THE KEY

Online disinformation campaigns are not just a threat to the 2020 election. They may be a harbinger of the end of the world. 

Metaphorically speaking, at least. 

Concerns over "cyber-enabled information warfare" were one reason the Bulletin of Atomic Scientists pushed the Doomsday Clock up to 100 seconds to midnight, a metaphor for the global apocalypse. That’s first time the clock has passed the two-minute mark since it was first used to gauge civilization's existential threats soon after the dawn of the nuclear age in 1947. 

Disinformation driven by swarms of computer bots and emerging technology such as deepfakes are sowing rancor across the world and making it far harder to deal with existential threats such as nuclear war and climate change, the Bulletin’s Science and Security Board writes

“The international security situation is now more dangerous than it has ever been, even at the height of the Cold War,” the authors write. “... The Clock continues to tick. Immediate action is required.”

The authors, who include scientists, public policy experts and former politicians, are less concerned about specific disinformation campaigns, such as those Russia mounted to damage Hillary Clinton’s campaign in 2016 or those that U.S. intelligence and law enforcement agencies say Russia, China, Iran and others are likely to use in 2020. Rather, they fear the result of those campaigns will broadly undermine public faith in facts and expertise to the point that it’s impossible to tackle climate change and other pressing global problems. 

“If these current trends continue, we’re looking at a world in which the information environment is so corrupt that rational and reality-based discourse is impossible,” Herb Lin, a member of the science and security board and a senior research scholar for cyber policy at Stanford University, told me. 

The Bulletin first cited the threat of information warfare in a 2018 update when board members moved the clock to two minutes to midnight. For comparison, that's the same setting as in 1953 after the United States and Soviet Union first tested thermonuclear weapons, which are about 1,000 times as destructive as the atomic bombs the United States dropped on Japan during World War II. This year, the board moved the clock another 20 seconds closer. 

Cybersecurity and information warfare experts I spoke with largely backed up the Bulletin’s assessment yesterday. 

“Cyber-enabled information warfare and the consequent rise of a ‘there is no truth’ culture undercuts our societies’ ability to take … difficult, large scale and timely actions,” Chris Painter, the State Department’s former top cybersecurity diplomat who served during the Obama administration and early months of the Trump administration, told me. 

Melanie Teplinsky, a former White House and National Security Agency official who’s now an adjunct professor at American University’s Washington College of Law, warned that “cyber-enabled information warfare poses an outsized threat because of its ability to undermine the reliability of the information on which we rely for rational decision-making in nearly every domain.” 

Jason Healey, a White House cybersecurity official during the Bush administration who now teaches at Columbia University, said that cyberattacks and disinformation campaigns could be “a pressure release between major powers,” allowing them to strike at each other without getting into an actual military conflict.

“But as conflict becomes more likely between major powers, cyber will tempt decisionmakers into taking shots they wouldn’t otherwise [take],” he said, "[and] they will surely often miscalculate.”

Lance Hoffman, who founded the Cybersecurity and Private Research Institute at George Washington University, worried the analysts had actually under-valued the danger of disinformation. 

“World leaders are at least talking about the nuclear war and climate change threats and increasingly devoting more than lip service to these,” he said. “At the same time, we have almost no meaningful controls in place over development and proliferation of information weapons.” 

Betsy Cooper, director of the Aspen Tech Policy Hub at the Aspen Institute, was more skeptical of the Bulletin’s assessment, saying it seemed unlikely that misinformation campaigns, while serious, could have a major impact on the threat of nuclear war.

“This feels like less of a change to me than other cyber-related trends,” she said, adding she was surprised the bulletin didn't focus on the danger of cyberattacks against critical infrastructure such as energy plants and nuclear facilities, "which seem more likely to cause imminent harm to sensitive infrastructure in a way that… could rival nuclear war.”

Richard Bejtlich, principal security strategist at the cybersecurity firm Corelight, meanwhile, dismissed the Bulletin’s announcement calling it irrational to say the world is more dangerous today than at the height of the Cold War. 

“The Bulletin lost contact with reality in the early 2000s,” he said. “No serious person would say we are at greater risk for a global apocalypse in 2020 … than we were in 1963 (12 minutes) or 1984 (3 minutes). The incorporation of cyber elements does nothing to justify moving the clock hands to the current position.”

PINGED, PATCHED, PWNED

PINGED: A bipartisan coalition of lawmakers introduced legislation in both the House and the Senate yesterday that would rein in Section 215 of the Patriot Act, which led to the creation of a sweeping surveillance program that has ensnared the private phone calls of millions of Americans.

Congress first limited Section 215 in 2015 with the USA Freedom Act, passed two years after former National Security Agency leaker Edward Snowden brought the bulk surveillance of phone records to broad public attention. The Safeguarding Americans' Private Records Act would limit 215 even further, banning the warrantless collection of cell site and geolocation data by U.S. intelligence agencies. The bill comes a few months before a March 15 deadline when the authority is set to expire. 

