A Fresh Batch of Tech Potpourri

Hello and happy Thursday! First, a few quick updates: 

• I reviewed the testimony of Twitter whistleblower Peiter “Mudge” Zatko and found no real surprises, but his concerns are still very serious. When he appeared before the Senate Judiciary Committee recently, Mudge reiterated many of the points from his 84-page complaint, namely: (1) Twitter executives are financially motivated to ignore problems like loose data access; (2) Poor data tracking makes it next to impossible for the platform to protect against or respond to cyber risks; and (3) This lax security and the presence of actual foreign spies on the company’s payroll make Twitter a national security risk. I suspect he got policymaker attention when he said, “It doesn’t matter who has keys if you don’t have any locks on the doors. It’s not far-fetched to say an employee inside the company could take over the accounts of all the senators in this room.” So far, Twitter has responded by saying, “Nuh-uh,” but this isn’t going away. 

• One week after TikTok COO Vanessa Pappas tried to assure Congress that the social media app was not influenced by the Chinese government or by its Chinese parent company, Forbes is reporting that at least five U.S. executives have left the company after learning “they would be expected to follow directions from the Beijing office of TikTok’s parent company, ByteDance.” ByteDance and TikTok, by the way, have at least 300 employees who are members of Chinese state media. Bottom line: Pappas is a liar. She routinely shapes language or outright lies to mislead the public about the nature and operations of TikTok. The Senate Homeland Security and Government Affairs Committee should subpoena Pappas, ask her even more specific questions that cut through the bull, and then hold her in contempt for any lie she tells. Also, pay no attention to reports that the company is close to a deal with the U.S. government that would address national security concerns while allowing ByteDance to maintain its ownership—significant concerns remain and I’m skeptical that any deal will be made in the near-term. 

• Finally, I’d like to add my voice to the chorus celebrating the arrival of Kevin Williamson and Nick Catoggio (aka, “Allahpundit”). These guys are rock stars and it is a privilege to be on the same team. I couldn’t be prouder of what we’re doing at The Dispatch! 

A Peek Inside of Russia’s Online Spying Machine 

The New York Times has a good deep dive into the government organization at the heart of Putin’s internet surveillance state. Activists at DDoSecrets—an online group that publishes hacked documents—posted more than 160,000 files from the Roskomnadzor (pronounced Ros-com-nod-zor) regulatory agency showing its central role in Moscow’s efforts to monitor, to control, and to manipulate Russian behavior online. 

Originally established in 2008 as a telecommunications regulator, the agency is now a full-blown intelligence organization that watches websites, news outlets, and social media, categorizing their activities into “apolitical,” “pro-government,” or “anti-government.” The leaked documents also suggest Roskomnadzor works to track overt critics as well as to identify users running anonymous “anti-government” accounts—some of whom have been referred to, and arrested by, state security agencies. 

For example, according to the Times: 

Four days into the war in Ukraine, Russia’s expansive surveillance and censorship apparatus was already hard at work. 

Roughly 800 miles east of Moscow, authorities in the Republic of Bashkortostan, one of Russia’s 85 regions, were busy tabulating the mood of comments in social media messages. They marked down YouTube posts that they said criticized the Russian government. They noted the reaction to a local protest. 

Then they compiled their findings. One report about the “destabilization of Russian society” pointed to an editorial from a news site deemed “oppositional” to the government that said President Vladimir V. Putin was pursuing his own self-interest by invading Ukraine. A dossier elsewhere on file detailed who owned the site and where they lived. 

The newspaper also explains how, beginning in 2012 after Vladimir Putin reassumed the Russian presidency, Roskomnadzor personnel started blacklisting (or blocking) websites considered to be critical or otherwise threatening to the state. That list now reportedly includes more than 1.2 million banned URLs, according to Roskomsvoboda, a civil society organization tracking the agency’s efforts. 

