages to be pushed before viewing YouTube videos or directly into the newsfeeds of social network accounts (see Figure 7.1). Thus, all over the world, thousands (if not millions) of internet users found themselves with commercials warning of Hamas attacks. The commercials were also tailored to the target audience: For adults, violent, barely blurred images showed certain Hamas attacks, while before the YouTube videos for children under six (who couldn’t read) were broadcast, a message addressed to parents explained that dozens of Israeli minors had been killed or kidnapped, and that Israel would do whatever was necessary to get them back.

Figure 7.1 Screenshots from social media showing content promoted by Israel through purchased advertising space (“ads”) displayed on users’ accounts, before their video (YouTube) or in their newsfeed (X/Twitter).

Figure 7.1Long description

The screenshots reveal the following:

1. 1. An advertisement displays the words, ceasefire, cease fire, cease fire, and notes that many people use this term without fully understanding its implications. The ad claims that a ceasefire would only enable Hamas, leading to more cycles of violence and terrorism. The instruction, watch, is provided, with a linked video below. The thumbnail shows military personnel stockpiling ammunition.

2. 2. A screenshot of the advertisement on a user's X newsfeed, dated October 11, 2023, shows four photos of devastated buildings accompanied by a few lines of text. The text reads: They went from house to house. Burned people alive. Murdered entire families. Children. Babies. We will not be silent. May the memories of the victims of Kibbutz Beeri be a blessing. This advertisement has garnered 8.5 million views.

3. 3. A YouTube ad titled, Hamas declared war against Israel. Against a dark background, the text reads: To protect our citizens against these barbaric terrorists.

4. 4. A set of three ad video stills. The first still features a young man and woman smiling, with the text, Hamas, a vicious terrorist organization, murdered over 940 overlaid on their photos. The second still shows an older man speaking on C N N, accompanied by text that reads: She was either dead on the left side of the screen, and, Breaking News, C N N at site of deadly Hamas siege on Kibbutz, where 100 killed, below. The third still displays multiple rainbows with the text, by the Hamas terrorists, followed by ISIS within parentheses, overlaid on top.

A journalist (Galer Smith, S. [@sophiasgaler]) on X (previously Twitter) revealed that between October 7 and 19, 2023, eighty-eight different commercials were broadcast in some twenty countries, at a cost of over $7 million. France was by far the most targeted country, with spending estimated at €3.8 million, which would have resulted in almost 445 million screen impressions (number of times the ad was displayed on a screen); followed by Germany (€1.9 million for 231 million impressions). For the period from October 7 to November 6, Google’s advertising transparency center lists around 200 spots paid for by the Israeli Ministry of Foreign Affairs. Interestingly, the same pro-Israeli content received relatively little sponsorship in the United States (around €50,000). Does this mean that Israel takes the support of the US government for granted, as does a large part of its public opinion? If this is the reasoning, it could be considered partly false, given the unprecedented mobilization for Gaza, particularly on American campuses. It would also mean that Israel considers Europe to be a politically uncertain partner, given the considerable financial efforts made by the major European powers.

This advertising campaign organized by Israel is just one part of Israel’s vast digital strategy on social networks. Indeed, since the 2010s, we have seen how the state has strengthened its resources to be more effective on social networks, with the recruitment of people dedicated to “new media” within the army or ministries.

Thus, the official accounts of the State of Israel, its Ministry of Foreign Affairs or Tsahal on the networks (7 million on TikTok; 215,000 on YouTube; 1.5 million on X; 1 million on Instagram; 890,000 on Facebook) accumulate several million subscribers and publish dozens of messages, photos, and videos to disseminate Israeli narratives, even if this is strongly criticized. Indeed, the comments on these publications regularly generate far more negative and pro-Palestinian comments, but this doesn’t stop Israel from continuing to publish in order to get its messages across.

David Sarangua, Director of the Ministry of Foreign Affairs’ Digital Office, estimates that in the first month of the conflict (October 8–November 8, 2023), Israel had published over 2,500 messages in English on its networks, reaching over a billion people, thanks to innovative content and sponsored publications.

The Israeli authorities have also authorized the broadcast of interrogations of Palestinian terrorists arrested on October 7. In an exchange in Arabic with the Israelis who questioned them, the latter declared that their organization, in committing the acts of October 7, had behaved worse than the Islamic State and had the objective of killing civilians and raping women.

The state and its various entities are not the only players. Israeli society has also mobilized to produce original, viral content. Such is the case of the famous Israeli TV show, Eretz Nehederet (“A Wonderful Country”), a comedy program broadcast weekly for the past twenty years. Since October 7, comedians have been staging satirical episodes to denounce the use of civilians by Hamas and antisemitism acts by students on American campuses. These videos have been viewed millions of times on YouTube and relayed massively on social networks.

There’s plenty more content and narratives to criticize Hamas and its supporters, or the silence of certain international organizations in the wake of the attacks. We can’t list them all, but let’s end with the initiative of a rather art-oriented Israeli content creator, Hila Yerushalmi, who produced and broadcast a video on YouTube to denounce the silence of international organizations against the rape of Israeli women. Her content was then relayed by thousands of people as part of a social networking campaign entitled “Rape is not resistance.”

Objective and Strategy

This mobilization was not specifically aimed at the Israeli government, whose war aims to secure their release. It was aimed, above all, at the Western world, to arouse emotion and solidarity with the families in their fight for the hostages’ release. One initiative proved particularly successful: the one originally organized by hostage families who wanted to appeal to the world and publicize the victims. Via WhatsApp groups, these families distributed posters with the photos and main details (including age) of all the hostages, framed by large, easily identifiable red stripes and accompanied by a message in English: “Bring them home.” Pages and accounts on social networks were created on October 10 with this name, and the hashtag of the same name was quoted in publications.

The initiative aroused a great deal of interest in Israel, where hundreds of volunteers were taking part in collage campaigns featuring photos of the hostages. It’s interesting to see how digital action produces real-world effects, as the files with the hostages’ photos circulated in various Signal, Telegram and WhatsApp groups, and were then printed and pasted on city walls. Very quickly, the group became structured, collected donations, and benefited from the support of professional figures such as David Meidan, a former Mossad officer who led the negotiations for the release of Israeli soldier Guilad Shalit (2006–2011).

International Relays

The campaign provoked a huge international response, particularly in Western countries, where a number of organizations and personalities, mostly from Jewish communities or the Israeli diaspora, were organizing poster campaigns in various public places or relaying the photos on their social networks. The National Council of Jewish Women in the United States was the first (October 19) to take up this initiative and organize collages in the United States; the Union des étudiants juifs did the same in Belgium, then in France.

Still within the Jewish community, and notably within associative networks, other initiatives accompanied the movement, with the creation of dedicated groups (“the October 7 collective”) and the organization of occasional actions beyond the collages (e.g., weekly gatherings). Various town councils in France relayed the campaign; in Nice, for example, the town council financed street billboards.

The element that certainly contributed most to the popularity of this campaign was the negative reaction of supporters of the Palestinian cause. Believing that these actions amounted to propaganda, or at least failed to shed light on the Palestinian victims of the conflict, dozens of people were filmed tearing down the posters, provoking widespread indignation and helping to amplify the campaign.

Aware of the communicative potential of this campaign for Israel’s image, the Israeli authorities are also investing time and resources to finance larger scale poster campaigns. We learned that the Israeli government had prepared a large-scale campaign to display photos of the hostages in the Netherlands a few days before the International Court of Justice (ICJ) hearings requested by South Africa, which accuses Israel of genocide in Gaza (January 2024). The official aim of the poster campaign was to “raise awareness of the need to free the hostages held captive by Hamas”; but the political maneuvering, given the timing and choice of location, is beyond doubt. However, a dozen poster companies in the Netherlands turned down the contract with the Israeli government, which nevertheless promised to organize several other awareness-raising campaigns in the country.

Traditional Channels and Channels of Communication

While the military response had already begun and the ground operation was being prepared, the State of Israel was organizing visits by foreign delegations who wished to express their solidarity or who had come to see what had happened. These visits were a crucial moment for Israel, as they could raise awareness among a very broad public.

Throughout the month of October, a number of leading political figures (the US president, the German chancellor, the British prime minister, the Italian prime minister, the Dutch prime minister, and the French president) came to Israel to meet politicians, hostage families, and victims. Other politicians (MPs, senators, mayors, presidents of opposition parties) have also visited Israel, and sometimes even the sites of the massacres. In a moment of palpable emotion, several leaders made political statements that met the expectations of the Israeli authorities, but also provoked criticism in their own countries. For example, during her visit to Israel on October 13, the President of the European Commission, Ursula Von Der Leyen, affirmed her unconditional support for Israel, which irritated some European countries concerned about the situation in Gaza. During his visit to Israel on October 24, President Emmanuel Macron spoke of mobilizing the international coalition against the Islamic State to combat Hamas, a statement that upset some 100 French diplomats, who denounced in an internal memo a risk to France’s position in the Arab world.

Beyond the political world, Israel also wanted to show the violence of the attacks to delegations of journalists, so that they too could relay what happened that day. Several of them were invited to visit the scene of the attack, while the army and rescue services were still working in some areas to recover bodies from burned-out houses and blood-covered rooms. Live broadcasts were organized from the scene, sometimes behind trucks filled with unidentified bodies. By mobilizing foreign journalists, Israel is enabling foreign newsrooms to produce and broadcast news content to raise global awareness of the scale of the destruction.

Digital Influence

Israel also mobilized social network influencers to communicate about the attacks. The Israeli Ministry of Foreign Affairs organized visits to the attacked kibbutz by a number of Israeli influencers, whose interests had absolutely nothing to do with politics; the aim was to enable the dissemination of images on various social platforms such as Instagram, X, or TikTok and to reach a wider audience not necessarily interested in political news. The two most talked-about influencers at the time, Maja Kravarusic and Alina Rabinovich, who specialize in fashion and cooking, published a number of images usually reserved for journalists.

Israel, through its Ministry for the Diaspora and the Fight against Antisemitism (The Ministry for Diaspora Affairs and Combating Antisemitism, 2023), explains that it has mobilized Israel’s biggest influencers (TV presenters, models, and actors with tens of millions of subscribers worldwide) for visits to the field to tell, document, broadcast, and bear witness to the October 7 attacks.

This strategy was not limited to Israel. Several French influencers, including one of the best-known, Magalie Berdah, visited Israel at the invitation of an Israeli rescue NGO (Zaka). Although this visit was made possible with the agreement of the Israeli army, it was nonetheless the initiative of a non-state actor, confirming the ability of the Israeli system to rely on relays other than its state institutions, in line with its doctrine of public diplomacy.

Another visit was far more strategic for Israel in terms of digital influence: that of Elon Musk, head of X, who visited a kibbutz near Gaza on November 27 in the presence of the Israeli prime minister. His visit to Israel is significant for several reasons: In addition to his position at X, he is one of the most followed personalities on this network (170 million subscribers), making him a particularly influential intermediary. He is also the head of StarLink, a company that provides internet connection to territories where none exists. However, at the end of October, Israel decided to cut off all internet connections to the Gaza Strip in order to hinder terrorist activity; Musk announced that he would deploy his satellite network to reestablish the connection to Gaza, which greatly concerned the Israeli Minister of Communications, Shlomo Karhi. After Musk’s visit, the same minister proudly announced that he had signed an agreement in principle with StarLink to deploy its satellite network in Gaza only with Israel’s agreement.

Since then, Elon Musk has been a strong supporter of Israel, proudly wearing a “Bring them home” necklace in the shape of a military identification tag, given to him by the mother of a hostage who showed him a video of her son being kidnapped by Hamas.

From Communication Object to Political Object

What’s most interesting about this video is not so much its content, most of which can be viewed on various Telegram channels, but the fact that it has become a political communication tool in its own right. Indeed, rather than broadcasting it widely, the Hebrew state chose to include extremely violent sequences (decapitation, execution at close range, violence against children, etc.) to show some of the atrocities perpetrated against its population. Out of respect for the victims and in order to comply with platform distribution rules, the Israeli authorities decided to target the film’s viewers. This decision lends political weight to the video, access to which becomes rare. Indeed, only a handful of people were invited to participate in these viewing sessions, which were usually supervised by an Israeli representative. The effect of scarcity immediately made it a political phenomenon in the media, where a handful of journalists recounted part of what they had seen, using words that amplified the phenomenon (“unbearable images,” “unspeakable horrors,” etc.).

The video was first shown in Israel, to a limited number of foreign journalists who were told that it was forbidden to film the screen; the only images they were allowed to shoot were those showing the journalists’ faces during the broadcast, some of whom were covering their eyes or leaving the room. From a purely communications point of view, these images of distraught journalists were perhaps more effective in achieving the desired effect than broadcasting the gruesome scenes themselves.

The same scenes occurred in other circles: in front of American senators, in the French National Assembly or Senate. The network of Israeli embassies around the world was also mobilized to broadcast the video to selected audiences within their walls. Although the exact list is not known, we do know that screenings of the film were held in Geneva, Berlin, Brussels, and Madrid, as well as in Latin America (Santiago de Chile) and at the UN.

Invited by the French Embassy in Israel, as part of a screening reserved for French researchers, we also viewed this video. Before doing so, we were asked to sign an undertaking – later given to embassy staff – to not film the scenes out of respect for the victims. More interestingly, the document recalled the political objective of this viewing: The video aims to show and prove the atrocities of the October 7 attacks, at a time when voices were being raised around the world to contest their veracity.

Another interesting element: The text submitted explained that Israel’s aim was precisely to target opinion leaders, influential people in political, media, and intellectual circles, so that they could bear witness to what they had seen. In a quick exchange with embassy staff, we learned that screenings had been carried out in Russia and China; we didn’t get any precise answers about the Arab world, where Holocaust denial is most widespread.

International Relays

As with these other campaigns, the Hebrew state was also able to mobilize the Israeli and Jewish diaspora around the world to relay the video. The most emblematic case is that of Israeli actress Gal Gadot. Famous around the world for playing the iconic Wonder Woman character, now based in the United States where she is pursuing her career, Gal Gadot gathers tens of millions of followers on her various social networks (over 100 million on the Instagram platform alone). Sensitized by the attacks of October 7, she managed to get a copy of the video from the Tsahal spokesperson, so that it could be shown at her home to a private circle of personalities from the American film industry.

A few days later, renowned American film director Steven Spielberg announced an initiative to collect video testimonies from survivors of the October 7 event. In France, it was host and producer Arthur who produced and broadcast on CNews a report on these events (“Supernova–massacre at the rave party”) at the end of December 2023. More than a simple assembly of previously published images, this report features previously unpublished content, obtained directly from Israelis present at the scene or from videos of the assailants; all elements that suggest this report could not have been made without authorizations or direct contacts with the Israeli authorities.

As you can see, Israel has succeeded in using filmed scenes of the massacres to create an object of political communication, relayed by its network of embassies abroad and by various players in the diaspora.

Justifying the Military Response

In addition to the various awareness campaigns organized by Israel, the authorities have also organized a dedicated communication campaign to justify and defend its military response. Here, we have identified two main mechanisms implemented mainly by the army, which has absolute control over communications in the military arena.

Here too, the objectives are twofold: to assure the Israeli population that the sacrifice they are making is necessary and worthwhile; and at the same time, to provide proof to the world that Israel is deploying proportionate force to achieve its war aims, while protecting Palestinian civilians as far as possible.

Explaining the War

The content of this daily news item has evolved with the conflict: Initially confined to the domestic situation, it now presents the situation on all the fronts on which Israel is engaged (West Bank, the North, Syria, Yemen, etc.). Its news content will then be picked up and commented on by all the media in the country, enabling the army’s narrative to spread to the whole of Israeli society and beyond. An English version is also available to enable international newsrooms to directly retrieve information produced by the army. This is a classic Hasbara system: Information is produced and distributed directly by the military authorities to journalists, who then pick it up and distribute it.

On the domestic front, this appointment is a political success, thanks in particular to the stature and personality of the spokesperson, Daniel Hagari, a former commander of the IDF’s most prestigious unit, the Shayetet 13, the elite commandos renowned for carrying out perilous and secret actions in enemy territory. According to a poll carried out five weeks after the start of the conflict, almost three-quarters of Israelis (73.7 percent) consider Daniel Hagari to be the most reliable source of information on the conflict, an interesting figure given that only 4 percent put Prime Minister Netanyahu in first place (Bagno, Reference Bagno2023). Despite the political crisis and Benjamin Netanyahu’s low popularity, Israelis still have confidence in the army and therefore in the state in this war.

