Tuesday, September 18. 6pm. Juju’s Bar and Stage, Truman Brewery, Brick Lane.
Ten years after the collapse of Lehman Brothers sparked global financial turmoil and 17 since 9/11, PS21 looks where the next major crisis threatening humanity might come from. Bringing together experts in finance, security, cyberspace, public health and more, we’ll be looking at what we should be worrying about and how it might be managed. After the long summer, a great chance to network, question the experts and talk about what the rest of the year – and century – might have iin store.
Peter Apps [Moderator] – Reuters Global Affairs Columnist
Heather Williams – Lecturer in Defence Studies, Kings College London
Mike Dolan – Investment Editor, Thomson Reuters
Angela Chatzidimitriou – Global Blockchain Stakeholder Engagement Manager, Hewlett-Packard
John Bassett – Former senior official, GCHQ and member of the PS21 International Advisory Group
Dr Colin Brown – Consultant in Infectious Diseases, Public Health England
Doors will open at six p.m., with the discussion beginning at seven p.m. After brief presentations from each speaker, we will break for interval followed by a Q and A/panel discussion. The bar will remain open throughout.
Over the past two years, a wave of disinformation campaigns has upended democratic electoral systems across the globe, prompting both governments and electorates to demand action to counter the growing prevalence of fake news. So far, several governments have begun enacting laws to address the issue, from Malaysia’s anti-fake news bill passed in April to French President Emmanuel Macron’s advocacy for legislation criminalizing falsified content.
While these clampdowns are highly visible, these responses to a growing and diffused threat from falsified content essentially amount to knee-jerk attempts to declare the practices criminal. Along with the potential to severely restrict free speech through claims of fake news, these laws do not address the underlying factors that enable fake news campaigns to be successful in the first place, such as poor digital and information literacy among the general public.
Likewise, criminal legislation alone will not equip governments or the public against the next wave of disinformation threats derived from emerging technologies, such as “deepfakes.” In order to effectively respond or even counter this threat, more attention must be directed to the intersection between disinformation and emerging technologies, such as artificial intelligence and machine learning.
Deepfakes are digitally manipulated videos, images, and sound files that can be used to appropriate someone’s identity—including their voice, face, and body—to make it seem as if they did something they did not. So far, deepfakes have largely consisted of manipulating images into celebrity sex tapes, but as professors Danielle Citron and Robert Chesney warn, the leap from fake celebrity porn videos to other forms of falsified content is smaller than we think.
Until recently, such realistic, computer-generated content was only available to major Hollywood producers or well-funded researchers. However, rapid advancements in technology have resulted in applicationsthat now allow nearly anyone, regardless of their technical background, to produce high-quality deepfakes that can range from the innocuous—such as depicting a friend in an embarrassing situation—to the incendiary—such as a world leader threatening war. The proliferation of seemingly authentic, but actually manipulated, content at a time when it is already difficult to determine content authenticity is highly concerning.
As the prevalence of disinformation in society has become clearer, governments and non-profits have started to fund research on the impact of fake news on societies and political systems. But this only addresses part of the problem, leaving out key emerging technologies, such as artificial intelligence and machine learning that are already fueling the next disinformation wave. For example, in late March, the Hewlett Foundation announced $10 million for research on digital disinformation and its influence on American democracy, but with no specific calls for research on deepfakes or other emerging technologies. Given the potentially devastating threat deepfakes could pose, this is a missed opportunity to get ahead of the problem and improve our understanding about deepfakes and their potential for harm. Similar initiatives in the European Union heavily emphasize understanding and combating the current brand of fake news, rather than preparing for these more advanced disinformation threats.
These research and development efforts should also go hand-in-hand with strong, public digital information literacy programs on how to identify distorted media and falsified content, including from emerging technologies. In 2017, California lawmakers introduced two billsrequiring teachers and education boards to create curricula and frameworks focused on media literacy. However, to have the most impact governments must also engage non-profit and private sector expertise to help the public better understand the technical issues at play, thereby improving their ability to identify real content from fake content.
In its coverage of the rise of deepfakes across the internet, the tech media site Motherboard stated that we are “truly fucked,” predicting that it won’t be long before the public becomes embroiled in chaos over these emerging forms of disinformation. But we don’t have to feed the fear. Rather than pass hasty and ineffective legislation, governments can work with nonprofits and the private sector to direct resources to relevant research on emerging technologies. Equally important will be more support for programs that educate the public on identifying disinformation threats based on both old and new technologies.
Deepfakes are at the cutting edge of the disinformation landscape right now, but who knows for how long? If governments and non-profits act strategically, they could even find themselves ahead of the game.
By Spandana Singh, YPFP Cybersecurity & Technology Fellow
In recent years, Europe has seen a stark increase in so-called homegrown terrorist attacks attributed to or claimed by the so-called Islamic State (IS). From Nice to Berlin and London, individuals, who had little or no formal connection to ‘official’ terrorist groups and seemingly radicalized at least partially online, perpetrated attacks in the name of jihad. While academia and politics still debate definitional issues around the concept of radicalization and whether or not radicalization can take place purely in the virtual sphere, a continuous discussion around these issues and their implications are necessary to better understand the present threat. One of the questions arising from increased online presence and possible online-radicalization is what role hierarchical terrorist organizations play today. In a time of ‘virtual jihad’, where everyone can access everything online, how important are formal organizations for understanding the threat of homegrown jihadist terrorism?
There are two general approaches to studying radicalization: top-down and bottom-up. The so-called Hoffman-Sageman debate between historian Bruce Hoffman and psychologist Marc Sageman mirrors the dichotomy between the two approaches. Hoffman postulates that radicalization and recruitment are driven by designated ‘staff’ within terrorist organizations and that hierarchical organizations are the main driving force between terroristic violence. To him, radicalization is a top-down mechanism with a strong role played by formally organized groups actively recruiting new members. Sageman, on the other hand, sees bottom-up processes between individual members as the main driver for radicalization. His ‘bunch of guys’ theory states that small groups of friends radicalize together by social-psychological processes of mutual reinforcement and without any connection to a formal organization or movement. Only after they radicalize do these small groups seek a link to a larger group, which makes radicalization a bottom-up process. This dispute originated in disagreement about radicalization of Al-Qaida members in the early 2000s, but can help frame today’s debate about the role terrorist organizations play for online-radicalization.
