Why National Security Is a Shared Burden Between the State and the Private Sector
Plus, how geopolitical competition between the West and China could bring about the ‘splinternet.’
Three Tech Trends
Technology’s role in our daily lives is amazing. In many ways, we’re experiencing a renaissance in innovation that is making the world more accessible, understandable, and enjoyable. Just check out this video as an example of what I’m talking about:
But of course, it’s not all puppies and unicorns. Technology is also fundamentally reshaping huge swaths of society and many of these changes even have national security implications. This raises the question: What’s driving these changes and where are they likely to lead?
Well, here are three trends I believe are especially important.
First, we’re innovating faster than we can secure. Every day we see new applications, new capabilities, and new technology businesses coming into existence and offering unparalleled opportunities for human thriving and economic growth. But, with many of these innovations comes new vulnerabilities and we’re not accounting for them as quickly as we create them.
For example, checkout these statistics from Cybersecurity Ventures’ Cybersecurity Almanac:
In 2021, cybercrime inflicted more than $6 trillion in damages globally. If this were measured as a country, it’d be the world’s third largest economy behind the United States and China.
Cybercrime is now expected to grow 15 percent every year, reaching $10.5 trillion annually by 2025.
It’s estimated that a ransomware attack occurred every 11 seconds in 2021 and is expected to occur every two seconds by 2031, potentially costing more than $265 billion annually.
Within three years, crimes having to do with cryptocurrencies (“cryptocrimes”) are predicted to cost $30 billion globally, up from an original estimate of $17.5 billion last year.
Last year, cryptocrimes topped $7.7 billion, up 81 percent from 2020.
Digital ad fraud—when an attacker creates a fake ad that compromises a user or sends them to a compromised site—is also growing, with the ad industry reportedly losing $51 million per day. That number is expected to balloon to $100 billion annually in 2023.
In response to these trends, global cybersecurity spending will top $1.75 trillion cumulatively between 2021 and 2025—up $1 trillion cumulatively from 2017-2021.
Finally, a KPMG survey of 500 CEOs shows that 18 percent of respondents said cybersecurity is the largest threat to their company through 2024, up from 10% the previous year.
In one sense, this is a naturally occurring phenomenon and consequence. Our country has what has been called a “permissionless innovation environment”—a marketplace where anyone willing to take a risk can build a new technology or business without having to get the government’s permission (mostly). This leads to a dynamic, creative, and nearly ubiquitous tech industry that has long been the envy of the world. It also, however, creates an environment that is dangerously insecure.
But there’s also a philosophical context to our commitment to, as Mark Zuckerberg once quipped, “moving fast and breaking things.”
There’s a type of techno-idealism within our tech industry that embraces these risks. The progressive worldview—very common among our tech creatives—assumes history is constantly improving through an unending dialectic where the status quo (what Hagel called, the “thesis”) is disrupted by something new (the “antithesis”) and where the friction caused by this interaction leads to a new status quo (the “synthesis”). We’ve seen this time and time again with innovations like the iPhone, social media, and artificial intelligence—where these innovations appeared, changed everything, and then became an integrated part of our daily lives.
Importantly, conservatives acknowledge the reality of “creative destruction” when it comes to evolving economies, but the progressive worldview has a tendency, not only to acknowledge this destruction, but to foster it and to let it run wild. If it can be built, they seemingly believe, then it should be built and any disruption to the social, economic, and political order is an essential feature of progress, not a bug.
The second trend I want to discuss is one such disruption that very few expected.
National security burdens are now shared between the state and the private sector. Put simply, a growing list of technology companies are becoming powerful geopolitical stakeholders capable of challenging the authority, sovereignty, and ability of governments.
For example, last year's annual revenues for Apple ($192 billion), Microsoft ($168 billion), Facebook ($117 billion), Alphabet ($76 billion), and Amazon ($33 billion) total approximately $586 billion—placing the joint income of just these five companies within the top 25 nations as measured by GDP.
