Stop the outsourcing of national security to social media

Imagine reading this:

“Twelve months before the election, the Russian security services were authorized to spend $1,000,000 on ‘spoiling operations’. News stories were planted, editorial comment encouraged, rumors whispered, and fake social media accounts created.”

Congressional investigations would launch.  News anchors would report breathlessly on the latest evidence of “collusion.”  The FBI would be pressured to investigate. Fingers would point at social media companies for “allowing” such a travesty of justice to happen on their watch.

Except this didn’t happen in the 2016 elections. 

{mosads}It happened 46 years ago in Chile. And it wasn’t Russia or the FSB (the Soviet Union and KGB as it was affectionately known back then). It was the United States and the CIA.

In his autobiography “A Look Over My Shoulder: A Life in the Central Intelligence Agency,” Richard Helms, described how the CIA accomplished this. “Posters were printed, news stories planted, editorial comment encouraged, rumors whispered, leaflets strewn, and pamphlets distributed.”

Influencing elections isn’t a new tactic. The use of social media is only a new tool in a long-running influence war. To single out platforms like Facebook, Twitter, Instagram, Google and others is short-sighted. 

No nation has ensured free, fair and open elections through finger pointing. To put the onus on the shoulders of these companies is to outsource the security of the United States. It isn’t their job to be the front line of defense.

Nor can one defend themselves in cyberspace when deprived of the very information they need. Reasonable people understand the need for government to keep a certain amount of secrets. What they don’t understand is the excuse “There’s too much data. We’re overwhelmed.” Try that excuse during an IRS audit.

It recently became public knowledge that the FBI was aware of Russian hacks into the private email accounts of government and military officials, but sat on the information for over a year. Their own policy states, in part, “Because timely victim notification has the potential to completely mitigate ongoing and future intrusions …CyD’s policy (Cyber Division) policy regarding victim notification is strongly designed to favor victim notification. Even when it may interfere with another investigation or USIC operation, notification should still be considered…“

Out of 80 interviews done by the AP, only two got a heads-up from the FBI. The targets included current and former government officials from the Office of the Director of National Intelligence, North American Aerospace Defense Command, Defense Intelligence Agency, Air Force Intelligence, National Geospatial Intelligence Agency and more.

Transparency is a two-way street. The vast majority of private sector companies with bad actors on their platforms cooperate willingly with federal authorities (there are always notable exceptions). Is it too much to ask that the FBI follow its own policy of notification?

Government needs to make sure tech companies are partners by design, and not adversaries. If government was half as responsive as the private sector, Congress would fund another 500 FBI agents. Yet Facebook is already hiring another 1000 people to review political ad purchases.

There is another way to solve a common problem, and that is to work together. The desire to influence future elections, or attack our critical infrastructure, isn’t going away. You take the world as you find it, not as you wish it was. 

Create a model to allow the private sector to war game future threats in cooperation with the government. Share information and intelligence. The government could stop more attacks if they would quit hiding behind the cloak of secrecy about “sources and methods.” While it sounds sexy, no one really cares where the information comes from, or from who. What the private sector wants, including state and local law enforcement, is the what and when. 

World War II was won as much by production of rifles, bullets and airplanes as it was the military who used them. No one expected the factory worker to parachute into Normandy and fight the battle. But they were all part of the same team.

Don’t expect Facebook, Twitter, Google, Instagram or YouTube to be the only front line of defense. Instead, work together and unleash the awesome power of innovation. Stop the threats before they start. Show our adversaries the bloody nose they’re going to get if they foolishly try to attack our Republic again.

The bully usually quits when you fight back. So, let’s fight back instead of each other.

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.