MIL INT
MILITARY INTELLIGENCE
Monday, January 1, 2018
The Real Coup Plot Is Trump’s
MI has not posted other content before. However, the essay linked below explains what MI refers to as 'American Self-Propagandizing' very well. This is a theme in MI entries because it undermines our institutions. In our view, Mounk explains the process elegantly. The Real Coup Plot Is Trump’s
Sunday, December 24, 2017
MI’s Cybersecurity Tips for 2018
The biggest development in cybersecurity in 2017 was not a
hack. The Trump Administration has authorized Customs and Border Protection
(CBP) to demand access to electronic devices from all incoming arrivals –
citizens as well as permanent residents and foreigners. Incredibly, CBP has
also been authorized to demand social media log-in information, IDs and
passwords, so they can access your social media accounts from inside. If you
were concerned about warrantless search and seizure by the NSA as revealed by Edward
Snowden then this development should really concern you. As an aside Section
702 of what used to be called the Patriot Act also looks like it will be
extended, possibly indefinitely of some have their way.
The CBP Social Media policy is not codified in statute. The
4th Amendment is restricted at the border for routine searches. That
allows border control to conduct deeper searches of incoming passengers without
having to meet a federal warrant standard involving making a case for probably
cause. Neither Congress or the Courts have adjudicated whether this rule
applies to logging in to your social media accounts. Does it include Turbo Tax
as a social media account? Bank apps? Encrypted chat apps? Etc.
So for now, id you travel internationally and you don’t want
the federal government inside your phone and thus inside your personal
finances, taxes, private chats with your spouse or kids, either leave your
phone at home or get a burner for travel and do not leave anything on it before
you cross the border. That’s a lot of hassle but a lot cheaper than being the
test case that takes a decade to wend its way to the Supreme Court. Think of
the legal fees!
The 702 issue and the Manafort/Flynn revelations show that
the NSA remains vigilant when ot comes to communications with foreign targets.
Media suggests that 702 applies to as many as 100,000 targets. Under 702 the
NSA does not need a warrant to surveil these foreign targets even in cases
where that communication is with a US person or travels via communication links
on US territory. Section 702 needs periodic review and can fail to be renewed
if Congress does not act in time. Evidentially the deadline in Jan 2018 may be
covered by some of the language in a related law that sets the 702 cycle in
April 2018.
You might think there is no way 702 can touch you. Perhaps,
but 100,000 targets is a serious number. They are not all ISIS. They clearly
include diplomatic representation to the US, foreign governments, financial and
business leaders overseas, and so on. Maybe this does not matter to you, but MI
knows many of its readers are national security personnel and higher end
business people, this may touch you. For the record, in order to surveil a US
person as the target (not the collateral damage in targeting a foreign
communication) in their communications across the international border, the
government still needs to get a FISA warrant. To surveil you domestically, a
court issued warrant based on probable cause is required.
This background is important to know but it also the setting
for the suggestions made below. Disclaimer: MI is not a legal advice
organization, and these are suggestions that readers are free to ignore based
on their judgement. MI has no responsibility for how you conduct your personal
communications or travels. These are helpful suggestions not business
recommendations. Just don’t sue us, ok?
As the fallout from the San Bernardino terrorist attack
shows, it is not easy for federal law enforcement (FLE) to access encrypted
devices. They say they got into the terrorist’s iPhone without Apple’s help;
that may or may not have happened. Post Snowden Apple and others know that its
business model will fail to grow unless it puts people and not FLE first
(although its policies in China suggests that if the market is attractive
enough Apple’s principles may be a little softer than in a mature market). So
has MI become paranoid? Looking at the threat board too hard all year and
unnecessarily freaking out? Surely all of these measures are for criminals and spies
– they don’t apply to little ole me going about my day? What could possibly go
wrong? I don’t break the law, I help enforce it.
Crime is an old canard to prevent you from protecting
yourself – ironic really. Good digital security and privacy practices are
essential and here’s why:
1. Common
sense. The Five give you their platforms for free, right? You don’t pay for
Gmail or YouTube. It’s great! Yet if that’s true, why are The Five the most
valuable companies in the world? Where does that money come from? YOU. The Five
(and others) see you as a mine of data that they use to position their own
services that do cost money and to sell to their advertisers to pinpoint your
interest in 18th C Austrian stamps. Marketing on TV is wasteful,
especially for specialized items. The cutting edge in marketing is personalized
tailored focus on individual interests. Now instead of buying ad time on TV –
very costly and basically useless for stamp collectors - highly specialized ads
can be sent very cheaply to everyone on earth who is interested in 18th
C Austrian stamps.
So you pay for these ‘free services’ of Facebook, Google,
Amazon, and so on. The fee? Your privacy. What’s that really worth to you?
2. Life
Happens. You might become incapacitated and you have always been t6he one who
does all of the administration for the family. Incapacitation or sudden death
vastly complicates managing your affairs, The set up suggested below will
enable someone you trust to pick up exactly where you left off and operate your
life when you can’t. It should be a central part of any good estate planning.
But as argued, can be there for life events or even getting stuck overseas with
a lost phone, etc. The settings below
have you backed up and secure so you (or your trusted person) can keep driving
and paying bills and not getting behind.
3. Your
obligation to protect the country. Most of MIs readership ace national security
professionals. They know that weak security of their home, person or digital
footprint can help bad actors gain situational awareness and/or actual data and
access with which they can threaten national security directly or indirectly.
The USG has broken this professional and social contract with its unacceptable
laxness in protecting SF-86 Data that resided with OPM. Nevertheless, we all
need to work together and this is a case where protecting yourself and your
family will also maintain your sacred obligation to protect America.
4. “But MI –
The Costs of All These Services!” See point one – your digital world is not free.
In fact, you have been commodified. This should annoy you. It annoys the crap
out of us. Your spouse and your children are commodities to be traded. Ever
wondered why little Suzie gets credit card offers at age 6? It’s not because
she is a rock star shopper (even if she is, our commiserationsJ) It’s because Suzie’s
very existence has been sold to someone who wants to sell to her (they just
don’t know she’s a wee tot, as they say in Scotland).
All of the systems and services we suggest below charge fees.
If they don’t, then that’s the first hint that they may not be the best
solution to your digital fingerprint and footprint privacy. Most cost tens or a
few hundred a year. All up, even with the most high end services an individual
or family might want, you are looking at around $500 a year. That’s peanuts for
what you get for that sum.
Do you really think your name, address and social are safe?
*2013 3 billion yahoo accounts hacked
*2015 ALL OPM SF-86s hacked
*2017 143 Million credit profiles hacked at Equifax
*2017 198 Million US
voter records hacked
And you call MI paranoid J
Companies like Target and a bunch of others have all been hacked too. It’s not
going to end, it’s going to accelerate and deepen. The US election was hacked
in the sense that social media was completely manipulated to pervert the course
of the election. It goes on and on.
It’s time to get real. It’s time to protect yourself, your
family, and your country.
Here are our tips for 2018:
1.
Encrypt
everything. Phones, computers, hard
drives, thumb drives. There are now plenty of options to do this. MI recommends
picking one option across all hardware platforms. There are easy to use
software programs now that can do this. The other option is using the features
on the laptop during set up. Apple now offers this. Remember the number of
different systems you use will require remembering a lot of log-ins.
2.
Password
gatekeeper. This is a MUST. Again, as with hardware encryption options, there
are a lot to choose from – the type of program MI has in mind is 1Password and
the like. Each has different pros and cons. What they do is simple – they
create impossible to hack passwords for all the sites you use to bank, do
taxes, communicate with people, social media, etc. anything you log into – they
protect. The software conjures up long complex passwords with or without
symbols (&%$₵#), numbers, etc. It then stores these with your log-in
IDs against the relevant URLs. To access your bank, you don’t have to google
and find the bank, you simply press the bank’s icon and the password program
automatically logs you in with the long/complex password. It’s easy and
incredibly secure. The weakest link – the password you use to access the app.
3.
Log-in
IDs and email IDs. The days of using David.Smith@gmail.com are gone. Why
make it easy for the bad guys to target you. As above, you can now use password
apps to create unique log-in IDs, MI recommends random jumbles of letters,
numbers, and symbols, just like a password – so they are unintelligible to
whoever may be trying to find ‘David Smith’. MI recommends different IDs for
high impact accounts like banks and maybe a common one for low impact stuff
like Hulu. Note: Facebook is NOT low impact!
4.
Social
Media. OK, this is going to hurt. Are you sitting down? Get off Facebook.
Guess what? You can’t get off Facebook! Try it and see. It owns you. To the
extent that your data, your most private data is you, it owns you. If you load
it onto Facebook, they now own it; whether it’s a picture, your religious,
political, sexual, social, or other habits, preferences, views, etc., Facebook
owns it. This is not a rhetorical point, it is a legal fact. Remember the long
Terms of service in tiny print? Don’t worry, no one else reads it either. It’s
in there. As a matter of law, anything you put on Facebook is their property.
It’s in there. As a matter of law, anything you put on Facebook is their
property.
Why is this important? Because Facebook is the greatest human intelligence gathering platform ever devised. In the old days the following information had to be either interrogated out of you or was the fruit of weeks if not months of resource-heavy surveillance: your full name, date of birth, addresses of home and work, your up-to-the-minute location (from their geo-location settings as well as posting from your favorite café), your network of contacts from all aspects of your life, the books, magazines, websites, blogs, and tweets you read, your opinion on political social, international, gender, sexual orientation issues; digital records both still and video of you, members of your network, locations you visit, places you vacation, your home and vehicles and so on. Facebook owns that catalog of your identity. They sell that information and the patterns it depicts – pretty much anything can be known about you which helps companies market to you, but it also helps people find you and know what you are thinking and who you are associating with. If a foreign intelligence agent asked you 5% of this kind of data you’d be down to the SSO’s office to report a foreign intelligence collection operation in US soil.
Now, you are broadcasting all that highly personal and valuable data to anyone who wants to look. And if you think Facebook privacy settings are going to protect you, then… well, enjoy the ride.
How to delete your Facebook account. As noted above, you actually can’t do this. The best thing you can do is the following: Go back through all of the sub-headings that list your preferences and delete them one-by-one. This applies to any data or pictures you want removed. It will take a long time and be tedious. But at least at that point you have some control over content. FB keeps the original but this way you minimize what can be discovered if the account is hacked and just maybe FB’s record is minimized. Then, go to “delete this account”, it will explain that the best it can do for you is turn it off the web but it does not delete the files and you can go back and reactivate at any time.
Before you do this, however, send out a note to all your FB connections advising them that you are deleting your account and that you are NOT UNFRIENDING them. Account deletion can appear to friends as unfriending, leading to awkward conversations, or worse, no conversations and the appearance of a major social slight when none was intended. Put that message up once a week for a month so your key friends catch it… then follow the steps above.
Why is this important? Because Facebook is the greatest human intelligence gathering platform ever devised. In the old days the following information had to be either interrogated out of you or was the fruit of weeks if not months of resource-heavy surveillance: your full name, date of birth, addresses of home and work, your up-to-the-minute location (from their geo-location settings as well as posting from your favorite café), your network of contacts from all aspects of your life, the books, magazines, websites, blogs, and tweets you read, your opinion on political social, international, gender, sexual orientation issues; digital records both still and video of you, members of your network, locations you visit, places you vacation, your home and vehicles and so on. Facebook owns that catalog of your identity. They sell that information and the patterns it depicts – pretty much anything can be known about you which helps companies market to you, but it also helps people find you and know what you are thinking and who you are associating with. If a foreign intelligence agent asked you 5% of this kind of data you’d be down to the SSO’s office to report a foreign intelligence collection operation in US soil.
Now, you are broadcasting all that highly personal and valuable data to anyone who wants to look. And if you think Facebook privacy settings are going to protect you, then… well, enjoy the ride.
How to delete your Facebook account. As noted above, you actually can’t do this. The best thing you can do is the following: Go back through all of the sub-headings that list your preferences and delete them one-by-one. This applies to any data or pictures you want removed. It will take a long time and be tedious. But at least at that point you have some control over content. FB keeps the original but this way you minimize what can be discovered if the account is hacked and just maybe FB’s record is minimized. Then, go to “delete this account”, it will explain that the best it can do for you is turn it off the web but it does not delete the files and you can go back and reactivate at any time.
