Big5
berli
BewaretheBigFive.pdf
Beware the Big Five
Tamsin Shaw
APRIL 5, 2018 ISSUE The Darkening Web: The War for Cyberspace
by Alexander Klimburg
Penguin, 420 pp., $30.00
Jaap Arriens/NurPhoto/Getty Images
Facebook founder Mark Zuckerberg pictured on an iPhone, August 2017
The big Silicon Valley technology companies have long been viewed by much of
the American public as astonishingly successful capitalist enterprises operated by
maverick geniuses. The largest among them—Microsoft, Apple, Facebook,
Amazon, and Google (the so-called Big Five)—were founded by youthful and
charismatic male visionaries with signature casual wardrobes: the open-necked
blue shirt, the black polo-neck, the marled gray T-shirt and hoodie. These founders
have won immense public trust in their emergent technologies, from home
computing to social media to the new frontier, artificial intelligence. Their
companies have seemed to grow organically within the flourishing ecology of the
open Internet.
Within the US government, the same Silicon Valley companies have been
considered an essential national security asset. Government investment and policy
over the last few decades have reflected an unequivocal confidence in them. In
return, they have at times cooperated with intelligence agencies and the military.
During these years there has been a constant, quiet hum of public debate about the
need to maintain a balance between security and privacy in this alliance, but even
after the Snowden leaks it didn’t become a great commotion.
The Big Five have at their disposal immense troves of personal data on their users,
the most sophisticated tools of persuasion humans have ever devised, and few
mechanisms for establishing the credibility of the information they distribute. The
domestic use of their resources for political influence has received much attention
from journalists but raised few concerns among policymakers and campaign
officials. Both the Republicans and the Democrats have, in the last few election
cycles, employed increasingly intricate data analytics to target voters.
Private organizations, too, have exploited these online resources to influence
campaigns: the Koch brothers’ data firm, i360, whose funding rivals that of both
parties, has spent years developing detailed portraits of 250 million Americans and
refining its capacities for influence operations through “message testing” to
determine what kinds of advertisements will have traction with a given audience. It
employs “mobile IDmatching,” which can link users to all of their devices—unlike
cookies, which are restricted to one device—and it has conducted extensive
demographic research over social media. Google’s DoubleClick and Facebook are
listed as i360’s featured partners for digital marketing. The firm aims to have
developed a comprehensive strategy for influencing voters by the time of the 2018
elections.
Only in recent months, with the news of the Russian hacks and trolls, have
Americans begun to wonder whether the platforms they previously assumed to
have facilitated free inquiry and communication are being used to manipulate
them. The fact that Google, Facebook, and Twitter were successfully hijacked by
Russian trolls and bots (fake accounts disguised as genuine users) to distribute
disinformation intended to affect the US presidential election has finally raised
questions in the public mind about whether these companies might compromise
national security.
Cyberwarfare can be waged in many different ways. There are DDoS (distributed
denial of service) attacks, by which a system is flooded with superfluous traffic to
disrupt its intended function. The largest DDoS attack to date was the work of the
Mirai botnet (a botnet is created by hacking a system of interconnected devices so
they can be controlled by a third party), which in October 2016 attacked a
company called Dyn that manages a significant part of the Internet’s infrastructure.
It temporarily brought down much of the Internet in the US. There are also hacks
designed to steal and leak sensitive materials, such as the Sony hack attributed to
North Korea or the hacking of the DNC’s e-mail servers during the 2016 election.
And there are attacks that damage essential devices linked to the Internet, including
computing systems for transportation, telecommunications, and power plants. This
type of attack is increasingly being viewed as a grave threat to a country’s
infrastructure.
The military once used the term “information warfare” to refer to any cyberattack
or military operation that targeted a country’s information or telecommunications
systems. But the phrase has come to have a more specific meaning: the
exploitation of information technology for the purposes of propaganda,
disinformation, and psychological operations. The US is just now beginning to
confront its vulnerability to this potentially devastating kind of cyberattack.
