On the digital front, what can President Biden do to enhance our security and protect our privacy?Melvin Bankhead III
After Joseph R. Biden Jr. takes the oath of office on Jan. 20, 2021, the newly inaugurated president of the United States will need to contend with an America in turmoil.
Naturally, the scourge of COVID-19, and its devastating impact on the nation, will be near or at the top of his list of Things That Must Be Dealt with Immediately. With over 311,000 deaths and total and more than 3,000 more deaths per day (as of Dec. 18, 2020), he has no choice but to respond to that grim reality. Recently released vaccines from Pfizer and Moderna will no doubt be very useful weapons in his arsenal.
However, America is also still reeling from Russia’s ongoing, unprecedented cyberattack against U.S. governmental agencies and corporations. Even though tens of billions of dollars had been spent to prevent such an attack, it had gone undetected for most of a year — and remains an ongoing concern.
Toss in the fact that states and consumers are becoming more wary of the power wielded by corporations and social media platforms to use your personal data for their own ends and profit – effectively turning you into a monetized resource for their exploitation.
And, of course, there is also the growing concern that facial recognition technology is being weaponized against underrepresented minorities in the U.S – invading their privacy and possible violating their rights.
When it is all added up, it becomes clear that America is on the precipice of a digital war. The only question as yet unanswered is, when all is said and done, will the war for cybersecurity and digital privacy be decided in our favor, or in the favor of those that would exploit us for money and power?
Soon-to-be President Biden has several options available to deal with these issues. Let’s explore what we know, and what Biden might do.
What We Know
The U.S. government had spent billions of dollars in creating a new war room for U.S. Cyber Command, while also installing Einstein, a web of sensors throughout the nation that was designed to detect and avert cyberattacks. Unfortunately, according to the U.S. intelligence community, Russia designed its most recent attacks to bypass Einstein, slipping their assault past the sensor web and into the computer infrastructure of corporations and government agencies.
The list of impacted agencies is large: The U.S. Commerce, Homeland Security, Treasury and Energy departments reported having been hit, as did the Pentagon, the U.S. Postal Service, and the National Institutes of Health.
Although the sheer breadth of the attacks was stunning in its size — indeed, it is believed that the attack is one of the largest ever — it has not been revealed what information might have been stolen, or whether the hacks succeeded in changing or destroying data.
Investigators have yet to determine whether any classified systems were breached. Still, the intrusion seems to be one of the biggest ever, with the amount of information put at risk dwarfing other network intrusions.
However, it is known that the hackers exploited a weakness in the cyber infrastructure. The attackers accessed software from SolarWinds, an Austin, Texas-based company. SolarWinds’ Orion software, which is designed to monitor computer networks, is used by thousand of companies and by many federal agencies, making it an inviting target.
Indeed, SolarWinds estimated, in a Securities and Exchange Commission filing on Dec. 14, that perhaps as many as 18,000 of its customers may have been impacted by the breaches.
On Dec. 13, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal agencies “to immediately disconnect or power down affected SolarWinds Orion products from their network.” CISA is part of the Department of Homeland Security which, on Dec. 16, announced that it, the FBI and the Office of the Director of National Intelligence (DNI) had formed a joint team to “coordinate a whole-of-government-response to this significant cyber incident.”
Aside from that, there has been no comment from President Donald Trump regarding the attack. Critics are saying that Trump’s silence is more proof that he refuses to take a stand against Russia, no matter the provocation.
Meanwhile, CISA is warning that “this threat poses a grave risk to the (federal government) and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
What Biden Can Do:
Once in the White House, Biden has a wealth of options at his disposal:
- Declare, in no uncertain terms, that Russia is responsible for various intrusions into corporate, state, and U.S. governmental computer systems and that such actions need to be halted immediately.
- Determine how many government agencies, states, and corporations use the same or similar software, and order researchers to find a) more diverse software for computer monitoring, or b) create ways to strength the security of the software to resist intrusion.
- Form an agreement with other nations to refuse to sell any software or computer hardware (or parts) to Russia, Russia-controlled nations and territories, or Russian-headquartered businesses.
- Create an equivalent to the National Transportation Safety Board. Rather than investigate accidents and transportation standards, this proposed agency would “track attacks, conduct investigations into the root causes of vulnerabilities and issue recommendations on how to prevent them in the future,” says Alex Stamos, director of the Stanford Internet Observatory. Stamos is former chief information security officer of Yahoo and Facebook.