The regulator has also targeted U.S. companies like Facebook, Google, and Twitter, compelling them to remove “dangerous” content and routinely threatening them with fines or even the arrest of employees if they do not cooperate. Also, in 2019, agency authorities forced domestic telecommunications companies to install “technical means for countering threats” on their networks, which have later been used to throttle or completely block websites from Moscow. 

Here’s what I’m thinking (HWIT): 

This is technototalitarianism—get used to it. Readers of this newsletter will find this very familiar. All the usual suspects—China, Iran, North Korea—as well as some more friendly governments like India, are asserting “digital sovereignty” as they try to control what their citizens do online. Authoritarian governments, by definition, cannot allow alternative sources of information or political power to evolve apart from state control, but the internet was built with the express purpose of overcoming barriers to information access and sharing, and so they have an inherent and persistent problem. 

In the early days of internet, it was thought that this meant the inevitable collapse of dictatorial systems; but the bad guys eventually figured out that the internet lives on servers and that this hardware exists within “meat space.” It wasn’t long after this that governments started requiring these servers, and even internet companies themselves, to be found inside of national borders where the state exercises near-total control. It’s an especially effective strategy for controlling domestic companies, but if the nation isn’t a sufficiently attractive business market (like China), it risks Western technology companies pulling up stakes and leaving. 

Thus begins the delicate dance of the dictators. Even authoritarians realize a thriving technological industry is essential for economic prosperity and military capability. And so, these totalitarian governments are always trying to have their cake and eat it too—they want advanced technology and telecommunications without undermining their own power. Western companies too hope to keep access to these markets as a source of revenue and technical talent, so they are also tapdancing to avoid being shut down or forced to leave, while also not violating U.S. law or their own principles. But, when push comes to shove, you can always count on authoritarians to choose their own power over the long-term good of their nation and people. 

Therefore the “splinternet” is happening. Governments asserting control over their domestic internets necessarily leads to a fractured digital infrastructure that increasingly has different norms, regulations, and operational characteristics. I suspect that in 10 years, linkages between Western and authoritarian supply chains and digital infrastructure will be reduced by at least 80 percent. In the long-term, I think this will be good for the United States (at least compared to everyone else) because our technology industry is still the envy of the world. But it’s going to be messy and it’s going to be very, very disruptive. 

Mystery Drone Washes Ashore in Crimea 

An unidentified unmanned surface vessel (USV) was found on a beach near Sevastopol in Russian-occupied Crimea, according to social media, open source intelligence, and local media reports. The drone looks like a blacked-out, mini cigarette boat and has a gimbal-mounted camera, several sensors, and what could be antennas for connecting to SpaceX’s Starlink internet satellites. Beyond this, very little is known about the USV’s origin, capabilities, or mission. 

HWIT: 

I’ve never seen this USV before but there’s a good chance it’s a Ukrainian drone that was provided by the good ol’ U-S-of-A. Back in April, Pentagon spokesman John Kirby outlined some of the military equipment the United States was sending to Ukraine and quickly mentioned “unmanned coastal defense vessels.” When asked for more details, he cryptically replied as follows: 

“They are designed to help Ukraine with its coastal defense needs. And I think that’s enough information so far. I’m not going to go into the specifics of these systems … But I can promise that this deadly thing will work.” 

Whether the USV is from the United States, another nation, or is simply a homegrown capability, its utility is obvious: The waters in which it washed up are also the home of Russia’s Black Sea Fleet. Vessels in this area have been used for missile strikes in Ukraine and other maritime operations aimed at intimidating and pinning down Ukrainian forces in the region. 

Whatever its origin, I hope there are dozens of these bad boy boats patrolling the area and causing Russian sailors many sleepless nights. “Slava Ukraini!” 

GAO Says Information Is Key for DOD 

The U.S. Government Accountability Office (GAO) just published a report titled, “Information Environment: Opportunities and Threats to DOD’s National Security Mission.” The following is the gist of the report’s key findings (with all quotes coming directly from the study). 

Why did GAO do this study? 