Before you do this, however, send out a note to all your FB connections advising them that you are deleting your account and that you are NOT UNFRIENDING them. Account deletion can appear to friends as unfriending, leading to awkward conversations, or worse, no conversations and the appearance of a major social slight when none was intended. Put that message up once a week for a month so your key friends catch it… then follow the steps above.
5.
Google.
Yep, them too, and not just their social media efforts. Let’s just start with
Gmail and YouTube. One of the many dorty little secrets of The Five as the
companies that run the world are known, is they are surveilling you all the
time. Have you ever wondered why the ads you get seem targeted to your interest
in skiing? Because they scan your emails looking for key words that can be used
to market products to you. Likewise, all your YouTube searches – like all of
your Google searches –are logged with the company. In the past the FBI and CIA
got into a lot of trouble for warrantless searches of people’s library
borrowing habits – check out the Church Commission that followed some major
espionage leaks, not of foreign threats but Uncle Sam monitoring citizens. You
can delete search histories from your browser, along with cookies, do you
honestly think that will do anything other than make you feel secure? They
already have the data, you are just deleting your record of it, not theirs!
(Still, it’s worth doing, BTW).
The Fix: as with Facebook, manually delete everything, then delete the account. This is possible with Gmail and YouTube. BUT FIRST, there are some steps you need to make. First, you need to move your emails from the Google servers onto your own hard drive(and/or cloud – more about the cloud below). The smartest way is a hard drive first and then the cloud – again, more below. There are a number if apps that will move all your emails in their folders from the Gmail system onto a hard drive of your own, so you have a complete record (assuming you need to keep the receipt from the Apple store where you just bought a new laptop for $2k, for example). Then Gmail has a global delete function – it save you going file to file and page to page. You can delete it all in one step. THEN make sure you empty the trash! Make sure SENT mails are collected and deleted too. Once you are satisfied that the complete record has been erased, then shut down the account.
The Cloud. Yes, both the company offering the cloud and the government can access search, harvest and sell all that data too. Google Drive, Dropbox, etc. There are cases in the courts right now where the government is forcing US cloud companies to divulge data that is not even resident on US cloud servers. All US providers use cloud servers here and overseas, Because the law never imagined needing to access an American safe in Ireland, there is no law covering accessing a US cyber safe in Ireland. MI anticipates the courts will force US cloud service providers to cough up data regardless if where it rests. Certainly US LE and the courts seem to have no regard for the domestic laws of the countries in which those servers reside (unless they are forced to, see below). Thus if you use an American cloud you are wide open.
This issue goes to the heart of the Apple v FBI situation following San Bernardino. Apple feared losing customers id the public saw them roll over to the FBI. So they took a stand (after years if secret collusion – the exposure of which embarrassed The Five – see the Snowden issue). Just to note, this impacts all The Five, not just Apple. MI welcomes the stance they have taken post-Snowden and acknowledges it’s in their economic best interests to protect the masses over the occasional bad actor who might benefit from their services (more about the crime argument below).
The Fix: back up all of your cloud files to a hard drive in your possession. This is good practice anyway. Then encrypt that drive.
Find a foreign end-to-end encrypted cloud service. Preferably this will be in a country that has strong privacy laws (any EU country has much stronger laws than the US, and some have even more stringent requirements than those mandated by the EU, such as Switzerland). Alternatively, a cloud service in a country that is not beholden to US pressure. The key is being in a non-US jurisdiction, one that has strong privacy rules, and the use of end-to-end encryption - which means that the content of the data is invisible except on the sending and receiving computers.
The Fix: as with Facebook, manually delete everything, then delete the account. This is possible with Gmail and YouTube. BUT FIRST, there are some steps you need to make. First, you need to move your emails from the Google servers onto your own hard drive(and/or cloud – more about the cloud below). The smartest way is a hard drive first and then the cloud – again, more below. There are a number if apps that will move all your emails in their folders from the Gmail system onto a hard drive of your own, so you have a complete record (assuming you need to keep the receipt from the Apple store where you just bought a new laptop for $2k, for example). Then Gmail has a global delete function – it save you going file to file and page to page. You can delete it all in one step. THEN make sure you empty the trash! Make sure SENT mails are collected and deleted too. Once you are satisfied that the complete record has been erased, then shut down the account.
The Cloud. Yes, both the company offering the cloud and the government can access search, harvest and sell all that data too. Google Drive, Dropbox, etc. There are cases in the courts right now where the government is forcing US cloud companies to divulge data that is not even resident on US cloud servers. All US providers use cloud servers here and overseas, Because the law never imagined needing to access an American safe in Ireland, there is no law covering accessing a US cyber safe in Ireland. MI anticipates the courts will force US cloud service providers to cough up data regardless if where it rests. Certainly US LE and the courts seem to have no regard for the domestic laws of the countries in which those servers reside (unless they are forced to, see below). Thus if you use an American cloud you are wide open.
This issue goes to the heart of the Apple v FBI situation following San Bernardino. Apple feared losing customers id the public saw them roll over to the FBI. So they took a stand (after years if secret collusion – the exposure of which embarrassed The Five – see the Snowden issue). Just to note, this impacts all The Five, not just Apple. MI welcomes the stance they have taken post-Snowden and acknowledges it’s in their economic best interests to protect the masses over the occasional bad actor who might benefit from their services (more about the crime argument below).
The Fix: back up all of your cloud files to a hard drive in your possession. This is good practice anyway. Then encrypt that drive.
Find a foreign end-to-end encrypted cloud service. Preferably this will be in a country that has strong privacy laws (any EU country has much stronger laws than the US, and some have even more stringent requirements than those mandated by the EU, such as Switzerland). Alternatively, a cloud service in a country that is not beholden to US pressure. The key is being in a non-US jurisdiction, one that has strong privacy rules, and the use of end-to-end encryption - which means that the content of the data is invisible except on the sending and receiving computers.
6.
Opening a
new email account. Follow the same principles as the cloud – foreign
jurisdiction, foreign company providing the service, and end-to-end encryption.
Open at least 2 accounts. One for your private conversations with friends and
colleagues and one for Administration. MI recommends also opening one for low
impact activity like TV online accounts and newspapers and the like. Things
that if you lost them would not matter to you.
You’ll be amazed at the sudden death of junk mail and ads and all the rubbish that comes with American ‘service’ providers, which should be more accurately, described as personal data wholesalers. MI hates to appear to be critical of American firms, but in fairness, they have gotten us into this situation. You are truly on your own when it comes to privacy and security. Most national security professionals know this (MIs key demographic) but it’s important to be reminded, especially when long term deep maintenance of one’s electronic fingerprint and indeed footprint takes so much work. We get that. But you owe it to yourself, your kids, and even the country to protect your data. With the politicization of national security staff these days and all the investigations, you don’t have to be a bad actor to get swept up in all if this and for CNN to run your tweets or texts to your girlfriend as headlines, to decide some protection is not a bad idea.
You’ll be amazed at the sudden death of junk mail and ads and all the rubbish that comes with American ‘service’ providers, which should be more accurately, described as personal data wholesalers. MI hates to appear to be critical of American firms, but in fairness, they have gotten us into this situation. You are truly on your own when it comes to privacy and security. Most national security professionals know this (MIs key demographic) but it’s important to be reminded, especially when long term deep maintenance of one’s electronic fingerprint and indeed footprint takes so much work. We get that. But you owe it to yourself, your kids, and even the country to protect your data. With the politicization of national security staff these days and all the investigations, you don’t have to be a bad actor to get swept up in all if this and for CNN to run your tweets or texts to your girlfriend as headlines, to decide some protection is not a bad idea.
7.
Extended
Security Questions and Dual Factor Authentication. When you change
locations (either physically or via a VPN) most email companies, banks, etc.
will ask for additional security questions to verify the right person is
accessing the account. MI suggests using a bank of standard ‘answers’ that are
mini passwords– they are not actual answers to ‘who was your childhood friend’ they
are Password Gatekeeper generated (and remembered) strings that you can use in this circumstance. So
that when you are asked ‘who was your childhood friend’ the answer is not Fred,
it’s ‘*nYss₵43$’.
Dual factor authentication particularly using cell phones can be hacked, it turns out. The bad guys can run off with the phone or cyber into it. Look for work-arounds. Password gatekeepers alone are best, a high end thumb drive is an alternate to consider based on your needs.
Dual factor authentication particularly using cell phones can be hacked, it turns out. The bad guys can run off with the phone or cyber into it. Look for work-arounds. Password gatekeepers alone are best, a high end thumb drive is an alternate to consider based on your needs.
8.
Messenger
Services. IMing is becoming more popular than emails. The state of the art
for privacy right now is Signal. It’s end-to-end encrypted, and can be set to
auto-delete chats after a period of time. But look out – one of the Five will
try to buy it for billions in order to access the data. That’s why Facebook
paid ca 15 billion for Whatsapp – Facebook’s engineers can build an IM platform
in their sleep. They wanted the data, the identities, the patterns – the key to
the money.
9.
Virtual
Private Networks – VPNs. Get one, set it on a high-privacy foreign
jurisdiction (see above discussion about the cloud/email) and use it
religiously. A VPN hides your IP address. It also places all your digital
activity inside the high-privacy jurisdiction of the country you choose. Each
time you log-in to a VPN you can pick which country you will appear to be
operating out of. MI recommends moving that location to other safe locations
periodically. VPNs are available for both fixed and mobile platforms.
10.
Alexa and
the other women in your life. Don’t let them into your home! Get off your
ass and turn off the light yourself. Sheesh. Alexa and Siri and the girls are
always listening and sending back all your requests to the mothership. Alexa
has already been taken to court, or the recordings made passively (ie., not
following a command to take action) during a murder. If you do not intend to
say “Alexa give The Five all the conversations between me and my spouse and
between us and our kids and between us and anyone on the phone who calls us
etc. etc.etc.” then as delightful and ‘helpful’ as these wonderful ladies are,
don’t let them into your abode – your castle. In 1984 the TV on the wall of
your house was the interface for Big Brother – now you bring BB into your home
on your cell phone, laptop, and increasingly on anything that can transmit…
same goes for wherever you go…you Re taking a complete suite of surveillance
tools with you, which you then turn against yourself 24/7. Not smart, people.
11.
Crossing
Borders. The fix: Get a burner and don’t register it under your name! Or
use your own phone and completely wipe it – before crossing any border. If
America is forcing you to give up your log-ins, just imagine what China is up
to! First, back it up to your new foreign cloud, then wipe it by choosing to
reinstall the system software. Some shadow data will survive but a routine
border check will not go that far. Then, once on the other side, use a secure
connection and VPN to upload the phone from the cloud. It’s best to delete all
texts, IMs, and conversations from all apps as well.
12.
Physical
Mail Security. Get a UPS store account for all your physical mail. Your
mail box at home is a sitting duck, filled with personal information and is
completely open for anyone to access. Such access is a federal crime but
proving someone stole your credit card statement from your mailbox might be
hard. Avoid it by getting a street address based alternate mailbox. Sadly, USPS
does not do street addresses, thus conceding the territory to UPS and others
(no wonder they can’t compete). UPS can then forward on your mail or you can
collect on your way home. Happy in the knowledge that it is secure and
monitored by a human being and under considerable lock and key after hours.
Remember in hacking, social engineering is often the easiest way in – mailbox
jumping is old school and works just fine. Further point on mail. Given the
legalities, if you need to send something really secure, consider the post.
13.
Cyber
Hygiene Best Practices. Keep system software updated, Use anti-virus [just
not Kapersky (Google it and DHS)] – and turn off geo-location on all hardware
and software. This will make GPS maps useless – just consider cost/benefit for
your situation. Again, a burner smart phone might be a solution. Small cloth ‘Faraday Cages’ are a super
convenient way to stop the phone transmitting your locations. No need to take
out the battery and SIMs etc…just turn it off and slip it into the soft cover –
if it’s on, it will drain the battery looking for a signal.
MI hopes you and those special to you enjoy this Christmas
present from us. Here’s to a safe, secure, private and prosperous 2018.