Showing Success

The second strong expectation Israelis have of their leaders is their ability to secure the release of the hostages. To achieve this, the Israeli government’s strategy has been to intensify its attacks on Hamas in order to corner it and force it to negotiate a truce in exchange for the release of hostages. This position was not easy to maintain in the face of public opinion, which was very strongly committed to and mobilized for the release of the hostages. Various informational maneuvers by Hamas were aimed precisely at increasing the pressure on Israeli civil society via the hostages, so that it would demand a ceasefire from its government.Footnote ¹⁴

The release of around a hundred hostages under an agreement concluded at the end of October between Israel and Hamas via Qatar was seen as a victory for the Israeli government, justifying its military strategy. The state’s communication apparatus therefore used and staged these releases, producing videos and images in which the symbols of the state were omnipresent: Once freed, the families were photographed in front of a large Israeli flag, surrounded by sympathetic soldiers. The images made the rounds on social networks and in the Israeli media.

Live Warfare: Images from the Field

To ensure control of the war news, the army completely closed the Gaza territory to the foreign press; only Al Jazeera, which has correspondents on the spot and is fully established in the territory, could continue to broadcast its own images. The aim is not to make ongoing operations opaque, but, on the contrary, to be able to broadcast information produced and/or controlled by the Israeli army.

The two main producers of content are the Israeli army and foreign journalists authorized to film in areas designated by Tsahal. To be effective, the army deployed troops from the Spokesman’s Unit to film and photograph war scenes. At the same time, several soldiers were equipped with front-facing cameras to capture first-person footage of battle scenes; some of these videos were then retrieved and posted on the army’s various social networks. Finally, reports from occupied areas will be produced entirely by the army, which takes every step to make this production as professional as possible (cameras, no smartphones, drones for large fields, microphones, etc.). The spokesperson, Daniel Hagari, was on hand to show, camera in hand, the Hamas tunnels under Palestinian hospitals.

All these means and devices are aimed at documenting the war and putting across several messages to justify Israel’s action and denounce Hamas’ actions. The main Israeli narrative aims to criminalize Hamas, not just for its actions against Israel but for its attitude that dangerously exposes Gaza’s civilian population. To this end, Israel provides images from the field showing weapon caches, tunnel entrances, and rocket launchers installed directly in schools, mosques, or hospitals. In its videos, Israel also shows how the equipment of international organizations benefits (intentionally or not) Hamas, with the presence of United Nations Relief and Works Agency (UNRWA)Footnote ¹⁵ or Red Cross stamped equipment in the terrorists’ caches in the tunnels.

The other aim of these communications operations from the field is also psychological warfare. Israel wants to show its competitors that it is winning the war, that defections and arrests of militants are multiplying, and ultimately that Hamas is completely losing control of the territory. Videos of dozens of Palestinians posing as Hamas members are posted on the networks, with some accusing their leaders of betraying them.

Finally, there’s another source of information from the field that Israel exploited to its advantage: films produced by Hamas fighters themselves who, in a reverse psychological campaign, film their surprise attacks on Israeli tanks or soldiers. On social networks, images from these films are extracted and broadcast by Israel to show that Hamas fighters are purposely dressed as civilians to deceive soldiers and expose real civilians.

Protecting Palestinian Civilians

The other aim of these images from the field is to show that Israel is making considerable efforts to protect the civilian population of Gaza, and that its war is directed exclusively against Hamas. This communication work is not so important for the Israeli population, which is more concerned about the hostages and soldiers involved. On the other hand, it is of vital importance to international leaders, both in the West and among Israel’s Arab partners. Their position of support or moderate criticism of Israel would be more difficult to maintain in the eyes of public opinion if these states did not have guarantees and material proof that Israel is implementing a policy aimed at minimizing civilian casualties and protecting the Palestinian population as much as possible.

To this end, Israel produces a whole series of elements to justify itself: leaflets thrown from an airplane, audio clips of telephone calls advising inhabitants to leave, organization of population movements via secure corridors, resumption of humanitarian truck deliveries, and so on. In addition to protecting civilians, the army is also keen to show how it is helping the population by distributing food and water. All these actions will be relayed on social networks by the army’s official accounts, then by Israel’s entire digital ecosystem.

A Transformative Coalition

In the first two years of the war, over forty-one countries have contributed to the support of Ukraine – whether through the sending of arms and ammunition, support for military training, financial assistance, logistic support, acceptance and support of refugees, or other means. These efforts have involved significant financial and economic burdens, changes in policy, and overcoming a panoply of domestic, regional, intraorganizational, and transatlantic obstacles and tensions. Some countries have pledged large percentages of their national heavy weapons and ammunition stockpiles or committed to rapidly producing more as part of their support for Ukraine. Others have accepted large numbers of refugees, served as major logistics and supply hubs, or fundamentally changed aspects of their domestic economies or foreign policies. In addition to the United States and EU and NATO members, this has included G7 countries and others from across Europe and beyond – including contributions, for example, by Japan, South Korea, Australia, New Zealand, and Taiwan (Bomprezzi et al., Reference Bomprezzi, Dyussimbinov, Frank, Kharitonov and Trebeschn.d.).

As of January 15, 2024, partners have committed some $278 billion in aid since the beginning of the war, including $141.06 billion in financial assistance, $19.01 billion in humanitarian assistance, and $117.99 billion in military commitments (Antezza et al., Reference Antezza, Bushnell, Dyussimbinov, Frank, Frank and Frank2024). While the United States has committed $75.4 billion ($46.33 billion of it military aid), Europe (through the EU and bilateral commitments by individual countries) has collectively committed $183.43 billion ($102.499 billion of it financial and $67.68 billion military aid) (O’Hanlon, Stelzenmüller, & Wessel, Reference O’Hanlon, Stelzenmüller and Wessel2024). According to the Kiel Institute’s “Ukraine Support Tracker” statistics, thirty European countries as well as Canada have actually committed higher percentages of gross domestic product (GDP) than the United States (0.32 percent), though these come as proportions of smaller overall economies. A total of fifteen countries have committed more than 1 percent of their total GDP to the aid effort, led by Estonia (4.09 percent), Denmark (3.06 percent), Lithuania (2.04 percent), Norway (1.72 percent), and Latvia (1.67 percent) (Bomprezzi et al., Reference Bomprezzi, Dyussimbinov, Frank, Kharitonov and Trebeschn.d.). Eastern European countries formerly dominated by Russia have made particularly large proportionate commitments. Of the top fifteen contributors by GDP percentage, seven were former communist states.Footnote ¹ European countries have also provided significant support in the form of accepting and assisting Ukrainian refugees – led by Germany, Poland, and the Czech Republic, but with fourteen countries accepting refugee numbers greater than 1 percent of their prewar populations.Footnote ² These countries have also spent substantial amounts on support for the refugees they have taken in, led by Poland spending 3.35 percent of its GDP on this support, followed by the Czech Republic and Bulgaria (each 2.08 percent), Slovakia (1.68 percent), Latvia (1.51 percent), Lithuania (0.98 percent), and Estonia (0.94 percent) (Antezza et al., Reference Antezza, Bushnell, Dyussimbinov, Frank, Frank and Frank2024).

These efforts have involved particularly significant undertakings or dramatic changes in policy by a number of countries critical to the support collaboration. For example, Germany – which has committed the second-most total ($24.2 billion) and military ($19.42 billion) aid of any individual country behind the United States, and a total worth 1.06 percent of its GDP – had to dramatically alter its approach to defense and military production, as well as overturning its trade and energy dependence relations with Russia (Antezza et al., Reference Antezza, Bushnell, Dyussimbinov, Frank, Frank and Frank2024). In his February 27, 2022 speech to the Bundestag, German Chancellor Olaf Scholz called the Russian attack on Ukraine a “Zeitenwende,” or “historic turning point,” and announced significant changes in German defense policy and military spending. While gaps remain between commitments and what has actually been delivered to date, this represents a generationally important change in German defense policy. France has also made some substantial changes to its foreign policy as a result of the war effort. Some observers ridiculed French President Emmanuel Macron’s prewar shuttle diplomacy charm offensive and open line to Putin during the first year of the war, seeing these efforts as potentially placating Russia or pressuring Ukraine into negotiation. But, by December 2022, Macron had declared France’s support for Ukraine “all the way to victory” and France had begun heavy arms deliveries to Ukraine. Subsequent changes suggest an increasing support for inclusive European defensive hardening, including a 40 percent increase in France’s defense budget announced in January 2023. Perhaps more significantly, there is also evidence of a changing French approach to European security – including a more positive stance toward further enlargement of the EU and NATO.Footnote ³

Former Soviet Bloc and nonaligned countries on Europe’s Eastern flank have also undertaken dramatic changes in policy and critical supportive efforts. In addition to the substantial aid contributions and refugee support relative to their GDPs and populations, Baltic and East European states have loudly pressured partners for greater supportive efforts. Poland has played a particularly essential role, serving as a hub for logistics – including the transfer of military and humanitarian aid – with its city Rzeszow providing the closest airport to the Ukrainian border. It has also taken in one of the largest total refugee populations with many more transiting through the country to further destinations. Ukraine’s closest European neighbors have also become conduits for shipment of its agricultural products, while Turkey has played an intermittent role in pressuring Russia to allow their Black Sea export.

In addition to specific efforts to provide immediate aid and support for Ukraine, another significant element of the response by democratic partners has involved efforts to consolidate and reinforce structures of cooperation and security across Europe and the transatlantic region. In the first months of the war, Sweden and Finland – which had long maintained a neutral status in relation to NATO – declared their desire to join the alliance and were formally invited at the Madrid Summit in July 2022. Despite intra-alliance tensions that held up the actual accessions, most NATO members rapidly embraced the further integration of these two partner countries, seen as capable of quickly becoming important contributors to the alliance’s defense posture. Western democracies have also come together in an effort to provide pathways forward to secure democratic futures for Ukraine and other non-NATO and non-EU member countries vulnerable to Russian aggression. At NATO’s Vilnius summit in July 2023, the alliance affirmed language that “Ukraine’s future is in NATO” and agreed that, after the war, Ukraine would not be required to go through the formal process of a “membership action plan,” or MAP.Footnote ⁴ On December 14, 2023, the EU’s current members voted to begin membership accession negotiations with Ukraine and Moldova, also advancing Georgia to candidate status.Footnote ⁵

Vulnerabilities and Targeting of Ukraine’s Support

The outpouring of support for Ukraine in the face of Russian hostility has marked an impressive, coordinated response, but it has also demonstrated new seams of vulnerability to Russian information and influence campaigns. While some relate to core democratic institutions and protections and processes across democracies, others are due to the historic, cultural, or political specificities of particular states critical to the support efforts – or capable of playing spoilers in those efforts, such as through the EU or NATO. While the individual support of key states is vital in and of itself, some vulnerabilities are explicitly inter- or transnational, related to alliance or regional institutions, bi- or multilateral dynamics, coordination, trust, and cohesion. Russia has made extensive strategic use of cyber-enabled information and influence campaigns during the first two years of the war, including targeting these vulnerabilities in Ukraine’s support coalition. Coordinated campaigns across different national and regional audiences have targeted not only specific countries key to the support effort but also the very relationships, organizations, and mechanisms that have been most critical in enabling a collective unified response.

A review of several known instances of Russian disinformation and influence operations since the start of the full-scale war with Ukraine readily demonstrates this strategic sophistication, both in target selection and often also in coordination of tactics and narratives across jurisdictions. We see this first, for example, in operations targeting countries that are leading providers of military, financial, or humanitarian support. Operations across these countries use similar but tailored tactics, aiming to bolster challenges to support for Ukraine and increase conciliatory positions toward Russia across the right and left extremes of the political spectrum, and spread narratives undermining public support for Ukraine or emphasizing associated risks and harms to national well-being. These efforts began long before the full-scale invasion, cultivating networks of relationships with extreme political parties and movements, fringe media outlets, organizations, politicians, journalists, activists, influencers, and other public figures. They also long involved cultivating digital ecosystems for the laundering and spread of interrelated but tailored disinformation across many platforms.

Since the invasion, not only has the intensity of these efforts increased but they have also focused much more explicitly on the goal of undermining support for Ukraine. Russian cyber-enabled information and influence campaigns seeking to affect the course of the war have targeted numerous audiences, including within Ukraine itself, the Russian public, the Global South, and the West. Building on the relationships, audiences, and techniques cultivated through earlier campaigns and operations, they have sought to “amplify divisive local issues and voices,” “tailor[ing] disinformation and narratives for specific audiences.” They have used a combination of official channels, “state-backed media outlets,” “Russia-linked actors,” and organizations, and “coordinated inauthentic activity on social media platforms.” They have leveraged techniques such as “hack-and-leak operations,” “falsified imagery,” fake copies of trusted websites, and automated systems for the dissemination, laundering, and amplification of fake stories across multiple media ecosystems (Atlantic Council Digital Forensic Research Lab (DFRLab), 2023; Huntley, Reference Huntley2023; Insikt Group, 2022; Kerr, Reference Kerr2023, p. 17). Through a mix of narratives and covert influence campaigns across numerous countries, they have aimed to discredit the legitimacy or capability of the Ukrainian government and military, spread doubt and fear concerning pro-Ukraine policies, encourage conciliatory approaches to Russia, and foment grievances and division between Ukraine’s supporters (Bronk, Collins, & Wallach, Reference Bronk, Collins and Wallach2022; Kerr, Reference Kerr2023). Narratives of particular prevalence have included those seeking to stoke hostility, fear, and resentment toward Ukrainian refugees; blame Russian sanctions and aid to Ukraine for local economic and social hardships; legitimize Russian actions and blame Ukraine, NATO, or the United States for the war; raise the specter of military escalation to involve supporting countries, nuclear, or other catastrophic threats; and sow distrust in mainstream parties and media of Western democracies as “biased or untruthful” (Aleksejeva, Reference Aleksejeva2023; Kerr, Reference Kerr2023).

Studies both prior to and during the full-scale war show Russia building vast networks for the distribution of targeted disinformation and cultivation and manipulation of supportive actors and publics across Europe and the United States, often appearing to particularly emphasize those countries most critical to the Ukraine support effort. For example, the EUvsDisinfo Database – a project of the European External Action Service (EEAS) East StratCom Taskforce – found that Germany was the European country most targeted by disinformation campaigns recorded in their data for the 2015–2021 period leading up to the war, with 700 cases collected. During this same period, their data showed France as the second-most targeted, with 300 cases. Comparative studies by the EU DisinfoLab since the full-scale invasion likewise point to Germany as the most-targeted EU member state during the conflict, while major leaks of Kremlin correspondence and investigative studies have demonstrated explicitly planned efforts to target both French and German public opinion and politics to undermine support for Ukraine.

Operations in both Germany and France have sought to instrumentalize fringe political parties and movements to spread narratives undercutting support for Ukraine across receptive audiences and promote policies serving Russia’s strategic goals. In Germany, for example, leaks and traced online campaigns show Moscow attempting to utilize pro-Russian media and social media as well as networks of collaborative relationships and clandestine operatives to mobilize both left- and right-wing activists, political parties, and sympathetic segments of the population around opposition to support for Ukraine – in some cases specifically seeking to bring together both ends of the political spectrum around common narratives and grievances. Some of these operations have long roots going back well before the 2022 invasion. Prior to the full-scale war, German-language Russian state-backed media had an established presence in the German media system, including outlets such as RT Deutsch and Sputnik, which focused their coverage on polarizing issues such as immigration and EU skepticism, producing content that was often picked up by – and frequently supportive of – extreme populist political parties and campaigns (Hadeed & Sus, Reference Hadeed and Sus2023; Spahn, Reference Spahn2020). By mid-decade, Russian disinformation often targeted Angela Merkel and her policies, including her stance on migration. In the infamous 2016 “Lisa F.” case, a hoax about a thirteen-year-old Russian–German girl having allegedly been kidnapped and assaulted by men of Arab origin was amplified by Russian media leading to anti-migrant demonstrations and an attack on a refugee reception center by German neo-Nazis.

Since Germany’s blocking of RT shortly prior to the Russian invasion of Ukraine in February 2022, a number of pro-Russian German blogs and independent media sources on platforms such as Telegram have achieved wide audiences spreading Kremlin narratives (DW, 2022; Kastner & Hewson, Reference Kastner and Hewson2023). Analysis by Reuters has identified twenty-seven Telegram channels that “reshare and boost pro-Kremlin messages to a combined audience of about 1.5 million subscribers,” including flattering images of Putin and warnings about the risk of nuclear escalation (Nikolskaya et al., Reference Nikolskaya, Saito, Tsvetkova and Zverev2023). German researchers have also shown the Russian government is more often using official channels of communication such as Foreign Ministry and Embassy websites, social media, and press releases to spread disinformation (Organisation for Economic Co-operation and Development (OECD), 2022). In one prominent August 2022 example of the use of these mechanisms to spread inflammatory disinformation against support for Ukraine, an out-of-context video clip of German Foreign Minister Annalena Baerbock portrayed her as declaring her intention to continue support for Ukraine even against the will and interests of German voters. The clip was picked up first on pro-Russian Telegram accounts and then propagated further across mainstream social media platforms, spread by accounts connected with extremists and fringe political party members, and leading to a trending hashtag on German-language Twitter (now X) calling for Baerbock’s resignation (Delcker, Reference Delcker2022).