This is the subject of Alexander Klimburg’s prescient and important book, The
Darkening Web: The War for Cyberspace, written largely before the revelation of
Russian interference in the 2016 election. With its unparalleled reach and targeting,
Klimburg argues, the Internet has exacerbated the risks of information warfare.
Algorithms employed by a few large companies determine the results of our web
searches, the posts and news stories that are featured in our social media feeds, and
the advertisements to which we are exposed with a frequency greater than in any
previous form of media. When disinformation or misleading information is fed into
this machinery, it may have vast intended and unintended effects.
Facebook estimated that 11.4 million Americans saw advertisements that had been
bought by Russians in an attempt to sway the 2016 election in favor of Donald
Trump. Google found similar ads on its own platforms, including YouTube and
Gmail. A further 126 million people, Facebook disclosed, were exposed to free
posts by Russia-backed Facebook groups. Approximately 1.4 million Twitter users
received notifications that they might have been exposed to Russian propaganda.
But this probably understates the reach of the propaganda spread on its platform.
Just one of the flagged Russian accounts, using the name @Jenn_Abrams (a
supposed American girl), was quoted in almost every mainstream news outlet. All
these developments—along with the continued rapid dissemination of false news
stories online after the 2016 election, reports by Gallup that many Americans no
longer trust the mainstream news media, and a president who regularly Tweets
unfounded allegations of “fake news”—have vindicated Klimburg’s fears.*
Klimburg argues that liberal democracies, whose citizens must have faith in their
governments and in one another, are particularly vulnerable to damage by
information warfare of this kind. And the United States, he observes, is currently
working with an extremely shallow reservoir of faith. He cites Gallup polls
conducted prior to the election of Donald Trump in which 36 percent of
respondents said they had confidence in the office of the presidency and only 6
percent in Congress. We have no reason to believe that these numbers have
subsequently increased. The civic trust that shores up America’s republican
political institutions is fragile.
Klimburg gives a fascinating diagnosis of how this situation has been inflamed. He
describes a growing tension in the US over the last twenty years, coming to a head
under Obama, between the perception of the Internet and its reality. The Silicon
Valley corporations have attained their global reach and public trust by promoting
the Internet as a medium for the free exchange of information and ideas,
independent of any single state’s authority. Since almost all trade in and out of the
US now relies on the information transfers that these Silicon Valley companies
facilitate, this perception of independence is economically essential. The country’s
largest trading relationship, with the European Union, is governed by the Privacy
Shield agreement, which assures EU companies that data transfers will be secured
against interference and surveillance.
In Obama’s International Strategy for Cyberspace, released on May 16, 2011, he
described the Internet as a democratic, self-organizing community, where “the
norms of responsible, just and peaceful conduct among states and people have
begun to take hold.” When Edward Snowden’s revelations about NSA surveillance
and the collection of metadata threatened to compromise this agreement, Obama
issued Presidential Policy Directive 28, which set out principles for “signals
intelligence activities” compatible with a “commitment to an open, interoperable,
and secure global Internet.”
Martin Libicki, a researcher at the RAND corporation, the global policy think tank,
has had an important part in restraining offensive initiatives at the Department of
Defense. His aim is to restrict America’s capabilities to what is required for
defense against cyberattacks. Klimburg himself adheres closely to Libicki’s
general view, expressed in several RAND reports, that the US needs to maintain a
perception of itself as one of the “free Internet advocates”—in contrast to “cyber-
sovereignty adherents” such as Russia and China, which aim above all to control
cyberspace and its influence over their citizens.
But Klimburg’s book warns us that the facts too frequently contradict this view. In
his account, America’s military and intelligence agencies have always considered
cyberspace a site of potential conflict and sought global dominance over it.
Throughout the 1990s, the US military had intensive discussions about the various
ways in which these new technologies might be applied to traditional forms of
warfare. They were particularly concerned with psychological warfare, which
might be used, for example, to weaken an enemy army’s resolve to fight or to bring
down national leaders by eroding their popular support.