- Make sure Congress passes a law requiring companies and government agencies to reveal every time their cybersecurity is breached. Currently, no such law exists to force such compliance in areas other than medical or banking information. As Stamos notes, you “can’t respond to the overall risk as long as we’re discussing only a fraction of the significant security failures.”
- Implement harsh financial sanctions of the leaders of Russia’s technology industries.
- Launch federal investigations into the cyberattacks in an effort to identify individual hackers. If possible, prosecute the hackers and their superiors.
- Establish a ban on all Russian-created software and hardware in the United States. Such a ban should include Kaspersky Labs, which is currently prohibited from selling to the federal government, but remains free to sell otherwise.
- Conduct mandatory cybersecurity “stress tests” of state and federal governmental computer systems, as well as those utilized by major corporations, banks, hospital systems and insurance companies.
- Update all federal government computer systems to include stronger security.
- Launch a series of retaliatory cyberattacks against the business holdings of Russia President Vladimir Putin’s most ardent financial backers and where he banks himself.
Not only would these changes result in a more digitally secure America, but they would also provide a massive boost to the U.S. economy. As the COVID-19 pandemic continues to rage, MTN Consulting’s research has shown that the pandemic has proved beneficial to parts of the communications industry, as:
- “The sudden, widespread need to work and study from home has increased demand for the cloud services offered by many webscale players.”
- “Technology investments by the webscale sector are also (surging, with research and development) spending increased by 17% in 3Q20 to $46.1 billion.”
- “Webscale spending on … network infrastructure has also spiked,” with total capital expenditures rising 25 percent year-over-year “to hit $34.7 billion in 3Q20. A good portion of capex in 2020 has supported the growth of ecommerce activity, which was given a lift by pandemic-related lifestyle changes. However, the Network/IT/Software portion of capex grew 31% YoY in 3Q20 to $16.0 billion. New data center construction slowed in 2020 but rapid growth of traffic and cloud services adoption forced operators to invest heavily in new servers and other incremental capacity additions.”
A sudden, technology industry-wide push to secure the nation’s cyber infrastructure would create jobs, inject large amounts of money into the economy, and, of course, make the country more secure. A win-win for a newly installed president.
What We Know
In recent weeks, we’ve seen state governments open a new front in the war for digital privacy. People have become more aware of the fact that social media platforms and other telecommunications companies collect your personal data, store it, and then use it to fuel their marketing efforts, or sell the data to other business entities. However, it is difficult to tell what company is doing what to/with the data, as many companies are not remotely transparent about what happens after they acquire the data.
Americans are very much aware that their everyday lives – both online and off – are being watched closely by various corporate interests. In a 2019 Pew Research Center survey, it was revealed that a majority of Americans admitted that they believe their lives — online and off —were being heavily monitored both by corporate interests and the federal government.
“Roughly six-in-ten U.S. adults say they do not think it is possible to go through daily life without having data collected about them by companies or the government,” the report warned.
Granted, the Pew report also admitted that “data-driven products and services are often marketed with the potential to save users time and money or even lead to better health and well-being.” Still, 81 percent of those surveyed expressed the belief that “the potential risks they face because of data collection by companies outweigh the benefits, and 66% say the same about government data collection.” The report also noted that 79 percent of respondents worry about how their data is used by companies, while 64 percent worry about the same data’s use by the government. Indeed, “most also feel they have little or no control over how these entities use their personal information.”
Enter the Federal Trade Commission. On Dec. 14, the FTC ordered Amazon, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp YouTube, and ByteDance, which operates TikTok, to “provide data on how they collect, use, and present personal information, their advertising and user engagement practices, and how their practices affect children and teens.”
These digital products may have launched with the simple goal of connecting people or fostering creativity. But, in the decades since, the industry model has shifted from supporting users’ activities to monetizing them. This transition has been fueled by the industry’s increasing intrusion into our private lives. Several social media and video streaming companies have been able to exploit their user-surveillance capabilities to achieve such significant financial gains that they are now among the most profitable companies in the world.
Never before has there been an industry capable of surveilling and monetizing so much of our personal lives. Social media and video streaming companies now follow users everywhere through apps on their always-present mobile devices. This constant access allows these firms to monitor where users go, the people with whom they interact, and what they are doing. But to what end? Is this surveillance used to build psychological profiles of users? Predict their behavior? Manipulate experiences to generate ad sales? Promote content to capture attention or shape discourse? Too much about the industry remains dangerously opaque.
A few days later, another gauntlet was thrown. Thirty-eight state attorneys general filed an antitrust lawsuit against Google – its third in under two months. hit Google with the company’s third antitrust complaint in less than two months.
