Society is Like a Stew

“Society is like a stew. If you don't stir it up every once in a while then a layer of scum floats to the top.”  Edward Abbey would condone the recent revolutions, if he decided to care at all.  In the light of all these revolutions and criticism of social media, most of the discussion has focused on how we shouldn’t use technology.  There has been little discussion on how to effectively use social media as a revolutionary tool.  To do so, we need to look at the downfalls of social media and how to counteract them.  We can also review successful uses of social media for inspiration.

Malcolm Gladwell has pointed out that previous attempts in fighting organized hierarchies required an equally organized effort.  Social media has caused a trend where a movement can gain mass appeal before an effective leaderships are established.  Recently, I have studied our previous efforts against the Colombian drug trafficking organizations and our current efforts in Mexico.  There has been an effective strategy at eliminating the present and future leadership, which causes fragmentation and disorganization of efforts.  The same applies to protest movements, except it no longer requires an effort by government to disrupt leadership.  We are doing it by ourselves.

Many critics of social media believe the nature of the technology inspires disorganization.  However, I believe it is more related to the speed at which the movement gains followers.  It moves at a pace beyond the human ability to keep up.  Although he's better described as a naturalist, Edward Abbey came to mind during our class discussions on technology:

“Life is already too short to waste on speed. I have a friend who's always in a hurry; he never gets anywhere... The utopian technologists foresee a future for us in which distance is annihilated. … To be everywhere at once is to be nowhere forever, if you ask me.”

                            -Edward Abbey in Desert Solitaire

Abbey is not so well at being concise and I had to remove a few sections, but his point drives through.  I am not a naturalist, nor a neo-luddite, but I do recognize the modern dangers of sparking a movement. Revolutionaries should take online marketing strategies as an example to follow.  Before any online marketing campaign is initiated, there are months of preparation.  A comprehensive strategy is devised and goals are meticulously laid out.  Then, once it is implemented and goes public, the company continues its traditional advertising.  Online strategies are low-risk and low-cost only if implemented correctly.  It is enticing to use technology in replace of the higher-risk methods and it takes experienced individuals to know better.

As the commercial world demonstrates, an effective strategy is needed before implementing a revolution.  Also, social media should not replace the traditional, high-risk methods of activism.  I have previously also mentioned how social media reduces operational security.  It may have many faults, but if social media is used correctly, it can be a powerful tool.  For example, Egyptian protesters were effective because they had a clearly defined goal, employed physical protesting methods and reached out to a group with a similar goal, the military.  Keeping protests online makes efforts less secure and also prevents participation from non-internet based groups, like the military, that may have a similar cause.  The military’s role was instrumental in pressuring the resignation of Mubarak and their involvement may have been less likely if the protests were purely digital.  Ultimately, the outcome of the revolution could be viewed in two ways.  Either the military used the protestors as groundwork for overthrowing Mubarak or the protestors worked alongside the military to achieve similar goals.  The point remains that the protestors weren’t solely responsible for the success of the movement.  Social media is a powerful tool to create support for a movement, but that support is useless without traditional protest methods.  Relying too much on technology may cause movements to miss out on strategic opportunities and may ultimately lead to failure.

Making Information Useful

The internet has opened up the world to a sea of information, creating both difficulties and opportunities for data hungry organizations.  While information may be accessible, separating the relevant from the irrelevant has become a problem that sparked the creation of a multi-billion dollar industry.  Pioneers, such as Google, still pave the way in developing innovative methods to find relevant information. Google has been extraordinarily helpful at turning my unintelligible statements into articulate searches.  Online memes have even been established based on how abstract your search can be, while still returning useful data.  In order to make sense of the jumbled mess of information online, innovation has presented impressive ways to collective, analyze and present information.

A library could be dedicated to the books studying the science of information visualization.  There are popular sites like Prezi, which change the dynamics in how we can connect information.  Further research finds the core technologies driving software innovations like Prezi.  Deep zoom technology is one such technology.  It has created a method to take images and view them at multiple zoom levels without compression or heavy data loads.  It’s better shown than described:

This technology has been mostly used by photographers and designers in the commercial world, but the business applications are vast and untapped.  The above link demonstrates how multiple information sources can be seen at once.  While I can't post them, I have several projects that have gone beyond the abilities of this Photosynth by linking relevant data sets based on multiple variables.  The technology is still in its infancy and offers possibilities that have only begun to be imagined.

There have also been innovations in the more broad pursuit of aggregating available data.  There are online services that automatically extract and link data sources, allowing a more comprehensive understanding of an issue.  Silobreaker has been a pioneer in offering this service for free.  However, there are many companies, such as the ones featured in my OSINT post, which can provide analysis beyond showing relationships.