Sageman – passive organizations, active peers
The internet facilitates bottom-up radicalization processes by creating Sageman’s ‘bunch of guys’ in the virtual sphere. Increased connectivity enables interactivity on a truly global scale and within real-time. It is not necessary anymore to wait for weekly meetings or phone calls, it is possible to communicate with fellow supporters of jihadist ideology at any time. Interactivity can, over time, help to form bonds between the users and help facilitate the development of a community spirit. The peer group Sageman observed offline can also form online.
In addition, one of the properties of social media – the echo chamber or filter bubble– can aid the normalization of propaganda and violence within a given online community. Similar to sound being reflected in a cave, social media platforms show users only what they and their network ‘liked’ or ‘followed’ without outside content ever penetrating these ideological bubbles. A sense of commonality is fostered and the legitimacy of claims is increased, because seemingly everybody displays the same views. The normalization of violence as legitimate is the outcome of continued exposure and the validation by the virtual peer group for this type of behavior and world view.
Hoffman – active organizations
Online-radicalization, however, does not work without the appropriate content peers can disseminate into the echo chamber and discuss. Although some users create their own content, IS and other organizations engage in professional content creation and produce a highly sophisticated propaganda output, which is then shared and commented on by users. It is no misdemeanor to speak of an Islamic State media branch with professional staff and deep knowledge about the psychological stimulation of potential new recruits. Charlie Winter, for example, has identified six key themes IS continuously uses throughout its propaganda efforts: brutality, mercy, victimhood, war, belonging and utopianism. These are used deliberately and continuously throughout the IS propaganda output ensuring consistency of the message communicated to followers. The themes are aimed at arousing emotions, increasing empathy with fellow Muslims and function as a call for action as much as a holistic narrative of the conflict. Currently IS propaganda output has diminished greatly and almost exclusively focuses on the war theme, but IS has shown its sophisticated narrative development in previous years.
In addition, organizations utilize preachers and recruiters to actively facilitate a top-down radicalization development. Preachers function as accessible authority figures, who break-down the propaganda into more digestible pieces and contextualize the often short propaganda messages in longer video explanations. As social media also provides the opportunity for direct contact, recruits feel personally connected and involved with the preachers they watch and therefore with the content they distribute. Recruiters are actively involved in spotting potential recruits, contacting them and leading them through their radicalization. This has become easier and more secure in the age of social media, which provides not only the possibility to form strong personal communicational bonds with someone at the other end of the globe, but also to remain relatively anonymous in doing so, which decreases the risk of detection.
The role of terrorist organizations has changed, but not diminished in the age of social media. Radicalization and recruitment increasingly take place within the virtual sphere through social media applications and are aided by the echo chamber property of the internet. Peer groups form online, transcending previous restraints of time and space and making a global ‘bunch of guys’ possible. However, formal organizations are not simply passive onlookers uninvolved in the peer group dynamics, but actively seek to facilitate radicalization. Propaganda material is produced in a highly professional manner only formalized structures can provide and designated staff such as preachers and recruiters actively identify and engage with new recruits. Radicalization in times of virtual jihad is driven by both bottom-up group processes and top-down mechanisms of active engagement by the organization itself.
The future of warfare may be coming faster than we think.
That, at least, felt like the conclusion of Tuesday’s panel on “Imagining War in 2030”, organized by the Project for the Study of the 21st Century and the British Army Intrapreneurs’ Network [BrAIN]. With dozens of military and civilian attendees packed into a relatively airless conference room in Whitehall, a panel of leading experts sketched out what looks to be a period of massive technical, geopolitical and deeply unpredictable change.
Royal United Services Institute Futures and Technology fellow Elizabeth Quintana sketched out some of the technical breakthroughs coming down the line as nations invest in new cyber, electromagnetic and growing technologies as well as hypersonic and other weaponry. Russia, she told the audience, already had a semi-autonomous humanoid robot that could fire a gun and which they intend to send to space.
Former Director Special Forces and Commander Field Army Lieutenant General Sir Graeme Lamb outlined how the pace of change was now proceeding much faster than anyone had anticipated. The year 2030 might be only 13 years away, but breakthroughs in quantum computing, artificial intelligence and other fields were all producing breakthroughs at considerable speed. They would produce potentially massive societal and other changes, and government and military institutions were not currently keeping pace.
Kings College London lecturer and former Foreign and Commonwealth Office official Samir Purioutlined how he had seen some of these changes in action as an OSCE observer in Ukraine. Different nations would demonstrate their geopolitical ambitions in different ways in the years to come, he suggested, pointing out that while a host of states including Britain, Iran, Russia and others have their own imperial memories, they were of very different empires and shaped very different regional and global aspirations.
But not everything would change, he cautioned – it was entirely possible the US and its allies would still be embroiled in the Afghanistan war at the end of the next decade.
Balancing technology, structures, career paths
Unsurprisingly, there were a range of different views on how the military and other institutions should and could adapt to such an unpredictable future. Some questioned to what extent traditional military “pyramid” shaped hierarchies could possibly adapt [although Lieutenant General Lamb argued that while flatter hierarchies have their strengths, outright conflict required much greater resilience than they could offer].
While traditional Western militaries concentrated on traditional war fighting [phase 1 operations and upwards, in UK military terminology], many of the West’s adversaries were becoming much more adept at operating below that threshold, within “phase zero” operations. That trend was only likely to intensify in the years to come, he argued.
Most attendees felt that keeping pace with current changes in cyber and other domains was proving challenging enough, but relatively near-future breakthroughs in artificial intelligence and machine learning was felt set to provide even greater changes. While current drone warfare has actually proved very “human intensive” given the number of intelligence and other individuals involved in targeting and assessment, there will be inevitable moves towards artificial intelligence performing some if not many of those tasks. Where lines are drawn – particularly on the decisions to take human life – will be highly contested, and non-Western potential foes may be much more willing than ourselves to take such steps. [”The Russians tend to trust machines more than they trust people,” said Elizabeth Quintana, pointing to a trend she traced back to Soviet times].
Integration and flexibility would be key to handling these new trends. Lamb said he expected a special forces team of the near future would also be integrated with robotic/artificial intelligence capabilities – although what exactly that would look like was another matter.
Some attendees questioned whether the modern British Military was truly flexible enough to keep track of such new trends – although there was clearly plenty of enthusiasm for doing so.
