Podcasts about programs directorate

Protecting sensitive information is critical to cybersecurity, but agencies need to learn to operate with fewer secrets in the aftermath of cybersecurity incidents. Sharing information about attacks within the community can help protect against future ones, according to Suzanne Spaulding, who formerly led the National Protection and Programs Directorate at the Department of Homeland Security. Spaulding discussed how a focus on transparency will be advantageous for national defense. She explained why this approach is necessary by highlighting the risks associated with keeping secrets. Spaulding also discussed the impact of CISA's Secure by Design Pledge on the global cybersecurity environment, noting how recent commitments from companies further contribute to the idea of transparency.

Kicking off the 20th Annual Cybersecurity Awareness Month, we welcome back to the podcast Eric Goldstein, Executive Assistant Director for Cybersecurity for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). He shares insights on the exciting new cybersecurity public awareness campaign just launched, “Secure Our World”. It features simple ways to protect yourself, your family, and your business from online threats. Eric also shares some key takeaways from the recent headline making MOVEit attack impacting 60M+ individuals and sparking a new $10M bounty from the US State Department for the Clop ransomware group. And we dive into CISA's Strategic Plan which focuses on how we will collectively reduce risk and build resilience to cyber and physical threats to the nation's infrastructure. This is an awesome episode you won't want to miss! https://www.cisa.gov/secure-our-world Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA Eric Goldstein serves as the Executive Assistant Director for Cybersecurity for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) as of February 19, 2021. In this role, Goldstein leads CISA's mission to protect and strengthen federal civilian agencies and the nation's critical infrastructure against cyber threats. Previously, Goldstein was the Head of Cybersecurity Policy, Strategy, and Regulation at Goldman Sachs, where he led a global team to improve and mature the firm's cybersecurity risk management program. He served at CISA's precursor agency, the National Protection and Programs Directorate,from 2013 to 2017 in various roles including Policy Advisor for Federal Network Resilience, Branch Chief for Cybersecurity Partnerships and Engagement, Senior Advisor to the Assistant Secretary for Cybersecurity, and Senior Counselor to the Under Secretary. At other points in his career, Goldstein practiced cybersecurity law at an international law firm, led cybersecurity research and analysis projects at a federally-funded research and development center, and served as a Fellow in Advanced Cyber Studies at the Center for Strategic and International Studies, among other roles. He is a graduate of the University of Illinois at Urbana-Champaign, the Georgetown University School of Public Policy, and Georgetown University Law Center. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e253

The Cognitive Crucible is a forum that presents different perspectives and emerging thought leadership related to the information environment. The opinions expressed by guests are their own, and do not necessarily reflect the views of or endorsement by the Information Professionals Association. During this episode, Suzanne Spaulding from the Center for Strategic and International Studies (CSIS) explains why she thinks malign influence and disinformation are national security threats. She also discusses the Foreign Malign Influence Center, various United States authorities, and civics. Resources: IPA Members Only Social and Live Podcast Recording Phoenix Challenge Conference (last week of April 2022) Cognitive Crucible Podcast Episodes Mentioned #32 Treverton on Intelligence Global Trends and Technopolitics US delays intelligence center targeting foreign influence Beyond the Ballot Report Swedish Psychological Defence Agency Civics Secures Democracy Act Link to full show notes and resources https://information-professionals.org/episode/cognitive-crucible-episode-84 Guest Bio: Suzanne Spaulding is senior adviser for homeland security and director of the Defending Democratic Institutions project at the Center for Strategic and International Studies (CSIS). Suzanne has served in a variety of influential national security roles within the Intelligence Community, the Department of Homeland Security, and within the United States Congress. Likewise, her private sector experience covers a wide-range of legal, risk, and security issues. Suzanne Spaulding is senior adviser for homeland security and director of the Defending Democratic Institutions project at the Center for Strategic and International Studies (CSIS). She also served as a member of the Cyberspace Solarium Commission. Previously, she served as under secretary for the Department of Homeland Security (DHS), where she led the National Protection and Programs Directorate, now called the Cybersecurity and Infrastructure Security Agency, managing a $3 billion budget and a workforce of 18,000, charged with strengthening cybersecurity and protecting the nation's critical infrastructure, including election infrastructure. She led the transformation of budget, acquisition, analytic, and operational processes to bring greater agility and unity of effort to an organization that had experienced dramatic growth through acquisition of new entities and missions over several years. Throughout her career, Ms. Spaulding has advised CEOs, boards, and government policymakers on how to manage complex security risks across all industry sectors. At DHS, she led the development and implementation of national policies for strengthening the security and resilience of critical infrastructure against cyber and physical risks, including the National Infrastructure Protection Plan and key presidential directives and executive orders. She worked with industry to establish CEO-level coordinating councils in the electric and financial services sectors, chaired the federal government's Aviation Cybersecurity Initiative to identify and address key cyber vulnerabilities in the national aviation system, and worked with many foreign governments on critical infrastructure and cybersecurity, including negotiating agreements with China and Israel. Ms. Spaulding also led security regulation of the chemical industry, biometrics and identity management, emergency communications, and the Federal Protective Service. As a member of the board of directors for the First Responder Network Authority, Ms. Spaulding helped oversee the complex and unprecedented effort to deploy the first nation-wide broadband network for public safety. She is currently on the board of directors for Defending Digital Campaigns and for Girl Security, and advisory boards for Nozomi Networks, Splunk, MITRE, Harvard University's Defending Digital Democracy project, Foundation for Defense of Democracies, and the Technology Law and Security Program at American University. She is a member of the Homeland Security Experts Group, sits on the council of executives for the Center for Cyber and Homeland Security at Auburn University, and is on the faculty of the National Association of Corporate Directors. Following the attacks of 9/11, Ms. Spaulding worked with key critical infrastructure sectors as they reviewed their security posture and advised the CEOs of the Business Roundtable. In 2002, she was appointed by Governor Mark Warner of Virginia to the Secure Commonwealth Panel to advise the governor and the legislature regarding preparedness issues. She was managing partner of the Harbour Group, a principal in the Bingham Consulting Group, and of counsel to Bingham McCutchen LLP. Ms. Spaulding has served in Republican and Democratic administrations and on both sides of the aisle in Congress. She was general counsel for the Senate Select Committee on Intelligence and minority staff director for the House of Representatives Permanent Select Committee on Intelligence. She also spent six years at the Central Intelligence Agency, where she was assistant general counsel and legal adviser to the director's Nonproliferation Center. She was a member of the CSIS Commission on Cybersecurity for the 44th Presidency, which developed a bipartisan national cybersecurity strategy in advance of the 2008 election; executive director of the National Commission on Terrorism and the Commission to Assess the Organization of the Federal Government to Combat the Proliferation of Weapons of Mass Destruction; and a consultant on the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction and the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. She is former chair of the American Bar Association's Standing Committee on Law and National Security, founder of the Cybersecurity Legal Task Force, and was a member of Harvard University's Long-Term Legal Strategy Project for Preserving Security and Democratic Freedoms in the War on Terror. About: The Information Professionals Association (IPA) is a non-profit organization dedicated to exploring the role of information activities, such as influence and cognitive security, within the national security sector and helping to bridge the divide between operations and research. Its goal is to increase interdisciplinary collaboration between scholars and practitioners and policymakers with an interest in this domain. For more information, please contact us at communications@information-professionals.org. Or, connect directly with The Cognitive Crucible podcast host, John Bicknell, on LinkedIn.

On today's episode of The Daily Scoop Podcast, Suzanne Spaulding, senior advisor at CSIS and former undersecretary for the National Protection and Programs Directorate at the Department of Homeland Security, discusses the cyber threats posed by Russia, China and other adversaries. The Department of Defense will stand-up a zero trust program office to lead the Pentagon's deployment of the cybersecurity model. Defense Logistics Agency Chief Information Officer George Duchak explains the three key components to DLA's zero trust implementation. This interview is part of FedScoop's “Zero Trust Begins With Smarter Password Protection” series, sponsored by Keeper Security. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

Reviewing funding for Advanced Battle Management System Gen. Hawk Carlisle (USAF, Ret.), president and chief executive officer of the National Defense Industrial Association and former commander of Air Combat Command, and Deborah Lee James, 23rd secretary of the Air Force and author of “Aim High: Chart Your Course and Find Success,” discuss the Air Force's challenge of demonstrating ABMS program value to Congress The latest on IG government shutdown legislation Jon Rymer, principal at Lynch Consultants and former Inspector General at the Department of Defense, and Daniel Levinson, former Inspector General at the Department of Health and Human Services and the General Services Administration, present their thoughts on legislation for IGs to work during shutdowns and a proposal to investigate telework success The latest on cybersecurity initiatives in federal agencies Essye Miller, chief executive officer of Executive Business Management and former principal deputy chief information officer at the Defense Department, and Suzanne Spaulding, senior advisor of homeland security at the Center for Strategic and International Studies and former under secretary at the National Protection and Programs Directorate at the Department of Homeland Security, discuss investment in cyber resilience and progress on top cyber position confirmations

