Sunday, December 24, 2017

MI’s Cybersecurity Tips for 2018


The biggest development in cybersecurity in 2017 was not a hack. The Trump Administration has authorized Customs and Border Protection (CBP) to demand access to electronic devices from all incoming arrivals – citizens as well as permanent residents and foreigners. Incredibly, CBP has also been authorized to demand social media log-in information, IDs and passwords, so they can access your social media accounts from inside. If you were concerned about warrantless search and seizure by the NSA as revealed by Edward Snowden then this development should really concern you. As an aside Section 702 of what used to be called the Patriot Act also looks like it will be extended, possibly indefinitely of some have their way.
The CBP Social Media policy is not codified in statute. The 4th Amendment is restricted at the border for routine searches. That allows border control to conduct deeper searches of incoming passengers without having to meet a federal warrant standard involving making a case for probably cause. Neither Congress or the Courts have adjudicated whether this rule applies to logging in to your social media accounts. Does it include Turbo Tax as a social media account? Bank apps? Encrypted chat apps? Etc.
So for now, id you travel internationally and you don’t want the federal government inside your phone and thus inside your personal finances, taxes, private chats with your spouse or kids, either leave your phone at home or get a burner for travel and do not leave anything on it before you cross the border. That’s a lot of hassle but a lot cheaper than being the test case that takes a decade to wend its way to the Supreme Court. Think of the legal fees!
The 702 issue and the Manafort/Flynn revelations show that the NSA remains vigilant when ot comes to communications with foreign targets. Media suggests that 702 applies to as many as 100,000 targets. Under 702 the NSA does not need a warrant to surveil these foreign targets even in cases where that communication is with a US person or travels via communication links on US territory. Section 702 needs periodic review and can fail to be renewed if Congress does not act in time. Evidentially the deadline in Jan 2018 may be covered by some of the language in a related law that sets the 702 cycle in April 2018.
You might think there is no way 702 can touch you. Perhaps, but 100,000 targets is a serious number. They are not all ISIS. They clearly include diplomatic representation to the US, foreign governments, financial and business leaders overseas, and so on. Maybe this does not matter to you, but MI knows many of its readers are national security personnel and higher end business people, this may touch you. For the record, in order to surveil a US person as the target (not the collateral damage in targeting a foreign communication) in their communications across the international border, the government still needs to get a FISA warrant. To surveil you domestically, a court issued warrant based on probable cause is required.
This background is important to know but it also the setting for the suggestions made below. Disclaimer: MI is not a legal advice organization, and these are suggestions that readers are free to ignore based on their judgement. MI has no responsibility for how you conduct your personal communications or travels. These are helpful suggestions not business recommendations. Just don’t sue us, ok?
As the fallout from the San Bernardino terrorist attack shows, it is not easy for federal law enforcement (FLE) to access encrypted devices. They say they got into the terrorist’s iPhone without Apple’s help; that may or may not have happened. Post Snowden Apple and others know that its business model will fail to grow unless it puts people and not FLE first (although its policies in China suggests that if the market is attractive enough Apple’s principles may be a little softer than in a mature market). So has MI become paranoid? Looking at the threat board too hard all year and unnecessarily freaking out? Surely all of these measures are for criminals and spies – they don’t apply to little ole me going about my day? What could possibly go wrong? I don’t break the law, I help enforce it.
Crime is an old canard to prevent you from protecting yourself – ironic really. Good digital security and privacy practices are essential and here’s why:
1.            Common sense. The Five give you their platforms for free, right? You don’t pay for Gmail or YouTube. It’s great! Yet if that’s true, why are The Five the most valuable companies in the world? Where does that money come from? YOU. The Five (and others) see you as a mine of data that they use to position their own services that do cost money and to sell to their advertisers to pinpoint your interest in 18th C Austrian stamps. Marketing on TV is wasteful, especially for specialized items. The cutting edge in marketing is personalized tailored focus on individual interests. Now instead of buying ad time on TV – very costly and basically useless for stamp collectors - highly specialized ads can be sent very cheaply to everyone on earth who is interested in 18th C Austrian stamps.
So you pay for these ‘free services’ of Facebook, Google, Amazon, and so on. The fee? Your privacy. What’s that really worth to you?
2.            Life Happens. You might become incapacitated and you have always been t6he one who does all of the administration for the family. Incapacitation or sudden death vastly complicates managing your affairs, The set up suggested below will enable someone you trust to pick up exactly where you left off and operate your life when you can’t. It should be a central part of any good estate planning. But as argued, can be there for life events or even getting stuck overseas with a lost phone, etc.  The settings below have you backed up and secure so you (or your trusted person) can keep driving and paying bills and not getting behind.
3.            Your obligation to protect the country. Most of MIs readership ace national security professionals. They know that weak security of their home, person or digital footprint can help bad actors gain situational awareness and/or actual data and access with which they can threaten national security directly or indirectly. The USG has broken this professional and social contract with its unacceptable laxness in protecting SF-86 Data that resided with OPM. Nevertheless, we all need to work together and this is a case where protecting yourself and your family will also maintain your sacred obligation to protect America.
4.            “But MI – The Costs of All These Services!” See point one – your digital world is not free. In fact, you have been commodified. This should annoy you. It annoys the crap out of us. Your spouse and your children are commodities to be traded. Ever wondered why little Suzie gets credit card offers at age 6? It’s not because she is a rock star shopper (even if she is, our commiserationsJ) It’s because Suzie’s very existence has been sold to someone who wants to sell to her (they just don’t know she’s a wee tot, as they say in Scotland).
All of the systems and services we suggest below charge fees. If they don’t, then that’s the first hint that they may not be the best solution to your digital fingerprint and footprint privacy. Most cost tens or a few hundred a year. All up, even with the most high end services an individual or family might want, you are looking at around $500 a year. That’s peanuts for what you get for that sum.
Do you really think your name, address and social are safe?
*2013    3 billion yahoo accounts hacked
*2015    ALL OPM SF-86s hacked
*2017    143 Million credit profiles hacked at Equifax
*2017    198 Million US voter records hacked
And you call MI paranoid J Companies like Target and a bunch of others have all been hacked too. It’s not going to end, it’s going to accelerate and deepen. The US election was hacked in the sense that social media was completely manipulated to pervert the course of the election. It goes on and on.
It’s time to get real. It’s time to protect yourself, your family, and your country.
Here are our tips for 2018:
1.      Encrypt everything.  Phones, computers, hard drives, thumb drives. There are now plenty of options to do this. MI recommends picking one option across all hardware platforms. There are easy to use software programs now that can do this. The other option is using the features on the laptop during set up. Apple now offers this. Remember the number of different systems you use will require remembering a lot of log-ins.
2.      Password gatekeeper. This is a MUST. Again, as with hardware encryption options, there are a lot to choose from – the type of program MI has in mind is 1Password and the like. Each has different pros and cons. What they do is simple – they create impossible to hack passwords for all the sites you use to bank, do taxes, communicate with people, social media, etc. anything you log into – they protect. The software conjures up long complex passwords with or without symbols (&%$₵#), numbers, etc. It then stores these with your log-in IDs against the relevant URLs. To access your bank, you don’t have to google and find the bank, you simply press the bank’s icon and the password program automatically logs you in with the long/complex password. It’s easy and incredibly secure. The weakest link – the password you use to access the app.
3.      Log-in IDs and email IDs. The days of using David.Smith@gmail.com are gone. Why make it easy for the bad guys to target you. As above, you can now use password apps to create unique log-in IDs, MI recommends random jumbles of letters, numbers, and symbols, just like a password – so they are unintelligible to whoever may be trying to find ‘David Smith’. MI recommends different IDs for high impact accounts like banks and maybe a common one for low impact stuff like Hulu. Note: Facebook is NOT low impact!
4.      Social Media. OK, this is going to hurt. Are you sitting down? Get off Facebook. Guess what? You can’t get off Facebook! Try it and see. It owns you. To the extent that your data, your most private data is you, it owns you. If you load it onto Facebook, they now own it; whether it’s a picture, your religious, political, sexual, social, or other habits, preferences, views, etc., Facebook owns it. This is not a rhetorical point, it is a legal fact. Remember the long Terms of service in tiny print? Don’t worry, no one else reads it either. It’s in there. As a matter of law, anything you put on Facebook is their property. It’s in there. As a matter of law, anything you put on Facebook is their property.

Why is this important? Because Facebook is the greatest human intelligence gathering platform ever devised. In the old days the following information had to be either interrogated out of you or was the fruit of weeks if not months of resource-heavy surveillance: your full name, date of birth, addresses of home and work, your up-to-the-minute location (from their geo-location settings as well as posting from your favorite café), your network of contacts from all aspects of your life, the books, magazines, websites, blogs, and tweets you read, your opinion on political social, international, gender, sexual orientation issues; digital records both still and video of you, members of your network, locations you visit, places you vacation, your home and vehicles and so on. Facebook owns that catalog of your identity. They sell that information and the patterns it depicts – pretty much anything can be known about you which helps companies market to you, but it also helps people find you and know what you are thinking and who you are associating with. If a foreign intelligence agent asked you 5% of this kind of data you’d be down to the SSO’s office to report a foreign intelligence collection operation in US soil.
Now, you are broadcasting all that highly personal and valuable data to anyone who wants to look. And if you think Facebook privacy settings are going to protect you, then… well, enjoy the ride.

How to delete your Facebook account. As noted above, you actually can’t do this. The best thing you can do is the following:  Go back through all of the sub-headings that list your preferences and delete them one-by-one. This applies to any data or pictures you want removed. It will take a long time and be tedious. But at least at that point you have some control over content. FB keeps the original but this way you minimize what can be discovered if the account is hacked and just maybe FB’s record is minimized. Then, go to “delete this account”, it will explain that the best it can do for you is turn it off the web but it does not delete the files and you can go back and reactivate at any time.

Before you do this, however, send out a note to all your FB connections advising them that you are deleting your account and that you are NOT UNFRIENDING them. Account deletion can appear to friends as unfriending, leading to awkward conversations, or worse, no conversations and the appearance of a major social slight when none was intended. Put that message up once a week for a month so your key friends catch it… then follow the steps above.

5.      Google. Yep, them too, and not just their social media efforts. Let’s just start with Gmail and YouTube. One of the many dorty little secrets of The Five as the companies that run the world are known, is they are surveilling you all the time. Have you ever wondered why the ads you get seem targeted to your interest in skiing? Because they scan your emails looking for key words that can be used to market products to you. Likewise, all your YouTube searches – like all of your Google searches –are logged with the company. In the past the FBI and CIA got into a lot of trouble for warrantless searches of people’s library borrowing habits – check out the Church Commission that followed some major espionage leaks, not of foreign threats but Uncle Sam monitoring citizens. You can delete search histories from your browser, along with cookies, do you honestly think that will do anything other than make you feel secure? They already have the data, you are just deleting your record of it, not theirs! (Still, it’s worth doing, BTW).

