My understanding is that authoritarian regimes take information security very seriously. To these regimes, information security involves controlling information that can be a threat to the regime–e.g., information that reveals corruption or violation of human rights. But democratic countries should also care about information security, too–albeit using a different definition. In democratic societies, I think information security should involve protecting public discourse from malicious information warfare, while ensuring that accurate information plays a central role in the discourse. Who will be doing the “protecting?” In my view, the independent press will play a key role in this, and possibility academics and think-tanks. Here are some quick thoughts about this:
1. We need to have a national discussion, reaffirming the importance of fact-based opinions that rely on sound arguments. Part of the discussion should involve defining and clarifying these concepts. We should also have a discussion about what constitutes poor arguments and the reasons conspiracy theories are dangerous;
2. We should think of the free press as vital to our national security. Our democracy depends on a strong, independent free press–one that operates with high journalistic standards and has a steady flow of resources. Ideally, I’d want to find a way to devote resources that aren’t so commercial in nature.
3. We may need to think of creating different institutions, tools, or methods to help insure information security.
4. Idea: Offline project. Create news parties or discussion groups, targeting people on social media. Organizers would discuss information warfare, current false stories, etc. This offline projects can make individual citizens more resilient to information warfare.
5. Create scorecards for news agencies and journalists–that are posted on the internet and follow the avatars/accounts of both on social media. Scorecard will reflect how closely they live up on journalistic standards. Agencies or journalists that have a history of blatant propaganda and lies can also receive such a designation as well; there can also labels that reflect various degrees of this.
6. Scorecards could be made up by a professional journalism organization, like a bar association or professional guild. The organization should be made up of a diverse group–politically, socially, economically, ethnically, etc. (Various nations and politicians can be scores as well.)
Both #5 and #6 are ways to creating filters with credibility. The institutions and individuals that have a history of good, reliable journalism deserve more trust (not blind trust), and the scorecards are a way for individuals to identify these groups and indivdiuals.
14 thoughts on “What Does Information Security Mean in a Democracy?”
Monetary Incentives That Decreases Information Security
If this is correct, this feature of youtube dovetails nicely with the objectives of any actor that wants to manipulate and poison our information space. This isn’t just about the health of our democracy, but a national security issue. Or, to put in more accurately, they’re both the same thing.
I’m not sure if this is the best place for the following thread, but it’s close enough:
Some passages from the article:
Kogan collected a lot of data from Facebook:
More about Kogan
One thing that stood out in the video. Nix talks about ways CA hide the fact that they are involved in an election, citing posing as “students doing research projects attached to a university.” I have to check, but I believe Alex Kogan, one of researchers(?) at CA, has some grant or connection to St. Petersburg University (in Russia).
Interesting points about whether Cambridge Analytic’s techniques/methods are bunk and why that’s not really relevant:
I think separating acceptable from unacceptable practices of campaigning is important, because not all of the techniques that use social media and data are inappropriate. For example, I don’t think a lot of what is mentioned below is out of bounds:
These activities become questionable and maybe worse, when individuals don’t know or don’t consent for their data to be used, and when a campaign attacks an opponent using false information or bad faith arguments. This last point brings up an important differentiation–namely, campaign practices that are distasteful and even harmful to a democracy, but don’t necessarily pose a serious threat to democracy or national security. For example, a political campaign will always spin information to frame opponents in the most negative light, using an approach that is distorting and not always intellectually honest. Campaigns will appeal to emotions, like fear, in a quasi-demagogic or racist ways, to win elections as well. These are less than ideal tactics for a democracy, but employing them doesn’t necessary pose a threat to the entire democracy or even national security–at least not in the past.
Now that we have adversaries that seek to erode liberal democracies, by encouraging mistrust in democratic institutions and leaders and by poisoning the information space, we might to re-think all of the tactics above.
Why Information Vulnerability is an Issue
I’ve talked about this many times, but I want to briefly mention it here. The following short video made me think of this issue:
Why are we struggling to agree upon relevant facts (at least in poiltical discourse)? To me, the primary answer for this is the internet. Here are the steps leading to where we are now:
1. Internet increases flow and sources of information. That is we have more voices besides the traditional gatekeepers. This weakens the authority of traditional gatekeepers.
2. The internet dries up the revenue stream for print journalism, weakening a key gatekeeper or information filter.
The next point is something I may not have discussed much. How do individuals in a nation find consensus over the key facts of an issue? Off the top of my head, I’d say the people rely on the authority of gatekeepers. The two that come to mind are the news media (including periodicals) and political parties. If these institutions lose their authority, then agreement upon the relevant facts starts to erode.