Building the systems and processes for that would be key. As US military historian Thomas Ricks [himself paraphrasing US General Omar Bradley] once said, while might talks tactics, professionals talk logistics, real insiders focus on career structures to determine what really gets done.
Taking the debate forward
This event was the first of several planned by PS21 to explore the world of 2030 [you can read a range of pieces exploring that world on the PS21 website here]. We will also be holding further events with BrAIN later this year and into 2018.
Peter Apps is Reuters global affairs columnist and executive Director of the Project for Study of the 21st Century. He is also a reservist in the British Army and member of the UK Labour Party. You can follow him on Twitter here
What explains the rise of virtual, ideological terrorist networks in the West?
By Linda Schlegel. Linda is currently pursuing an MA in Terrorism, Security, and Society at King’s College London.
With the rise of the so-called Islamic State new questions for terrorism research emerged. Especially the social media use of the organization has both fascinated and worried practitioners and academics alike. One of the most worrying features of the new, virtual display of Salafi-jihadist ideology is the increasing number of people from all over the world, who seek to join this movement. We as societies need to ask ourselves what may drive young people towards this type of ideology. One of the possible underlying mechanisms for increased online radicalization from a sociological point of view is explored in the following by showing that today’s youth may be easier influenced in an online setting than older generations were.
Habitus in the age of modern communication technology
Pierre Bourdieu showed that humans are socialized in a certain milieu defined by our standing in society and thereby develop a shared set of behaviours with those socialized in similar circumstances. This shared set of practices of social interaction is called habitus. Those sharing a habitus understand each other more intuitively due to their similarities in social dispositions, while those socialized in very different circumstances, who therefore developed a different habitus, do not. For Bourdieu, the habitus is based on class, but globalization eroded traditional social milieus. Modern communication technology (MCT) is available to a majority living in the West crumbling traditional limits of access due to class. It can be argued that almost equal access to the MCTs in the West resulted in a similitude of habitus by those, who grew up using them. Social media makes socialization processes similar in one specific aspect, the online realm, creating shared dispositions and therefore the ability to intuitively interact in the virtual world. Following Prensky, individuals socialized using MCT are called ‘digital natives’.
What does this mean for the rise of virtual, ideological networks in the West? A habitus creates a shared basis for interaction and similar behaviour. This, in turn, leads to more trust in those, who display similar social dispositions and therefore makes it easier to construct one’s identity on the basis of a group sharing the same habitus. The same is true for the online realm, which partially explains the rise of terrorist networks as digital natives are likely to consume and perceive online propaganda differently, display more trust towards it and more easily commit to an ideology they are exposed to online. Terrorists networks expanded in the West partially, because digital natives are more likely to be able to form emotional bonds online and construct their identity accordingly.
There are three interrelated factors that contribute to a bottom-up rise of extremist networks in the case of digital natives: Familiarity, trust and cognitive belonging.
Firstly, digital natives find, access and navigate online environments more easily than older generations. The digital world constitutes a familiar environment for potential recruits and they navigate it intuitively. Importantly, they also find familiarity in the interactions with other digital natives, who share their habitus, and are therefore likely to communicate in a similar manner; something that develops naturally from a shared habitus and cannot be learned.
Secondly, while mature users tend to be cautious and aware of virtual dangers, younger generations associate online interaction with positive feelings and display a lot of trust in their virtual peers. This combination of trust and positive feelings associated with online contact constitutes a ‘cognitive opening’ for digital natives, making them more susceptible to ideas propagated by their peers. This condition is exacerbated by the tendency of online communities to create ‘echo chambers’: Once within an extreme environment, counter-messages are unlikely to reach the potential recruit. Similar to Facebook, which shows its users only what they ‘liked’, jihadi echo chambers display only messages in alignment with their ideology. Trust in the messenger, a fellow digital native, leads to more trust in the message, which is also increased by the virtual ‘echo chamber’.
Trust is a necessary pre-condition for the third factor: cognitive belonging. Digital natives display intuitive knowledge of online interactions due to their partially similar socialization; their habitus. Some potential recruits become involved in terrorist movements, because they seek a feeling of belonging or identity, which is easier constructed in a group containing individuals similar to oneself. Despite its global reach, the shared habitus enables identity construction rested on a perception of a virtual ‘imagined community’ of similarly socialized individuals. This identity construction is achieved both through passive and active engagement with the ideology. On the one hand, when ideology is conveyed in familiar terms, it is easier to relate to. This is achieved, for instance, by utilizing Western foreign fighters to share their stories. This familiarity in messaging, only possible through similar socialization, is a tremendous advantage for recruitment. Messaging matters not only in terms of content, but also in terms of delivery. On the other hand, digital natives are used to highly interactive environments. If a group provides this room for expression, it creates an environment of constant negotiation and re-negotiation of ideology and identity. Today’s radical online communities are not only passive receivers of propaganda, they are active negotiators of the ideology.
Not every digital native is more susceptible to radical ideologies. In an online setting, however, they are more likely to perceive an online community as important and real, and, if the community is radical, are more likely to adhere to radical ideas through online interaction. One possible implication of this is that the constructors and conveyors of counter-narratives should be digital natives as well. An excellent counter-narrative will not lead to desired results if it is not received by the intended audiences in alignment with their expectations on online interaction. It is likely that the same messages have very different results depending on which generation verbalizes them. An educational effort by digital natives for their peers with content constructed by them is likely to increase the legitimacy of the counter-message due to increased trust and familiarity. It could therefore facilitate the effectiveness of counter-radicalization. Social media changes our lives and it changes the faces and mechanisms of terrorism. We need to be aware of these developments in order to counter them directly and effectively.
PS21 is a non-national, non-governmental, non-ideological organisation. All views expressed are the author’s own.
Monday 10th October 2016. Drinks from six p.m., discussion from 630 p.m. Neo Bankside, SE1
From the shanty towns of Lagos to the rise of Brexit and Trump, crowdsourcing to video on demand, changing technology is revolutionising society and politics round the world. How are modern political and media networks evolving? What does that mean for changing prower structures? How does it differ between the developing and the developed world? Where will it all go next? PS21 pulls together an expert panel to examine the changes seen so far and asks where these trends will take us next.