Everyone who uses Facebook, Google, and Twitter has probably noticed the disappearance of posts and the appearance of labels, especially during the 2020 election season. In this episode, hear the highlights from six recent House and Senate hearings where executives from the social media giants and experts on social media testified about the recent changes. The incoming 117th Congress is promising to make new laws that will affect our social media experiences; these conversations are where the new laws are being conceived.  Please Support Congressional Dish – Quick Links Click here to contribute monthly or a lump sum via PayPal Click here to support Congressional Dish via Patreon (donations per episode) Send Zelle payments to: Donation@congressionaldish.com Send Venmo payments to: @Jennifer-Briney Send Cash App payments to: $CongressionalDish or Donation@congressionaldish.com Use your bank’s online bill pay function to mail contributions to: 5753 Hwy 85 North, Number 4576, Crestview, FL 32536 Please make checks payable to Congressional Dish Thank you for supporting truly independent media! Recommended Episodes CD196: The Mueller Report CD186: National Endowment for Democracy Articles/Documents Article: President Trump’s latest claims about Wis. absentee ballots debunked by election officials WTMJ-TV Milwaukee, November 24, 2020 Article: Don’t Blame Section 230 for Big Tech’s Failures. Blame Big Tech. By Elliot Harmon, Electronic Frontier Foundation, November 16, 2020 Article: Biden, the Media and CIA Labeled the Hunter Biden Emails "Russian Disinformation." There is Still No Evidence. By Glenn Greenwald, November 12, 2020 Article: Ad Library - Spending Tracker: US 2020 Presidential Race Facebook, November 3, 2020 Article: What’s the deal with the Hunter Biden email controversy? By Kaelyn Forde and Patricia Sabga, Aljazeera, October 30, 2020 Article: Congress Fails to Ask Tech CEOs the Hard Questions By Elliot Harmon and Joe Mullin, Electronic Frontier Foundation, October 29, 2020 Article: With the Hunter Biden Expose, Suppression is a Bigger Scandal Than The Actual Story, by Matt Taibbi, TK News, October 24, 2020 Article: Read the FBI's letter to Sen. Ron Johnson The Washington Post, October 20, 2020 Article: DNI Ratcliffe: Russia disinformation not behind published emails targeting Biden; FBI reviewing, by Kevin Johnson, USA Today, October 19, 2020 Article: Twitter changes its hacked materials policy in wake of New York Post controversy By Natasha Lomas, Tech Crunch, October 16, 2020 Article: Smoking-gun email reveals how Hunter Biden introduced Ukrainian businessman to VP dad By Emma-Jo Morris and Gabrielle Fonrouge, New York Post, October 14, 2020 Article: The Decline of Organic Facebook Reach & How to Adjust to the Algorithm By Sophia Bernazzani, HubSpot, May 3, 2020 Article: Facebook launches searchable transparency library of all active ads By Josh Constine, TechCrunch, March 28, 2019 Article: MAERES Alumna Nina Jankowicz Awarded Fulbright-Clinton Fellowship to Ukraine SFS, Center for Eurasian, Russian and East European Studies, June 21, 2016 Article: Organic Reach on Facebook: Your Questions Answered By Brian Boland, Facebook for Business, June 5, 2014 Article: NSA slides explain the PRISM data-collection program The Washington Post, October 4, 2013 Additional Resources General Guidelines and policies: Distribution of hacked materials policy, Twitter, October 2020 Business Help Center: Fact-Checking on Facebook Facebook Business Business Help Center: Rating Options for Fact-Checkers Facebook Business Commit to transparency — sign up for the International Fact-Checking Network's code of principles, IFCN Code of Principles Section 230 of the Communications Decency Act, Electronic Frontier Foundation Mission Statement: OUR MISSION Open Markets About News Media Alliance Leadership News Corp Clint Watts Foreign Policy Research Institute About FPRI Foreign Policy Research Institute Nina Jankowicz Wicszipedia Sound Clip Sources Hearing: Breaking the News: Censorship, Suppression and the 2020 Election, Senate Judiciary Committee, November 17, 2020 Witnesses: Jack Dorsey, Twitter, Inc. Mark Zuckerberg, Facebook, Inc. Transcript: [30:50] Jack Dorsey: We were called here today because of an enforcement decision we made against New York Post, based on a policy we created in 2018. To prevent Twitter from being used to spread hacked materials. This resulted in us blocking people from sharing a New York Post article, publicly or privately. We made a quick interpretation, using no other evidence that the materials in the article were obtained through hacking, and according to our policy, we blocked them from being spread. Upon further consideration, we admitted this action was wrong and corrected it within 24 hours. We informed the New York Post of our air and policy update and how to unlock their account by deleting the original violating tweet, which freed them to tweet the exact same content and news article again. They chose not to, instead insisting we reverse our enforcement action. We do not have a practice around retro actively overturning prior enforcement's, since then it demonstrated that we needed one and so we created one we believe is fair and appropriate. [35:13] Mark Zuckerberg: At Facebook, we took our responsibility to protect the integrity of this election very seriously. In 2016, we began to face new kinds of threats and after years of preparation, we were ready to defend against them. We built sophisticated systems to protect against election interference, that combined artificial intelligence, significant human review, and partnerships with the intelligence community, law enforcement and other tech platforms. We've taken down more than 100 networks of bad actors, we're trying to coordinate and interfere globally, we established a network of independent fact checkers that covers more than 60 languages. We made political advertising more transparent on Facebook than anywhere else, and including TV, radio and email. And we introduced new policies to combat voter suppression and misinformation. Still, the pandemic created new challenges, how to handle misinformation about COVID and voting by mail, how to prepare people for the reality, the results would take time, and how to handle if someone prematurely declared victory or refused to accept the result. So in September, we updated our policies again to reflect these realities of voting in 2020. And make sure that we were taking precautions given these unique circumstances. We worked with local election officials to remove false claims about polling conditions that might lead to voter suppression. We partnered with Reuters and the national election pool to provide reliable information about results. We attach voting information to posts by candidates on both sides and additional contexts to posts trying to de legitimize the outcome. We lock down new political ads and the week before the election to prevent misleading claims from spreading when they couldn't be rebutted. We strengthened our enforcement against militias and conspiracy networks like QAnon to prevent them from using our platforms to organize violence or civil unrest altogether. I believe this was the largest election integrity effort by any private company in recent times. [40:50] Jack Dorsey: We have transparency around our policies, we do not have transparency around how we operate content moderation, the rationale behind it, the reasoning. And as we look forward, we have more and more of our decisions of our operations moving to algorithms, which are, have a difficult time explaining why they make decisions, bringing transparency around those decisions. And that is why we believe that we should have more choice in how these algorithms are applied to our content, whether we use them at all so we can turn them on or off and have clarity around the outcomes that they're projecting and how they affect our experience. [45:39] Mark Zuckerberg: We work with a number of independent organizations that are accredited by the Poynter Institute. And they include Reuters, the Associated Press. AJans France presse, United States, USA Today, factcheck.org, Science Feedback, PolitiFact, Check Your Fact, Leadstories and the Dispatch in the United States. [48:54] Sen. Lindsay Graham (SC): Do both of you support change to 230? Reform of Section 230? Mark Zuckerberg: Senator I do. Sen. Lindsay Graham (SC): Mr. Dorsey? Jack Dorsey: Yes. Sen. Lindsay Graham (SC): Thank you. [54:10] Sen. Richard Blumenthal (CT): How many times is Steve Bannon allowed to call for the murder of government officials before Facebook suspends his account? Mark Zuckerberg: Senator, as you say, the content in question did violate our policies and we took it down. Having a content violation does not automatically mean your account gets taken down. And the number of strikes varies depending on the amount and type of offense. So if people are posting terrorist content or child exploitation content, then the first time they do it, then we will take down their account. For other things. It's multiple, I'd be happy to follow up afterwards. We try not to disclose these... Sorry, I didn't hear that. Sen. Richard Blumenthal (CT): Will you commit to taking down that account? Steve Bannon? Mark Zuckerberg: Senator, no, that's not what our policies would suggest that we should do in this case. [1:07:05] Jack Dorsey: What we saw and what the market told us was that people would not put up with abuse, harassment and misleading information that would cause offline harm, and they would leave our service because of it. So our intention is to create clear policy, clear enforcement that enables people to feel that they can express themselves on our service, and ultimately trust it. Sen. John Cornyn (TX): So it was a business decision. Jack Dorsey: It was a business decision. [2:56:34] Mark Zuckerberg: We do coordinate on and share signals on security related topics. So for example, if there is signal around a terrorist attack or around child exploitation imagery or around a foreign government, creating an influence operation, that is an area where the companies do share signals about what they see. But I think it's important to be very clear that that is distinct from the content moderation policies that we or the other companies have, where once we share intelligence or signals between the companies, each company makes its own assessment of the right way to address and deal with that information. [3:59:10] Sen. Mazie Hirono (HI): I don't know what it what are both of you prepared to do regarding Donald Trump's use of your platforms after he stops being president it? Will he still be deemed newsworthy? And will he still get to use your platform to spread this misinformation? Mark Zuckerberg: Senator, let me clarify my last answer. We are also having academic study, the effective of all of our election measures and they'll be publishing those results publicly. In terms of President Trump and moving forward. There are a small number of policies where we have exceptions for politicians under the principle that people should be able to hear what their elected officials are saying and candidates for office. But by and large, the vast majority of our policies have no newsworthiness or political exception. So if the President or anyone else is spreading hate speech, or inciting violence, or posting content, that delegitimizes the election or valid forms of voting, those will receive the same treatment is anyone else saying those things, and that will continue to be the case Sen. Mazie Hirono (HI): Remains to be seen. Jack Dorsey: So we do have a policy around public interest, where for global leaders, we do make exceptions in terms of whether if a tweet violates our terms of service, we leave it up behind an interstitial, and people are not allowed to share that more broadly. So a lot of the sharing is disabled with the exception of quoting it so that you can add your own conversation on top of it. So if an account suddenly becomes, is not a world leader anymore, that particular policy goes away. [4:29:35] Sen. Marsha Blackburn (TN): Do you believe it's Facebook's duty to comply with state sponsored censorship so it can keep operating doing business and selling ads in that country? Mark Zuckerberg: Senator in general, we try to comply with the laws in every country where we operate and do business. Hearing: BIG TECH AND SECTION 230 IMMUNITY, Senate Commerce, Science and Transportation Committee, October 28, 2020 Witnesses: Jack Dorsey, Twitter, Inc. Sundar Pichai, Alphabet Inc. Mark Zuckerberg, Facebook, Inc. Transcript: [10:10] Sen. Roger Wicker (MS): In policing, conservative sites, then its own YouTube platform or the same types of offensive and outrageous claims. [45:50] Jack Dorsey: The goal of our labeling is to provide more context to connect the dots so that people can have more information so they can make decisions for themselves. [46:20] Sen. Roger Wicker (MS): I have a tweet here from Mr. Ajit Pai. Mr. Ajit Pai is the chairman of the Federal Communications Commission. And he recounts some four tweets by the Iranian dictator, Ayatollah Ali Khamenei, which Twitter did not place a public label on. They all four of them glorify violence. The first tweet says this and I quote each time 'the Zionist regime is a deadly cancerous growth and a detriment to the region, it will undoubtedly be uprooted and destroyed.' That's the first tweet. The second tweet 'The only remedy until the removal of the Zionist regime is firm armed resistance,' again, left up without comment by Twitter. The third 'the struggle to free Palestine is jihad in the way of God.' I quote that in part for the sake of time, and number four, 'we will support and assist any nation or any group anywhere who opposes and fights the Zionist regime.' I would simply point out that these tweets are still up, Mr. Dorsey. And how is it that they are acceptable to be to be there? Alan, I'll ask unanimous consent to enter this tweet from Ajit Pai in the record at this point that'll be done. Without objection. How Mr. Dorsey, is that acceptable based on your policies at Twitter? Jack Dorsey: We believe it's important for everyone to hear from global leaders and we have policies around world leaders. We want to make sure that we are respecting their right to speak and to publish what they need. But if there's a violation of our terms of service, we want to label it and... Sen. Roger Wicker (MS): They're still up, did they violate your terms of service? Mr. Dorsey? Jack Dorsey: We did not find those two violate our terms of service because we consider them saber rattling, which is, is part of the speech of world leaders in concert with other countries. Speech against our own people, or a country's own citizens we believe is different and can cause more immediate harm. [59:20] Jack Dorsey: We don't have a policy against misinformation. We have a policy against misinformation in three categories, which are manipulated media, public health, specifically COVID and civic integrity, election interference and voter suppression. [1:39:05] Sen. Brian Schatz (HI): What we are seeing today is an attempt to bully the CEOs of private companies into carrying out a hit job on a presidential candidate, by making sure that they push out foreign and domestic misinformation meant to influence the election. To our witnesses today, you and other tech leaders need to stand up to this immoral behavior. The truth is that because some of my colleagues accuse you, your companies and your employees of being biased or liberal, you have institutionally bent over backwards and over compensated, you've hired republican operatives, hosted private dinners with Republican leaders, and in contravention of your Terms of Service, given special dispensation to right wing voices, and even throttled progressive journalism. Simply put, the republicans have been successful in this play. [1:47:15] Jack Dorsey: This one is a tough one to actually bring transparency to. Explainability in AI is a field of research but is far out. And I think a better opportunity is giving people more choice around the algorithms they use, including to turn off the algorithms completely which is what we're attempting to do. [2:15:00] Sen. Jerry Moran (KS): Whatever the numbers are you indicate that they are significant. It's a enormous amount of money and an enormous amount of employee time, contract labor time in dealing with modification of content. These efforts are expensive. And I would highlight for my colleagues on the committee that they will not be any less expensive, perhaps less than scale, but not less in cost for startups and small businesses. And as we develop our policies in regard to this topic, I want to make certain that entrepreneurship, startup businesses and small business are considered in what it would cost in their efforts to meet the kind of standards to operate in a sphere. [2:20:40] Sen. Ed Markey (MA): The issue is not that the companies before us today are taking too many posts down. The issue is that they're leaving too many dangerous posts up. In fact, they're amplifying harmful content so that it spreads like wildfire and torches our democracy. [3:04:00] Sen. Mike Lee (UT): Between the censorship of conservative and liberal points of view, and it's an enormous disparity. Now you have the right, I want to be very clear about this, you have