At a glance.
- "Perception hacks."
- Hyperlocal Karenic conflict.
- Sanctions and disinformation missteps.
- Militarized election security?
- Senate hearings with Big Tech.
- Recognizing legitimate websites.
"Perception hacks" in the US elections' endgame.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have steadily and credibly maintained that they've discerned no foreign success at compromising US election infrastructure, and indeed Foreign Affairs argues that, with the level of preparation seen at the Federal and state level, these elections may be the most secure in US history. Disinformation and misinformation, however, continue to be distributed (much of it at this point, the Washington Post says, arriving by text or email).
If, as has long been the case with Russian disinformation, and more recently with Iranian disinformation, the goal is to increase friction, to undermine the adversary's civil society by increasing mistrust in its institutions, then no actual successful cyberattack may be necessary at all. "Perception hacks," they're calling them in SecurityWeek and New York Times reports. Getting people to think the process is corrupt, or broken, is just as good as actually corrupting or breaking it. From the perspective of Moscow or Tehran, hacking a voting machine would be just gravy. Countering such perception hacks is a principal purpose of CISA's rumor control page.
Hyperlocal popular delusions, and the extraordinary madness of little crowds. (Hiya, neighbor!)
Lest one think that misinformation, disinformation, and simple ill-will are exclusive to the big, globalized platforms that received so much attention this week in the US Senate (see below), reflect on Nextdoor. Vox's Recode discusses what it calls "the messy politics of Nextdoor." One moderator told the journal that as far as he can see, his local site (and Nextdoor is locally moderated) is "descending into a cesspool of bad conversation.” Posts and comment threads are supposed to be both local and civil, and Nextdoor seems to have been committed from the outset to those values, but they've proven tough to inculcate and sustain at the platform's grassroots level. What might have been well-adapted to helping people find lost pets or helping kids find jobs babysitting and cutting grass has been (probably inevitably) infested with mean-spirited gossip, lunatic conspiracy theories (local, national, global, perhaps even cosmic), shaming, and superior self-congratulatory FYIs delineating the better sort of person's notion of proper conduct. (Were old-time town meetings like this? Probably.)
Sanctions and disinformation missteps.
The US Treasury Department last week announced sanctions against five Iranian organizations for their role in conducting disinformation operations aimed at the credibility of US elections. The five were the Islamic Revolutionary Guard Corps (IRGC), the IRGC-Qods Force (IRGC-QF), the Bayan Rasaneh Gostar Institute (Bayan Gostar--regarded as an IRGC front) and two media organizations, the Iranian Islamic Radio and Television Union (IRTVU) and International Union of Virtual Media (IUVM) (both Treasury says owned or controlled by the Qods Force.
"Dumb mistakes" facilitated attribution of the spoofed Proud Boys email threats to Iran: carelessness in a video attached to many of the emails left a traceable spoor, Reuters reports. Here’s how they say they know: it was possible, from the way the video was shot, to do some virtual shoulder-surfing.
“The video showed the hackers’ computer screen as they typed in commands and pretended to hack a voter registration system. Investigators noticed snippets of revealing computer code, including file paths, file names and an internet protocol (IP) address.” The IP address, hosted by Netherlands-based Worldstream, was traced to earlier Iranian attacks. Cross-referencing this and other clues in the video with other sources of intelligence, a US official told Reuters on condition of anonymity, clearly indicated Iran.
So straight up, the US says, it was Iran. A spokesman for Iran’s delegation to the UN dismissed the US accusations as malarkey: “These accusations are nothing more than another scenario to undermine voter confidence in the security of the U.S. election, and are absurd.”
Militarized election security?
War on the Rocks sensibly cautions against involving the military, “the nation’s professional managers of violence,” in every domestic problem, notwithstanding their current well-earned reputation for neutrality and public support. Charging officers with election security puts them in the position of “determining what counts as acceptable and unacceptable political content,” an assignment that will eventually cause tension. There are, of course, ways of countering election interference that don't involve the military in potentially invidious content moderation: US Cyber Command's continuous forward engagement with hostile foreign services provides one good example.
