< PREV | NEXT > | INDEX | SITEMAP | GOOGLE | UPDATES | BLOG | CONTACT | $Donate? | HOME

[2.0] InfoWars In The 21st Century

v3.0.0 / chapter 2 of 3 / 01 sep 24 / greg goebel

* The gradual accumulation of issues concerning data rights and data security that paralleled the rise of global computing finally came to a head in the raucous US presidential election of 2016 -- with an "infowar" arising that hasn't stopped yet. However, the conflict is gradually being addressed.

DATA SECURITY


[2.1] THE US ELECTION OF 2016
[2.2] THE GLOBAL INFORMATION SOCIETY
[2.3] THE US ELECTION OF 2020
[2.4] THE INVASION OF UKRAINE

[2.1] THE US ELECTION OF 2016

* In 2016, the data security controversy went to a full boil. The US presidential election of that year pitted Democratic candidate Hillary Clinton against Republican candidate Donald Trump in one of the dirtiest US presidential campaigns ever. Clinton was assailed by endless smears, most notably over her poor judgement to use a private server to handle work emails while she was secretary of state.

An FBI investigation exonerated her of criminal conduct in the matter, though was critical of Clinton's lax attitude towards data security. She acknowledged that the use of the email server was a mistake -- but it didn't make any difference, the smear campaign simply grew in intensity. Partly the campaign was based on "fake news", or fraudulent stories circulating on the internet -- most notably a tale of a pedophile ring, supposedly run by Clinton and the Democratic National Committee (DNC), centered on a pizza parlor in Washington DC. It should be noted that the tale had the pedophile ring operating out of the basement of the pizza parlor ... when it didn't have a basement.

This and other conspiracy hoaxes relative to the Democrats would, over the next few years, lead to consolidation under a bizarre online cult known as "Q-Anon", devoted to the fabrication of ever wilder conspiracy hoaxes to smear liberals. Disinformation had finally gone completely off the deep end.

Some of the fake news was obtained from Troglodyte Right (TR) websites run by Americans, along with a parallel "alternative media" apparatus, the most prominent element being Fox News. Trump also proved adept at drumming up support among his followers by sending out propaganda, often ridiculously fraudulent, over the Twitter messaging system.

However, the Clinton campaign took the most punishment from Wikileaks -- a website set up in 2006 to distribute secret materials, run by an Australian named Julian Assange. Wikileaks published floods of materials damaging to the Clinton campaign, notably from hacks into the DNC. In parallel, it became obvious that the Russian government, under President Vladimir Putin, was running a disinformation campaign to deny Clinton the presidency, the Russians regarding Clinton as an enemy. Trump, in contrast, spoke highly of Putin and envisioned an American partnership with Russia.

The Russian attempt to influence the election was blatant and used every dirty trick in the book, with Russian trolls picking up themes from American extremists and amplifying them in social media -- the Facebook social media website being a particular outlet. The Russians had long experience in spreading disinformation in European countries; the attacks on the US represented an escalation in Russian ambitions.

In the end, Trump won the election, if just barely -- prevailing in the electoral vote, but losing the popular vote. Clinton's use of a private email server substantially contributed to her defeat. Ironically, it appears nobody hacked into the email server, since there were no leaks from it via Wikileaks; possibly it was hacked, but nothing controversial was found.

Of course, the dirty presidential campaign led to a high level of agitation that only picked up steam after election day. The disinformation continued without a letup, in fact being enthusiastically generated by President Trump. In response, there was a pushback against fake news, with skeptics trying to get fake news sites shut down, or at least deprived of advertising revenue. Facebook came in for intense criticism, with chief executive officer Mark Zuckerberg called to testify before Congress in 2018. The worst offense of Facebook was that the company had allowed organizations working for the Trump campaign to mine user information to generate highly targeted smear campaigns against Clinton among Facebook users.

Wikileaks and Assange were also heavily criticized, it having become obvious that the website exclusively targeted Western democracies -- while leaving authoritarian regimes like Putin's alone, not being choosy about where the leaks were coming from, and not bothering to redact even the most sensitive information. Assange's meddling in the US election and effective assistance to Trump made him many enemies. He ended up in the Ecuadoran embassy in London, hiding out from sexual assault charges in Sweden; he feared, with good reason, that the US would snatch him if he went outside the embassy walls.