“Google sits at the crossroads of so many areas of our digital economy and has used its dominance to illegally squash competitors, monitor nearly every aspect of our digital lives, and profit to the tune of billions,” said New York Attorney General Letitia James.
In other words, states were worried that Google had used its massive amounts of data on what people do online to benefit itself at the expense of its competitors. Sound familiar?
Meanwhile, a leaked Google document detailing the company’s plan to undermine European Union legislation for its own ends has EU lawmakers on the alert. According to the New York Times:
“Academic allies” would raise questions about the new rules. Google would attempt to erode support within the European Commission to complicate the policymaking process. And the company would try to seed a trans-Atlantic trade dispute by enlisting U.S. officials against the European policy.
For many officials in Brussels, the document confirmed what they had long suspected: Google and other American tech giants are engaged in a broad lobbying campaign to stop stronger regulation against them.
As MTN analyst Matt Walker puts it, “Big tech wants to serve up ads to exactly the right person, at the right time, in the right place – and the only way to do this is by a massive invasion of what many would consider private information.”
Another firm, Magna, says that digital ad spending, which it estimates rose 8 percent in 2020, will comprise 59 percent all global ad spending by year end. This eclipses traditional advertising such as television, radio, print and out-of-home, which Magna estimates has fallen 18 percent from 2019.
What Biden Can Do
Many groups and organizations, including Public Citizen and the Parent Coalition for Student Privacy, have offered recommendations of this matter. Like on the subject of cybersecurity, Biden has a variety of options:
- If Democrats win both Senate runoff races in Georgia this January, then Democrats will control the U.S. Senate and Biden may consider expanding the responsibilities of the Consumer Financial Protection Bureau to include regulation of social media platforms and corporations in the realms of consumer privacy and data usage. Created in 2010 by the Obama administration, in which Biden served as vice president, the CFPB’s current mandate is consumer protection in the financial sector. However, it already has experience engaging “with the data economy in a number of ways. Its enforcement actions have required it to look at how financial entities are using social media and algorithms to sell to consumers. The agency has become active in enforcing privacy matters. It has also taken steps toward improving data portability principles and building a regulatory sandbox.”
- Limit access by others to our digital lives. As we’ve noted previously, an increasing number of employers, schools and the federal governmental agencies are requiring access to our digital accounts. S. border enforcement agents are demanding that travelers unlock their devices and provide passwords. Schools are utilizing services that allow them to access students’ devices and social media accounts. All of those entities should be required to obtain a warrant prior to being granted access. After all, the right not to incriminate yourself IS spelled out in the U.S. Constitution.
- Ban social media platforms and other companies from using consumer data without express written permission from said consumers. Companies should have a standardized form governing whether to grant permission to companies to sell or share their personal data.
- Require all companies and lobbying entities to have fully transparent systems in place as to how data is collected and used.
- Require all entities that collect consumer data to publish an annual notice to consumers whose data they use
- Ban anonymous social media accounts. In other words, social media accounts must have a verifiable name, address, phone number and email address prior to account’s activation. Said information must be confirmed every two years. (This might help diffuse some of the mob mentality currently evident on social media platforms.)
- Hold social media responsible for the content that they publish. Ban content that advocates harm against others based on race, gender, gender ID, sexual orientation, race, ethnicity, religion, etc.
- The previous suggestion could work alongside a redesign or elimination of Section 230, a section of the Communications Decency Act of 1996. The section shields internet companies from liability over the content they publish. In recent years, Republicans – notably Trump – and Democrats are argued for reforming or abolishing the rule. Indeed, Bruce Reed, Biden’s top technology adviser, advises reforming Section 230 in a book he coauthored, “Which Side of History? How Technology Is Reshaping Democracy and Our Lives.” In it, he and coauthor James Steyer, a Stanford University lecturer, argue that if internet companies and social media platforms “sell ads that run alongside harmful content, they should be considered complicit in the harm. If their algorithms promote harmful content, they should be held accountable for helping redress the harm. In the long run, the only real way to moderate content is to moderate the business model.”
- Companies should be required to establish easier ways for consumers to manage their devices’ and accounts’ privacy settings.
- After it was revealed that many members of Congress simply didn’t comprehend how social media platforms work, even though they were trying to regulate the industry, members of Congress should be required to be briefed annually on the current state of the social media, as well as its impact on their constituents.
- Require technology companies to create more secure privacy settings for minors using social media.
- Push the Federal Communications Commission to reassert net neutrality, a rule that banned telecommunications operators from blocking or slowing internet traffic originating from unaffiliated Internet access providers.
