Tag Archive for: democratic

How Have Information Operations Affected the Integrity of Democratic Elections in Latin America?


In October 2020, Nicaragua’s legislature passed a bill that criminalizes the publishing of information not approved by the government in a purported effort to combat “fake news.” The legislation, promoted by Nicaragua’s strongman President Daniel Ortega, raises a host of serious free speech concerns. But the fact that the Nicaraguan government decided to put its marker down on “fake news” speaks in part to a real trend to watch: Across Latin America, information operations have become increasingly prevalent. 

Information operations have posed a particularly serious threat to the integrity of democratic elections in the region, and the matter is only going to worsen if left unaddressed. The issue even caught the attention of some U.S. lawmakers, who worry about the increasing cyberattacks seeking to delegitimize elections in Latin America. Sen. Tim Kaine, for example, asked during a Senate Armed Services Committee hearing on March 25: “What might Cyber Command do, together with SOUTHCOM, to try to help our allies in the region avoid this escalating trend of disinformation that destabilizes democratic elections?”

Background

The rise of misinformation (the spread of unintentionally false information) and disinformation (the spread of intentionally false information) as a force in Latin American elections stems from several factors. The region’s long election cycles, characterized by varying electoral systems and numerous runoff elections, complicate the election process in Latin American countries. And then there’s the issue of growing tensions between governments and private citizens, thanks to the region’s declining state of democracy and growing inequality. Moreover, social media platforms like WhatsApp have become an integral part of the communication ecosystem for the public—but these platforms are also the cornerstone of many disinformation and misinformation efforts. Add to that the growth in popularity of hyperpartisan websites and outlets, and Latin America has fertile ground for information operations.

While many of the operations in the region have not been linked directly to foreign governments, U.S. Southern Command’s Adm. Craig Faller spoke

Source…

Democratic senators press third party involved in Quest Diagnostics, LabCorp data breach | TheHill – The Hill

Democratic senators press third party involved in Quest Diagnostics, LabCorp data breach | TheHill  The Hill

Democratic Sens. Cory Booker (N.J.) and Bob Menendez (N.J.) are demanding answers from the third-party billing collection group at the center of a data breach …

“data breach” – read more

Democratic Party’s network security still lags behind GOP, researchers find

The Democratic National Committee (DNC) has improved its information security since 2016, but it still has some weaknesses that could be exploited by attackers, researchers at SecurityScorecard found. The Republican National Committee is still a little ahead but has problems of its own.

Enlarge / The Democratic National Committee (DNC) has improved its information security since 2016, but it still has some weaknesses that could be exploited by attackers, researchers at SecurityScorecard found. The Republican National Committee is still a little ahead but has problems of its own. (credit: Andrew Harrer/Bloomberg via Getty Images)

In a study of US and European political parties’ security postures, researchers at the security-monitoring company SecurityScorecard found that while the Democratic National Committee had made “significant investments” in security since being hacked in 2016, the Democrats still lagged behind the Republican National Committee’s defenses. And both parties have problems that could still leak personally identifying information about voters.

According to the report, one major US political party was “programmatically leaking” personal information about voters through a voting validation application “which enumerates voter name, date of birth and address via search terms,” the researchers noted. The vulnerability was disclosed to the party involved and other “appropriate parties.”

SecurityScorecard’s team looked at the DNC, RNC, Green Party, and Libertarian Party in the US. The Green Party had the best overall scores for security measures, while the Libertarian Party had a more laissez-faire approach to information security than the others—with a failing grade for its management of its domain name records, specifically for a total absence of Sender Protection Framework (SPF) records. The lack of SPF records means that it’s more likely Libertarian Party domains could be spoofed in spear-phishing campaigns like those that were used to target the DNC in 2016. The Libertarians did come out ahead on network security scores, however.

Read 3 remaining paragraphs | Comments

Biz & IT – Ars Technica

Democratic National Committee’s Lawsuit Against Russians, Wikileaks And Various Trump Associates Full Of Legally Nutty Arguments

This morning I saw a lot of excitement and happiness from folks who greatly dislike President Trump over the fact that the Democratic National Committee had filed a giant lawsuit against Russia, the GRU, Guccifier 2, Wikileaks, Julian Assange, the Trump campaign, Donald Trump Jr., Jared Kushner, Paul Manafort, Roger Stone and a few other names you might recognize if you’ve followed the whole Trump / Russia soap opera over the past year and a half. My first reaction was that this was unlikely to be the kind of thing we’d cover on Techdirt, because it seemed like a typical political thing. But, then I looked at the actual complaint and it’s basically a laundry list of the laws that we regularly talk about (especially about how they’re abused in litigation). Seriously, look at the complaint. There’s a CFAA claim, an SCA claim, a DMCA claim, a “Trade Secrets Act” claim… and everyone’s favorite: a RICO claim.

Most of the time when we see these laws used, they’re indications of pretty weak lawsuits, and going through this one, that definitely seems to be the case here. Indeed, some of the claims made by the DNC here are so outrageous that they would effectively make some fairly basic reporting illegal. One would have hoped that the DNC wouldn’t seek to set a precedent that reporting on leaked documents is against the law — especially given how reliant the DNC now is on leaks being reported on in their effort to bring down the existing president. I’m not going to go through the whole lawsuit, but let’s touch on a few of the more nutty claims here.