Only a year before the release of Obama’s International Strategy for Cyberspace,
Russia’s Kaspersky Lab had discovered the Stuxnet virus, a malicious worm
originally built as a cyber-weapon by the US and Israel. It was intended to disrupt
Iran’s nuclear program (by infecting the control systems used to operate its
centrifuges, causing them to malfunction and explode), but subsequently spread
across the globe. This attack, along with Obama’s establishment of US Cyber
Command alongside the National Security Agency in 2009, signaled to other states
that the US intended to use the Internet for offensive purposes.
What concerns Klimburg most, though, is the extent to which US government
agencies are prepared and willing to mislead the American people about its own
cyber initiatives. Such disinformation creates exactly the kind of confusion that
liberal states vulnerable to psychological and information warfare urgently need to
avoid. This sort of deceit is now a crucial aspect of US policy and defense strategy.
Klimburg suggests, for example, that the details about America’s extraordinary
intelligence-gathering programs, which Bob Woodward disclosed in his
book Obama’s Wars (2010), had been deliberately leaked to him as a warning to
adversaries—an attempt on the government’s part to impress the extent of US
cyber power upon the rest of the world.
At the same time, other government agencies have sought to maintain a view, both
domestically and internationally, of the Internet as a domain of cooperation, not
conflict. The language employed in official cyber strategy documents, Klimburg
tells us, is deliberately obfuscatory. The 2015 Defense Department statement of its
cyber-strategy used terminology such as “Offensive Cyber Effects Operations” but
gave no indication of what that term included or excluded. Fred Kaplan, in his
book Dark Territory: The Secret History of Cyber War (2016), has also claimed
that even in the early days of cyber-operations at the NSA, under Michael
Hayden’s command, the already tenuous distinction between defensive and
offensive operations was deliberately elided.
Klimburg suggests that a healthy democracy needs much greater transparency
about its cyber-policy. The government could provide its citizens with clear,
unambiguous principles concerning the collection of signals intelligence, the
development of offensive and defensive cyber-capabilities, their relation to
traditional military strategy, and the evolving relationship between the intelligence
community and the military. The American public might come to have more trust
in the government, for example, if it only used psychological cyber-operations to
win over “hearts and minds” in military zones—such as the locally informed and
culturally specific influence campaigns used as counterinsurgency measures in
Afghanistan—rather than manipulating popular beliefs more broadly and in less
controlled ways.
Klimburg is not greatly concerned by the burgeoning power of the private
corporations, like those in Silicon Valley, that run the online platforms on which
the government’s influence operations take place. In his view they are independent
and have purely commercial interests. But if we want to understand the growing
imbalance of power in online persuasion, we might ask more questions than he
does about the carefully guarded lack of transparency with which the titanic
Silicon Valley companies operate. The interests that now guide what technologies
they produce are not entirely commercial ones. The national security community
has exploited the private sector to help develop America’s immense cyber-
capabilities. In doing so it has placed an extraordinary array of potential cyber-
weapons in the hands of unaccountable private companies.
US House Intelligence Committee
A Facebook advertisement paid for by a Russian account with ties to the Kremlin
in an attempt to influence the 2016 presidential election
The Internet, as is well known, owes its origins to DARPA (the Defense Advanced
Research Projects Agency), the agency responsible for establishing and cultivating
new military technologies. According to the “free Internet” narrative encouraged
by Obama, Silicon Valley, and the Defense Department, the Internet technologies
we use, from software to social media platforms, are controlled by the private
sector. However, when DARPA boasts online about the technologies whose
research and development it has sponsored, it lists, along with the Internet, the
graphical user interfaces that allow us to interact with our devices, artificial
intelligence and speech recognition technologies, and high-performance polymers
for advanced liquid crystal display technology. These technologies encompass
every aspect of the smartphone. Our online lives wouldn’t be possible without the
commercialization of military innovations.
DARPA offers early funding, often to academics and researchers rather than
private corporations, to develop new technologies for national security purposes,
but the economic relationship between Silicon Valley and the national security
community extends much further than that. One aspect of that relationship is
detailed in Linda Weiss’s America Inc.?: Innovation and Enterprise in the
National Security State (2014). Weiss describes the development in Silicon Valley
of a hybrid public/private economy in which the government assists in the creation
of new technologies it needs for national security operations by investing in
companies that can also commercialize these technologies.