every single right to set your own terms of service and to interpret them and to make decisions about violations. But given the disparate impact of who gets censored on your platforms, it seems that you're either one not enforcing your Terms of Service equally, or alternatively, to that you're writing your standards to target conservative viewpoints. [3:15:30] Sen. Ron Johnson (MA): Okay for both Mr. Zuckerberg and Dorsey who censored New York Post stories, or throttled them back, did either one of you have any evidence that the New York Post story is part of Russian disinformation? Or that those emails aren't authentic? Did anybody have any information whatsoever? They're not authentic more than they are Russian disinformation? Mr. Dorsey? Jack Dorsey: We don't. Sen. Ron Johnson (MA): So why would you censor it? Why did you prevent that from being disseminated on your platform that is supposed to be for the free expression of ideas, and particularly true ideas... Jack Dorsey: we believe to fell afoul of our hacking materials policy, we judged... Sen. Ron Johnson (MA): They weren't hacked. Jack Dorsey: We we judge them moment that it looked like it was hacked material. Sen. Ron Johnson (MA): You were wrong. Jack Dorsey: And we updated our policy and our enforcement within 24 hours. Sen. Ron Johnson (MA): Mr. Zuckerberg? Mark Zuckerberg: Senator, as I testified before, we relied heavily on the FBI, his intelligence and alert status both through their public testimony and private briefings. Sen. Ron Johnson (MA): Did the FBI contact you, sir, than your co star? It was false. Mark Zuckerberg: Senator not about that story specifically. Sen. Ron Johnson (MA): Why did you throttle it back. Mark Zuckerberg: They alerted us to be on heightened alert around a risk of hack and leak operations around a release and probe of information. And to be clear on this, we didn't censor the content. We flagged it for fact checkers to review. And pending that review, we temporarily constrained its distribution to make sure that it didn't spread wildly while it was being reviewed. But it's not up to us either to determine whether it's Russian interference, nor whether it's true. We rely on the fact checkers to do that. [3:29:30] Sen. Rick Scott (FL): That's becoming obvious that your that your companies are unfairly targeting conservatives. That's clearly the perception today, Facebook is actively targeting as by conservative groups ahead of the election, either removing the ads completely or adding their own disclosure if they claim that didn't pass their fact check system. [3:32:40] Sen. Rick Scott (FL): You can't just pick and choose which viewpoints are allowed on your platform an expect to keep immunity granted by Section 230. News Clip: Adam Schiff on CNN, CNN, Twitter, October 16, 2020 Hearing: MISINFORMATION, CONSPIRACY THEORIES, AND `INFODEMICS': STOPPING THE SPREAD ONLINE, Committee on the Judiciary: Subcommittee on Antitrust, Commercial, and Administrative Law, October 15, 2020 Watch on Youtube Hearing Transcript Witnesses: Dr. Joan Donovan: Research Director at the Shorenstein Center on Media, Politics, and Public Policy at Harvard Kennedy School Nina Jankowicz: Disinformation Fellow at the Wilson Center Cindy Otis: Vice President of the Althea Group Melanie Smith: Head of Analysis, Graphika Inc Transcript: 41:30 Rep. Jim Himes (CT): And I should acknowledge that we're pretty careful. We understand that we shouldn't be in the business of fighting misinformation that's probably inconsistent with the First Amendment. So what do we do? We ask that it be outsourced to people that we otherwise are pretty critical of like Mark Zuckerberg, and Jack Dorsey, we say you do it, which strikes me as a pretty lame way to address what may or may not be a problem. 42:00 Rep. Jim Himes (CT): Miss Jankowicz said that misinformation is dismantling democracy. I'm skeptical of that. And that will be my question. What evidence is that is out there that this is dismantling democracy, I don't mean that millions of people see QAnon I actually want to see the evidence that people are seeing this information, and are in a meaningful way, in a material way, dismantling our democracy through violence or through political organizations, because if we're going to go down that path, I need something more than eyeballs. So I need some evidence for how this is dismantling our democracy. And secondly, if you persuade me that we're dismantling our democracy, how do we get in the business of figuring out who should define what misinformation or disinformation is? Nina Jankowicz: To address your first question related to evidence of the dismantling of democracy. There's two news stories that I think point to this from the last couple of weeks alone. The first is related to the kidnapping plot against Michigan Governor Gretchen Whitmer. And the social media platforms played a huge role in allowing that group to organize. It allowed, that group to, it ceded the information that led them to organize and frankly, as a woman online who has been getting harassed a lot lately, lately, with sexualized and gender disinformation, I am very acutely aware of how those threats that are online can transfer on to real world violence. And that make no mistake is meant to keep women and minorities from not only participating in the democratic process by exercising our votes, but also keeping us from public life. So that's one big example. But there was another example just recently from a channel for in the UK documentary that looked at how the Trump campaign used Cambridge Analytica data to selectively target black voters with voter suppression ads during the 2016 election. Again, this is it's affecting people's participation. It's not just about fake news, stories on the internet. In fact, a lot of the best disinformation is grounded in a kernel of truth. And in my written testimony, I go through a couple of other examples of how online action has led to real world action. And this isn't something that is just staying on the internet, it is increasingly in real life. Rep. Jim Himes (CT): I don't have a lot of time. Do you think that both examples that you offered up Gov the plot to kidnap governor, the governor of Michigan, and your other example passed the but for test? I mean, this country probably got into the Spanish American War over 130 years ago because of the good works of William Randolph Hearst. So how do we, we've had misinformation and yellow journalism and terrible media and voter suppression forever. And I understand that these media platforms have scale that William Randolph Hearst didn't have. But are you sure that both of those examples pass the buck for they wouldn't have happened without the social media misinformation? Nina Jankowicz: I believe they do, because they allow the organization of these groups without any oversight, and they allow the targeting the targeting of these messages to the groups and people that are going to find the most vulnerable and are most likely to take action against them. And that's what our foreign adversaries do. And increasingly, it's what people within our own country are using to organize violence against the democratic participation of many of our fellow citizens. Rep. Jim Himes (CT): Okay, well, I'm out of time I would love to continue this conversation and pursue what you mean by groups being formed quote, without oversight, that's language I'd like to better understand but I'm out of time, but I would like to continue this conversation into, well, if this is the problem that you say it is, what do we actually do about it? Hearing: ONLINE PLATFORMS AND MARKET POWER, PART 2: INNOVATION AND ENTREPRENEURSHIP, Committee on the Judiciary: Subcommittee on Antitrust, Commercial, and Administrative Law, July 16, 2020 Watch on Youtube Witnesses: Adam Cohen: Director of Economic Policy at Google Matt Perault: Head of Global Policy Development at Facebook Nate Sutton: Associate General Counsel for Competition at Amazon Kyle Andeer: Vice President for Corporate Law at Apple Timothy Wu: Julius Silver Professor of Law at Columbia Law School Dr. Fiona Scott Morton: Theodore Nierenberg Professor of Economics at Yale School of Management Stacy Mitchell: Co-Director at the Institute for Local Self-Reliance Maureen Ohlhausen: Partner at Baker Botts LLP Carl Szabo: Vice President and Gneral Counsel at NetChoice Morgan Reed: Executive Director at the App Association Transcript: [55:15] Adam Cohen: Congresswoman we use a combination of automated tools, we can recognize copyrighted material that creators upload and instantaneously discover it and keep it from being seen on our platforms. [1:16:00] Rep. David Cicilline (RI): Do you use consumer data to favor Amazon products? Because before you answer that, analysts estimate that between 80 and 90% of sales go to the Amazon buy box. So you collect all this data about the most popular products where they're selling. And you're saying you don't use that in any way to change an algorithm to support the sale of Amazon branded products? Nate Sutton: Our algorithms such as the buy box is aimed to predict what customers want to buy, apply the same criteria whether you're a third party seller, or Amazon to that because we want customers to make the right purchase, regardless of whether it's a seller or Amazon. Rep. David Cicilline (RI): But the best purchase to you as an Amazon product. Nate Sutton: No, that's not true. Rep. David Cicilline (RI): So you're telling us you're under oath, Amazon does not use any of that data collected with respect to what is selling, where it's on what products to inform the decisions you make, or to change algorithms to direct people to Amazon products and prioritize Amazon and D prioritize competitors. Nate Sutton: The algorithms are optimized to predict what customers want to buy regardless of the seller. We provide this same criteria and with respect to popularity, that's public data on each product page. We provide the ranking of each product. [3:22:50] Dr. Fiona Scott Morton: As is detailed in the report that I submitted as my testimony, there are a number of characteristics of platforms that tend to drive them toward concentrated markets, very large economies of scale, consumers exacerbate this with their behavioral biases, we don't scroll down to the second page, we don't. We accept default, we follow the framing the platform gives us and instead of searching independently, and what that does is it makes it very hard for small companies to grow and for new ones to get traction against the dominant platform. And without the threat of entry from entrepreneurs and growth from existing competitors, the dominant platform doesn't have to compete as hard. If it's not competing as hard, then there are several harms that follow from that. One is higher prices for advertisers, many of these platforms are advertising supported, then there's higher prices to consumers who may think that they're getting a good deal by paying a price of zero. But the competitive price might well be negative, the consumers might well be able to be paid for using these platforms in a competitive market. Other harms include low quality in the form of less privacy, more advertising and more exploitative content that consumers can't avoid. Because, as Tim just said, there isn't anywhere else to go. And lastly, without competitive pressure, innovation is lessened. And in particular, it's channeled in the direction the dominant firm prefers, rather than being creatively spread across directions chosen by entrance. And this is what we learned both from at&t and IBM and Microsoft, is that when the dominant firm ceases to control innovation, there's a flowering and it's very creative and market driven. So the solution to this problem of insufficient competition is complimentary steps forward in both antitrust and regulation. Antitrust must recalibrate the balance it strikes between the risk of over enforcement and under enforcement. The evidence now shows we've been under enforcing for years and consumers have been harmed. [3:22:50] Stacy Mitchell: I hope the committee will consider several policy tools as part of this investigation. In particular, we very much endorse the approach that Congress took with regard to the railroads, that if you operate essential infrastructure, you can't also compete with the businesses that rely on that infrastructure. [3:45:00] Morgan Reed: Here on the table, I have a copy of Omni page Pro. This was a software you bought, if you needed to scan documents. If you wanted to turn it into a processor and you could look at it in a word processor. I've also got this great review from PC World, they loved it back in 2005. But the important fact here in this review is that it says the street price of this software in 2005 was $450. Now, right here, I've got an app from a company called Readdle, that is nearly the same product level has a bunch of features that this one doesn't, it's $6. Basically now consumers pay less than 1% of what they used to pay for some of the same capability. And what's even better about that, even though I love the product from Readdle, there are dozens of competitors in the app space. So when you look at it from that perspective, consumers are getting a huge win. How have platforms made this radical drop in price possible? Simply put, they've provided three things a trusted space, reduced overhead, and given my developers nearly instant access to a global marketplace with billions of customers, before the platforms to get your software onto a retail store shelf. companies had to spend years and thousands of dollars to get to the point where a distributor would handle their product, then you'd agree agree to a cut of sales revenue, write a check for upfront marketing, agree to refund the distributor the cost of any unsold boxes and then spend 10s of thousands of dollars to buy an end cap. Digging a little bit on this, I don't know how many of you know or aware that the products you see on your store shelf or in the Sunday flyer aren't there because the manager thought it was a cool product. Those products are displayed at the end of an aisle or end cap because the software developer or consumer goods company literally pays for the shelf space. In fact, for many retailers the sale of floor the sale of floor space and flyers makes a huge chunk of their profitability for their store. And none of this takes into consideration printing boxes, manuals, CDs, dealing with credit cards if you go direct translation services, customs authorities if you want to sell abroad in the 1990s it cost a million dollars to start up a software company. Now it's $100,000 in sweat equity. And thanks to these changes, the average cost for consumer software has dropped from $50 to three. For developers. Our cost to market has dropped enormously and the size of our market has expanded globally. [3:48:55] Stacy Mitchell: I've spent a lot of time interviewing and talking with independent retailers, manufacturers of all sizes. Many of them are very much afraid of speaking out publicly because they fear retaliation. But what we consistently hear is that Amazon is the biggest threat to their businesses. We just did a survey of about 550 independent retailers nationally, Amazon ranked number one in terms of being what they said was the biggest threat to their business above, rising healthcare costs, access to capital, government, red tape, anything else you can name. Among those who are actually selling on the platform, only 7% reported that it was actually helping their bottom line. Amazon has a kind of godlike view of a growing share of our commerce and it uses the data that it gathers to advantage its own business and its own business interests in lots of ways. A lot of this, as I said, comes from the kind of leverage its ability to sort of leverage the interplay between these different business lines to maximize its advantage, whether it's promoting its own product because that's lucrative or whether it's using the manufacturer of a product to actually squeeze a seller or vendor into giving it bigger discounts. [3:53:15] Rep. Kelly Armstrong (ND): When we recognize, I come from very rural area, the closest, what you would consider a big box store is Minneapolis or Denver. So and so when we're talking about competition, all of this I also think we've got to remember, at no point in time from my house in Dickinson, North Dakota have I had more access to more diverse and cheap consumer products. I mean, things that often would require a plane ticket or a nine hour car ride to buy can now be brought to our house. So I think when we're talking about consumers, we need to remember that side of it, too. Hearing: EMERGING TRENDS IN ONLINE FOREIGN INFLUENCE OPERATIONS: SOCIAL MEDIA, COVID–19, AND ELECTION SECURITY, Permanent Select Committee on Intelligence, June 18, 2020 Watch on Youtube Hearing transcript Witnesses: Nathaniel Gleicher: Head of Security Policy at Facebook Nick Pickles: Director of Global Public Policy Strategy and Development at Twitter Richard Salgado: Director for Law Enforcement and Information Security at Google Transcript: [19:16] Nathaniel Gleicher: Facebook has made significant investments to help protect the integrity of elections. We now have more than 35,000 people working on safety and security across the company, with nearly 40 teams focused specifically on elections