The crux of the complaint is that these groups / individuals worked together in a conspiracy to leak DNC emails and documents. And, there’s little doubt at this point that the Russians were behind the hack and leak of the documents, and that Wikileaks published them. Similarly there’s little doubt that the Trump campaign was happy about these things, and that a few Trump-connected people had some contacts with some Russians. Does that add up to a conspiracy? My gut reaction is to always rely on Ken “Popehat” White’s IT’S NOT RICO, DAMMIT line, but I’ll leave that analysis to folks who are more familiar with RICO.

But let’s look at parts we are familiar with, starting with the DMCA claim, since that’s the one that caught my eye first. A DMCA claim? What the hell does copyright have to do with any of this? Well…

Plaintiff’s computer networks and files contained information subject to protection under the copyright laws of the United States, including campaign strategy documents and opposition research that were illegally accessed without authorization by Russia and the GRU.

Access to copyrighted material contained on Plaintiff’s computer networks and email was controlled by technological measures, including measures restricting remote access, firewalls, and measures restricting acess to users with valid credentials and passwords.

In violation of 17 U.S.C. § 1201(a), Russia, the GRU, and GRU Operative #1 circumvented these technological protection measures by stealing credentials from authorized users, condcting a “password dump” to unlawfully obtain passwords to the system controlling access to the DNC’s domain, and installing malware on Plaintiff’s computer systems.

Holy shit. This is the DNC trying to use DMCA 1201 as a mini-CFAA. They’re not supposed to do that. 1201 is the anti-circumvention part of the DMCA and is supposed to be about stopping people from hacking around DRM to free copyright-covered material. Of course, 1201 has been used in all sorts of other ways — like trying to stop the sale of printer cartridges and garage door openers — but this seems like a real stretch. Russia hacking into the DNC had literally nothing to do with copyright or DRM. Squeezing a copyright claim in here is just silly and could set an awful precedent about using 1201 as an alternate CFAA (we’ll get to the CFAA claims in a moment). If this holds, nearly any computer break-in to copy content would also lead to DMCA claims. That’s just silly.

Onto the CFAA part. As we’ve noted over the years, the Computer Fraud and Abuse Act is quite frequently abused. Written in response to the movie War Games to target “hacking,” the law has been used for basically any “this person did something we dislike on a computer” type issues. It’s been dubbed “the law that sticks” because in absence of any other claims that one always sticks because of how broad it is.

At least this case does involve actual hacking. I mean, someone hacked into the DNC’s network, so it actually feels (amazingly) that this may be one case where the CFAA claims are legit. Those claims are just targeting the Russians, who were the only ones who actually hacked the DNC. So, I’m actually fine with those claims. Other than the fact that they’re useless. It’s not like the Russian Federation or the GRU is going to show up in court to defend this. And they’re certainly not going to agree to discovery. I doubt they’ll acknowledge the lawsuit at all, frankly. So… reasonable claims, impossible target.

Then there’s the Stored Communications Act (SCA), which is a part of ECPA, the Electronic Communications Privacy Act, which we’ve written about a ton and it does have lots of its own problems. These claims are also just against Russia, the GRU and Guccifer 2.0, and like the DMCA claims appear to be highly repetitive with the CFAA claims. Instead of just unauthorized access, it’s now unauthorized access… to communications.

It’s then when we get into the trade secrets part where things get… much more problematic. These claims are brought against not just the Russians, but also Wikileaks and Julian Assange. Even if you absolutely hate and / or distrust Assange, these claims are incredibly problematic against Wikileaks.

Defendants Russia, the GRU, GRU Operative #1, WikiLeaks, and Assange disclosed Plaintiff’s trade secrets without consent, on multiple dates, discussed herein, knowing or having reason to know that trade secrets were acquired by improper means.

If that violates the law, then the law is unconstitutional. The press regularly publishes trade secrets that may have been acquired by improper means by others and handed to the press (as is the case with this content being handed to Wikileaks). Saying that merely disclosing the information is a violation of the law raises serious First Amendment issues for the press.

I mean, what’s to stop President Trump from using the very same argument against the press for revealing, say, his tax returns? Or reports about business deals gone bad, or the details of secretive contracts? These could all be considered “trade secrets” and if the press can’t publish them that would be a huge, huge problem.

In a later claim (under DC’s specific trade secrets laws), the claims are extended to all defendants, which again raises serious First Amendment issues. Donald Trump Jr. may be a jerk, but it’s not a violation of trade secrets if someone handed him secret DNC docs and he tweeted them or emailed them around.

There are also claims under Virginia’s version of the CFAA. The claims against the Russians may make sense, but the complaint also makes claims against everyone else by claiming they “knowingly aided, abetted, encouraged, induced, instigated, contributed to and assisted Russia.” Those seem like fairly extreme claims for many of the defendants, and again feel like the DNC very, very broadly interpreting a law to go way beyond what it should cover.

As noted above, there are some potentially legit claims in here around Russia hacking into the DNC’s network (though, again, it’s a useless defendant). But some of these other claims seem like incredible stretches, twisting laws like the DMCA for ridiculous purposes. And the trade secret claims against the non-Russians is highly suspect and almost certainly not a reasonable interpretation of the law under the First Amendment.

Permalink | Comments | Email This Story

Techdirt.