Multiple news outlets revealed Friday that Apple notified at least 11 U.S. State Department officials that their iPhones were recently hacked by an unknown party or parties with spyware developed by the private Israeli firm NSO Group.
The “bombshell,” first reported by Reuters, comes after Apple sued NSO Group last month in an effort to protect iPhone users from its Pegasus spyware, which the Israeli company claims to only sell to government law enforcement and intelligence agencies and was the focus of a major reporting project earlier this year. Continue reading →
Attempts in the United States to access some websites owned by or linked to the Iranian government were met with this message on June 22, 2021. (Photo: screenshot)
Press freedom advocates fumed Tuesday as U.S. authorities without immediate explanation reportedly blocked stateside access to numerous news websites owned by or linked to the Iranian government.
An unnamed U.S. official speaking on condition of anonymity told the Associated Press that around three dozen websites were seized due to their alleged dissemination of “disinformation.” Continue reading →
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.
As Turkey launched a military offensive against Kurdish minorities in neighboring Syria in early 2018, Facebook’s top executives faced a political dilemma.
Turkey was demanding the social media giant block Facebook posts from the People’s Protection Units, a mostly Kurdish militia group the Turkish government had targeted. Should Facebook ignore the request, as it has done elsewhere, and risk losing access to tens of millions of users in Turkey? Or should it silence the group, known as the YPG, even if doing so added to the perception that the company too often bends to the wishes of authoritarian governments? Continue reading →
Photo by Ben Combee from Austin, TX, USA (Flickr) [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
President Donald Trump’s 2016 presidential election campaign sought to persuade 3.5 million Black voters in key battleground states to stay home on Election Day by targeting them with negative Facebook ads about Democratic nominee Hillary Clinton, according to a Monday report on Britain’s Channel 4 News.
A massive data leak obtained by the U.K. outlet shows that four years ago Trump’s digital campaign team compiled files on 198 million American voters, which included information about their domestic and economic status obtained from market research companies. An algorithm then divided the voters into eight categories, called “audiences,” so they could be targeted with tailored ads on Facebook and other social media platforms. Continue reading →
Cellphone tower | Picture by Peter Bjorndal / pixabay.com. Public Domain
Regime-directed surveillance has taken new forms within the Middle East as governments have been forced to adapt to new technological and social environments. While government surveillance of its citizens is not new to the region, this old authoritarian impulse has been revamped in the attempt to subvert opposition and monitor dissidence amid widespread use of social media and access to smartphones within the region.
New forms of targeted hackings and espionage have therefore become commonplace throughout the region, and often extend across borders into the international arena. Western companies, governments, and individuals have provided extensive assistance to the surveillance efforts of these governments, often by supplying them with the necessary technology and expertise needed to conduct such sweeping operations. However, regional countries – particularly Israel – have increasingly constructed and exported their own indigenous operations and platforms designed to surveil their publics. Conducted on a mass scale and bolstered by western technological support, these new and sophisticated forms of surveillance have supplied these governments with the tools necessary to go on the offensive against all who seek to challenge the status quo. Continue reading →
A protester holds a sign in front of the CIA’s exhibitor booth at the American Library Association’s 2019 annual conference. (Photo: Callan Bignoli)
A group of librarians demanded the American Library Association abide by its values on Friday as they staged a protest of the CIA’s presence and recruitment at the professional organization’s annual conference.
“It has amassed such power that experts and public opinion refer to it as the digital public square: the place where people protest, sign up for public events, get information about politics, and more.” (Photo: Legal Loop)
Every policy-tweak Facebook attempts to roll out is faced with public criticism. This signals a structural problem: Facebook developed quicker than its own systems of governance and now struggles to carry its own weight. In other words, Facebook seems to lack the legitimacy to exercise the huge power it has amassed over the years.
If the user base were smaller, Facebook would have a group of like-minded individuals that could be more easily catered to. But Facebook has become very big and diverse. With over 2 billion active monthly users, it’s bigger and more diverse than any community we’ve ever seen. Continue reading →
Facebook’s long-awaited change in how it handles political advertisements is only a first step toward addressing a problem intrinsic to a social network built on the viral sharing of user posts.