Senate hearings on Big Tech: content moderation, censorship, and accusations of bias.
Section 230 of the Communications Decency Act is the law that gives Internet platforms the intermediate status they presently enjoy, with most of the benefits of a neutral public square on the one hand and a publisher on the other, but without many of the responsibilities or liabilities of either. Section 230 has been widely credited with fostering the growth of the Internet, but its continuing utility has come into question in recent years as the Internet strikes many observers as having outgrown the need for that sort of shelter. The law has become a flashpoint for concerns about bias, censorship, incitement, and radicalization.
In advance of yesterday’s hearing, Big Tech faced bipartisan concern that Section 230 allows “companies to abdicate their responsibility to impartially moderate content,” WNYT reports. According to the Wall Street Journal, the hearings before the US Senate Commerce Committee largely addressed Senatorial concerns about online platforms’ content moderation. Facebook, Google, and Twitter CEOs testified; TechCrunch complains that Section 230 was hardly addressed, at least not directly.
Questions were perhaps predictably partisan, with Republicans concerned that Big Tech was censoring speech Big Tech didn’t care for but conservatives liked, and Democrats concerned that Big Tech wasn’t censoring enough speech progressives don’t like.
Twitter identified its cardinal sin as the failure to earn society’s trust and proposed additional transparency measures as a solution. Senator Ted Cruz (Republican of Texas) reprimanded the CEO for censoring journalists and deciding “what the American people are allowed to hear,” asking who elected Mr. Dorsey. (One assumes this isn't intended to suggest that anyone gets elected to decide what the American people are allowed to hear.) Other senators questioned why the platform censored President Trump but not presidential candidate Biden, Holocaust denials, or incitements of violence against Israel. Twitter, USA Today reports, clarified that its misinformation policy only covers certain topics, and dismissed the notion that the company has influence over elections. (Inter alia, Twitter also acknowledged that it doesn’t “have any information whatsoever” that the New York Post story concerning Hunter Biden’s emails is Russian disinformation or that the emails are inauthentic.)
Google's Pichai disclaimed any political bias “full stop,” while allowing that the tech industry as a whole probably leans left. Each platform denied refereeing political speech, and, Yahoo said, maintained that the law’s provision for moderating “otherwise objectionable” content is not overbroad.
Finding the legitimate website,
McAfee senior vice president and CTO Steve Grobman shared some advice with us on how voters might see through what he describes as a new form of voter intimidation, more anonymous because conducted online.
“While voter intimidation in the physical world is something we’ve seen throughout history, our digital world enables intimidation from across the globe under a cloak of anonymity. A wide range of threat actors can fabricate threatening email or social posts to coerce citizens into not voting or voting for a specific candidate. Techniques exist that enable these adversaries to appear credible due to challenges in the technology that powers email and social media. The ‘Proud Boys’ voter intimidation campaign that came to light this week is an example of this approach.
"Manipulation of vote processing systems to change vote counts is only one way to manipulate election results. Cyber-enhanced disinformation can be equally and potentially more effective in changing the outcome of an election. Digital voter suppression through intimidation or disinformation about the voting process can be an effective tool for an adversary.
"The U.S. government has confirmed that Russia and Iran have obtained voter registration information. Such data allows an adversary to build a precision disinformation attack to impact voter behavior in these critical days leading up to the election. By using individual voter data to instill fear, an adversary can muster power over voters at a personal level.
"We anticipate that we will continue see such disinformation campaigns focusing on multiple digital avenues, including email, targeted social media and traditional web postings. The content could drive the type of intimidation that we saw this week. There are many other forms of disinformation such as fabricated content related to candidates or the processes of where, when and how to vote.
"Social media and email can be used to propagate disinformation through video. Users should be skeptical as to the authenticity of video in that it is easy to manipulate through traditional editing or deepfake techniques. Video should be vetted with trusted news outlets.
"In 2020, there is not a simple way for voters to validate whether a county website is legitimate unless the name ends in “.GOV.” McAfee has studied this issue in depth and recommends voters go to their state’s secretary of state website to validate the legitimate local election site.”