Digital Policy

This week Meltdown and Spectre shake the computing world; authorities in Iran block Instagram and Telegram; Tehran's cyber capabilities grow more sophisticated, and India's biometric database suffers a major breach. 

2017 was the year that tech companies faced a difficult reckoning over their role in spreading online disinformation.

Russia and China are in a race to export their respective censorship models to authoritarian regimes. 

The roll-back of the self-declared Islamic State group's territory does not mean that its online presence has shrunk.

Before giving machines a sense of morality, humans have to first define morality in a way computers can process. A difficult but not impossible task.

Alexandra Kilroy is an intern for the Digital and Cyberspace Policy Program at the Council on Foreign Relations. For those new to Net Politics, our report-watch series of posts distills the most relevant digital and cyber scholarship to bring you the highlights. In this edition: online media during the 2016 U.S. election, creating a defense-dominant cyberspace, and creating a global attribution body. “Partisanship, Propaganda, and Disinformation: Online Media and the 2016 U.S. Presidential Election,” a report by Rob Faris, Hal Roberts, Rob Elting, Nikki Bourassa, Ethan Zuckerman, and Yochai Benkler Faris, Roberts, et al. examine coverage of the 2016 election to determine whether political biases of traditional news sources, the diversity of viewpoints and stories covered by such sources, and the popularity of partisan outlets across online media contributed to political polarization. The report finds that: The Trump campaign succeeded in shaping the election policy agenda, as the majority of sentences spoken on mainstream media about Trump focused on core issues like immigration, while the majority of sentences spoken about Clinton focused on scandals such as her use of a private email server; While coverage of Trump was largely critical, criticism focused on political positions rather than his character; Prominent media on the left present viewpoints from the left, right, and center, while prominent media on the right engage in more partisan reporting; Facebook was a more partisan environment than Twitter; across social media platforms, Breitbart was the most prominent conservative news source; and Partisan sources on the left and right were more popular on social media than centrist news sources and were more likely to engage in false reporting.   The team concludes that right-wing media sources were more insulated and partisan, allowing for the easier spread of disinformation and anti-Clinton stories. The institutional impartiality of the center-left media, combined with its popularity relative to far-left sources, meant that unreliable liberal stories did not garner the same amplification across media outlets. “Building a Defensible Cyberspace,” a report by the New York Cyber Task Force. Cyberspace has traditionally been seen as an offensive-dominant domain—attacks are cheap and vulnerabilities in software are legion, making it easy to break into a network undetected. The report’s authors argue that a mix of technology, operations and policy, can make cyberspace more defensible and actually become defense-dominant. By examining the last fifty years of computer security, the task force found that the most impactful innovations that made networks more defensible shared two characteristics. First, the innovation provided a clear defender advantage—“a dollar of defense” should “force attackers to spend considerably more to defeat it.” Second, the innovation must scale, quickly. Based on these characteristics, the report provides the following recommendations: The United States government should implement a new cybersecurity strategy “centered on the goal of a defensible cyberspace,” promote risk-based frameworks, and transition to cloud technology; Information technology and security companies should “push solutions with security built in or automatic,” implement a vulnerability disclosure program, and continue to reduce the cost and effort of developing secure code; and Information technology-dependent organizations should drive cybersecurity changes from the top (e.g. Board-level) and assume a risk-management approach to cybersecurity.   “Stateless Attribution: Towards International Accountability in Cyberspace,” by John S. Davis II, Benjamin Boudreaux, Jonathan William Welburn, Jair Aguirre, Cordaye Ogletree, Geoffrey McGovern, and Michael S. Chase Davis et al. review cases of notable cyberattacks, examine the problem of attribution, and recommend strategies for attributing cyberattacks. The authors review nineteen major cyberattacks and expose some of the challenges of attributing the incidents, namely that there is no set methodology for attributing incidents and that experts are often weary of attribution claims given that the evidence used to make a determination is not often public. This lack of transparency and credibility make it challenging for the public to take attribution claims seriously. As a solution to this problem, the report calls for the creation of an international organization, the Global Cyber Attribution Consortium. The organization would be made up of technical experts from cybersecurity companies and academia, as well as experts in cyberspace policy, international policy, and legal affairs. Most importantly, the consortium would not include states or their representatives in order to keep the body impartial. The consortium would work with victims of cyberattacks upon request to investigate incidents and publish detailed findings for public review, and leave it to the victim to determine whether a response is necessary. The authors argue the new entity would promote global cybersecurity, as the international community could use the organization’s findings to deter future attacks, strengthen defenses, and hold perpetrators accountable. As a disclaimer, the study was funded by Microsoft, which has advocated for an attribution organization along the lines of the International Atomic Energy Agency as part of its push for a Digital Geneva Convention.

The internet makes it easy for political ad buyers to obfuscate their donors and handlers. Despite the challenges, there are significant steps that Congress and social media platforms can take to improve transparency.

This week: Twitter blocks RT and Sputnik ads, debate at ICANN over WHOIS, and Bad Rabbit.

According to critics, Zimbabwe's new ministry of cybersecurity is more concerned with curbing seditious speech than protecting the country's infrastructure from hackers or cyber criminals.