Assange was finally evicted from the embassy in 2019 and bodily hauled off by British police. He went to a British lockup, with the Americans interested in getting their hands on him, to face spying charges. British courts were not enthusiastic about handing him over, so Assange languished in a UK prison until 2024 -- when the Australian government asked the US government to let him off the hook. He pleaded guilty to charges and was sentenced to time served, to be immediately released, and then forgotten.

In any case, as fallout from the 2016 election the US Department of Justice (DOJ) began an investigation of Russian involvement in the election, with the extended investigation indicting both Russian officials and American citizens. A later bipartisan Senate investigation would also shine light on the activities of the Russian trolls. President Trump pushed back on the investigation, since it undermined the legitimacy of his election -- with the most suspicious of the public wondering if there had been active collusion between Trump and the Russians.

This suspicion was inflamed by the fact that, during the presidential campaign, Trump had publicly called for the Russians to steal and reveal Hillary Clinton's files. The reports of the two investigations did not conclude there had been provable collusion, but there was no doubt of connections between the Trump campaign and dodgy Russians. A total of 34 individuals & three companies were indicted by the investigation, resulting in 8 guilty pleas or convictions -- including five Trump associates & campaign officials.

Trump retaliated against the DOJ by contriving a case that the FBI had been pressured by the Obama Administration into spying on and attempting to subvert the Trump election machine. There was no honest evidence that was so, and nothing of substance was ever established to support the accusation. Ironically, although the Left had traditionally been critics of the FISA Court, the Trump Administration joined in as well, on the basis that it had allowed the "spying" on his campaign. In any case, "counter-investigations" sponsored by Trump and his advocates would persist until after he left office, though they would never amount to anything.

In sum, the US presidential election of 2016 was a huge shock, with weaponized disinformation -- the "firehose of falsehood", as it was called -- rising to the top of data security concerns, to become a geo-strategic issue.

BACK_TO_TOP

[2.2] THE GLOBAL INFORMATION SOCIETY

* While the US electoral fuss was going on, other components of the 21st-century data-security challenge were becoming evident. Along with online surveillance, real-world surveillance was becoming more prevalent as well -- partly due to the growth of security cameras, along with bodycams and dashcams, but also due to the widespread use of camera-equipped smartphones. By 2010, few significant events took place that weren't caught on video.

The smartphone was less of an issue than the government use of surveillance cameras. As surveillance networks grew, it became ever more difficult to monitor the data, and so the networks were increasingly monitored by artificial intelligence (AI) technology that could identify events of interest and flag them for inspection. There was a parallel growth in AI facial-recognition systems, which led to a debate over the use of AI systems by law enforcement -- both because such systems are prone to "false positives", meaning they think they've found something when they haven't, and tend to be biased against minorities. For such reasons, the courts are reluctant to admit facial-recognition matches as evidence.

Concerns over surveillance are being worked out, piece by piece, in the West. Anxieties on that subject have been enhanced by the example of China which has, so far with an unpleasant degree of success, gone a long way towards construction of a security state -- particularly in Xinjiang Province, home to China's restless Uighur Muslims. Along with comprehensive online surveillance, China has set up networks of surveillance cameras, backed by facial-recognition systems. Xinjiang is littered with checkpoints, where Uighurs are required to hand over their smartphones for inspection. The state also installs "spyware" on the smartphones of citizens. Uighurs regarded as suspicious by the state often end up in a network of re-education camps.

* The Chinese example highlighted the issue of data rights versus the spread of government data systems. From the 1990s, governments investigated wider use of the internet -- generally for the benign purpose of streamlining government bureaucracy and helping citizens. Small countries, which didn't have such a big data management challenge, were the pioneers. In Denmark, by the start of the second decade of the 21st century the government had effectively moved all functions to the net that could be shifted over.

Danish parents could check on the availability of kindergarten slots for their tots, or update health insurance. Government offices could be easily contacted online, with all documents citizens needed available online as well. All government transactions were handled online. All Danish residents had to designate a single bank account for dealings with the government, with direct deposits to the account replacing check or cash payments for benefits, pensions, and so on. The system was efficient and convenient for the technically-literate; not so convenient for the technically-illiterate.