Peter Apps (moderator) – Reuters Global Affairs Columnist and PS21 Executive Director
Emmanuel Akinwotu – Journalist based in Lagos, Nigeria, writing for Guardian and New Stateman
John Elledge – Editor, Citymetric, member of the PS21 governing board
Eleanor HarrisonOBE – CEO of award winning charity GlobalGiving UK; the world’s first and largest global crowdfunding comm unity for non-profits, GlobalGiving.co.uk
Aaron Bastani – Left-wing blogger and founder of Novara Media
Portion of a Qing scroll on battling 19th Century piracy in the South China Sea (Wikipedia)
Berivan Dilan is a recent graduate from Maastricht University in International Relations, and is starting an MSc in International Political Economy at LSE.
On 12th July 2016, the International Tribunal for the Law of the Sea at The Hague ruled that Chinese claims to territorial rights in the South China Sea have no legal basis, after a case was brought to the Permanent Court of Arbitration in 2013 by the Philippines. The tension in the South China Sea is at a fever pitch, with China vowing that it “will take all necessary measures to protect its territorial sovereignty and maritime rights and interests,”[i] countered by the U.S. sending an aircraft carrier and fighter jets to the region. This ruling certainly does not mark the end of the South China Sea dispute. In fact, this ruling might just have opened up Pandora’s Box.
The South China Sea has been home to territorial disputes for many decades. The disputes involve claims among several states that all have an interest in the fishing areas, potential natural resources and strategic control of one of the busiest shipping routes in the world. China asserts that its historical claim to these prized waters predate the United Nations Law of the Sea (UNCLOS) however Malaysia, the Philippines, Indonesia and Brunei beg to differ and believe the international law regulating the delimitation must be adhered to.
Why does China claim this area?
Money, money, money goes to explain much of China’s so-called “win win” approach to its contemporary foreign policy decisions. The area in question without doubt offers huge economic benefits to the PRC: from the potential for unique access to the immense fishing area, strategic control of one of the busiest shipping routes in the world, and increased access to exploiting potential natural resources (i.e. oil) are to name a few examples. Geopolitically, its security would have been strengthened had the Court chosen to favour China in this dispute, given the current dominance of U.S. backed naval resources in the region. It would be naïve not to recognize the material realities of the dispute. However, in addition to the economic and geopolitical dimensions, there is a third dimension which is often neglected by the popular accounts of the dispute, namely the historical dimension. China is not only claiming the South China Sea because it has vested interests in the region, but also because China views the area claimed within the nine-dashed line as historically theirs. In order to understand Chinese foreign policy fully, particularly as it re-emerges as a superpower, it is necessary to understand the ancient Chinese conception of world order.
In order to understand the way the PRC is currently acting, first one needs to look at the concept of Tianxia, which can be broken down into three parts: the world (in a geographical sense), the will of the people, and the world institution[ii]. What is important to note is that Tianxia does not refer to a nation state as we interpret it, but to a world or society: “traditional China did not see itself as a nation-state or even as an empire with separate subject peoples, but rather as the centre of civilisation.” [iii] This led to the ancient Chinese idea of Sinocentrism, the idea that China is the undisputed centre of civilisation. In the Sinocentric world order China has a hegemonic position. In the past when China aimed to create a Sinocentric world order, it did so by socialising foreign rulers into accepting China’s centrality and superiority. In fact, in some periods, the Chinese rulers were able to accomplish this with some Western visitors as well as in the system of tributary and vassal states.
As China re-emerges as a superpower, it seems clear that this Sinocentric viewpoint is being taken on-board once more by its leaders. Gone are the days of Xiaoping’s “bide one’s time” philosophy, the nation is now taking a lead with assertive foreign policy choices, such as refusing the tribunal’s ruling in the South China Sea dispute, despite being a UNSC power. China will not easily give up its territorial claims in the South China Sea. The first Chinese interaction with Western international law in the 19th century was not easy. China experienced it as traumatic, leaving memories of humiliation, domination and oppression. The unequal treaties signed in this time period, such as the Treaty of Nanking, encroached upon China’s sovereignty and territorial integrity and exemplified how foreign imperialism managed to reduce the Middle Kingdom to a society with semi-colonial status. The Chinese saw international law as one of the tools used by the west to restrain ‘wild foreign consuls’[iv]. Although today international law is part of China’s advancement strategy to catch up with the developed countries, “early Chinese experience with international law still remains a key to the understanding of the present Chinese attitude towards international law”[v]. The Chinese claim to the South China Sea is based on unverifiable historical claims and while this does not hold much power in international law, the Chinese government will not back down any time soon.
What happens next?
The tribunal has no powers to enforce its ruling. China has rejected the ruling and maintained its presence in the South China Sea claiming that it has the right to set up an air defence zone. The U.S. has framed the outcome of the case as a test of China’s respect of international law. China’s rejection could lead to reputational damage, as well as alienating its neighbours if it maintains the current course of action and language. However, it is playing well to its citizens at home who are increasingly seeking a more active role for China in international relations. Whether the tensions in the South China Sea will escalate to a military encounter between China and the U.S., is unclear. However, this ruling has created more uncertainty and unease for both sides. In any case, it is clear that the situation in the South China Sea goes much deeper than merely economic and geopolitical power. To understand contemporary foreign policy decisions made by the PRC, one must look further than simply realpolitik. It seems that China’s assertiveness is a reassertion of an age old worldview which has influenced Chinese governance and self-understanding for over two millennia.
Project for Study of the 21st Century is a non-national, nongovernmental, nonpartisan organization. All views expressed are the author’s own. Interested in contributing? Email us at E-mail us at PS21Central@gmail.com.
[ii] Zhao, T. (2006). Rethinking Empire from a Chinese Concept ‘All-under-Heaven’ (Tian-xia,). Social Identities, 12(1), 29-41.
[iii] Nathan, A. J., & Scobell, A. (2015). What Drives Chinese Foreign policy. In China’s search for security (pp. 1-37). Columbia University Press.
[iv] Zhaojie, L. (2001). Legacy of modern Chinese history: its relevance to the Chinese perspective of the contemporary international legal order. Singapore Journal of International & Comparative Law, 5, 314-326.
[v] Zhaojie, L. (2001). Legacy of modern Chinese history: its relevance to the Chinese perspective of the contemporary international legal order. Singapore Journal of International & Comparative Law, 319.