Information online is viewed in layers. There is underlying content “beneath” the visible data that we see in our everyday online activities. Traditional search services lack the ability to mine through the all layers of information on the net, so a niche was born.  Sites, such as Pipl, have developed methods to dig up that hidden data and connect it with data on the visible web.  “Data mining”, as it’s called, has become so complex that I have a bookmark folder full of specialized search engines.  With the web barely in its adolescent years, I wonder what more a mature internet will require in order to navigate its information.

Open Source Intelligence

In a recent conversation, a business associate began describing to me the old “cloak and dagger” days of competitive intelligence.  It was time intensive, very active and required much more innovative thinking.  In his eyes I was spoiled by the internet’s ability to find information easily and quickly.  In one of his stories, a company was providing him figures that didn’t match up with the amount of product the company’s clients were receiving.  It may have been slightly more complicated than that, but it’s safe to say something didn’t add up.  One step he took to investigate the discrepancies was hiring a plane to fly over the company’s building during working shifts.  He counted the number of cars in the parking lot and was able to guess approximately how many workers were on duty.  That, combined with other methods, led him to believe this company was grossly exaggerating their output.  Modern methods make this a far more simple process.  Gathering publicly provided information is a low risk and often high reward method of intelligence collection.

This collection method is called Open Source Intelligence (OSINT) and previously meant governments crawling through foreign newspapers and TV news reports.  It still does.  However, technology has increased the scope and tempo of this process.  It has become more complex, since blogging and other social media have decreased the ability to determine what is credible.  Disinformation is easier to implement and more difficult to identify.  The complexity of the problem has gotten so large, the Director of National Intelligence created an open source center to collect information available from “the Internet, databases, press, radio, television, video, geospatial data, photos and commercial imagery.”  Fortunately, they have established Facebook to ease this process, saving them millions of dollars. (For all of you conspiracy theorist, that was a joke)

While the government hasn’t established Facebook, they have funded and (possibly even created) several companies that seek to make it so the average intelligence officer doesn’t have to read that you just made waffles for breakfast.  Recorded Future and Visible Technology are two such companies that automate the process of aggregating data and finding meaning for that data.  The first time I heard about Recorded Future I mentioned it to an ex-intelligence officer, asking whether they have heard of it.  Later I found out that it was probably created by the Intelligence Community.  Those moments when you realize how little you truly know are quite humbling.  I’m sure automating such a process is highly complex.  How can you automate deception detection?  What about important information that slips through and does automation truly replace a human analysis? How do you scale the process to the needs of the project?  

It is one of my geeky dreams to see the Open Source center in operation one day.  It’s funny that many must begrudgingly show up to work there every day as a 9-5 job (although I’m sure it operates 24/7) and here it’s my aspiration to catch a glimpse of a room there.  It is amazing that meaning can be found by combining a bunch of meaningless information.  After researching and learning so much about Open Source Intelligence and its possibilities, I wonder what kind of countermeasures will come out.  There is the one brave man who started an identity protection service, known as LifeLock, and advertised it by posting his social security number.  Even as the CEO of LifeLock, his identity was stolen over 13 times.  I have a feeling that countermeasures to this won’t come from technological advances.  Similar to James Lewis’ belief that a more sophisticated cyber-defense will only result in more sophisticated attacks, regular people can’t rely on technology or services to protect their identity.  We must change how we work and view technology to truly protect ourselves.  Maybe I’m wrong and I most likely am.  Time will tell and until then I’ll just try not to end up like this guy:

http://www.wired.com/threatlevel/2010/05/lifelock-identity-theft/

Social Media Surveillance

The increasing use of social media has caused many disadvantages in operational security.  Facebook and Linked-In are two tools I am familiar with using to research individuals and companies.  While researching people or organizations, every bit of information can lead to more information online.  Even if the target is security conscious, it is very likely an associate is less careful and open for exploitation.  People can control certain outlets of information, but they cannot control them all.  Speaking agendas, competitions, public records and employer websites are some of the few sources that can reveal detailed information about an individual without that person’s knowledge.  Deep search engines have exploited this layer of data and have developed simple tools to search multiple sources with little previous information.  Privacy is a thing of the past and the only thing protecting it today is indifference.

Stratfor provides a good overview of the situation here.

These indirect or “deep” sources aren’t really even necessary to find information on a target.  People love to hand out their information.  Like I observed in a previous post, it has become a reflex for individuals to post private information in public forums.  We love to communicate our hobbies, favorite bars, accomplishments and goals. Think about the personal information that you can find about yourself with a simple Google search.  For example, some of the students in this class have posted their intention to apply to the CSIS internship in their blog.  Already, these students could gain the advantage of knowing their competition.  The more technology is a part of our lives, the faster our information becomes digitally available.  Overtime, this leads to an established online presence that can easily be exploited through simple measures.   

