By Tamlin Magee
The RAND Corporation's Dr Rand Waltzman speaks with Techworld on the state of 'cognitive security' in the world and the 'democratisation of weapons of mass disruption'
"Every asshole on the face of the planet has complete and open and unrestricted access to our public social media data – everybody except the United States government."
That's the verdict of senior information scientist at the RAND Corporation, Dr Rand Waltzman, speaking about the state of 'cognitive security' in the world, amid all the controversy on 'fake news', machines weaponised to spread disinformation, and the resulting flak that has deeply permeated media, politics and society.
Last year Dr Waltzman provided expert testimony to the Senate Armed Service Committee's Cybersecurity Subcommittee. In it, he urged that America and its allies take steps to protect themselves from 'cognitive hacking' – an emerging form of attack that could be described as a mutation of psychological propaganda for the internet age.
In layman's terms: cognitive security is active defence against psychological manipulation through new forms of technology, like misinformation being spread on social media, otherwise known as fake news.
The concept isn't new but the context is.
"People have been screwing with other people's minds forever," Waltzman says in a telephone interview with Techworld. "[But] an example of what is new: if you look historically, every time some new means of communication is introduced it was a major revolution in the way people conducted their business.
"Think about what happened when printing was invented – think about what happened when the telegraphs came – think about radio, think about television. Now you have modern media, the internet, social media, and everything else."
And while massive open source projects like Wikipedia represent the good that can be achieved online, the other side of the coin is a "total democratisation of weapons of mass disruption".
'What he just said'
Waltzman was previously project manager at the American military's research wing, DARPA, where he oversaw a programme that collated hundreds of publications on cognitive security – the single largest funded research programme on social media in the United States, costing roughly $50 million dollars. It wrapped up in 2015.
Many of the collected reports focused on the rise of bot networks, the psychology underpinning the use of social media, and how social media has the potential to be manipulated to achieve political or other goals. Hundreds of the publications are available for viewing here.
The RAND Corporation is an unapologetically pro-US think tank that found favour with the US Air Force in the 1950s and has informed American policy since. The institution is responsible for pioneering the enormously influential game theory model, as well as Cold War nuclear strategy – colloquially described as mutually assured destruction (MAD) and Second Strike policy, as popularised by Stanley Kubrick in his nuclear war satire Dr Strangelove.
Waltzman recalls speaking at a panel session about open source intelligence at the AFCEA intelligence event that was emblematic of the disinformation challenges faced by the United States.
"I looked at the audience and I said: you know, the Chinese, the Russians, Hezbollah, the Mafia, basically every asshole on the face of the planet has complete and open and unrestricted access to our public social media data – everybody except the United States government. Now what's wrong with that picture?
"By the time I finished, the guy who was sitting next to me was the head of analytics at the CIA's open source centre. He looked over at me, touched my arm, and said: 'well said'. And when he started he said: 'what he just said'."
Total Information Awareness
The State Department formed the 'Global Engagement Centre' in 2016, initially designed to combat terrorist messaging and disinformation. But its remit was soon extended to include state-sponsored disinformation campaigns. A few years on and formerly high-profile figures in the GEC have come out against it.
Waltzman says the entire project was neutered by all manner of restrictions that other nations or political actors are not concerned with.
"They're not even allowed to look at the raw social media data, they can only look at a sanitised version of it, with the handlebar removed and other things – there's all kinds of legal restrictions on it," he says. "They can't download any data directly.
"That's only one of the long list of restrictions they have. How should they craft a message, if they don't know who the hell they're talking to? The whole thing doesn't make any sense. And as a result of course they're completely ineffective. What's worse, everything they say has to be attributed."
The bottom line, Waltzman wrote in Time magazine in 2015, is that the "US government has no ability to defend us against being manipulated by actors - state as well as non-state - that recognise no boundaries on a scale that was previously unimaginable".
In January 2002 DARPA created the Information Awareness Office to join up several strands of surveillance and monitoring projects. The overall programme was dubbed Total Information Awareness (TIA), which sought to use IT and data mining for intelligence and counterintelligence – with the ultimate goal of pre-empting terrorism through the use of data analysis.
"That was connecting the dots, from data across all agencies," says Walzman. "Trying to connect up the data to find bad things that were happening. When Congress got wind of this programme and what they were doing, DARPA was almost shut down. It was a complete mess.
"And I – in my programme – I lived under the shadow of that still. I mean, that was in 2001, my programme started in 2011 or thereabouts. Ten years later I was still living in the shadow of that."
Depending on an observer's political compass the shutting down - or concealing? - of TIA might not be considered the worst possible outcome. When the lid was blown off the Five Eyes worldwide surveillance dragnet by Booz Hamilton whistleblower Edward Snowden, public pressure in favour of privacy understandably mounted.
But another argument is that both adversaries and allies are engaged in this kind of work and more, while America remains shackled on the counteroffensive front.
"I can tell you that [TIA] programme was being run by admiral John Poindexter," Walzman says. "They brought him in, he was running the programme, and when they shut it down Poindexter went to Singapore: and in Singapore he helped them build a similar kind of system to create the same kind of programme. They had no issues with this kind of thing.
"That programme is alive and well and running today. It's called the RAHS programme. Risk Assessment Horizon Scanning. The Singaporeans were smart because instead of putting it into central intelligence – they put it right in the prime minister's office. The guy who runs that thing, his boss reports directly to the prime minister.
"They understand the value of this kind of business. And they're willing to do it."
A different game
Much of the media attention on technology-supported propaganda has been focused on Russia and the 2016 elections in America.