Tom Allen is Head of Technology and Data Protection Indemnity at Aspen
No Longer Niche
There has been significant growth in market demand for data protection coverage, driven in no small part by the recent surge in sobering news about the aggressively evolving risks that companies face. For a number of years this was a rather specialist, ‘niche’ marketplace that didn’t find much traction beyond a sub-section of interested firms. The risks involved have been seen for years as being cutting edge, if not rather theoretical.
This view has changed over the last 18 months. There has been a steady drumbeat of high-profile losses arising from data breaches which have received plenty of publicity. In 2014 data breaches in the U.S. totalled 783, an increase of 28% over the previous year.1 The trend looks to be escalating as in the early part of 2015 there had already been 174 breaches with 99.7 million records exposed.2
Recent events have revealed the fluid nature of the liability, the adequacy of current cyber security policies on offer and also company management’s attitude to risk acceptance and mitigation for breach scenarios. Attacks on retailers Target in 2013 and Home Depot in 2014 demonstrated the magnitude of the threat and the attacks on JPMorgan Chase in 2014 and Anthem in 2015 confirmed the point. The breach at Sony, late in 2014, highlighted the fact that the release of confidential company information can disrupt not only customer relations but also employee relations. It was not only the reputations of top executives and their clients that were jeopardized by the disclosure of emails. Moreover the unfolding saga was amplified by the media and the data was readily accessed and replicated from the otherwise rather arcane world of download sites.
Governments concerned about threats to national security as well as their economies have engaged in high-profile efforts to ‘jawbone’ businesses into taking IT security seriously. Regulators worried about the rights of individual consumers and investors have moved decisively to press the issues home. President Obama’s 2015 State of the Union address included an update to the 2011 Cyberspace Legislative proposal. This included new initiatives on the all-important breach reporting rules with simplification and standardization of the existing 47 state laws into one federal statute. Elsewhere, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations previously announced that its 2014 Examination Priorities will include a focus on technology, including cyber security preparedness. Executives are now much more aware of the financial costs – and the difficulties of estimating them – and also the costs in terms of their career if an incident should show them to be ill prepared. The CEO of Target held himself personally accountable for the breach and resigned in May 2014. The IT and consulting industries have picked up the theme with their corporate customers. Demand for related insurance products has ramped up in the North American market and is gathering momentum in the EU and elsewhere.
Underwriters and brokers have been working to publicize these products for years and are of course delighted that the topic has moved to a more central stage. Yet current events and the general state of public awareness about the issues highlight just how complex a challenge the rise of ‘cyber threats’ poses to the insurance industry.
First and foremost, the increasing complexity and scope of attacks resulting in data breaches must challenge the market’s assumptions about the frequency and severity of losses. Underwriters have always seen the continually evolving threats to IT security as an arms race between hackers and the IT security industry; yet many have been surprised at the ambition and scale of some recent attacks. In this context, pricing models have limited predictive value and need to be constantly re-assessed.
At Aspen, we have always held the view that ‘cyber insurance’ is an unfortunate term, as it seems to mean everything and nothing at the same time. Indeed, not all cyber threats are viewed by the insurance market as being meaningfully insurable – the chief example being the theft of a company’s own intellectual property. Much of the feared impact of cyber warfare sits outside the scope of most commercial insurance offerings. Nonetheless, the desire by many brokers for an allrisks policy approach has resulted in a lot of disparate issues being bundled together as underwriters strive to add new features to their products.
The market trend, until recently, has been for underwriters to seek differentiation as opposed to uniformity. The result is that product approaches, wordings, coverage triggers and so on vary widely across the marketplace as competitors strive to add features. Ironically, in our view, one of the longstanding challenges to the broad acceptance of these products has been their complexity – buyers sometimes struggle to fully understand exactly what they are buying.
Another self-imposed challenge arising from the lack of product uniformity is that it aggravates the difficulty insurers and reinsurers face in assessing their aggregate exposures. This is hard enough given that loss scenarios are based on known/perceived vulnerabilities, which themselves evolve.
Insurance and loss prevention go hand in hand but some of the risks that governments are seeking to transfer into the insurance sector might easily challenge the industry’s capital. At some stage in the future, a different approach may be required for certain risks. As in the case of terrorism, governments could, via a reinsurance grouping, help fund high-level risks of the insurance industry. Facilitation of a market through such an arrangement could increase supply by spreading large losses and help provide data to support more accurate pricing of the risk. It would also help increase demand through encouraging a greater understanding of cyber risks and the financial value of defending against them.
Aspen continues to view this evolving area as presenting opportunity along with threat. Our focus remains on risks tied to data protection obligations as well as liability for providers of IT products and services. Different industries face different threats and regulation still has a substantial role to play in shaping risk profiles. In our view, the industry probably needs to stop trying to bundle so many disparate issues into a single product. The industry and its customers will all benefit from the evolution of specialist products. The risks cannot be effectively underwritten unless the data has been defined, protection policies understood, the consequences of breaches identified and employees trained in prevention procedures. While developments in the big picture are continually changing, it is even more important to employ a disciplined underwriting approach with clarity of wordings, transparency of underwriting method, an alert and responsive claims service, and a keen ear for customers’ needs.
Identity Theft Resource Centre(ITRC), IDT91, 2015 Data Breach, 11 March 2015
Tim Hardy is a technical writer, commentator, activist and PS21 Global Fellow. He runs the website Beyond Clicktivism and tweets at @bc_tmh
In November 2014, the UN Deputy High Commissioner for Human Rights, Flavia Pansieri declared that the changes in digital communications over the last two decades represented “perhaps the greatest liberation movement the world has ever known.”
Yet that liberation movement was under threat, she warned. And some of the greatest threats came from the countries that most pride themselves on their historic and continued role in the promotion of democracy and liberty worldwide.
The UN adopted Resolution 68/167, the Right to Privacy in the Digital Age on 18 December 2013, emphasising “that unlawful or arbitrary surveillance and/or interception of communications, as well as unlawful or arbitrary collection of personal data, as highly intrusive acts, violate the rights to privacy and to freedom of expression and may contradict the tenets of a democratic society.” The Deputy High Commissioner warned “information collected through digital surveillance has been used to target dissidents. There are also credible reports suggesting that digital technologies have been used to gather information that has then led to torture and other forms of ill-treatment.”
Far from being a historic abuse of power, this is a growing tendency. “Overt and covert digital surveillance in jurisdictions around the world have proliferated, with governmental mass surveillance emerging as a dangerous habit rather than an exceptional measure.”