The company’s approach, a searchable database of political ads and their sponsors, depends on the company’s ability to sort through huge quantities of ads and identify which ones are political. Facebook is betting that a combination of voluntary disclosure and review by both people and automated systems will close a vulnerability that was famously exploited by Russian meddlers in the 2016 election.
The company is doubling down on tactics that so far have not prevented the proliferation of hate-filled posts or ads that use Facebook’s capability to target ads particular groups. Continue reading →
As a teenager, I remember being horrified about the possibility of nuclear war. I watched daily news reports about the nuclear arms race between the U.S. and the Soviet Union and listened to music about “what might save us, me and you,” as Sting’s 1985 song “Russians” put it (the answer: “If the Russians love their children too”).
But I especially remember the television event of 1983: “The Day After,” a fictional, made-for-TV movie that imagined a nuclear attack on American soil. The debates and discussions the film spurred make me wonder if a similar sort of high-profile cultural event would serve the country well today.
The water cooler event of the decade
At my junior high school in Southern California, “The Day After” was what everyone was talking about leading up to (and following) the night it aired on ABC on Nov. 20, 1983.
By all measures, it was a major media event. An estimated 100 million viewers tuned in. The White House phone lines were jammed and ABC headquarters in New York received more than 1,000 calls about the movie during its East Coast broadcast.
“The Day After” imagines a scenario in which America’s policy of deterrence fails. It depicts a nuclear attack through the experiences of Midwesterners – doctors, students, children, the pregnant and the engaged – followed by an extended (and, though grim, fairly unrealistic) consideration of post-blast repercussions.
Leading up to the attack, there is quotidian normality, followed by localized shock at the terrifying sight of missiles being launched out of the ground from Kansas missile silos. Panicked anticipation of an incoming nuclear attack follows, replete with period novelties such as huge lines at pay phones.
Although dated and artless in many ways, the representation of the blast remains horrific, if only by virtue of what it forces us to consider: the fire, wind and chaos; the widespread damage and suffering; the desperate need for medical care; and the futile desire for order and assistance.
Society as the characters in the movie knew it – just a day before – was a thing of the past.
“The Day After” was controversial even before it aired, with critics like Tom Shales of The Washington Post deeming it “the most politicized entertainment program ever seen on television.” Reverend Jerry Falwell organized a boycott against the show’s advertisers, and Paul Newman and Meryl Streep both tried (unsuccessfully) to run anti-nuclear proliferation advocacy ads during the program.
In the text that scrolls at the end of the film, “The Day After” declares its intention to “inspire the nations of this earth, their people and leaders, to find the means to avert the fateful day” – to, in essence, scare some sense into anyone tuning in.
Pro- and anti-nuclear groups used the film as a rallying cry for their positions. An Oct. 4, 1983 LA Times article (“‘The Day After’ Creating a Stir”) detailed a “conservative counteroffensive” that attempted to “discredit the film and write it off as a media conspiracy against Ronald Reagan’s strong defense posture.” Reagan supporters also hoped to defuse potential public backlash against American nuclear missile proliferation in Europe.
After the film aired, two simultaneous events at the epicenter of the film’s setting, the University of Kansas, are telling. A Los Angeles Times article titled “‘The Day After’ Viewed Amid Debate, Fear” described how a candlelight vigil in support of nuclear disarmament was joined by counterdemonstrators who “urged peace through military strength.”
As The New York Times’s John Corry wrote, “Champions of the film say it forces us to think intelligently about the arms race; detractors say it preaches appeasement.”
A trigger for serious reflection
Outside of partisan lobbying, “The Day After” opened the door for public debate about nuclear weapons.
