Tech Companies Must Do More to Secure U.S. Elections from Authoritarian Interference

2018-09-05T09:41:48+00:00
September 5, 2018
Director, Alliance for Securing Democracy
Director, Alliance for Securing Democracy
|

With only two months until the November midterms, Silicon Valley’s efforts to secure our elections from authoritarian interference have been more talk than action. Recent steps by several tech companies to uncover and expose interference operations and cyber-attacks via their platforms are welcome, if belated, steps to move beyond the gauzy public relations campaigns that have unfortunately characterized much of Silicon Valley’s response. 

As executives of Facebook and Twitter return to Capitol Hill to testify this week, members of Congress should continue to demand that the platforms reform and make themselves more transparent, especially to their users, who continue to be pawns caught between profit-making impulses of tech titans and the exploitative efforts of foreign adversaries as well as corporations and others domestically who seek to manipulate Americans online.

Congress should push the companies testifying to increase cooperation between one another. The companies need to share information more systematically and standardize policies to defend against foreign disinformation campaigns.

Authoritarian regimes wage cross-platform influence operations, yet the companies often respond to them using different standards and policies. For example, each company has its own rules about the disclosure of political advertisements on its platform. In 2016, lax corporate policies allowed the Russian Internet Research Agency (IRA) to purchase political ads during the presidential campaign without any scrutiny by the platforms.

The companies also have their own rules, standards, and definitions when determining whether to close inauthentic accounts and remove harmful content, and until recently have not shared information sufficiently with law enforcement and other companies in order to better identify and remove inauthentic accounts. In one example, according to press reports, the FBI began tracking “Alice Donovan,” a persona used by Russian military intelligence hackers to leak stolen information from the Democratic National Committee during the 2016 campaign, in the spring of 2016. But “her” page was live until The New York Times approached Facebook about the account in September 2017. Yet despite press reports and Facebook’s removal of the account, Twitter did not shut down Donovan’s account on that platform until after Special Counsel Mueller publicly identified the account in his indictment of Russia’s military intelligence service.

The recent release of data by Microsoft and Facebook on Russian cyber and information operations targeting U.S. political candidates, campaigns, and other organizations — as well as announcements by Facebook, Twitter, and Google that they shut down hundreds of fraudulent accounts coordinating influence operations for the Iranian government show that the companies are beginning to attempt to change, but much more needs to be done to deal with an evolving threat.

So far, companies have largely acted only when faced with congressional scrutiny, public pressure, and falling stock prices. Government and civil society must be allies in the common cause of securing our democracy. Most of what we know about the IRA’s activity to interfere in our political system, for example, has come from government investigations or independent researchers. Microsoft and Facebook’s recent release of data should be the rule, not the exception. Furthermore, a formal mechanism for public-private cooperation, drawing on existing models on counterterrorism, cybersecurity, and financial integrity, should replace ad hoc efforts to date.

Most importantly, the platforms need to be transparent with their users. The American people are in effect now pawns in an expensive game. Their data and personal information are being marketed and sold, often to the highest bidder, without their awareness. Most citizens do not understand that they have implicitly consented to their favorite social media platforms turning them into the product, the exact opposite of cost-free access social media.

The platforms need to provide users with greater context about the origin of information they see online, why they are seeing that information, and disclose whether an account providing that information is automated while still protecting anonymity online. An informed citizenry needs to have more control over how they view information and not be at the whim of companies that only have their own corporate profits in mind, not the common good.

Government must play its part, by passing bipartisan legislation to secure our elections infrastructure, requiring the purchasers of political ads online to declare themselves, and by improving America’s deterrent posture against foreign adversaries that attempt to interfere in our democracy. 

Yet the social media platforms have a special responsibility. Their carelessness and unwillingness to address the inherent vulnerabilities created by their platforms helped to create a breeding ground for malicious activity in 2016 that continues to this day. Congress must keep up the pressure on them, even as the companies begin to take steps to address the problem.

The American people deserve the pillars of a free market democratic society — from government to corporations — working in concert to halt the use of these platforms to attack the most sacred institutions of our democracy. Doing so is essential to our national security and will be a step toward restoring declining consumer confidence in Silicon Valley.

 

The views expressed in GMF publications and commentary are the views of the author alone.