Sultan al Qassemi noted in February, “Every single country in the Arab world, save for Lebanon, has jailed online activists. Every single country today has individuals in jail for posting tweets.” The Arab Spring has led to a winter of silent discontent as those who were prominent in the days of rage have withdrawn either completely from social media or into closed communities, removing their voices from the wider sphere of public discourse. Any safety in such private communities is of course illusory.
The free speech potential of the online world can have fatal consequences when privacy cannot be guaranteed.
In 2011, Maria Elizabeth Macias Castro was the first journalist to be murdered for social media posts. A note left by her decapitated body by the Mexican crime syndicate Los Zetas connected her to the online pseudonym she’d assumed would keep her safe. Posting under your real name carries proportionally greater dangers. Avijit Roy and Washiqur Rahman were both hacked to death in the street this year in Bangladesh, their murders blamed in part on the government’s crackdown on “known atheists and naturalist” bloggers. Mauritania and Saudi Arabia have issued the death penalty for online postings. According to Reporters without Borders, 19 “netizens and citizen journalists” were killed in 2014 and 175 have been imprisoned so far this year because of their online activities.
It’s not just public postings on social media that draw attention. Iran – who together with China imprisons a third of the journalists jailed around the world – uses surveillance as part of its strict monitoring of the internet. In 2009, Lily Mazaheri, then a human rights and immigration lawyer although later disbarred, claimed that one of her clients, an Iranian dissident was shown a transcript after his arrest of instant messaging conversations with her that they had assumed were private. Whether or not this was true, we now know that governments can and do monitor private web chat even where there is an expectation of confidentiality.
Lawyer-client privilege is a cornerstone of democracy as is the ability of journalists to protect their sources. Surveillance undermines both. Two years before the Edward Snowden leaks, the then executive director of the Reporters Committee for Freedom of the Press, Lucy Dalglish was approached by a national security official at a conference who, on the subject of exposing whistle blowers, threatened: “We don’t need to subpoena you anymore. We know who you’re talking to.”
Amnesty warned in their annual report last year, “From Washington to Damascus, from Abuja to Colombo, government leaders have justified horrific human rights violations by talking of the need to keep the country ‘safe’. In reality, the opposite is the case. Such violations are one important reason why we live in such a dangerous world today.”
A progressive trend is being reversed and in the countries where democracy is healthiest, there is little political appetite to address this. Those who criticise government surveillance are tacitly or explicitly accused of supporting enemies of the state.
UK foreign secretary Philip Hammond said on a visit to GCHQ Cheltenham last year “Nobody who is law abiding, nobody who is not a terrorist or a criminal or a foreign state that is trying to do us harm has anything to fear from what goes on here.“ Of course, like all who repeat the authoritarian’s mantra “if you have nothing to fear, you have nothing to hide” Hammond presumably still makes love and defecates behind closed doors. A desire for privacy can be nothing more sinister than a demand to be treated with basic human dignity.
Defenders of mass surveillance sometimes underplay its extent by declaring “It’s just metadata”. But metadata is the context of your life – where you go and when, who you associate with, what you read and watch. In aggregate, it’s as unique as a fingerprint and exposes more about you than most people are happy to share with an intimate partner. In 2014, former NSA and CIA director Michael Hayden pointed out “We kill people based on metadata.”
Mass surveillance, so costly for democracy, fails even to achieve its own security goals and wastes resources and funding that could be put towards more traditional intelligence operations.
The NSA claims that their surveillance programme would have prevented September 11 – but that is not supported by the 9/11 Commission Report that found that the intelligence community failed at analysis not at data gathering. Mass surveillance failed to prevent the Boston Marathon bombings even though one bomber, Tamerlan Tsarnaev, had been on a watchlist since 2011 after Russian intelligence warned their US counterparts about him and both he and his brother had made multiple social media postings that should have waved a red flag. Mass surveillance failed to stop the Charlie Hebdo attack.
Just as generals are often accused of always fighting the last war, it seems that intelligence services are always fighting the last terrorist plot – then are blindsided when an extremist changes tactics.
For a long time, digital rights have been side lined as a matter of technical interest only but even before the UN endorsed this position, digital rights have always been human rights. As more of our most intimate moments and experiences occur in the overlap between the material and digital spheres, our sense of betrayal and exposure as our digital privacy is violated becomes ever more acute. The distinction between the online and offline worlds grows more blurred and for the generation more likely to own a home in Skyrim than to ever own one in the material world, any attempt to distinguish between the two is met with suspicion. But there are differences – differences that are significant for the possible futures of democracy. The freedoms we take for granted in the material world in the West are increasingly denied in the digital. As the two merge more and more and the opportunities to opt out recede, the importance of defending these rights becomes more critical.
The absence of privacy, the constant awareness that your conversations, your reading and your online transactions are being monitored has a chilling effect. The writer and security consultant Bruce Schneier warns:
Think of how you act when a police car is driving next to you, or how an entire country acts when state agents are listening to phone calls. When we know everything is being recorded, we are less likely to speak freely and act individually. When we are constantly under the threat of judgment, criticism, and correction for our actions, we become fearful that—either now or in the uncertain future—data we leave behind will be brought back to implicate us, by whatever authority has then become focused upon our once-private and innocent acts. In response, we do nothing out of the ordinary. We lose our individuality, and society stagnates. We don’t question or challenge power. We become obedient and submissive. We’re less free.
Edward Snowden is a divisive character – but whether or not your politics inspire you with a desire to shoot the messenger, his revelations cannot be ignored. The US and her allies have systematically undermined the security of the internet, damaged the reputations of their countries, undermined their ability to challenge authoritarian regimes and placed their citizens and the citizens of other sovereignties under an unprecedented level of mass surveillance.
There is an opportunity here. We can continue to participate in a global trend towards greater repression in the name of security and freedom. We can continue to give succour to regimes that monitor their citizens for the overt goal of silencing all dissenting voices. We can continue to build a machinery of totalitarianism that we hope but cannot guarantee will not be put to malevolent ends. Or we can take back the moral lead. By making the defence of privacy online a core principle rather than treat it as a liberal qualm to be belittled and ignored, we can help ensure that the next two decades see a continuation of the global trend towards democracy and freedom enabled by the internet and not its calamitous reverse.