The Kremlin has long sought to build closer relations with German fringe politicians and activists. The hard-right Alternative für Deutschland (AfD) party has been a particularly pronounced beneficiary of Moscow’s largess. Prior to and since the beginning of the full-scale war, several AfD members have been invited on trips to meet with Kremlin or Kremlin-aligned figures in Moscow, Belarus, Kyiv, and Russian-occupied regions of Ukraine. At the same time, Kremlin efforts also have aimed to stoke support for left-wing activism such as peace and anti-NATO movements. Investigations have traced Kremlin efforts to encourage alliance between the AfD and the far-left party, Die Linke, specifically appearing to target Die Linke parliamentarian Sahra Wagenknecht, who has led protests opposed to supplying arms to Ukraine.Footnote ⁶ Reuters investigations have also indicated that the Russian agency Rossotrudnichestvo is also directly coordinating a “network of agents” – some under false German identities – involved in promoting Kremlin narratives in protests and civil society events within Germany (Nikolskaya et al., Reference Nikolskaya, Saito, Tsvetkova and Zverev2023). After the beginning of the war, the AfD’s popularity has soared nationally, doubling between fall 2022 and 2023 an average of 22 percent, with much higher numbers in some Eastern regions.Footnote ⁷ Berlin’s Center for Monitoring, Analysis, and Strategy (CeMAS) research also showed a significant increase in “approval of pro-Russian propaganda narratives” between spring and fall of 2022 (Kastner & Hewson, Reference Kastner and Hewson2023). The exact impact of Russian information and influence campaigns on such shifts in polling and public opinion is difficult to establish, as these efforts often target already vulnerable populations and seek to exacerbate preexisting grievances and dynamics. But these trends could prove concerning in relation to long-term support for Ukraine.

In France, Russian disinformation and influence operations have also sought to leverage fringe parties, organizations, and public opinion to influence policy. Campaigns targeting France since the start of the full-scale war, similarly to those in Germany, have built on longstanding efforts. Russia has, for example, long cultivated a relationship with Marie Le Pen’s far-right party, the National Rally (formerly National Front), with past loan interactions suggesting financial support from Russia, Le Pen’s rhetoric emphasizing negative impacts of sanctions on the French economy, and the party voting against or abstaining from support for Ukraine and advocating better relations with Russia. National Rally member and European parliamentarian, Thierry Mariani, also leads the Association for Franco-Russian Dialogue, an organization which promotes pro-Russian positions in Paris. Mariani has made frequent trips to Russia, served as an election observer in the Donbas in 2018, and led National Rally delegations to Crimea. He pushes against Western support for Ukraine and sanctions of Russia, promoting negative views of the Ukrainian government and the United States. Jean-Luc Schaffhauser, a former member of the European Parliament for Le Pen’s party, has sought to “[launch] a foundation with Moscow’s backing that would advocate for a cease-fire in Ukraine, with the Kremlin maintaining its grip on the country’s eastern regions” (Belton, Reference Belton2023). Schaffhauser, who arranged the loans to support Le Pen’s prior presidential bid, also plans to back a slate of far-right candidates to the 2024 EU Parliament who seek closer relations with Russia.Footnote ⁸

Russian efforts in France appear to have been tailored to emphasize particular narratives thought to be most resonant and play off of existing divisions and vulnerabilities in French society. In 2023, a French parliamentary inquiry issued a report noting Russia’s “long-term disinformation campaign” and efforts to “defend and promote Russian interests” and “polarize [France’s] democratic society” (Belton, Reference Belton2023). A December 2023 The Washington Post investigative report examined how leaked Kremlin documents demonstrate explicit plans in this regard led by First Deputy Chief of Staff to the Putin Administration, Sergei Kiriyenko. The documents show an effort to utilize social media, politicians, activists, and other public figures to heighten domestic political tension, challenge NATO cohesion, and weaken support for Ukraine. Leaked 2022 Kremlin presentations give a window into the strategic thinking, expressing a belief that France would be “vulnerable to political turmoil.” They cited polling numbers showing the French public – at 30 percent – had the second-highest positive view of RussiaFootnote ⁹ of any country in Western Europe (behind Italy), with “[40 percent] inclined not to believe reporting on Ukraine by France’s own mass media.” Kiriyenko’s team encouraged promoting narratives about the negative impacts of the sanctions on Russia leading to “social and economic crisis,” the inappropriateness of “paying for another country’s war,” suggesting nefarious US use of the war “as an instrument to weaken Russia’s position in Europe,” the risk of European embroilment in a “World War III,” and the need for “dialogue with Russia” to develop a “common European security architecture” (Belton, Reference Belton2023). Other investigations suggest ongoing Russian efforts to exacerbate tensions around immigrants and ethno-religious difference in French society.Footnote ¹⁰

Use of digital platforms and tools has been critical in Russia’s efforts to spread disinformation and influence in France, as it has been in Germany and elsewhere. The leaked Kremlin documents showed direct instructions for the use of troll farms and false French personas in targeting French society (Belton, Reference Belton2023). In June 2023, French authorities announced the discovery of a broad Russian disinformation campaign, dubbed “Doppelgänger,” involving the production of fake duplicates of official government and media websites – including those of the French Foreign Ministry and the newspaper Le Monde – then using these impersonations to disseminate false content supportive of Russia and critical of Ukraine and its support. The French Foreign Ministry attributed the operation to Russia, pointing to “numerous elements revealing the involvement of Russian or Russian-speaking individuals and many Russian companies … [and] many state [or state-affiliated] entities.” The Russian companies Struktura and Social Design Agency were identified as “running [the] operation,” while an anonymous news agency, Recent Reliable News (RRN), provided a repository of propaganda content for its use (EU Disinfo Lab, n.d.). The operation similarly targeted Germany, Italy, Ukraine, and the United Kingdom (Reynaud & Leloup, Reference Reynaud and Leloup2023).

In early February 2024, in another major revelation concerning Russia’s at-scale use of digital tools to spread disinformation, the French government revealed a vast network of Russian sites that were “structured and coordinated” to spread Kremlin propaganda across multiple countries supporting Ukraine, including France, Germany, Poland, and the United States.Footnote ¹¹ The network, dubbed “Portal Kombat” had been discovered by Viginum, the French government organization tasked with confronting foreign disinformation. The network included 193 sites set up to disseminate materials in multiple languages and jurisdictions. A sub-portion of the network had spread over 150,000 articles during a three-month period of June–September 2023, tracked by researchers. The materials disseminated primarily focused on justifying Russia’s war against Ukraine and spreading false or misleading information and narratives to do so (Le Temps, 2024; Willsher & O’Carroll, Reference Willsher and O’Carroll2024).

Russian campaigns to undermine support for Ukraine have also targeted Poland, one of Ukraine’s most invaluable supporters and closest neighbors. As with other cases, the prehistory of the recent disinformation and influence efforts stretches back well before the full-scale invasion. While a significant wariness of Russia and potential Kremlin interference or aggression has long been a hallmark of Polish domestic politics – including on the far-rightFootnote ¹² –evidence suggests that Russia has attempted a similar cultivation of fringe political party connections and exploitation of local grievances as it has in the other countries it has targeted. Leaked emails have shown Russian cultivation of relationships with some fringe Polish politicians at least as far back as 2015, utilizing connections with the Zmiana (“Change”) party, for example, to prompt demonstrations of support for Russia’s annexation of Crimea (Agence France-Presse in Warsaw, 2016; Foy, Reference Foy2015; Glos Koszalinski, 2023; Morozova & Szczygieł, Reference Morozova and Szczygieł2023; Pacula, Reference Pacula2015). In 2019, only three months after its formation, Konfederacja (“Confederation”) – “an openly pro-Russia party” – won 4.6 percent of the vote for Polish representation in the European Parliament. While this meant it did not reach the 5 percent threshold to win seats, it finished as the fourth strongest party and its fortunes have continued to grow.Footnote ¹³

Pre-2022 Russian information and influence campaigns in Poland leveraged both overt state-backed sources and covert networks – often involving social media.Footnote ¹⁴ They also used illicit cyber campaigns involving phishing and hack-and-leak operations.Footnote ¹⁵ Particularly prominent themes, which have had continuing relevance during the war, included Polish loss of sovereignty to the EU, US, or other foreign actors; Polish “‘Russophobia’ and anti-Russian actions”; “Polish aggressiveness and imperialist intentions,” including desires to turn Belarus and Ukraine into “vassals”; “economic difficulties” resulting from this subservience, hatred, and aggression; and amplifying historical grievances and false or misleading “history-related claims,” including about Polish responsibility for World War II, and inadequate Polish gratitude for the Soviet liberation of Poland (Nemečkayová, Reference Nemečkayová2023). Other prominent narratives of Russian pre-2022 disinformation in Poland included those about the COVID-19 pandemicFootnote ¹⁶ and migration and refugees.Footnote ¹⁷

Since February 2022, Russian information and influence operations in Poland have built on these earlier efforts. In a rapid shift following the start of the full-scale war, many of the social media accounts and group pages that had been most active in promoting COVID-19 disinformation (or other themes such as conspiracies around 5G) rapidly switched to align against Ukraine and the war support effort. Hundreds of new anonymous accounts also appeared suddenly and began to comment on content related to Russia and Ukraine.Footnote ¹⁸ Disinformation about the war has focused with particular intensity on undermining Polish relations with Ukraine and attitudes toward Ukrainian immigrants, but also justifying Russian actions, questioning economic and social consequences of support for Ukraine, promoting pacifism and anti-war sentiment, and amplifying tensions between East and West European allies. Narratives about Ukrainian refugees have suggested that the refugees are usurping privileges of Polish citizens such as access to jobs, housing, hospitals or schools, stirring resentment. They also have sought to induce fear and anger by falsely suggesting that the refugees are mostly young men rather than women and children, and that they are dangerous, engaging in criminal activities.Footnote ¹⁹ Some propaganda narratives play up historical grievances and ethnic tensions (Insikt Group, 2022, p. 5) – such as recalling unresolved animosities around the World War II Volhynian massacre, or even suggesting Polish imperialist ambitions in Ukraine.Footnote ²⁰ Other content seeks to amplify broader anti-Ukrainian sentiments – whether through suggesting that Ukrainians are all “Banderites,” Nazis, fascists, nationalists, or extremists, seeking to discredit the Ukrainian government, or blaming Ukraine and NATO for inciting the conflict (Tymińska, Korpal, & Sek, Reference Nabozhniak, Tsekhanovska, Castagna, Khutkyy and Melenchuk2023; Zadroga, Reference Zadroga2023). Research on Ukrainian social media since the start of the war shows some of the anti-Ukrainian rhetoric to be taking off – including the popularization of the hashtag #StopUkrainizacjiPolski (“#StopUkrainizationPoland”), driven in part by the at-scale deployment of inauthentic, automated, Russian disinformation-spreading accounts.Footnote ²¹

Recent shifts in public opinion polling, political rhetoric, and protest dynamics within Poland suggest that – though support for Ukraine is still relatively strong – the audience for some of these Kremlin messages may be growing. Public opinion studies conducted in the fall of 2022 and early 2023 already found Poles – particularly in poorer regions of the country – growing more critical of the economic effects of support for Ukrainian refugees, with approximately a third of the population believing that “the war in Ukraine was the result of [the same] global liberal conspiracy […] that caused the COVID-19 pandemic,” and that “Ukrainians residing in Poland were not refugees but economic migrants.” Approximately two-thirds of respondents thought that Poland “‘cannot afford’ the presence of war exiles” (Mazzini, Reference Mazzini2024). In 2022–2023, polling showed the right-wing party Confederation’s popularity rising rapidly, polling third with 10 percent support by April 2023, and reaching 16.9 percent by July, prompting much speculation that they would prove “kingmakers” in Poland’s October 15, 2023, parliamentary elections, potentially helping then-ruling Law and Justice party (PiS) form a coalition government. While this did not occur,Footnote ²² the campaign saw the Confederation and PiS candidates competing to be the loudest “defenders of Polish sovereignty,” with slogans of “no more welfare for Ukrainians” and that “the needs of Polish citizens need to come first.” The year 2023 also saw the emergence of the Polski Ruch Antywojenny (Polish Anti-War Movement) or PRA, which led a march in Warsaw in May 2023 and popularized the hashtag/slogan “#niemojawojna” (Not My War).Footnote ²³ Poland has also seen several waves of mass protests by farmers, angered by the competition created by the import of inexpensive Ukrainian grain. The apparent role of the Confederation party in orchestrating these protests as well as some pro-Russia displays suggest potential growing alignment between the galvanized farming communities and Russian narratives.Footnote ²⁴

Equally important to the targeting of key countries to Ukraine’s support, Russia’s campaigns appear to also target key relationships between countries, cohesion of and trust in multinational organizations, and mechanisms of cooperation playing critical roles in the support processes. These have included efforts, for example, to sow discord in bi- and multilateral relations between parts within Europe, to diminish trust and cooperation in the transatlantic relationship between Europe and the United States, to weaken the cohesion and amplify distrust in the EU and NATO, and to reduce the confidence of supporters in Ukrainian leadership and capability. Such campaigns often make use of multiple coordinated operations across different countries, stressing parallel themes of discord, leveraging transnational networks, and laundering disinformation through fringe media and social media ecosystems across different languages.

We see this, for example, in the Kremlin’s efforts to amplify rifts between Eastern-Central and Western Europe. Already by July 2022, Recorded Futures had tracked RT stories “repeatedly stressing extreme political divisions between Poland and Germany or insoluble disagreements between Poland and the Baltics versus Germany, France, and Turkey, suggesting radically different stakes or positions in relation to the war.”Footnote ²⁵ Also noteworthy are attempts to undermine European trust for the United States and its motives in rallying transatlantic support for Ukraine. An incident in September 2022 involving efforts to publicize a fake RAND Corporation report shows the lengths that Russian operations have gone to in order to launder disinformation and help it to gain traction in relevant echo chambers across countries and language barriers. The inauthentic report was a document supposedly prepared at the behest of the US government and laid out a plan for using the pretext of a US-provoked war between Russia and Ukraine as a mechanism to weaken Germany and the EU, while strengthening the United States. The report and stories about it were publicized by fringe outlets in Germany and then Sweden, discussed in connected YouTube videos, and then written about by RT and promoted by social media of the Russian Embassy in Sweden.Footnote ²⁶

Equally complex Russian disinformation and influence campaigns have sought to disrupt NATO and EU processes and cohesion. Sweden’s and Finland’s 2022 decisions to apply for NATO membership and the subsequent accession processes became targets of opportunity for such campaigns. Russian disinformation narratives tracked in Finland have, for example, “argue[d] that Finland has been pressured by the United States to apply to the alliance and that the majority of Finns oppose the NATO membership.”Footnote ²⁷ The campaigns to slow or undermine Sweden’s NATO bid appear to have been particularly complex, spanning several languages and countries, and plausibly involving covert encouragement of Koran burnings and other protest actions in Sweden as well as online campaigns. In July 2023, the Swedish government announced that Sweden had been targeted by “Russia-backed actors […] amplifying incorrect statements such as that the Swedish state is behind the desecration of holy scriptures.”Footnote ²⁸ Sweden’s Psychological Defence Agency drew attention to the fact that RT and Sputnik had published numerous articles in Arabic about the Koran burnings, and that their agency had tracked millions of social media posts in Arabic and other languages, apparently part of a campaign to portray Sweden as an “Islamophobic” country that supports Koran burning, to create tensions with domestic minorities and backlash in Muslim-majority countries (protesters stormed and vandalized the Swedish Embassy in Baghdad). Most significantly, these campaigns amplified a pretext for continued Turkish (and to a lesser extent Hungarian) resistance to Sweden’s NATO accession bid.Footnote ²⁹

Humor as a Political Tool in Russia

Humor can function as a form of resistance in attacking the status quo, from institutions to individuals in power (Lynch, Reference Lynch2002), including, specifically, communist leaders and political parties (Davies, Reference Davies2007). Humor has played an important role in resistance and political activism in Russia in the context of authoritarian rule and restrictions on freedom of expression. Political activists use satire, irony, performative art, ridicule, and humorous withdrawal as ways to reconcile incongruent realities or counteract propaganda and oppression.