The Fix: as with Facebook, manually delete everything, then delete the account. This is possible with Gmail and YouTube. BUT FIRST, there are some steps you need to make. First, you need to move your emails from the Google servers onto your own hard drive(and/or cloud – more about the cloud below). The smartest way is a hard drive first and then the cloud – again, more below. There are a number if apps that will move all your emails in their folders from the Gmail system onto a hard drive of your own, so you have a complete record (assuming you need to keep the receipt from the Apple store where you just bought a new laptop for $2k, for example). Then Gmail has a global delete function – it save you going file to file and page to page. You can delete it all in one step. THEN make sure you empty the trash! Make sure SENT mails are collected and deleted too. Once you are satisfied that the complete record has been erased, then shut down the account.

The Cloud. Yes, both the company offering the cloud and the government can access search, harvest and sell all that data too. Google Drive, Dropbox, etc. There are cases in the courts right now where the government is forcing US cloud companies to divulge data that is not even resident on US cloud servers. All US providers use cloud servers here and overseas, Because the law never imagined needing to access an American safe in Ireland, there is no law covering accessing a US cyber safe in Ireland. MI anticipates the courts will force US cloud service providers to cough up data regardless if where it rests. Certainly US LE and the courts seem to have no regard for the domestic laws of the countries in which those servers reside (unless they are forced to, see below). Thus if you use an American cloud you are wide open.

This issue goes to the heart of the Apple v FBI situation following San Bernardino. Apple feared losing customers id the public saw them roll over to the FBI. So they took a stand (after years if secret collusion – the exposure of which embarrassed The Five – see the Snowden issue). Just to note, this impacts all The Five, not just Apple. MI welcomes the stance they have taken post-Snowden and acknowledges it’s in their economic best interests to protect the masses over the occasional bad actor who might benefit from their services (more about the crime argument below).

The Fix: back up all of your cloud files to a hard drive in your possession. This is good practice anyway. Then encrypt that drive.

Find a foreign end-to-end encrypted cloud service. Preferably this will be in a country that has strong privacy laws (any EU country has much stronger laws than the US, and some have even more stringent requirements than those mandated by the EU, such as Switzerland). Alternatively, a cloud service in a country that is not beholden to US pressure. The key is being in a non-US jurisdiction, one that has strong privacy rules, and the use of end-to-end encryption - which means that the content of the data is invisible except on the sending and receiving computers.

6.      Opening a new email account. Follow the same principles as the cloud – foreign jurisdiction, foreign company providing the service, and end-to-end encryption. Open at least 2 accounts. One for your private conversations with friends and colleagues and one for Administration. MI recommends also opening one for low impact activity like TV online accounts and newspapers and the like. Things that if you lost them would not matter to you.

You’ll be amazed at the sudden death of junk mail and ads and all the rubbish that comes with American ‘service’ providers, which should be more accurately, described as personal data wholesalers. MI hates to appear to be critical of American firms, but in fairness, they have gotten us into this situation. You are truly on your own when it comes to privacy and security. Most national security professionals know this (MIs key demographic) but it’s important to be reminded, especially when long term deep maintenance of one’s electronic fingerprint and indeed footprint takes so much work. We get that. But you owe it to yourself, your kids, and even the country to protect your data. With the politicization of national security staff these days and all the investigations, you don’t have to be a bad actor to get swept up in all if this and for CNN to run your tweets or texts to your girlfriend as headlines, to decide some protection is not a bad idea.

7.      Extended Security Questions and Dual Factor Authentication. When you change locations (either physically or via a VPN) most email companies, banks, etc. will ask for additional security questions to verify the right person is accessing the account. MI suggests using a bank of standard ‘answers’ that are mini passwords– they are not actual answers to ‘who was your childhood friend’ they are Password Gatekeeper generated (and remembered) strings  that you can use in this circumstance. So that when you are asked ‘who was your childhood friend’ the answer is not Fred, it’s ‘*nYss₵43$’.

Dual factor authentication particularly using cell phones can be hacked, it turns out. The bad guys can run off with the phone or cyber into it. Look for work-arounds. Password gatekeepers alone are best, a high end thumb drive is an alternate to consider based on your needs.

8.      Messenger Services. IMing is becoming more popular than emails. The state of the art for privacy right now is Signal. It’s end-to-end encrypted, and can be set to auto-delete chats after a period of time. But look out – one of the Five will try to buy it for billions in order to access the data. That’s why Facebook paid ca 15 billion for Whatsapp – Facebook’s engineers can build an IM platform in their sleep. They wanted the data, the identities, the patterns – the key to the money.

9.      Virtual Private Networks – VPNs. Get one, set it on a high-privacy foreign jurisdiction (see above discussion about the cloud/email) and use it religiously. A VPN hides your IP address. It also places all your digital activity inside the high-privacy jurisdiction of the country you choose. Each time you log-in to a VPN you can pick which country you will appear to be operating out of. MI recommends moving that location to other safe locations periodically. VPNs are available for both fixed and mobile platforms.

10.   Alexa and the other women in your life. Don’t let them into your home! Get off your ass and turn off the light yourself. Sheesh. Alexa and Siri and the girls are always listening and sending back all your requests to the mothership. Alexa has already been taken to court, or the recordings made passively (ie., not following a command to take action) during a murder. If you do not intend to say “Alexa give The Five all the conversations between me and my spouse and between us and our kids and between us and anyone on the phone who calls us etc. etc.etc.” then as delightful and ‘helpful’ as these wonderful ladies are, don’t let them into your abode – your castle. In 1984 the TV on the wall of your house was the interface for Big Brother – now you bring BB into your home on your cell phone, laptop, and increasingly on anything that can transmit… same goes for wherever you go…you Re taking a complete suite of surveillance tools with you, which you then turn against yourself 24/7. Not smart, people.

11.   Crossing Borders. The fix: Get a burner and don’t register it under your name! Or use your own phone and completely wipe it – before crossing any border. If America is forcing you to give up your log-ins, just imagine what China is up to! First, back it up to your new foreign cloud, then wipe it by choosing to reinstall the system software. Some shadow data will survive but a routine border check will not go that far. Then, once on the other side, use a secure connection and VPN to upload the phone from the cloud. It’s best to delete all texts, IMs, and conversations from all apps as well.

12.   Physical Mail Security. Get a UPS store account for all your physical mail. Your mail box at home is a sitting duck, filled with personal information and is completely open for anyone to access. Such access is a federal crime but proving someone stole your credit card statement from your mailbox might be hard. Avoid it by getting a street address based alternate mailbox. Sadly, USPS does not do street addresses, thus conceding the territory to UPS and others (no wonder they can’t compete). UPS can then forward on your mail or you can collect on your way home. Happy in the knowledge that it is secure and monitored by a human being and under considerable lock and key after hours. Remember in hacking, social engineering is often the easiest way in – mailbox jumping is old school and works just fine. Further point on mail. Given the legalities, if you need to send something really secure, consider the post.

13.   Cyber Hygiene Best Practices. Keep system software updated, Use anti-virus [just not Kapersky (Google it and DHS)] – and turn off geo-location on all hardware and software. This will make GPS maps useless – just consider cost/benefit for your situation. Again, a burner smart phone might be a solution.  Small cloth ‘Faraday Cages’ are a super convenient way to stop the phone transmitting your locations. No need to take out the battery and SIMs etc…just turn it off and slip it into the soft cover – if it’s on, it will drain the battery looking for a signal.


MI hopes you and those special to you enjoy this Christmas present from us. Here’s to a safe, secure, private and prosperous 2018.