Wednesday, December 20, 2017
Imagination and National Security
“But that’s not the way we did it last year”. There, in a
single sentence, is the greatest threat to national security facing the United
States. How many times have you heard that miserable idiotic foolishness? That
sentence is the enemy of innovation, and it can be found throughout the
national Security establishment. MI was advising the Commanding Officer of an
elite unit in the US military charged with some of the most sensitive national
missions imaginable. They had a fantastic track record of innovation. They had
the best people, the best technology, an essentially unlimited budget and
political backing to take on the toughest missions in the most exceptional
circumstances. In a particularly sensitive area, they had a string of
successes. MI asked them why they did not undertake more missions – they had
the capacity. The CO thought about this for a minute and said, “You know, I
don’t know. We could. You know what, you’re right, we need to…” Make no mistake;
it takes a lot to mount those kinds of missions. They often span months, if not
years. But their track record of success demonstrated that a lot more could be
done. He is a great leader. He was not afraid to take thoughtful risks, he was
open to suggestion, and did not care whether they came from inside his band of
brothers or from a policy wonk. Sadly, he stands out in MI’s memory, of decades
of service, as a unicorn.
“But, we have not received guidance.” This is another
classic argument for inaction. Weak thinkers throw this out to absolve
themselves of responsibility for stasis in their organization or its missions.
They always wait for “higher” to identify and solve their problems for them.
They fear telling “higher” they have a problem, usually because they are
incapable of devising a solution. This is a classic failure of leadership in a
culture where you are supposed to identify a solution and present it to
“higher” when you report a problem. This sounds like West Point leadership 101,
but you would be astonished not only by how often this comes up, but how high
up the chain this excuse is wheeled out in defense of inaction.
On the battlefield the living are the innovators; those that
could not improvise, adapt, and overcome, succumbed to stasis. So it’s ironic
that an institution and culture that thrives in the field should be so
sclerotic everywhere else. Politics is often the reason, fear of making
decisions that might later turn out to be wrong. Conflict is so contingent that
constant change should be baked into thinking. Context is important; plans
should be a starting point, not a dogma followed point by point to defeat. The
cannon of strategic to operational ‘strategies’, flowing seamlessly into plans,
culminating in ‘operational concepts’, implemented by cross-coordinated staffs
first designed in the Napoleonic wars, is all great in theory, but it fails
more often than it succeeds. The endless creation of ‘working groups’ at higher
echelons and ‘task forces’ at the tip of the spear, demonstrates how
ineffective traditional structures can be, especially in the face of new
dynamic threats. Thus bureaucracy and corporate ideology combine with politics
as great anchors in innovation.
Strategic planners tend to get mired in process and efforts
to appear to be in sync with corporate thinking. That completely misses the
point. Operations take plans as a scene-setting starting point and evolve as
circumstances change. The two methods are antithetical to one another. One is
the product of a closed system of thinking, where complexity, friction, and fog
are subordinated to rigid programmatic edicts. The other is a necessary
requirement to the realities of the world and represents an open system of
thinking that is founded in axioms but not ruled by them against prevailing
evidence. In an effort to control complexity, closed systems over-generalize
and over-simplify, which is necessary to a point but is almost always taken way
too far.
Militaries are big bureaucracies. They get obsessed with
hierarchy, process, and tradition, at the expense of flexibility. Thoughtful
risk taking is necessary to adapt to new circumstances even at the strategic
level. Failure is costly when statecraft tis on the line, but a rigid ‘man,
train, and equip’ mentality is useless in intelligence and operations. There is
a tipping point where bottom-up innovation must be forged into a greater whole.
Finding that point is not easy or clear, it often finds us, to our cost. MI
believes that we can strive to get better at finding that tipping point and
defining it before it defines us. The answer lies, funnily enough, in
epistemology.
How we think about the profession of arms and its connection
to statecraft, is vitally important. Strategy is the connective tissue between
the two. Strategy is “the use of resources to achieve an objective.” If you
look at the swath of documents that spew forth from the Joint Chiefs down to
the COCOMs, those documents are SINO (Strategy In Name Only). The truth is they
are statements of executive principles. They touch on vague ideals, like
protecting democracy, but they fail to discuss how resources should be
marshalled to achieve that outcome. Indeed, a vague principle can be an
outcome. You have to keep digging down to the CONOP level to see any serious
discussion of means, ways, and ends (the order is important). Readers who have
spent time in a COCOM planning staff know that millions of man hours are spent
annually ‘aligning’ thought from the top to the bottom. Much of this “synchronization” is an exercise
in narrowing, and more often than that it is an exercise in English literature
verbal massaging, and the creation of the harmful pretense of seamlessness. MI
has seen 100+ person staffs all scratching away on staff-wide edits of
documents no sane person will ever read. Nothing of substance comes up. At best
a slight inflection is inserted to represent the editing/commenting command’s
particular operational environment or toolset as it pertains to the ‘master
mission statement’ issued from on high. It is important to ‘be on the same
page’ – but all of this staff make-work can be reduced to a one page statement
of principles – like a commander’s intent. That’s all that is required, those
captured by the staff process will insist the Russian-doll embedding of
‘strategies’ from the top down is essential to resource allocation. That’s
total rubbish. Resource allocation happens in very discreet settings, not in
those verbose manifestos, and anything produced by the DOD is a mere guide
anyway because Congress calls the shots. All of those staffs need to be
slashed. Any document that cannot state its means, ways, and ends as they link
to foundational principles in a page or two is a total waste of time.
Why do means come first? Because you go to war with the army
you have. You fit your ways to available means. In an ideal world you would
create innovative ways and then be granted the means to fulfil them, but it
just does not happen that way and we need to stop kidding ourselves
otherwise. This does not exclude
innovation, because it is generated outside that strategic loop (for the most
part). When means drives ways you end up with an F-22 in a counterinsurgency,
that was a bit of a cheap shot because F-22s will be valuable in the Pacific
and an advanced fighter program can’t be created out of whole cloth in a matter
of months. Strategic investment is the exception to the means, ways, ends rule.
It is important, but should not be dominant. Currently there is a decided
imbalance and it flows from big, long term acquisition programs to CONOPS. It
should be the other way around in most instances. MI often ears the phrase
‘strategy by CONOP’ as a derisory comment on the absence of strategy – often
due to absence of ‘guidance from higher’. Sound strategy making is in fact
reflected in the CONOP process. An objective is identified. The available means
and ways are assessed to determine whether the objective can be plausibly
achieved. This is an important distinction from what is realistically
achievable because too often that standard is an easy way to avoid entertaining
new thinking. Weak thinkers will condemn this standard as being idealistic and hopelessly
unachievable. That is not what is being recommended here. Plausible is a higher
standard than possible, they are still on the realistic side of the spectrum if
all imaginable options. Good staff work explores all the possible options;
creative staff work refines the possible into plausible options. From there the
best probable option(s) will likely present themselves. These should be shared
with decision makers to further refine the art of the possible. Interacting
with ‘higher’ presenting them with a problem-set, and a series of plausible
options, allows them greater choice and may include means and ways they had not
considered. A staffing process like this builds trust between the operational
force and ‘higher’, leading to greater autonomy and room for maneuver for both
sides. In time, everyone will realize they are on the same side. Imagine that!
Bottom up, ‘possibilist planning’, is already being
practiced out of sheer necessity. It is a practical approach that people use
when they have run out of options and yet the need for success remains
pressing. Possibilism displaces optimism and pessimism, both of which are
dangerous when lives are at stake and there is no clear path forward. They also
distort thinking in destructive ways. Possibilism requires that we be as
objective about the facts as possible. Despite the current domestic political
moment, where America is awash in highly sophisticated propaganda, much of it
home-grown; facts do exist and can be discerned. In fact, the
battle of competing narratives should be seen as nothing more than motivated
reasoning – seeking only the information that supports what you already
believe. This is an incredibly powerful way of thinking and is referred to as
“confirmation bias” in psychology. Motivated reasoning restricts consideration
of what in law is called ‘exculpatory evidence’ – those facts that do not
conform to the theory of the case. Sound strategic and operational planning
must resist the temptations of motivated reasoning. Possibilism is its antidote
and is derived from no less an authority than Aristotle himself (with a bit of
help from Hegel).
Aristotle is the father of science and the scientific
method, Science is the study of cause and effect in the world of natural
phenomena defined as those things in nature that are beyond human control. Like
gravity. Demonstration or proof is essential to finding the truth. Like an
apple falling off a tree. Hegel shows us that the same methodology can be
applied to ideas that are very much a matter of human control. The Hegelian
dialectic sifts competing ideas from hypothesis to thesis to antithesis to
synthesis. The demonstration or proof in this case being the testing of ideas
against alternatives. Therein lies truth.
Aristotle was not a determinist. He believed in free will
and human agency. Humans have the power to make choices that change situations
within their control.
Most of the thing about which we
make decisions, and into which we therefore inquire, present us with alternate
possibilities… all our actions have a contingent character; hardly any of them
are determined by necessity.
Aristotle believed that the realm of possibility was driven
not by scientific analysis but by human intervention and persuasion. His system
of persuasion or methods for reframing compelling narratives is the essence of The
Art of Rhetoric.
Ethos: The will to make change. The author of change must have a strong
character and possess credibility and authenticity.
Logos: The logical structure of argument. It is essential to provide a
rigorous case for transforming problems into possibilities, possibilities into
ideas and ideas into actions.
Pathos: The capacity to empathize. The author of change must be capable of
inspiring movement on a large scale.
“Ordinary words convey only what we know already; it is from
metaphor that we can best get hold of something fresh. To be a master of
metaphor is the greatest thing by far. It is a sign of genius.”
Possibilism is contingent on being open to new ideas – both
data and analysis. The absence of data does not preclude possibility. The only
limit to possibility is necessity, those things that can not be changed. Those
factors are not just external but internal to your decision making. The US
military often gets obsessed with data at the expense of analysis, let along
action. Collection of data is not an end in and of itself. In so many cases, US
military data collection and its application are completely unscientific and
totally meaningless. Often junior personnel who are closer to their college
experience know they are wasting their time but dare not tell ‘higher’. Or
great data is collected but not analyzed. Or, if analyzed, is resident on
servers that then leave with the unit or headquarters during redeployment
cycles. MI has seen this happen constantly in current wars and the observation
is mirrored in accounts of past wars (see the MI entry on Ellsberg’s Secrets).
Maintaining the discipline if keeping an open system of
thought is hard. It demands much more effort than a closed system where
‘everybody knows what the boss wants’ while the boss grumbles that his/her
staff is not presenting anything new. This happens at all levels of command.
President Obama famously sent the Chairman of the Joint Chiefs and SECDEF back
to create better options on more than one occasion. By that, President Obama
meant authentic choice, not two impossible ’options’ sandwiched around the only
COA that DOD wanted all along. It is true that once you get to that level a lot
of choice has been removed from the system. This is by design, easy choices
should not make the President’s desk, this merely reinforced the point that an
open system from the bottom up is important to maximize choice for all burdened
with that responsibility up the chain of command.
Empathy is vital to possibilism and effective intelligence
and decision making. It is foremost about understanding the opponent. Webster
defines empathy thus:
The action of understanding, being
aware of, being sensitive to, and vicariously experiencing the feelings, thoughts,
and experience of another of either the past or present, without having the
feelings thoughts and experiences, fully communicated in an objectively
explicit manner.
There could barely be a better definition of intelligence in
the service of statecraft. The best intelligence professionals and strategic
leaders are able to put themselves in the shoes of their opponents, to know
what he is thinking and what he values most.
The constant refrain for years after 9/11 was ‘why do they
hate us?’ Nothing could better illustrate a failure if empathy. Had we known in
advance why we were hated, there is the possibility that atrocity and all that
came after it might have been avoided. This is not to say no one knew. But they
were insufficient in number and standing to be heard. History is replete with
cases where opponents failed to grasp the thoughts and motivations if one
another. This is why Clausewitz cautioned leaders not to embark on war unless
they fully appreciated the true character of the conflict.
It is insufficient to collect
the dots if the system is incapable of connecting
the dots. The collection of data is insufficient in itself to generate
meaningful understanding. It must be in the service of creating or enhancing
empathy of the opponent. This applies throughout the conflict spectrum, namely
before, during, and after wars. A strategy that lacks empathy is bound to fail
because it cannot hope to address those issues that the opponent values most,
politics concerns the negotiation of interests between two or more parties,
whether it is conducted by discussion or by other means. Clarity as to one’s
own interests and those of the opponent are vital to successful negotiations
and/or the termination of hostilities resulting in lasting agreement. The
definition of interests is one of a set of assumptions that needs to be checked
and rechecked by strategic planners and decision makers.