Satirical content in cartoons, memes, and parody videos is used as an overt tool to criticize political leaders and their policies. Russian political satire has a long tradition, dating back to the Soviet era, when humor was often used to expose the absurdities of the regime. Today, satirical content is often shared on social media platforms, where it can reach a wide audience.

Irony and sarcasm are used to subvert official narratives and highlight contradictions in government statements. For example, during the COVID-19 pandemic, Russian activists used irony to criticize the government’s response to the crisis, pointing out the discrepancies between official statistics and the reality on the ground.

Performative art is also used to draw attention to political issues. For example, the feminist punk rock group Pussy Riot gained international attention in 2012 when they staged a protest performance in Moscow’s Cathedral of Christ the Savior, criticizing the Orthodox Church’s support for Putin and his election campaign. The performance had absurdist, mocking, and satirical elements as five female group members entered the cathedral, put on colorful balaclavas and began jumping around and punching the air on the altar steps. Later they combined the video with the song, which they entitled “Punk Prayer: Mother of God Drive Putin Away.” The song invoked the name of the Virgin Mary, urging her to get rid of the then Russian Prime Minister Vladimir Putin. The song used crude analogies and obscenities to point to the connections between the Church and the government. The performance led to the arrest and prosecution of three members of Pussy Riot.

Under severe restrictions and threats of punishment and arrest, citizens in Russia developed humorous forms of protest as a way to express themselves and challenge authority while minimizing the danger. Thus, in 2011–2020, citizens organized “nanoprotests” or “toy protests” in various cities in Russia, a form of action where political participation of humans was replaced by toys (e.g., Lego toys, soft toys, or toys from Kinder eggs), and the toys were expressing their political views through slogans such as “I’m for fair elections!” and “This referendum is even more toy-like than ours” (Gogitidze, Reference Gogitidze2012). The terms and this form of action were an ironic reaction to the inability to organize “real” human protests and a reference to the ubiquitous claims that Russia is the country of advanced nanotechnologies (Nim, Reference Nim2016).

Another case of ridiculing the authorities was the words auction, an online event organized by the student magazine “DOXA” to support its journalists who were arrested and charged with the involvement of minors in protests. The auction invited subscribers of DOXA channels to donate money and send editors random words. Words that received the most donations were to be included in the speeches that arrested students would give in court (@doxajournal, 2021). The money was intended for paying fines and fees for the arrested journalists (and others). The goals of this act included emphasizing the randomness of the arrests and charges and exposing the absurdity of the court and its procedures (Тyshkevich et al., Reference Tyshkevich, Gutnikova, Metelkin and Aramyan2021; random words selected by online users are in bold):

The authorities understand the power of humor and try to stifle it using legal measures, surveillance, intimidation and harassment, and discreditation. Several Russian comedians were included in the list of foreign agents and had to leave the country (e.g., Galkin, Shatz). Satirical publications and websites have been shut down, and individuals have been fined or imprisoned for their satirical content. Increased surveillance and persecution also increased self-censorship, as individuals fear the consequences of sharing humorous or critical content. The Russian government has also employed disinformation and propaganda campaigns to undermine the credibility of activists and satirists. They use state-controlled media outlets to portray dissenters as unpatriotic, foreign agents, or as promoting harmful ideologies. By discrediting and marginalizing those who use humor as a tool of resistance, the authorities aim to undermine their influence and discourage others from following their lead.

Overall, despite the evidence of extensive use of humor and ridicule in the political context, it is not clear how effective humor is as a tool for resistance and political activism in Russia. It allows activists and citizens to express dissent in creative and subversive ways, but so far, its impact has not been shown to effectively challenge authority and promote change. In the context of repressive measures and violent crackdown, humor can be seen more as an individual coping mechanism rather than a tool of collective political action. Humor is an attempt to fight against the absurdity of Russian reality and counteract a sense of helplessness and defeat, information overload, and collective guilt.

Whether jokes use satire as a form of protest and resistance to harsh regimes or provide only relief rather than resistance may depend on circumstances dictating which is possible (Davies, Reference Davies2007).

Russian Humor after the 2022 Invasion of Ukraine

Even before the full-scale invasion of Ukraine in 2022, the Russian media waged an information war, ridiculing the other side, undermining the legitimacy of Ukraine as a state, and portraying Ukrainians as subhuman. The media introduced and amplified the use of ethnic slurs for Ukraine and Ukrainians, one of them being a reference to the dill plant because it bears a phonetic similarity to the Russian word for Ukrainians (Berdy, Reference Berdy2014). In addition to the state media, thousands of regular users and hired trolls have been involved in creating and disseminating pro-Kremlin humorous content on social media.

Political dissenters have also leveraged humor to counter the Kremlin’s offensive. In the wake of the invasion, wherein the Russian government enforced strict limitations on all expressions of dissent, the role of cyber humor has become increasingly pivotal. It now plays a central role in countering propaganda and disinformation, challenging the autocratic regime, trying to erode its grip on freedom of expression and human rights, and nurturing a sense of community among those who resist the government, offering them reassurance that they are not alone in their opposition efforts.

In this section, we illustrate patterns of humor use and dissemination by both Kremlin supporters and those who oppose its policies, its ideology, and its war. Additionally, we propose strategies for bolstering and amplifying the use of humor as a tool of resistance in Russia and, more broadly, as a means to foster democratic transformation.

Propaganda Humor

The Russian authorities never underestimated the effectiveness of humor in manipulating public opinion. After the invasion, the media sphere has become a battlefield where all means are fair, with war-fueled humor taking on a more acerbic character. The illegitimacy of Ukraine as a state is among the central themes being pushed through humorous content by pro-Kremlin actors. Prior to the invasion, Ukraine’s geopolitical borders were repeatedly called into question when countless images of a map of Ukraine flooded social media and captions urged Ukraine to follow through on its decommunization policyFootnote ² and give up territories “gifted” to it by communist Russia. Such a map is shown in Figure 9.1. The caption under the map image of Ukraine mockingly inquires: “As part of decommunization, shouldn’t gifts be returned?” The regions of Ukraine shaded in different colors are marked as “Gifts from Russian tzars 1654–1917,” “A gift from Lenin, 1922,” “Gifts by Stalin, 1939, 1945,” “A gift by Khrushchev, 1954.” The small section in the middle colored in red is identified as “Ukraine within the borders of 1654.”

Figure 9.1 Post on VKontakte from Mozalevsky, D. (September 22, 2018).Footnote ¹

This example is similar to many others, as it comes from a popular Russian humorous site, fishki.net, and has been shared multiple times. However, the author of this post adds his own rich framing context by mockingly responding to another user who has the “real, authentic, 25th generation purebred representative of the Ukrainian nation with a truly Ukrainian name ‘Vanya’.” This exaggeratedly ironic subject line already hints at the content of the appeal: Just as the name “Vanya” is not “truly Ukrainian,” but rather is often claimed to be the most authentic Russian name, so is Ukraine not a separate country, but rather a part of Russia. In a nearly 400-word appeal in this post, the author ridicules his opponent for being brainwashed and not understanding that Ukraine is the creation of “Bolshevik idiots” who arbitrarily “drew on the map with a pencil” a territory inhabited by “a bunch of different nationalities” and called it Ukraine. The author continues: “With the same success – from a hangover or, having smoked a little [weed], the Bolsheviks could unite, for example, the Pskov, Novgorod and Tver provinces – into one republic !!! ))))) And name it – ‘UKRAINE’!!!”

After the invasion, the tone of these messages became more ominous as the authors cynically sneered that Russia was simply implementing a decommunization program for Ukraine when it seized Ukrainian territories. Thus, in a tweet from February 2022, the user Lada provided the following retort to criticisms of Russia’s aggression: “I’m sorry, but Russia is acting strictly within the framework of decommunization” (Figure 9.2). The user shared a map similar to the one in Figure 9.1 with regions of Ukraine marked as “Gifts of the Russian Tsars 1654–1917,” “Lenin’s gift, 1922,” “Stalin’s gifts, 1939, 1945,” and “Khrushchev’s gift, 1954.”

Figure 9.2 Post on Twitter from Lada [@_LadyLidiya] (March 21, 2022).Footnote ³

Other themes of pro-Kremlin humor reinforce the idea of Ukraine as a failing state. The inadequacy of Ukrainian leaders and the military, the country’s servile admiration for the West, and grotesque Russophobia have become the most common topics with their own rhetoric and tropes. President Zelenskyy’s comedic past has provided a rich source for comparing Ukraine to a circus. Thus, a post on the Russian platform ok.ru (Figure 9.3) shared a picture of a traveling circus colored in yellow and blue (the colors of the Ukrainian flag) with the statement “All the world’s a stage, only Ukraine is a circus. Circus with clowns.”

Figure 9.3 Post on ok.ru from user “1-2^nd platforms-admin dwelling. Donetsk. DNR. RF” (August 23, 2022).Footnote ⁴

The posts on social media mocked president Zelenskyy as a clown who is under the influence of drugs (Figure 9.4) or is thirsty for blood after the invasion (Figure 9.5). In the example from Figure 9.4, the subject line is a play on words: the word “agony” is made up of two words “fire” and “I,” which can be interpreted as if the author is burning with anger or as if Zelenskyy is on fire. Zelenskyy is portrayed as a clown high on cocaine. The text with the picture reads: “Zelenskyy signed a decree imposing sanctions against 606 representatives of the Russian authorities: 28 members of the Security Council, 154 members of the Federation Council and 424 deputies of the State Duma. Got sniffed again!”

Figure 9.4 Post on Twitter from user Dusia Niushina [@DNusina] (September 9, 2022).Footnote ⁵

Figure 9.5 Post on Twitter from user Saint Francesco [@saint_francesco] (August 31, 2022).Footnote ⁶

In the example from Figure 9.5, Zelenskyy is depicted in a clown wig with a red nose added to his face, but he has bloodstains on his suit. Behind him is a war scene with a firing tank and a destroyed building. The text reads: “The bloody clown, for the sake of victory, put more than 1,200 soldiers into fertilizer, but the victory did not happen. More than 3,000 tons of scrap metal is now scattered on the outskirts of the Kherson region.”

A clown, who is supposed to make people laugh and (mostly) is considered a benign figure, is juxtaposed against the horrors of war and made into a “bloody clown” who terrorizes and kills. Zelenskyy the comedian is not funny anymore, as he is being blamed for Ukrainian suffering.

The “expectation vs reality” framing is deployed by Russian users to ridicule the Ukrainian army. The pictures shared online often put together a positive military image, such as an army of disciplined soldiers or a victorious soldier, and a mocking negative image of impoverished destitutes or draft-dodging cowards (Figures 9.6 and 9.7).

Figure 9.6 “Ukrainian Army. Expectation vs reality.”

Figure 9.7 “Expectation vs reality.”

Ukraine’s relations with the West and its aspirations to become a member of the European Union (EU) and North Atlantic Treaty Organization (NATO) are regularly depicted in crude sexual clichés, as in the following joke: “Ukraine will never be a member of NATO or a member of the EU. It will only be a hole for all kinds of members.”

Even a cursory analysis shows that pro-Kremlin actors weaponize humor to create a certain representation of reality and justify the Kremlin’s actions. Crude and denigrating jokes depict Ukrainians as inferior, ungrateful people who betrayed their Russian brothers and sold out to the West. Easy-to-grasp, pro-Kremlin humor builds on familiar stereotypes that existed in Russia before and advances the Kremlin’s political agenda while hiding the atrocities committed by the Putin regime and the Russian army or justifying them as necessary to restrain Ukraine and its people.

Resistance Humor

At the outset of the invasion, cyber humorists waged a battle against Kremlin propaganda by exposing the true nature of the incursion. Despite authorities consistently labeling it as a “special operation” and prohibiting the use of war-related terminology to downplay the scale of the invasion, anti-war social media channels were inundated with memes humorously advocating for the renaming of Leo Tolstoy’s novel War and Peace to Special Operation and Peace. Similarly, a tweet that humorously questioned why Kremlin supporters opted for the Latin letters Z or V instead of the genuine Cyrillic “Ы” in reference to the special operation was recognized as the top ironic comment by a contributor on the Russian humor site fishki.net in 2022 (Figure 9.8). Without exploring the origins of Z and V as symbols of support for Russia’s war in Ukraine (see Dean, Reference Dean2022), it is important to note that the letter Ы is linked to the iconic Soviet comedy Operation Y and Shurik’s Other Adventures, which follows a naive student Shurik and his wins over bungling criminals. The parallel between Operation Z and Operation Y exemplified in the accompanying tweet mocks the special military operation as a failed criminal scheme: “I don’t fully understand why they took Z and V as symbols, two least cyrillic letters. Why not Ы?”

Figure 9.8 Post on Twitter from user Ladno, ya Archet [@sir_Archet] as cited on Fishki.net.Footnote ⁷

President Putin’s speech on February 24, which marked the beginning of the invasion, has faced ongoing ridicule through satirical memes, sarcastic comments, and pointed jokes (anecdote). The following joke involving Russia’s Defense Minister, Sergei Shoigu, and President Putin satirizes one of the central arguments of Putin’s speech, specifically the call for de-Nazification in Ukraine (“Volodya” is a short pet name for “Vladimir”):

• • Sergei, why are we retreating from Kherson?

• • Volodya, you yourself ordered the liberation of Ukraine from fascists and Nazis.

The joke flips President Putin’s argument, exposing the invasion’s illegitimate and aggressive character while drawing a parallel between Russian forces and the Nazis.

Another much-derided point in Putin’s speech was that Ukraine had committed genocide in the Donbas region while Russia had spent “eight long years” trying to resolve the conflict peacefully (Putin, Reference Putin2022). The widely shared meme features an animated ape passionately discussing “eight years” in colloquial incorrect spelling, so much so that it has now become part of meme-arsenal.com, a Russian meme-generating site. The irreverent comparison of the President to an ape highlights the argument’s absurdity, effectively discrediting it (Figure 9.9).

Figure 9.9 Post on Pikabu.ru from user victor545.Footnote ⁸

As Putin’s leadership has come to symbolize authoritarianism, the strategy of democratic forces opposing his rule has been to constantly mock the Russian president, aiming to undermine his authority. Even minor slipups provide ample material for satirists. For example, when Putin commented at the All-Russian Youth Environmental Forum “Ecosystem. Protected Land” that Russia was the true land of the rising sun, it triggered a wave of sarcastic tweets where Russia was humorously referred to as “the land of the rising sun and setting hopes” (Figure 9.10).

Figure 9.10 Post on Twitter from user Bezdrotova kolonka/Besprovodnaia kolonka [@b_currant_girl] (September 5, 2022).Footnote ⁹

Some playfully accused Japan of stealing the title from Russia, along with the notion of an eternal emperor. As the text on Figure 9.11 says in response to Putin’s comment, “Japan stole from Russia both the rising sun and the idea of the eternal emperor.”

Figure 9.11 Post on the Telegram channel “Pezduzalive” (September 5, 2022).Footnote ¹⁰

While personal attacks may provide entertainment and provoke strong social media reactions, opponents of Putin’s autocratic regime recognize the need to target the key pillars of his power that stifle democratic processes. These include institutions, propaganda and disinformation, and constraints on freedom of speech. These subjects regularly appear in reports on the popular opposition YouTube channel “Superpower News.” The channel’s founder, Maxim Maltsev, is known for his unique news reporting style, characterized by irreverent gallows humor and deadpan delivery. For example, in his video posted on November 2, 2023, and titled “Thank you to those who die for Putin – Simonyan mocks Russians” (Figure 9.12), Maltsev employs gallows humor to critique the position of Russian authorities and propaganda purveyors, such as Margarita Simonyan, the editor-in-chief of the state-controlled Russian broadcaster RT, often referred to as a “Kremlin mouthpiece” (e.g., see U.S. Department of State, 2022).

Figure 9.12 YouTube video “Thank you to those who die for Putin – Simonyan mocks Russians” on the channel Superpower News.Footnote ¹¹

Simonyan justifies the war in Ukraine, claiming that everything is going according to plan and expresses gratitude to Russian citizens, including those who have given their lives for the war effort. Maltsev ironically questions the nature of the plan that requires the sacrifice of numerous Russian and Ukrainian lives. The video’s title provocatively reads, “Thank you for dying. The fallen, stay healthy.”

In another video (Maltsev, Reference Maltsev2023), Maxim criticizes new Russian high school history textbooks, which he argues follow the principles of propaganda and will turn a new generation of Russians into zombies ready to serve as cannon fodder in the Kremlin’s protracted war. He wryly remarks that parents must now worry about their children getting “A” grades in history classes; poor grades, according to Maxim, are no less troublesome, because students failing history courses may find themselves promptly dispatched to the front lines.