Wednesday, December 20, 2017

Imagination and National Security

“But that’s not the way we did it last year”. There, in a single sentence, is the greatest threat to national security facing the United States. How many times have you heard that miserable idiotic foolishness? That sentence is the enemy of innovation, and it can be found throughout the national Security establishment. MI was advising the Commanding Officer of an elite unit in the US military charged with some of the most sensitive national missions imaginable. They had a fantastic track record of innovation. They had the best people, the best technology, an essentially unlimited budget and political backing to take on the toughest missions in the most exceptional circumstances. In a particularly sensitive area, they had a string of successes. MI asked them why they did not undertake more missions – they had the capacity. The CO thought about this for a minute and said, “You know, I don’t know. We could. You know what, you’re right, we need to…” Make no mistake; it takes a lot to mount those kinds of missions. They often span months, if not years. But their track record of success demonstrated that a lot more could be done. He is a great leader. He was not afraid to take thoughtful risks, he was open to suggestion, and did not care whether they came from inside his band of brothers or from a policy wonk. Sadly, he stands out in MI’s memory, of decades of service, as a unicorn.
“But, we have not received guidance.” This is another classic argument for inaction. Weak thinkers throw this out to absolve themselves of responsibility for stasis in their organization or its missions. They always wait for “higher” to identify and solve their problems for them. They fear telling “higher” they have a problem, usually because they are incapable of devising a solution. This is a classic failure of leadership in a culture where you are supposed to identify a solution and present it to “higher” when you report a problem. This sounds like West Point leadership 101, but you would be astonished not only by how often this comes up, but how high up the chain this excuse is wheeled out in defense of inaction.
On the battlefield the living are the innovators; those that could not improvise, adapt, and overcome, succumbed to stasis. So it’s ironic that an institution and culture that thrives in the field should be so sclerotic everywhere else. Politics is often the reason, fear of making decisions that might later turn out to be wrong. Conflict is so contingent that constant change should be baked into thinking. Context is important; plans should be a starting point, not a dogma followed point by point to defeat. The cannon of strategic to operational ‘strategies’, flowing seamlessly into plans, culminating in ‘operational concepts’, implemented by cross-coordinated staffs first designed in the Napoleonic wars, is all great in theory, but it fails more often than it succeeds. The endless creation of ‘working groups’ at higher echelons and ‘task forces’ at the tip of the spear, demonstrates how ineffective traditional structures can be, especially in the face of new dynamic threats. Thus bureaucracy and corporate ideology combine with politics as great anchors in innovation.
Strategic planners tend to get mired in process and efforts to appear to be in sync with corporate thinking. That completely misses the point. Operations take plans as a scene-setting starting point and evolve as circumstances change. The two methods are antithetical to one another. One is the product of a closed system of thinking, where complexity, friction, and fog are subordinated to rigid programmatic edicts. The other is a necessary requirement to the realities of the world and represents an open system of thinking that is founded in axioms but not ruled by them against prevailing evidence. In an effort to control complexity, closed systems over-generalize and over-simplify, which is necessary to a point but is almost always taken way too far.
Militaries are big bureaucracies. They get obsessed with hierarchy, process, and tradition, at the expense of flexibility. Thoughtful risk taking is necessary to adapt to new circumstances even at the strategic level. Failure is costly when statecraft tis on the line, but a rigid ‘man, train, and equip’ mentality is useless in intelligence and operations. There is a tipping point where bottom-up innovation must be forged into a greater whole. Finding that point is not easy or clear, it often finds us, to our cost. MI believes that we can strive to get better at finding that tipping point and defining it before it defines us. The answer lies, funnily enough, in epistemology.
How we think about the profession of arms and its connection to statecraft, is vitally important. Strategy is the connective tissue between the two. Strategy is “the use of resources to achieve an objective.” If you look at the swath of documents that spew forth from the Joint Chiefs down to the COCOMs, those documents are SINO (Strategy In Name Only). The truth is they are statements of executive principles. They touch on vague ideals, like protecting democracy, but they fail to discuss how resources should be marshalled to achieve that outcome. Indeed, a vague principle can be an outcome. You have to keep digging down to the CONOP level to see any serious discussion of means, ways, and ends (the order is important). Readers who have spent time in a COCOM planning staff know that millions of man hours are spent annually ‘aligning’ thought from the top to the bottom.  Much of this “synchronization” is an exercise in narrowing, and more often than that it is an exercise in English literature verbal massaging, and the creation of the harmful pretense of seamlessness. MI has seen 100+ person staffs all scratching away on staff-wide edits of documents no sane person will ever read. Nothing of substance comes up. At best a slight inflection is inserted to represent the editing/commenting command’s particular operational environment or toolset as it pertains to the ‘master mission statement’ issued from on high. It is important to ‘be on the same page’ – but all of this staff make-work can be reduced to a one page statement of principles – like a commander’s intent. That’s all that is required, those captured by the staff process will insist the Russian-doll embedding of ‘strategies’ from the top down is essential to resource allocation. That’s total rubbish. Resource allocation happens in very discreet settings, not in those verbose manifestos, and anything produced by the DOD is a mere guide anyway because Congress calls the shots. All of those staffs need to be slashed. Any document that cannot state its means, ways, and ends as they link to foundational principles in a page or two is a total waste of time.
Why do means come first? Because you go to war with the army you have. You fit your ways to available means. In an ideal world you would create innovative ways and then be granted the means to fulfil them, but it just does not happen that way and we need to stop kidding ourselves otherwise.  This does not exclude innovation, because it is generated outside that strategic loop (for the most part). When means drives ways you end up with an F-22 in a counterinsurgency, that was a bit of a cheap shot because F-22s will be valuable in the Pacific and an advanced fighter program can’t be created out of whole cloth in a matter of months. Strategic investment is the exception to the means, ways, ends rule. It is important, but should not be dominant. Currently there is a decided imbalance and it flows from big, long term acquisition programs to CONOPS. It should be the other way around in most instances. MI often ears the phrase ‘strategy by CONOP’ as a derisory comment on the absence of strategy – often due to absence of ‘guidance from higher’. Sound strategy making is in fact reflected in the CONOP process. An objective is identified. The available means and ways are assessed to determine whether the objective can be plausibly achieved. This is an important distinction from what is realistically achievable because too often that standard is an easy way to avoid entertaining new thinking. Weak thinkers will condemn this standard as being idealistic and hopelessly unachievable. That is not what is being recommended here. Plausible is a higher standard than possible, they are still on the realistic side of the spectrum if all imaginable options. Good staff work explores all the possible options; creative staff work refines the possible into plausible options. From there the best probable option(s) will likely present themselves. These should be shared with decision makers to further refine the art of the possible. Interacting with ‘higher’ presenting them with a problem-set, and a series of plausible options, allows them greater choice and may include means and ways they had not considered. A staffing process like this builds trust between the operational force and ‘higher’, leading to greater autonomy and room for maneuver for both sides. In time, everyone will realize they are on the same side. Imagine that!
Bottom up, ‘possibilist planning’, is already being practiced out of sheer necessity. It is a practical approach that people use when they have run out of options and yet the need for success remains pressing. Possibilism displaces optimism and pessimism, both of which are dangerous when lives are at stake and there is no clear path forward. They also distort thinking in destructive ways. Possibilism requires that we be as objective about the facts as possible. Despite the current domestic political moment, where America is awash in highly sophisticated propaganda, much of it home-grown; facts do exist and can be discerned. In fact, the battle of competing narratives should be seen as nothing more than motivated reasoning – seeking only the information that supports what you already believe. This is an incredibly powerful way of thinking and is referred to as “confirmation bias” in psychology. Motivated reasoning restricts consideration of what in law is called ‘exculpatory evidence’ – those facts that do not conform to the theory of the case. Sound strategic and operational planning must resist the temptations of motivated reasoning. Possibilism is its antidote and is derived from no less an authority than Aristotle himself (with a bit of help from Hegel).
Aristotle is the father of science and the scientific method, Science is the study of cause and effect in the world of natural phenomena defined as those things in nature that are beyond human control. Like gravity. Demonstration or proof is essential to finding the truth. Like an apple falling off a tree. Hegel shows us that the same methodology can be applied to ideas that are very much a matter of human control. The Hegelian dialectic sifts competing ideas from hypothesis to thesis to antithesis to synthesis. The demonstration or proof in this case being the testing of ideas against alternatives. Therein lies truth.
Aristotle was not a determinist. He believed in free will and human agency. Humans have the power to make choices that change situations within their control.
Most of the thing about which we make decisions, and into which we therefore inquire, present us with alternate possibilities… all our actions have a contingent character; hardly any of them are determined by necessity.
Aristotle believed that the realm of possibility was driven not by scientific analysis but by human intervention and persuasion. His system of persuasion or methods for reframing compelling narratives is the essence of The Art of Rhetoric.
Ethos:    The will to make change. The author of change must have a strong character and possess credibility and authenticity.
Logos:   The logical structure of argument. It is essential to provide a rigorous case for transforming problems into possibilities, possibilities into ideas and ideas into actions.
Pathos: The capacity to empathize. The author of change must be capable of inspiring movement on a large scale.
“Ordinary words convey only what we know already; it is from metaphor that we can best get hold of something fresh. To be a master of metaphor is the greatest thing by far. It is a sign of genius.”
Possibilism is contingent on being open to new ideas – both data and analysis. The absence of data does not preclude possibility. The only limit to possibility is necessity, those things that can not be changed. Those factors are not just external but internal to your decision making. The US military often gets obsessed with data at the expense of analysis, let along action. Collection of data is not an end in and of itself. In so many cases, US military data collection and its application are completely unscientific and totally meaningless. Often junior personnel who are closer to their college experience know they are wasting their time but dare not tell ‘higher’. Or great data is collected but not analyzed. Or, if analyzed, is resident on servers that then leave with the unit or headquarters during redeployment cycles. MI has seen this happen constantly in current wars and the observation is mirrored in accounts of past wars (see the MI entry on Ellsberg’s Secrets).