More specifically, these companies are pioneering the technologies that will shape and win future wars—technologies like artificial intelligence, advanced robotics, and quantum computing. In fact, last year the same five companies mentioned above, plus the semiconductor company Intel, spent a combined $140 billion on research and development (R&D), not including acquisitions.
Want to know what the Department of Defense spent on R&D last year? $109 billion.
The bottom line here is that government isn’t going to out-google Google. The private sector is where the talent, ability, and resources are when it comes to next-generation technologies, and this means the government is now a security stakeholder and not the stakeholder.
Both the public and private sectors are realizing and reconciling themselves to this new reality and that accounts for a great deal of the tech-related disruption we all feel.
The third and final trend is the slow splintering of the internet.
As governments realize their roles and influence are being challenged, they’re pioneering new models of governance. In the case of the United States, this largely involves constant engagement between the private and public sectors with an emphasis on voluntary cooperation based on shared understanding and interests. We’re trying to find new ways of ensuring national security, encouraging a free and prosperous economy, and protecting fundamental constitutional rights and principles. It’s not easy, but we’re making progress.
A nation like China, however, is choosing a different approach and this threatens to break the internet apart.
Instead of voluntary cooperation, the Chinese Communist Party (CCP) is completely co-opting its technology industry and using it as an extension of the state. The CCP subsidizes key industries like telecommunications and then uses those global networks for espionage. They employ domestic champions like Huawei, DJI drones, Tencent, ByteDance, and others to spy at home and abroad.
The country has also passed laws requiring every company doing business in China—Chinese or foreign—to make every bit and byte of data available to the government. These laws also apply to all Chinese companies and their foreign subsidiaries wherever they do business around the world.
This is creating a growing consensus in the West that any company subject to China’s national security and cybersecurity laws is inherently untrustworthy to operate in free and open societies.
Even more, Beijing’s ravenous and coercive system, not only forces other governments to protect themselves, but it increasingly forces companies to “choose a flag.” Those who operate in China face growing restrictions and reputational risks in other markets and those who choose not to work in China must absorb the loss of no longer doing business in the world’s second largest economy.
The downstream effect of these trends is a gradual fracturing of the internet, as the underlying infrastructure of the world wide web, and the digital economies relying on that web, become more geographically separated. Broader geopolitical competition between the West and China makes this “splinternet” even more likely.
I’ll be discussing each of these trends in greater detail in future editions of this newsletter, but I wanted to provide a general overview before doing so.
So, to summarize, the contemporary technology environment is being shaped by an ongoing tendency to innovate faster than we can secure, by the growing role of the private sector in national security, and by the slow but steady fracturing of the global internet. There are tons of other factors that matter and that need to be understood; but I think these are three of the most important macro trends from a geopolitical perspective, and I hope this helps you as you read and interpret the daily deluge of tech and national security news.
Facebook on the Front Lines
American technology companies quickly took aggressive action when Russia invaded Ukraine. Apple cut off “all product sales” in Russia. Paypal and Netflix suspended operations there. Google Cloud is no longer accepting customers in the country and YouTube is blocking all channels linked to Russian state-run media globally. A running list of similar actions can be found over at Protocol.
One of the most aggressive actions to date has come from Facebook, which recently adjusted its content moderation policy to allow users in Ukraine to call for violent resistance against the Russian military. Such calls for violence were previously a violation and could result in temporary or permanent bans from the platform.
Facebook-owner Meta informed employees of the policy change in a private memo that was leaked to Reuters. The company says the changes are “temporary” and initially even allowed posts calling for the specific deaths of Russian President Vladimir Putin and Belarusian President Alexander Lukashenko—though Facebook is no longer allowing specific threats against political leaders.
"As a result of the Russian invasion of Ukraine we have temporarily made allowances for forms of political expression that would normally violate our rules like violent speech such as 'death to the Russian invaders.' We still won't allow credible calls for violence against Russian civilians," a Meta spokesperson said in a statement.