There has also been a push for online voting, Estonia being one of the pioneers, and finding the scheme at least as secure as paper voting. However, as with Denmark, Estonia is a small country, and doesn't have such a formidable data-management problem; Estonia, faced with Russian cyber-meddling, also acquired an unusually strong data security capability. Another advantage Estonia had was a national electronic-ID (E-ID) system, a notion that wasn't popular in the US or the UK.

National E-ID and national data systems are linked concepts. That was demonstrated in 2009, when the Indian government began work on a plan to issue a biometric-based "unique identity (UID)" card to all the country's 1.2 billion inhabitants. In the following decade, enrollment centers were set up across the country, with officials canvassing the country, from city slums to isolated villages, taking photos, scanning retinas and fingerprints.

The entire country was signed up, obtaining 12-digit UID numbers, with the biometric data stored in a database named "Aadhaar", Hindi for "Foundation". There was also an effort to set up a public digital infrastructure, named "India Stack", to allow India's people to store and share their personal data. That could include bank statements, medical records, birth certificates, or tax filings. In addition, the system involved a "Unified Payments Interface (UPI)" for transfer of funds, based on biometric ID, with the government working to phase out cash in favor of electronic transactions.

Central, state, and local government could leverage off Aadhaar, using it to provide welfare benefits, issue passports, update land records, and so on, ensuring that citizens got benefits they were supposed to get, while filtering out fraud from officials in the benefits pipeline. To that time, there were at least 20 different proofs of identity in India, such as birth certificates, driver's licenses, and of course caste certificates -- this was India, after all. Unfortunately, none were universally recognized. That was not only inefficient on the face of it, but made life difficult for poor Indians who migrate around the country; they often became nonpersons, losing access to government assistance programs.

Aadhaar was impressive, but it presented difficulties on its introduction -- a big one being that India didn't have strong privacy or data protection laws, and there were concerns about misuse of the data. Of course, there was the ever-present threat of error, fraud, and particularly break-ins and leaks, which of course did happen. Defenders of the system claimed the problems were not show-stoppers and could be dealt with in time, with the critics broadly agreeing, just pointing to defects to work out. Whatever problems India's national data system has had, it is not like the Chinese model.

* Incidentally, during this timeframe, improved data security technologies became widely available, most notably "smart cards". They look like conventional charge cards, except that they have a chip on them that contains a private key that can't be read out; only the card knows what it is. To test a card, a value can be encrypted with its public key, and the result fed to the card; the card can decrypt the result with its private key -- asymmetric encryption works both ways -- and spit out the value. If there's a mismatch between the public and private keys, the value won't be returned. This same approach can be used with similar devices, such as hardware ID keys. ID keys have been standardized by the "Fast Identification Online (FIDO)" Alliance, providing substantially enhanced security for online logins.

Smart cards were introduced in Europe in the 1990s, but they didn't start to catch on in the USA for over 20 years, due to the inertia of the old insecure magstrip charge-card technology. Along with smart cards, the ubiquitous smartphone now offers biometric ID, including thumbprint or face recognition; smartphones are built with security hardware to make faking more difficult, with an individual smartphone being as uniquely identifiable as a FIDO key. Not incidentally, a smartphone will also require a password or the like for access, with such "multi-factor authentication" improving security.

For online purchases, users still have to submit charge-card numbers that can be copied, but that issue has been addressed to a degree by screening software -- these days boosted by AI technology -- that can identify anomalous use of a charge-card number and alert the user, usually by email, to provide a temporary authentication code. The problem of charge-card ripoffs persists, but it isn't as troublesome as it was.

BACK_TO_TOP

[2.3] THE US ELECTION OF 2020

* The data-security issues that became apparent in the 2016 US election didn't go away, rolling along through the Trump Administration. As mentioned, investigations of Russian trolling in the 2016 election had led to unfounded counter-accusations of "dirty tricks" against the Trump campaign. Trump also increasingly pushed back on social media companies for "censorship" when they shut down TR trolls, with running invocations of the 1st Amendment -- few understanding that the 1st Amendment merely said the government couldn't lock people up for what they said, and did not say companies had an obligation to give everyone a free global platform where they could say whatever they liked. Trump made noises about revoking Section 230, but it didn't happen.

