Mueller’s Missing Indictments
As special counsel Robert Mueller’s indictment of 13 Russian nationals and three Russian firms, including the internet troll farm, Internet Research Agency, sent shockwaves around the world, it grows increasingly difficult for the White House to remain dismissive. The implied collusion between Russia’s digital psychological warfare operatives and the Trump campaign notwithstanding, the frail state of America’s democracy and cybersecurity are also under indictment.
It should come as no surprise – election year or not – that the U.S. has stirred up a hornet’s nest of cyber ne’er-do-wells and state-backed actors hellbent on stealing our identities, committing financial fraud, absconding with intellectual property or, as was the case in the 2016 election, exploiting fissures in our society. That any of these exploits are possible, says more about our overall societal resilience, including against complex, extraterritorial and infinitely patient cyber threats, as it does in our lack of trust in institutions. These collective exploits speak to the fragile state of our democracy, as well as the porous state of our cyber defenses, which increasingly relegates cybersecurity to idiosyncratic factors. In short, a failure in any bank’s cyber defenses erodes confidence in all banking. Yet, not all banks can spend $500 million a year in cybersecurity like J.P. Morgan Chase, although they are all judged by the same standards of compliance and expectations of public trust.
This same dichotomy exists in party politics and democracy overall and the Russian exploiters who fanned the embers of tribalism knowingly took advantage of the Balkanization of American society. Nestled in our Facebook information bubbles, the most extreme theories were promulgated about Hillary Clinton’s campaign by a Russian-backed team of specialists that were deployed to support Trump’s candidacy. While Mueller’s indictment does not single out election-swaying impact in 2016, the hyper-targeting and micro-messaging that reached millions of voters (while aiming to suppress minorities) in key battleground states was not inconsequential. Allowing for legal and investigative due process in an impartial and non-partisan manner is as essential to restoring American democracy as the Truth and Reconciliation Commission was in healing South Africa’s racial divide after the apartheid era.
Both cybersecurity and democratic institutions spend the same currency – namely trust. The first casualties of this wholesale trust deficit, which President Trump continues to exploit and both Republicans and Democrats continue to wrestle over, is our social cohesion and civility in public life. Partisanship trump’s patriotism in today’s America and foreign actors exploiting our ubiquitous connectivity know exactly how to turn up the dial on political polarization. Indeed, no sooner than the dust settled on the latest mass casualty event at the Marjory Stoneman Douglas High School in Florida, which tragically claimed 17 lives and injured 14 people, or the glitter fell on the Black Panther debut, vile campaigns of internet misinformation were underway fanning the deadlocked gun control debate and racial tensions. Here too, individual citizens, susceptible or not, carry a heavy burden for sourcing bias-confirming information and residing in one-sided echo chambers nursing our fears.
The exploited and the exploiter always share equally in the blame. The private enterprises and politicians that benefited handsomely from these campaigns of public misinformation and those who participate in the conspiracy of silence that places party over country, will not be so easily absolved. The arc of history is long, and it bends toward truth. It will take a similarly long horizon to restore trust in democracy and the cyber resilience of key institutions. Perhaps the easiest step is to vote in such overwhelming numbers, irrespective of the cause, candidate or party that the misinformation (and voter suppression) margin of error in our elections is washed away. Hardening the cybersecurity posture of our electoral system should not come at the expense of voter participation, particularly among the disenfranchised. One simple measure, is to see the return of paper ballots and redundant, segregated tracking of electronic votes – noting that the most harmful effects of foreign intervention related to public perception, more so than direct election interference.
Guarding against large-scale public misinformation or, psy ops, a practice the U.S. is guilty of around the world, is a much harder proposition since it exploits deep-seated beliefs and perceptions in a pliant public. These defenses are much more qualitative and play to social proof of existence and biases amid heavily populistic currents. How many politicians of either stripe can withstand public scrutiny of their funding sources and political backers? How many companies or institutions can say their value systems are applied when it is inconvenient? How many people of opposing political views know their neighbors and can engage in civil discourse – disagreeing without being disagreeable? The sum of these parts contributes to a resilient democracy that can thrive under threat – after all, sunlight is the greatest disinfectant and trust is the best glue. Technological threats to the systems we value will come and go and our defenses, much like these threat actors, are subject to Moore’s Law, as well as a healthy dose of prudence between the keyboard and the chair. This same prudence should be exercised in our electoral process, by our elected officials and in the ballot box.