The international system is currently characterized as a
multipolar system at risk of destabilization due tit e rise of powerful
revisionist powers. Empathy-driven possibilism is vital to appreciating the
context if competition between status quo and revisionist powers. By
definition, revisionists seek to alter the status quo by reimagining or
reframing a collective narrative in terms of the primacy of their interests. We see this in
domestic politics all the time. The competition of narratives is fierce. So
far, the possibility of the resort to other means appears remote, but not
entirely implausible. Indeed, the complete absence of empathy in the domestic
political context is a driver to the dark side of human passion that appears to
be as yet unchecked. The outright demonization of political opponents and lust
for prosecutorial solutions to differing world views is one the rise in the
United States. This is a cause for serious concern and the subject of a future
assessment on MI.
International revisionism is rampant and on the march in
almost all quarters, whether it is soft revisionism of Brexit or the hard
revisionism of Russia, Iran, China, or ISIS. Liberal democracies are under
serious threat from within and without. The rise of authoritarian revisionism
is currently enjoying a broad renaissance. It is not some stage past which
political evolution cannot return. Authoritarianism is not monolithic. It too
is a matter of degrees, best understood in a spectrum from soft to hard to
total, it is creeping into locations where it has not previously existed and
intensifying and hardening where it enjoys purchase among disgruntled or
coerced peoples. The United States is an example of the former, and the
Philippines, Turkey, and much of Eastern Europe, the latter. The great
democratic revival following the cold war, which saw a swath of countries turn
away from their authoritarian roots, is being reversed not just in Europe but
in what were fledgling democracies in Asia and Africa.
The disunity within and among the liberal democracies that
are also great powers suggests that the initiative has passed to the
revisionists. Multipolarity and the distinct withdrawal of the United States from
international leadership across a range of global issues further compounds the
power of, and opportunities available to, the revisionists. A great
illustration of the foreseeable strife to come is found in the Iran case. In
December 2017, Iraqi forces finally destroyed all remaining effective power of
ISIS in that country. It will not be long before Syria has completely crushed
its own ISIS threat. The Iraqi case should be celebrated as proof of the train,
assist, advise and support model of US operations – the light footprint
approach initiated at the end of the Bush Administration. To some degree, this
has been just such a success, particularly in light of the contribution of
Kurdish forces in the counter-ISIS fight. However, this is not the whole story.
As was the case soon after the US invasion, Iran has played a central role both
politically and militarily in both Iraq and Syria to counter the Sunni-based
ISIS threat. Iran and its proxies have arguably been much more important to the
defeat of ISIS than the efforts if the United States. Notably, Iran has long
penetrated Iraqi Kurds and has its own Kurdish proxies so there is a question
mark over how much the US has achieved even with the Kurds. For many American
military and strategic leaders, this will be a difficult data point to accept,
but it cannot be ignored. Pretending Iran is not expanding its power and
influence across the Middle East and around the rim of the Persian Gulf serves
no purpose than to confuse our own thinking. This is precisely the kind of
mistake MI is concerned about and a driver behind this assignment. The fact is
the American invasion of Iraq and the elimination of the regime removed a
bulwark against Iran’s power and influence. Iran had no hope to topple Saddam
Hussein by itself. His iron grip was too tight to allow an Iranian backed
insurgency to flourish and, following the long and inconclusive conventional
war in the 1980s, Iran had given up on conventional solutions to its Saddam
problem.
Does the United States employ empathy in assessing Iran’s
interests, capabilities and intentions? Do we really understand their drive to
Empire and objective of subordinating the Sunni world to its influence, if not
power? Further, Iran seeks to eject the
US from the region in order to further consolidate its position. Possibly the
worst thing the US could do is invade Iran. This might have been a
consideration back in the early 2000s, but it has effectively been ruled out by
Iranian subversion against the US all around Iran’s borders. American will,
blood, and treasure have been sufficiently drained over the past decade by a
thousand cuts, that Iran really does not need a nuclear deterrent to ensure the
survival of its regime. The internal threat is another matter. But again, the
unsubtle ‘diplomacy’ recently employed by Washington in the region has been a
unifying vehicle within Iran and has significantly diluted the authority and
standing if the regime’s opponents. Had empathy been utilized, this shortfall
in US persuasion efforts might have been anticipated and avoided. Both Saudi
Arabia and Israel’s influence over the White House have contributed to short
term tactical goals at the expense if a pragmatic and patient strategic policy.
Intelligence collection against Iran lacks for nothing.
Specialized assessment houses may be rich in empathic analysis. Yet the actions
of the United States suggest that Iran policy is being driven from outside
these channels, there are too many unforced errors to be the product of a
robust and rigorous possibilist approach. Without being able to look under the
hood of US diplomacy, it is hard to pinpoint where the problems lie, but then
again, the chaos at Foggy Bottom is quite openly displayed at present,
Dysfunction merely multiplies the consequences of US withdrawal from global
affairs. The recent reporting by Michael
Lewis in October’s Vanity Fair concerning the Trump approach to running the
Energy Department is alarming (Oct 2017). Lewis catalogues what appears to be a
deliberate policy to dismantle the department from the inside, which was part
if candidate Trump’s promise to essentially destroy government as we know it.
The same is happening at State and EPS et al, if reports are to be believed.
The one place where signature cut backs are needed, the DOD, is no doubt
protected by Secretary Mattis, who seems to be the only independent member of
the cabinet. MI should stress that there is a world of difference between
well-thought-out and necessary brush clearing and scorched earth ransacking.
SOS and the IC need surgery to be sire, but amputation at the neck is pushing a
good idea way too far.
The recently released National Security Strategy (2017)
outlines key principles but, like its predecessors, it fails to clearly
articulate means, ways, and ends. The nesting Russian dolls that follow,
starting with the National Military Strategy on down, will all suffer the same
failures. It’s time for a new approach. These important principles should be
distilled into a few pages. The incredible talent resident on the Joint Staff
and in COCOMs around the world need to be freed from world policing duties and
the enforcement of lock-step groupthink, and turned loose on the thorny
problems that beset America charged with finding effective, efficient, and
imaginative concepts of operations to detect, deter and defeat the full
spectrum of threats leveled at the United States, its allies and friends. The
DOD and other agencies did not spend millions on sending their top people to
Staff and War Colleges, taking a key human asset offline for a year, just so
they could forget the critical thinking skills they we taught, to go back to
changing ‘happy’ to ‘glad’ in empty documents that masquerade as strategy.
Possibilist strategic planning needs to be adopted across
the DOD and IC. Separation of intelligence from planning and operations makes
for clear hierarchical flow charts, but does not make for cohesive actions on
the ground. After studying this issue for over a decade, MI recommends a hybrid
structure, the nucleus of which is the small planning cell, called a Mission
Action Cell, or ‘MAC’, comprised of three categories of thinkers: analysts,
operators, and engineers. This works at all levels of command. Using the
supported-supporting concept, higher command will typically focus on analytical
tasks, but these must be infused with real-world insights from operators and
engineers to assess what is possible. Imagination unwedded to reality is as
useless as no imagination at all. At the pointy end of the spear, the operator
will be supported by a dedicated analyst and engineer to explore and test new
TTPs permitted by intelligence insights and technology, respectively. There
will also be unique circumstances, where the mission is technology dependent, in
which placing the engineer as the supported element makes best sense. Ideally,
these groups need to be kept as small as possible and emphasis placed on strong
working relationships. It is always better to have team players than one
all-star who infuriates the rest of the team. A true all-star (and they do
exist), who is an individualist and incapable of working in a team, should be
used as an advisor for brief periods of problem solving. Such teams can be
geographically or functionally arranged, as needed. There will always be loose
ends and difficult overlaps, as there are in any system. Teams should be
mission or objective driven (the latter indicating a wider goal than just one
mission). Planning staffs should be empowered to self organize MACs and stay
fluid. That means form and reform over missions or objectives; do not stay
static.
Leadership should be restructured, too, along ‘National’,
‘Theater’, and ‘Tactical’ lines in accordance with the mission or objective.
That way the right expertise can be applied to the problem regardless of
traditional boundaries – be they geographic, organizational, or bureaucratic.
In the MAC construct, if the engineer has the best solution, she should lead.
This is the heart of self-organization.
MI accepts this might be difficult to achieve given extant leadership
structures and chains of command, but the fact is, much of what is suggested
here for structural change has already been practiced in an ad hoc way at all
levels of command. OPERATION NEPTUNE SPEAR and OPERATION OLMYPIC GAMES are
useful examples where particular expertise were brought to bear in MAC-like
organizations, although these grew in size, the cellular structure could
accommodate the growth in the network. The rise of the Task Force at the NSC
level on down demonstrates the need for this realignment. The suggestions made
here are based on years of observing the pros and cons of the Task Force model.
Mission Action Cells rightly put the emphasis of their
purpose on action. Self-organizing and self-regulating, the MAC structure pushed
decision making down to the lowest practical level. The cellular construction
if MACs around an objective or mission is inherently flexible because they are
fundamentally based on networks not hierarchies. Networks serve outcomes,
hierarchies serve bureaucracy. Look around the DOD, interagency and growth
areas of the US economy (Silicon Valley), those organizations that are
prospering are networked. Technologies like Slack can facilitate network
structures but the key is culture. By this, MI means the mindset that is
brought to bear on the problems being solved. Changing the cultures if the DOD
is an ambitious project. But, let’s face facts. We have not won any wars
lately. What better motivation do we need to engage in strategic possibilism,
to explore better ways of doing business? For all our power, money, technology,
and the best people, (defined by skills and motivation), can we not come up
with a better way of doing business than a 19th century French
general whose army marched in squares on the battlefield wearing fur topped
hats?
A final word on structure. The HQs would continue to supply
the forces that support the MACs. The ‘man, train, and equip’ function is
impossible to avoid, but that does not mean its objectives can’t be fashioned
around the MAC concept. The question is what to do with the COCOMs? Originally
organized around AOs, to their number a small group of functional commands
emerged, SOCOM, STRATCOM, and CYBERCOM. The forces behind the functional
commands are also behind the MAC concept. It is probably asking too much to
deconstruct the COCOM model, despite its obvious limitations. For example,
Pakistan, India, and Afghanistan are three sides of a strategic triangle that
is separated by COCOM boundaries. This has real world impacts on how we think
about the problems in the triangle and act on the resulting plans. Still,
organizing globally around MACs would be a disaster, at least in the
administrative sense. Just think of all the organizations required to be
involved in certain territorial spaces. Yet equally, MACs that truly transcend boundaries
will be ineffective if their chains of command get interrupted at the COCOM
boundary. One solution might be to acknowledge the administrative functions of
the COCOMs relative to the operationally focused MACs in their AM the way HQs
support COCOMs. The intelligence planning and operational functions would be
the domain of the MACs while logistics, C2 and other support functions stay
with the COCOMs. This clearly needs further expert analysis, but all of it is
possible.
MACs would also facilitate the integration of the IC and IA
into an objective oriented missioned focus approach to solving problems and
proving options to decision makers regardless of institutional boundaries.
The bigger issue in this recommendation is not the
structure, but the culture if national security planning and execution. Closed
hierarchical innovation resistant methods have got to give. The DOD, IC, and
USG needs to get back to basics and adopt a strategic possibilist mindset,
based on Aristotelian logic, as the key pathway to innovation in thinking and
doing national security. The days of going to war on PowerPoint need to be
over. At the strategic level, we need to go back to long dorm narrative
position papers that fully explicate reasoning behind policy choices ensuring
hypotheses are rigorously tested, counter arguments are refuted or
accommodated, and effective solutions adopted. All the excuses that this is too
hard or there is not enough time, or it will never work, are just that –
excuses. We have to accept what we are doing is not working. There are patches
of excellence. We must build upon these. Strategic possibilism and a new
mission-focused MAC structure might point the way.
Military planning is suited to the machine age. It is a
‘join-the-dots’, meets ‘color-by-numbers’, rote, 12 step program. Consistency,
coordination, timing, deconfliction, these are essential to mass-based,
machine-driven warfare. By default, they also drive other operations as well,
if not directly, certainly indirectly via support requirements and the like.