Maintaining the discipline if keeping an open system of thought is hard. It demands much more effort than a closed system where ‘everybody knows what the boss wants’ while the boss grumbles that his/her staff is not presenting anything new. This happens at all levels of command. President Obama famously sent the Chairman of the Joint Chiefs and SECDEF back to create better options on more than one occasion. By that, President Obama meant authentic choice, not two impossible ’options’ sandwiched around the only COA that DOD wanted all along. It is true that once you get to that level a lot of choice has been removed from the system. This is by design, easy choices should not make the President’s desk, this merely reinforced the point that an open system from the bottom up is important to maximize choice for all burdened with that responsibility up the chain of command.
Empathy is vital to possibilism and effective intelligence and decision making. It is foremost about understanding the opponent. Webster defines empathy thus:
The action of understanding, being aware of, being sensitive to, and vicariously experiencing the feelings, thoughts, and experience of another of either the past or present, without having the feelings thoughts and experiences, fully communicated in an objectively explicit manner.
There could barely be a better definition of intelligence in the service of statecraft. The best intelligence professionals and strategic leaders are able to put themselves in the shoes of their opponents, to know what he is thinking and what he values most.
The constant refrain for years after 9/11 was ‘why do they hate us?’ Nothing could better illustrate a failure if empathy. Had we known in advance why we were hated, there is the possibility that atrocity and all that came after it might have been avoided. This is not to say no one knew. But they were insufficient in number and standing to be heard. History is replete with cases where opponents failed to grasp the thoughts and motivations if one another. This is why Clausewitz cautioned leaders not to embark on war unless they fully appreciated the true character of the conflict.
It is insufficient to collect the dots if the system is incapable of connecting the dots. The collection of data is insufficient in itself to generate meaningful understanding. It must be in the service of creating or enhancing empathy of the opponent. This applies throughout the conflict spectrum, namely before, during, and after wars. A strategy that lacks empathy is bound to fail because it cannot hope to address those issues that the opponent values most, politics concerns the negotiation of interests between two or more parties, whether it is conducted by discussion or by other means. Clarity as to one’s own interests and those of the opponent are vital to successful negotiations and/or the termination of hostilities resulting in lasting agreement. The definition of interests is one of a set of assumptions that needs to be checked and rechecked by strategic planners and decision makers.
The international system is currently characterized as a multipolar system at risk of destabilization due tit e rise of powerful revisionist powers. Empathy-driven possibilism is vital to appreciating the context if competition between status quo and revisionist powers. By definition, revisionists seek to alter the status quo by reimagining or reframing a collective narrative in terms of the primacy of their interests. We see this in domestic politics all the time. The competition of narratives is fierce. So far, the possibility of the resort to other means appears remote, but not entirely implausible. Indeed, the complete absence of empathy in the domestic political context is a driver to the dark side of human passion that appears to be as yet unchecked. The outright demonization of political opponents and lust for prosecutorial solutions to differing world views is one the rise in the United States. This is a cause for serious concern and the subject of a future assessment on MI.
International revisionism is rampant and on the march in almost all quarters, whether it is soft revisionism of Brexit or the hard revisionism of Russia, Iran, China, or ISIS. Liberal democracies are under serious threat from within and without. The rise of authoritarian revisionism is currently enjoying a broad renaissance. It is not some stage past which political evolution cannot return. Authoritarianism is not monolithic. It too is a matter of degrees, best understood in a spectrum from soft to hard to total, it is creeping into locations where it has not previously existed and intensifying and hardening where it enjoys purchase among disgruntled or coerced peoples. The United States is an example of the former, and the Philippines, Turkey, and much of Eastern Europe, the latter. The great democratic revival following the cold war, which saw a swath of countries turn away from their authoritarian roots, is being reversed not just in Europe but in what were fledgling democracies in Asia and Africa.
The disunity within and among the liberal democracies that are also great powers suggests that the initiative has passed to the revisionists. Multipolarity and the distinct withdrawal of the United States from international leadership across a range of global issues further compounds the power of, and opportunities available to, the revisionists. A great illustration of the foreseeable strife to come is found in the Iran case. In December 2017, Iraqi forces finally destroyed all remaining effective power of ISIS in that country. It will not be long before Syria has completely crushed its own ISIS threat. The Iraqi case should be celebrated as proof of the train, assist, advise and support model of US operations – the light footprint approach initiated at the end of the Bush Administration. To some degree, this has been just such a success, particularly in light of the contribution of Kurdish forces in the counter-ISIS fight. However, this is not the whole story. As was the case soon after the US invasion, Iran has played a central role both politically and militarily in both Iraq and Syria to counter the Sunni-based ISIS threat. Iran and its proxies have arguably been much more important to the defeat of ISIS than the efforts if the United States. Notably, Iran has long penetrated Iraqi Kurds and has its own Kurdish proxies so there is a question mark over how much the US has achieved even with the Kurds. For many American military and strategic leaders, this will be a difficult data point to accept, but it cannot be ignored. Pretending Iran is not expanding its power and influence across the Middle East and around the rim of the Persian Gulf serves no purpose than to confuse our own thinking. This is precisely the kind of mistake MI is concerned about and a driver behind this assignment. The fact is the American invasion of Iraq and the elimination of the regime removed a bulwark against Iran’s power and influence. Iran had no hope to topple Saddam Hussein by itself. His iron grip was too tight to allow an Iranian backed insurgency to flourish and, following the long and inconclusive conventional war in the 1980s, Iran had given up on conventional solutions to its Saddam problem.
Does the United States employ empathy in assessing Iran’s interests, capabilities and intentions? Do we really understand their drive to Empire and objective of subordinating the Sunni world to its influence, if not power?  Further, Iran seeks to eject the US from the region in order to further consolidate its position. Possibly the worst thing the US could do is invade Iran. This might have been a consideration back in the early 2000s, but it has effectively been ruled out by Iranian subversion against the US all around Iran’s borders. American will, blood, and treasure have been sufficiently drained over the past decade by a thousand cuts, that Iran really does not need a nuclear deterrent to ensure the survival of its regime. The internal threat is another matter. But again, the unsubtle ‘diplomacy’ recently employed by Washington in the region has been a unifying vehicle within Iran and has significantly diluted the authority and standing if the regime’s opponents. Had empathy been utilized, this shortfall in US persuasion efforts might have been anticipated and avoided. Both Saudi Arabia and Israel’s influence over the White House have contributed to short term tactical goals at the expense if a pragmatic and patient strategic policy.
Intelligence collection against Iran lacks for nothing. Specialized assessment houses may be rich in empathic analysis. Yet the actions of the United States suggest that Iran policy is being driven from outside these channels, there are too many unforced errors to be the product of a robust and rigorous possibilist approach. Without being able to look under the hood of US diplomacy, it is hard to pinpoint where the problems lie, but then again, the chaos at Foggy Bottom is quite openly displayed at present, Dysfunction merely multiplies the consequences of US withdrawal from global affairs.  The recent reporting by Michael Lewis in October’s Vanity Fair concerning the Trump approach to running the Energy Department is alarming (Oct 2017). Lewis catalogues what appears to be a deliberate policy to dismantle the department from the inside, which was part if candidate Trump’s promise to essentially destroy government as we know it. The same is happening at State and EPS et al, if reports are to be believed. The one place where signature cut backs are needed, the DOD, is no doubt protected by Secretary Mattis, who seems to be the only independent member of the cabinet. MI should stress that there is a world of difference between well-thought-out and necessary brush clearing and scorched earth ransacking. SOS and the IC need surgery to be sire, but amputation at the neck is pushing a good idea way too far.
The recently released National Security Strategy (2017) outlines key principles but, like its predecessors, it fails to clearly articulate means, ways, and ends. The nesting Russian dolls that follow, starting with the National Military Strategy on down, will all suffer the same failures. It’s time for a new approach. These important principles should be distilled into a few pages. The incredible talent resident on the Joint Staff and in COCOMs around the world need to be freed from world policing duties and the enforcement of lock-step groupthink, and turned loose on the thorny problems that beset America charged with finding effective, efficient, and imaginative concepts of operations to detect, deter and defeat the full spectrum of threats leveled at the United States, its allies and friends. The DOD and other agencies did not spend millions on sending their top people to Staff and War Colleges, taking a key human asset offline for a year, just so they could forget the critical thinking skills they we taught, to go back to changing ‘happy’ to ‘glad’ in empty documents that masquerade as strategy.
Possibilist strategic planning needs to be adopted across the DOD and IC. Separation of intelligence from planning and operations makes for clear hierarchical flow charts, but does not make for cohesive actions on the ground. After studying this issue for over a decade, MI recommends a hybrid structure, the nucleus of which is the small planning cell, called a Mission Action Cell, or ‘MAC’, comprised of three categories of thinkers: analysts, operators, and engineers. This works at all levels of command. Using the supported-supporting concept, higher command will typically focus on analytical tasks, but these must be infused with real-world insights from operators and engineers to assess what is possible. Imagination unwedded to reality is as useless as no imagination at all. At the pointy end of the spear, the operator will be supported by a dedicated analyst and engineer to explore and test new TTPs permitted by intelligence insights and technology, respectively. There will also be unique circumstances, where the mission is technology dependent, in which placing the engineer as the supported element makes best sense. Ideally, these groups need to be kept as small as possible and emphasis placed on strong working relationships. It is always better to have team players than one all-star who infuriates the rest of the team. A true all-star (and they do exist), who is an individualist and incapable of working in a team, should be used as an advisor for brief periods of problem solving. Such teams can be geographically or functionally arranged, as needed. There will always be loose ends and difficult overlaps, as there are in any system. Teams should be mission or objective driven (the latter indicating a wider goal than just one mission). Planning staffs should be empowered to self organize MACs and stay fluid. That means form and reform over missions or objectives; do not stay static.
Leadership should be restructured, too, along ‘National’, ‘Theater’, and ‘Tactical’ lines in accordance with the mission or objective. That way the right expertise can be applied to the problem regardless of traditional boundaries – be they geographic, organizational, or bureaucratic. In the MAC construct, if the engineer has the best solution, she should lead. This is the heart of self-organization.  MI accepts this might be difficult to achieve given extant leadership structures and chains of command, but the fact is, much of what is suggested here for structural change has already been practiced in an ad hoc way at all levels of command. OPERATION NEPTUNE SPEAR and OPERATION OLMYPIC GAMES are useful examples where particular expertise were brought to bear in MAC-like organizations, although these grew in size, the cellular structure could accommodate the growth in the network. The rise of the Task Force at the NSC level on down demonstrates the need for this realignment. The suggestions made here are based on years of observing the pros and cons of the Task Force model.
