Cyber Scene #43 - Cybersecurity's COVID Cloud
Cyber Scene #43 -
Cybersecurity's COVID Cloud
Present, Future and Past
The role of cybersecurity continues, front and center, in the battle to subdue COVID-19. Both Big Tech and the US federal government are rebalancing their relationship and evolving. The view from across the Atlantic examines this from the outside. Both the 26 March Economist in "Everything's Under Control" and the 4 April Economist "Big Tech's COVID Opportunity" address the necessary growth of big government to combat the rise of the pandemic. Both winning this battle and preparing for the future require support and initiative from Big Tech's cyber warriors. In the latter article, the Economist calls on large digital platforms, such as Alphabet (parent of Google) and Facebook, "...to reset their sometimes testy relations with their users. Otherwise, big government...is likely to do it for them."
This editorial goes on to note that at this time, the fact that Facebook and Google are removing misinformation on COVID-19 is a much welcome control. Moreover, the editors do not foresee new federal privacy laws coming into being at this time. In fact, they posit that big tech has taken up a position similar to "vital utilities." But this latter article goes on to say that water and electricity are regulated, so is this the future for Big Tech? The writers cite Microsoft as an exemplar of how "how to build a reputation for being trustworthy" for the rest of the Big Tech lot.
Helping to save lives is certainly a direction in which Big Tech can add to its credibility. Wired and the Wall Street Journal both analyze this direction. Wired notes on 3 April in "Google Reveals Location Data to Help Public Health Officials" that Google's idea in revealing locational data to track individuals' movements for public health improvement is intended, as it is around the world, "...to evaluate how well social distancing measures are working and identify places where new policies might be needed." Google maintains that it uses "differential privacy" adding "noise" to the data to protect privacy rights. Stanford Law's Director of Privacy at the Center for Internet and Society believes that this demonstrates how aggregated locational data can be used in a manner that is sensitive to privacy issues.
The Wall Street Journal's Liza Lin and Timothy W. Martin go further on 15 April in "How Coronavirus Is Eroding Privacy." They are based in Singapore and Seoul, where Asian governments have had an earlier start, and note that investigators use smartphone data to determine within 10 minutes "...who might have caught the coronavirus from someone they met." Israel is using Shin Bet, its intelligence unit, to track down similar data. In the UK, police sometimes use drones to monitor movements. While those who may owe their lives to this brush with privacy are likely most appreciative, privacy advocates on the other hand are worried that, post-pandemic, this surveillance might continue. But in the U.S., Apple and Google are planning to launch an app, with the agreement of the user, "...to reverse-engineer sickened patients' recent whereabouts." Germany is also relaxing its "world's most stringent privacy laws" to "very quickly investigate infection chains."
Meanwhile, the Economist reports on 26 March in "Taking People's Temperatures Can Help Fight the Coronavirus" that a San Francisco firm, Kinsa Health, has digitized phone use to track the spread of the pandemic through temperature data. The company has sold or donated 1 million such smartphone apps that transmit this data to base and determine what medical advice, given an individual's age, sex, etc., should be followed. It can also generate data about neighborhood information and school contagion.So how could this play out in the US at the state and local level? New York Times' Ellen Barry reports on 16 April in "An Army of Virus Tracers Takes Shape in Massachusetts" that Governor Charlie Baker has embraced this private-public partnership in contact-tracing the old fashioned way: by person-to-person phone calls. It is certainly a labor-intensive approach, but at the moment there seems to be a surplus of labor if unemployment rates are an indicator. In Massachusetts, the nonprofit Partners in Health, whose doctors have worked on Ebola, Zika, cholera and other diseases, are in charge. They sought 1,000 trainers and had 15,000 applicants. It is also expensive--$44 million, even though some have volunteered to work without pay. Whether this could displace more cyber-based, federally centralized efforts is dubious, but the plus is that the callers report that the discussions last 30-45 minutes as most of the individuals are sheltering-in-place and isolated. It seems an excellent role for social workers and National Association of Mental Illness (NAMI) advocates, that is, those who are not already essential for medical support elsewhere.
