THE KEY

There's a better way for Democrats to tackle disinformation from Russia and from domestic political rivals as the challenges persist heading into the 2020 election, according to one technology company seeking to help them. 

Main Street One says it's not enough just to detect and take down posts that seek to discredit candidates, or to ramp up cybersecurity protections to ward off hackers. Instead, the company says liberal campaigns and political party leaders should target users with content that directly counters false information — through its network of millions of social media influencers primed to fight online information wars. 

“There have been a lot of smart cyber minds that have been shutting the back door with firewalls, servers, two-factor authentication, system upgrades and actually doing a decent job of getting campaigns to follow some protocols to avoid some of the more disastrous moments in 2016,” says Curtis Hougland, Main Street One's founder and chief executive, who has been talking to Democratic primary candidates and party committees about its new technology. “The challenge has been that we've left the front door open, and that has a lot to do with disinformation.” 

Main Street One's technology — and philosophy — is based off U.S. efforts to combat another threat: the spread of Islamic State propaganda online. Hougland received Defense Advanced Research Projects Agency funding during the Obama administration to work on tools to analyze what kind of social media posts had the highest likelihood of undercutting terrorist propaganda so the U.S. government could deploy them. The work led to him to partner with the Defense Department to monitor Russian disinformation campaigns leading up to 2016. 

Hougland says his company can help identify the users who were exposed to disinformation — and then bombard them with counter-messaging. 

For instance, if the Democratic National Committee wanted to respond to President Trump's debunked conspiracy theory that the party had a hidden server in Ukraine hosting evidence related to the 2016 hack, Main Street One would coordinate a response so social users also get factual information.

Unlike targeted disinformation campaigns, which often rely on the coordinated efforts of bot networks, Main Street One has a network of more than 3 million accounts belonging to volunteers and influencers. Main Street One can figure out which one of those actors would be the most credible to spread the message it wants to promote — and can then put paid ads behind the highest-performing content. It's the kind of machine Hougland says exists on the right with its expansive network of meme creators and online personalities.

“Our ultimate goal is to derive messages on what people already believe and then deliver that in the form of peer-to-peer content to members of their community,” Hougland says. “Do that with enough scale and speed, and then we can reduce the impact of misinformation at a micro and macro scale.”

While he declined to name specific potential customers, he also met with lawmakers in Washington earlier this month who have expressed increased concerns over disinformation as intelligence agencies and Facebook report that Russia, Iran and China are all targeting the 2020 elections. 

Hougland says the technology is needed given the challenges facing candidates such as former vice president Joe Biden, from rivals and from other countries. Facebook just announced last week that it took down a network of Russian accounts whose top target was Biden. And the Trump campaign has flooded Facebook with ads containing baseless claims about Biden's dealings in Ukraine. As the company refuses to fact-check politicians' ads, or take them down even when they contain falsehoods, Main Street One's tools might have greater appeal. 

 “I think we can all agree that you're not going to get remediation from the administration. You're not going to get remediation from the tech platforms themselves,” Hougland says. “I think the Trump [campaign's] Biden ads [show that]. If anyone was on the fence, there it is.”

Yet Democrats may be hesitant to adopt highly tailored messaging based on voters' online data in the wake of the scandal surrounding Cambridge Analytica, a firm that harvested private information from 50 million Facebook users in its work for Trump's 2016 campaign. 

And experts say that increased adoption of this kind of highly targeted technology raises questions about the need for ethics in this space. 

“As the tools of influence skyrocket, democracies have to be careful to keep questions about the ethical use of personal data front and center,” says Lindsay Gorman, a fellow at the Alliance for Securing Democracy, a bipartisan initiative that the German Marshall Fund founded to combat foreign election interference. “To that end, political actors should develop clear and transparent standards for how they access and use voter information and empower voters to protect their online presence.”