and election integrity. We're also partnering with federal and state governments, other tech companies, researchers and civil society groups to share information and stop malicious actors. Over the past three years, we've worked to protect more than 200 elections around the world. We've learned lessons from each of these, and we're applying these lessons to protect the 2020 election in November. [21:58] Nathaniel Gleicher: We've also been proactively hunting for bad actors trying to interfere with the important discussions about injustice and inequality happening around our nation. As part of this effort, we've removed isolated accounts seeking to impersonate activists, and two networks of accounts tied to organize hate groups that we've previously banned from our platforms. [26:05] Nick Pickles: Firstly, Twitter shouldn't determine the truthfulness of tweets. And secondly, Twitter should provide context to help people make up their own minds in cases where the substance of a tweet is disputed. [26:15] Nick Pickles: We prioritize interventions regarding misinformation based on the highest potential for harm. And the currently focused on three main areas of content, synthetic & manipulated media, elections and civic integrity and COVID-19. [26:30] Nick Pickles: Where content does not break our rules and warrant removal. In these three areas, we may label tweets to help people come to their own views by providing additional context. These labels may link to a curated set of tweets posted by people on Twitter. This include factual statements, counterpoint opinions and perspectives, and ongoing public conversation around the issue. To date, we've applied these labels to thousands of tweets around the world across these three policy areas. [31:10] Richard Salgado: In search, ranking algorithms are an important tool in our fight against disinformation. Ranking elevates information that our algorithms determine is the most authoritative, above information that may be less reliable. Similarly, our work on YouTube focuses on identifying and removing content that violates our policies and elevating authoritative content when users search for breaking news. At the same time, we find and limit the spread of borderline content that comes close but just stops short of violating our policies. [53:28] Rep. Jackie Speier (CA): Mr. Gliecher, you may or may not know that Facebook is headquartered in my congressional district. I've had many conversations with Sheryl Sandberg. And I'm still puzzled by the fact that Facebook does not consider itself a media platform. Are you still espousing that kind of position? Nathaniel Gleicher: Congresswoman, we're first and foremost a technology company. We may be a technology company, but it's your technology company is being used as a media platform. Do you not recognize that? Congresswoman, we're a place for ideas across the spectrum. We know that there are people who use our platforms to engage and in fact that is the goal of the platform's to encourage and enable people to discuss the key issues of the day and to talk to family and friends. [54:30] Rep. Jackie Speier (CA): How long or or maybe I should ask this when there was a video of Speaker Pelosi that had been tampered with - slowed down to make her look like she was drunk. YouTube took it down almost immediately. What did Facebook do and what went into your thinking to keep it up? Nathaniel Gleicher: Congresswoman for a piece of content like that, we work with a network of third party fact checkers, more than 60 3rd party fact checkers around the world. If one of them determines that a piece of content like that is false, and we will down rank it, and we will put an interstitial on it so that anyone who would look at it would first see a label over it saying that there's additional information and that it's false. That's what we did in this context. When we down rank, something like that, we see the shares of that video, radically drop. Rep. Jackie Speier (CA): But you won't take it down when you know it's false. Nathaniel Gleicher: Congresswoman, you're highlighting a really difficult balance. And we've talked about this amongst ourselves quite a bit. And what I would say is, if we simply take a piece of content like this down, it doesn't go away. It will exist elsewhere on the internet. People who weren't looking for it will still find it. Rep. Jackie Speier (CA): But it you know, there will always be bad actors in the world. That doesn't mean that you don't do your level best to show the greatest deal of credibility. I mean, if YouTube took it down, I don't understand how you couldn't have taken down but I'll leave that where it lays. [1:40:10] Nathaniel Gleicher: Congressman, the collaboration within industry and with government is much, much better than it was in 2016. I think we have found the FBI, for example, to be forward leaning and ready to share information with us when they see it. We share information with them whenever we see indications of foreign interference targeting our election. The best case study for this was the 2018 midterms, where you saw industry, government and civil society all come together, sharing information to tackle these threats. We had a case on literally the eve of the vote, where the FBI gave us a tip about a network of accounts where they identified subtle links to Russian actors. Were able to investigate those and take action on them within a matter of hours. [1:43:10] Rep. Jim Himes (CT): I tend to be kind of a First Amendment absolutist. I really don't want Facebook telling me what's true and what's not true mainly because most statements are some combination of both. [1:44:20] Nathaniel Gleicher: Certainly people are drawn to clickbait. They're drawn to explosive content. I mean, it is the nature of clickbait, to make people want to click on it, but what we found is that if you separate it out from the particular content, people don't want a platform or experience, just clickbait, they will click it, if they see it, they don't want it prioritized, they don't want their time to be drawn into that and all emotional frailty. And so we are trying to build an environment where that isn't the focus, where they have the conversations they want to have, but I agree with you. A core piece of this challenge is people seek out that type of content wherever it is. I should note that as we're thinking about how we prioritize this, one of the key factors is who your friends are the pages and accounts that you follow and the assets that you engage with. That's the most important factor in sort of what you see. And so people have direct control over that because they are choosing the people they want to engage. Hearing: ONLINE PLATFORMS AND MARKET POWER, PART 1: THE FREE AND DIVERSE PRESS, Committee on the Judiciary: Subcommittee on Antitrust, Commercial, and Administrative Law, June 11, 2020 Watch on Youtube Witnesses: David Chavern: President of the News Media Alliance Gene Kimmelman: President of Public Knowledge Sally Hubbard: Director of Enforcement Strategy at the Open Markets Institute Matthew Schrurers: Vice President of Law and Policy at the Computer and Communications Industry Association David Pitofsky: General Counsel at News Corp Kevin Riley: Editor at the Atlanta Journal-Constitution Transcript: [55:30] David Chavern: Platforms and news organizations mutual reliance would not be a problem, if not for the fact that the concentration among the platforms means a small number of companies now exercise an extreme level of control over the news. And in fact, a couple of dominant firms act as regulators of the news industry. Only these regulators are not constrained by legislative or democratic oversight. The result has been to siphon revenue away from news publishers. This trend is clear if you compare the growth in Google's total advertising revenue to the decline in the news industry's ad revenue. In 2000, Google's US revenue was 2.1 billion, while the newspaper industry accounted for 48 billion in advertising revenue. In 2017, in contrast, Google's US revenue had increased over 25 times to 52.4 billion, the newspaper industry's ad revenue had fallen 65% to 16.4 billion. [56:26] David Chavern: The effect of this revenue decline in publishers has been terrible, and they've been forced to cut back on their investments in journalism. That is a reason why newsroom employment has fallen nearly a quarter over the last decade. One question might be asked is if the platforms are unbalanced, having such a negative impact on the news media, then why don't publishers do something about it? The answer is they cannot, at least under the existing antitrust laws, news publishers face a collective action problem. No publisher on its own can stand up to the tech giants. The risk of demotion or exclusion from the platform is simply too great. And the antitrust laws prevent news organizations from acting collectively. So the result is that publishers are forced to accept whatever terms or restrictions are imposed on them. [1:06:20] Sally Hubbard: Facebook has repeatedly acquired rivals, including Instagram and WhatsApp. And Google's acquisition cemented its market power throughout the ad ecosystem as it bought up the digital ad market spoke by spoke, including applied semantics AdMob and Double Click. Together Facebook and Google have bought 150 companies in just the last six years. Google alone has bought nearly 250 companies. [1:14:17] David Pitofsky: Unfortunately, in the news business, free riding by dominant online platforms, which aggregate and then reserve our content has led to the lion's share of online advertising dollars generated off the back of news going to the platforms. Many in Silicon Valley dismissed the press as old media failing to evolve in the face of online competition. But this is wrong. We're not losing business to an innovator who has found a better or more efficient way to report and investigate the news. We're losing business because the dominant platforms deploy our news content, to target our audiences to then turn around and sell that audience to the same advertisers we're trying to serve. [1:15:04] David Pitofsky: The erosion of advertising revenue undercuts our ability to invest in high quality journalism. Meanwhile, the platforms have little if any commitment to accuracy or reliability. For them, a news article is valuable if viral, not if verified. [1:16:12] David Pitofsky: News publishers have no good options to respond to these challenges. Any publisher that tried to withhold its content from a platform as part of a negotiating strategy would starve itself of reader traffic. In contrast, losing one publisher would not harm the platform's at all since they would have ample alternative sources for news content. [1:36:56] Rep. Pramila Jayapal (WA): So Miss Hubbard, let me start with you. You were an Assistant Attorney General for New York State's antitrust division. You've also worked as a journalist, which online platforms would you say are most impacting the public's access to trustworthy sources of journalism? And why? Sally Hubbard: Thank you for the question. Congresswoman, I think in terms of disinformation, the platforms that are having the most impact are Facebook and YouTube. And that's because of their business models, which are to prioritize engagement, engaging content because of the human nature that you know survival instinct, we tend to tune into things that make us fearful or angry. And so by prioritizing engagement, these platforms are actually prioritizing disinformation as well. It serves their profit motives to keep people on the platforms as long as possible to show them ads and collect their data. And because they don't have any competition, they're free to pursue these destructive business models without having any competitive constraint. They've also lacked regulation. Normally, corporations are not permitted to just pursue profits without regard to the consequences. [1:38:10] Rep. Pramila Jayapal (WA): The Federal Trade Commission has repeatedly declined to interfere, as Facebook and Google have acquired would be competitors. Since 2007, Google has acquired Applied Semantics, Double Click and AdMob. And since 2011, Facebook has acquired Instagram and WhatsApp. What do these acquisitions mean for consumers of news and information? I think sometimes antitrust is seen and regulation is seen as something that's out there. But this has very direct impact for consumers. Can you explain what that means as these companies have acquired more and more? Sally Hubbard: Sure, so in my view, those, of all of the acquisitions that you just mentioned, were illegal under the Clayton Act, which prohibits mergers that may lessen competition. Looking back, it's clear that all of those mergers did lessen competition. And when you lessen competition, the harms to consumers are not just high prices, which was which are harder to see when in the digital age. But its loss of innovation is loss of choice, and loss of control. So when we approve anti competitive mergers, consumers are harmed. [1:55:48] Rep. Matt Gaetz (FL): Section 230, as I understand it, and I'm happy to be corrected by others, would say that if a technology platform is a neutral public platform, that they enjoy certain liability protections that newspapers don't enjoy, that Newscorp doesn't enjoy with its assets. And so does it make the anti competitive posture of technology platforms more pronounced, that they have access to this special liability protection that the people you represent don't have access to? David Chavern: Oh, absolutely. There's a huge disparity. Frankly, when our contents delivered through these platforms, we get the liability and they get the money. So that's a good deal from that end. We are responsible for what we publish, we publishers can and do get sued. On the other hand, the platforms are allowed to deliver and monetize this content with complete lack of responsibility. Hearing: Election Interference: Ensuring Law Enforcement is Equipped to Target Those Seeking to Do Harm, Senate Judiciary Committee, June 12, 2018 Watch on C-SPAN Witnesses: Adam Hickey - Deputy Assistant Attorney General for the National Security Division at the Department of Justice Matthew Masterson - National Protection and Programs Directorate at the Department of Homeland Security Kenneth Wainstein - Partner at Davis Polk & Wardwell, LLP Prof. Ryan Goodman - New York University School of Law Nina Jankowicz - Global Fellow at the Wilson Center Transcript: [9:00] Senator Dianne Feinstein (CA): We know that Russia orchestrated a sustained and coordinated attack that interfered in our last presidential election. And we also know that there’s a serious threat of more attacks in our future elections, including this November. As the United States Intelligence Community unanimously concluded, the Russian government’s interference in our election—and I quote—“blended covert intelligence operations, such as cyber activity, with overt efforts by the Russian government agencies, state-funded media, third-party intermediaries, and paid social-media users or trolls.” Over the course of the past year and a half, we’ve come to better understand how pernicious these attacks were. Particularly unsettling is that we were so unaware. We were unaware that Russia was sowing division through mass propaganda, cyber warfare, and working with malicious actors to tip scales of the election. Thirteen Russian nationals and three organizations, including the Russian-backed Internet Research Agency, have now been indicted for their role in Russia’s vast conspiracy to defraud the United States. Hearing: Facebook, Google and Twitter Executives on Russian Disinformation, Senate Judiciary Subcommittee on Crime and Terrorism, October 31, 2017 Watch on Youtube Witnesses: Colin Stretch - Facebook Vice President and General Counsel Sean Edgett - Twitter Acting General Counsel Richard Salgado - Google Law Enforcement & Information Security Director Clint Watts - Foreign Policy Research Institute, National Security Program Senior Fellow Michael Smith -New America, International Security Fellow Transcript: [2:33:07] Clint Watts: Lastly, I admire those social-media companies that have begun working to fact-check news articles in the wake of last year’s elections. These efforts should continue but will be completely inadequate. Stopping false information—the artillery barrage landing on social-media users comes only when those outlets distributing bogus stories are silenced. Silence the guns, and the barrage will end. I propose the equivalent of nutrition labels for information outlets, a rating icon for news-producing outlets displayed next to their news links and social-media feeds and search engines. The icon provides users an assessment of the news outlet’s ratio of fact versus fiction and opinion versus reporting. The rating system would be opt-in. It would not infringe on freedom of speech or freedom of the press. Should not be part of the U.S. government, should sit separate from the social-media companies but be utilized by them. Users wanting to consume information from outlets with a poor rating wouldn’t be prohibited. If they are misled about the truth, they have only themselves to blame. Cover Art Design by Only Child Imaginations Music Presented in This Episode Intro & Exit: Tired of Being Lied To by David Ippolito (found on Music Alley by mevio)