These actions have gotten Putin’s attention. This week, Meta’s Facebook and Instagram companies have been blocked by the Russian government and have been officially labeled as “terrorist organizations.” Meta’s WhatsApp messaging platform is currently still being allowed to operate.
Considering all of this, here's what I’m thinking:
Facebook’s actions are consequential. The company’s changes to its content moderation policy not only allow the Ukrainian resistance to rhetorically call for violence against invading Russian military forces, but they also open the door for the platform being used to convene, organize, and plan such operations. Knowingly or not, Mark Zuckerberg has effectively donated the world’s largest social media platform to the Ukrainian resistance and that’s no small thing. It’s no surprise Putin is ticked.
The implications of these actions also are consequential. Instagram was Russia’s largest social media site, with more than 80 million Russian users, about 80 percent of whom followed Instagram accounts outside of their country. Those users are now cut off from one another and the rest of the world which, among other things, complicates efforts to get fact-based reporting and other critical information to Russian citizens—no doubt an intended outcome for Moscow.
We’re in uncharted territory. Russia’s designation of Facebook as a “terrorist organization,” if not unprecedented, is certainly rare and provokes several serious challenges for the company. For example, while the social media platform does not have offices in Russia, they do have Russian employees. It’s safe to assume that these Russian employees, if they are even allowed to go home, would risk being arrested and charged with terrorism upon their return. Relatedly, any of their family members who are in Russia are at risk of harassment and detention as means of twisting the screws on Facebook and its employees. Also, while Vladimir Putin has never needed legal justifications for his actions, the terrorist designation could supply a veneer of legitimacy under Russian law for his government to take aggressive actions, possibly including cyber operations, against Facebook, Instagram, or other Meta companies.
Ignoring WhatsApp—what's up with that? My first thought after learning that WhatsApp wasn’t being culled was to assume some sort of Russian security compromise that Moscow didn’t want to give up. If Russian intelligence had somehow bypassed the app’s security and encryption it would make sense that they’d choose to keep such a valuable source of intelligence up and running. But a more obvious justification may simply be that tons of Russian soldiers are using WhatsApp to communicate with each other and with family back home. Putin may think cutting off these conversations could negatively affect military operations in Ukraine and further sink the already low morale of his soldiers.
The road to hell … yada, yada, yada … good intentions. Finally, it’s worth noting that many of the actions taken by Facebook and other tech companies against Russia may have been illegal if recent antitrust legislation were in effect. Sen. Amy Klobuchar’s American Innovation and Choice Online Act, for example, would appear to allow Apple or Google to be sued for removing Russian propaganda outlets like RT and Sputnik, because such actions could be interpreted as discriminating against “similarly situated business users.” Supporters of the bill argue, “The measures expressly prohibit organizations deemed a national security risk or backed by foreign adversaries from co-opting the main protections in the bills.” Well, first, it’s not at all clear that RT and Sputnik would be exempted because the United States hasn’t named Russia as a “foreign adversary.” Second, even if such a designation were made after the invasion of Ukraine, it wasn’t in place in the months prior to invasion and so the law would have placed tech companies in jeopardy for downranking and demonetizing propaganda outlets in advance of the conflict. Now, none of this is a dispositive argument on the advisability of antitrust one way or the other and I’ve certainly had my differences with all of these companies. But I guarantee Sen. Klobuchar and her four Republican cosponsors ( Grassley, Graham, Hawley, and Daines) support “Big Tech’s” actions against Russia and would be twisted in knots if such actions had not been taken. Furthermore, conservative detractors of tech's so-called “totalitarianism” would do well to remember the next time they accuse these businesses of being “enemies of the people,” that this is Marxist language and that these companies are part of a coalition enabling free peoples around the world to organize and to resist totalitarianism—even at great risk to company profits and employees.
There’s Blood on Those Hands
That’s it for this edition of The Current. Be sure to comment on this post and to share this newsletter with your family, friends, and followers. You can also follow me on Twitter (@KlonKitchen). Thanks for taking the time and I’ll see you next week!