Government agencies have mitigated risk and even helped to create markets for
companies whose products, while ostensibly strictly civilian and commercial,
satisfy their own needs. The driverless car industry will incorporate, test, and
improve technologies devised for missile guidance systems and unmanned drones.
Facial recognition software developed by intelligence agencies and the military for
surveillance and identity verification (in drone strikes, for example) is now
assuming a friendly guise on our iPhones and being tested by millions of users.
The government has used various mechanisms to fund these projects. The Small
Business Innovation Research program (SBIR), Weiss tells us, “has emerged as the
largest source of seed and early-stage funding for high-technology firms in the
United States,” investing, at the time of writing, $2.5 billion annually. This
investment—the national security agencies supply 97 percent of funding for
the SBIR program—not only serves as a form of government “certification” for
private venture capitalists, it also provides an incentive for invention,
since SBIR asks for no equity in return for its investment.
Silicon Valley has also been profoundly shaped by venture capital funds created by
government agencies. The CIA, Defense Department, Army, Navy, National
Geospatial-Intelligence Agency (NGIA), NASA, and Homeland Security
Department all have venture capital at their disposal to invest in private companies.
Weiss quotes a Defense Department report to Congress in 2002 explaining the aim
of its initiatives:
The ultimate goal is to achieve technically superior, affordable Defense Systems
technology while ensuring that technology developed for national security
purposes is integrated into the private sector to enhance the national technology
and industrial base.
The direction of technological development in the commercial sector, in other
words, is influenced by the agenda of government agencies in ways largely
unknown to the public.
It’s not difficult to trace, for example, the profound influence of In-Q-Tel,
the CIA’s wildly successful venture capital fund, which has sometimes been the
sole investor in start-ups but now often invests in partnerships with the Big Five.
In-Q-Tel was the initial sole investor in Palantir Technologies, Peter Thiel’s
software company specializing in big data analysis. A branch of the company
called Palantir Gotham, which specializes in analysis for counterterrorism
purposes, has won important national security contracts with
the DHS, FBI, NSA, CDC, the Marine Corps, the Air Force, and Special
Operations command, among other agencies.
But In-Q-Tel’s achievements are also familiar to us in more mundane forms:
Google Earth originated in an In-Q-Tel sponsored company called Keyhole Inc., a
3-D mapping startup also partially owned by the NGIA. The cloud technology on
which we all increasingly rely is being developed by companies like Frame, which
is jointly funded by In-Q-Tel, Microsoft, and Bain Capital Ventures. Soon we will
be able to use our computers to interact with 3-D holographic images, thanks to
another In-Q-Tel–sponsored company, Infinite Z. Another of their companies,
Aquifi, is producing scanners that can create a color 3-D model of any scanned
object.
Since many of the startups in which government agencies invest end up being
absorbed by the Big Five, these companies all now have close relationships with
the defense and intelligence agencies and advise them on technological innovation.
Eric Schmidt, the former executive chairman of Alphabet, Inc., chairs the
Pentagon’s Defense Innovation Board (Jeff Bezos formerly served on it too),
which in a January 2018 report recommended encouraging tech entrepreneurship
within the military. The goal would be to create “incubators” like those used in the
business and tech worlds that would help develop startups targeted to new defense
needs, such as big data analysis.
The US government has supported the monopolies of the Big Five companies
partly for the sake of the “soft power” they can generate globally. Libicki, in a
2007 RAND publication, Conquest in Cyberspace: National Security and
Information Warfare, suggested that the government could achieve “friendly
conquest” of other countries by making them depend on US technologies. The
“bigger and richer the system, the greater the draw,” he tells us. Huge global
corporations (his primary example is Microsoft), whose technologies are deeply
linked with the domestic technologies of other nation-states, give America greater
soft power across the globe.
It is clearly time to ask whether this hybrid Silicon Valley economy has been a
good national security investment. Weiss points out that after the government
funds research, it gives away the patents to private companies for their own
enrichment. We can find on the websites of organizations like In-Q-Tel and DIUx
the kinds of contracts they offer. The licenses that they acquire are generally
nonexclusive. The technologies that power America’s national security innovations
can be sold to anyone, anywhere. The profits go to companies that may or may not
be concerned about the national interest; Intel recently alerted the Chinese
government to a vulnerability in their chips, one that could be exploited for
national security purposes, before alerting the American government.