 

I never completely understood why some people post the things they do on Facebook.  Like Seinfeld says, “it is very important for people to feel like they are popular and well liked amongst a large group of people we don’t care for.”  Many friends and associates have lamented at employers requiring them to hand over their Facebook.  I remind them that this is just to expedite the research and a knowledgeable person would find out what they needed whether they cooperated or not.  They should have been more careful with what they chose to put on Facebook in the first place. Working as a locksmith, we had a common saying that locks are designed to keep honest people out (or in).  Privacy controls are like door locks.  Just because you set that Facebook picture to private, doesn’t mean that someone can’t view it with a little effort.  Once it is online, it is in a public sphere that many can easily access.  Even if some information seems trivial, it may lead to more valuable information or provide insight when combined with other data.

A person’s network of associates is extremely valuable and often public information.  The website Linked-In practically hands over a targets dossier, with detailed job descriptions and listing of associates.  Similarly, it is easy to find current or past disgruntled employees of a specific company through sites listing employment history.  Social Network Analysis is a method employed by intelligence agencies to identify both entities and the relationships between them.  In the past this required some effort to obtain, but nowadays we have pretty much done most of the grunt work ourselves.

Despite the availability of private information, we are protected by indifference and the sheer mass of information available.  An independent researcher may find it interesting you are currently smashed at your local bar, while the government probably couldn’t care less.  I’m sure the processes listed here are automated on a massive scale, built to filter out all the junk that we post.  Of course, as soon as something is automated it can be tricked, which brings in a whole new set of issues.  I've talked about James Lewis and his contributions to cyber-security policy in previous posts.  James Lewis may be correct in believing increased cyber-security decreases privacy, it’s also true that the openness of the net has decreased privacy already.  We are only living in an illusion of privacy, which could be far more dangerous.   

Post-CSIS

I both fear and anxiously await working in my profession, whatever that may be.   The challenge presented by the trip to CSIS was inspiring.  I have had to work in a stressful and constant profession for a short time, so I was slightly prepared for the long hours and conference like format of the presentations.  I was not prepared for the level of discussion.  One of the most repeated benefits of think tanks in our readings was their ability to raise the quality of policy debate.  Experiencing that first hand helped me truly understand what it meant.  Each of our speakers was an impressive display of intelligence, knowledge and experience.  The CSIS articles that I’ve read were only a shadow of the people that wrote them.

One of my first observations was how recent their data was.  It is odd to consider how late we are used to receiving information.  Normally, when we read textbooks or reports, the information is already a few months or even a few years old.  That wouldn’t fly in D.C.  Some of their statistics were just a week old.   I know during my research for Mexican Drug Cartels, we would find information that was only a couple months old and begin working it into our policy recommendations.  Then a more recent source would pop up and completely change the basis we began an argument on.  I can’t imagine how frustrating it must be to create policy on an ever changing landscape, where even one hour’s information might be different than the next.  Also, they must have an extraordinary ability to truly understand what the data means.  While we did use raw data to support some of our own conclusions, reading other analyses really expanded my thinking on the implications one dataset can imply.  

I imagine all of the speakers were busy and was surprised with their willingness to set aside time for such a small group.  The life of Arnaud de Borchgrave seems like something from the movies.  I’ve read a few bios on him since his presentation and would definitely pick up an auto-biography by the guy.  It was an invaluable experience to hear their thoughts on current events.  The format of their presentations not only was informative, but also demonstrated how they think and formulate their ideas.  During the Q&A presentations, I felt like asking them to just tell us what they believed to be most important.  However, by asking questions I was more able to discover unique information relevant to my interests.

This experience has made me both fearful and excited.  As one of the young professionals stated, we will most likely hate the first two years of our job in D.C.  There are long days and no room for a social life, although the nature of the job seems social enough.  Perhaps so many Political Science majors get their masters just to avoid that life for a couple more years.  Though, I am also excited to work under so many great minds.  However, Murray Weidenbaum reminded us that not everyone working for think tanks is brilliant.  I guess I’ll just have to find the brilliant ones.  If I get to work with or under anyone like who we saw at CSIS, I would feel extremely fortunate.

Pre-CSIS

The Center for Strategic and International Studies has provided a list of five readings that would better prepare us for our three day trip to D.C.  One has a comprehensive overview of CSIS and its programs, through a forecast that attempts to predict what will drive the future.  Two others are James Lewis discussing the importance of cyber-security.  The last two documents review the current United States cyberspace policy and the Department of Defense strategy in cyberspace.  While I had an active interest in cyber-space prior to reading these articles, I did not realize the scope of the problem or understand the United States’ position on it.