Mike Gillespie is Director of cyber research and strategy at The Security Institute, Managing Director of Advent IM Consultancy and a member of the CSCSS Global Select Committee on Cyber Security
The worldwide web wasn’t really designed, as such – it grew out of itself and so privacy was never really a massive consideration. In part as a result, it exists on different levels. There is the indexed and therefore searchable regular internet with which we are all familiar, there is the regular internet accessed via an anonymising browser or sites built specifically for anonymised browsers (such as .onion sites), and then there’s the Darknet – or Deepnet – a virtual private world of connected sites that are hard to access by accident. The last two are obviously much more opaque and harder to track, monitor, measure or market to. Some people refer to the whole area of non-standard browsing as Darknet and this is the way it has been presented in mainstream media too.
Teachers, whistle blowers, activists, children, police and security personnel and journalists to name but a few of the legitimate and non-criminal or deviant groups of users who also make use of the anonymity provided by services like Tor.
Tor- also known as “The Onion Router” is one of the browsers we refer to when we talk about anonymised browsing. Originally conceived (and paid for) for the US Navy, it was designed for secure military communications and when its broader adoption happened it was a browser of choice for net users who wanted to be protected from corporate invasion of their privacy. It works as a series of servers around the globe that bounce the user around, making them much harder to track or monitor.
It does make streaming impossible as it is very slow as a result of all the relays and YouTube is pretty much a no go area at the moment. It’s worth noting though that YouTube have plans to try and introduce a Tor friendly version allegedly. If this is true it will be interesting from a commercial perspective as given the nature of the free service in exchange for targeted ads that YouTube uses, this would appear to be in direct opposition to the requirements for privacy of most Tor users… I suppose we will have to watch that space!
So basically, Tor is one of several systems or tactics that make users much, much harder to detect or monitor. Although the media has led us to believe that Tor is in fact all of the Deepnet, clearly there is much more going on. It is inarguable however, that whether it is Tor or Tor-type browsers or the specific Deepnet, it is very difficult to track users and their behaviour in this area and this creates problems for law enforcement and security agencies.
Deepnet has the reputation for being a haven for perpetrators of serious crime. Child abuse images and the procurement of contract killers or Class A drugs have all been discovered in the deep recesses of this network. Tor has been used as a means to hide servers containing illegal material and will continue to be used that way in the same way drug dealers use anonymous unregistered pay as you go phones; very hard to trace. The arrest of Silk Road mastermind Ross Ulbricht is probably one of the most high profile and media friendly stories to come out of this. Silk Road was a marketplace favoured by criminals, particularly for drug trafficking.
It places huge difficulties on investigation of serious crime like drug selling, identity theft, child abuse and money laundering – problems we face in real life too. The dawning realisation that it is the very open and exploitable nature of our familiarity of the current regular web that leads us to question the moral standing of dark or Deepnet use. It is a discussion that is sure to rage for many years. But if people are happy to trade off their privacy for free web and web tools then those who aren’t will continue to be viewed with doubt and suspicion.
If we had never had the internet and the www world, isn’t the Deepweb precisely what we would build now to allow us to shop, learn and interact privately?
Imagine a net where tailored ads do not leap out at you from websites the second you land and your browsing activity was not pored over by those seeking to profit from it in any number of ways. Really, if we were going to build something that protected its users in entirely legitimate and acceptable ways, instead of trying to layer on security afterwards, what we would build might look a lot more like Deepnet or at the very least, Tor. Given that the original conception of the net was to facilitate military communications, then its evolution could potentially have taken the more private route, but its very commerciality has taken it in a very different direction.
Perception changes everything, of course. I was recently at a security and policing event run by The Home Office and attended some interesting seminars which touched on the difficulty in investigating crime over the ‘Dark or Deep’ web. It’s perfectly clear of course that much crime is still facilitated by the ‘regular’ web and one of the other things that emerged was criminals tending to now de-tech; moving away from things like smart phones and other IP devices in order to communicate and share in non-digital ways – ways they know won’t be intercepted by digital detectives. For instance we know that some drug dealers now shun smartphones or other modern digital communication in favour of using old school phones like Nokia 8210s. Apart from their reputation for being virtually indestructible, they are not connected to anything and therefore offer privacy and security that a criminal would happily take over the convenience of having email and Twitter. So criminals are starting to perceive the web, including Deepnet, as being a place that it may not be as safe as they thought. We knew that many criminals favoured unregistered pay as you go phones that can be cheaply bought and easily disposed of and the prediction is that certain criminal groups will continue down the de-tech route. For others of course, this will not be an option. Complex and digitally-reliant groups such as paedophile rings are making significant use of the Deepnet and unfortunately this is driving public perception of what it is all about.
Technologies have been used for good and evil ever since we have had technology. Deepweb is another technology, just like mobile phones, that is being used by criminals to stay off law enforcement radars and enable them to carry out their illegal activities with less risk than on the regular web. But as mentioned earlier many people use Deepweb tools. Sometimes this is in life and death situations and under terrible conflict situations, like those in Syria. The anonymity offered by Tor enables activists and campaigners to get their messages out of totalitarian regimes that threaten their lives every day and where the fear of arrest and torture are very real. It would have been hard for the so-called Arab Spring to have gained the incredible momentum it did, without the use of Deepweb technology. For those innocent people, Deepweb is a blessing and a lifeline.
However, the challenges are clear for law enforcement and security services and they are set to grow. We can’t accurately measure Deepweb and it is very hard to pin a figure therefore on the size of the criminal activity that is going through it. As law enforcement techniques grow and evolve to meet the Deepweb challenge the additional challenge will be maintain the right to privacy of ordinary, private users.
Ryan Hagemann is a masters student in public policy at George Mason University and the co-author of a recent Mercatus paper, “Removing Roadblocks to Autonomous Vehicles.” His research interests include decentralized peer-to-peer networks, Transhumanism, stateless social organization, robotics and automation, and studies at the intersection of sociology, economics, and technology.
In 1648, the signing of the Treaty of Westphalia ended the Thirty Years’ War in Europe, spawning the modern international system of state relations. What resulted was an order that relied on the premise that state actors would serve as the fundamental units of analysis in diplomatic affairs and global politics – that co-existing sovereign states would serve as a continual check on the balance of power between states. This system, a long stable institution of world order, has recently begun to experience an existential crisis.
The Internet and disruptive communications technologies have begun changing our world; they are leveling power disparities between individuals and institutions to such a degree that non-state actors are now gaining significant influence on the world stage.