As the world continues to be overrun by COVID-19 issues, especially impacting the Big Tech cyber world, US Congressmen and Senators continue to battle through enduring past, present and future responsibilities. On 21 April, the Senate Select Committee on Intelligence (SSCI) released its official report on Russia's "active measures" (interference via a largely cyber hand) against the 2016 US elections. SSCI Chairman Richard Burr and SSCI Vice Chair Mark Warner had begun this bipartisan work in the run-up to, not after, the 2016 elections and continued to date. The 364 page "Committee Sensitive" report is broken down into four sections: Russian Active Measures Infrastructure, Social Media, the US Government Response, and Intelligence Community Assessment. All but a dozen pages total are consensus, bipartisan findings. The remaining few pages represent additional comments by a handful of senators relative to each section's issues. For those who seek to understand what the Russian cyber threat was during the 2016 elections, how the most informed Senators view it now, and the implication that it is likely to have another go at us in this coming round, most of the substance of the first three sections are here for your edification. The fourth section--the Intelligence Community Assessment (ICA), serves up a very quick read given the 158 pages as it is largely redacted. While the economy is certainly a top priority in homes and in Washington D.C., election security for November 2020 continues to challenge US legislators, even if their voters are less sensitive at this time to the dangers.
With respect to the Supreme Court of the United States (SCOTUS, COVID-19 has demanded decisions related not to the outcome of arguments but decisions on procedural issues in a now high tech world. In retrospect (quite literally), SCOTUS tech procedures are examined by AP's Mark Sherman and Jessica Gresko in "You've reached the Supreme Court here. Press 1 for arguments." Yes, in deference to the pandemic, the Court is not only going to hear arguments over the telephone, but will make the audio available live for the first time. Even as the world charges ahead to embrace cyber and propel new advances, Chief Justice Roberts noted in 2014, per the authors, that "the Courts will always be cautious when it comes to embracing the "next big thing" in technology." A SCOTUS official acknowledged that the phone argument plan "is sort of retro" given alternatives abounding.
The critical need for a strategic, future focus that is becoming increasingly urgent is presented by Foreign Affairs' Lauren Rosenberger's "Making Cyberspace Safe for Democracy". She underscores the return in 2020 of Russian election interference and enjoins us not to take our eyes off cyber. Ms. Rosenberger delineates the underlying differences between authoritarian and democratic systems, comparing/contrasting the US on the one hand and Russia and China on the other. She calls to arms cyberwarfare strategists to help the US avoid playing into authoritarian hands. She fears that as the US seeks to move forward, "...it risks falling behind in the development of new technologies." This, she argues, is a growing concern as many countries are gravitating toward authoritarianism. As she walks us through China's and Russia's information warfare and the sense that these countries are "two sides of the same coin" in the way they approach cybersecurity and information security, she concludes by citing the biggest barrier of all in contesting information space: “the erosion of democracy at home."
Ms. Rosenberger also points out that the 2020 Cyberspace Solarium Commission recommended "...a more concerted action on developing emerging technologies and countering information operations." Ms. Rosenberger is a civilian, Director of the Alliance for Securing Democracy, Senior Fellow at the German Marshall Fund of the US, and a former National Security Council and State Department official. However, she credits former Secretary of Defense General James Mattis for insisting on this focus in 2017. But she notes that outside the military, there is still a lack of an integrated national strategy.
On 8 April, as if to echo the above Foreign Affairs analysis, the Washington Speakers Bureau hosted a webinar with Admiral William H. McRaven (Ret.), former Commander of Special Operations Command and Chancellor of the University of Texas System; and Admiral James G. Stavridis (Ret.), former NATO Supreme Allied Commander Europe, and Commander, European and Southern Commands as well as, post-retirement, Dean of Tufts University's Fletcher School of Diplomacy. They addressed "Leadership and a New World Order: The Need for Resilience." While ADM McRaven focuses on leadership such as Ms. Rosenberger outlines, ADM Stavridis discusses cybersecurity on the global stage. Related to cybersecurity, he focused, among other issues, on control, power levels, and "positive security." The exchange leads us to ADM McRaven's belief that "the only thing more contagious than a virus is hope."