The new legislation would raise the bar for requests from law enforcement to the Foreign Intelligence Surveillance Court, the secretive judicial arm that oversees surveillance warrants against foreign spies and terrorists. The court found that between 2017 and 2018 the FBI was conducting searches that may have violated the Fourth Amendment, which protects against unreasonable searches.

The bill would also expand oversight of the court, which came under fire last month from the White House after a Justice Department report found the FBI misled it in seeking a surveillance warrant for former Trump campaign adviser Carter Page.

“Liberty and security aren’t mutually exclusive, and they aren’t partisan either,” Sen. Ron Wyden (D-Ore.), who co-sponsored the bill in the Senate, wrote in a statement. “This bill preserves authorities the government uses against criminals and terrorists, while putting Americans’ constitutional rights front and center.”

Privacy advocacy groups Free Press, Demand Progress and FreedomWorks have also endorsed the bill.

PATCHED: U.S. Treasury Secretary Steven Mnuchin will meet with Britain's finance minister on Saturday to crank up pressure to ban Chinese telecom giant Huawei from the nation’s 5G network buildout, Reuters's Balazs Koranyi and Elizabeth Howcroft report.

U.S. officials have crisscrossed the globe urging allies to ban Huawei for more than a year and threatened to revoke intelligence sharing agreements if they don't. But they've only been met with limited success. U.S. officials say Huawei can’t be trusted not to spy on behalf of the Chinese government, which the company vehemently denies. 

Mnuchin’s visit to Britain comes as senior officials there are prepared at a British National Security Council meeting next week to recommend allowing limited Huawei equipment, Jack Stubbs at Reuters reports.

We’ve made very clear that [Huawei] relates to all of the critical areas that we have significant concerns. But again, there’s ongoing discussion on these issues, Mnuchin said.

Separately, Mnuchin also told Andrew Ross Sorkin in a CNBC interview at the World Economic Forum yesterday that American CEOs should absolutely continue to do business with Saudi Arabia despite the Saudi government's alleged effort to hack Amazon CEO Jeff Bezos. (Bezos owns The Post.)

We have an important defense relationship with Saudi Arabia, he said. And that’s not going to change based upon one article in the paper."

PWNED: Only about 10 percent of victims of 2018’s mammoth Equifax data breach filed for some form of compensations ahead of a Wednesday deadline for initial claims, the New York Times’s Tara Siegel Bernard reports

That includes victims who will get free credit monitoring from the credit ratings giant and those who will get a cash payout of up to $125 because they already have credit monitoring in place. The total value of the settlement Equifax reached with regulators was $700 million. 

The Equifax breach affected more than 140 million people or about 40 percent of all Americans. 

“In some ways, the initial settlement period was a success: According to a court document, the fund is expected to pay in full all legitimate claims for out-of-pocket losses,” the Times reported. 

“In others, it was an exercise in frustration: Those seeking the cash option will receive far less than the $125 cap. More than 4.5 million people had filed claims for the cash payment as of Dec. 1. Only $31 million of the settlement was set aside for the cash option; that works out to less than $7 a person.”

PUBLIC KEY

— Cybersecurity news from the public sector:

Sen. Elizabeth Warren (D-Mass.) called on Brazil to drop cyber crime charges against an American journalist who reported on leaked cell phone messages from Brazilian officials in a story raising concerns about corruption inside the government. .
The Hill
A UN official said the goal is “intimidating, creating fear, and ultimately controlling or silencing.”
BuzzFeed News
A new report calls for safeguards to reduce the dangers posed by misinformation, online extremism, and social media manipulation.
Wired

PRIVATE KEY

— Cybersecurity news from the private sector:

At Pwn2Own, hackers had no trouble dismantling systems that help run everything from car washes to nuclear plants.
Wired
Business
The “smishing” campaign starts by asking users to set up delivery preferences and ends with a request for credit card information.
Taylor Telford
The data breach exposed customers' medical history, drivers licenses, and information about how much weed they bought.
Motherboard

THE NEW WILD WEST

— Cybersecurity news from abroad:

Satirist Ghanem Almasarir, who brought case in Britain, says he was targeted in 2018 – shortly after alleged hack of Jeff Bezos
https://www.theguardian.com/profile/stephanie-kirchgaessner
Lawyers for U.S. journalist Glenn Greenwald urged a Brazilian court on Thursday ...
Reuters
United Nations officials do not use WhatsApp to communicate because "it...
Reuters

ZERO DAYBOOK

Coming up:

  • The Internet Education Foundation will host the 16th annual State of the Net Conference on Tuesday in Washington.
  • New America’s Open Technology Institute will host an event titled “Privacy’s Best Friend: How Encryption Protects Consumers, Companies, and Governments Worldwide” on Feb. 4 at noon.
  • RSA Conference 2020 is scheduled for Feb. 24-28 in San Francisco.