Using AI to Combat AI-Generated Disinformation

AI can be impact election outcomes? how can this be combatted?

Canada General Election 2019 and US Presidential Race 2020

As citizens worry about election outcomes and the interference in the democratic process in general and elections in specific, some governments are attempting to mitigate the risks and issues.  In December 2018, the Government of Canada’s Standing Committee on Access to Information, Privacy and Ethics released a report, Democracy under Threat: Risks and Solutions in the Era of Disinformation and Data Monopoly. This report, initiated in response to the Facebook/Cambridge Analytica scandal, examines, among other things, the risks posed to the Canadian electoral process by the manipulation of big data and artificial intelligence (AI). A year before in 2017, the Senate Intelligence Committee published a report titled Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution. This report, conducted a full review and produce a comprehensive intelligence report assessing Russian activities and intentions in recent U.S. elections in 2016.

Social media, and the big data it generates, is now so ubiquitous, it’s easy to forget that it’s a relatively recent phenomenon. As such, it’s been hard for legislators to track how such technological developments could be used to influence the Canadian electoral process, and how they should be regulated. Big data, and its manipulation, played a significant role in both the 2016 US election, and the Brexit vote in the UK earlier that year. Fake news, deliberately fabricated, edged into Facebook feeds alongside legitimate sources, and was shared by unsuspecting users. Fake Twitter accounts pressed extreme views, shifting and polarizing public discourse. According to Elodie Vialle, of Reporters Without Borders, false information spreads six times faster than accurate information.[1]

It is well known that AI plays a key role in the spread of disinformation. It powers social media algorithms. It can be programmed to generate content, including automated trolling, and it facilitates the micro-targeting of demographic groups on specific topics: all basic disinformation practices.

Yet what is less widely discussed is that

AI can also be used as a tool to combat disinformation.

Data science can locate trolls and fraudulent accounts: via algorithm, programs can be trained to identify potential bots and unusual political material.[2] While their reach can be enormous, the actual number of perpetrators is very small, and we have the scientific ability to track down who they are. Existing hate speech laws can then be used to prosecute them.

In today’s increasingly febrile global political climate, disinformation is a real and growing problem, both abroad and here in Canada and the United States. A solution is available. Given the upcoming Canadian federal election in October 2019 and the US presidential elections in 2020, proactive use of data science to counter manipulation efforts is both timely and necessary.




[1] Staff, “Artificial Intelligence and Disinformation: Examining challenges and solutions,” Modern Diplomacy, March 8, 2019: online at:

[2] European Parliamentary Research Service, Regulating disinformation with artificial intelligence, March 2019: online at:

Overcoming the Challenges of Privacy of Social Media in Canada

By Aydin Farrokhi and Dr. Wael Hassan

In Canada data protection is regulated by both federal and provincial legislation. Organizations and other companies who capture and store personal information are subject to several laws in Canada. In the course of commercial activities, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) became law in 2004. PIPEDA requires organizations to obtain consent from individual whose data being collected, used, or disclosed to third parties. By definition personal data includes any information that can be used to identify an individual other than information that is publicly available. Personal information can only be used for the purpose it was collected and individuals have the right to access their personal information held by an organization.

Amendments to PIPEDA 

The compliance and enforcement in PIPEDA may not be strong enough to address big data privacy aspects. The Digital Privacy Act (Also known as Bill S_4) received Royal Assent and now is law. Under this law if it becomes entirely enforced, the Privacy Commissioner can bring a motion against the violating company and a fine up to $100,000.

The Digital Privacy Act amends and expands PIPEDA in several respects:


  1. The definition of “consent” is updated: It adds to PIPEDA’s consent and knowledge requirement. The DPA requires reasonable expectation that the individual understands what they are consenting to. The expectation is that the individual understands the nature, purpose and consequence of the collection, use or disclosure of their personal data. Children and vulnerable individuals have specific

There are some exceptions to this rule. Managing employees, fraud investigations and certain business transactions are to name a few.

  1. Breach reporting to the Commissioner is mandatory (not yet in force)
  2. Timely breach notifications to be sent to the impacted individuals: the mandatory notification must explain the significance of the breach and what can be done, or has been done to lessen the risk of the
  3. Breach record keeping mandated: All breaches affecting personal information whether or not there has been a real risk of significant harm is mandatory to be kept for records. These records may be requested by the Commissioner or be required in discovery by litigant or asked by the insurance company to assess the premiums for cyber
  4. Failure to report a breach to the Commissioner or the impacted individuals may result in significant

Cross-Border Transfer of Big Data

The federal Privacy Commissioner’s position in personal information transferred to a foreign third party is that transferred information is subject to the laws and regulations of the foreign country and no contracts can override those laws. There is no consent required for transferring personal data to a foreign third party. Depending on the sensitivity of the personal data a notification to the affected individuals that their information may be stored or accessed outside  of Canada and potential impact this may have on their privacy rights.

 Personal Information- Ontario Privacy Legislations

The Freedom of Information and Protection of Privacy Act, the Municipal Freedom of Information and Protection of Privacy Act and Personal Health Information Protection Act are three major legislations that organizations such as government ministries, municipalities, police services, health care providers and school boards are to comply with when collecting, using and disclosing personal information. The office of the Information and Privacy Commissioner of Ontario (IPC) is responsible for monitoring and enforcing these acts.

In big data projects the IPC works closely with government institutions to ensure compliance with the laws. With big data projects, information collected for one reason may be collectively used with information acquired for another reasons. If not properly managed, big data projects may be contrary to Ontario’s privacy laws.
























Building a Social Media Pipeline

A Presentation by Dr. Waël Hassan at Boston University School of Media & Communications

Abstract: Companies who developed Success Criteria, established their Style, decided their Sources, Setup a business process, whilst they survey their results are winning big on social media. The most unknown part of building an enterprise social media service is how to build a social media pipeline. This presentation describes how to do that.



Data Protection in Design

Time for a New Vision

Up until now, we have viewed privacy and security on the same sliding scale, through which it appears to be impossible to have one without hurting the other. Envisioning a country where privacy is prioritized over security and surveillance seems absurd. However, it is time that we disrupt this traditional way of thinking.

How? Through Data Protection in Design. By developing and building data protection into the design of private, public, and political systems, citizens would have the ability to express their desires, change the system, and influence government, all the while minimizing the risk to national or public safety. Instead of pitting the forces for privacy and the forces for security against one another, the two forces should be integrated in order to reap the benefits of both.

It is no longer a balance between privacy freedoms and security, but rather about achieving both outcomes in an effective way