"Many of the founders and the next generation after them advocated: we have to educate the citizenry how to best handle the rights and responsibilities we gave them, we promised them in the Declaration of Independence, and we gave unto them in the Constitution.” On today’s program, a special panel discussion about civic education as viewed as a national security imperative. This program, a collaboration with the Center for Strategic and International Studies (CSIS), features three distinguished guests with varied backgrounds but a common goal. Civics education and national security— what do they have to do with each other? With the proliferation of potentially dangerous information and questionably-sourced news bombarding us unfettered online, these three “civic musketeers” are on a mission. A mission to convince institutions, schools, and the general public that our national security is directly related to general knowledge about out country and how it was meant to work. --Dean Elizabeth Rindskopf Parker joined Pacific McGeorge School of Law as its eighth dean in 2002, after serving as general counsel for the 26-campus University of Wisconsin System. Her fields of expertise include national security and terrorism, international relations, public policy and trade, technology development and transfer, commerce, and civil rights and liberties litigation. Dean Parker has served as general counsel of the National Security Agency (1984 – 1989), principal deputy legal adviser at the U.S. Department of State (1989 – 1990), and general counsel for the Central Intelligence Agency (1990 – 1995). She is also a presidentially appointed member of the Public Interest Declassification Board and a member of the Director of National Intelligence’s Security Advisory Group. --Suzanne Spaulding is senior adviser for homeland security and director of the Defending Democratic Institutions project at the Center for Strategic and International Studies (CSIS). She also served as a member of the Cyberspace Solarium Commission. Previously, she served as under secretary for the Department of Homeland Security (DHS), where she led the National Protection and Programs Directorate, managing a $3 billion budget and a workforce of 18,000, charged with strengthening cybersecurity and protecting the nation’s critical infrastructure, including election infrastructure. Spaulding has served in Republican and Democratic administrations and on both sides of the aisle in Congress. She was general counsel for the Senate Select Committee on Intelligence and minority staff director for the House of Representatives Permanent Select Committee on Intelligence. --Ted McConnell is the executive director of the Campaign for the Civic Mission of Schools, a coalition of more than 60 national organizations, which are committed to improving the quality and quantity of civic learning in the nation’s schools. He has spent more than 20 years, promoting quality law-related education in Congress, state houses, board rooms, universities, and classrooms across the nation. McConnell has been involved in political and governmental sectors for more than 40 years, holding positions such as: Congressional affairs assistant to the U.S. Secretary of Commerce, assistant to the chairman of events for the Commission on Bicentennial of the U.S. Constitution, and 1980 presidential transition assistant. -------------------------------------- www.talkingbeats.com Please consider supporting Talking Beats with Daniel Lelchuk via our Patreon: patreon.com/talkingbeats