Immediately after the movie’s broadcast, Ted Koppel moderated a riveting discussion that featured a formidable group of pundits, including Henry Kissinger, Elie Wiesel, William F. Buckley, Carl Sagan and Robert McNamara. During this special edition of “Viewpoint,” Secretary of State George Shultz also appeared to tell audiences that “nuclear war is simply not acceptable.”
The most prescient and horrifying questions from the audience and responses from the panelists on “Viewpoint” anticipate a future that’s eerily indicative of where we are today – a time of multi-state nuclear capability, where one unstable leader might trigger nuclear catastrophe.
In the weeks after the broadcast, schools and community centers around the country held forums during which people could discuss and debate the issues the film raised. Psychologists and communication scholars were also eager to study the movie’s impact on viewers, from how it influenced their attitudes about nuclear weapons, to its emotional consequences, to whether they felt empowered to try to influence America’s nuclear policies.
That was then, this is now
In the early 1980s, of course, it was the Soviet Union that posed the nuclear threat to America.
Today’s adversaries are more diffuse. The world’s nuclear situation is also much more volatile, with greater destructive potential than “The Day After” imagined.
A modern-day remake of “The Day After” would have to reckon with this bleaker scenario: a world in which there may be no day after.
The bellicose posturing that prevails in the White House today resonates, in some ways, with the public bickering between Soviet Head of State Yuri Andropov and Ronald Reagan in the months leading up to the broadcast of “The Day After.” After the film’s release, New York Times columnist James Reston hoped “the two nuclear giants” would “shut up for a few weeks” – that “some civility or decent manners” might prevail in the wake of public concern about the consequences imagined in ABC’s somber nuclear fable.
But as then-Secretary of State George Shultz pointed out in the Koppel interview, the aim of the Reagan administration was to never have to use nuclear weapons. It was to deter our nuclear adversary and to reduce our nuclear storehouse. Shultz’s words of assurance are a contrast to today’s rhetoric of nuclear one-upmanship that is totally removed from the devastating reality of nuclear war.
Trivializations of nuclear warfare on the order of “my button’s bigger than yours” undermine the grave reality of nuclear cataclysm. Such rhetoric is no longer the domain of farce, as in Stanley Kubrick’s “Dr. Strangelove,” in which erratic, incompetent leaders bumble their way into the apocalypse.
Perhaps some modernized version of “The Day After” could function as a wake-up call for those who have no real context for nuclear fear. If nothing else, “The Day After” got people talking seriously about the environmental, political and societal consequences of nuclear war.
It might also remind our current leaders – Trump, foremost among them – of what modern nuclear war might look like on American soil, perhaps inspiring a more measured stance than has prevailed thus far in 2018.
Voting stand and the notorious “butterfly ballot”, from Palm Beach County from the disputed 2000 U.S. Presidential election. Photo: Infrogmation (Own work) [CC BY 2.5], via Wikimedia Commons
Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation.
The Republican nominee added unprecedented fuel to the fire by encouraging Russia to “find” and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his comments were “sarcastic,” implying they’re not to be taken seriously.
Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba.
Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “influence operations” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.
What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called cyberweapons – not only to gather information but also to generate influence within a target group.
So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes?
Vulnerabilities at the electronic ballot box
The process of democratic voting requires a strong sense of trust – in the equipment, the process and the people involved.
One of the most obvious, direct ways to affect a country’s election is to interfere with the way citizens actually cast votes. As the United States (and other nations) embrace electronic voting, it must take steps to ensure the security – and more importantly, the trustworthiness – of the systems. Not doing so can endanger a nation’s domestic democratic will and create general political discord – a situation that can be exploited by an adversary for its own purposes.
New technology always comes with some glitches – even when it’s not being attacked. For example, during the 2004 general election, North Carolina’s Unilect e-voting machines “lost” 4,438 votes due to a system error.
But cybersecurity researchers focus on the kinds of problems that could be intentionally caused by bad actors. In 2006, Princeton computer science professor Ed Felten demonstrated how to install a self-propagating piece of vote-changing malware on Diebold e-voting systems in less than a minute. In 2011, technicians at the Argonne National Laboratory showed how to hack e-voting machines remotely and change voting data.