Mission Action Cells rightly put the emphasis of their purpose on action. Self-organizing and self-regulating, the MAC structure pushed decision making down to the lowest practical level. The cellular construction if MACs around an objective or mission is inherently flexible because they are fundamentally based on networks not hierarchies. Networks serve outcomes, hierarchies serve bureaucracy. Look around the DOD, interagency and growth areas of the US economy (Silicon Valley), those organizations that are prospering are networked. Technologies like Slack can facilitate network structures but the key is culture. By this, MI means the mindset that is brought to bear on the problems being solved. Changing the cultures if the DOD is an ambitious project. But, let’s face facts. We have not won any wars lately. What better motivation do we need to engage in strategic possibilism, to explore better ways of doing business? For all our power, money, technology, and the best people, (defined by skills and motivation), can we not come up with a better way of doing business than a 19th century French general whose army marched in squares on the battlefield wearing fur topped hats?
A final word on structure. The HQs would continue to supply the forces that support the MACs. The ‘man, train, and equip’ function is impossible to avoid, but that does not mean its objectives can’t be fashioned around the MAC concept. The question is what to do with the COCOMs? Originally organized around AOs, to their number a small group of functional commands emerged, SOCOM, STRATCOM, and CYBERCOM. The forces behind the functional commands are also behind the MAC concept. It is probably asking too much to deconstruct the COCOM model, despite its obvious limitations. For example, Pakistan, India, and Afghanistan are three sides of a strategic triangle that is separated by COCOM boundaries. This has real world impacts on how we think about the problems in the triangle and act on the resulting plans. Still, organizing globally around MACs would be a disaster, at least in the administrative sense. Just think of all the organizations required to be involved in certain territorial spaces. Yet equally, MACs that truly transcend boundaries will be ineffective if their chains of command get interrupted at the COCOM boundary. One solution might be to acknowledge the administrative functions of the COCOMs relative to the operationally focused MACs in their AM the way HQs support COCOMs. The intelligence planning and operational functions would be the domain of the MACs while logistics, C2 and other support functions stay with the COCOMs. This clearly needs further expert analysis, but all of it is possible.
MACs would also facilitate the integration of the IC and IA into an objective oriented missioned focus approach to solving problems and proving options to decision makers regardless of institutional boundaries.
The bigger issue in this recommendation is not the structure, but the culture if national security planning and execution. Closed hierarchical innovation resistant methods have got to give. The DOD, IC, and USG needs to get back to basics and adopt a strategic possibilist mindset, based on Aristotelian logic, as the key pathway to innovation in thinking and doing national security. The days of going to war on PowerPoint need to be over. At the strategic level, we need to go back to long dorm narrative position papers that fully explicate reasoning behind policy choices ensuring hypotheses are rigorously tested, counter arguments are refuted or accommodated, and effective solutions adopted. All the excuses that this is too hard or there is not enough time, or it will never work, are just that – excuses. We have to accept what we are doing is not working. There are patches of excellence. We must build upon these. Strategic possibilism and a new mission-focused MAC structure might point the way.
Military planning is suited to the machine age. It is a ‘join-the-dots’, meets ‘color-by-numbers’, rote, 12 step program. Consistency, coordination, timing, deconfliction, these are essential to mass-based, machine-driven warfare. By default, they also drive other operations as well, if not directly, certainly indirectly via support requirements and the like. The military planning process is as good as far as it goes, but it stifles creativity, traditional military planning processes leave that to a commander and his/her genius. Why limit possibilities? Warfare has always been a fundamentally human endeavor. That will never change. Its character and conduct are increasingly focused on small groups and individuals – people, not massed armies.
America still thinks in terms of mass industrialized warfare.  WWII is over. Technology has given individuals intelligence power in their hands that used to only be available to commanders. There is more computing power in a smart phone than in the systems that put man on the moon. Your phone provides you with satellite imagery on real time that far exceeds the coverage and resolution than handed to President Kennedy during the Cuban Missile Crisis. Moving maps, mobile communications, finance, photos and videos, everything an army needed battalions to provide to HQ in the past, all now in your hands and that of the WMD-armed terrorist (for example) turning that terrorist into the ultimate smart bomb.
The ‘color-by-numbers’, top-down, hierarchical mode of doing business has long since been abandoned across human activity, including war, at least by adaptive thinking bad guys. They have re-visioned warfare, in the pursuit of a ‘David’s Advantage’ against the status quo ‘Goliath’s. Warfare has sped up since Gudarian’s Panzers swept Western Europe. Guardian’s War moves at the speed of light flashing through fiber optic cables to supersonic drones. It is no longer linear. Fighter Command no longer waits for the bell to ring to run to the spitfires to engage massed bombers.  A virus sneaks undetected into the Fort and brings it to its knees without a shot being fired. If you are reading this on the metro going to work, the person sitting next to you in the black jacket might be the next George S Patton, but it’s more likely he will be the next Edward Snowden or Osama bin Laden. He is not helpfully wearing a uniform with a death skull on it to hint at his intent. He’s just a commuter with the power to earn a salary and put his kids through school, or to ensure you never see yours again.
The intelligence cycle and the military planning 12 step programs are hopelessly out of date. Machine thinking needs to give way to a biological mindset, one that emphasizes non-linearity, movement, viral contagion, where good ideas move at the speed of social media and the limits of possibility are circumscribed only by those things outside of human control – the rest is up for negotiation. MI likes to think of this as moving from Circular to Heliacal thinking. The Helix bends and curves, it has information moving in all directions, bit the arc of the helix bends to discovery. It might mutate, or it might evolve, but it moves. Circular thinking does not.
A counter argument for machinist thinking might be that it’s easier to teach – a check-list can be followed by the lowest enlisted warrior in times of stress (or those operating actual machines of war – where accurate performance is required).  Again, the draft is over, folks. The quality of personnel is at a historical high. The frustrations of machine thinking can be read in the blogs (and now books) of field grade officers who got out, frustrated that their talents were not being tapped. Hopefully they all went to satisfying jobs in Silicon Valley – many did – and they still want to give back but the huge grey/green monster has no place for them. This is wrong. Their opposite numbers in ISIS and Iran don’t have Silicon Valley to turn to, so they live in and innovate with a revolutionary’s zeal. While our best and brightest, who want to innovate, are sidelines as being too disruptive. Ironic, no?
Part of MIs evolving mission is to offer new ideas /perspectives. Some might find this disruptive. If you read MI and get agitated – fantastic! If you got bored – that would be a million times worse. Money is no substitute for creative thought. In fact it might be a hindrance. The apocryphal board room meeting where the CEO says “Gentlemen, we have run out of money, now we must think,” will always have purchase, and no more so than in the US DOD. Constraint, and not abundance, is often the motivation to innovation. In the comparatively resource-rich US national security world, the key constraint more often than not is a will to innovate and a culture that is comfortable with curiosity and novelty.
In the DOD, ‘we don’t have the resources’ is a typical lament. What is never heard is ‘alas, we don’t have imagination’ – except in national commissions that follow strategic disasters.
We lament the lack of resources all the time. Yet, how often have you heard someone say ‘We have too much curiosity around here. We keep picking apart our assumptions. There is simply too much imagination being exercised here.’
At the risk of creating a new 12 step program and thus defeating the whole point, MI acknowledges that PowerPoint thinking is so deeply ingrained in DOD thinking that it would probably be useful to readers to present possibilism in a slide, if for no other reason than to clarify where in the process certain steps should be followed. We hope it was clear enough in our narrative but present the slide as a summary. The key phrases are thus: curiosity – division of necessity form possibility – analysis generated empathy – combined with audacity – leading to the creation of an innovating plan that uses resources to achieve an objective.
For an example of possibilist thinking, read Robert Baer’s The Devil We Know: Dealing With the New Iranian Superpower, Crown: NY, 2008. Baer completely changed MIs mind on how to deal with Iran and why it’s important to drop established assumptions and reconsider from the ground up how to find advantage in what appears to be a no-win situation for the US. In short, Baer advocates dropping our long-held alignment with Sunni states in favor of finding common cause with Shia Iran, he shows how American thinkers have missed Iran’s evolution from revolutionary state to exporter of terrorism to stable grounded superpower driven by interests and not as ideologically rigid as is assumed in orthodox assessments of Iran. By contrast, Sunni states in the Gulf are incapable of defending themselves; they are weak and states in name only. They are challenged by radical Sunni extremists who are nihilists without a political agenda. Al-Qaeda, ISIS, and their kin desire to kill all those who do not believe as they do – Muslim or not. Yes, they want a Caliphate but they offer nothing beyond a return to 7th C draconianism. Baer makes a strong case that not only does Iran have the most powerful position and military capabilities in the region; it is driven by traditional state interests. “Ijtihad” is a Shia doctrine practiced by the Iranians that permits the exercise if independent judgment and allows for interpretations of The Koran according to reason and precedent. In sum, Iran is rational, Sunni terror groups are not. Iran is a powerful political, economic and cultural entity within a strong state architecture. None of these conditions apply to Sunni states or the terrorists that seek to unseat state power. Iran is organized, the Sunnis are not. He argues to settle with Iran as the best – or least worst – prospect for stability in the region, allowing the US to significantly reduce its footprint and thus resource allocation to the region. A settlement with Iran would also reflect the power realities on the ground in the Middle East and in many ways make local problems Iran’s problem, not ours.
Let Iran assume a leadership role with all the onerous responsibilities and costs of being a balancer.
This is a radical proposition. But Baer presents it with significant supporting evidence and reasoning. Clearly traditional ways of doing business has not resulted in positive outcomes for the US nor do new opportunities for stability and comity appear to be on the horizon. The Baer plan would sure shake things up and while there is significant risk for strife, especially given the position this would put Israel in, in the long term it might in fact help out Israeli partners because their current trajectory is not at all a positive one regardless of whether Sunnis or Shia are their main opponents.
The point for our poses however, is to illustrate how possibilism can generate some creative disruption, if for no other purpose than to encourage reframing old problems in new ways that from a different perspective, might offer new opportunities that otherwise were not previously visible.

