fr4nç01s

Adversarial Thinking On Democracy

Today, we’ll dive into the world of political science and constitutional law, applying adversarial thinking to the concept of democracy. We’ll explore how democracies and especially their constitutions can be vulnerable to attacks, and how those attacks can be executed without triggering alarms.

Seventy percent. That is the share of democratic backsliding episodes in the post-1994 period. But what is a democratic backsliding ? Democratic backsliding is, at its most basic, “the state-led debilitation or elimination of the political institutions sustaining an existing democracy”.1

Just governments, using the tools democracy gave them, to quietly dismantle it. No military coup, no tanks. Political scientists call this democratic erosion. In cybersecurity, we have a name for the same technique.

“Scholars agree that contemporary democracies tend to erode gradually and under legal disguise”.2 1 Analysing 75 episodes of autocratization of democracies and using data covering all autocratization episodes affecting democracies from 1900 to 2017, Lührmann & Lindberg produced the following chart.

Invasion Military Coup Autogolpe Democratic Erosion
Share of Autocratization Episodes

Types of autocratization of democracies.

Note: 28 episodes are included in the pre-third wave period, and 47 in the third wave.

In cybersecurity, this is called Living Off the Land; attackers who avoid custom malware, avoid loud exploits, and instead abuse the legitimate tools already present on the system. The goal is the same: gain privileges, persist, and never trigger the alarm. In the next section, we apply this framework to Hungary, one of the most documented cases of democratic erosion in the third wave.

Case Study: Hungary

In April 2010, Fidesz won 53% of the vote and was awarded 68% of parliamentary seats, a conversion made possible by Hungary’s existing electoral law, designed in 1990 as a mixed electoral system that structurally favoured larger parties, producing disproportionate seat shares. A two-thirds parliamentary majority in Hungary is not a governing margin, it is the threshold required to amend the constitution. But one safeguard to the constitution remained, a requirement that any entirely new constitution would need four-fifths approval. Fidesz identified a logical flaw, the amendment procedure did not protect itself from the very majority it was designed to constrain and used a two-thirds vote to delete the four-fifths rule. Then wrote a new constitution alone.3 4

Fidesz 2/3 parliamentary majority 53% votes → 68% seats 4/5 rule new constitution requires 80% approval New constitution written by Fidesz alone April 2011 intended path ① use 2/3 to delete the 4/5 rule ② write new constitution intended path actual path taken bypassed rule

This exploited a logical flaw in the amendment procedure itself. But it raised a question: are there people who audit constitutions for vulnerabilities?

The answer is yes and no. The Venice Commission exists to provide legal advice on constitutional law to its member states.5 They use a tool called the Rule of Law Checklist, a vulnerability checklist for constitutional democracies, structured as questions rather than assertions.6

In security, a principle I kept returning to was this: to defend effectively you must stop looking at your own perimeter and start looking at the enemy’s incentives and processes.7 Is that mentality applicable to democracy?

The Hungary case suggests it should be. The Venice Commission’s Rule of Law Checklist is a serious and carefully constructed instrument, and some adversarial thinking does exist in constitutional theory. But it seems to remain marginal. The dominant approach still asks whether protections exist, not whether those protections can be circumvented, captured, or deleted.

That is the end of this first analysis. Applying adversarial thinking to non-trivial systems have been really simulating, especially diving into the details of political science and constitutional law, two fields I had no prior knowledge of. I had a great next idea of modeling constitution as software and try to analyze the control flow of it (to check for potential vulnerabilities), but I think I’ll save that for another time. For now, I hope this was an interesting read and that it sparked some thoughts on how we can apply adversarial thinking to other domains.

  1. Bermeo, N. (2016). “On Democratic Backsliding.” Journal of Democracy, 27(1), 5-19. https://doi.org/10.1353/jod.2016.0012 ↩︎ ↩︎

  2. Lührmann, A. & Lindberg, S.I. (2019). “A third wave of autocratization is here: what is new about it?” Democratization, 26(7), 1095-1113. https://doi.org/10.1080/13510347.2019.1582029 ↩︎

  3. Bánkuti, M., Halmai, G. & Scheppele, K.L. (2012). “Hungary’s Illiberal Turn: Disabling the Constitution.” Journal of Democracy, 23(3), 138-146. https://doi.org/10.1353/jod.2012.0054 ↩︎

  4. Scheppele, K.L. (2015). “Understanding Hungary’s Constitutional Revolution.” In A. von Bogdandy & P. Sonnevend (Eds.), Constitutional Crisis in the European Constitutional Area: Theory, Law and Politics in Hungary and Romania (pp. 111–124). Hart Publishing. https://doi.org/10.5040/9781474202176.ch-003 ↩︎

  5. Venice Commission (Council of Europe). “About the Venice Commission.” European Commission for Democracy through Law. https://www.coe.int/en/web/venice-commission/about Accessed April 2026. ↩︎

  6. Venice Commission (Council of Europe). (2025). Updated Rule of Law Checklist. CDL-AD(2025)002. Adopted at the 145th Plenary Session, Venice, 12–13 December 2025. https://www.venice.coe.int/webforms/documents/default.aspx?pdffile=CDL-AD(2025)002-e ↩︎

  7. Hutchins, E.M., Cloppert, M.J. & Amin, R.M. (2011). “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.” Leading Issues in Information Warfare & Security Research, 1, 80. Lockheed Martin. https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf ↩︎