Voting officials recognize that these technologies are vulnerable. Following a 2007 study of her state’s electronic voting systems, Ohio Secretary of State Jennifer L. Brunner announced that
the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process.
As the first generation of voting machines ages, even maintenance and updating become an issue. A 2015 report found that electronic voting machines in 43 of 50 U.S. states are at least 10 years old – and that state election officials are unsure where the funding will come from to replace them.
Securing the machines and their data
In many cases, electronic voting depends on a distributed network, just like the electrical grid or municipal water system. Its spread-out nature means there are many points of potential vulnerability.
First, to be secure, the hardware “internals” of each voting machine must be made tamper-proof at the point of manufacture. Each individual machine’s software must remain tamper-proof and accountable, as must the vote data stored on it. (Some machines provide voters with a paper receipt of their votes, too.) When problems are discovered, the machines must be removed from service and fixed. Virginia did just this in 2015 once numerous glaring security vulnerabilities were discovered in its system.
Once votes are collected from individual machines, the compiled results must be transmitted from polling places to higher election offices for official consolidation, tabulation and final statewide reporting. So the network connections between locations must be tamper-proof and prevent interception or modification of the in-transit tallies. Likewise, state-level vote-tabulating systems must have trustworthy software that is both accountable and resistant to unauthorized data modification. Corrupting the integrity of data anywhere during this process, either intentionally or accidentally, can lead to botched election results.
However, technical vulnerabilities with the electoral process extend far beyond the voting machines at the “edge of the network.” Voter registration and administration systems operated by state and national governments are at risk too. Hacks here could affect voter rosters and citizen databases. Failing to secure these systems and records could result in fraudulent information in the voter database that may lead to improper (or illegal) voter registrations and potentially the casting of fraudulent votes.
And of course, underlying all this is human vulnerability: Anyone involved with e-voting technologies or procedures is susceptible to coercion or human error.
How can we guard the systems?
The first line of defense in protecting electronic voting technologies and information is common sense. Applying the best practices of cybersecurity, data protection, information access and other objectively developed, responsibly implemented procedures makes it more difficult for adversaries to conduct cyber mischief. These are essential and must be practiced regularly.
Sure, it’s unlikely a single voting machine in a specific precinct in a specific polling place would be targeted by an overseas or criminal entity. But the security of each electronic voting machine is essential to ensuring not only free and fair elections but fostering citizen trust in such technologies and processes – think of the chaos around the infamous hanging chads during the contested 2000 Florida recount. Along these lines, in 2004, Nevada was the first state to mandate e-voting machines include a voter-verified paper trail to ensure public accountability for each vote cast.
Proactive examination and analysis of electronic voting machines and voter information systems are essential to ensuring free and fair elections and facilitating citizen trust in e-voting. Unfortunately, some voting machine manufacturers have invoked the controversial Digital Millennium Copyright Act to prohibit external researchers from assessing the security and trustworthiness of their systems.
However, a 2015 exception to the act authorizes security research into technologies otherwise protected by copyright laws. This means the security community can legally research, test, reverse-engineer and analyze such systems. Even more importantly, researchers now have the freedom to publish their findings without fear of being sued for copyright infringement. Their work is vital to identifying security vulnerabilities before they can be exploited in real-world elections.
Because of its benefits and conveniences, electronic voting may become the preferred mode for local and national elections. If so, officials must secure these systems and ensure they can provide trustworthy elections that support the democratic process. State-level election agencies must be given the financial resources to invest in up-to-date e-voting systems. They also must guarantee sufficient, proactive, ongoing and effective protections are in place to reduce the threat of not only operational glitches but intentional cyberattacks.
Democracies endure based not on the whims of a single ruler but the shared electoral responsibility of informed citizens who trust their government and its systems. That trust must not be broken by complacency, lack of resources or the intentional actions of a foreign power. As famed investor Warren Buffett once noted, “It takes 20 years to build a reputation and five minutes to ruin it.”