Think differently.

Monday, December 18, 2017

The Blockchain and National Power

Bitcoin has jumped in price from $600 to $13,000 (at time of writing) and shows no sign of slowing down. MI estimates that Bitcoin (฿) and Ether, a sister cryprocurrency will continue their rise for the foreseeable future. its rise will not be linear as those who don’t understand it jump in and out, but its long-term trendlinsa will remain positive unless and until either the infrastructure can’t keep up or an as yet unknown flaw in the blockchain is discovered. corrections wil happen and eventually a floor will be established, but there is still a long way to go before the world arrives at that point. This assessment will explain how cryptocurrencies and more importantly, the blockchain technology underpinning them, have the potential to upend global finance and thus the architecture of economic and social relations.
The blockchain is a global open ledger. every single transaction is resolved across the entire distribution system simultaneously. Each transaction has a digital fingerprint and time/date stamp. The fingerprint is independantly verified per transaction by third party ‘accountants’. As more transactions occur, the fingerprint grows ao that every single transaction is recorded through time and space against the item being transacted. The item can be anything. The system started with ฿ but the item being tracked could be physical (like a car or a house deed) or intangible (like a cyber currency).
Tthis admittedly simple sounding system will revolutionalize the global order. First, it removes the middleman in any transaction. In currency, a bank is a middleman, so too are governments. Banks facilitate and reconcile the trade of $1 from Jane to Mary. Governments provide a legal frasmework wihtin which Jane and Mary conduct their transaction, and in most cases take a slice (taxes). The blockchain connects Jane to Mary directly, their transaction is not conducted by a bank or approved by a government. Their transaction is between them, the specifics are not visible to anyone but Jane and Mary. The existance of the transaction is verified not by Jane or Mary but by thrid partiesm the ‘accountants’. The verification takes place across all the platforms in the system at the same time. It is not mediated by a central pointm like a bank.
Guess who is worried about the blockchain? That’s right! Banks and governments! Global exchange of value, of any value, has shifted from a hierarchy beset with choke points to a distributed network. This changes everything! Banks and governments can no longer control finance or any other form of exchange in human relations. In fact, the blockchain renders banks irrelevant. We no longer need them to verify a transaction has taken place, nor do er need them to store the thing of value being traded or exchanged.  When a transaction takes place in the blockchain, everyone in the system is informed of the transaction by the change in the ledger, which is available to all, not held by a bank or a government.
What is the incentive for 3rd party ‘accountants’ to do the verification of a transaction? Simple, they are paid for that work. In cryptocurrency terms, these accountants are called ‘miners’ which MI thinks is a misnomer. They are not really digging ฿ out of the ground, they are in fact anonymously verifying,  cross referencing, and updating the ledger in exchange for a fracitonal payment drawn from each transaction. ฿ ‘farms’ or ‘mines’ can be built by anyone, and consist of special computer lashed up together to maximise the processing power required to verify transactions. The more machines, the faster they run, the more payment for providing this service. Note this service can be preovided by anyone, not approved actors in the system – which is what banks are in global finance.The system of verification is not just open to anyone with the right equipment (basically a souped up PC), it is also a global distributed network, and more importantly, it is self-regulating.
Imagine a world without banks to process transactions and store value? How wil governments surveil, regulate, and tax people and businesses in their territories and beyond? Blockchain eliminates the need for offshore banking and all that comes with it – shell company structures, lawyers and accountants, both in the home jurisdiction and in the offshore jurisdiction. Once tax havens twig to the fact that a ฿ wallet is a personalized offshore tax haven that you can carry in your pocket, and that requires no administration, a lot of island paradises will have to rely on tourism alone.
The ‘Panama Papers’ and the more recent ‘Paradise Papers’ revealled the tax cheats of the super rich. Perhaps ‘tax hack’ is a better term because much of offshore banking is legal. When faced with a $14 billion tax bill in Ireland, Apple simply moved its operations to Jersey, an island tax haven between Ireland and the UK. The 2017 tax reform debate was marketed at least in part as a way to encourage corporations to onshore their cash back into the US (although that does not guarantee they will automatically invest the trillions of dollars languishing offshore. They could equally just languish in US holdings).   Blockchain and cryptocurriencies remove the requirement for all the cat and mouse with the IRS.
A key feature of ฿ and the hundreds of other cryptocurrencies springing up everywhere is they rest in a digital wallet. The identity behind that wallet is anonymous. So too is its location. As the name should imply, a cryptocurrency is a digital code that represents a certain value. That’s it. It is either in a ballet or it is not. No one knows who owns the wallet r the jurisdiction in which it exists at any point in time. A wallet is highly mobile. It can be on a cell phone, laptop, thumb drive, or in cyberspace. Lose the chip where the data is stored and you lose your millions. That does not mean someine else will get access to it – they wills till ened the password. [Thus the importance of password gatekeepers that create uncrackable passwords. Their weak spot is the password to access the gatekeeper. Still, nothing is perfect, and the best way in remains human engineering (social manipulation)].
The US long ago got rid of the $1000 bill and the EI recently eliminated the 500 (euro) note to make it harder for criminals to move bulk cash. ฿ makes it possible to move unlimited amounts on a thumb drive – or in cyberspace. This completely bypasses state controls on borders and in global finance – where banks communicate via the SWIFT system and via both the Reserve bank in the countries party to a transaction but often also a major international bank which acts as a commercial clearing house. All of that is bypassed by ฿. Stopped at the border with more than $10,000 in cash? That’s a federal crime. With a ฿ wallet you can walk past that nice CBP officer wiht $10M on your flash drive attached to your key fob.
So guess who is flooding the zone of cryptocurrencies (CC)? Banks! Morgan Stanley, Chase, and a who’s who of American and international banking are all getting in on the act. They know better than anyone else that if they don’t, they cease to have a reason to exist. Talk about panic! THis is one of the motivations behind all the new cryptocurrencies flooding the market. Each is looking to enhance the drawbacks of ฿ but much more importantly, to insert some form of control into this new financial space. All of this misses the point that anonymity and privacy are the most prized feature of CC. This also partly refelects the fact that a lot of people are still struggling with comprehending  what the blockchain represents and how influential it will turn out to be. Is it a stock? Is it a currency? Is it an inventory control system? Is it a clearing house for property transactions? The answer is yes. ots confusing to people because blockchaings revolutionize all of these vital elements of economic interaction in the US and around the world.
Of course, none of this matters if businesses do not accept payment in ฿ (etc). A key reason why the value of ฿ shot through the roof in 2017 was its adoption by major movers in retail. Its adoption by second tier corporations was a useful indicator, but MI along with the rest of the world, or so it seems, was waiting to see if the silverbacks of global retail would permit payments in ฿ on their platforms. As soon as Amazon and Walmart moved, ฿ would take off. They both started accepting ฿ in their websites in early 2017 and ฿ value has been surging ever since.
its seemingly astronomic value will keep surging as the rest if the retail and banking world bandwagons. Hedge funds are now rushing into the zone. The general public, wondering what this strange button is on their Amazon pages, or hearing about massive price spikes, are treating ฿ like a stock and also rushing in – why use it to buy a tv when its price might double by next week. When it first started out an early adopter decided to convince his local pizza delivery company to accept ฿10,000 for a pepperoni pie. He advertised the transaction on social media and the value of ฿ doubled to a few cents. At the time of writing, ฿ was $13,000. That was some pizza! J
฿ has been volatile. Savvy investors know, where volatility exists, so does risk, but also incredible profit. Aside from the herd rushing in and out on the occasional scare, the big boys keep coming in – hard. That’s the key metric. They are not taking on that much risk as yet, but nor has ฿ reached anything like a plateau. The most serious risks involve a failure of the blockchain software(there have been legitimate scares and corrections in this domain and its governance remains opaque, by design, but possibly not sustainable in the long term), or a failure in supporting infrastructure.
Coinbase is instructive in this regard. It is currently one of the top CC exchanges in the US at the time of writing. The USG has been trying to force Coinbase to give up the identities of its customers. It got ugly pretty quickly. So far Coinbase has refused to hand over all its files but but has agreed to disclose its top 3% of CC holders.  What the USG is missing in its overzealous pursuit  of ฿ traders is they don’t have to use US exchanges. They will force buyers and sellers of CC off shore where they will be that much harder to surveil and control. For an Administration that is supposed to be about eliminating regulations and being pro-small business, this attack on Coinbase seems to be poorly thought out and slapdash  in implementation. It will likely be futile. The smell of panic behind that action may indicate that Treasury does not have much faith in its joint partnerships with other CC purveyors who are marketing CCs wiht tracking features (which of course defeats the point of CCs). Still, there is a long way to go and this is just a first shot across the bow by a worried government. They should be worried, they have a lot to lose (see below).
  MI’s guess is that most ‘mom and pop’ users of CCs will see them as an investment not a currency and treat them accordingly. They will buy them via their 401ks in their own names etc. Those that are offshoring today will be CCing tomorrow and they will be very hard to control as things currently stand. The USG needs to sit back and take a long perspective on this challenge and be smart about it. Panic will only hasten the thing they fear the most.
What is this fear? The blockchain blinds the Leviathan. The domestic and international financial power of the United States will be profoundly impacted by the blockchain. Without the ability to observe financial transactions, the US loses control. it’s that simple. This will have prosaic and profound implications. Financial intelligence is a huge industry but it is also a crucial element of national intellegence that it little understood outside if financial circles. Iran came to the negotiation table because of targeted sanctions (and unlike the DPRKm its economy was more advanced and thus vulnerable to economic pressure).  America’s power to manipulate global finances has dramatically escalated in the wake of 9/11 where Congress weaponized finance as a counter terrorism tool.Such weapons can manipulate a whole economy or be applied just against a dictator and his cronies – which in turn may promot that dictator to try and meddle in a US election as payback... just sayin’.
But the dangers to the USG are more profound than its ability to directly control the system of clobal finance and trade. It should fear its loss of indict control and indeed influence on the system. In other words, the primacy of the US dollar ($) as the global reserve currency. During the 2008 crisis, there was talk of the Euro superceeding the $ as capital flight to stability assessed Europe as the best bet. At that point , so the reasoning went, Brussels and not DC would call the shots, creditors and debtors would flee into the Euro and the valus of the US$ would plummet as teh mask protecting massive US debt, trade imbalances and all the rest, was ripped away by the force if the crisis. When the world depended on the US$ all of these pressures could be ignored, take away that dependance and things would change overnight.
There is an intersting anecdote in David E. Sanger’s Confront and Conceal that discusses a Chinese delegation that came to the US during the crisis. They had no interest in discussing macro or micro economic policies and plans, all they asked about was how was the US$ going to be stabilized so the debt they were owed would not simply disappear. America’s banker had come to town and they wanted to be sure they would be paid back. Indeed, it was they who floated the threat to shift to the Euro but that was always more rhetorical than real given the crippling effect it would have had on their debtor’s ability to pay them back.
Should the ฿ supplant the US$ and the global reserve currency, the US would lose its direct and indirect control over global finance overnight. A generation of irresponsible governance that blythely allowed cheap gimmick tax cuts in the face of two endless wars, and at the expense of much needed investments in infrastructure, people and services upon which a modern economy depend, has run up an unimaginable tab that will one day have to be paid. Such a day of reckoning would dwarf the 2008 crash because the entire system would implode, not just one important sector (housing finance).
If America sneezes and the world catches a cold, then it follows that if America has a massive brain hemmorhage, the world as we know it could end. The one possibility to avert total disaster may be in the seeds of its potential destruction. The blockchain. If it is introducedm adoptedm and settled into dominance through careful planning and implementation, there may be ways for the economists to avoid catastrophe. Thankfully, Washington is well known for long range, well thought out, deliberate planning. Where other countries think in 24 hour news cycles or 2 year election cycles, Washington thinks in terms of generations and is willing to sacrifice its acute need for immediate gratification in order ot position itself for gain in the medium to long term. (That’s MI sarcasm, dear reader.)