An important point here is that agreement doesn’t derive largely from large numbers of individuals thoughtfully and critically identifying the relevant facts. In other words, if we increased the number of critical thinkers in the society, I don’t think that would have as much impact as if gatekeeping institutions had more authority and trust.
If this is correct, strengthening old gatekeeping institutions and/or developing new institutions or processes will be a crucial way of providing information security.
If this were completely true, I don’t think you would keep sharing tweets by people you seem to find credible. While many of these people established cred through traditional gatekeepers, you’re relying on that cred even in the absence of gatekeeping for these specific items. So there is a way for people to be credible without an institutional gatekeeper, unless you’re calling these people gatekeepers themselves. But I don’t think you are, because that’s what other people do, which is leading to all this confusion.
They’re gatekeepers for me, but not for people of all political persuasions. I didn’t make that clear. Of course, every individual can–and does–choose an individual, institution, or entity to fulfill a gatekeeping role, but we need ones that large numbers of people, left, right, and center, see as authoritative and trustworthy. Or am I misunderstanding what you said?
No, that makes sense. So it’s okay to have personal sources of credible facts, as long as there are some generally agreed-on institutional sources as well? This still sounds like what’s causing the problem you propose.
Well if those personal sources of information have equal or greater authority and legitimacy than those institutional sources–sources that appeal to a big, diverse group–then yes, that would be a problem. We need sources that large, diverse group of citizens trust and view as authoritative.
I read the thread, but not the entire article, yet. But I wanted to post a link here before I forget. Also, I wanted to write a thought that came to mind (which I probably mentioned before): The current information landscape is the Wild Wild West. I guess libertarians like Mitchell or even anarchists like this. But there’s a dark side. In my view, we need rules, norms and enforcement, otherwise the people with bad intentions will do a lot of damage.
(I haven’t read this yet, but I want to. Leaving this here to read later.)
This conjures up a thought I’ve been having about the similar problems that exist in social media and traditional media. Namely, the way profits drive the work and culture of both, and the direct relationship between profits and outrage, gossip, sensationalism, and extreme ideas, and the inverse relationship between profits and complexity, nuance, civility and ambiguity.
I’m not sure if the problem I’m talking about is related to the mainstream journalists being duped by the GRU–maybe it’s not really related, but the commercial nature of both social and traditional media is something that a willing and unscrupulous actors can definitely manipulate–to the detriment of the public square and political discourse of a democratic society. I think we really need to address this as a society.
I thought I started a thread about breaking up the internet into smaller pieces–creating an intranet for states and cities, which would not be connected to the world wide web. Either I didn’t write the thread, I failed to find it, or it’s on the old site. In any event, one of the main reasons for doing this was for security purposes. I thought of that idea when I saw this tweet, and article:
Here’s the impression I got from just reading the tweet: Russia understands the vulnerabilities of the internet to a nation’s security–that is, they know how adversaries and bad actors, foreign and domestic, can weaponize the internet to be a huge threat to a nation’s security.
Reading the article, several lines reinforce this impression:
I suspect Russian government is doing this to gain greater control over their citizenry–and my guess is that most Western critics are going to emphasize this aspect. While this is a bad thing, I think they fully understand the security ramifications–and we do not.
The idea of building a backup internet for the U.S. seems like a sound idea to me. I wonder if we’re even thinking of doing this. By the way, if Russia does do this–either cut themselves off from the internet, and create an internal/domestic one, or they create a way a backup–this will allow them to attack other countries with impunity.
I really dislike the NRA. But let’s suppose a hostile foreign power (or an individual or group that wanted to weaken the U.S.), got the documents* and found a way to get it to the press. My understanding is that if the information is newsworthy, the press generally doesn’t care about the people, reason, or means by which the document was obtained. But if hostile enemies know this and then strategically gets to the information to the press to damage individuals, increase polarization, draw attention away from something else they don’t want people to pay attention to, or something I haven’t thought of–then doesn’t the press have to rethink whether to release this information or not? I think they have to–even in a situation like this, where an organization I despise receives the damage. Citizens shouldn’t accept this type of manipulation just because they oppose the victims of information warfare–the victims could actually be the entire nation. And the press can’t just think about whether the information is newsworthy or not. I think they have to see themselves as active parts of the information warfare. If they take on a more passive role, enemies can easily manipulate them to achieve their goals.
(*Possible ways they could get documents: theft, have someone under their influence get the documents and give it to the press)
We’re failing at information security
My thoughts turn back to evaluating sources of information–focusing on the track record and reputation based on journalistic standards. Citizens should also try to only pay attention to sources that have a proven track record and basically ignore the rest or view it with caution. (This last bit feels like telling people to ignore bad TV.)