Advances in information technology, wireless communications, and social media have increased the speed and range of information, diffused power over information, and shifted socio-cultural norms. The United States’ competitors and adversaries are taking advantage of these advances and the subsequent effects in the information environment to offset the U.S.’s conventional warfighting advantages. … 

To illustrate and better inform Congress and DOD officials, this report describes DOD’s use and protection of the information environment through the following six key elements—ubiquitous and malign information, effects on DOD’s mission, threat actors, threat actions, institutional challenges, and emerging technologies that can enable or adversely affect DOD’s missions. This report also describes DOD actions taken and planned to use and protect the information environment. 

The bottom line: 

Given the ubiquitous nature of the information environment, both DOD and adversaries can conduct operations and activities in the information environment from anywhere in the world. Additionally, with DOD capabilities dependent on IT and the electromagnetic spectrum (EMS), its ability to conduct operations and activities in any of the physical domains (land, maritime, air, and space) is reliant on protecting the information environment. 

Specifically, GAO found: 

Ubiquitous and Malign Information. The fusion of ubiquitous information and technology has granted individuals, organizations, and nation-states the ability to target the cognitive foundations of individuals—beliefs, emotions, and experiences—for purposes either benign or malign. The proliferation of ubiquitous information, misinformation, disinformation, and malinformation has prompted defense experts to begin examining the concept of cognitive security. 

DOD Missions and Functions. Technology, the EMS, and the sharing of data are integral to accomplishing DOD’s missions in the information environment. DOD components consistently identified the conduct of military operations, communications, command and control decision-making, and others, as missions and functions affected by the information environment. 

Threat Actors. National and DOD strategies recognize that nation-states—such as China, Russia, Iran, and North Korea—have demonstrated that they are threat actors in the information environment, employing malicious cyber, EMS, and influence activities against DOD interests. Additionally, nonstate actors—such as insider threats, foreign terrorists, transnational criminal organizations, and others—pose a threat to DOD personnel at home and abroad. 

Threat Actions. DOD components highlighted a variety of cyberspace threats, information or intelligence collection threats, influence threats, and EMS threats that adversely affect DOD personnel and capabilities. 

Institutional Challenges. National and DOD strategies and documents identify a number of institutional challenges that DOD must address. The challenges include a lack of leadership emphasis, lack of resources, the implications of new technologies, and dated processes. DOD components identified personnel, funding, IT, organization, and training as the most important institutional challenges they face related to the information environment. 

Emerging Technologies. DOD components identified a variety of technologies that may present either opportunities for or threats to DOD in the information environment: artificial intelligence and machine learning, quantum computing, social media platforms, and bots. Additionally, relevant reports and subject matter experts have identified extended reality, fifth-generation wireless telecommunications, and the Internet of Things as technologies that could have either positive benefits or negative consequences for DOD. 

Past and Planned DOD Actions. Achieving and sustaining an advantage requires DOD to undertake and plan actions across multiple areas, including doctrine, organization, and training. For example, DOD elevated the concept of “information” and has been revising its doctrine publications to reflect the fundamental nature of information in joint operations. 

HWIT: 

The report is thorough and well-done. I’m still processing some of its finer points. The key issue, as I see it, are the institutional challenges. Our insights into bad guys, emerging technologies, and even future doctrine are all agile compared to the slow grind of cultural adaptation and change. Therefore, I’m skeptical of most formal “strategies” for “identifying information environment-related personnel” or “information environment-related IT requirements.” We need to understand and plan for these things, but the definitions are so large, and the problem is so dynamic that I tend to believe most of these adjustments are made on the fly and in response to specific needs. Even so, the GAO has done policymakers and warfighters a service with this report and I’m happy to recommend it for your further review. 

That’s it for this edition of The Current. Be sure to comment on this post and to share this newsletter with your family, friends, and followers. You can also follow me on Twitter (@KlonKitchen). Thanks for taking the time and I’ll see you next week!