The theme of widespread deception is a recurring one, with blame extending beyond just the Russian president, propagandists, and elites. Those who don’t oppose the regime are also viewed as complicit in perpetuating lies. In April 2022, a widely popular meme was shared on the Telegram channel “Most na Zhepi,” targeting those who refuse to acknowledge the truth. The image features a cat that obviously has eaten a good chunk from a tray of cold cuts and yet the captions read “Not everything is so clear” and “We don’t know the whole truth,” referring to very common retorts against the statements that Russia invaded Ukraine and waged a brutal unfair war (Figure 9.13).

Figure 9.13 Post on Telegram from user Ivan B. (April 2, 2022).Footnote ¹²

Since its posting, this image has been widely shared and adapted across various social media platforms. In one follow-up, a post mockingly deployed propaganda tropes, claiming that if we get to the bottom of it, there are at least five plausible explanations: (1) the ham took a bite of itself; (2) the cat defended the ham from the owner by eating it; (3) picture is a fake and represents an information war between the cat and the ham; (4) we are not experts in ham and therefore it is difficult to say what the picture shows; and (5) they said on TV that it was not the cat (Figure 9.14).

Figure 9.14 Post on Twitter from user Helgi Oiisac [@HelgiOiisac] (April 5, 2022).Footnote ¹³

As the war continues, there is an increasing trend of humorous posts targeting ordinary Russian citizens (Arkhipova, Reference Arkhipova2023). This upsurge in self-deprecating humor represents a strategic shift in the efforts of prodemocratic forces. They aim to dissuade people from complying with the Kremlin’s orders by publicly shaming them for their complicity. An example of this self-deprecating humor is a joke about Russian soldiers supposedly fighting alongside the Nazis, subverting the commonly held patriotic trope of victory over fascism. This joke irreverently challenges Putin’s narrative of de-Nazification in Ukraine while simultaneously accusing ordinary Russians of supporting an unlawful war:

• • Good afternoon! You are summoned to the military recruiting office.

• • And with whom will we fight?

• • With the Nazis, of course!

• • And against whom?

Stalin-era self-deprecating jokes that emphasized the powerlessness of the common person have been recycled to reflect the new Russian realities. To cope with the fear of being rounded up, labeled “foreign agents,” or thrown in jail, people invoke the jokes from World War II:

• • Tell me, what concentration camp are we being taken to?

• • I don’t know, I’m not interested in politics.

The joke mocks the neutrality of those citizens who claim that they are not interested in politics to avoid discussions about collective responsibility and civic duties. The person who is not interested in politics ignores what is going on around them and eventually ends up in a concentration camp, one of the most horrendous places where humans are tortured and killed in large numbers. Lack of interest in politics can eventually lead to one’s own demise.

This self-deprecating humor serves multiple social functions, primarily offering humorists and those who share their content a feeling of cognitive independence in a political environment where such independence is unattainable (cf., Wisse, Reference Wisse2013). Although this diverse online community may not directly confront the regime, it unmistakably and audibly rejects the regime’s values and ideology, and it also mobilizes new followers.

The ongoing struggle for democratic change in Russia, involving both pro- and anti-war forces, is incomplete without considering the Russian émigré community, which has grown significantly as many Russians leave the country (van Brugen, Reference van Brugen2022). Unburdened by the fear of persecution for criticizing the regime, this expanding Russian diaspora openly mocks Russian authorities, including President Putin, underscoring the groundlessness of the official Russian narrative.

An example of this irreverent humor is the Propaganda Review series hosted on the YouTube Navalny Live channel. In this series, presenter Anton Pikuli (Ustimov) gives sarcastic reviews of Russian news, mocking the absurdity of Putin’s regime. In a video posted on March 26, 2022 (Figure 9.15), Anton Pikuli reports on the official rally “For a World Without Nazism” that took place in Moscow three weeks after the invasion to commemorate the eighth anniversary of the annexation of Crimea. More than 200,000 people attended the event, as Putin delivered a speech praising Russian troops fighting in Ukraine. Pikuli ridicules the event, commenting that “tens of thousands of civil servants” were forcibly rounded up by the authorities “to create the illusion of support for Putin.” These people “were under the gunpoint of snipers, who apparently protected Putin from excessive support from the Russians.” In his series, Pikuli creates an advantageous subjective position for his viewers, who, at least for a moment, are freed from their fear and frustration and can laugh at authority. The episode was viewed by 1.4 million people, which is the average for this series. The blogger has been declared a “foreign agent” by the Russian Federation Ministry of Justice.

Figure 9.15 Anton Pikuli (Ustimov) hosts the YouTube series Propaganda Review on the Navalny Live channel.Footnote ¹⁴

The irreverent irony culminates in the widely popular animated online series Masyanya, in which the female protagonist comes to Putin, showers elaborate profanity on the president for attacking Ukraine, and leaves him a Japanese sword so he can kill himself (Figure 9.16). The audience experiences cathartic relief when Masyanya returns safely to her apartment, where her boyfriend shares with her the happy news that the war is over. Over 6 million people watched the episode within a few weeks of its release, marveling at the possibility of Russia freeing itself from Putin’s tyranny and ending the war. The Russian media regulator Roskomnadzor banned the series, claiming that it “contains false information” and “discredits the Russian armed forces” (Current Time, 2022).

Figure 9.16 Masyanya, Episode 160 on YouTube. “Masyanya is trying to solve the war situation.”Footnote ¹⁵

When viewed through the prism of democratic processes, cyber humor serves multiple functions, ranging from attempts at eroding autocratic structures to facilitating the broader dissemination of information and fostering a digital community of individuals who might otherwise have experienced a sense of fragmentation and isolation – precisely the conditions totalitarian regimes seek to impose on their citizens (Desmet, Reference Desmet2022).

Network Interference

The Central Asian republics control, monitor, and manipulate online information around elections and other politically charged events. As early as February 2005, the Citizen Lab (Deibert, Reference Deibert2005) reported that Kyrgyz websites belonging to political parties and independent media were subject to hacking during the parliamentary election. The pattern of recorded failures pointed to deliberate interference with access to online sources (OpenNet Initiative, 2005). Influenced by the Russian and Chinese models of information control (Weber, Reference Weber2019), governments in the region employ a plethora of restrictive measures to silence political dissent or discontent and censor the media and civil society voices. Several connected tactics are used to restrict access to online information, including blocking content and throttling or shutting down networks (Muhamedov & Buralkiyeva, Reference Muhamedov and Buralkiyeva2023).

Internet shutdowns are an extreme form of digital censorship. Authorities in Turkmenistan have been particularly prone to imposing large-scale blackouts. The country is a repeated offender using censorship when the electorate votes and keeping tight control over the online information space as a preventive measure. Recent incidents were reported by Access Now (2023b) around protests in December 2021 and during the March 2022 presidential elections when the citizens were plunged into digital darkness. Kazakhstan has also repeatedly switched off the internet amid elections and protests. The most severe internet shutdowns to this date were imposed as a reaction to the massive protests in January 2022 when Kazakhstani authorities initiated a country-wide blackout to curb the unrest. The government also disrupted internet access around extraordinary presidential elections in November 2022, accompanied by targeted blocking of social media and communications platforms (Access Now, 2023a). From a legal perspective, governments justify internet shutdowns with provisions on anti-terrorism and public security under their domestic law. On the technical level, close to complete shutdowns are enabled by centralized state control and influence over large segments of telecommunication infrastructure providing internet services (Pavlova, Reference Pavlova2022).

Selectively blocking access to online content is a widespread practice across Central Asia. According to Freedom House (2023a), Turkmenistan exerts the tightest control over the online information space, where the state-run internet service provider permanently blocks websites that carry independent news coverage or critical content. A key election in Kazakhstan in June 2019, when the country voted for a successor to then-president Nursultan Nazarbayev, was also accompanied by excessive network disruption on election day and restrictions on streaming services and several social media platforms (NetBlocks, 2019). The authorities justified the network interference with concerns over the spread of false information (Freedom House, 2020). During the January 2021 parliamentary election, media freedoms were curtailed with social media restrictions and distributed denial of service (DDoS) attacks designed to disrupt or block websites. According to the country’s officials, the targeted censorship intended to prevent the spread of false information and maintain public order (Freedom House, 2022). Kazakhstan repeated similar tactics in the extraordinary presidential elections in November 2022 (Access Now, 2023a; RSF, 2022) and again in the parliamentary election in March 2023 (RFE/RL, 2023). The region’s practice of suppressing free speech extends into censorship in online spaces. For illustration, Uzbekistan amended its criminal code to make insults against the president illegal and added penalties for online offences. These provisions, infringing on freedom of expression, entered into force ahead of the presidential elections in October 2021 (Freedom House, 2021).

DDoS attacks disrupt the traffic of a server, service, or network by overwhelming the target or its surrounding infrastructure. These disruptive attacks are simple to deploy and difficult to prevent, especially for small and under-resourced entities, which makes them a popular tool to censor media outlets and websites of civil society organizations and political candidates (Korosteleva, Reference Korosteleva2022). For example, Kazakhstani news site Vlast reported suffering a persistent targeted DDoS attack in January 2021 (Freedom House, 2022). DDoS attacks were also targeted against several news sites, including KazTAG and Orda.kz prior to the presidential elections in November 2022 (Justice for Journalists, 2024). Disruptive cyber operations have been playing an increasingly political role. In September 2022, Kazakhstan experienced a series of primarily DDoS attacks that interfered with internet connectivity across the country, allegedly linked to the upcoming presidential elections scheduled for November 2022. The intent behind these incidents was unknown, but President Kassym-Jomart Tokayev blamed foreign actors seeking to destabilize the country during a sensitive political period (Eurasianet, 2022; Khassenkhanova, Reference Khassenkhanova2022). Considering the regional context, the cyberattacks might have been connected to the war in Ukraine. According to the CyberPeace Institute’s database “Cyber Attacks in Times of Conflict Platform #Ukraine,” government websites in Kazakhstan were targeted by Russia-affiliated groups deploying DDoS attacks on three different occasions in October 2022.

It is noteworthy that Russia employed DDoS attacks as a coercive measure around politically charged events in the past, including state-orchestrated DDoS attacks on Estonia during the bilateral conflict throughout April and May 2007 and in the Russo-Georgian War in August 2008 (Kozłowski, Reference Kozłowski2020). Another early example was the use of DDoS attacks as part of Russian mounting pressure to persuade the Kyrgyz president to close the US base in Manas (Bradbury, Reference Bradbury2009). According to the Electoral Knowledge Project, in January 2009, DDoS attacks targeted the country’s internet infrastructure, lasting for approximately ten days and eliminating 80 percent of the country’s limited online capacity.

Cyberattacks Targeting Electoral Infrastructure

Malicious cyber activities against electoral infrastructure, including electronic voting systems and voter registration databases, with the intent to obstruct voting or erode trust in election results have been observed worldwide (ASPI, 2019). Central Asian countries have experimented with e-voting systems. Kazakhstan actively used e-voting technology between 2004 and 2011 but discontinued this practice and returned to paper ballots due to concerns over the integrity of e-voting procedures (Kassen, Reference Kassen2020). Uzbekistan piloted biometric identification during the referendum on constitutional amendments in April 2023 (Gazeta.uz, 2023). The Kyrgyz authorities view the digitalization of electoral infrastructure as a step toward enhancing transparency and increasing electoral participation through biometrics registration, biometric identification of voters, and ballot scanning and reporting technology. The e-system prevents common election fraud in the form of vote buying, carousel voting, and group or family voting (Sheranova, Reference Sheranova2020). This technology was piloted in the 2015 parliamentary election to increase the integrity of voting stations (Goyal, Reference Goyal2017; Putz, Reference Putz2015). In 2016, the Osh City Council introduced e-voting after repeated violent political uprisings in the region. Kyrgyzstan has conducted e-counts since 2017, where optical scanners are used to verify counts (International IDEA, 2023). The United Nations Development Programme (UNDP) (2021) reported a large-scale voters’ biometric data collection campaign prior to local council elections in March 2021 to increase the reliability of the vote count during elections and referendums. In April 2023, the Central Election Commission of Kyrgyzstan presented a pilot electronic voting project and an upgraded voter identification device for local elections (Kharizov, Reference Kharizov2023).

Public concerns about the integrity and reliability of electoral infrastructure, whether based on suspected external interference or internal manipulation, can have serious repercussions. Such disruption erodes public trust, impacts voter turnout, and challenges the legitimacy of election outcomes. The Kyrgyz parliamentary elections in November 2021 were accompanied by allegations of interference, and opposition leaders called for the results to be annulled after technical difficulties appeared to have affected the vote count (OSCE & ODIHR, 2022a; RFE/RL, 2021). The Central Election Commission’s tabulation monitor experienced a blackout, and when the system restarted, different results appeared on the monitor. The discrepancy resulted in several opposition parties falling below the 5 percent threshold required for entering the Parliament (Pannier, Reference Pannier2021). Technical failures can be destabilizing especially in countries with contested election outcomes. The 2021 Kyrgyz elections in question followed a failed parliamentary vote in October 2020. In that case, the Central Election Commission declared the results of voting in all polling stations invalid amid protests over alleged campaign violations and unfair voting practices. Concerning potential foreign interference in the 2021 repeated elections, the Kyrgyz Security Council registered cyber incidents targeting the Central Election Commission’s servers from twenty countries without affecting the elections (Kabar, 2021b; Orlova, Reference Orlova2021). The Commission reported on the attempted cyberattacks against national servers while stating that the current level of protection sufficiently defends the country’s electoral infrastructure (Kabar, 2021a).

Data Leaks and Cyber Espionage

Central Asia has witnessed a shift toward digitalizing government services driven by digital economy initiatives and international support. However, as pointed out in the Electoral Knowledge Project (n.d.), rapid digitalization can increase the attack surface for malicious activities if coupled with massive data collection and insufficient safeguards that would ensure privacy, transparency, and effective oversight to handle citizens’ personal information securely. Sensitive data can be hacked, leaked, or otherwise exploited for the purpose of fraud, jeopardizing people’s security, or undermining trust in democratic processes and institutions. For illustration, the Kazakhstani Central Election Commission experienced an extensive data breach in July 2019. Data from the election database, comprising information on 11 million Kazakhstanis, which constitutes approximately 60 percent of the total population, was published online, exposing names, identification numbers, passport numbers, and residence addresses (Vlast, 2019). The Ministry of Internal Affairs launched an investigation into the unlawful dissemination of confidential data in the same month. However, the investigation did not find anyone accountable for the incident. The official report cited insufficient evidence of a crime as the leaked personal data was neither further used nor caused harm. Still, the mere publication of personal data suggests malicious intent and poses risks to citizens, including the potential for identity theft, targeted scams, and social engineering to exploit the targets. The decision taken by the Kazakhstani Ministry of Internal Affairs to close the investigation highlights the lack of accountability for data breaches – even when national security and the democratic process are at stake (U.S. Bureau of Democracy, Human Rights, and Labour, 2020).

Data exfiltration and cyber espionage can also constitute election interference. Primary targets of such operations are government agencies, officials, and political candidates, but hacking extends to research and civil society organizations, journalists, and private companies (O’Connor et al., Reference O’Connor, Hanson, Currey and Beattie2020). Although the known cases of targeted hacking do not conclusively prove an objective to interfere in democratic processes, threat intelligence reports increasingly point to political motivation of state-affiliated groups operating in Central Asia. Microsoft’s reporting (2022) suggests that China utilizes cyber espionage as a tool for advancing the country’s political, economic and military influence, including in Kazakhstan. A Chinese cyber-security vendor further reported on Russian-speaking actors deploying malware to surveil a wide range of individuals and organizations in Kazakhstan, extending to government agencies, military personnel, researchers, journalists, private companies, educational organizations, and dissidents (Cimpanu, Reference Cimpanu2019). Securelist by Kaspersky (2018c) reported on a Chinese threat actor detected behind a targeted campaign linked to a high-level meeting in Central Asia pursuing a regional political agenda and another campaign targeting a national data center in the region that allowed access to a wide range of government sources (Securelist, 2018a). Another report by Securelist (2019) detailed Zebrocy malware, primarily associated with Russian state-sponsored hacking groups, spearphishing Central Asian government-related targets, both in-country and in remote locations. A Russia-affiliated group was also reported to use the potential Telegram ban in Kazakhstan to distribute malware in an alternative communication software for the political opposition (Securelist, 2018b). In yet another case, a hacking group deployed a novel backdoor against international governmental targets located in Kazakhstan, with low confidence indicators pointing to Moscow (Chakravarti, Reference Chakravarti2023). While not directly interfering with the elections, these incidents point to an active engagement of Russia- and China-affiliated actors in politically motivated hacking in the region, targeting critical components of democratic processes.

