SPECIAL SERIES:Cybersecurity: The Next Great Battlefield
In this series of articles running through July, RealClearPolitics and RealClearDefense take an in-depth look at the intersection of cybersecurity, technology, and warfare in the 21st century. Below is Part 3.
Six years ago, while describing the inexorable march of progress, President Obama casually slandered one of his predecessors, Rutherford B. Hayes. In Obama’s telling, Hayes was a hapless Luddite who, when confronted with the newfangled telephone, muttered, “It’s a great invention, but who would ever want to use one?”
“That’s why he’s not on Mount Rushmore -- because he’s looking backwards,” Obama continued. “He not looking forward.”
Not to sound pedantic, but the 19th U.S. president isn’t on Mount Rushmore because he was an accidental president who served a single, uneventful term. If Hayes is remembered for anything, it’s for prematurely pulling federal troops from the South after the Civil War. As for that line about the telephone, in today’s parlance it would be called “fake news.” Rutherford B. Hayes, who had the first telephone installed in the White House, loved technology. What he really said while testing the device with its inventor, Alexander Graham Bell, was: “That is wonderful!”
In addition, because he had trouble making out all the words being spoken over this rudimentary device, Hayes added, “Please speak a little more slowly.”
Pumping the brakes on change is an understandable impulse, but it’s not what new technologies do. They speed things up, often with unpredictable, highly disruptive results. At the dawn of the Internet Age, for example, it was hoped that the World Wide Web would bridge human differences in age, gender, race, religion, and nationality. How well has that worked out? Ask GoDaddy and Google, which have had to wrestle with the ethics of giving neo-Nazi groups space on their platforms.
When Mark Zuckerberg testified to a joint Senate committee on Capitol Hill Tuesday, the technology gap between Facebook’s 33-year-old founder and the well-seasoned senators on the dais was conspicuous. Utah Republican Orrin Hatch, elected to the Senate more than seven years before Zuckerberg was born, didn’t seem to realize that Facebook ran ads on its site. When Roger Wicker of Mississippi asked a question that elicited a response from Zuckerberg about Internet “cookies,” he was met with blank stares from several senators on the panel.
What did you expect? This is Washington, D.C., not Silicon Valley. Two years ago, a Government Accountability Office review of the federal government’s technological systems uncovered shockingly outmoded equipment and software. The U.S. nuclear arsenal was under the control of a vintage computer system that used 8-inch floppy disks, along with a communication network using “assembly language code,” which was developed in the 1950s.
Then there was the Pentagon’s Strategic Automated Command and Control System, which, as the GAO noted, coordinates “operational functions of the United States' nuclear forces, such as intercontinental ballistic missiles, nuclear bombers, and tanker support aircrafts.” It was being run -- this was 2016, mind you -- on an IBM Series/1 computer, a machine that was state-of-the-art when it was first introduced 40 years earlier.
In 2009, Zuckerberg described the philosophy he’d been imparting to his company’s software developers in rah-rah language that provided a stark contrast to the tortoise pace of innovation in Washington. “Move fast and break things,” Zuckerberg told his coders. “Unless you are breaking stuff, you are not moving fast enough.”
“Move fast and break things. Unless you are breaking stuff, you are not moving fast enough.”
By 2014, while on one of his periodic apology tours, Zuckerberg realized that this mantra was impolitic. He downplayed it and revised it. In truth, it was a pretty good working definition of the ethos that has reigned in Silicon Valley for a long time. Before “move fast and break things” came the quest for the “killer app.” Before that, the Holy Grail was simply known in the Valley as “the Next Big Thing.” Contrast such attitudes with the prevailing M.O. in Washington, where the approach to substantive change might best be described as “with all deliberate speed.”
That wording comes from a famous Supreme Court decision, Brown v. Board of Education, in which the high court ordered the integration of America’s public schools. They did this, just to put it in perspective, nearly 100 years after the Civil War ended. Even then, “all deliberate speed” took another 14 years before much of the South complied.
In other words, the radically different pace of innovation between government and private industry -- particularly the tech sector -- is not an academic question of rival cultures. It’s a real problem, with blame in each camp, and it helps explain why the U.S. government has been slow responding to cybersecurity threats and also why the techies have been so blasé about these weapons they’ve created.
When Arizona State University professor Braden Allenby explains how the data mining and political consulting firm Cambridge Analytica used Facebook’s personal information in the 2016 on behalf of Donald Trump’s campaign, he invariably gets incredulous questions from the tech-savvy millennials in his class: Why didn’t President Obama or the Hillary Clinton campaign do more to counter it? And how could Facebook claim that none of this impacted the election?
“The answer,” Allenby says, “is that the cycle time of technological change -- especially as cutting-edge behavioral economics, video technology, and AI-based big-data analytics using Facebook data came together with some playful Russian postmodernist KGB types -- caught everyone by surprise.”
“The difference is that the techies, who were used to that rate of change, got it,” he adds. “The pols didn’t.”
