Cyber Scene #50 - The Post-Election Cyber World

Image removed.Cyber Scene #50 -

The Post-Election Cyber World

 

Even as last month's Cyber Scene reviewed 2016 follow-up issues regarding cyber-related issues during the US election, this Cyber Scene will seek to inform this readership of the generally successful management of election protection in the US 2020 elections and additional cyber issues still in play.

On 2 November 2020, the eve of the US election, Barron's (Barron's 2 November) guest Glenn S. Gerstell explained why successful cyberattacks capable of calling into question the veracity of the results, whatever they would be, were unlikely to occur. Mr. Gerstell would know: he served five years (up to early 2020) as NSA's General Counsel prior to his move to the Center for Strategic and International Studies (CSIS), a US think tank, as Senior Advisor. His four decades of both private and public sector legal experience provided solid background for his determination that "America's elections are more secure than you think." While other editorialists cited the vast swath of individual, state-directed variations on the theme of election security that indirectly make cyberattacks less effective--Gerstell refers to this as a problem and a partial shield--he went on to explain how the frailty of election security in 2016 led to improvements made by the U.S. Cyber Command in 2018, "keeping the Russians at bay." Across the Intelligence Community, a coordinated approach in preparing for 2020 with major players including FBI and the Department of Homeland Security "...made strides in sharing responsibility for election security, and in tipping off social media to foreign cyber mischief without revealing classified information. Now, well-rehearsed and coordinated efforts across government have positioned us to withstand attacks."

CNN's national security reporter Zachary Cohen concurred, explaining that US Cyber Command expanded its "hunt forward" operations, to which Mr. Gerstell above alluded. Mr. Cohen also reported that then-DHS Cyber Chief Christopher Krebs explained that despite some ransomware attacks by Russia and Iran's "getting in the game" with disinformation activities, the situation remained relatively calm. Mr. Cohen goes on to address the issue of "the lingering concern" of "Black Swan" incidents--unforeseen or unpredictable events that were not considered during the months of coordinated preparation among federal, state and local officials." This preparation also included the option of alerting private industry partners to take action if needed. Mr. Cohen closed the discourse by highlighting the continued US "laser focus" on adversaries, post-election.

Inevitably, Big Tech and election security converged most recently in the US Senate Judiciary hearings on 17 November. The discussion with Twitter's Jack Dorsey and Facebook's Mark Zuckerberg dealt with the two CEOs' action to moderate and label disinformation preceding and directly following the 2020 US election. The full hearing is available on the Senate Judiciary posting above, which includes solidly divided partisanship issues. An "executive" version is available by, inter alia, the Washington Post's Cat Zakrzewski and Rachel Lerman. They underscore how both sides of the aisle were critical, one that the two CEOs went too far, and the other that they didn't go far enough: "Lawmakers from both parties gave blistering assessments of the companies and said greater regulation of Silicon Valley was needed, signaling that could be a greater priority in the next Congress."

What is different, however, is that Twitter and Facebook had never executed this "moderation" process before. The article also notes that Mr. Zuckerberg spent the first 14 years of his tenure as Facebook CEO without testifying before Congress, but this was his third round since summer 2020...more to follow from the Hill, certainly.

Relatedly, however, is a broader issue: how free is free speech? The Economist addresses this in a focused, deep dive under the banner headline: "Who controls the conversation?" (Oct. 24) The discussion includes other Big Tech entities and embraces the world's tech users. Does an individual control his/her addition to a world databank, or do the Big Tech CEOs have a role, or even an obligation, to reduce misinformation that has led to murder, genocide, and/or manipulation? In the follow-on "Great Clean-up" analysis, the Economist (also Oct 24) addresses the question of whether the tech giants are actually making the right decision, and should it be their decision in the first place. The article cites statistics quite chilling, e.g., that Facebook counters17 million fake accounts every day, and that its removal of hate speech has "risen tenfold in two years." The charts accompanying the text of the article are clearly disturbing. This has led Big Tech to try to balance "...trade-offs between free expression and safely."

Attempts at "moderation" to deflate misinformation are not always successful. On 18 November, New York Times' (NYT) Sheera Frankel reported that YouTube videos endorsing the claim of widespread election fraud were viewed by 138 million people. As determined by YouTube, 34% supported the false claim and 66% disputed the claims or remained neutral. This is certainly unknown terrain in the cyber world. A spectrum of options has arisen on how to proceed, even to include the suggestion of the governments outsourcing "moderation" to non-governmental social-media councils. Facebook had established a new Oversight Board--an internal watchdog--on 22 October, but the Economist cast the board's scope as narrow and did not include posts algorithmically demoted unlike those deleted. And then there is how to proceed globally. Much work remains and one can expect democratic governments to engage.

Meanwhile, as the world assesses "What can you trust?" issues, the US Senate and House members, new and old, will continue to engage on Big Tech antitrust issues. So too is the EU engaging, most recently, on a European Union (EU) antitrust charge against Amazon.

Amazon, per the Associated Press's Kelvin Chan. (Herald Tribune, 11 Nov) was accused of "using its access to data from companies that sell products on its platform to gain an unfair advantage over them." This follows a 2-year EU study by the EU Commissioner in charge of competition issues. Fines have included $10 billion to Google and recent investigations into Apple. Stay tuned for follow-on activity.

In assessing this global impact, seemingly all roads lead to China. The 19 November Economist calls upon democratic countries to "take on China in the technosphere." The article outlines how wealthy Chinese tech giants can become--one at $2 trillion and two at $1 trillion. The digital giants are savvy AI and cloud-computing powers, and most of the 1.4 billion Chinese, "live online to an extent that Americans--many of whom still have cheque (sic) books--do not."

Unlike Facebook, YouTube and Twitter, China has no problem with censoring false news: its Great Firewall "...keeps undesirable digital content out. Within the wall, tech firms are allowed to fight it out as long as they are happy helpers of China's surveillance state." US Founding Fathers knew that democracy would be messy, but alternative governing choices are less so. The Economist goes on to contrast European views of regulation and notes that bilateral approaches won't work for multinational Big Tech firms with a global reach. In fact, it concludes with a nod to Ian Bremmer, America's Eurasia Group lead whom Cyber Scene cited in September 2020, that even if a grand bilateral bargain might be reached, the global cyberworld needs something like Mr. Bremmer's recommendation or at least a "General Agreement on Data and Digital Infrastructure," a "cybertwin" of the historic General Agreement on Tariffs and Trade (GATT) which gave birth to the current World Trade Organization (WTO).

As we review the digital travel from China to the Western World, Wired's Andy Greenberg reported on 5 November the arrest by the FBI of $1 billion in stolen bitcoins.

These bitcoins were, incidentally, "Silk Road" bitcoins derived from the dark web's drug profits. Technically, the hacker was in San Francisco, so this Silk Road looked eastward, post-Columbus. The perpetrator was nabbed, thanks to law enforcement's modern, blockchain analytic tools, for stealing dirty drug money. The 144,000 bitcoins seized were auctioned for $48 million, so crime does pay, but it is the US government that is richer. 

Submitted by Anonymous on