Reining In Data-Crazed Tech Companies, Part 2

Several countries — including the United States, France and Germany — have pointed a finger at Russia for meddling in their elections. Part 1 of this two-part series covers how Russia used social media as a big part of that effort.

Facebook has been scrambling to win back the public’s trust since the Russia and Cambridge Analytica scandal. However, it’s not clear what exactly hostile nation states have been up to on social media. For example, has Russia merely been making an opportunistic play on Facebook and capitalizing on users’ gullibility? Or have we, the American public, been targeted as the virtual victims in a cyberwar?

Defining ‘Cyberwar’

There are casualties and victims of election meddling. For example, the election of an anti-immigrant candidate in a conflict zone could result in refugees being turned away and left to die. A war hawk might spin up new wars or scale up existing ones, resulting in casualties in all affected countries.

Conversely, meddling to get someone elected who would lift trade sanctions or otherwise favor the interfering country could reduce the number of people adversely affected by shortages. All of this is to say that yes, elections have consequences. They affect people in the real world, and often all around the world.

That being the case, might Russia’s meddling with the U.S. presidential and other elections constitute acts of war? Have we become pawns in a cyberwar, or even casualties of a sort?

“Russian meddling in U.S. elections is a serious problem, and their fake news on Facebook may be illegal if it is intended to sway elections,” said W. K. Kellogg Associate Professor at the University of Michigan School of Information.

“However, I would hesitate to call it ‘cyberwar.’ If political messaging to influence another country’s population is cyberwar, then America’s ‘Voice of America’ radio programming overseas would be cyberwar,” he told the E-Commerce Times.

It appears that the U.S. government agrees that cyberattacks and social media manipulations do not in themselves constitute a state of war. The Department of Defense Law of War Manual defines the proper labeling of various aggressions and delivers guidance to the U.S. Armed Forces on such matters. This extensive tome addresses digital attacks with physical impacts, such as an attack on a dam or a power grid, but it doesn’t consider theft of personal data or defacing websites as an act of war.

Others agree there must be a physical element with the cyberattack to qualify as cyberwar. Some argue that Russia’s attacks on voting machines could be that qualifying element.

“To fully understand the risk to voting, one needs to understand the full lifecycle or cyber key terrain of elections,” said Laura Lee, EVP for rapid prototyping at Circadence.

“In the case of nation state election voting, key terrain includes the vendor who manufactures the system, the voting registration database and software system, the end-point voting machine, and the back-end infrastructure that tallies and hopefully audits the system.”

However, attacks on voting machines may not qualify as physical attacks either.

“A cyberwar is determined when a nation-state carries out an offensive and aggressive attack on another nation; however, it is typically used to ensure that traditional weapons are more successful by taking out any defensive or intelligence capabilities,” explained Joseph Carson, chief security scientist at Thycotic.

“Cyber typically is used to weaken the target before carrying out other attacks,” he told the E-Commerce Times.

“We are currently in a cyberoffensive, and cyberweapons are being used; however, we are not quite yet in a full all out cyberwar,” Carson said.

“Cyber is typically only one element of war,” he pointed out. When cyberweapons are “combined with traditional weapons, then we can confidently say yes — we are in a cyberwar.”

Cause and Attribution

Like most forms of nation-state sponsored aggressions, pinning the act to the right culprit is challenging — and if you can’t answer the whodunit question, it’s hard to pinpoint a cause.

“Misdirection is often used in cyberattacks to create conflict or wrong conclusions, so the victim of the cybercrime is continuously looking in the wrong direction and wasting resources chasing after another victim,” Carson explained.

“Attribution is actually one of the most difficult parts of cyberattacks. Without concrete and transparent evidence, we can only go on trust that the government has conducted effective digital forensics, and without doubt attribute those cyberattacks back to Russian government,” he added.

Given the well-documented mistrust between the Trump administration and the U.S. Intelligence Community (IC), it is unclear whether the administration would accept or act upon such digital forensics. Certainly, it has been loath to do so thus far.

However, the IC is unlikely to base attribution on digital forensics alone. It has other methods of deducing who is behind what action. Thus, its attributions are likely to be more certain than those of a private sector security research firm that does not benefit from government resources.

Unfortunately, the IC doesn’t like to reveal its methods in court as part of discovery, which is why it is rare for formal criminal charges to be leveled against nation-state sponsored culprits. Special Counsel Robert Mueller’s recent indictments of 13 Russians is one exception that proves the rule, but it is not the only exception. From time to time, the U.S. government has listed nation-sponsored cyberattackers on the FBI’s Most Wanted List.

In other words, nation-state sponsored cyberattacks and social media manipulations have been treated as crimes rather than as acts of war.

“Russia’s delivery of fake news is opportunistic. It applies Russian genius for propaganda to Western democracies’ open, data-enhanced Internet delivery channels,” said the University of Michigan’s Toyama.

Social Media Propaganda

Several countries have attributed recent election meddling to Russia, and have identified social media as Russian President Vladimir Putin’s biggest propaganda tools.

“Technology’s primary impact is to amplify underlying human forces. Facebook amplified the effect of Russian meddling, whose underlying causes are political,” said Toyama.

“There would be no Russian fake news scandal unless Russia were willing to fund the creation, dissemination, and targeted advertising of fake news abroad,” he said.

While several countries have agreed that social media was at the crux of recent Russian attacks on elections, their strategies for dealing with it have differed. The European Union has launched voter education programs and adopted the General Data Protection Regulation (GDPR) to help protect elections there. However, the U.S. has made no comparable effort, and it has no national data privacy protections at all.

Facebook had been working to appease the American public in the hope of avoiding stiff regulations. It recently suspended hundreds of apps in its effort to prevent another Cambridge Analytica user data abuse scheme.

However, those steps appear to have had little effect on restoring user trust.

Trust in Facebook has dropped by 66 percent since the Cambridge Analytica scandal and the downward trend has continued, a recent Ponemon Institute survey found.

It appears that the U.S. may need to follow the EU’s lead on voter education and regulations if elections are to be protected from malevolent foreign influences.

“Regulations at least as strict as those that apply to broadcast media with respect to elections should apply to the Internet and social media,” argued Toyama. “To begin with, there must be ‘know your customer’ rules for Internet advertising platforms — it’s not enough to accept ads from anyone with the money to pay for them.”

Pam Baker

Pam Baker has been an ECT News Network reporter since 2007. Her main areas of focus are technology, business and finance. She has written hundreds of articles for leading publications including InformationWeek, Institutional Investor magazine, and TechTarget. She has authored several analytical studies on technology, as well as eight books, the latest of which is Data Divination: Big Data Strategies. She also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club, Society of Professional Journalists and the Internet Press Guild. Email Pam.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

To earn your loyalty as a consumer, how important is it that a brand provides a personalized experience?
Loading ... Loading ...

Technewsworld Channels