One can overstate the case. Certainly, the Central Intelligence Agency and National Security Agency use cutting-edge technology in their black box capers. As University of Illinois professor Robert W. McChesney mentioned in an email exchange with RCP, the Internet itself was created by the Defense Advanced Research Projects Agency -- and Silicon Valley and private-sector tech companies elsewhere have “extremely lucrative” relationships with U.S. military and intelligence agencies.
“Some of our federal agencies have been, and are, bankrolling and encouraging these same disruptive technologies,” McChesney noted. “DARPA continues to drive an inordinate amount of innovation [in areas such as] AI and robotics.”
That said, the inability of the federal government to protect its own agencies from foreign hackers has been a national embarrassment, with potentially devastating consequences. Among the agencies in which personnel files were accessed in 2014 -- dubbed the “year of the hack” -- was the White House, the State Department, Department of Health and Human Services, and the Nuclear Regulatory Commission.
The next year was even worse. In 2015, the Department of Defense was accessed by hackers, as were the computers of the Federal Aviation Administration, the Internal Revenue Service, and the Office of Personnel Management, which coughed up employee information on some 22 million current and former federal employees.
Earlier this year, nine Iranian hackers were indicted by the Justice Department for a hacking spree that went on from 2013 to 2018 and which broke into 144 American colleges and universities, nearly 50 private companies based in the U.S. and Europe, and five U.S. regulatory agencies, including the Labor Department, the Federal Energy Regulatory Commission -- not to mention the United Nations.
"That type of criminal activity does not just cause economic harm. It also threatens our national security."
“That type of criminal activity does not just cause economic harm,” Deputy Attorney General Rod Rosenstein said in announcing the charges. “It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice.”
Digital communication wasn’t supposed to go this way. DARPA may have invented the thing, but control of it was wrested rather quickly by “the community,” as early users thought of themselves. And this community recoiled at the very idea of government oversight. In 1996, John Perry Barlow, a programmer, philosopher, and former lyricist for The Grateful Dead, put it this way in the opening lines of his famous “Declaration of Independence of Cyberspace”:
“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.”
Except that this avowal has proven so naïve as to be dangerous. The pioneers of the Internet were not malicious. Far from it. They were idealistic to a fault. But their own lack of malice blinded them to how easily their tools could be used by other users with nefarious intent. Or misused by tech companies founded by ambitious prodigies whose wizardry with software instilled a hubris so profound that the result was the destruction of the very concept of personal privacy -- at least for users who availed themselves of social media, the Internet, or even email.
The subtext of this week’s congressional hearings, then, was comeuppance, which Mark Zuckerberg knew full well, as evidenced by his opening statement. But expressions of contrition are not going to be enough to satisfy Facebook’s many critics. Sen. Lindsey Graham, for one, walked Zuckerberg through his paces Tuesday, demonstrating that in any way that matters to consumers, Facebook is a monopoly. In a subsequent written statement issued by his office, Graham spelled out where he is going: “self-regulation” of tech companies in general, and Facebook in particular, clearly hasn’t worked.
“Contrary to Mr. Zuckerberg’s assertion, Facebook is a virtual monopoly,” Graham added, “and monopolies need to be regulated.”
<iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/423891426&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe>
Even those critical of Silicon Valley’s heedless approach are skeptical that this is the answer. Brad Allenby’s boss, Arizona State University President Michael Crow, said in an interview that using the regulatory tools employed against heavy industry in the early 20th century against a company that is essentially a data collection platform would be unlikely to work, and might make things worse. It’s not Facebook’s size that is the problem, it’s its willy-nilly habit of sharing information -- and letting its data be misused or ripped off -- problems that are standard procedure in the tech industry and which wouldn’t go away if Facebook were broken into pieces.
Facebook began, as Zuckerberg reminded the senators Tuesday, on a college campus. With 72,000 students, Arizona State is a juicy target for digital hucksters, and Cambridge Analytica approached Crow three times before the 2016 election in attempts to get its hooks into the ASU community. Based on an uneasy feeling, Crow turned the company down, and chuckles aloud when told that if he had decided otherwise he might have been seated next to Zuckerberg at the witness table this week.
But if the goal is bridging the cultures of tech and government, the way forward is not yet clear. “All technology can be used for good or for bad,” Crow says. “And Silicon Valley culture is powerful, but its concepts are too narrow. It doesn’t think in a real-time way how its innovations can be misused, or how they should be applied.”
Yet all the hubris doesn’t flow from one direction. Twenty years before the Russians meddled in a U.S. presidential election, Congress defunded and closed the Office of Technology Assessment -- with the acquiescence of the Clinton administration. This $22 million agency was targeted by the Republicans’ 1994 Contract With America. Many of those Republicans, and even more Clinton administration veterans, surely wish they could get a do-over on that vote. The point here is that both cultures, Washington and Silicon Valley, could use a new mantra. It might not be sexy, but it could be more effective: How about: “Move fast – but not too fast – and fix things.”
Carl M. Cannon is the Washington Bureau Chief for RealClearPolitics. Reach him on Twitter @CarlCannon.