By 2020, the US Trump Administration was making a fuss over strong encryption again, saying it aided terrorists. It was the same quandary as always: there was no way to subvert data security without making everyone more vulnerable to the Black Hats. The Trump Administration also worked against what was known as "net neutrality" -- the doctrine that internet service providers should not impose arbitrary limits on internet access, such as throttling internet services, or prefer or deny access to specific internet services. The Federal Communications Commission rules requiring net neutrality were overthrown, in the face of loud public protests. Several states, most notably California, passed their own net-neutrality laws in response, limiting the damage until the rules were restored by the next administration.

In addition, the Trump Administration was engaged in a war against Chinese tech vendor Huawei, one of the attacks being the claim that Huawei had built "back doors" into their gear to snoop for the Chinese government. That led to the irony of the US government protesting back doors in Chinese gear, while saying that Apple iPhones should have back doors as well. How many iPhones could Apple sell overseas if potential buyers knew the US government could get into them? Not many. Many US buyers wouldn't like it, either. It is hard to believe that the Congressman denouncing strong encryption would be happy knowing their phones were insecure.

In another irony, in response to worries about the security of Huawei gear, Britain set up a lab, funded by Huawei, to check the security of Huawei's products. Huawei was happy with the arrangement, since it provided more testing, and also enhanced the Huawei's reputation. The UK lab could be seen as the nucleus of an international data-security certification organization (IDSCO).

While all that was going on, in 2020 the world was hit by the COVID-19 pandemic, which led to social lockdowns and a drive towards virtualization of business, education, and entertainment -- underlining the importance of data rights and data security. The pandemic made the US presidential election of 2020 troublesome, with a push for voting by mail to reduce the pandemic hazard. Some American states had long voted by mail, so it wasn't anything all that new, but it was an adjustment for other states.

What particularly complicated matters was the fact that President Trump insisted, without evidence, that voting by mail encouraged voter fraud -- and went so far as to declare an intent to defund the cash-strapped US Postal Service (USPS), so that mail ballots couldn't be collected. The COVID-19 pandemic led to a "disinformation pandemic", with loosely-organized groups promoting resistance to pandemic-control measures online by telling endless malicious lies -- a process aided by Trump himself, who attacked his own health experts and worked to undermine them.

Trump lost the 2020 election to Joe Biden by a clear margin -- to then start pushing back again, claiming the election had been stolen from him, and working obsessively to get critical election counts overturned. That led, on 6 January 2021, to Trump inciting a mob to ransack the Capitol Building, in a futile attempt to stop certification of the vote. He was promptly booted off social media -- but remained at large, as Congress slowly assembled an investigation to take him to task. TR outlets like Fox News backed up Trump, in particular saying that voting machines had been badly compromised. In consequence, Fox News was sued for defamation by Dominion Voting Systems, a major manufacturer of voting machines.

* In the meantime, social media remained under fire. In late 2021, a whistleblower named Frances Haugen who had worked for Facebook testified to Congress about the diseased company culture there -- saying that Facebook harmed children, sowed division, and undermined democracy in pursuit of breakneck growth and "astronomical profits."

Haugen told Congress that Facebook consistently chose to maximize growth instead of implementing safeguards, while it kept to itself internal research that illuminated the harms of Facebook products: "The result has been more division, more harm, more lies, more threats and more combat. In some cases, this dangerous online talk has led to actual violence that harms and even kills people."

Before Haugen left Facebook, she copied thousands of pages of confidential documents and shared them with lawmakers, regulators, and THE WALL STREET JOURNAL -- with the WSJ publishing a series of reports titled THE FACEBOOK FILES. Her testimony to Congress was highly credible, since she was obviously intelligent, articulate, professional, and organized. She claimed that Facebook was never forthright when outsiders tried to probe the company: "Facebook chooses to mislead and misdirect. Facebook has not earned our blind faith."

Haugen urged lawmakers to examine the algorithms that drive popular features in social media apps, like the main feeds in Facebook and elsewhere. The algorithms rewarded engagement: postings that got comments, "likes" and other interactions were spread more widely and were featured more prominently in feeds. The engagement-based formula was biased towards the distribution of rage, hate, and disinformation, all the more so because it could be readily gamed by the Black Hats. She suggested that the algorithms be publicly listed, and that while social media operators couldn't be liable for content, they could be liable for algorithms. Haugen, however, was against breaking up Facebook -- since the separated components could network to maintain the status quo.