In every great crisis, a leader for the times seems to emerge. Who will be the blockchain Lincoln?

Friday, December 1, 2017

Little Big Horn – Cyber Edition

1Dec17

The Fort has fallen. Its defenses are down. The armory has been blown wide open and every last weapon stolen. Thousands of defenders manning their positions in a series of layered perimeters were unable to detect, let alone stop, the onslaught. The Fort’s Commander was unable to rally his troops to protect the heartland. The frontier will never be the same again. The insurgents are now in charge. With the weapons they stole they can roam, pillage, and destroy at will. No target is out of their reach. The world will never be the same again.
At Fort Meade, Maryland, cyber-Custer, Admiral Mike Rogers, and his once-invincible forces were not left in a bloody heap. They continue to sit in their cubicles, sipping their lattes, careful not to burn their lips. The absence of physical destruction belies the devastation within. Make no mistake, they have been hit much harder than George Custer and his troops. Their deaths, while tragic, did not change the strategic landscape, the contemporary reprise of Little Big Horn has already eclipsed  anything that has come before it. The Snowden revelations are nothing compared to cyber-Little Big Horn. This assessment will explain the significance of the attack and explore the consequences for US Security going forward.
Edward Snowden did not release his stolen files directly to the web, He handed them over to newspapers, leaving their editorial processes to decide what was, and was not, in the public interest. The worst of the Snowden files exposed Top Secret ‘named operations’ then underway. It revealed a vast surveillance program that operated outside of established conventions and laws. Snowden’s files were very valuable to America’s enemies because they enabled them to ‘connect the dots’ on NSA capabilities and operational focus. By contrast, cyber-Little Big Horn exposed named operations, but went much further – actual weapons were stolen. Weapons that took billons of dollars to develop in the most clandestine labs run by the USG. Weapons that gave their possessor untold power. Weapons that could now be turned against the mist technologically dependent country in the world. The United States of America.
In Confucianism, the TAO is ‘the correct way’ (or ‘Heaven’s way’) to understanding the source of all things. America had decoded the TAO. This precious knowledge was used to create the closest any country has come to omniscience, and thus, omnipotence. The TAO was stolen right from under the nose of the NSA and is now for sale on the dark web to anyone. Iran, North Korea, ISIS, fat kids in basements, for a small fee they now wield the greatest cyber weapons ever invented. In the secret world, particularly at the cutting edge, where imagination and creativity reign, special organizations take on names and unit patches that are in-jokes to the select few who are ‘read-in’ to their programs. Tailored Access Operations, or TAO, was the jewel in the crown of the NSA and US Cyber Command. TAO gave these powerful intelligence and operations arms of government god-like access and control of virtually any system on earth – even ‘air-gapped’ systems. There is almost no human activity on earth that is not dependent at some point on networked computers. TAO gave America the source of all things.
From this secret knowledge, a series if super-weapons were created that facilitated clandestine and covert access, and if needed, control of computer networked operations both military and civil, of any country on earth. Need to shut down an air defense system in order to run a CT mission undetected inside a city? TAO might be one of the arrows in the quiver. Need to ensure an opponent can’t access funds or special components for their WMD programs? TAO might help. Need to break a sufficient number of centrifuges to delay the progress of a secret nuclear program? TAO is there for you.  Need to blow up ICBMs on their launch pads before they are launched against San Francisco> Who ya gonna call?
Often TAOs weapons were not used because the risk of revealing the existence of the program was a far higher cost than the estimated benefit if the deployment if the weapon. This is a serious leadership challenge. Getting the cost/benefit risk assessment right for programs of national significance requires very fine judgement. There will be cases where very important operations that can’t be done by other means, will be passed over simply because the risk of exposure. This should give some sense of the importance and impact of this hack.
The Fort was attacked by a group that goes by the name ‘The Shadow Brokers’. Unsurprisingly very little is known about them and just how, exactly, they took down Ft Meade. The NSA and USCYBERCOMMAND are at the very forefront of cyber security, both defense and offense. It is unimaginable that they were hacked. Unimaginable to whom? Herein lies an important challenge in intelligence, seeing things for what they are, not as we’d like to see them. To date, investigations have focused on three employees. Human error or outright espionage are suspected. The following observations are all made based on alleged conduct portrayed in credible newspapers. One suspect has not been named nor much information released about them at all. Another, Reality Winner [sic] is accused of releasing one Top Secret document that refuted a claim by President Trump. The final person of interest is Harold T Martin III who was arrested after a significant cache of classified materials was found at his home. Based on current reporting, neither of the named suspects appears to have had sufficient data to be part of the Shadow Brokers plot, at least knowingly and directly. Mr. Martin’s story will sound familiar to those who know the Ft. Highly intelligent, a huge nerd (that should go without saying), possibly lacking many friends and certainly lacking any hobbies, was fascinated by his work and took it home with him, despite the prohibition on removing classified information from secure facilities. Reports suggest he was removing classified information from secure facilities. Reports suggest he was over-dedicated to his work, not a spy. Still, the poor guy will pay an outsized price for being an eccentric who lost track of the rules in his laser focus on the fascinating challenges of solving puzzles. It is a crying shame the system didn’t help him before his obsession went this far.
The unknown suspect is the most interesting at this stage. He or she was a software developer and arrested for taking NSA classified material home in 2015. It is alleged that Russian hackers accessed some of those files, whether wittingly or not, has not been disclosed. Given the status of this individual, the chances are their identity and details about their activity are being suppressed so that the Russians and/or Shadow Brokers di not learn from the case. He or she might be working with law enforcement, helping to catch the culprits. Human engineering is always the easiest way in to a hard target, so it makes sense that effort is being put in to evaluating operational security protocols. But what if the NSA/USCYBERCOM was hacked pure and simple? Will over confidence prevent the cyber=spooks from really finding out what happened? In WWII the Nazis could not imagine that the British cracked their codes. The German obsession with order was, in part, their undoing. Starting and ending every message with ‘Heil Hitler’, for example, enabled Bletchley Park to often get the key for the day. Likewise, each Enigma operator has a signature style on their Morse key. They soon had personalities. It was then possible to link ‘Operator X’ with his wheel settings, which would always be his girlfriend’s initials or a birthday (for example), the wartime equivalent of using an easy password (such as ‘password’). MI encourages NSA investigators to not be over confident, not to assume anything, and to follow every lead down. If it was a direct hack on the Ft, as embarrassing as that might be, it is essential to know it and act on it accordingly.
What is cyber warfare?
Way back in the 1990s when MI (in a different guise) was writing about the emergence of warfare in the cyber domain, there was a lot of discussion about cyber-Pearl Harbor’s and what ‘virtual war’ would look like. Could it actually kill people? How did hacking a website change anything if military, let alone strategic, significance? We have come a long way since then. Cyber is still rapidly evolving and is still confusing even to those who study it. MI has an easy to understand explanation of cyber warfare.
Cyber warfare operates in two primary dimensions = the physical and the narrative. The 2016 election is a classic case in point. At first, mist of the commentary was concerned about hacking of ballot boxes to change votes. Except, as the news media soon learned, US elections are incredibly distributed, low tech affairs, governed by local laws and/or arrangements. In short, most ballot boxes were manual, not digital. There was almost nothing to hack. It did not take long for evidence of narrative driven cyber ops to come to light. These turned out to be devastating in part because they were largely invisible to victim and systems alike.
Narrative cyber ops are another way of saying digital propaganda. The United States is awash in digital propaganda, both home grown and foreign. In a meeting of senior defense leaders MI (again in another guise) decided to conduct an unwitting test of the audience.  MI said that ‘of course, Fox News has been paid millions by Iran to sow confusion and discord into the American electorate in order to advance clandestine Iranian programs’. Incredibly, the audience didn’t even blink. The response was akin to ‘tell us something we don’t know’. When MI quickly told the group that this was a fake claim to see how they would react to the proposition that America was awash in homegrown propaganda, various viewpoints were expressed but the ‘take away’ was that America was being manipulated both from inside and out. This was not a 2017 discussion, this occurred in 2012. The dangers if the era of ‘fake news’ was apparent ling before even 2012.
One of the greatest ironies of US national security is that while Madison Avenue, media conglomerates, corporations, political parties, super-empowered pundits, and incredibly influential blogs like MI ( ;-)  - not true, only the facts and profound analysis here), have been spinning Americans into complete incomprehension even about simple facts, the US military is utterly hopeless at propaganda and influence operations. They still think pamphlet drops are game-changers, while kids in the west sit for hour after hour and day after day, watching ISIS ‘heroes’ making war on allied forces and being told that they are winning. Efforts to create ‘counter-narratives’ have been laughable, if well intentioned and funded. Just ask the State Department’s experts in this field.
So the 2016 election was the natural outgrowth of homegrown spin. An unstable polity was angry and ripe for disruption. There was a great story early in the election about a bunch of kids in Macedonia who ran fake news sites with the most outrageous headlines, all for a lark. There were soon shocked to discover that not only were their obvious lies making money (clickbait) but people were taking their prank seriously, and in some cases to absurd ends. A 61yr old interviewed for the story said he could not believe anyone would take the stories seriously, it was a prank, and they had no intention of changing an American election.
There were much more extreme examples of digital manipulation. The conspiracy theory site info-wars ‘reported’ that Hilary Clinton was murdering people and chopping them up. Then came the ‘Cosmic Pizza’ story. It alleged that a presidential candidate for a major political party was running a child sex ring from a suburban DC pizzeria while running for the highest office in the land. That’s not the shocking bit. Thousands of citizens took this very seriously, as fact. One was so distressed by the story he drove to DC from NC and shot up the pizzeria with an assault rifle in an attempt “to free the children”. These and hundreds of stories like them were circulating and significant portions of the voting public believed them.
Think about that for a minute.
In Britain, the tabloids have always been full of what we now call clickbait. They are a source of amusement as people ride the Tube home after a hard day’s work. It’s tongue-in-cheek and everyone knows it is frivolous ‘entertainment’. In America, clickbait is treated as if it came directly from Walter Cronkite. At the same time, quality established news sources, like The New York Times, and BBC America, are derided as elitist and manipulative, but a kid’s website in Macedonia is credible. Fox News, which never fails to proclaim that it’s the most authoritative, most watched, most highly rated news channel, simultaneously claims to be the underdog fighting the insanity if the ‘mainstream media’.it does not get more mainstream and controlling than Fox. The fact they can pull this blatant propaganda off without being called on it blows MI’s collective mind. [Their current attacks on the Muller probe as being a new KGB is the kind of ‘journalism’ MI condemns].
It was reported in the New York Times that “nearly one in three Americans cannot name a single branch of government. [and] When NPR tweeted out sections of the Declaration of Independence…many people were outraged. They mistook Thomas Jefferson’s fighting words for anti-Trump propaganda”. This led Tim Egan to assert that “a huge percentage of the population cannot tell fact from fiction” (“Look in the Mirror: We’re With Stupid”, NYT, 11/18/17, p.A18).
With a population that gullible, the Russians had a field day with the US election. Is there a ‘smoking gun’ that proves beyond all doubt that cyber narrative ops swung the election to Trump? No. That’s why it’s the perfect weapon.  The Russians didn’t need to break into ballot boxes; they just had to play with the fears and rage Americans were ‘feeling’. It was embarrassingly easy, a bunch of kids could have done it… oh wait….  Not only could the NSA and USCYBERCOM not stop the Shadow Brokers, they couldn’t stop a bunch of kids in the Balkans from brain washing the American public.