Even as we speak, an evolution of international conflict is gaining steam, and while its origins are in the Levant, the true battle space is online. The Islamic State of Iraq and Syria (ISIS) recently came into conflict with the anarchist hacktivism consortium Anonymous. The battlefield? Cyberspace.
Far from being a mere response to the carcinogenic spread of ISIS’ influence and power projection in the Levant, Anonymous’ cyber crusade against the would-be caliphate is among the first to occur amidst the Internet landscape. Their war is one of bits, and their battles are taking place outside the confines of traditional conflict zones; to the far corners of the digital world through the conduits of Twitter, Facebook, and the broader networks that make up the Internet. What we are witnessing is an entirely new breed of institution battling the old hierarchical, centralized power structure in a new way.
In his book Cypherpunks, Julian Assange, the founder of WikiLeaks, makes a brief but impactful reference to what he refers to as Post-Government Organizations (PGOs): organizations that are composed of individuals pursuing common objectives by using decentralized digital networks to achieve their ends. They are loose collections of individuals who interact with one another primarily through the Internet and impact change through hacktivism or other digital activist means, including, but not limited to direct denial of service (DDoS) attacks on targeted websites, information revelation campaigns, and dissemination of contrarian messaging. WikiLeaks, Assange maintained, was the first of these PGOs, providing an anonymous platform for individuals with access to sensitive information the means to distribute it, without putting themselves at risk of exposure.
Specifically, Assange defines a PGO as “an organization that occupies cyberspace and is adept at moving its information around the underlying embeddings” of a digital network topography. He goes on to criticize the immense asymmetries in information between state actors and the underlying protocols of the Internet, arguing that these new institutions are bound to disrupt the old Westphalian power structures:
The governments are not sure … of the barrier between what is government or not. It’s fuzzed out now. Governments occupy space, but WikiLeaks occupies part of the space of the Internet. Internet space is embedded in real space, but the degree of complexity between the embedded object and the embedding means that it’s not easy for the embedding to tell that the embedded object is even part of it.
Anonymous, a decentralized ideological movement composed of many thousands of individuals purporting various political beliefs, philosophical outlooks, and degrees of technical skill, can just as easily be classified as a PGO. The only agreements that hold this tribe of Internet warriors together is that ideas, not directives, should drive their actions and that censorship is an unequivocal evil to be expelled from the online community. Beyond this, nothing substantive can be said of a group composed of many thousands (perhaps more) of various and disparate beliefs and motivations for joining the movement.
As Quinn Norton of Wired magazine has written, members of this legion are a “sea of voices, all experimenting with new ways of being in the world.” They are experimenting with old systems of international, and state-based, order. How their ongoing battle in the Middle East plays out will be a telling case study in the efficacy of these new institutions.
The First Digital War in Cyberspace
If the excesses of the Islamic State were not so alarmingly ruthless and inhuman, the entire affair could easily be mistaken for a classic comic book showdown: the legion of eschatological extremists hell bent on terrorizing the innocents battling the decentralized, ad-hoc affiliation of wily superheroes, each committing to the cause for incongruent reasons, bound together by nothing more than a vague sense of duty and honor to a broad ideological coalition.
But metaphors cannot do justice to the carnage unfolding in the Levant. Whatever one’s thoughts on Anonymous’ activities, few dispute that their campaign against ISIS is anything short of an ideological commitment to helping quell the tide of recruits flowing into Iraq and Syria (some estimates indicate as many as 100 volunteers per recruitment center join ISIS every day).
Anonymous first began mass targeting of extremist militants’ social media presence following the January 2015 Charlie Hebdo massacre in Paris, citing concerns over fanatical religious intolerance for free speech and the sanctity of human life. While a Twitter war is not quite the same as boots on the ground, the reality is that ISIS relies heavily on social media to spread its message and recruit volunteer fighters from around the world to join their barbaric crusade. The hacktivist attacks are an attempt to throttle the Islamic State’s recruitment efforts and curtail their online war of intimidation and the privation of human capital. The first digital war in cyberspace is unfolding before our eyes even as we speak.
In the case of the terror attack against Charlie Hebdo, as we had previously told you, we plan on shedding light on all these events and give homage to those innocent killed.
The anonymous of all the planet have decided to declare war on you terrorists. We will track you down to the last one and will *kill (destroy) you. You allowed yourselves to kill innocent people. We will therefor [sic] avenge their deaths.
We will track all of your activities online. We will close your accounts on social networks. You will not impose your Sharia in our democracies. We will not let your stupidity kill our liberties, and our freedom of expression.
We have warned you. Expect your destruction. We will track you everywhere on the planet. Nowhere will you be safe.
We are anonymous.
We are legion.
We do not forget.
We do not forgive.
Be afraid of us, Islamic Sate [sic] and Al Quaida. You will get our vengeance.
Since January, Anonymous has continued with its battle plan., having taken down over 800 Twitter accounts, a dozen Facebook pages, and more than 40 email accounts, to say nothing of the various recruiting web sites and IP addresses associated with ISIS. Their most recent public threat against ISIS aptly sums up the endgame intentions of Anonymous: “You will be treated like a virus, and we are the cure. We own the Internet.”
Towards a New Westphalian Order?
While digital strikes are unlikely to destroy the tangible gains that the Islamic State has obtained, this emerging conflict could represent the beginning of the end of the old international state system. Previously, states were perceived as the international actors of merit; now, even though PGOs are unlikely to acquire a sufficient degree of coercive power to challenge standing armies anytime soon, it is clear that they are going to be playing some role in international affairs moving forward.
In the midst of this historical occurrence, it is worth pondering what the future of the international state system holds, given changes in technology, increased access to information, and calls to action that inspire groups from across cultures and continents, to respond, in real time, to emerging threats. What happens to the old Westphalian order when individuals and non-state actors suddenly become significant agents of action in international affairs?
It is far too early to tell whether, in the long term, PGOs will be a benefit or hindrance to the international order. What is clear, however, is that these organizations are slowly accumulating greater influence and are beginning to have more substantive impact in the world. For better or worse, these new associations are going to be with us so long as the Internet remains a transnational communications platform; limiting their power will be increasingly difficult as power continues to be more and more decentralized and distributed out of the hands of strong central authorities.
Sovereignty of states emerged as the legal norm after the Thirty Years’ War – what comes of the war being played out between ISIS and Anonymous remains to be seen.