The military planning process is as good as far as it goes, but it stifles creativity,
traditional military planning processes leave that to a commander and his/her
genius. Why limit possibilities? Warfare has always been a fundamentally human
endeavor. That will never change. Its character and conduct are increasingly
focused on small groups and individuals – people, not massed armies.
America still thinks in terms of mass industrialized
warfare. WWII is over. Technology has
given individuals intelligence power in their hands that used to only be
available to commanders. There is more computing power in a smart phone than in
the systems that put man on the moon. Your phone provides you with satellite
imagery on real time that far exceeds the coverage and resolution than handed
to President Kennedy during the Cuban Missile Crisis. Moving maps, mobile
communications, finance, photos and videos, everything an army needed
battalions to provide to HQ in the past, all now in your hands and that of the
WMD-armed terrorist (for example) turning that terrorist into the ultimate
smart bomb.
The ‘color-by-numbers’, top-down, hierarchical mode of doing
business has long since been abandoned across human activity, including war, at
least by adaptive thinking bad guys. They have re-visioned warfare, in the
pursuit of a ‘David’s Advantage’ against the status quo ‘Goliath’s. Warfare has
sped up since Gudarian’s Panzers swept Western Europe. Guardian’s War moves at
the speed of light flashing through fiber optic cables to supersonic drones. It
is no longer linear. Fighter Command no longer waits for the bell to ring to
run to the spitfires to engage massed bombers.
A virus sneaks undetected into the Fort and brings it to its knees
without a shot being fired. If you are reading this on the metro going to work,
the person sitting next to you in the black jacket might be the next George S
Patton, but it’s more likely he will be the next Edward Snowden or Osama bin
Laden. He is not helpfully wearing a uniform with a death skull on it to hint
at his intent. He’s just a commuter with the power to earn a salary and put his
kids through school, or to ensure you never see yours again.
The intelligence cycle and the military planning 12 step
programs are hopelessly out of date. Machine thinking needs to give way to a
biological mindset, one that emphasizes non-linearity, movement, viral
contagion, where good ideas move at the speed of social media and the limits of
possibility are circumscribed only by those things outside of human control –
the rest is up for negotiation. MI likes to think of this as moving from Circular
to Heliacal thinking. The Helix bends and curves, it has information moving in
all directions, bit the arc of the helix bends to discovery. It might mutate,
or it might evolve, but it moves. Circular thinking does not.
A counter argument for machinist thinking might be that it’s
easier to teach – a check-list can be followed by the lowest enlisted warrior
in times of stress (or those operating actual machines of war – where accurate
performance is required). Again, the
draft is over, folks. The quality of personnel is at a historical high. The
frustrations of machine thinking can be read in the blogs (and now books) of
field grade officers who got out, frustrated that their talents were not being
tapped. Hopefully they all went to satisfying jobs in Silicon Valley – many did
– and they still want to give back but the huge grey/green monster has no place
for them. This is wrong. Their opposite numbers in ISIS and Iran don’t have
Silicon Valley to turn to, so they live in and innovate with a revolutionary’s
zeal. While our best and brightest, who want to innovate, are sidelines
as being too disruptive. Ironic, no?
Part of MIs evolving mission is to offer new ideas
/perspectives. Some might find this disruptive. If you read MI and get agitated
– fantastic! If you got bored – that would be a million times worse. Money is
no substitute for creative thought. In fact it might be a hindrance. The
apocryphal board room meeting where the CEO says “Gentlemen, we have run out of
money, now we must think,” will always have purchase, and no more so than in
the US DOD. Constraint, and not abundance, is often the motivation to
innovation. In the comparatively resource-rich US national security world, the
key constraint more often than not is a will to innovate and a culture that is comfortable
with curiosity and novelty.
In the DOD, ‘we don’t have the resources’ is a typical
lament. What is never heard is ‘alas, we don’t have imagination’ – except in
national commissions that follow strategic disasters.
We lament the lack of resources all the time. Yet, how often
have you heard someone say ‘We have too much curiosity around here. We keep
picking apart our assumptions. There is simply too much imagination being
exercised here.’
At the risk of creating a new 12 step program and thus
defeating the whole point, MI acknowledges that PowerPoint thinking is so
deeply ingrained in DOD thinking that it would probably be useful to readers to
present possibilism in a slide, if for no other reason than to clarify where in
the process certain steps should be followed. We hope it was clear enough in
our narrative but present the slide as a summary. The key phrases are thus: curiosity
– division of necessity form possibility – analysis generated empathy –
combined with audacity – leading to the creation of an innovating plan that
uses resources to achieve an objective.
For an example of possibilist thinking, read Robert Baer’s The
Devil We Know: Dealing With the New Iranian Superpower, Crown: NY, 2008.
Baer completely changed MIs mind on how to deal with Iran and why it’s
important to drop established assumptions and reconsider from the ground up how
to find advantage in what appears to be a no-win situation for the US. In
short, Baer advocates dropping our long-held alignment with Sunni states in
favor of finding common cause with Shia Iran, he shows how American thinkers
have missed Iran’s evolution from revolutionary state to exporter of terrorism
to stable grounded superpower driven by interests and not as ideologically
rigid as is assumed in orthodox assessments of Iran. By contrast, Sunni states
in the Gulf are incapable of defending themselves; they are weak and states in
name only. They are challenged by radical Sunni extremists who are nihilists
without a political agenda. Al-Qaeda, ISIS, and their kin desire to kill all
those who do not believe as they do – Muslim or not. Yes, they want a Caliphate
but they offer nothing beyond a return to 7th C draconianism. Baer
makes a strong case that not only does Iran have the most powerful position and
military capabilities in the region; it is driven by traditional state
interests. “Ijtihad” is a Shia doctrine practiced by the Iranians that permits
the exercise if independent judgment and allows for interpretations of The
Koran according to reason and precedent. In sum, Iran is rational, Sunni terror
groups are not. Iran is a powerful political, economic and cultural entity
within a strong state architecture. None of these conditions apply to Sunni
states or the terrorists that seek to unseat state power. Iran is organized,
the Sunnis are not. He argues to settle with Iran as the best – or least worst
– prospect for stability in the region, allowing the US to significantly reduce
its footprint and thus resource allocation to the region. A settlement with
Iran would also reflect the power realities on the ground in the Middle East
and in many ways make local problems Iran’s problem, not ours.
Let Iran assume a leadership role with all the onerous
responsibilities and costs of being a balancer.
This is a radical proposition. But Baer presents it with
significant supporting evidence and reasoning. Clearly traditional ways of
doing business has not resulted in positive outcomes for the US nor do new
opportunities for stability and comity appear to be on the horizon. The Baer
plan would sure shake things up and while there is significant risk for strife,
especially given the position this would put Israel in, in the long term it
might in fact help out Israeli partners because their current trajectory is not
at all a positive one regardless of whether Sunnis or Shia are their main
opponents.
The point for our poses however, is to illustrate how
possibilism can generate some creative disruption, if for no other purpose than
to encourage reframing old problems in new ways that from a different perspective,
might offer new opportunities that otherwise were not previously visible.
Think differently.
Monday, December 18, 2017
The Blockchain and National Power
Bitcoin has jumped in price from $600 to $13,000 (at time of
writing) and shows no sign of slowing down. MI estimates that Bitcoin (฿) and Ether, a sister cryprocurrency will continue their
rise for the foreseeable future. its rise will not be linear as those who don’t
understand it jump in and out, but its long-term trendlinsa will remain
positive unless and until either the infrastructure can’t keep up or an as yet
unknown flaw in the blockchain is discovered. corrections wil happen and
eventually a floor will be established, but there is still a long way to go
before the world arrives at that point. This assessment will explain how
cryptocurrencies and more importantly, the blockchain technology underpinning
them, have the potential to upend global finance and thus the architecture of
economic and social relations.
The blockchain is a
global open ledger. every single transaction is resolved across the entire
distribution system simultaneously. Each transaction has a digital fingerprint
and time/date stamp. The fingerprint is independantly verified per transaction
by third party ‘accountants’. As more transactions occur, the fingerprint grows
ao that every single transaction is recorded through time and space against the
item being transacted. The item can be anything. The system started with ฿ but
the item being tracked could be physical (like a car or a house deed) or
intangible (like a cyber currency).
Tthis admittedly simple
sounding system will revolutionalize the global order. First, it removes the middleman
in any transaction. In currency, a bank is a middleman, so too are governments.
Banks facilitate and reconcile the trade of $1 from Jane to Mary. Governments
provide a legal frasmework wihtin which Jane and Mary conduct their
transaction, and in most cases take a slice (taxes). The blockchain connects
Jane to Mary directly, their transaction is not conducted by a bank or approved
by a government. Their transaction is between them, the specifics are not
visible to anyone but Jane and Mary. The existance of the transaction is
verified not by Jane or Mary but by thrid partiesm the ‘accountants’. The
verification takes place across all the platforms in the system at the same
time. It is not mediated by a central pointm like a bank.
Guess who is worried
about the blockchain? That’s right! Banks and governments! Global exchange of
value, of any value, has shifted from a hierarchy beset with choke points to a
distributed network. This changes everything! Banks and governments can no
longer control finance or any other form of exchange in human relations. In
fact, the blockchain renders banks irrelevant. We no longer need them to verify
a transaction has taken place, nor do er need them to store the thing of value
being traded or exchanged. When a
transaction takes place in the blockchain, everyone in the system is informed
of the transaction by the change in the ledger, which is available to all, not
held by a bank or a government.
What is the incentive for
3rd party ‘accountants’ to do the verification of a transaction? Simple, they
are paid for that work. In cryptocurrency terms, these accountants are called ‘miners’
which MI thinks is a misnomer. They are not really digging ฿ out of the ground,
they are in fact anonymously verifying, cross referencing, and updating the ledger in
exchange for a fracitonal payment drawn from each transaction. ฿ ‘farms’ or ‘mines’
can be built by anyone, and consist of special computer lashed up together to
maximise the processing power required to verify transactions. The more
machines, the faster they run, the more payment for providing this service. Note
this service can be preovided by anyone, not approved actors in the system –
which is what banks are in global finance.The system of verification is not
just open to anyone with the right equipment (basically a souped up PC), it is
also a global distributed network, and more importantly, it is self-regulating.
Imagine a world without
banks to process transactions and store value? How wil governments surveil,
regulate, and tax people and businesses in their territories and beyond?
Blockchain eliminates the need for offshore banking and all that comes with it –
shell company structures, lawyers and accountants, both in the home
jurisdiction and in the offshore jurisdiction. Once tax havens twig to the fact
that a ฿ wallet is a personalized offshore tax haven that you can carry in your
pocket, and that requires no administration, a lot of island paradises will have
to rely on tourism alone.
The ‘Panama Papers’ and
the more recent ‘Paradise Papers’ revealled the tax cheats of the super rich.
Perhaps ‘tax hack’ is a better term because much of offshore banking is legal.
When faced with a $14 billion tax bill in Ireland, Apple simply moved its
operations to Jersey, an island tax haven between Ireland and the UK. The 2017
tax reform debate was marketed at least in part as a way to encourage
corporations to onshore their cash back into the US (although that does not
guarantee they will automatically invest the trillions of dollars languishing
offshore. They could equally just languish in US holdings). Blockchain and cryptocurriencies remove the
requirement for all the cat and mouse with the IRS.
A key feature of ฿ and the
hundreds of other cryptocurrencies springing up everywhere is they rest in a digital wallet. The identity behind that wallet is
anonymous. So too is its location. As the name should imply, a cryptocurrency
is a digital code that represents a certain value. That’s it. It is either in a
ballet or it is not. No one knows who owns the wallet r the jurisdiction in
which it exists at any point in time. A wallet is highly mobile. It can be on a
cell phone, laptop, thumb drive, or in cyberspace. Lose the chip where the data
is stored and you lose your millions. That does not mean someine else will get
access to it – they wills till ened the password. [Thus the importance of
password gatekeepers that create uncrackable passwords. Their weak spot is the
password to access the gatekeeper. Still, nothing is perfect, and the best way
in remains human engineering (social manipulation)].