Disinformation Campaigns, Inauthentic Accounts, and Synthetic Content

Disinformation deployed to deliberately share false narratives and information with the aim of manipulating opinion and discrediting the opposition intensifies around elections. Online disinformation campaigns target a wide array of political candidates, media organizations, individual journalists, and civil society representatives. Malicious actors leverage social media and messaging platforms to sway voters, amplify the content via inauthentic accounts, and deploy trolls to harass individuals and distort online discourse (Lee Myers, Reference Lee Myers2022). In Central Asia, the coordinated online attacks provide the basis for a high incidence of online and offline abuse aimed at deterring candidates and independent reporting (Pavlova, Reference Pavlova2023). Networks of fake accounts promoting pro-government narratives have been observed in Kazakhstan around elections, including in the presidential election campaign in November 2022 (Du Boulay, Reference Du Boulay2023). These accounts are commonly referred to as “nurbots,” after the ruling Nur Otan Party (Kozhanova, Reference Kozhanova2019). Kyrgyz activists reported on fake accounts spreading disinformation, allegedly coordinated by national ministries and operated by a combination of government agencies and individuals (Bradshaw, Bailey, & Howard, Reference Bradshaw, Bailey and Howard2021). The Committee to Protect Journalists (2020) and Reporters Without Borders (2020) observed that law enforcement agencies in Kyrgyzstan instructed a troll farm to discredit critics. The practice of using fake accounts has also been observed in Uzbekistan, where online trolls derail discussions and undermine the reputation of journalists and news organizations (Bradshaw, Bailey, & Howard, Reference Bradshaw, Bailey and Howard2021).

As documented by the Australian Strategic Policy Institute (ASPI) (2019), Russia frequently deploys coordinated information operations abroad. The government and state-affiliated groups exploit the online information space to sway public narratives. These efforts persist beyond elections, forming part of a broader, long-term strategy to manipulate public opinion and erode trust in democratic institutions. Networks of accounts originating in Russia and targeting Central Asian states are regularly detected on popular social media platforms (Bradshaw, Bailey, & Howard, Reference Bradshaw, Bailey and Howard2021). Online disinformation campaigns have intensified in the aftermath of the international armed conflict in Ukraine (Cabar, 2023). Disinformation finds a fertile ground amid the expanding social media landscape and low trust in traditional media. The commercialization of advanced artificial intelligence tools is set to facilitate further abuse and empower malicious actors to spread fake and harmful content (Khashimov, Reference Khashimov2021; Neudert, Reference Neudert2018; Stanley-Becker & Nix, Reference Stanley-Becker and Nix2023; Tiku, Reference Tiku2022).

Online Surveillance and Intimidation

Politically motivated surveillance is pervasive throughout Central Asia, with governments employing sophisticated technologies to monitor citizens’ communications and online activities. Invasive data collection practices are facilitated by the adoption of Russian-style legislation and tools, increasing use of Chinese surveillance and censorship technologies, and adaptation of domestic legal frameworks to authorize state overreach (Weber, Reference Weber2019). The Kazakhstani authorities intercept internet traffic and internet users are required to install digital security certificates designed to generate detailed logs of their online activity (Kumenov, Reference Kumenov2020; Raman, Reference Raman, Evdokimov, Wurstrow, Halderman and Ensafi2019). Human Rights Watch (2021) reported that the “false information” bill in Kyrgyzstan, which came into power in August 2021, compels internet service providers to register their clients in a unified identification system and provides authorities with complete information related to users if a court or a state agency requests such data. Without adequate transparency and independent oversight, these intrusive practices are weaponized against the opposition, the media, and civil society, violating individuals’ rights to privacy and participation in civil society as well as freedom of expression, assembly, and association.

Both Kazakhstan and Uzbekistan have repeatedly engaged in the targeted surveillance of media, dissidents and activists (Kumenov, Reference Kumenov2018; Marczak et al., Reference Marczak, Scott-Railton, Perry, Al-Kizawi, Anstis and Panday2023; RFE/RL, 2016; Securelist, 2023). Already in 2015, WikiLeaks published an exchange of documents linking state agencies and a surveillance software company indicating that the government might have obtained software to monitor and interfere with online traffic, including encrypted communications, as well as to perform targeted attacks against certain users and devices (Freedom House, 2020, 2023b). In 2021, Amnesty International’s Security Lab conducted forensic analysis on the phones of Kazakhstani human rights activists – confirming four individuals had their devices infected with the Pegasus spyware (Amnesty International, 2021). A Justice for Journalists (2020) report highlights how online surveillance goes hand in hand with arbitrary arrests of opposition figures and journalists, creating a climate of self-censorship and preventing genuine political participation.

Reduce the Risk of Information Compromise

• • Central Asian governments must curb the mass collection of personal data to what can reasonably be justified, following the principles of legality, necessity, and proportionality, while increasing the cybersecurity, transparency, and oversight measures for how data is processed, transmitted, and stored to secure the systems that are custodians of sensitive and personal data. Excessive data collection creates weaknesses in the digital ecosystem that can be exploited for malicious purposes, such as unauthorized access to personal data, resulting in severe privacy violations with little accountability.

• • Broad surveillance powers violate international human rights standards, undermine data security, and induce self-censorship. States must refrain from intrusive practices such as mass surveillance, real-time collection of traffic data, and targeted interception of online communications without legal authorization and a legitimate purpose, adhering to the principles of necessity and proportionality in line with international human rights standards.

• • Internet service providers and online platforms must help secure digital ecosystems, especially in regard to transparency about their operations as well as trust and safety practices and potential threats to users’ privacy. Digital service providers must ensure privacy by design, including end-to-end encryption, data protection safeguards, and fact-checking mechanisms that include trusted and verified partners in the loop of accuracy verification and limit the virality of disinformation and other harmful content. Priority should be given to improving verification techniques to combat manipulated content and inauthentic coordinated behavior online, especially amid the commercialization and rapid proliferation of AI tools for language generation, image creation, and content amplification.

• • Procurement and deployment of dual-use technologies such as commercial cyber intrusion capabilities by states should be conditional and subject to a human rights and impact assessment that informs and guides such activities and their scope, aligns them with the international human rights law, and subjects them to independent and transparent oversight. Governments should commit to imposing international controls to prevent commercial cyber intrusion tools from being exported to countries with poor human rights records and prevent vendors from bypassing regulations.

Improve the Understanding of the Cyber Threat Landscape

• • Countering foreign cyber-enabled election interference requires effective technical and legal attribution to identify threat actors and address malicious behavior. States should invest in building their national capacities and extend international and bilateral cooperation aimed at information exchange and forensic and legal capacity building. Proactive measures such as conducting regular cybersecurity assessments and simulations can help identify vulnerabilities within electoral systems.

• • Central Asian governments should advance the implementation of confidence-building measures on structured and transparent exchange of information between states and private companies. International partnerships, such as the International Counter Ransomware Initiative, and operational collaboration between the public and private sectors facilitate gathering timely, comprehensive, and actional intelligence and allow states and affected entities to protect themselves against attacks. For example, the OSCE confidence-building measures include threat information sharing among participating states, public–private partnerships, critical infrastructure protection, and vulnerability disclosure (OSCE, 2016). Common baselines for sharing intelligence and recognizing the impacts of cyber incidents are key for effective mitigation and response, and OSCE delivers programs in Central Asia that support the development and implementation of the classification of cyber incidents in terms of scale and seriousness, emphasizing critical infrastructure protection (Cybil Portal, n.d. ).

• • Donor countries and organizations should prioritize funding for civil society initiatives, research and investigative organizations, and independent media providing transparent data collection, investigation, and analysis. Such efforts help build data-driven understandings of the threat landscape, including the knowledge of cyber threats affecting elections and democratic processes. Information about cyber-enabled election interference is currently reliant on the fragmented work of organizations operating with limited resources. To evidence cyber threats and their impacts on infrastructure, services, and populations, authorities and research organizations should conduct rigorous data collection and pilot data-driven methodologies to enhance cyber preparedness, improve accountability, and inform effective victim redress.

Strengthen Accountability and Legal Frameworks

• • Central Asian governments must increase transparency around elections by allowing independent election observation and reporting. Electoral observation missions should advance their reporting on cyber incidents, information campaigns, online intimidation, and other cyber-enabled tactics threatening free and fair elections. By incorporating detailed assessments of cyber threats into their reports, electoral observation missions can provide critical insights into how cyber-enabled tactics undermine electoral integrity.

• • States should advance normative and legal frameworks to strengthen international provisions safeguarding electoral infrastructure, namely under the United Nations framework of responsible state behavior in cyberspace. In the consensus report of the United Nations Open-Ended Working Group on information and communications technologies (ICTs) (United Nations General Assembly, 2021), states acknowledged that malicious cyber activities against critical infrastructure and critical information infrastructure that undermine trust and confidence in political and electoral processes, public institutions, or that impact the general availability or integrity of the internet, are a real and growing concern, and that public–private cooperation may be necessary to protect its integrity, functioning, and availability. However, progress on these commitments remains uneven and stakeholder engagement inadequate. States should advance cyber norm implementation and clarify the application of international law, including international human rights law, in cyberspace through targeted capacity building to strengthen accountability measures for state-sponsored interference in elections and democratic processes.

• • Governments should develop policy and legal frameworks through inclusive consultative processes. Multistakeholder platforms such as the Oxford Process on International Law in Cyberspace provide expert guidance and support for states. “The Oxford Statement on International Law Protections against Foreign Electoral Interference through Digital Means” (The Oxford Process, 2020) reaffirms that the body of existing international law applies to cyber operations by states, including those that have adverse consequences for the electoral processes of other states. Other multistakeholder initiatives, such as the Paris Call for Trust and Security in Cyberspace (2018), have called on stakeholders to strengthen their capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through the malicious use of cyber capabilities.

• • State response to cyberattacks must be timely and transparent, extending to informing citizens, reporting on detected cyber threats, and following up with accountability measures to deter malicious behavior. Detailing which norms or laws have been violated by a cyber incident can enhance the transparency of attributions and build state capacity to recognize and penalize malicious behavior. For instance, the EU Cyber Diplomacy Toolbox includes a cyber sanctions regime that addresses persons and entities involved in cyberattacks or attempted cyberattacks with a significant effect (EEAS) (Cyber Diplomacy Toolbox, n.d.).

Increase Cyber Resilience of Electoral Infrastructure and Processes

• • Cybersecurity measures must be prioritized already at the inception phase of building or upgrading electronic election systems and digitizing election administration. State agencies relevant to election processes must act transparently and ensure election results are verifiable to be accepted by the electorate. Such measures hold particular significance for the Central Asian region, where several countries have experimented with e-voting systems. For instance, Kazakhstan initially embraced e-voting technology but later abandoned the system due to concerns about the reliability of e-voting procedures, or Kyrgyzstan, where technical difficulties appeared to have affected the vote count.

• • Central Asian authorities should increase and incentivize cyber capacity building, including sharing best practices and promoting dialogue with stakeholders. Many existing initiatives facilitated by states or intergovernmental organizations are open only to government representatives. Capacity building needs to be more inclusive to build trust and leverage the strengths of diverse groups of stakeholders. Similarly, international and regional platforms dealing with cybersecurity and cybercrime must enable and support multistakeholder cooperation.

• • Civil society is critical in fostering transparency and accountability during the election process. To support these efforts, funding from international organizations, donor countries, and private companies should be directed toward organizations with a track record of capacity-building initiatives that can raise cybersecurity awareness, provide training programs, and help combat disinformation, such as those promoting independent fact-checking or supporting investigative journalistic initiatives.

• • Securing free and fair elections, including by refraining from network interference and information campaigns that influence election results, must be an integral part of multilateral and bilateral agendas that democratic countries pursue in their engagement with Central Asian governments. Cybersecurity cooperation and capacity building presents a viable platform to enhance the region’s overall resilience against internal and foreign cyber threats to elections (European Commission, 2023).

Semantic Network Analysis

This study employed computer-assisted semantic network analysis to explore media narratives and frames of cybersecurity in news coverage in the Chinese mainland. With its origin in cognitive science, semantic network analysis argues that human memory contains a structural meaning system (Collins & Quillian, Reference Collins, Quillian, Tulving and Donaldson1972). Semantic network studies have thus suggested that the frequency, co-occurrence, and distances among words and concepts allow researchers to explore a text’s embedded meaning (Danowski, Reference Danowski1993; Doerfel, Reference Doerfel1998). This study adopted the word association (concept co-occurrence) method, which maps the relationships among words by indexing pairs of concepts. Extending beyond the standard content analysis of texts and frequencies of concepts, semantic network analysis reveals the manifest meaning structure of the text and thus indirectly represents the discursive appropriation among the text’s creators (Danowski, Reference Danowski1993). The analysis, with second-hand data from news sources, followed the research question proposed earlier.

Data Collection

To identify and collect data, we first performed an extensive search of news coverage in the Chinese mainland. Before 2017, China enacted several laws and regulations in response to cybersecurity problems (Miao, Jiang, & Pang, Reference Miao, Jiang and Pang2021, p. 2004). These laws and regulations were nevertheless insufficient in dealing with the increasing challenges facing cyberspace. Against this backdrop, China formally introduced the Cybersecurity Law of the People’s Republic of China (“the Cybersecurity Law” in short), which came into effect on June 1, 2017. Accordingly, the time span for the data search and collection was set after June 1, 2017, the date of the enactment of the Cybersecurity Law, until May 1, 2023. We used the keyword-screening method in the Huike News Database (WiseNews, http://wisesearch.wisers.net.cn/), the most professional Chinese media content database. The keywords “网络安全 (cybersecurity)” and “互联网安全 (internet security)” were used in all fields to locate news articles covering issues related to cybersecurity, which yielded a total of 6,362 news articles and commentaries (1,268 pieces in 2017; 1,196 in 2018; 1,056 in 2019; 814 in 2020; 962 in 2021; 748 in 2022; and 318 in 2023 through the end of April).

Domesticating Cybersecurity

Although extant scholarship has presented an overall picture of internet governance and policies in China (e.g., Miao, Jiang, & Pang, Reference Miao, Jiang and Pang2021; F. Yang & Mueller, Reference Yang and Mueller2014), few studies have yet analyzed how those policies and regulations that cater to specific subject matter have been constructed and appropriated for the national context of the audience – that is, the domestication that this study examines. In particular, our research reveals that the domestication of cybersecurity in mainland China highlights the CPC’s pivotal role in controlling, safeguarding, and advancing cybersecurity measures against the supposedly malicious cyber activities of the democracies. Such domestication not only reinforces the CPC’s comprehensive control over cybersecurity but also frames democracies as the source of unfounded cyber threats to China’s national and societal well-being. By doing so, we recognize the cultural construction of cybersecurity “through which common sense understandings are constructed and the foundations are laid” (Bernal, Reference Bernal2021, p. 612) for national consciousness of cybersecurity. This study, for the first time, fills the gap by tracking the narrative and discourse on “cybersecurity” in news coverage in the Chinese mainland since the enactment of the Cybersecurity Law in 2017.

Similar to the contested discourse on cybersecurity elsewhere – for instance, the discourse in the United States uses metaphors of cybersecurity as a war and makes analogies to the Cold War between the United States and China (e.g., Bernal, Reference Bernal2021; Lawson, Reference Lawson2012; also see the Swedish case in Boholm, Reference Boholm2021) – the media narrative and frame in the Chinese mainland underlines contestations between China and the democracies – that is, the United States and beyond – as a key part of domestication. The most striking feature is that the domestication of cybersecurity in the Chinese context reiterates the CPC’s domination at the heart of the management, operationalization, and development of cybersecurity and, further, national security. By domesticating cybersecurity to the leadership of the CPC and ascribing cyber threats involving cyberattack and cyberterrorism to democracies, the Chinese regime not only legitimizes and consolidates its control over cyberspace but also utilizes cybersecurity to place blame on the democracies.

Our question asks how news coverage domesticates “cybersecurity” in the Chinese mainland. The findings revealed four features. The first, and most prominent one, is the political imperative of highlighting, ensuring, and protecting the dominant role of the CPC in decision-making, developing, maintaining, and executing cybersecurity issues. As illustrated in the analysis, two of the six clusters, or themes – the control and contestation and the governing actors’ clusters – highlighted the hegemonic role of the CPC in cybersecurity. More specifically, in the control and contestation cluster, the CPC, together with the names of the leadership like President Xi Jinping, are articulated as the pivotal actor(s) in safeguarding national sovereignty, societal security, and rule of law and in countering cyber threats from the West. Terms such as “保障 (safeguard),” “强化 (reinforce),” “维护 (maintain),” and “统一 (unit)” further legitimize the hegemonic role of the CPC in cybersecurity through the evaluation of government policies dealing with cyber threats and challenges.