PINGED, PATCHED, PWNED

PINGED: Rep. Ted Lieu (D-Calif.) wants answers from the White House over a recent exodus of a least 12 cybersecurity officials from the office of the White House chief information security officer, Axios's Alexi McCammond reports

“A White House data breach would give our adversaries an untold advantage in almost every foreign policy and national security matter,” Lieu wrote to acting White House chief of staff Mick Mulvaney. Lieu's letter comes in response to an exit memo from Dimitrios Vastakis, former branch chief of the White House computer network defense, which Alexi first obtained. Vastakis raised concerns that the White House was targeting senior staff for removal and “is posturing itself to be electronically compromised once again.”

Lieu wants to know whether the president's team pushed out officials whose experience dates back to the Obama administration and why the president has moved key cybersecurity responsibilities to a separate office that isn't covered by a law mandating the preservation of presidential records. He's also asking whether the White House has discussed the concerns in the memo with the National Security Agency.

PATCHED: British Prime Minister Boris Johnson is preparing to allow Chinese firm Huawei limited access to the United Kingdom's future 5G network, the Sunday Times reports. The decision could stoke tensions with the United States, which has lobbied foreign allies to ban Huawei from their networks, citing national security concerns that the company could serve as a backdoor for Chinese spying.

The company would be limited to “non-contentious” parts of the network, government sources tell the Sunday Times, though it's unclear what that means. Major U.K. mobile providers have already pushed ahead with using Huawei equipment in their networks, the Guardian previously reported. That could make a Huawei ban costly and time-consuming, a potential deterrent to the U.K. pursuing one.

Germany also recently snubbed U.S. warnings and decided to not preemptively ban Huawei, citing the significant costs and time delays it would pose to the county's plans for launching a 5G network. 

PWNED: Cybersecurity researchers say that Google and Amazon aren't doing enough to protect their home devices from would-be hackers. Now, Congress wants answers. Rep. Debbie Dingell (D-Mich.) is asking the CEOs of both companies to provide her with answers on how they vet applications for their respective Amazon Alexa and Google Assistant devices.

Dingell cited research from a German cybersecurity company SRLabs, in which researchers created apps that passed both Google and Amazon security-vetting processes. The apps then allowed researchers to eavesdrop on users and attempt to steal their passwords.

“While these apps were created and used only for research purposes, there is potential for either copycat apps or that malicious actors have already used these techniques to target consumers and their personal information,” Dingell wrote.

Dingell is asking the companies to answer questions including whether they review other apps for these vulnerabilities and whether they would notify users of potential wrongdoing.

Members of Congress have previously scrutinized Amazon for allowing contractors to listen to users' Alexa recordings, which included sensitive information such as passwords and home address, and storing those recordings indefinitely. (Amazon chief executive Jeff Bezos also owns The Washington Post.) 

PUBLIC KEY

— Cybersecurity news from the public sector:

Business
Known as JEDI, the military’s cloud computing contract will go to Microsoft after Trump expressed opposition to giving it to Amazon. The award had been held up for years in a bitter dispute between some of the country’s biggest tech firms.
Aaron Gregg and Jay Greene
Days before the big event, hackers seized control of almost all the capital’s street surveillance cameras and demanded a ransom. Then everything spiraled out of control.
Wall Street Journal
Ohio Gov. Mike DeWine (R) on Friday signed into law legislation that will increase cyber protections for election systems and enhance the overall cybersecurity posture of the state. 
The Hill

PRIVATE KEY

— Cybersecurity news from the private sector:
 

A wiretap on BlackBerry Messenger collected communications of a drug cartel for years, helping cops catch one $25 million shipment.
Forbes
Global insurers that cover cyberattacks are facing more claims related to ransom...
Reuters
UniCredit (CRDI.MI) said on Monday its cyber security team had identified a data breach involving a file created in 2015 and containing approximately three million records, all regarding Italian clients.
Reuters

THE NEW WILD WEST

— Cybersecurity news from abroad:

Johannesburg, South Africa, is an alpha city on a booming continent—a financial powerhouse and one of the most important cities in the world.
MIT Technology Review
MPC, an encrypted phone company Motherboard revealed as being created by organized crime, "put him on a plate for the Moroccans to pull the trigger."
Joseph Cox

ZERO DAYBOOK

— Coming up:

  • The Senate Homeland Security and Governmental Affairs Committee will host a hearing examine supply chain security, global competitiveness, and 5G on Thursday at 10 a.m.