James Lewis has written numerous articles on how government should adjust to technological innovation.  Prior to joining CSIS, he had worked as a Foreign Service officer and as a member of the Senior Executive Service.  In his speech Rethinking Cybersecurity he remarks that cyber threats are not solely determined by how sophisticated our defense is.  Even if we had better technology, more sophisticated threats would evolve to threaten that technology.  Our largest risk comes from the outdated discussion on cybersecurity and the policy that has emerged from it.  He goes on to detail the source of threats that have emerged from cyberspace.  Cyber terrorism is considered a future problem that does not pose an immediate threat.  Military and intelligence services pose the largest threat and, along with that, state sponsored espionage.

In Lewis’ policy recommendations, his first step is to make internet service providers responsible for protecting its customers.  This is an interesting objective.  Almost every form of online censorship demonstrated by foreign governments dealt with the internet service providers.  When Egypt blacked out internet communication, they contacted their five providers and ordered them to redirect information.  When articles discussed whether this type of censorship was possible in the United States, most determined that it very improbable due to the vast number of companies the government would have to censor.  While internet traffic in the U.S. does have bottlenecks, they don’t reside with the internet service providers.  There are thousands of providers in the U.S. and it seems like a huge undertaking that would cause a lot of fear.  I’m sure if internet service providers began notifying people that they had a virus, it would largely give off a “big brother” vibe.  While I agree that service providers must bear some responsibility for security, implementing such a program seems costly and would face a lot of opposition.

Source: xkcd.com

 

Lewis goes on to describe a few more necessary policy changes.   Recommending active defense was one that stood out to me.  It’s not discussed very often, mostly due to the secrecy of the tradecraft.  The U.S. is currently allowed to actively monitor foreign networks to better prevent malicious attacks.  Active network monitoring carries a lot of ethical concerns with it, especially if it is done domestically.  While we actively monitor other forms of communication, it’s all foreign collection unless especially approved (to my understanding).  I was surprised to find out that Tier One service providers monitor the traffic that flows over their networks.  I hope to find out, when I have more time, what actual monitoring occurs.  I believe that a government partnership with these efforts would result in huge security improvements.  How to implement such a program is a sensitive conversation, which would need to involve the privacy concerns associated with domestic data monitoring.

Digital Diplomacy

Iran shut down its U.S. embassy 32 years ago.  More recently, Iran has demonstrated just how different modern diplomacy can be by shutting down a virtual U.S. embassy.  News sources in Iran have called this virtual embassy the “latest plot by Washington against the Iranian nation.”  Of course, the actions of Iran were condemned by our administration as the Iranian government’s “commitment to build an electronic curtain of surveillance and censorship around its people.” The U.S. hasn’t had a physical embassy presence in Iran since 1980, after it was removed due to conflict from the Islamic Revolution.  This recent move by Iran and the U.S. occurred only a week after the British Embassy was vandalized by student protestors suspected of working for the Iranian government.  The attack on the British Embassy is now referred to as the Occupy Embassy protests by Iranians, correlating it to the Occupy Movements gaining popularity in the U.S.    

Check out the embassy here: http://iran.usembassy.gov/index.html

Iran’s leaders have approved, if not caused, the students actions against the British Embassy and the media praises their decision on the U.S. virtual embassy.  There are numerous websites that are unavailable to Iranians, including social networking and news sites, and it took less than 24 hours for Iran to ban the embassy site nationally.  Ignoring Iran’s reaction for a moment, I can’t help thinking that the U.S. had some bad timing.  One week after the British Embassy is ransacked and removed from Iran, with accusations that the attack was organized by the Iranian government, the U.S. decides to implement a virtual embassy in the country when it is well known for online censorship.  Filtering through all of the publicity surrounding the issue, I still can’t find what the U.S. could have hoped to achieve with the virtual embassy.  The site seemed doomed from the beginning.  

I can only assume that the U.S. issued this site in response to a need in its intelligence war with Iran.  If Stuxnet, the malicious software designed to degrade Iran’s nuclear capability, was designed by the U.S., it represents a huge focus on Iran.  Stuxnet was previously an unknown capability of advanced governments.  Using the software revealed this capability and decreased its future effectiveness.  My personal opinion is Stuxnet was probably was implemented to buy time, since Iran will probably still develop nuclear weapons despite the setbacks the virus caused.  It was a covert diplomatic decision that reflects the times and demonstrates the new tools we have at our disposal.  Perhaps the virtual embassy had a similar unknown purpose.  I’m sure the State Department isn’t naïve enough to assume the site would remain open to regular Iranians.

Stuxnet and virtual embassies represent significant differences technology has brought in our response to threats.  United States diplomacy has always been intertwined with intelligence, with both offensive and defensive strategies.  While this has been true for many years, the tempo of events has increased drastically.  Digital diplomacy is the response to that tempo.  We can more effectively react digitally with the speed and size required for modern threats.  While I’m wowed by recent abilities demonstrated by governments, we will probably see even more incredible capabilities in the near future.