There was clearly a problem with Facebook, but the rage against it was often incoherent. Both Democrat and Republican politicians blasted it, but were short on realistic solutions, and sometimes worked at cross purposes: Democrats, for example, wanted to suppress trolls such as antivaxxers, while Republicans insist that there should be no "censorship" of even the most ed toxic trolls. Of course, many of Facebook's problems are those of the internet in general, particularly trolling and "fake news". For the moment, the complaints went nowhere -- though the Biden Administration did move forward on antitrust litigation against Big Tech companies, starting with Google, though the focus was on unfair business practices.

* The Biden Administration remained focused on a legislative agenda, complicated by the malicious lies told by Fox News, other TR media outlets, and online trolls to undermine the government and keep the COVID-19 pandemic going. In addition, the US was hit by a spate of "ransomware" attacks on infrastructure companies, in which criminal gangs seized control of their systems and only relinquished it after payoffs.

Nonetheless, there were signs of a changing landscape. In late 2022, Alex Jones was ordered to pay $1.5 billion USD to the Sandy Hook families in restitution for defamation. The next year, Fox News settled with Dominion Voting Systems for almost $800 million USD. Actually getting the money out of Alex Jones would prove difficult -- but it was still clear that a legal cadre had arisen to take on trolls, and the courts were accepting their lawsuits. Following the settlement with Dominion, other plaintiffs lined up to take on Fox News, which no longer had much of a future.

BACK_TO_TOP

[2.4] THE INVASION OF UKRAINE

* In early 2022, Russian invaded Ukraine, touching off a devastating and protracted war. From the outset, along with the battles on the ground there was a battle in cyberspace, with Russian hackers facing off against Ukrainian hackers. Much to everyone's surprise, the Russians having been long seen as masters of cyber-warfare, they failed to achieve anything of significance. The Ukrainians had implemented solid cyber-defenses, and Ukrainian hackers -- assisted by colleagues in other countries such as Estonia -- flew rings around the Russians. A lot of the activity was prankish, DOS attacks and such, but there was undoubtedly considerably cyber-spying behind the scenes.

Russian online propaganda similarly fell flat. It wasn't for lack of effort, but because it was unbelievable -- the Russian claim that they were "liberating" Ukraine from a "Nazi" regime (led by a Jewish president) foundering in documented stories of Russian atrocities. The Ukrainians, in contrast, were adept in their propaganda, for example running a video series about Ukrainian soldiers with their "battle cats" and dogs, while publicly releasing intercepts of phone conversations by demoralized Russian soldiers. Russian propaganda, in contrast, was clumsy and blatantly fraudulent.

Indeed, the Ukrainians took cyberwarfare to a new level, with Ukrainians in Russian-occupied territory using their smartphones to provide intelligence. They employed a chatbot named "eVorog" to qualify the intelligence and a robust ID app named "Diia" to provide security, with Diia normally being used to providing access to government services.

Against the backdrop of the war, in late 2022 American billionaire Elon Musk took over the popular Twitter short-messaging social-media system, with an agenda of "free-speech absolutism" -- which translated into eliminating moderation, allowing bots and trolls to run completely loose there, while Musk cynically equivocated on the Ukrainian cause. It was generally believed that Twitter, which he relabeled to "X", no longer had a future, but it had such momentum that replacements were slow to come online.

Eastern European countries, confronted with Russian disinformation that ramped up with the war, took measures to deal with the threat, even changing school curricula to teach students how to recognize disinformation. In 2023, Estonian Prime Minister Kaja Kallas, speaking at a cyber-security conference in Sydney, Australia, suggested that the war in Ukraine was providing major lessons on cyber-defense. She began with:

BEGIN_QUOTE:

Nearly two years ago, I had the opportunity to chair the first official UN Security Council meeting on cyber-security. Almost everyone at the meeting stressed what all states have already agreed: international law, including the UN Charter in its entirety, applies in cyberspace. Russia did not.

... there are four things of which we need to take note, and four things all free nations must do.