Mariana Mazzucato, in The Entrepreneurial State (2013), examined the case of
Apple, which has the lowest research-and-development spending of the Big Five.
The company has succeeded commercially by integrating technologies funded by
the military and by intelligence agencies (such as touch screens and facial
recognition) into stylish and appealing commercial products. The government has
shouldered nearly all the risk involved in these products, while Apple has reaped
the rewards. In other words, taxpayer’s money has helped enrich companies like
Apple, and as we now know from the recently released Paradise Papers
(documents concerning offshore tax havens leaked from a Bermudan law firm), the
companies have not responded with a corresponding willingness to increase the
government’s tax revenues. Apple managed to keep a great deal of its $128 billion
in profits free from taxation by using Irish subsidiaries and only pledged to
repatriate its sheltered funds once the Trump administration dramatically slashed
the corporate tax rate.
Silicon Valley companies do not simply have vast amounts of money, though; they
also own vast amounts of data. To be sure, much older corporations like Bank of
America and Unilever, which have been gathering our data for decades, own much
more (approximately 80 percent, compared to Silicon Valley’s 20 percent,
according to a recent study by IBM and Oxford Economics) but the Big Five,
Uber, and others have extremely sophisticated data analytics, and their platforms
are designed for the efficient exploitation of their data for advertising and
influence.
This is where Klimburg’s concerns about the development of offensive cyber-
powers by the military and intelligence agencies intersect most worryingly with the
problem of privatizing our cyber-assets. The US has, since the start of the war on
terror, increasingly outsourced intelligence and military operations to private
companies, particularly those engaged in data analytics and targeting. Government
agencies have offered lucrative contracts to older companies such as Booz Allen
Hamilton and Boeing AnalytX, as well as to new players, such as
Palantir, SCL group, and SCL’s now infamous partner, Cambridge Analytica,
whose roles in the Leave EU campaign in Britain and in Trump’s presidential
campaign have both drawn legal scrutiny. In doing so the government has
encouraged these companies to develop the most sophisticated methods for
influencing the public. These kinds of military-grade information operations may
then be applied to their client base.
Government partnerships with such companies make the data owned by the Big
Five exploitable in ways that many of us are only just beginning to understand. But
these immense powers may also be freely employed for ends that threaten national
security. The way in which the Koch brothers have already exploited their
resources to promote skepticism about climate change should serve as a warning.
The problem is compounded by the exceptional form of corporate governance that
the Big Five have been allowed to maintain. Even though Facebook and Google
are publicly traded companies, their founders, Mark Zuckerberg of Facebook and
Larry Page and Sergey Brin of Google, have a more than 50 percent vote on their
respective boards—that is, effectively total control.
In Klimburg’s view, the national security community has irresponsibly
overdeveloped its offensive powers in cyberspace. As far as its pursuit of
dominance in military and intelligence capacities goes, this may be true. But by
giving Silicon Valley irresistible commercial incentives to develop military
technologies, the government has, at the same time, surrendered unparalleled
power to private corporations. Extensive control of information has been handed
over to unaccountable global corporations that don’t profit from the truth. It’s
currently laughably easy, as Vladimir Putin has brazenly shown us, to spread
foreign propaganda through the platforms they operate. But even if they can
develop mechanisms to prevent the spread of foreign propaganda, we will still be
heavily reliant on the goodwill of a handful of billionaires. They are, and will
continue to be, responsible for maintaining the public’s confidence in information,
preserving forms of credibility that are necessary for the health and success of our
liberal democratic institutions.
Zuckerberg, in a well-known incident he now surely regrets, was asked in the early
days of Facebook why people would hand over their personal information to him.
He responded, “They trust me—dumb fucks.” We’re finally starting to appreciate
the depth of the insult to us all. Now we need to figure out how to keep the
corporations we have supported with our taxes, data, and undivided attention from
treating us like dumb fucks in the future.