While the CPC’s domination stays as the foundation of cybersecurity in China (as articulated in the control and contestation theme), the governing actors theme adds nuance to the multiplicity of agencies involved in the operationalization of cybersecurity issues. Here, the complexity has a two-fold meaning. For one thing, it refers to the engagement of multisectoral, or what Liang and Lu (Reference Liang and Lu2010) describe as the “multidimensional regulatory system” – that is, multiple government departments and agencies, such as public security, public health, Cyberspace Affairs Commission, but also the businesses (as illustrated in “有限公司 [Company Limited]”) that establish comprehensive control over the commercial, public interest, and social dimensions of cybersecurity in China. For another thing, and more importantly, multiplicity indicates the essential involvement of the CPC organizations at all levels – from central to municipality and provincial and from the CPC committee to its propaganda department – in the management of cybersecurity.

Second, as signified in the control and contestation theme, the domestication of cybersecurity capitalizes on blaming cyber challenges and threats on democracies, including the United States, the European Union, and Japan, among others, to promote antagonism toward these countries. As shown in the control and contestation theme, the use of terms such as “terrorism,” “counterterrorism,” and “counterintelligence” is quite common in the narrative of cybersecurity. Moreover, the term “force (势力)” – quite often being adopted together with “foreign (境外)” and “hostile (敌对)” to launch allegations of foreign interference – has frequently been used by domestic media as flag-waving, despite the lack of real instances of external meddling. In other words, the use of cyber threat-related terms, alongside vague references to democratic countries such as the United States and Japan, indicates that a narrative of foreign interference has become a regular feature of cybersecurity in the media discourse, with a wide range of (unspecified) individuals, groups, and countries denounced as counterparts to underscore the tensions between China and the democracies and to facilitate antidemocracy sentiment and assertive nationalism, both online and offline (e.g., Lehman-Ludwig et al., Reference Lehman-Ludwig, Burke, Ambler and Schroeder2023).

The first two features encapsulate what scholars observe as the reemergence of ideology (which is also a keyword in the control and contestation theme) in China’s development and outreach, which has dramatically shaped its internet policy. Ideology is, as Pieke (Reference Pieke2012) points out, “an indispensable aspect in the creation of regime support, no longer intending to generate ‘belief’ in the party, but to cultivate responsible, trusting, and ‘high-quality’ citizens who inhabit an active, autonomous, and governable society” (p. 150). The ideological turn and its further “marriage” with digital technologies exemplify not only the effort expended “on channeling and containing Internet expression through ideological work and cultural governance more broadly” (G. Yang, Reference Yang and Mueller2014, p. 112), as we can observe in other initiatives, such as “Telling China’s Story” to shape global narratives (Huang & Wang, Reference Huang and Wang2019). It further involves “an increasingly visible ideological thread vying to give coherence to an expanding system of Internet control” (G. Yang, Reference Yang and Mueller2014, p. 109), which promotes domestic ideology on a global scale via the internet (Martin, Reference Martin2021) and drives nationalistic sentiments, including a “wolf-warrior diplomacy” that seeks to aggressively defend China’s national interests (Zhu, Reference Zhu2020) and a series of nationalistic portrayals in Chinese cinema to convey the ideologies of the Chinese government and epitomize the state’s changing foreign policies (X. Yang, Reference Yang2023). In the case of cybersecurity and politics, the reemergence of ideology, with the risk of overreaction and arbitrariness, serves as a strategy to defend the CPC’s hold on power and overarching rule, leading to a state of hypervigilance with wide-reaching effects on China’s domestic and, especially, international policies. Such a reemergence is further illustrated in, for instance, China being a major advocate for cyber sovereignty in recent years (e.g., Hong & Goodnight, Reference Hong and Goodnight2020; Zeng, Stevens, & Chen, Reference Zeng, Stevens and Chen2017).

Third, the domestication of cybersecurity also points to both the global development of and international collaboration on cybersecurity issues (the development and collaboration cluster) and personal data security, mostly in business but also beyond it (the personal information cluster) (see similar discussions in Kuner et al., Reference Kuner, Svantesson, Cate, Lynskey and Millard2017). Nevertheless, both narratives – through the keywords identified in the semantic network – remain general (but vague) and thereby have not made their way into the dominant discourse of the domestication of cybersecurity. For instance, despite the emphasis on strengthening international collaboration on cybersecurity, no specific country or international organization was named in the development and collaboration cluster, which implies that this initiative might be more of a political slogan than evidence-based policymaking.

Fourth, although the narrative of cybersecurity further includes topics such as technological and infrastructural applications (the infrastructure cluster) and media relationships, these topics that are crucial to cybersecurity elsewhere (e.g., Haber & Zarsky, Reference Haber and Zarsky2016) occupy rather marginal positions in the semantic network and thus in the domestication of cybersecurity in the Chinese mainland, as displayed in the number of words in the cybersecurity’s ego-network.

In summary, our analysis brings to the forefront the discursive strategies used in news coverage related to the domestication of cybersecurity in mainland China, which seek to validate and strengthen the CPC’s authority and control over cybersecurity. This narrative often portrays Western democracies as the culprits behind cyberattacks, posing a significant threat to China’s national and societal security. Consequently, our analysis underscores the importance of understanding the regime’s cyber policies, going beyond the call to dismantle the Great Firewall or circumvent censorship. It highlights the unique role of mass media in shaping the domestication of cyber policies within the broader context of national discourse and identity.

The Chinese Cyber Warfare

China’s cyber warfare against Taiwan is conducted in a systematic and methodical manner. Influenced by the Gulf War, the PRC began establishing digitized forces and researching novel aspects of cyber warfare (劉 & 張, Reference Jiawei and Jiayuan2021, p. 122). In November 1999, the concept of a “cyber army” (网军) was first mentioned in the Liberation Army Daily, becoming a new branch alongside the Army, Navy, Air Force, and Second Artillery Corps (劉 & 張, Reference Jiawei and Jiayuan2021). The People’s Liberation Army (PLA) began the task of establishing “information warriors”（信息战士）, with the goal of identifying talent within the information industry across various regions (林, Reference Yingyou2016, p. 59). In 2002, Major General Dai Qingmin, who served as the Director of the Fourth Department (Electronic Countermeasures and Radar) of the General Staff Department of the PLA, revealed in an internal report that the PLA had consolidated ten major patterns of “information warfare”（信息战), with a specific focus on “integrated network-electronic warfare”（网电一体战). This refers to the use of electronic warfare, computer network operations, dynamic targeting, and other methods to disrupt the enemy’s battlefield network information systems that support combat operations and force projection. The PLA believed that achieving electromagnetic superiority during the initial stages of a battle was paramount to ensuring victory on the battlefield (林, Reference Yingyou2016).

The overarching strategy employed by the Chinese cyber army involves the utilization of advanced persistent threats (APTs), which leverages the intricacies of human nature and employs sophisticated “social engineering” tactics (林, Reference Yingyou2013, pp. 102–103). These orchestrated and meticulously planned espionage activities distinguish themselves from conventional cybersecurity attacks. In pursuit of their objectives, attackers navigate through various stages of attack, employing diverse tactics to evade detection. These stages include the establishment of initial footholds, internal network scanning, and lateral movement between systems within the network, all aimed at reaching the ultimate target system. Upon carrying out their malicious activities on the target system, attackers reach a decision point. They may opt to remain within the network, continuing their harmful actions on other systems, or they may choose to exit the system after eliminating any traces, depending on the directives of their funding source. These multistage attacks typically initiate with the infiltration of one of the network’s systems. Subsequently, privilege escalation techniques are executed as needed to reach the ultimate target system, gain access to sensitive systems, and transmit status updates or information back to the attackers’ command and control center (Alshamrani et al., Reference Alshamrani, Myneni, Chowdhary and Huang2019, p. 2). APTs demonstrate the meticulous planning, organization, and coordination among cyber army units (曾, Reference Yuzhen2020, p. 22). They exhibit characteristics of organized crime, often with the backing of adversarial governments, and are particularly adept at concealing their tracks (曾, Reference Yuzhen2020).

Taiwan’s Regulatory Response and Its Limitations

Although Taiwan boasts one of the most liberated online environments in Asia, the proliferation of cyberattacks has prompted the nation to embrace a top-down approach to shaping its cybersecurity policy. The Cybersecurity Management Act （資通安全管理法） serves as the primary legislation for cybersecurity. This is part of the strategy of “cybersecurity-as-national-security strategy” (資安即國安) (國家資通安全辦公室, 2021). The law, passed in 2018, applies to government agencies and specific nongovernmental entities, including critical infrastructure providers, state-owned enterprises, and government-funded foundations (資通安全管理法,全國法規資料庫, 2022). The requirements for government agencies are modeled after the Federal Information Security Management Act of 2004 (FISMA). Moreover, specific nongovernmental entities must develop and implement cybersecurity maintenance plans in accordance with their respective cybersecurity responsibility levels and establish incident reporting and response mechanisms. These guidelines should include references to and recommendations for the relevant requirements under the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 international information security management standard. The broad application of this provision to nongovernmental entities has drawn criticism from scholars and certain members of Congress for its perceived lack of specificity (劉 & 徐, Reference Jingyi and Xu2018, pp. 122–125; “「資通安全管理法」何去何從?,” 2018, p. 158).

To counteract the APTs from China, significant legislative advancements have been made. First, the National Security Act (國家安全法) was updated to include “cyberspace” as the “fifth domain” of national security protection (國家安全法,全國法規資料庫, 2022; 國家安全法異動條文及理由, 立法院法律系統, 2019). This amendment reflects the reality that national security threats have transcended physical boundaries, with organized cyber criminals posing significant risks by targeting and compromising national critical information infrastructure through internet connections. However, the legal definition of cyberspace remains ambiguous, lacking clarity and precision (蔡, 2019, p. 37).

Second, in 2022, the National Communications Commission (NCC) proposed a draft act called the Digital Intermediary Service Act (數位中介服務法) to combat disinformation. The draft legislation included provisions establishing liability for internet intermediaries, modeled after the Digital Service Act. It also includes provisions for an “access restriction order,” inspired by Section 125 of the United Kingdom’s “Draft Online Safety Bill” from 2022 (“數位中介服務法草案總說明,” n.d.). However, the law faced extensive criticisms for infringing on freedom of expression and allegations of unconstitutionality (陳, Reference Chengliang2023). In response, the NCC announced its decision to refer the entire draft back to the internal digital convergence working group for thorough deliberation and examination of the contentious issues. (Shan, Reference Shan2022)

Third, in consideration of data breaches involving nongovernmental organizations, the Administrative Yuan passed an amendment to the Personal Data Protection Act (個人資料保護法) (新聞傳播處, 2023). The proposed legislation establishes an autonomous entity dedicated to data protection and significantly raises the penalty (up to NT$10 million) for private enterprises that fail to ensure the security of personal data. According to the National Development Council (國家發展委員會), this is part of the key strategies outlined in the “New Generation Anti-Fraud Strategy Action Plan” by the Executive Yuan, which focuses on strengthening the cybersecurity obligations of all stakeholders involved under the “Prevention of Fraud” initiative (新聞傳播處, 2023).

Taiwan remains committed to upholding a free and open internet. However, the prevalence of cyberattacks from China has led to the adoption of a top-down approach, involving increased government intervention and the establishment of national boundaries within the internet sphere. Taiwan faces a critical challenge: safeguarding its democratic institutions while navigating the pressures of cyber warfare. This situation reflects broader discussions about the normative behavior of governments and private parties online. This research will explore the underlying norms and metaphors shaping internet governance over time, gaining valuable insights to address the complex challenges of the digital age.

Norms and Metaphors

The internet was conceived in the late 1960s as a groundbreaking project by the U.S. Department of Defense (Leiner et al., Reference Leiner, Cerf, Clark, Kahn, Kleinrock and Lynch1997). Designed to interconnect research institutions and universities, it emerged as a sophisticated network for communication and resource sharing. Since its inception, the internet has undergone remarkable transformations, becoming the ubiquitous global network that defines our modern era. One of the internet’s most important features is its ability to construct virtual reality, which has sparked a wide range of perspectives (Kerr, Reference Kerr2003, p. 357). Building on these perspectives, scholars have increasingly emphasized the idea of a “norm” in the digital context, focusing on how it is defined and established within the internet.

According to political scientist Martha Finnemore and Kathryn Sikkink, a norm is “a standard of appropriate behavior for actors with a given identity” (Finnemore & Sikkink, Reference Finnemore and Sikkink1998, p. 891). The discourse surrounding norms in the digital realm is commonly referred to as “cyber norm,” with its primary focus on defining the expected conduct of governments in relation to global security and the stability of the internet (Finnemore & Hollis, Reference Finnemore and Hollis2016). A norm life cycle consists of three stages: norm emergence, norm cascade, and norm internalization. Norm emergence may potentially result in a norm cascade, once the tipping point has been reached, which is then followed by the norm’s internalization. The fundamental mechanism of the initial stage, norm emergence, entails the persuasive efforts of norm entrepreneurs who strive to sway a critical mass of states toward the adoption of novel norms. This process relies on the art of persuasion and the strategic influence wielded by these entrepreneurial actors to foster the acceptance and endorsement of emerging norms (Finnemore & Sikkink, Reference Finnemore and Sikkink1998, p. 897). In short, the development of norms is linked to the active engagement of norm entrepreneurs.

At its core, the development of norms in internet governance revolves around the metaphors promoted by norm entrepreneurs. These metaphors not only present legitimate regulatory functions and drive policy changes but also possess remarkable cognitive power, as they help us conceptualize complex ideas or phenomena (Frischmann, Reference Frischmann2007; Hunter, Reference Hunter2003). They serve as bridges between the technical complexities of the internet’s infrastructure and the sociopolitical dynamics that shape its governance. Moreover, metaphors encapsulate specific visions of the internet, rendering the abstract realities of the digital world more tangible and relatable.

In the subsequent sections, I will analyze the two influential norm entrepreneurs in the digital realm – the United States and China – to glean perspectives on the evolution of behavioral norms and their significant contributions to this process. I will specifically explore how these norm entrepreneurs have used two distinct metaphors to shape internet policies. This analysis could offer valuable insights into the governance of international relations, where the interplay of law and politics influences the actions of states and other relevant entities (Finnemore & Sikkink, Reference Finnemore and Sikkink1998, p. 916).

The United States and Cyberspace

The US’ norm development was influenced by the “cyberspace” metaphor, popularized by William Gibson, a science fiction novelist, to describe a new place created by worldwide networks (Hunter, Reference Hunter2003, p. 441; Lemley, Reference Lemley2003, p. 524). According to traditional cyberlibertarianism, cyberspace is its own entity and therefore not subject to territorial regulation (Barlow, Reference Barlow1996). This vision depicted a free and open place where “land could be taken, explorers could roam, and communities could form with their own rules” (Hunter, Reference Hunter2003, pp. 442–443). Notably, David Johnson and David Post argued in a 1996 article that cyberspace should be left to develop its own self-regulatory structure, as there was no longer an obvious method to connect an electronic transaction communication to a particular nation-state jurisdiction (Johnson & Post, Reference Johnson and Post1996, p. 1367). Among the various proposals on self-governance, some theorists believe that online transactions should be governed by norms similar to those in the Lex Mercatoria – a set of norms that governed merchant transactions in medieval times (Hardy, Reference Hardy1994, pp. 1015–1025; Hunter, Reference Hunter2003, p. 448; Perritt, Jr., Reference Perritt1997, p. 461–463; Reidenberg, Reference Reidenberg1998, p. 553).

While the internet has never been as independent or sovereign as early idealists believed, the “cyberspace” metaphor strongly influenced the US legal academic discourse, judicial pronouncements, and legislative enactments (Hunter, Reference Hunter2003, pp. 446–447). The concept of cyberspace as an unrestricted virtual realm is deeply rooted in the American philosophy of free speech (Bradford, Reference Bradford2023, pp. 33–68; Lessig, Reference Lessig2000, p. 6). It embodies the conviction that individuals possess the liberty to articulate their thoughts without censorship or unwarranted intervention, akin to the safeguards enshrined in the First Amendment of the U.S. Constitution (Bradford, Reference Bradford2023, p. 41). Most significantly, the cyberspace metaphor resulted in favoring a bottom-up rather than top-down approach to internet governance. This philosophy contributes to an evolving legal landscape in the United States shaping how online activities are governed and influencing the protection of user data and online security. For instance, the United States lacks a comprehensive cybersecurity law. Meanwhile, US legal discourse on cyber policy has been closely monitoring the density of regulations over the cyber world, with the goal of keeping it free and open (Lessig, Reference Lessig1996, p. 869; Mueller, Reference Mueller2020, p. 779).