What We Know
In the above discussion on privacy, one area that we neglected to delve into is the impact of facial recognition on privacy. A fundamental aspect of the American criminal justice system is that people are innocent until proven guilty, an axiom more commonly known as the “presumption of innocence.” This is echoed in the Fifth Amendment to the U.S. Constitution, which states, in part that no person “shall be compelled in any criminal case to be a witness against himself.” In other words, when people “take the Fifth,” they are exercising their right not to incriminate themselves.
By contrast, the growing usage of facial recognition technology, which is widely recognized as a tool to enhance security and identify potential criminal suspects, jeopardizes people’s right to privacy, as well as that presumption of innocence. Indeed, on Dec. 22, 2020, New York Gov. Andrew M. Cuomo signed into law of the nation’s first statewide ban on using biometric identifying technology such as facial recognition in schools. The law bans the use of such technology in schools until July 1, 2022, or until after the state Education Department has conducted extensive research into whether the technology should be used in schools.
“This technology is moving really quickly without a lot of concern about the impact on children,” said Stefanie Coyle, deputy director of education policy for the New York Civil Liberties Union. “This bill will actually put the brakes on that.”
Even scientists are growing concerned about the assault of privacy posed by facial recognition systems, with many calling for “a firmer stance against unethical facial-recognition research. It’s important to denounce controversial uses of the technology, but that’s not enough, ethicists say. Scientists should also acknowledge the morally dubious foundations of much of the academic work in the field — including studies that have collected enormous data sets of images of people’s faces without consent, many of which helped hone commercial or military surveillance algorithms.”
With the growing push in retail spheres toward more protections of consumers’ privacy, is it so surprising that a similar push would eventuate in other areas? The controversy of using facial recognition to surveil public spaces has been under debate for some time – particularly as people grow a deeper understanding of how unreliable the systems are when dealing with people who are not White men.
Indeed, in December 2019, a National Institute of Standards and Technology study demonstrated the results of testing 189 facial recognition systems from 99 companies. The study found that the majority of the software had some form of bias. Indeed, among the broad findings were these troubling revelations:
- One-to-one matching revealed higher error rates for “Asian and African American faces relative to images of Caucasians. The differentials often ranged from a factor of 10 to 100 times, depending on the individual algorithm.”
- Among U.S.-made software, “there were similar high rates of false positives in one-to-one matching for Asians, African Americans and native groups (which include Native American, American Indian, Alaskan Indian and Pacific Islanders). The American Indian demographic had the highest rates of false positives.”
Such errors in identifying criminal suspects can be devastating to those innocents who are caught up in a criminal investigation. One prevalent example comes from January 2020 in Michigan: Detroit police arrested Robert Williams, a Black man, as a suspect in a shoplifting case. However, they were following the lead of a facial recognition scan, which had incorrectly identified Williams as the suspect. The charges were later dropped, but the damage was done: Williams’ “DNA sample, mugshot, and fingerprints — all of which were taken when he arrived at the detention center — are now on file. His arrest is on the record,” said the American Civil Liberties Union. “… Given the technology’s flaws, and how widely it is being used by law enforcement today, Robert likely isn’t the first person to be wrongfully arrested because of this technology. He’s just the first person we’re learning about.”
As previously mentioned, there is a growing view that facial recognition technology is being weaponized against underrepresented minorities in the United States. In recent months, in the time since the deaths – some would say murders — of George Floyd and Breonna Taylor at the hands of White police officers, civil rights groups have pointed to the use of facial recognition technologies by law enforcement at protests. Also, critics of Trump have noted similar technologies in use by law enforcement at protests against the now-outgoing president. And with growing awareness of the growing right-wing and White supremacist influences in law enforcement, people are wary of permitting any more advances that can be used in an oppressive fashion.
As I indicated in a previous essay on facial recognition systems, such digital tools are used for a variety of purposes, many of them beneficial. However, as I also demonstrated, those tools are also extremely easy to abuse, particularly in the hands of governments and the law enforcement community. And in today’s politically explosive environment, all it takes is the wrong person in elected office to turn a beneficial tool into a weapon for suppression.
There is, of course, the “Big Brother” scenario: George Orwell’s dystopian nightmare of a totalitarian government that maintains control through constant electronic surveillance of its citizens. Although people argue that “such things can never happen here,” a great many things have happened in America over the last four years that people once argued only happened in dictatorships or “Third-World” countries. For example, armed, unidentifiable “security officers” never used to roam America’s streets, grabbing up citizens and transporting them to places unknown. Attorneys working for elected officials didn’t use to call for the deaths of their client’s perceived enemies. White supremacists didn’t openly accept orders from the president of the United States. Conspiracy theorists didn’t publicly tout their illogical views while running for, or working in, public office. And the president of the Unites States, and his supporters in Congress, didn’t flatly assert that an election was fraudulent just because he lost it.