Cyber warfare and Social Media: Narrative Ops Gone Wild.
Remember the old New Yorker cartoon “On the internet, no one knows you’re a dog!” That author completely nailed it. He did so in the pre-social media era, which makes his insight that much more impressive.
 

During the 2016 election Facebook became a doggy day care center. First, conservatives assailed Mark Zuckerberg for manipulating people’s news feeds to downplay conservative viewpoints. The algorithm was quickly reset. Then, right after the election, allegations began to surface that the Russians had manipulated Facebook via its ‘troll armies’, creating fake profiles for individuals and groups, as well as buying advertisement space. Again, Zuckerberg came out with denials, and again, he soon changed his tune. Turns out, Russia was willing to pay. The old Soviet toolkit of ‘active measures’ has been updated for the digital age and applied to social media. The outcome? American citizens facing off against each other in the streets and fighting erupting between them, all thanks to fake groups stirring up tension and organizing protests. It was remote control protest from Moscow and Americans mindlessly doing their bidding.
It’s not just bogus advertisers and bogus accounts; it’s the manipulation of users’ emotions. It was undetected (at the time) and was incredibly successful. In the old days, agi-prop took time, effort, money, and most of all, a lot of people. Now it’s instigated with a few hundred thousand bucks and the click of a mouse. The best thing? It’s impossible to prove if it happened and if it gave the election to Trump. There can be no counter-call to action when it’s impossible to prove an action took place. This changes politics.
This is not the first time that Facebook has been used to create a mass effect. Social media is free. You do not pay a subscription for it’s services. Yet social media companies are some of the most highly valued corporations in the world. Where does the money come from? Data mining. Facebook has changed how people discover they really needed something they were not thinking about two minutes ago. Previously ads were wide-cast on TV. Great for mass consumption but not helpful for boutique interests that were hard for retailers to target. Facebook solves all that. If you have listed your interest in Taylor Swift or ancient Egyptian artifacts, moments later direct and indirect suggestions will come flooding in. The same applies to your political beliefs. Hate Hilary? Then guess what suggestions ‘you might like’ will come up with in both news feeds and other merchandise on offer. What the railroads and oil were to the 18th and 19th centuries, datamining is to the 21st century. The best thing is you no longer buy a ticket or fill a tank, you just ‘like’ stuff and you are instantly surrounded by it, whether it’s physical or narrative.
Social media has changed society in so many ways, but the most pernicious is its impact on out attitudes to privacy. Think about the information you freely give to social media. On dating sites, for example, you provide pictures as well as highly personal and detailed sexual, drug, employment and social histories. Some sites employ Miers-Briggs psychological surveys. Often in-depth mini narratives are required revealing all sorts if incredibly persona; preferences. In a court case in NY, Facebook submitted the following summary to the court, as reported in Robert Scheer’s They Know Everything About You, (2015, p96):
People use Facebook to share information about themselves, much of it personal. This information includes:
·        The person’s age, religion, city of birth, educational affiliations, employment, family members, children, grand-children, partner, friends, places visited, favorite music… movies, television shows, books, quotes, [foods, beverages], things ‘Liked’, events to attend, affiliated groups, fitness, sexual orientation, relationship status, and political views.
·        The person’s thoughts about: religion, sexual orientation, relationship status, political views, future aspirations, values, ethics, ideology, current events, fashion, friends, public figures, celebrity, lifestyles celebrations, grief, frustrations, infidelity, social-interactions, or intimate behavior.
·        The person’s photographs and videos [Here he quotes a long list of examples, most containing geo-location and time-stamped data.]
·        The person’s private hardships [and] intimate diary entries….
Targeted marketing is nothing new but its reach in the information age has become almost limitless. Data broking is a multi-billion dollar industry. It combines mass consumer surveillance derived from patterns in spending collected by credit and loyalty cards, with off-line data collected from real estate and motor vehicle records, warranty cards, home ownership and property values, marital status, annual income, educational levels, travel records, credit records, to provide a detailed picture of an individual’s life. The biggest corporation in the personal data field in the US, Acxiom advertises its ability to soon reach “more than 99% of the adult US population…across all channels and devices.” (Scheer, p.59).
If almost total access to your data was not enough, people are now handing over their DNA to corporations – not digital DNA (corporations have had that for years), actual biological DNA. For the low, low, fee of $24.99 a variety of companies will now collect and analyze your biological DNA, ostensibly for the purposes of helping you understand your ethnic background and to assist working on family trees. Smart watches are now mini all-purpose health monitors, assessing everything from heart rhythm, sleep patterns, insulin levels, exercise monitoring, and so on. People are paying for corporations to monitor their every word said in the ‘privacy’ of their homes. Alexa and her sisters are always listening and recording, sending big sister all of your utterances (not just commands). Alexa and the girls have to listen to ensure they know when you call, but people have not yet cottoned to the fact that Amazon has sold them a baby monitor for their house and the consumer is the baby. Alexa has already been subpoenaed to testify in a murder trial.  I’m not making this up. Her constant surveillance and recordings were collected in order to determine what really happened in someone’s living room where an occupant was left dead. No one called out “Hey, Alexa, I’m about to kill someone.” Every Google and YouTube search you do is recorded. That’s how they get the predictive searching as you type something into the search window.  The metadata collected forms fascination patterns that are mined for commercial purposes. The same patterns can be mined for other purposes, too.
When the Obama Administration went after journalist James Risen, on suspicion of printing leaks of classified material, they did not have to threaten Mr. Risen with contempt and thus jail time. They just had to access his cell phone and laptop data and/or records to harvest the metadata, see the patterns and find the leaks. There is a case before the Supreme Court right now, US v Carpenter, which will determine if 3rd party data, such as phone records, should be protected under the 4th Amendment. Current law states that no warrant is required to harvest 3rd party data. The Onion satirical newspaper and video YouTube page, which masquerades as a “news site”, has a video of “CIA Special Agent Mark Zuckerberg” getting a special award for making the job of intelligence and law enforcement effort-free. Nut the joke is on social media users and the electorate.
US Customs and Border Protection (CBP) are now seizing tens of thousands of digital platforms at the border and have been empowered to demand log-in data, such as your ID and password, so they can log in to your social media. This applies to US citizens, green card holders and foreign visitors. The “border exception” to the 4th Amendment permits searches and seizures during routine border searches (they cannot be used, for example, as part of an ongoing investigation to deny a suspect’s 4th Amendment rights).So far this extraordinary invasion of privacy has not been challenged in the courts, but it’s only a matter of time.
The news is constantly pulsed with hacking stories. From the White House to your house, nothing seems sacred. In 2013, 3 billion Yahoo accounts were hacked. In 2017, 143 million credit reports owned by Equifax (one of the big three credit reporting agencies and upon which the entire US economy depends). Also in 2017, 198 million voter records were accessed (all stats from, “How Privacy as We Know It Died”, NYT 6Oct17, p.A27). Ever keen to exploit an opportunity, Google announced that it would move into the credit reporting space by linking billions of credit card transactions to the online behavior of its users (Google announcement, 23May17).
With all this data available and the ready ability to sift, sort, and find patterns, incredible power is now on the hands of those who own the data and the patterns it creates. Before the 2016 election, which was a proof of concept in many ways, a group of social scientists get permission from Facebook to conduct an experiment to assess if it was possible to artificially create a mass “emotional contagion”. The experiment allowed the scientists to manipulate the news feeds of 700,000 FB users to see how they would react. The study was reported in the Proceedings of the National Academy  of Sciences (June 2014) found that:
Emotions expressed by friends, via online social networks, influence our own moods, constituting, to our knowledge, the first experimental evidence for massive-scale contagion via social networks.
The controversy surrounding this experiment, that forced FB CEO Sheryl Sandberg to apologize, was nothing compared to the manipulation that took place during the 2016 election. FB is still coming to terms with just how deeply they were played, with fake accounts, groups, chat rooms and so on. FB was not alone; troll armies had invaded a range of platforms. Senator Mark Warner (D-VA) spoke for many on the Intelligence Committee when he remonstrated representatives if ‘The Five’ over their lack of understanding and even concern at the degree to which they were unwitting vehicles of Russian ‘active-measures’. The corporations treated the hearings as spin sessions and have still yet to really get to grips with the incredible power and reach of cyber narrative ops. The less educated, more politically frustrated the general public are, the more susceptible they will be to orchestrated mass contagion mounted by our friends in Moscow, Tehran and Beijing.
The ultimate ‘off-line’ data
One database that should have never been accessed is the Office of Personnel Management’s security clearance data base for the entire federal and contractor workforce. The OPM is not a national security agency, yet it was charged with conduction all security clearance investigations for the United States, The records if those investigations, which include the SF-86, biometric data, interview records (with both the subject of the investigation and those selected by OPM to verify the professional and personal history of the subject), as well as internal OPM assessments of each security clearance candidate, were stolen by the People’s Republic of China. The human capitol blueprint of the entire national security establishment is now in Beijing.
The SF-86 contains all the data in FB and then some. Going back either 5 or 10 years applicants must provide a complete and accurate record if their residential, educational, financial, travel, social, and political history.  These records are cross checked on databases and in personal interviews. Failure to accurately record the correct information or changes to the record over time (new travel, meeting foreigners etc.) can result in criminal indictment.  This has been a factor in investigations of various Trump Administration officials who have been required to update their SF-86s as reported in the media. The central concern in granting a security clearance is that the subject cannot be blackmailed. That can happen if someone other than the USG knows all the details of someone’s life, including some specifics that might be embarrassing.  The usual position is that so long as the subject reveals all to the USG they insulate themselves from blackmail. It takes a lot of trust to give the federal government all that detail. There is an expectation that the trust will be returned in the USG protecting all that sensitive data (and analysis thereof), if not as part of a social contract with the national security employee, then for simple national self interest. This trust was broken by lax security standards at OPM and carries phenomenal national security risks.
China has a complete roster of every single American with a security clearance. That allows them to instigate social contagion within that sensitive group. It facilitates attempted blackmail to gain national secrets. It allows China to track and constantly monitor anyone of interest to the PRC, from deep under cover CIA officers to Tier I special forces, to the administrative assistant to the Director of Central Intelligence against whom HUMINT, SIGINT, CYBERINT, assets can be brought to bear. Anywhere there is a camera or mic there is a threat. By tapping a target’s cell phone, lap top, vehicle, home security system, either tapping into the cameras on these devices or audio or keyboards, the Chinese can monitor, spoof, manipulate, or ruin anyone they want. Further, anywhere else there is a camera: gas stations, Starbucks, airports, ATMs, city streets; targets can be monitored domestically or internationally. Try passing through Europe undercover when China taps into any device in your person or around you. Both targeted operations as well as wide area surveillance of key choke points (airports, embassies, hotels authorized by the Defense Travel System) will catch undercover or overt operatives, as well as run of the mill national security personnel. The OPM hack is an unmitigated disaster and it will only be diluted over time as personnel change – assuming of course that the OPM records are secured into the future.
Cyber Warfare and Big Data
Big data provides a link across mixed database platforms to scan, sort, associate and see patterns that would otherwise be invisible. It can take a CCTV feed from the streets of London and cross reference it to FB, Twitter, and OPM records, to provide near real time feedback if a person or a device associated with them walks within surveillance range, for example. It knows where you are and what your typical spending patterns look like, so when your credit card is used to buy an air ticket, the credit card company is notified along with the TSA and other agencies, to question who is really travelling. The examples of the application of big data are only limited by your imagination. There is a full-blown Tom Clancy novel just waiting to happen where the guys in charge in the narrative are not in Washington, but Tehran or Beirut or Addis Ababa.
People, places, things, and actions, are now essentially totally transparent. Placing Social media records, against consumer data, against offline data, and cross checked against OPM data, virtually removes the shadows in which America’s leading covert and clandestine operators dwell. The same applies to senior leadership of national security agencies, government scientists, your mom and your kids’ little league team. This is particularly dangerous for USG employees, but it is equally as potentially threatening to the average citizen.
Mass manipulation, social contagion, is possible if it appears credible. Big data gives users the ability to create highly credible narratives that can be used to sell you something or to create a political effect. It can be a mass effect or targeted to an individual. Mixing narrative cyber ops with physical cyber ops in the context of big data changes everything. The scope, depth, and speed of these drivers of change are unrelenting and expanding/accelerating. Consider the impact of future technologies that are already emerging.
Future Tech and National Security
IFlyTek, a Chinese artificial technology company, has been busy creating a biometric image and voice recognition database, most likely drawing from 800 million subscribers to China Mobile, its parent company. This technology allows it to pick a target in a crowd either by recognizing their face or voice and “record everything that person says” (“Pushing AI Boundaries in China”, NYT, 4Dec17, p.B1). it already has President Trump’s voice in its database. On his recent visit to Beijing he spoke via teleconference to a technology conference and switched from English to Mandarin. Except Trump can’t speak Chinese; it’s the technology that made it appear as though he could. Linking voice, and face ‘finger prints’ across big data platforms is impressive. Taking that data and applying CGI, 3D imaging, and other audio-visual artificial ‘creative technologies’ to it, opens a pathway to the creation of completely artificial ‘videos’ of people saying and doing anything.
This will make today’s ‘fake news’ a charming historical artifact soon enough. If we already struggle with defining what is real based on manipulation of text, which can be back-checked easily enough, the creation of ‘artificial reality’ videos will up-end all social relations, form the political and national security to the personal. Empowering narrative cyber-ops with these new technologies will be a game-changer.
Right now, the combination of biometric data (finger prints, facial recognition, voice recognition, and even gait recognition) with geo-location, autonomous armed drones, all linked across big data, makes for some interesting scenarios involving the uses od such technologies. MI can see a bright sunny spring day in Washington, the President walking along the colonnade from the West Wing back to the Residence and a distant hum that sounds like a lawnmower trimming the ellipse, yet that humming is getting louder and louder…
Conclusion
For all the billions  invested in cyber security, the millions of top security professionals inside government and contracted to it, the cyber national security establishment has singularly failed to protect the government, national institutions, American economic icons, and the public from surveillance, threats, and outright attacks emerging from the cyber domain.

MI has an abiding concern that the Executive branch of government has got far too big, lumbering, unimaginative, and bureaucratic, for it to meet its primary mission of protecting the American people. The structure of government, and in particular the power of the purse in Congress, creates a mindset in government that innovation is easily obtained by throwing more money at a problem or worse, creating yet another bloated bureaucracy to address some emerging suite of threats. MI thinks the opposite is true. The Executive needs to radically slim down and to reassess how it can go about achieving its ends by thinking smart, not spending large. The 16 intelligence agencies never fail to collect the dots; they failed to connect the dots. Insiders know that all that exhaustive collection is done because it can be done. It is not used to anticipate and deter or defeat threats. It is used to assess what happened in the aftermath. America is great at disaster recovery but not prevention. This generalization does not hold across all areas of national security. Where creativity is allowed to flourish free from nagging budgetary considerations, with the right people, with the right education and corporate mindset, by which MI means an architecture of ‘open’ thinking, not the ‘closed’ thinking that is typical of government and the all too real caricature that most citizens have of government, America can do almost anything. We see the right corporate culture in Silicon Valley – not everywhere or evenly. But if it can still be said to exist anywhere in America, that’s the place. Great studies do not need to be done, May have already been done. The key distinguishing characteristic if innovation is open versus closed thinking, trial and error, willingness to take risks in an environment free from petty accusation. MI acknowledges this is a pretty tall order. But the fact is, not everyone can be a US Navy SEAL, and not every SEAL can be in SEAL TEAM VI. Likewise, not everyone can earn a PhD and not every PhD is from Harvard. America needs to see competence for what it is and stop this cultural revolution of anti-elitism. High end national security requires the very best people and the creation and nurturing of the very best open cultures. MI’s team has been lucky enough to see places where this happens in the top security teams – like the NSA’a TAO. Organizations like that make working in government so incredibly rewarding, so long as they were well led and everyone is able to put differences aside and focus on the mission. At a time when America is ceding its advantages in a highly competitive world, where China’s  President exclaims that China will move to center stage and the very smart President of France is caught off-mic  saying ‘China is now the leader’, America needs to look beyond its endless psy-ops in itself and focus in maintaining what we are good at and improving on where we have been slipping. Given the trend lines of both the technologies considered here and the threat streams that we face, we will suffer minor and major loss after loss on the battlefield if we don’t change. The battlefield is now in your phone and in your mind. 

The Real Coup Plot Is Trump’s

MI has not posted other content before. However, the essay linked below explains what MI refers to as 'American Self-Propagandizing'...