The US long ago got rid
of the $1000 bill and the EI recently eliminated the €500 (euro) note to make it harder for criminals to move bulk
cash. ฿ makes it possible to move unlimited amounts on a thumb drive – or in
cyberspace. This completely bypasses state controls on borders and in global
finance – where banks communicate via the SWIFT system and via both the Reserve
bank in the countries party to a transaction but often also a major international
bank which acts as a commercial clearing house. All of that is bypassed by ฿.
Stopped at the border with more than $10,000 in cash? That’s a federal crime.
With a ฿ wallet you can walk past that nice CBP officer wiht $10M on your flash
drive attached to your key fob.
So guess who is flooding
the zone of cryptocurrencies (CC)? Banks! Morgan Stanley, Chase, and a who’s
who of American and international banking are all getting in on the act. They
know better than anyone else that if they don’t, they cease to have a reason to
exist. Talk about panic! THis is one of the motivations behind all the new
cryptocurrencies flooding the market. Each is looking to enhance the drawbacks
of ฿ but much more importantly, to insert some form of control into this new
financial space. All of this misses the point that anonymity and privacy are
the most prized feature of CC. This also partly refelects the fact that a lot
of people are still struggling with comprehending what the blockchain represents and how
influential it will turn out to be. Is it a stock? Is it a currency? Is it an
inventory control system? Is it a clearing house for property transactions? The
answer is yes. ots confusing to people because blockchaings revolutionize all
of these vital elements of economic interaction in the US and around the world.
Of course, none of this
matters if businesses do not accept payment in ฿ (etc). A key reason why the
value of ฿ shot through the roof in 2017 was its adoption by major movers in
retail. Its adoption by second tier corporations was a useful indicator, but MI
along with the rest of the world, or so it seems, was waiting to see if the
silverbacks of global retail would permit payments in ฿ on their platforms. As
soon as Amazon and Walmart moved, ฿ would take off. They both started accepting
฿ in their websites in early 2017 and ฿ value has been surging ever since.
its seemingly astronomic
value will keep surging as the rest if the retail and banking world bandwagons.
Hedge funds are now rushing into the zone. The general public, wondering what
this strange button is on their Amazon pages, or hearing about massive price
spikes, are treating ฿ like a stock and also rushing in – why use it to buy a
tv when its price might double by next week. When it first started out an early
adopter decided to convince his local pizza delivery company to accept ฿10,000 for a pepperoni pie. He advertised the
transaction on social media and the value of ฿ doubled to a few cents.
At the time of writing, ฿ was $13,000. That was some pizza! J
฿ has been volatile.
Savvy investors know, where volatility exists, so does risk, but also
incredible profit. Aside from the herd rushing in and out on the occasional
scare, the big boys keep coming in – hard. That’s the key metric. They are not
taking on that much risk as yet, but nor has ฿ reached anything like a plateau.
The most serious risks involve a failure of the blockchain software(there have
been legitimate scares and corrections in this domain and its governance
remains opaque, by design, but possibly not sustainable in the long term), or a
failure in supporting infrastructure.
Coinbase is instructive
in this regard. It is currently one of the top CC exchanges in the US at the
time of writing. The USG has been trying to force Coinbase to give up the
identities of its customers. It got ugly pretty quickly. So far Coinbase has
refused to hand over all its files but but has agreed to disclose its top 3% of
CC holders. What the USG is missing in
its overzealous pursuit of ฿ traders is
they don’t have to use US exchanges. They will force buyers and sellers of CC
off shore where they will be that much harder to surveil and control. For an
Administration that is supposed to be about eliminating regulations and being
pro-small business, this attack on Coinbase seems to be poorly thought out and
slapdash in implementation. It will
likely be futile. The smell of panic behind that action may indicate that
Treasury does not have much faith in its joint partnerships with other CC
purveyors who are marketing CCs wiht tracking features (which of course defeats
the point of CCs). Still, there is a long way to go and this is just a first shot
across the bow by a worried government. They should be worried, they have a lot
to lose (see below).
MI’s
guess is that most ‘mom and pop’ users of CCs will see them as an investment
not a currency and treat them accordingly. They will buy them via their 401ks
in their own names etc. Those that are offshoring today will be CCing tomorrow
and they will be very hard to control as things currently stand. The USG needs
to sit back and take a long perspective on this challenge and be smart about
it. Panic will only hasten the thing they fear the most.
What is this fear? The
blockchain blinds the Leviathan. The domestic and international financial power
of the United States will be profoundly impacted by the blockchain. Without the
ability to observe financial transactions, the US loses control. it’s that
simple. This will have prosaic and profound implications. Financial
intelligence is a huge industry but it is also a crucial element of national
intellegence that it little understood outside if financial circles. Iran came
to the negotiation table because of targeted sanctions (and unlike the DPRKm
its economy was more advanced and thus vulnerable to economic pressure). America’s power to manipulate global finances
has dramatically escalated in the wake of 9/11 where Congress weaponized
finance as a counter terrorism tool.Such weapons can manipulate a whole economy
or be applied just against a dictator and his cronies – which in turn may promot
that dictator to try and meddle in a US election as payback... just sayin’.
But the dangers to the
USG are more profound than its ability to directly control the system of clobal
finance and trade. It should fear its loss of indict control and indeed
influence on the system. In other words, the primacy of the US dollar ($) as
the global reserve currency. During the 2008 crisis, there was talk of the Euro
superceeding the $ as capital flight to stability assessed Europe as the best
bet. At that point , so the reasoning went, Brussels and not DC would call the
shots, creditors and debtors would flee into the Euro and the valus of the US$
would plummet as teh mask protecting massive US debt, trade imbalances and all
the rest, was ripped away by the force if the crisis. When the world depended
on the US$ all of these pressures could be ignored, take away that dependance
and things would change overnight.
There is an intersting
anecdote in David E. Sanger’s Confront and Conceal
that discusses a Chinese delegation that came to the US during the crisis. They
had no interest in discussing macro or micro economic policies and plans, all
they asked about was how was the US$ going to be stabilized so the debt they
were owed would not simply disappear. America’s banker had come to town and
they wanted to be sure they would be paid back. Indeed, it was they who floated
the threat to shift to the Euro but that was always more rhetorical than real
given the crippling effect it would have had on their debtor’s ability to pay
them back.
Should the ฿ supplant the
US$ and the global reserve currency, the US would lose its direct and indirect
control over global finance overnight. A generation of irresponsible governance
that blythely allowed cheap gimmick tax cuts in the face of two endless wars,
and at the expense of much needed investments in infrastructure, people and
services upon which a modern economy depend, has run up an unimaginable tab
that will one day have to be paid. Such a day of reckoning would dwarf the 2008
crash because the entire system would implode, not just one important sector
(housing finance).
If America sneezes and
the world catches a cold, then it follows that if America has a massive brain
hemmorhage, the world as we know it could end. The one possibility to avert
total disaster may be in the seeds of its potential destruction. The blockchain.
If it is introducedm adoptedm and settled into dominance through careful
planning and implementation, there may be ways for the economists to avoid
catastrophe. Thankfully, Washington is well known for long range, well thought
out, deliberate planning. Where other countries think in 24 hour news cycles or
2 year election cycles, Washington thinks in terms of generations and is
willing to sacrifice its acute need for immediate gratification in order ot
position itself for gain in the medium to long term. (That’s MI sarcasm, dear
reader.)
In every great crisis, a
leader for the times seems to emerge. Who will be the blockchain Lincoln?
Friday, December 1, 2017
Little Big Horn – Cyber Edition
1Dec17
The Fort has fallen. Its defenses are down. The armory has been blown wide open and every last weapon stolen. Thousands of defenders manning their positions in a series of layered perimeters were unable to detect, let alone stop, the onslaught. The Fort’s Commander was unable to rally his troops to protect the heartland. The frontier will never be the same again. The insurgents are now in charge. With the weapons they stole they can roam, pillage, and destroy at will. No target is out of their reach. The world will never be the same again.
At Fort Meade, Maryland, cyber-Custer, Admiral Mike Rogers, and
his once-invincible forces were not left in a bloody heap. They continue to sit
in their cubicles, sipping their lattes, careful not to burn their lips. The
absence of physical destruction belies the devastation within. Make no mistake,
they have been hit much harder than George Custer and his troops. Their deaths,
while tragic, did not change the strategic landscape, the contemporary reprise
of Little Big Horn has already eclipsed
anything that has come before it. The Snowden revelations are nothing
compared to cyber-Little Big Horn. This assessment will explain the
significance of the attack and explore the consequences for US Security going
forward.
Edward Snowden did not release his stolen files directly to the
web, He handed them over to newspapers, leaving their editorial processes to
decide what was, and was not, in the public interest. The worst of the Snowden
files exposed Top Secret ‘named operations’ then underway. It revealed a vast
surveillance program that operated outside of established conventions and laws.
Snowden’s files were very valuable to America’s enemies because they enabled
them to ‘connect the dots’ on NSA capabilities and operational focus. By
contrast, cyber-Little Big Horn exposed named operations, but went much further
– actual weapons were stolen. Weapons that took billons of dollars to develop
in the most clandestine labs run by the USG. Weapons that gave their possessor
untold power. Weapons that could now be turned against the mist technologically
dependent country in the world. The United States of America.
In Confucianism, the TAO is ‘the correct way’ (or ‘Heaven’s way’)
to understanding the source of all things. America had decoded the TAO. This
precious knowledge was used to create the closest any country has come to
omniscience, and thus, omnipotence. The TAO was stolen right from under the
nose of the NSA and is now for sale on the dark web to anyone. Iran, North
Korea, ISIS, fat kids in basements, for a small fee they now wield the greatest
cyber weapons ever invented. In the secret world, particularly at the cutting
edge, where imagination and creativity reign, special organizations take on
names and unit patches that are in-jokes to the select few who are ‘read-in’ to
their programs. Tailored Access Operations, or TAO, was the jewel in the crown
of the NSA and US Cyber Command. TAO gave these powerful intelligence and
operations arms of government god-like access and control of virtually any
system on earth – even ‘air-gapped’ systems. There is almost no human activity
on earth that is not dependent at some point on networked computers. TAO gave
America the source of all things.
From this secret knowledge, a series if super-weapons were created
that facilitated clandestine and covert access, and if needed, control of
computer networked operations both military and civil, of any country on earth.
Need to shut down an air defense system in order to run a CT mission undetected
inside a city? TAO might be one of the arrows in the quiver. Need to ensure an
opponent can’t access funds or special components for their WMD programs? TAO
might help. Need to break a sufficient number of centrifuges to delay the
progress of a secret nuclear program? TAO is there for you. Need to blow up ICBMs on their launch pads
before they are launched against San Francisco> Who ya gonna call?
Often TAOs weapons were not used because the risk of revealing the
existence of the program was a far higher cost than the estimated benefit if
the deployment if the weapon. This is a serious leadership challenge. Getting
the cost/benefit risk assessment right for programs of national significance
requires very fine judgement. There will be cases where very important
operations that can’t be done by other means, will be passed over simply
because the risk of exposure. This should give some sense of the importance and
impact of this hack.
The Fort was attacked by a group that goes by the name ‘The Shadow
Brokers’. Unsurprisingly very little is known about them and just how, exactly,
they took down Ft Meade. The NSA and USCYBERCOMMAND are at the very forefront
of cyber security, both defense and offense. It is unimaginable that they were
hacked. Unimaginable to whom? Herein lies an important challenge in
intelligence, seeing things for what they are, not as we’d like to see them. To
date, investigations have focused on three employees. Human error or outright
espionage are suspected. The following observations are all made based on
alleged conduct portrayed in credible newspapers. One suspect has not been
named nor much information released about them at all. Another, Reality Winner
[sic] is accused of releasing one Top Secret document that refuted a claim by
President Trump. The final person of interest is Harold T Martin III who was
arrested after a significant cache of classified materials was found at his
home. Based on current reporting, neither of the named suspects appears to have
had sufficient data to be part of the Shadow Brokers plot, at least knowingly
and directly. Mr. Martin’s story will sound familiar to those who know the Ft.
Highly intelligent, a huge nerd (that should go without saying), possibly
lacking many friends and certainly lacking any hobbies, was fascinated by his
work and took it home with him, despite the prohibition on removing classified
information from secure facilities. Reports suggest he was removing classified
information from secure facilities. Reports suggest he was over-dedicated to
his work, not a spy. Still, the poor guy will pay an outsized price for being
an eccentric who lost track of the rules in his laser focus on the fascinating
challenges of solving puzzles. It is a crying shame the system didn’t help him
before his obsession went this far.
