Cyber Scene #61 - Ghosts of Cyber Past

Cyber Scene #61 -

Ghosts of Cyber Past

As the season falls into place, the ramp up to a cornucopia of cyber delights is looking more like spewing hack-laced Halloween tricks. Even as we deal with new October 2021 cyber crises, this Cyber Scene draws from the distant past including the 1st Amendment (freedom of speech) and the legal mind—now a century ago--of Supreme Court Justice Louis Brandeis and his critical arguments on regulation.

As of this writing, there is breaking news regarding SolarWinds' renewal of activity in the U.S. On 25 October, New York Times' (NYT) David Sanger's "Ignoring Sanctions, Russia Renews Broad Cybersurveillance Operation," sums up how Russia's S.V.R.—a new-ish labeling of the old KGB-- launched a new campaign shortly after President Biden issued sanctions in response to a trail of Russian spy global operations. This step backward was announced by Microsoft top security officials and cybersecurity experts on 24 October. The impact of the SolarWinds attack is aimed at piercing "…thousands of U.S. government, corporate and think-tank computer networks." There is a particular diplomatic fly in this cyber ointment: following a discussion between Presidents Biden and Putin, Biden "pared back the penalties" and imposed milder sanctions against financial institutions and tech companies in April 2021 saying to Putin, "Now is the time to de-escalate." Microsoft stated that six hundred organizations were victims of 23,000 attempted hacks, but it did not specify how many attempts were successful. This led to a discussion of responsibility resting on the shoulders of the intended victims. An unidentified official stated: "We can do a lot of things, but the responsibility to implement simple cybersecurity practices to lock their—and by extension, our—digital doors rests with the private sector." However, on the federal level, officials say that they are "aggressively using new authorities from Mr. Biden to protect the country from cyberthreats, particularly noting a broad new international effort to disrupt ransomware gangs, many of which are based in Russia."

More specifically, Drew Harwell of the Washington Post reported on what the author termed "a guerrilla war on tech companies" particularly devastating as it exposes "fiercely guarded secrets" of the internet. Amazon's streaming site Twitch, to include its entire source code, seems to have been the leading target. Cyber experts are concerned, according to the Post article, because the hackers are not well known. Anonymous is blamed for this last hack. Hackers boasted: "Bezos paid $970 million for this. We're giving it away FOR FREE." They portray themselves not as cybercriminals or ransomware gangs but as serving the public, since their booty ends up on the public internet. The Post article also notes that, perhaps relatedly, Facebook, Instagram, and WhatsApp suffered an hours-long outage 3 days earlier on 4 October.

Facebook, however, has recently been in the throes of several attacks-gone-public. Some have of late spilled over onto Capitol Hill as well as the British Parliament, and four distinct media sources to be cited as follows.

One unusual discussion of Facebook (or "Facebookland") comes from The Atlantic's Executive Editor Adrienne LaFrance. In her "opening argument" she posits that "The social giant isn't just acting like an authoritarian power. It is one." She is extremely critical of CEO Mark Zuckerberg. In contrast to Einstein who attempted to save the world from the atomic bomb, she describes the creator of Facebook as the image of a hostile foreign power, focused on its own expansion and "indifferent" to the endurance of American democracy. Facebook's "population" is 2.9 billion, equal to those of China and India combined. She notes that as a "nation state," Facebook calls for "…a civil defense strategy as much as regulation from the Securities and Exchange Commission." She continues, describing organizational structure in terms of a judicial branch as well as a legislative one. With 58% of his company's stock, the CEO is the undisputed authoritarian leader of the executive branch.

As strident as this article is, follow-ons across the media spectrum in October are stronger still. Former Facebook employee Frances Haugen appeared before the US Senate subcommittee nearly 3 hours on 5 October to testify, based on internal Facebook documents she was privy to, about Facebook's influence and role as a social media giant. As a whistle-blower, she believed that Facebook was morally bankrupt and downplayed its own role of influence across a wide spectrum—from ethnic violence to teenage depression.

Following Ms. Haugen's Senate subcommittee testimony, The Economist underscored the importance of Ms. Haugen's information tersely: "The public has long suspected Facebook of two-faced toxicity but lacked fresh internal communiques to prove it. That changed when Ms. Haugen released a trove of corporate documents to regulators and the Wall Street Journal." It also applauded her success in bringing both Senatorial aisles together: "Senators, who cannot agree on such uncontroversial things as paying for the government's expenses, united against a common enemy and promised Ms. Haugen that they would hold Facebook to account."

The Wall Street Journal (WSJ), which as noted above was the first to publish Ms. Haugen's revelations regarding internal Facebook documentation, also covered the session Ms. Haugen had with a U.K.'s parliament committee on 25 October. The UK has been at the forefront in calling for more regulation regarding Facebook and other international cyber players.

It is no surprise that the U.S. Senate is moving toward more regulation. The Post reports on 14 October--following Ms. Haugen's discussion with the Senate subcommittee-- the Senate Judiciary Committee is introducing a bill to restrict the tech giants' practice of favoring their own services and products over their rivals.

The Senate is particularly looking at Amazon, Facebook, Apple, and Google. In other words, it would make "self-preferencing" illegal and reduce anticompetitive behavior. Senator Klobuchar, chair of the Senate Judiciary Committee, cites the Sherman Act of 1890 which prohibits anticompetitive agreements as well as attempts to monopolize. Of course, John Sherman wasn't thinking of digitized competition or lack thereof 130 years ago, so digital updates are needed. Supreme Court Justice Louis Brandeis wasn't thinking digital either, but he did however foresee the need for regulation in the early 1920's, which is the lead into the subject of the Supreme Court itself.

The US Supreme Court (SCOTUS) is back in session with the new 2021-2022 term having begun on 4 October. According to the docket they intend to hear 32 cases. Ten of these may indirectly relate to cyber but as the Economist synopsis "SCOTUS Term Time" (October 2) notes, the docket is more likely to focus broadly on states' rights v dominant federalism as well as a dozen dicey health-life-death issues. Derivatives from these issues might however impact cyber and the role of privilege and FISA (the Foreign Intelligence Surveillance Act).