In this special episode of TF7 Radio, we have Three Tier I Cyber Security guests on the show that are set to appear at what is the first event of a four part Series at the University of Oklahoma on Global Risks and Threats. Our first guest, Thomas Finan, served as a Senior Cybersecurity Strategist and Counsel with DHS's National Protection and Programs Directorate. Tom is also the former Staff Director and Counsel for the Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment with the U.S. House Committee on Homeland Security. Cheemin Bo Lin is the CEO and President of Peritus Partners. She is one of the 2019 “Top 50 Board of Directors in the US, named “Top 100 CEOs in STEM”, named “Most influential Woman in Silicon Valley,” and inducted into the “Hall of Fame for Women in Technology.” Dr. Shad Satterthwaite is the Director for Executive Business Programs in Aerospace and Defense, and is a colonel in the U.S. Army Reserves.

When the old National Protection and Programs Directorate at the Department of Homeland Security got a new name, a lot changed. It's now called the Cybersecurity and Infrastructure Security Agency. The new title also brought new status, as Bloomberg Government analyst Laura Criste described on Federal Drive with Tom Temin.

Can we ensure our election security infrastructure is safe from attack? Ahead of the midterm elections, Chris Krebs, Under Secretary for the Department of Homeland Security’s National Protection and Programs Directorate, discusses the Elections Infrastructure Information Sharing and Analysis Center (ES-ISAC), which helps states and localities share information about cyberthreats. He warns that influence operations are just as formidable a threat to our elections as infrastructure risks.

The Homeland Security Department has been trying for nearly four years to rename its National Protection and Programs Directorate to something that actually describes what it does. Last week, the Senate gave it the go-ahead to do just that. DHS says the news name will be the Cybersecurity and Infrastructure Security Agency. The department also plans to reshuffle the offices within it. Federal News Radio's Amelia Brust has been covering the change, and she joined Federal Drive with Tom Temin for more.