The metaphor of “cyberspace” has significantly shaped the trajectory of the US international norm development in cybersecurity, particularly by emphasizing constraints on government actions in the digital domain. Since 2005, the United States has actively engaged in the United Nations (UN) Group of Governmental Experts (GGE), prioritizing the development of responsible state behavior to prevent interstate conflict and limit the use of cyberattacks during cyber conflicts (Lotrionte, Reference Lotrionte2013, p. 75; Mueller, Reference Mueller2020, pp. 786–787). The GGE’s efforts fostered constructive progress that culminated in the formation of a 2013 working group whose participants reached a consensus that the principles of the UN Charter principles, as well as international law, apply to the digital domain.

In 2015, the GGE released a report that acknowledged eleven voluntary norms – a significant milestone in advancing both the understanding of relevant international laws applicable to information and communications technologies (ICTs) and the imperative of safeguarding critical infrastructure (United Nations General Assembly, 2015). These principles were reaffirmed in the 2021 report by the UN Open-Ended Working Group (OEWG), an initiative originally seen as the GGE’s counterpart and sponsored by Russia (Broeders, Reference Broeders2021, p. 278; United Nations General Assembly, 2021).

Overall, the United States has promoted its norms through the “cyberspace” metaphor, emphasizing minimal government intervention in the digital realm and prioritizing voluntary measures to protect free speech. This approach has influenced US cybersecurity policies abroad and has been effectively championed in international forums such as the UN GGE, where similar norms appear in the UN OEWG, the Paris Call, and the Global Commission (“The 9 Principles,” n.d.; The Hague Centre for Strategic Studies, n.d.).

China and Internet Sovereignty

China views the internet as an extension of its territorial sovereignty, shaping its metaphorical perspective on how the internet should be governed (Bradford, Reference Bradford2023, p. 70). This notion was first introduced in the Chinese State Council Information Office’s 2010 publication, The internet in China (Wang, Reference Wang2020, p. 397). The “internet sovereignty of China” in this context refers to the assertion that the internet within Chinese territory falls under Chinese jurisdiction – a significant statement to partitioning the internet along national boundaries. The Chinese government has spearheaded legitimation and adoption of “internet sovereignty” through its 2017 Chinese Cybersecurity Law, representing the nation’s intent to assert control over the internet within its jurisdiction (Creemers, Webster, & Triolo, Reference Creemers, Webster and Triolo2018). Central to this framework are measures such as “public opinion guidance” and requirements for data localization by foreign companies (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3835; E. Wu, Reference Wu2021, p. 1).

Acting as a norm entrepreneur, China has promoted internet content control norms in regional and international institutions under the principle of internet sovereignty. The Shanghai Cooperation Organization (SCO), jointly led by China and Russia, exemplifies this successful multilateral adoption of digital authoritarian norms and practices (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3841). Formed in 2001, the SCO consisted of China, Russia, Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan. Over time, the organization has developed a robust normative framework and gained international prominence. In 2009, SCO member states adopted the Yekaterinburg Agreement, which established core principles for “international information security” and paved the way for proposing an “International Code of Conduct for Information Security” to the UN in 2011 and 2015 (Ministry of Foreign Affairs of the People’s Republic of China, 2011). This Code of Conduct emphasizes sovereignty, territorial integrity, and political independence, urging UN members to refrain from using ICTs to interfere in the internal affairs of other states or undermine their political, economic, and social stability (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3841). Meanwhile, President Xi Jinping underscored the importance of “respect for cyber sovereignty” at the second World Internet Conference (WIC) held in Wuzhen in December 2015 (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3845).

The concept of “sovereignty” has gained traction, resonating not only in authoritarian regimes but also in liberal democracies such as those in Europe (C.-H. Wu, Reference Wu2021, p. 659). The European Union (EU) has begun using the terms “technological sovereignty” and “digital sovereignty,” driven by the aim of enhancing its competitiveness in the digital realm and ensuring economic independence (Burwel & Propp, Reference Burwel and Propp2020, p. 1; European Commission, 2019, p. 3; von der Leyen, Reference von der Leyen2020). This concept encompasses preserving strategic autonomy and safeguarding security interests, as highlighted by the European Commission (European Commission, 2019, p. 3). The Digital Silk Road (DSR) extends the opportunity to propagate similar ideologies to African nations, potentially importing principles of “internet sovereignty.” One noteworthy policy proposition is “data localization,” which rests on government control, self-determined economic advancement, and societal structuring. This idea holds substantial appeal worldwide, extending well beyond nondemocratic governments (Erie & Streinz, Reference Erie and Streinz2021). The internet appears to be moving toward greater balkanization, marked by the creation of national boundaries that restrict the flow of information within specific jurisdictions (Lemley, Reference Lemley2021, p. 1399).

In general, China’s norm development in the cybersecurity realm has advanced significantly, with one notable achievement being the increased awareness among nations of their sovereignty in the digital sphere. As a result, there has been a growing inclination to implement regulations and policies that exercise state control over the internet. By consistently using the term “sovereignty,” President Xi has emphasized the importance of upholding the principle of internet sovereignty, highlighting the need for nations to assert their authority over their respective digital domains and establish governance mechanisms aligned with their national interests.

Taiwan’s Metaphorical Choice: The Internet as Commons

The main implications of the two norm developments, each driven by a distinct metaphor, center on differing cybersecurity strategies. The US conception of “cyberspace” emphasizes voluntary measures, whereas China treats the internet as an extension of its national territory and favors regulatory controls. However, both perspectives face significant challenges. Under the “cyberspace” metaphor, the notion of a free and open internet, while aligned with the original vision of the internet, leaves democratic institutions vulnerable to attacks. As a result, the National Cybersecurity Strategy, published by the White House in March 2023, calls for coherent regulations in critical sectors, signaling a shift toward a model more akin to China’s (The White House, 2023). Meanwhile, the “internet sovereignty” metaphor – by endorsing stringent regulatory measures – risks creating a “splinternet,” characterized by regulatory conflicts and the potential for authoritarian regimes to curtail online freedoms (Lemley, Reference Lemley2021, pp. 1418–1421).

An alternative path for developing internet norms can be fostered by adopting the metaphor of the internet as “commons.” This approach is not without theoretical foundations – scholars and politicians have long used the term “commons” to characterize the internet, with some referencing concepts such as the “global commons,” “semi-commons,” “pseudo commons” or commons within the economic context (111th Congress, 2010; Benkler, Reference Benkler2003; Chertoff, Reference Chertoff2014; Frischmann, Reference Frischmann2013; Hess, Reference Hess1996; Hess & Ostrom, Reference Hess and Ostrom2003; Lessig, Reference Lessig2001; Mueller, Reference Mueller2020; Shackelford, Reference Shackelford2013, Reference Burwel and Propp2020; Shiffman & Gupta, Reference Shiffman and Gupta2013). Embracing the “commons” metaphor to depict the internet offers two primary advantages.

First, the metaphor of the “commons” aptly captures the shared nature of the internet (Hess, Reference Hess1996). The term “commons” generally refers to a resource shared by a group of people subject to social dilemmas (Hess & Ostrom, Reference Hess and Ostrom2007, pp. 3–4). One specific type of shared resource system, known as a “common-pool resource,” combines the subtractability characteristic of private goods with the difficulty of exclusion typically associated with public goods (Ostrom, Reference Ostrom2010, pp. 644–645). Forests, fisheries, and irrigation systems are prominent examples of common-pool resources worldwide (Ostrom, Reference Ostrom2010, p. 645).

Given the internet’s intricacies, the levels of subtractability and exclusivity vary depending on the aspect of the resource system under examination. The exclusion of internet resources is highly fragmented and piecemeal. When many users access the internet simultaneously, congestion can arise, highlighting the issue of subtractability (Hess, Reference Hess1996). However, the attribute of difficulty of exclusion and high subtractability do not fully encompass the diverse resources of the internet. Accordingly, this research focuses on the notion of the “commons” to capture the internet’s shared nature and highlights three shared resources:

• The cable commons: The internet relies on a vast physical infrastructure, with a network of high-performance submarine cables carrying 99 percent of global traffic between countries and continents (Takeshita et al., Reference Takeshita, Sato, Inada, de Gabory and Nakamura2019, p. 36). This infrastructure can be referred to as the cables commons, comprising more than 552 submarine cables that span the ocean floor and linking to over 1,300 distinct coastal landing stations (McDaniel & Zhong, Reference McDaniel and Zhong2022; TeleGeography, n.d.). Ownership of submarine cables is heavily concentrated in the private sector, with about 99 percent privately owned by prominent telecom carriers, content delivery providers, and investor groups (Burnett, Reference Burnett2021). While network operators have traditionally been the primary investors, content providers such as Google, Amazon, Microsoft, and Meta have also expanded their investments to ensure seamless interconnection between their data centers (Wall & Morcos, Reference Wall and Morcos2021). Excluding others from using the same submarine cables can be challenging, given their shared nature. Congestion may occur due to high demand, technical issues, underinvestment, or geopolitical factors.

• The communications commons: The internet’s most significant accomplishment is its standardized means of communication, enabled by a set of globally accepted protocols. The communications commons refers to the shared, interoperable, and equitable nature of internet communication. This commons is primarily maintained by several organizations, including the Internet Engineering Task Force (IETF), Internet Corporation for Assigned Names and Numbers (ICANN), and Institute of Electrical and Electronics Engineers (IEEE). A foundational conceptual framework for coordinating the development of interconnection standards is the Open Systems Interconnection (OSI) model, developed by the ISO. This model consists of seven abstraction layers, including physical, data link, network, transport, session, presentation, and application layers (ISO, 1994). Each layer represents a specific aspect of the communication process in a computing system. These standards are designed to be open and universal, enabling anyone, anywhere, to build software or hardware that connects to the internet. Because of these open standards and the interoperable nature of the internet, excluding others can be difficult. However, congestion may occur due to network architecture, peak usage, heavy users, or distributed denial of service (DDoS) attacks.

• The content commons: The “content commons” refers to the collective body of information and speech that flows across the internet, shaping the virtual world. It encompasses content created by both users and organizations such as governments, corporations, and academic institutions. Much of this commons is hosted on platforms controlled by large US and Chinese corporations – ranging from social networking to search engine services and e-commerce (CompaniesMarketCap, 2023). Within these platforms, diverse social groups establish various sub-commons, each with unique functions, thereby fostering distinct communities. Sharing content on the web remains relatively easy due to low costs, wide reach, and the prevalence of social media platforms. However, congestion can occur because of information overload, the tendency to prioritize quantity over quality, and the lack of effective content discoverability.

Second, Ostrom’s scholarly inquiry into the governance of commons offers profound insights that can significantly enhance internet governance, particularly regarding cybersecurity strategies. Ostrom’s main contribution to the commons theory lies in her formulation of eight institutional design principles, which are strongly tied to the effectiveness of institutions in managing common-pool resources. These principles were the successful commons management systems she identified among the cases examined in Governing the Commons (Ostrom, Reference Ostrom2015). The eighth design principle, which addresses larger and more complex systems of common-pool resources, specifies that various governance activities associated with robust institutions should be organized across multiple layers of nested enterprises. In subsequent work, Ostrom and others have sometimes used the term “polycentric” interchangeably with, or in reference to, the “nested” requirement of the eighth design principle – though polycentricity implies more than nestedness (Carlisle & Gruby, Reference Carlisle and Gruby2017, p. 930).

While there is no unified definition of “polycentric governance,” at the heart of nearly every discussion is the notion of multiple centers of decision-making, where none of them has ultimate authority for making collective decisions (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 31). This mirrors the structure of the internet, wherein the decision-making centers encompass national authorities, international organizations, private companies, and individuals. Recognizing this, when governance systems are structured in a polycentric manner – from the smallest to the largest scales – they become capable of addressing collective action problems across multiple levels (Ostrom, Reference Ostrom, Brousseau, Dedeurwaerdere, Jouvet and Willinger2012, p. 107). This arrangement inherently fosters the development of norms among participants through a variety of mechanisms, all interconnected and mutually reinforcing. It emphasizes the potential for effective cooperation, conflict resolution, fruitful competition, and shared learning (Bruns, Reference Bruns, Thiel, Garrick and Blomquist2019, p. 237). As a result, polycentricity highlights the organic and self-organizing nature of internet governance – where multiple centers of decision-making interact and collaborate – and stands in contrast to a purely market- or state-centric approach (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019).

The Taiwan–China conflict illustrates the clash between two different internet metaphors. The US concept of “cyberspace” encourages minimal regulatory intervention and is less effective in mitigating cyberattacks, whereas China’s “sovereignty” perspective prioritizes stricter regulations and enhanced security, often at the expense of freedom of expression. Embracing the metaphor of the “internet as a commons” offers Taiwan valuable insights for formulating its cybersecurity strategy. It directs the attention toward identifying shared resources and decision-making centers within the internet. This metaphor serves as a critical tool for interpreting, shaping, and navigating the intricate landscape of policies and protocols that underpin Taiwan’s cybersecurity frameworks. It also promotes meaningful dialogue among diverse stakeholders – policymakers, technologists, academics, civil society, and businesses – that often transcends disciplinary and cultural boundaries. By adopting this approach, Taiwan gains a strategic advantage without veering toward an overly idealized “cyberspace” metaphor or fully embracing “internet sovereignty.” Individuals can safeguard and coordinate the management of shared resources without relying on centralized rulemaking, thereby enhancing security and fostering norm development (Shiffman & Gupta, Reference Shiffman and Gupta2013, p. 100).

Tragedy of the Internet Commons

V. Ostrom, Tiebout, and Robert Warren (Reference Ostrom, Tiebout and Warren1961) introduced the concept of polycentricity in their endeavor to ascertain the nature of activities undertaken by numerous public and private agencies involved in the provision and production of public services within metropolitan areas (Carlisle & Gruby, Reference Carlisle and Gruby2017, p. 928). V. Ostrom’s idea of polycentricity goes beyond specific domains and encompasses various aspects of societal organization, including economic markets, legal systems, scientific disciplines, and multicultural societies. In the realm of politics, federalism stands as a key example of polycentricity (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 24). As mentioned earlier, Elinor Ostrom adopted the term in her work on governing the commons, making it a central pillar of the Bloomington School of Political Economy (Carlisle & Gruby, Reference Carlisle and Gruby2017, p. 930).

The main purpose of Ostrom’s polycentric governance is to mitigate the risk of the “tragedy of the commons” (Hardin, Reference Hardin1968). In valuable open-access resources, the absence of an effective governance regime – either by involved parties themselves or external authorities – may lead to suboptimal outcomes. As internet usage increases, it introduces more threat vectors and provides malicious actors with an expanded range of networks to target, creating a scenario akin to the “tragedy of the commons.” While the broader China–Taiwan conflict resembles a vibrant threat system, the emergence of APTs and activities such as undersea cable disruptions, DDoS attacks, and disinformation campaigns within the internet context are analogous to overexploitation of resources across different internet commons. These developments present a collective action problem that falls within the realm of classic social dilemmas (Shackelford, Reference Shackelford2013, p. 1293).

Taiwan’s Polycentric Governance in the Internet Commons

Within the internet commons, global problems involve a diverse array of actors, extending beyond governments to include corporate entities that serve as agents for complex publics and exhibit significantly intricate behavior (McGinnis & Ostrom, Reference McGinnis and Ostrom1992). As mentioned, nearly every discussion of polycentric governance revolves around the concept of multiple “decision-making centers” (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 31). This concept highlights the distributed nature of governance, where power and decision-making are dispersed across various institutions. Jurisdictions of authority may overlap, with many centers of decision-making operating formally independent of each other (Ostrom, Tiebout, & Warren, Reference Ostrom, Tiebout and Warren1961). The goal of polycentric governance is to facilitate the use of local knowledge and build mutual trust (Cole, Reference Cole2015). Local communities possess the skills, local knowledge, and capacity to overcome many challenges, making it essential to resolve problems as close to these communities as possible. This approach effectively addresses the challenges posed to traditional models of democracy centered on the nation-state (Scholte, Reference Scholte and Kohl2017, p. 167). Polycentricity challenges the belief that either the state or markets alone hold the solution to addressing complex challenges (Shackelford, Reference Shackelford2013, p. 1333). Instead, it creates an effective mechanism for cooperation, coordination, conflict resolution, and the utilization of local knowledge.