First, we need to understand that integrating cyber-warfare into regular warfare is now established practice. An hour before Russian tanks rolled over Ukraine's border, Russia disrupted Ukraine's access to Viasat communication satellites. The aim was to leave the Ukrainian armed forces without one of their communications lines, as well as having a broader spill-over effect on broadband services that, for instance, control the remote monitoring of wind turbines in Germany. Russia has also targeted communications and IT infrastructure such as data centers and wireless masts in the same way it has targeted energy infrastructure.

Second, having a well-protected digital infrastructure is crucial. Ukraine's digital backbone has enabled the state to keep delivering services online during the war. Many Russian cyber-attacks have failed because Ukraine had spent years building up cyber-resilience, with help from Estonia and others, and has now had extensive wartime assistance.

And now it has lessons to teach us. Using apps such as Diia, the Ukrainian government has shown how technology can help taxes to be paid, public services to remain available and data to be kept secure even during war. Such technology also allows Ukraine to continue providing services for millions of refugees spread across Europe or trapped under Russian occupation. Estonia is already working with Ukrainian partners to adapt Diia for our own citizens.

Third, there is still a sense that bad actors can do what they want in cyberspace. While there have been significant examples in recent years of major cyber-attacks being attributed to foreign governments, it has not necessarily led to a change in behavior. The complexity of ascertaining who is behind attacks and following up with real consequences still makes some actors see cyber-warfare as an attractive tool. Russia continues to use so-called "DOS diplomacy" -- bombarding websites with traffic to send political signals and to try to disrupt services beyond Ukraine. Nearly every week, Estonia experiences cyber-attacks on government and private services. The effects have been minimal, because we are well prepared and the attackers are not sophisticated. But a bigger threat lies elsewhere: malicious state-sponsored cyber groups are becoming more active across the world and sometimes gang up with ransomware groups.

Finally, the private sector has transformed its role during this war, and taken public-private partnership up a level in defense of digital infrastructure. Though social-media platforms are not doing enough to prevent the spread of disinformation, companies like Palo Alto Networks and Amazon Web Services have provided much-needed services and security measures for Ukrainians to defend their critical infrastructure and government services. Co-operation with companies like Microsoft, cyber-security specialists Mandiant and others has also been crucial.

END_QUOTE

Kallas said that in response to the threats, democratic nations need to be prepared to continue to deal with cyber-warfare after the shooting stops, and invest in defensive measures. That implies developing new methods and setting up new systems. The bad actors need to be identified, neutralized, and held accountable. Finally, cyber-defense needs to become a function of democratic society as a whole:

BEGIN_QUOTE:

... we must build connections beyond current institutional limitations. It is clear that security for liberal democracies can no longer happen in silos. We must set standards with those we can trust, especially as new technologies like artificial intelligence, 5G and quantum computing become realities. Governments must better link with counterparts in other countries, as well as building partnerships with businesses and civil society.

Tyrannies like Russia will keep trying to turn technology into a tool of oppression and a means to destabilize free societies. Our job is to prevent that, to help Ukraine win the war and to build solid alliances. We must ensure impunity does not prevail in any sphere, and cyberspace is no exception.

END_QUOTE

Incidentally, in late 2022 Edward Snowden announced he had become a Russian citizen. Snowden having decided to throw in his lot with an authoritarian, oppressive, and imperialistic regime, what credibility he had left evaporated.

Also incidentally, early in 2023 Microsoft introduced a new system for its Bing search engine, based on a chatbot named "ChatGPT" that could, under good circumstances, compose coherent documents in response to a query. It was the leading edge of "generative AI (GAI)" systems with composition capabilities, able to create images, articles, novels, songs, and video by request.

There was considerable fuss over the introduction of GAI, with worries that its ability to construct convincing "deepfake" videos would lead to its use to propagate disinformation. From a data-security standpoint, however, GAI didn't change matters much, the world already being awash in fakes, and many people eager to believe in them. It was much more significant in threatening, for example, the livelihoods of Hollywood scriptwriters -- who stood to be put out of work by GAI-written scripts -- and also posed difficult questions in copyright law, with authors and musicians pressing lawsuits when GAI systems were trained using their written works and music.

BACK_TO_TOP
< PREV | NEXT > | INDEX | SITEMAP | GOOGLE | UPDATES | BLOG | CONTACT | $Donate? | HOME