Threat intelligence analyst Jing Xie at secure certification specialists Venafi described to Techworld just how simple it can be to throw a bot farm at a problem.
"You have to control a farm of bots and machines, then second, you just have to acquire internet advertisement space, then you can publish," Xie says. "It's mostly a political issue – but it's more than just a political issue. I think for the tech community, we have responsibilities for bettering this situation, the advertisement industry has a lot of responsibility in mitigating this situation and preventing these kinds of things from happening regionally, and in nationwide elections.
"The machines – this is a super-complicated problem that no single company can single-handedly solve by providing a magical solution. The reason is there's just so many vulnerabilities that attackers can leverage and exploit."
Waltzman, meanwhile, regards Chinese efforts as "spectacular".
He cites the opening of the Shanghai Disney Resort in 2016.
"When Disney started putting that together they were having lots of issues – labour issues, permits, all kinds of issues – until they took in a Chinese partner. And once they took in a Chinese partner all their problems went away. Everything was fine, the park opened up, everything was great.
"You know who their partner was? None other than the Chinese Communist Party – 57 percent of the park. It's a government-owned company run by the Party - [it is] the Party essentially.
"There was a piece in the New York Times when it came out, that said Bob Iger, the CEO of Disney, that he and the Walt Disney Corporation are committed to doing everything they can to support the Chinese government and the Chinese Communist Party.
"This was in the New York Times. That sets the bar for this kind of business so high that you can't even say the US or Europeans are losing the game. They're not even in the game like that. This is beyond. The Chinese guy who orchestrated that deserves a platinum medal. That is a spectacular piece of work, really."
Public relations, private interests
In Adam Curtis' 2002 documentary series The Century of the Shelf, the filmmaker explored how the psychoanalytical methods of Sigmund Freud and the pioneering public relations techniques of Edward Bernays influenced the modern social sphere.
Waltzman's 2015 Time article quotes Bernays: "Modern propaganda is a consistent, enduring effort to create or shape events to influence the relations of the public to an enterprise, idea or group.
"[The] conscious and intelligent manipulation of the organised habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country."
The links between Western PR agencies and controversial – or outright oppressive – clients have been well documented for decades: from Burson-Marsteller representing Nicolae Ceausescu and the Saudi royals to Bell Pottinger being accused of exploiting racial divisions to deflect criticism from the Gupta business family in South Africa, and Putin-era officials in Russia charging Omnicom division Ketchum with manufacturing positive messaging in the United States.
There's an overlap between competing businesses, nations, people, and politicians with the big PR agencies, says Waltzman. And they are all exploiting the economic situation of newspapers still struggling to make their way, often with skeleton staff and slim editorial budgets. It all complicates how hearts and minds are won in the digital realm.
"Somebody did a study and estimated that at least 75 percent of everything that appears in newspapers across the United States are basically press releases written by a public relations firm," Waltzman says. "That tells you that the news is essentially manufactured. And of course for them it makes economic good sense because if someone comes to them with a press kit that's all done well they don't need a reporter – they've got to get the content out so they just take it.
"Now it's much more extreme I would say. And especially as the economics for their business gets more difficult, this kind of things looks a lot more attractive."
In short, the journalism industry has struggled to adapt to the internet – and even successful new media companies like Buzzfeed and Vice have made headlines by laying off staff, let alone print media. Time-short and cash-strapped reporters might be tempted to spin a story out from a pre-packaged press release.
Publications like the Huffington Post meanwhile have been known to publish content straight from corporate communications teams, cutting out the middleman altogether.
This opens the door to PR's - and their corporate paymasters - to dominate the narrative in ways they couldn't previously.
"Then you have the corporations that use the same people – American corporations, foreign corporations – all corporations are using the same kinds of people plus their own in-house efforts.
"Then you have politicians that are using the same people.
"So everybody is using the same people. So when you see, for example, the FCC and net neutrality – did you see the analysis that somebody did that said 80 percent of these comments were bogus? Not real? They were astroturfed.
"A lot of them were traced back to Russian websites.
"But that doesn't mean the Russian government was involved. All that means is the people who did it were using the same contractors the Russian government uses. So you can't tell: the Russian government uses contracting, the Chinese government uses contracting, everybody uses contractors, so these contractors will work for anybody for a fee.
"That kind of thing is on the upswing. And I expect it to get a lot worse."
The Weaponization of Information: The Need for Cognitive Security
When Waltzman presented before the Senate Armed Services Committee, Subcommittee on Cybersecurity on 27 April, 2017, he said that the explosion in public behavioural data from social media can go some way towards understanding how groups behave online – as well as new opportunities in using this data to "forge powerful new techniques to shape the behaviour and beliefs of people globally".
"These techniques can be tested and refined through the data-rich online spaces of platforms like Twitter, Facebook, and, looking to the social multimedia future, Snapchat," he said.
The testimony went on to recommend a new nonprofit NGO – a 'Center for Cognitive Security', closely tied to international government, industry, academia, think tanks and public interest groups.
It would "create and apply the tools needed to discover and maintain fundamental models of our ever-changing information environment and to defend us in that environment both as individuals and collectively."
This body that would join up experts from cognitive science, computer science, engineering, social science, security, marketing, politics, policy and psychology, all to develop a "theoretical as well as an applied engineer methodology for managing the full spectrum of information environment security issues".
That might sound intimidating – and indeed it sounds like the stuff everyone from pulp author's to full-time paranoiac has worried about for decades.
But if Waltzman is correct, it's all already happening – with the US on the back foot, America will want the pendulum to swing back the other way.
No comments:
Post a Comment