The unknown suspect is the most interesting at this stage. He or
she was a software developer and arrested for taking NSA classified material
home in 2015. It is alleged that Russian hackers accessed some of those files,
whether wittingly or not, has not been disclosed. Given the status of this
individual, the chances are their identity and details about their activity are
being suppressed so that the Russians and/or Shadow Brokers di not learn from
the case. He or she might be working with law enforcement, helping to catch the
culprits. Human engineering is always the easiest way in to a hard target, so
it makes sense that effort is being put in to evaluating operational security
protocols. But what if the NSA/USCYBERCOM was hacked pure and simple? Will over
confidence prevent the cyber=spooks from really finding out what happened? In
WWII the Nazis could not imagine that the British cracked their codes. The
German obsession with order was, in part, their undoing. Starting and ending
every message with ‘Heil Hitler’, for example, enabled Bletchley Park to often
get the key for the day. Likewise, each Enigma operator has a signature style
on their Morse key. They soon had personalities. It was then possible to link
‘Operator X’ with his wheel settings, which would always be his girlfriend’s
initials or a birthday (for example), the wartime equivalent of using an easy
password (such as ‘password’). MI encourages NSA investigators to not be over
confident, not to assume anything, and to follow every lead down. If it was a
direct hack on the Ft, as embarrassing as that might be, it is essential to
know it and act on it accordingly.
What is
cyber warfare?
Way back in the 1990s when MI (in a different guise) was writing
about the emergence of warfare in the cyber domain, there was a lot of
discussion about cyber-Pearl Harbor’s and what ‘virtual war’ would look like.
Could it actually kill people? How did hacking a website change anything if
military, let alone strategic, significance? We have come a long way since
then. Cyber is still rapidly evolving and is still confusing even to those who
study it. MI has an easy to understand explanation of cyber warfare.
Cyber warfare operates in two primary dimensions = the physical
and the narrative. The 2016 election is a classic case in point. At first, mist
of the commentary was concerned about hacking of ballot boxes to change votes.
Except, as the news media soon learned, US elections are incredibly
distributed, low tech affairs, governed by local laws and/or arrangements. In
short, most ballot boxes were manual, not digital. There was almost nothing to
hack. It did not take long for evidence of narrative driven cyber ops to come
to light. These turned out to be devastating in part because they were largely
invisible to victim and systems alike.
Narrative cyber ops are another way of saying digital propaganda.
The United States is awash in digital propaganda, both home grown and foreign.
In a meeting of senior defense leaders MI (again in another guise) decided to
conduct an unwitting test of the audience.
MI said that ‘of course, Fox News has been paid millions by Iran to sow
confusion and discord into the American electorate in order to advance
clandestine Iranian programs’. Incredibly, the audience didn’t even blink. The
response was akin to ‘tell us something we don’t know’. When MI quickly told
the group that this was a fake claim to see how they would react to the
proposition that America was awash in homegrown propaganda, various viewpoints
were expressed but the ‘take away’ was that America was being manipulated both
from inside and out. This was not a 2017 discussion, this occurred in 2012. The
dangers if the era of ‘fake news’ was apparent ling before even 2012.
One of the greatest ironies of US national security is that while
Madison Avenue, media conglomerates, corporations, political parties,
super-empowered pundits, and incredibly influential blogs like MI ( ;-) - not true, only the facts and profound
analysis here), have been spinning Americans into complete incomprehension even
about simple facts, the US military is utterly hopeless at propaganda and
influence operations. They still think pamphlet drops are game-changers, while
kids in the west sit for hour after hour and day after day, watching ISIS
‘heroes’ making war on allied forces and being told that they are winning.
Efforts to create ‘counter-narratives’ have been laughable, if well intentioned
and funded. Just ask the State Department’s experts in this field.
So the 2016 election was the natural outgrowth of homegrown spin.
An unstable polity was angry and ripe for disruption. There was a great story
early in the election about a bunch of kids in Macedonia who ran fake news
sites with the most outrageous headlines, all for a lark. There were soon
shocked to discover that not only were their obvious lies making money
(clickbait) but people were taking their prank seriously, and in some cases to
absurd ends. A 61yr old interviewed for the story said he could not believe
anyone would take the stories seriously, it was a prank, and they had no
intention of changing an American election.
There were much more extreme examples of digital manipulation. The
conspiracy theory site info-wars ‘reported’ that Hilary Clinton was murdering
people and chopping them up. Then came the ‘Cosmic Pizza’ story. It alleged
that a presidential candidate for a major political party was running a child
sex ring from a suburban DC pizzeria while running for the highest office in the
land. That’s not the shocking bit. Thousands of citizens took this very
seriously, as fact. One was so distressed by the story he drove to DC from NC
and shot up the pizzeria with an assault rifle in an attempt “to free the
children”. These and hundreds of stories like them were circulating and
significant portions of the voting public believed them.
Think about that for a minute.
In Britain, the tabloids have always been full of what we now call
clickbait. They are a source of amusement as people ride the Tube home after a
hard day’s work. It’s tongue-in-cheek and everyone knows it is frivolous
‘entertainment’. In America, clickbait is treated as if it came directly from
Walter Cronkite. At the same time, quality established news sources, like The
New York Times, and BBC America, are derided as elitist and manipulative,
but a kid’s website in Macedonia is credible. Fox News, which never fails to
proclaim that it’s the most authoritative, most watched, most highly rated news
channel, simultaneously claims to be the underdog fighting the insanity if the
‘mainstream media’.it does not get more mainstream and controlling than Fox.
The fact they can pull this blatant propaganda off without being called on it
blows MI’s collective mind. [Their current attacks on the Muller probe as being
a new KGB is the kind of ‘journalism’ MI condemns].
It was reported in the New York Times that “nearly one in
three Americans cannot name a single branch of government. [and] When NPR
tweeted out sections of the Declaration of Independence…many people were
outraged. They mistook Thomas Jefferson’s fighting words for anti-Trump
propaganda”. This led Tim Egan to assert that “a huge percentage of the
population cannot tell fact from fiction” (“Look in the Mirror: We’re With
Stupid”, NYT, 11/18/17, p.A18).
With a population that gullible, the Russians had a field day with
the US election. Is there a ‘smoking gun’ that proves beyond all doubt that
cyber narrative ops swung the election to Trump? No. That’s why it’s the
perfect weapon. The Russians didn’t need
to break into ballot boxes; they just had to play with the fears and rage
Americans were ‘feeling’. It was embarrassingly easy, a bunch of kids could
have done it… oh wait…. Not only could
the NSA and USCYBERCOM not stop the Shadow Brokers, they couldn’t stop a bunch
of kids in the Balkans from brain washing the American public.
Cyber
warfare and Social Media: Narrative Ops Gone Wild.
Remember the old New Yorker cartoon “On the internet, no one knows
you’re a dog!” That author completely nailed it. He did so in the pre-social
media era, which makes his insight that much more impressive.
During the 2016 election Facebook became a doggy day care center.
First, conservatives assailed Mark Zuckerberg for manipulating people’s news
feeds to downplay conservative viewpoints. The algorithm was quickly reset.
Then, right after the election, allegations began to surface that the Russians
had manipulated Facebook via its ‘troll armies’, creating fake profiles for
individuals and groups, as well as buying advertisement space. Again,
Zuckerberg came out with denials, and again, he soon changed his tune. Turns
out, Russia was willing to pay. The old Soviet toolkit of ‘active measures’ has
been updated for the digital age and applied to social media. The outcome?
American citizens facing off against each other in the streets and fighting
erupting between them, all thanks to fake groups stirring up tension and
organizing protests. It was remote control protest from Moscow and Americans
mindlessly doing their bidding.
It’s not just bogus advertisers and bogus accounts; it’s the
manipulation of users’ emotions. It was undetected (at the time) and was
incredibly successful. In the old days, agi-prop took time, effort, money, and
most of all, a lot of people. Now it’s instigated with a few hundred thousand
bucks and the click of a mouse. The best thing? It’s impossible to prove if it
happened and if it gave the election to Trump. There can be no counter-call to
action when it’s impossible to prove an action took place. This changes
politics.
This is not the first time that Facebook has been used to create a
mass effect. Social media is free. You do not pay a subscription for it’s
services. Yet social media companies are some of the most highly valued
corporations in the world. Where does the money come from? Data mining.
Facebook has changed how people discover they really needed something they were
not thinking about two minutes ago. Previously ads were wide-cast on TV. Great
for mass consumption but not helpful for boutique interests that were hard for
retailers to target. Facebook solves all that. If you have listed your interest
in Taylor Swift or ancient Egyptian artifacts, moments later direct and
indirect suggestions will come flooding in. The same applies to your political
beliefs. Hate Hilary? Then guess what suggestions ‘you might like’ will come up
with in both news feeds and other merchandise on offer. What the railroads and
oil were to the 18th and 19th centuries, datamining is to
the 21st century. The best thing is you no longer buy a ticket or
fill a tank, you just ‘like’ stuff and you are instantly surrounded by it,
whether it’s physical or narrative.
Social media has changed society in so many ways, but the most
pernicious is its impact on out attitudes to privacy. Think about the
information you freely give to social media. On dating sites, for example, you
provide pictures as well as highly personal and detailed sexual, drug, employment
and social histories. Some sites employ Miers-Briggs psychological surveys.
Often in-depth mini narratives are required revealing all sorts if incredibly
persona; preferences. In a court case in NY, Facebook submitted the following
summary to the court, as reported in Robert Scheer’s They Know Everything
About You, (2015, p96):
People use Facebook to share
information about themselves, much of it personal. This information includes:
·
The person’s age, religion, city of birth,
educational affiliations, employment, family members, children, grand-children,
partner, friends, places visited, favorite music… movies, television shows,
books, quotes, [foods, beverages], things ‘Liked’, events to attend, affiliated
groups, fitness, sexual orientation, relationship status, and political views.
·
The person’s thoughts about: religion, sexual
orientation, relationship status, political views, future aspirations, values,
ethics, ideology, current events, fashion, friends, public figures, celebrity,
lifestyles celebrations, grief, frustrations, infidelity, social-interactions,
or intimate behavior.
·
The person’s photographs and videos [Here he
quotes a long list of examples, most containing geo-location and time-stamped
data.]
·
The person’s private hardships [and] intimate
diary entries….
Targeted marketing is nothing new but its reach in the information
age has become almost limitless. Data broking is a multi-billion dollar
industry. It combines mass consumer surveillance derived from patterns in
spending collected by credit and loyalty cards, with off-line data collected from
real estate and motor vehicle records, warranty cards, home ownership and
property values, marital status, annual income, educational levels, travel
records, credit records, to provide a detailed picture of an individual’s life.
The biggest corporation in the personal data field in the US, Acxiom advertises
its ability to soon reach “more than 99% of the adult US population…across all
channels and devices.” (Scheer, p.59).
If almost total access to your data was not enough, people are now
handing over their DNA to corporations – not digital DNA (corporations have had
that for years), actual biological DNA. For the low, low, fee of $24.99 a
variety of companies will now collect and analyze your biological DNA,
ostensibly for the purposes of helping you understand your ethnic background
and to assist working on family trees. Smart watches are now mini all-purpose
health monitors, assessing everything from heart rhythm, sleep patterns,
insulin levels, exercise monitoring, and so on. People are paying for
corporations to monitor their every word said in the ‘privacy’ of their homes.
Alexa and her sisters are always listening and recording, sending big sister all
of your utterances (not just commands). Alexa and the girls have to listen to
ensure they know when you call, but people have not yet cottoned to the fact
that Amazon has sold them a baby monitor for their house and the consumer is
the baby. Alexa has already been subpoenaed to testify in a murder trial. I’m not making this up. Her constant
surveillance and recordings were collected in order to determine what really
happened in someone’s living room where an occupant was left dead. No one
called out “Hey, Alexa, I’m about to kill someone.” Every Google and YouTube
search you do is recorded. That’s how they get the predictive searching as you
type something into the search window.
The metadata collected forms fascination patterns that are mined for
commercial purposes. The same patterns can be mined for other purposes, too.