Since the 2016 election, our country has been questioning whether our elections are secure, fair, and accurate. In this episode, we examine the threats to our election administration, both real and overblown. Please Support Congressional Dish - Quick Links Click here to contribute a lump sum or set up a monthly contribution via PayPal Click here to support Congressional Dish for each episode via Patreon Send Zelle payments to: Donation@congressionaldish.com Send Venmo payments to: @Jennifer-Briney Use your bank’s online bill pay function to mail contributions to: 5753 Hwy 85 North Number 4576 Crestview, FL 32536 Please make checks payable to Congressional Dish Thank you for supporting truly independent media! Recommended Congressional Dish Episodes CD175: State of War CD172: The Illegal Bombing of Syria CD167: Combating Russia (NDAA 2018) LIVE CD108: Regime Change CD041: Why Attack Syria? Additional Reading Report: Dramatic increase in voters purged from voter rolls between 2014 and 2016 by Adia Robinson, ABC News, July 24, 2018. Article: Mueller's latest indictment suggests Russia's infiltration of U.S. election systems could get worse by Lawrence Norden, Slate, July 26, 2018. Article: State election officials didn't know about Russian hacking threat until the read it in the news, emails show by Sam Biddle, The Intercept, June 20, 2018. Article: Supreme court upholds Ohio's purge of voting rolls by Adam Liptak, The New York Times, June 11, 2018. Article: What we know and don't know about election hacking by Clare Malone, FiveThirtyEight, April 10, 2018. Report: America's voting machines at risk - An update by Lawrence Norden and Wilfred U. Codrington III, Brennan Center for Justice, March 8, 2018. Article: The dark roots of AIPAC: America's Pro-Israel Lobby by Doug Rossinow, The Washington Post, March 6, 2018. Article: Wyden presses leading US voting machine manufacturer on potential hacking vulnerabilities by Olivia Beavers, The Hill, March 6, 2018. Article: They myth of the hacker-proof voting machine by Kim Zetter, The New York Times, February 21, 2018. Article: No instant profits in US electronic voting machines, Financial Times, 2018. Article: Virginia is replacing some of its electronic voting machines over security concerns by Andrew Liptak, The Verge, September 10, 2017. Report: It took DEF CON hackers minutes to pwn these US voting machines by Iain Thomson, The Register, July 29, 2017. Article: Russian hackers broke into elections company used in Miami-Dade, Broward by Tim Elfrink, Miami New Times, June 6, 2017. Report: Exclusive: Trump says Clinton policy on Syria would lead to world war three by Steve Holland, Reuters, October 25, 2016. Article: The best Congress AIPAC can buy by L. Michael Hager, Foreign Policy Journal, March 22, 2016. Article: AIPAC-linked group launches $5 million ad campaign against nuke deal by Adam Kredo, The Washington Free Beacon, July 17, 2015. Article: The non-pliticians who profit from Election Day by Megan McCarthy, Fortune, November 4, 2014. Report: Diebold indicted: Its spectre still haunts Ohio election by Bob Fitrakis, Columbus Free Press, October 31, 2013. Article: The mysterious case of Ohio's voting machines by Kim Zetter, Wired, March 26, 2008. Letter: Elections: Federal efforts to improve security and reliability of electronic voting systems are under way, but key activities need to be completed, GAO, September 2005. Article: Ohio's odd numbers by Christopher Hitchens, Vanity Fair, March 2005. Article: Diebold's political machine by Bob Fitrakis and Harvey Wasserman, Mother Jones, March 5, 2004. Resources Brennan Center for Justice: The Help America Vote Act Congress.gov: S.2261 - Secure Elections Act GovTrack: H.R. 3295 (107th): Help America Vote Act of 2002 Internet Research Agency Indictment: Mueller John Husted, Secretary of State of Ohio Report: President/Vice President Voting Report: November 2, 2004 Justice.gov: New Indictment of Mueller Source Watch: Ashcroft Group Info Sound Clip Sources Hearing: Election Security Preparedness, Senate Rules and Administration Committee, C-SPAN, June 20, 2018. Witnesses: Matthew Masterson - National Protection and Programs Directorate at the Department of Homeland Security Jim Condos - Vermont Secretary of State Jay Ashcroft - Missouri Secretary of State Steve Simon - Minnesota Secretary of State Connie Lawson - Indiana Secretary of State Shane Schoeller - Clerk for Greene County, Missouri Noah Praetz - Director of Elections for Cook County, Illinois 2:40 Senator Roy Blunt (MO): January of 2017, the Department of Homeland Security designated our country’s election infrastructure to be critical infrastructure. This designation began the formalization of information sharing and collaboration among state, local, and federal governments through the creation of a Government Coordinating Council, some of our witness this day are already sitting on that newly formed council. More recently, in the 2018 omnibus, Congress appropriated right at $380 million to the U.S. Election Assistance Commission to help states enhance their election infrastructure. As of this week, 38 states have requested $250 million of that money, and about 150 million of it has already been disbursed to the states. 6:45 Senator Amy Klobuchar (MN): So, we have a bill, Senator Lankford and I along with Senator Harris and Graham and Warner and Burr, Heinrich, and Collins. It’s a bipartisan bill called the Secure Elections Act, and we have been working to make changes to it along the way and introduce it as amendment, but it really does four things. First of all, improves information sharing between local election officials, cyber-security experts, and national-security personnel. Second, providing for development and maintenance of cyber-security best practices. We all know, I think there’s five states that don’t have backup paper ballots, and then there's something like nine more that have partial backup paper ballots. And while we’re not mandating what each state does, and we do not want each state to have the exact same election equipment—we think that would be a problem and could potentially lend itself to more break-ins—we think it’s really important that we have some floor and standards that we set that given what we know, I don’t think we’d be doing our democracy any good if we didn’t share that and we didn’t put in some floors. Third, the bill will promote better auditing our election’s use of paper backup systems, which I mentioned, and finally, it’s focused on providing election officials with much-needed resources. As you all know, we were able to get $380 million to be immediately distributed to the state, not play money, money that’s going out right now to states across the country, based on populations. We didn’t have some complicated grant process that would have slowed things down. The money went directly to state election officials as long as the state legislature authorizes it to get accepted and get to work to update their systems. 11:50 Jay Ashcroft: But before we move forward, we should briefly look back to the impetus of why we are all here today: allegations that outside actors threaten the integrity of our elections during the 2016 election cycle. While these are serious allegations, it is vitally important to understand that after two years of investigation, there is no credible—and I could strike “credible” and just put “evidence”—there is no evidence that these incidents caused a single vote or a single voter registration to be improperly altered during the 2016 election cycle. It was not our votes or our election systems that were hacked; it was the people’s perception of our elections. 30:50 Matthew Masterson: For those voters who have questions or concerns regarding the security or integrity of the process, I implore you to get involved. Become a poll worker; watch pre-election testing of the systems, or post-election audits; check your registration information before elections; engage with your state- and local-election officials; and most importantly, go vote. The best response to those who wish to undermine faith in our democracy is to participate and to vote. 1:08:00 Senator Roy Blunt (MO): Should the federal government make an audit trail, a paper audit trail, a requirement to have federal assistance? Jay Ashcroft: I don’t think so. Jim Condos: I do think so. Steve Simon: I think there is a federal interest in making sure that there's some audit process. Sen. Blunt: Well, now, what I’m asking about is, should there be a way to recreate the actual election itself? And I don’t know quite how to do that without paper, even if you had a machine that was not accessible to the web. Jay Ashcroft: I believe states are moving to do that, without federal legislation. So that’s why I don’t think that federal legislation needs to be done to that. 1:23:30 Shane Schoeller: I do want to address one area that concerns Secure Elections Act, that is on page 23, lines three, four, and five. It says, “Each election result is determined by tabulating marked ballots, hand or device.” I strongly recommend for post-election auditing purposes that a state-marked paper ballots, because I believe the opportunity for fraud in electronic ballot-casting system that does not have a paper trail’s too great. *1:32:00 Shane Schoeller: Even if you do a post audit with the machine, how would you know if something’s been compromised if you can’t at least compare the results of the paper ballot. And I think that’s the assurance it gives. Clearly, the machine, when you have an accurate election, does do a better job of counting the ballots. I’m talking about in the case where clearly fraud has occurred, then the paper ballot is going to be the evidence you need in terms of if your system inside that machine is compromised. 1:32:30 Senator Amy Klobuchar (MN): I think for a while people were talking about, well, why doesn’t everyone just vote from home, which is great when you can mail in a ballot, we know that, but vote from home just from your computer, and that would mean no paper records of anything. Could you comment about that? Noah Praetz: I think that’s 100% inappropriate for civil elections. Sen. Klobuchar: Got it. Shane Schoeller: I find it ironic because this is my first term, although I ran for this office in 2014, that was actually a common theme that I heard. Sen. Klobuchar: Right. I was hearing it, and I was—I kept thinking— Schoeller: Mm-hmm. Sen. Klobuchar: —about our state with, they’re not going to keep dwelling on it, with that high voter turnout. But, you know, that involved a paper ballot— voice off-mic: incredible integrity. Sen. Klobuchar: —and incredible integrity. But it involved people—they could vote by mail, and we’ve made that even easier, but they had actual paper ballots that they did, and then they were fed into this machine to count, with auditing. But you’re right. That’s what people were talking about. Why can’t you just do it from your home computer and have no backup, right? Schoeller: Right. And that was one of the things I actually had to disagree when that viewpoint was put forth, particularly in one city that I remember. And even after I became elected, I went to a conference of other elected officials, and there was a group of speakers, and they all were talking about this, and there was actually one speaker— Sen. Klobuchar: Like voting from Facebook. Schoeller: Correct. Sen. Klobuchar: Just kidding... Schoeller: But they actually disagreed, and I went up, and I think I was the only election official that day—this was prior to 2016—that didn’t think that it was a good idea. But I think we have evidence now from 2016 that clearly—that’s a convenience that we just can’t afford. 1:35:05 Noah Praetz: We’ve got a piece of paper that every voter looked at. Senator Amy Klobuchar: Mm-hmm. Praetz: So worst-case scenario, a Sony-type attack with full meltdown of all systems, we can recreate an election that’s trusted and true. Hearing: Election Security, Senate Judiciary Committee, C-SPAN, June 12, 2018. Witnesses: Adam Hickey - Deputy Assistant Attorney General for the National Security Division at the Department of Justice Matthew Masterson - National Protection and Programs Directorate at the Department of Homeland Security Kenneth Wainstein - Partner at Davis Polk & Wardwell, LLP Prof. Ryan Goodman - New York University School of Law Nina Jankowicz - Global Fellow at the Wilson Center 9:00 Senator Dianne Feinstein (CA): We know that Russia orchestrated a sustained and coordinated attack that interfered in our last presidential election. And we also know that there’s a serious threat of more attacks in our future elections, including this November. As the United States Intelligence Community unanimously concluded, the Russian government’s interference in our election—and I quote—“blended covert intelligence operations, such as cyber activity, with overt efforts by the Russian government agencies, state-funded media, third-party intermediaries, and paid social-media users or trolls.” Over the course of the past year and a half, we’ve come to better understand how pernicious these attacks were. Particularly unsettling is that we were so unaware. We were unaware that Russia was sowing division through mass propaganda, cyber warfare, and working with malicious actors to tip scales of the election. Thirteen Russian nationals and three organizations, including the Russian-backed Internet Research Agency, have now been indicted for their role in Russia’s vast conspiracy to defraud the United States. 39:40 Senator Mike Lee (UT): First, let’s talk a little bit about the integrity of our election infrastructure. We’ll start with you, Mr. Masterson. Were there any known breaches of our election infrastructure in the 2016 election? Matthew Masterson: Thank you, Senator. Yes, there was some publicly discussed known breaches of election infrastructure specifically involving voter-registration databases. Sen. Lee: Are there any confirmed instances of votes being changed from one candidate to another? Masterson: There are no confirmed instances of that. Sen. Lee: And were any individual voting machines hacked? Masterson: No, not that I know of. 42:55 ** Senator Mike Lee**: One approach to some of this, to the threat, the possibility of election infrastructure or voting machines being hacked from the outside is to go low-tech. Some states have gravitated toward that. For example, some states have started making moves back toward paper ballots so that they can’t be hacked. Is this something that’s helpful? Is it something that’s necessary that you think more states ought to consider? Matthew Masterson: Yeah. Senator, the auditability and having an auditable voting system, in this case, auditable paper records, is critical to the security of the systems. In those states that have moved in that direction have implemented means by which to audit the vote in order to give confidence to the public on the results of the election. In those states that have non-paper systems have indicated a desire—for instance, Pennsylvania—to more to auditable systems. And so at this point, resources are necessary to help them move that direction. Sen. Lee: By that, you mean either a paper-ballot system or a system that simultaneously creates a paper trail. Masterson: An auditable paper record. Correct, sir. 1:22:08 Senator Kamala Harris (CA): Will you talk a bit about what you have seen in terms of the risk assessments you’ve been doing around the country? I believe 14 states have been completed. Is that correct, 14? Matthew Masterson: I believe it’s 17 states have been completed— Sen. Harris: Right. Masterson: —thus far, as well as 10 localities. Sen. Harris: And what generally have you seen as being the vulnerabilities— Masterson: Sure. Sen. Harris: —in those assessments? Masterson: Thank you, Senator. Generally speaking, within the election’s infrastructure sector, we’re seeing the same typical vulnerabilities you’d see across IT systems, so managing software updates, outdated equipment or hardware, as well as general upgrades that need to take place as far as what configuration management within systems to limit the damage that could be done if something were to take place. And so— Sen. Harris: Resilience. Masterson: What’s that? Sen. Harris: Their resilience. Masterson: Yeah, their resilience. Sen. Harris: Mm-hmm. Masterson: Exactly. Thank you, Senator. And so this sector is no different in what we see in the work we’re doing with them. 2:15:00 Senator Sheldon Whitehouse (RI): But what I want to talk about in my time is the problem of shell corporations, because for all of the emphasis that the witnesses have put on policing and prosecuting foreign influence in our elections, you can neither police or prosecute what you cannot find. And at the moment, we have both a shell-corporation problem, which was emphasized by Mark Zuckerberg in his testimony when he said their political advertisement-authentication program would only go to the first shell corporation and not seek any information about who was actually behind it. I don’t think Putin is stupid enough to call it Boris and Natasha, LLC. It’s going to sound more like Americans for Puppies and Peace and Prosperity. But it’s a front group, and it’s got Putin or whomever else behind it, and until we can know that, we cannot enforce effectively, period, end of story. Similarly, when our election system has these colossal channels for dark money, anonymized funding, if you can’t find out what special interest is behind anonymous money, you can’t find out if there’s a foreign interest behind that money. Darkness is darkness is darkness, and it hides malign activity, both foreign and domestic. And I’d like to ask each of you to comment on that. We’re concerned about trolling. Obviously, that’s facilitated by shell corporations. You talked about general propaganda campaigns. Obviously, facilitated by shell corporations. Campaign finance laws, you’ve called out for a need for effective disclosure. You can’t have effective disclosure if the only thing you’re disclosing is a front corporation and you don’t know who’s really behind it. So, if I could ask each of you three on that, then that’ll be the end of my time. Kenneth Wainstein: Sure, I’ll go first, Senator Whitehouse. And thank you for kind words, and good to work with you again. Always is. Sen. Whitehouse: We were good adversaries. Wainstein: We were. Adversaries who were working for the same goal. Sen. Whitehouse: Yes. Wainstein: Look, as a prosecutor, former prosecutor, looking at this issue, of course you want to know more about the corporations than less. There are obviously First Amendment issues and other concerns out there in the election context, but absolutely, there’s no way to sort of resist your logic, which is we’ve seen the use of corporations in a variety of contexts, whether it’s money laundering or otherwise, but we’ve seen here in the election interference and disinformation context, and a lot of that— Sen. Whitehouse: In fact, they’re widely used in the criminal context for money-laundering purposes and to hide the proceeds of criminal activities, correct? Wainstein: Absolutely. Sen. Whitehouse: So to the extent that what Putin is running is essentially a criminal enterprise of himself and his oligarchs. Why would they not look to what criminal enterprises do as a model? Wainstein: Yeah, it’s meat-and-potatoes criminal conduct. Sen. Whitehouse: Yeah. Wainstein: No question. And all intended to hide the fact of the source of this malign activity. Hearing: Election Security, Senate Armed Services Subcommittee on Cybersecurity, C-SPAN, February 13, 2018. Witnesses: Robert Butler - Co-Founder and Managing Director, Cyber Strategies LLC Heather Conley - Director of the Europe Program Center for Strategic and International Studies Former Dep. Asst. Sec. of State for EU & Eurasian Affairs in GWB admin, 2001-2005 Richard Harknett - Professor of Political Science and Head of Political Science Department, University of Cincinnati Michael Sulmeyer - Director, Cyber Security Project, Belfer Center for Science and International Affairs, Harvard University 7:15 Senator Ben Nelson: First, the department has cyber forces designed and trained to thwart attacks on our country through cyberspace, and that’s why we created the Cyber Command’s National Mission Teams. A member of this subcommittee, Senator Blumenthal, Senator Shaheen, we all wrote the secretary of defense last week that they, the department, ought to be assigned to identify Russian operators responsible for the hacking, stealing information, planting misinformation, and spreading it through all the botnets and fake accounts on social media. They ought to do that. That’s—the Cyber Command knows who that is. And then, we ought to use our cyber forces to disrupt this activity. We aren’t. We should also be informing the social-media companies of Russia’s fake accounts and other activities that violate those companies’ terms of service so that they can be shut down. 18:20 Heather Conley: You asked us what role DOD could play to protect the U.S. elections, and I think, simply, DOD working with Congress has got to demand a hold of government strategy to fight against this enduring disinformation and influence operation. We don’t have a national strategy. Unfortunately, modernizing our nuclear forces will not stop a Russian influence operation. That’s where we are missing a grave threat that exists in the American people’s palm of their hand and on their computer screens. 19:05 Heather Conley: As one of the most trusted institutions in the United States, the Department of Defense must leverage that trust with the American people to mitigate Russian influence. Simply put, the Department of Defense has to model the bipartisan and fact-based action, behavior, and awareness that will help reduce societal division. This is about leadership, it’s about protecting the United States, and as far as I can see, that is in the Department of Defense job description. Hearing: Cybersecurity of Voting Machines, House Oversight Subcommittee and Government Reform Subcommittee on Intergovernmental Affairs, C-SPAN, November 29, 2017. Witnesses: Christopher Krebs - Senior Official Performing the Duties of the Under Secretary National Protection & Programs Directorate, Department of Homeland Security Tom Schedler - Secretary of State of Louisiana Edgardo Cortes - Commissioner of the Virginia Department of Elections Matthew Blaze - Associate Professor, Computer and Information Science at the University of Pennsylvania 4:24 Representative Robin Kelly (IL): In September of this year, DHS notified 21 states that hackers affiliated with the Russian government breached or attempted to breach their election infrastructure. In my home state of Illinois, the hackers illegally downloaded the personal information of 90,000 voters and attempted to change and delete data. Fortunately, they were unsuccessful. 5:05 Representative Robin Kelly (IL): Earlier this year, researchers at the DEF CON conference successfully hacked five different direct-recording electronic voting machines, or DREs, in a day. The first vulnerabilities were discovered in just 90 minutes. Even voting machines not connected to the Internet still contained physical vulnerabilities like USB ports that can be used to upload malware. Alarmingly, many DREs lack the ability to allow experts to determine that they have been hacked. Despite these flaws, DREs are still commonly used. In 2016, 42 states used them. They were more than a decade old, with some running outdate software that is no longer supported by the manufacturer. 20:30 Tom Schedler: In terms of voting-machine security, remember that with the passage of the Help America Vote Act in 2002, states were required to purchase at least one piece of accessible voting equipment for each polling place. 23:55 Edgardo Cortes: Virginia has twice has been put in the unfortunate position of having to decertify voting equipment and transition to new equipment in a condensed timeframe, based on security concerns of previously used DREs. These steps outlined in detail in my written testimony were not taken lightly. They place a financial and administrative stress on the electoral system. They were, however, essential to maintain the public’s trust and the integrity of Virginia elections. The November 2017 general election was effectively administered without any reported voting-equipment issues. Thanks to the ongoing partnership between the state, our hardworking local election officials, and our dedicated voting-equipment vendors, the transition to paper-based voting systems on a truncated time line was incredibly successful and significantly increased the security of the election. 25:45 Edgardo Cortes: To ensure the use of secure voting equipment in the future, Congress should require federal certification of all voting systems used in federal elections. This is currently a voluntary process. Federal certification should also be required for electronic poll books, which currently are not subject to any federal guidelines. 28:20 Matthew Blaze: Virtually every aspect of our election process, from voter registration to ballot creation to casting ballots and then to counting and reporting election results, is today controlled in some way by software. And unfortunately, software is notoriously difficult to secure, especially in large-scale systems such as those used in voting. And the software used in elections is really no exception to this. It’s difficult to overstate how vulnerable our voting infrastructure that’s in use in many states today is, particularly to compromise by a determined and well-funded adversary. For example, in 2007 our teams discovered exploitable vulnerabilities in virtually every voting-system component that we examined, including backend election-management software as well as particularly DRE voting terminals themselves. At this year’s DEF CON event, we saw that many of the weaknesses discovered in 2007, and known since then, not only are still present in these systems but can be exploited quickly and easily by non-specialists who lack access to proprietary information such as source code. 38:40 Matthew Blaze: The design of DRE systems makes their security dependent not just on the software in the systems but the hardware’s ability to run that software correctly and to protect against malicious software being loaded. So an unfortunate property of the design of DRE systems is that we’ve basically given them the hardest possible security task. Any flaw in a DRE machine’s software or hardware can become an avenue of attack that potentially can be exploited. And this is a very difficult thing to protect. Representative Gary Palmer: Do we need to go to, even if we have some electronic components to back it up with paper ballots because your fallback position is always to open the machine and count the ballots? Blaze: That’s right. So, precinct-counted optical-scan systems also depend on software, but they have the particular safeguard, but there is a paper artifact of the voter’s true vote that can be used to determine the true election results. DRE, paperless DRE systems don’t have that property, and so we’re completely at the mercy of the software and hardware. 47:00 Christopher Krebs: When you characterize these things as attacks, I think that is perhaps overstating what may have happened in the 21 states, as was mentioned, over the course of the summer. The majority of the activity was simple scanning. Scanning happens all the time. It’s happening right now to a number of probably your websites. Scanning is a regular activity across the web. I would not characterize that as an attack. It’s a preparatory step. 58:15 Matthew Blaze: There is no fully reliable way to audit these kinds of systems. We may get lucky and detect some forensic evidence, but ultimately the design of these systems precludes our ability to do a conclusive audit of the voter’s true intent. That’s why paperless systems really need to be phased out in favor of things like optical-scan paper ballots that are counted at the precinct but backed by an artifact of the voter’s true intent. 1:02:42 Tom Schedler: The system that we’re looking at, we’re not out for bid yet, would be one that would produce, even though you would vote on an electronic machine, it would produce an actual paper ballot that you could hold in your hand—Representative Paul Mitchell (MI): My concern with that— Schedler: —and then cast ballot only with that point when you put it into a secure box. Rep. Mitchell: My concern with that, and Dr. Blaze makes the point, is that if you produce a paper result after you put something into the machine, if in fact the machine is tampered with, you could in fact end up with just confirming the tampered information. Schedler: Yes, sir. Speech: Hillary Clinton on National Security and the Islamic State, Council on Foreign Relations, November 19, 2015. 12:35 Hillary Clinton: So we need to move simultaneously toward a political solution to the civil war that paves the way for a new government with new leadership and to encourage more Syrians to take on ISIS as well. To support them, we should immediately deploy the special operations force President Obama has already authorized and be prepared to deploy more as more Syrians get into the fight, and we should retool and ramp up our efforts to support and equip viable Syrian opposition units. Our increased support should go hand in hand with increased support from our Arab and European partners, including Special Forces who can contribute to the fight on the ground. We should also work with the coalition and the neighbors to impose no-fly zones that will stop Assad from slaughtering civilians and the opposition from the air.   Hearing: Electronic Voting Machines, House Administration Committee, C-SPAN, September 28, 2006. Witnesses: Edward Felton - Computer Science Professor at Princeton University Keith Cunningham - Board of Elections Director of Allen County, Ohio Barbara Simons - Association for Computer Machinery, Public Policy Committee Co-Chair 19:54 Edward Felten: Two weeks ago my colleagues, Ari Feldman and Alex Halderman, and I released a detailed security analysis of this machine, the Diebold AccuVote-TS, which is used in Maryland, Georgia, and elsewhere. My written testimony summarizes the findings of our study. One main finding is that the machines are susceptible to computer viruses that spread from machine to machine and silently transfer votes from one candidate to another. Such a virus requires moderate computer-programming skills to construct. Launching it requires access to a single voting machine for as little as one minute. 1:45:23 Keith Cunningham: Can they be improved? Absolutely, and I think throughout my comments I was very definite to say that these machines, as they currently sit, are not reliable. My question back to you, though, in that regard is, who’s going to pay to fix it, because one of the problems we have right now is in the last 24 months every election jurisdiction in this country has spent the $3 billion we spoke about earlier on new election equipment, and that’s what’s in place. So without somebody stepping forward to fund that enterprise, I don’t know how we’re going to improve them ourselves. 1:51:00 Barbara Simons: I wanted to remind the panelists of what happened in Carteret County, North Carolina, in, I believe it was, ’04, where paperless DREs were used and over 4,000 votes were lost. I mean, there's this concern about being able to reprint paper ballots or paper VVPATs. When you lose votes in a DRE, which has no paper, there is nothing you can do, and in fact, there was an election for—the statewide election—for agricultural commissioner, where the separation between the two candidates was such that the results could have been reversed by those missing votes. And it went to court, it went to two different courts, where they first tried to hold a recount just for the county itself. That was thrown out. Then it went for a statewide recount, and that was thrown out because we had no laws to deal with what happens when DREs fail. And finally, there were a number of people who submitted subpoenas or petitions say they had voted for one of the candidates, and based on those submissions, it looked like the judge was going to declare that candidate the winner, and so that was how the election was decided. This is not a way to hold elections in this country. Community Suggestions See more Community Suggestions HERE. Cover Art Design by Only Child Imaginations Music Presented in This Episode Intro & Exit: Tired of Being Lied To by David Ippolito (found on Music Alley by mevio)  