A lot can happen in a nation “where it can’t possibly happen here.” In fact, many of the examples cited above used to “only happen overseas.” Of course, if something happens overseas, it should not be all that difficult to believe that it could happen here in America. Which is why the following developments, here and abroad, are so troubling:
- In April 2019, it was revealed that the Chinese government was using facial recognition technology to surveil Uighurs, a mostly Muslim ethnic group. As the New York Times also reported, hundreds of thousands of Uighurs were surveilled, arrested, and then imprisoned in secret camps.
- In January 2020, Amnesty International warned that, “In the hands of Russia’s already very abusive authorities, and in the total absence of transparency and accountability for such systems, the facial recognition technology is a tool which is likely to take reprisals against peaceful protest to an entirely new level.” The warning came as a Moscow court took on a case by a civil rights activist and a politician who argued that Russia’s surveillance of public protests was a violation of their right to peacefully assemble.
- Six months later, in Portland, Oregon, unidentified “federal police officers” began detaining those protesting police violence. Portland Mayor Ted Wheeler called them Trump’s “personal army,” and Attorney General Bill Barr acknowledged sending the officers. Many of those detained were imprisoned for a short time, then released, often with no charges being filed and no way to identify the officers involved.
- In the summer of 2020, Black Lives Matter protesters, as well as those protesting Trump’s policies, complained that they were being surveilled by police officers using facial recognition software.
- And in December 2020, it was revealed that Huawei is marketing facial recognition software to the Chinese government that is reportedly capable of sending “automated ‘Uighur alarms’ to government authorities when its camera systems identify members of the oppressed minority group.” On Dec. 16, it was revealed that tech giant Alibaba also possessed a similar system.
America is a nation too often consumed by racial tensions. Indeed, we see increasingly violent rhetoric and actions of right-wing activists, who are in turn often fueled by and, in turn, fuel right-wing media and White supremacist ideologies. So when we see other countries cracking down on racial minorities, it is important to remember that the same thing can happen here. It is equally important to remember that race-based violence and suppression are a long part of America’s history, built into its very foundation.
And with racially coded language in political speeches such as “Take Back America” and “Make America Great Again,” underrepresented minorities see themselves being blamed for America’s failures by a rising number of politicians who identify with or are followed by conspiracy theorists and/or White supremacists. Regretfully, the accusers are not mature enough to recognize their own culpability in such failures because they can’t see past their own self- interest.
What Biden Can Do
This is one area in which Biden will absolutely need a majority in Congress with which he can work. If he gains that advantage, he can:
- Follow the lead of soon-to-be Vice President Kamala Harris, who, as part of a group of legislators, sent letters to the FBI, the Equal Employment Opportunity Commission (EEOC), and the FTC to point out research showing how facial recognition can produce and reinforce racial and gender bias. Harris asked “that the EEOC develop guidelines for employers on the fair use of facial analysis technologies and called on the FTC to consider requiring facial recognition developers to disclose the technology’s potential biases to purchasers.”
- Take the suggestion from IBM and Microsoft to craft a federal law regulating the use of facial recognition systems.
- Order an evaluation of all facial recognition technology in use by government agencies, as well as state and local law enforcement agencies, to determine their accuracy dealing with diverse groups of people.
- Offer incentives to companies that crack the bias problem in facial recognition technologies
- Set a new federal threshold for such systems, at least 85 percent accuracy for all racial/ethnic groups, before use by law enforcement agencies.
- In federal cases, ban use of facial recognition tech when it is being used as the primary reason for probable cause.
These are but a few of the approaches Biden can take to improve America’s cybersecurity infrastructure while improving consumer privacy. There are, of course, likely many more ideas out there that experts will recommend.
I hope he keeps an open mind and considers them.
About the author
Melvin Bankhead III is the founder of MB Ink Media Relations, a strategic communications firm based in Buffalo, New York. An experienced journalist, he is a former syndicated columnist for Cox Media Group, former editor at The Buffalo News, and current instructor at Hilbert College.
Note from MTN Consulting
MTN Consulting is an industry analysis and research firm, not a company that typically comments on politics. We remain focused on companies who build and operate networks, and the vendors who supply them. That isn’t changing. However, we are going to dig into some of the technology issues related to these networks and networking platforms which are having (or will have) negative societal effects.