When the Obama Administration went after journalist James Risen,
on suspicion of printing leaks of classified material, they did not have to
threaten Mr. Risen with contempt and thus jail time. They just had to access
his cell phone and laptop data and/or records to harvest the metadata, see the
patterns and find the leaks. There is a case before the Supreme Court right
now, US v Carpenter, which will determine if 3rd party data, such as
phone records, should be protected under the 4th Amendment. Current
law states that no warrant is required to harvest 3rd party data.
The Onion satirical newspaper and video YouTube page, which masquerades as a
“news site”, has a video of “CIA Special Agent Mark Zuckerberg” getting a
special award for making the job of intelligence and law enforcement
effort-free. Nut the joke is on social media users and the electorate.
US Customs and Border Protection (CBP) are now seizing tens of
thousands of digital platforms at the border and have been empowered to demand
log-in data, such as your ID and password, so they can log in to your social
media. This applies to US citizens, green card holders and foreign visitors.
The “border exception” to the 4th Amendment permits searches and
seizures during routine border searches (they cannot be used, for example, as
part of an ongoing investigation to deny a suspect’s 4th Amendment
rights).So far this extraordinary invasion of privacy has not been challenged in
the courts, but it’s only a matter of time.
The news is constantly pulsed with hacking stories. From the White
House to your house, nothing seems sacred. In 2013, 3 billion Yahoo accounts
were hacked. In 2017, 143 million credit reports owned by Equifax (one of the
big three credit reporting agencies and upon which the entire US economy
depends). Also in 2017, 198 million voter records were accessed (all stats
from, “How Privacy as We Know It Died”, NYT 6Oct17, p.A27). Ever keen to
exploit an opportunity, Google announced that it would move into the credit
reporting space by linking billions of credit card transactions to the online
behavior of its users (Google announcement, 23May17).
With all this data available and the ready ability to sift, sort,
and find patterns, incredible power is now on the hands of those who own the
data and the patterns it creates. Before the 2016 election, which was a proof
of concept in many ways, a group of social scientists get permission from
Facebook to conduct an experiment to assess if it was possible to artificially
create a mass “emotional contagion”. The experiment allowed the scientists to
manipulate the news feeds of 700,000 FB users to see how they would react. The
study was reported in the Proceedings of the National Academy of Sciences (June 2014) found that:
Emotions expressed by friends, via
online social networks, influence our own moods, constituting, to our
knowledge, the first experimental evidence for massive-scale contagion via
social networks.
The controversy surrounding this experiment, that forced FB CEO Sheryl
Sandberg to apologize, was nothing compared to the manipulation that took place
during the 2016 election. FB is still coming to terms with just how deeply they
were played, with fake accounts, groups, chat rooms and so on. FB was not alone;
troll armies had invaded a range of platforms. Senator Mark Warner (D-VA) spoke
for many on the Intelligence Committee when he remonstrated representatives if ‘The
Five’ over their lack of understanding and even concern at the degree to which
they were unwitting vehicles of Russian ‘active-measures’. The corporations
treated the hearings as spin sessions and have still yet to really get to grips
with the incredible power and reach of cyber narrative ops. The less educated,
more politically frustrated the general public are, the more susceptible they
will be to orchestrated mass contagion mounted by our friends in Moscow, Tehran
and Beijing.
The
ultimate ‘off-line’ data
One database that should have never been accessed is the Office of
Personnel Management’s security clearance data base for the entire federal and
contractor workforce. The OPM is not a national security agency, yet it was
charged with conduction all security clearance investigations for the United
States, The records if those investigations, which include the SF-86, biometric
data, interview records (with both the subject of the investigation and those
selected by OPM to verify the professional and personal history of the
subject), as well as internal OPM assessments of each security clearance
candidate, were stolen by the People’s Republic of China. The human capitol blueprint
of the entire national security establishment is now in Beijing.
The SF-86 contains all the data in FB and then some. Going back
either 5 or 10 years applicants must provide a complete and accurate record if
their residential, educational, financial, travel, social, and political
history. These records are cross checked
on databases and in personal interviews. Failure to accurately record the
correct information or changes to the record over time (new travel, meeting
foreigners etc.) can result in criminal indictment. This has been a factor in investigations of
various Trump Administration officials who have been required to update their
SF-86s as reported in the media. The central concern in granting a security
clearance is that the subject cannot be blackmailed. That can happen if someone
other than the USG knows all the details of someone’s life, including some
specifics that might be embarrassing. The
usual position is that so long as the subject reveals all to the USG they
insulate themselves from blackmail. It takes a lot of trust to give the federal
government all that detail. There is an expectation that the trust will be
returned in the USG protecting all that sensitive data (and analysis thereof),
if not as part of a social contract with the national security employee, then
for simple national self interest. This trust was broken by lax security
standards at OPM and carries phenomenal national security risks.
China has a complete roster of every single American with a
security clearance. That allows them to instigate social contagion within that
sensitive group. It facilitates attempted blackmail to gain national secrets. It
allows China to track and constantly monitor anyone of interest to the PRC,
from deep under cover CIA officers to Tier I special forces, to the
administrative assistant to the Director of Central Intelligence against whom
HUMINT, SIGINT, CYBERINT, assets can be brought to bear. Anywhere there is a
camera or mic there is a threat. By tapping a target’s cell phone, lap top,
vehicle, home security system, either tapping into the cameras on these devices
or audio or keyboards, the Chinese can monitor, spoof, manipulate, or ruin
anyone they want. Further, anywhere else there is a camera: gas stations, Starbucks,
airports, ATMs, city streets; targets can be monitored domestically or
internationally. Try passing through Europe undercover when China taps into any
device in your person or around you. Both targeted operations as well as wide
area surveillance of key choke points (airports, embassies, hotels authorized
by the Defense Travel System) will catch undercover or overt operatives, as
well as run of the mill national security personnel. The OPM hack is an
unmitigated disaster and it will only be diluted over time as personnel change –
assuming of course that the OPM records are secured into the future.
Cyber
Warfare and Big Data
Big data provides a link across mixed database platforms to scan,
sort, associate and see patterns that would otherwise be invisible. It can take
a CCTV feed from the streets of London and cross reference it to FB, Twitter,
and OPM records, to provide near real time feedback if a person or a device
associated with them walks within surveillance range, for example. It knows
where you are and what your typical spending patterns look like, so when your
credit card is used to buy an air ticket, the credit card company is notified
along with the TSA and other agencies, to question who is really travelling. The
examples of the application of big data are only limited by your imagination. There
is a full-blown Tom Clancy novel just waiting to happen where the guys in
charge in the narrative are not in Washington, but Tehran or Beirut or Addis Ababa.
People, places, things, and actions, are now essentially totally
transparent. Placing Social media records, against consumer data, against
offline data, and cross checked against OPM data, virtually removes the shadows
in which America’s leading covert and clandestine operators dwell. The same
applies to senior leadership of national security agencies, government
scientists, your mom and your kids’ little league team. This is particularly
dangerous for USG employees, but it is equally as potentially threatening to
the average citizen.
Mass manipulation, social contagion, is possible if it appears
credible. Big data gives users the ability to create highly credible narratives
that can be used to sell you something or to create a political effect. It can
be a mass effect or targeted to an individual. Mixing narrative cyber ops with
physical cyber ops in the context of big data changes everything. The scope,
depth, and speed of these drivers of change are unrelenting and
expanding/accelerating. Consider the impact of future technologies that are
already emerging.
Future
Tech and National Security
IFlyTek, a Chinese artificial technology company, has been busy
creating a biometric image and voice recognition database, most likely drawing
from 800 million subscribers to China Mobile, its parent company. This technology
allows it to pick a target in a crowd either by recognizing their face or voice
and “record everything that person says” (“Pushing AI Boundaries in China”, NYT,
4Dec17, p.B1). it already has President Trump’s voice in its database. On his
recent visit to Beijing he spoke via teleconference to a technology conference
and switched from English to Mandarin. Except Trump can’t speak Chinese; it’s
the technology that made it appear as though he could. Linking voice, and face ‘finger
prints’ across big data platforms is impressive. Taking that data and applying
CGI, 3D imaging, and other audio-visual artificial ‘creative technologies’ to
it, opens a pathway to the creation of completely artificial ‘videos’ of people
saying and doing anything.
This will make today’s ‘fake news’ a charming historical artifact
soon enough. If we already struggle with defining what is real based on
manipulation of text, which can be back-checked easily enough, the creation of ‘artificial
reality’ videos will up-end all social relations, form the political and
national security to the personal. Empowering narrative cyber-ops with these
new technologies will be a game-changer.
Right now, the combination of biometric data (finger prints,
facial recognition, voice recognition, and even gait recognition) with
geo-location, autonomous armed drones, all linked across big data, makes for
some interesting scenarios involving the uses od such technologies. MI can see
a bright sunny spring day in Washington, the President walking along the colonnade
from the West Wing back to the Residence and a distant hum that sounds like a
lawnmower trimming the ellipse, yet that humming is getting louder and louder…
Conclusion
For all the billions
invested in cyber security, the millions of top security professionals
inside government and contracted to it, the cyber national security
establishment has singularly failed to protect the government, national institutions,
American economic icons, and the public from surveillance, threats, and
outright attacks emerging from the cyber domain.
MI has an abiding concern that the Executive branch of government
has got far too big, lumbering, unimaginative, and bureaucratic, for it to meet
its primary mission of protecting the American people. The structure of
government, and in particular the power of the purse in Congress, creates a
mindset in government that innovation is easily obtained by throwing more money
at a problem or worse, creating yet another bloated bureaucracy to address some
emerging suite of threats. MI thinks the opposite is true. The Executive needs
to radically slim down and to reassess how it can go about achieving its ends
by thinking smart, not spending large. The 16 intelligence agencies never fail
to collect the dots; they failed to connect the dots. Insiders know that
all that exhaustive collection is done because it can be done. It is not used
to anticipate and deter or defeat threats. It is used to assess what happened in
the aftermath. America is great at disaster recovery but not prevention. This
generalization does not hold across all areas of national security. Where creativity
is allowed to flourish free from nagging budgetary considerations, with the
right people, with the right education and corporate mindset, by which MI means
an architecture of ‘open’ thinking, not the ‘closed’ thinking that is typical
of government and the all too real caricature that most citizens have of
government, America can do almost anything. We see the right corporate culture
in Silicon Valley – not everywhere or evenly. But if it can still be said to
exist anywhere in America, that’s the place. Great studies do not need to be
done, May have already been done. The key distinguishing characteristic if
innovation is open versus closed thinking, trial and error, willingness to take
risks in an environment free from petty accusation. MI acknowledges this is a pretty
tall order. But the fact is, not everyone can be a US Navy SEAL, and not every
SEAL can be in SEAL TEAM VI. Likewise, not everyone can earn a PhD and not
every PhD is from Harvard. America needs to see competence for what it is and
stop this cultural revolution of anti-elitism. High end national security
requires the very best people and the creation and nurturing of the very best
open cultures. MI’s team has been lucky enough to see places where this happens
in the top security teams – like the NSA’a TAO. Organizations like that make working
in government so incredibly rewarding, so long as they were well led and everyone
is able to put differences aside and focus on the mission. At a time when
America is ceding its advantages in a highly competitive world, where China’s President exclaims that China will move to
center stage and the very smart President of France is caught off-mic saying ‘China is now the leader’, America
needs to look beyond its endless psy-ops in itself and focus in maintaining
what we are good at and improving on where we have been slipping. Given the
trend lines of both the technologies considered here and the threat streams that
we face, we will suffer minor and major loss after loss on the battlefield if
we don’t change. The battlefield is now in your phone and in your mind.
Subscribe to:
Posts (Atom)
The Real Coup Plot Is Trump’s
MI has not posted other content before. However, the essay linked below explains what MI refers to as 'American Self-Propagandizing'...
-
ALEXANDRIA, October 23 - “ After nearly nine years, America’s war in Iraq will be over ,” President Obama said as he declared complete troo...
-
The idea of Red Teaming in military and intelligence planning teams gained popularity in the wake of perceived intelligence failures over ...
-
Harry Hinsley , Sir Edward Travis and Brig Tiltman, who helped negotiate the intelligence sharing agreement between Britain and the US, ...