July 25, 2018 | Chris Krebs, DHS Undersecretary for National Protection and Programs Directorate joins the show to talk with Todt and Cressey about his cybersecurity priorities, next week's DHS National Cybersecurity Summit, and the renewed focus on risk management.    

The Washington Post’s Derek Hawkins sits down with the undersecretary of National Protection and Programs Directorate at the U.S. Department of Homeland Security, Christopher C. Krebs, to analyze the government’s cybersecurity priorities.

America's History of Recalcitrance De jure discrimination Racism online is evolving in a way that is consistent with the way racism has always evolved--from explicit to subtle. Plaintiff-side civil rights lawyers have found it easiest to win -- if civil rights cases can ever said to be "easy"--  in cases in which they can convincingly demonstrate defendants' explicit discriminatory policies. The Civil Rights Act of 1964, the United States Supreme Court's 1954 decision in Brown v. Board of Education, and their subsequent cases and amendments comprise the bulk of American civil rights law.  The Civil Rights Act prohibits discrimination on the basis of race, color, religion, sex or national origin. Brown held segregation in public schools to be unconstitutional. In interpreting a statute, judges will consider Congressional intent, which includes the circumstances under which Congress enacted the law. Congress enacted the Civil Rights Act  in an era of widespread de jure segregation in the South. Every 6th grader knows that, prior to Brown, state and local authorities in the South required "colored" and "white" students to attend segregated schools. Black students usually attended inferior schools with old books and in dilapidated buildings.  Southern authorities also required colored and white citizens to use separate facilities such as water fountains, restrooms, waiting rooms, and buses. They also enabled most private establishments, such as restaurants and hotels, to segregate as they pleased. Following  Brown, Southern racists remained undeterred. For example, on June 11, 1963, fully 9 years after Brown, Alabama Governor George Wallace famously "stood in the schoolhouse door" to prevent Vivian Malone and James Hood from entering and registering for classes at the University of Alabama. President Kennedy deployed the National Guard to remove Wallace, which they did. Virginia's response to Brown is also illustrative of the Southern response to it. Virginia Senator Harry F. Byrd, Sr. and his brother-in-law, Virginia General Assembly leader James M. Thomson, together pursued a  "Massive Resistance" strategy to oppose desegregation. Under Massive Resistance, the Virginia Assembly passed laws to prevent and punish local school districts for integrating in accordance with Brown. Further, Virginia authorities continued to enforce Massive Resistance initiatives well into the 1960s, even after federal and state courts ordered them to end their recalcitrance. The Civil Rights Act finally codified the nation's civil rights policy. Given the context in which the Civil Rights Act was enacted, courts are most likely to strike down laws and policies that contain explicit "suspect" classifications; namely, those that refer to race, color, religion, sex or national origin. Indeed, courts subject such de jure discrimination statutes and policies to the Constitutional "strict scrutiny" standard--the highest standard of judicial review. Paradoxically, laws designed to help traditionally marginalized groups, and which mention those groups explicitly, are also subject to strict scrutiny and thus likely to be struck down. (The intricacies of the strict scrutiny standard go well beyond the scope of this post. However, if you are interested in learning more about strict scrutiny and the other levels of scrutiny courts are likely to apply in interpreting the Constitution's Equal Protection Clause, click here.) De facto discrimination After many years of resisting civil rights laws, racists in the North and South had an a-ha moment. If they could figure out a way to maintain their supremacy using things that looked like something else, but achieved the same ends, they were golden! And so de facto discrimination--laws and policies that are not discriminatory on their face, i.e. they are facially neutral, but have discriminatory effects, have been the order of the day ever since. Stop-and-frisk? Check. Insanely long prison sentences for minor offenses? Check. School segregation based on merit? Check. Proposed cuts to Medicaid? Check.  Voter re-districting? You get the point. Welcome to the age of stealth racism. "I thought this post was about racism online." It is. The same racist ideologies that prevailed in 1964 prevail today. Since 1964, opponents of the Civil Rights Movement, many of whom are still alive today, and their descendants and allies, have persisted in their efforts to preserve their supremacy. They have taken racism online. This is the story of some of the measures the tech sector has taken, such as Google's Conversation AI, to curtail racism online and how defiant hate speakers have evaded those measures by creating their own code language. Hate speech is indeed protected speech and that's the problem. Researchers at the Rochester Institute of Technology peeled back the top layer of the internet and found hate speech teeming underneath. My guest today is Rijul Magu (@RijulMagu). Rijul co-authored, along with Shitij Joshi and Jiebo Luo at the Rochester Institute of Technology, a report entitled "Detecting the Hate Code on Social Media". He's the lead author. Rijul is currently a Masters Student at RIT and he earned his undergraduate degree at Jaypee Institute of Information Technology in Noida, India.   Resources University of Rochester School of Engineering and Applied Sciences Department of Computer Science (homepage of Graduate Studies Faculty Advisor Jiebo Luo) Detecting the Hate Code on Social Media by Rijul Magu, Kshitij Joshi, and Jiebo Luo Zero to One: Notes on Startups, or How to Build the Future by Peter Thiel News Roundup The New York State Commission on Forensic Science has adopted a new controversial policy regarding the use of suspects' DNA evidence.  The Commission voted 9-2 to allow police to collect not just suspects' own DNA evidence, but also the DNA evidence of close relatives. While the measure has the support of prosecutors, opponents of the bill pointed out procedural flaws with some describing the new policy as a kind of genetic stop and frisk. Nathan Dempsey has the story at Gothamist. A Department of Homeland Security official --Jeanette Manfra, acting deputy undersecretary of cybersecurity and communications for the agency's National Protection and Programs Directorate --  told members of the Senate Intelligence Committee last week that Russia targeted election systems in 21 states during last year's presidential election. Ranking Member Mark Warner wrote Homeland Security Secretary John Kelly to make public the names of the states that were targeted. However, Secretary Kelly has thus far not released that information claiming that to do so would harm national security. Edward Graham covers this in Morning Consult. Uber CEO Travis Kalanick has resigned following the fallout from former Attorney General Eric Holder's report on the company's frat boy culture. However, several employees have attempted to have Kalanick reinstated. Rebecca Savransky has the story in the Hill. The Congressional Black Caucus wrote a letter Monday to Uber leadership urging them to improve racial and ethnic diversity in hiring and promotions at the company. A new Politico and Morning Consult report shows 60% of Americans either strongly or somewhat support the FCC's current net neutrality rules the new Trump-era FCC under Ajit Pai appears to be in the process of overturning. Two-thousand and fifty one registered voters were surveyed. The FCC has recommended a $122 million fine on a suspected robocaller--the highest-ever FCC fine. Officials suspect the alleged robocaller, Adrian Abromovich, a Florida man, made some 100 million robocalls over three months. Harper Neidig has the story in The Hill. The FCC also unanimously passed a rule change last week that will allow law enforcement to bypass blocker called IDs belonging to callers making imminent threats. Harper Neidig has this one in The Hill as well. We may soon be able to access Internet via an internet connection made from space. Doing so would significantly speed up upload and download speeds. The FCC approved a plan of Greg Wyler who plans to link up 720 satellites to deliver high speed broadband from space as soon as 2019. Brian Fung has the full story in the Washington Post. President Trump met with tech executives, including drone developers last week. The president said he'd work to give tech companies the "competitive advantage they need" and "create lots of jobs". David Shepardson covers the story in Reuters. In a unanimous 8-0 decision, the Supreme Court ruled last week that a North Carolina law that prevents registered sex offenders from going on Facebook is unconstitutional under the First Amendment. Lydia Wheeler covers this in the Hill. FCC Chaiman Ajit Pai testified at a Senate Appropriations Committee hearing last week about the agency's budget. Pai recommended a budget cut of over 5.2% since last year, or $322 million, which Chairman Pai conceded would come from the elimination of over 100 Commission jobs.

This week The Cipher Brief's Executive Editor Fionnuala Sweeney sits down with Suzanne Spaulding, Under-Secretary for the National Protection and Programs Directorate at the Department of Homeland Security. Fionnuala talks to Suzanne about the development and execution of cyber security policies in the federal government. 

Suzanne Spaulding, Under Secretary for the National Protection and Programs Directorate at the Department of Homeland Security, joins Lawfare's Benjamin Wittes for interview on cybersecurity and the role of DHS is cyberdefense in front of a live a audience.

In a bonus 106th episode of the Steptoe Cyberlaw Podcast, Stewart Baker and Alan Cohn interview Phil Reitinger, former DHS Deputy Undersecretary for Cybersecurity and Sony Corporation CISO and current Director of the new Global Cyber Alliance. They discuss the impact on DHS’s National Protection and Programs Directorate from President Obama’s recent creation of a Federal Chief Information Security Officer in the Executive Office of the President and the launch of the Global Cyber Alliance. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.