class: center, middle, inverse, title-slide # Dirty Wars ## Exporting Repression ### Jack McDonald ### 2020-03-15 --- class: inverse # Lecture Outline .pull-left[ - Technologies of Repression - The State/Platform/Copyright Nexus of Repression - Technology Will Save Us… Right? - _Exporting Repression_ - Digital Repression: What Is To Be Done? ] .pull-right[ Lecture Outline - State Responses to Digital Technologies - The Digital Surveillance Market - Exporting Technology and Practice - Digital Repression and International Politics ] ??? This lecture will cover the international trade in digital surveillance technology, particularly the kind of stuff that can track (now somewhat ubiquitous) mobile phones, or access communications between activists. In particular, we’ll be looking at how and why states help other states out with surveillance technology. There are a couple of narratives at work. One is that China wants to make the world “safe for authoritarianism” and the other is that digital surveillance technology appears to be a growth export market for companies based in liberal democracies. One of the key fears is that authoritarian states armed with this kind of surveillance technology might ultimately check the social movements that challenge them. We will be looking at recent controversies in this area, and fundamentally asking how and why liberal democracies can justify the export of technologies to authoritarian and non-democratic regimes. We will be looking at export controls on arms and other kinds of restricted technologies involved in political repression to ask how and why digital surveillance technologies might fit. Discussion Questions: Why do liberal democracies permit the export of surveillance technologies to authoritarian states? Can you reconcile your opinion about the regulation of surveillance technology with your answer to last week’s second discussion question? Readings: Bohnenberger, Fabian. “The Proliferation of Cyber-Surveillance Technologies: Challenges and Prospects for Strengthened Export Controls.” Strategic Trade Review 4 (2017): 81–102. Parsons, Christopher, Adam Molnar, Jakub Dalek, Jeffrey Knockel, Miles Kenyon, Bennett Haselton, Cynthia Khoo, and Ronald Deibert. “The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry,” Citizenlab, (2019). Read chapters 1, 2 & 6 --- class: inverse # Part 1: How Have States Responded? ??? - Last week: Digital ICTs and two key challenges - E2E encryption, mass communication - States always adapt, those that fail to adapt, often fail - State responses to social movements and security threats rely upon traditional state means of control - legal authority and potential for coercive force - State responses demonstrate a key vulnerability of digital comms tech - reliance upon corporate-owned infrastructure - We cannot understand the dynamics of authoritarian use of digital tech without reference to global tech economy --- # Digital Communications as a Tool of Control .pull-left[  ] .pull-right[ .medium[ > As more and more countries have seen the internet being used to organize for political change, however, internet blackouts have become increasingly common, a go-to tool for controlling unrest and stifling criticism of the government. Nor is the tactic limited to authoritarian states: the worst offender by far is India, the world's biggest democracy. James Griffiths, _Internet shutdowns used to be rare. They're increasingly becoming the norm in much of the world_ ] ] ??? - We can observe state reponses - one of them is to shut down or reduce access to internet/www - Control over media networks is a traditional element of authoritarian playbook - Difference of digital tech - sophistication of filtering technologies, ability to control gross volume of tech, or central on/off switch - My view: we will see more of this in future, obviously same issues are tightly controlled in liberal democracies - As mentioned previously - this is a continuum of responses - lib democs want to achieve some effects on this continuum within the law --- # Astroturfing .pull-left[ One response to social mobilisation using social media networks is to attack the utility of the network itself through "sock puppet" accounts - Harassment - Disinformation - Reduction of trust - Generation of false social organisations ] .pull-right[  ] ??? - Another observable response is the use of sock puppets/Astroturfing - Old joke: on the internet no-one knows you're a dog/new joke: no-one knows you're real - This leverages traditional state strengths - money plus people - Important to note individual and systemic consequences - Be careful about "disinformation" - are you assuming that there is one truth? Who should determine what truth is, or is not? --- # Re-Identification .pull-left[  ] .pull-right[ > We study 3 months of credit card records for 1.1 million people and show that four spatiotemporal points are enough to uniquely reidentify 90% of individuals Yves-Alexandre de Montjoye et al., _Unique in the shopping mall_ We now live in societies where the collection of large volumes of data and metadata is a fact of life ] ??? - Some responses less identifiable, for example, re-ID - Basic tradeoff is data utility versus privacy (re-ID) - Growth of anonymising tech exists in world where re-ID becoming trivial - It is very hard for an individual to prevent re-ID, almost impossible for a social movement - Besides, can a social movement stay anonymous and achieve its political goals? --- # Dependencies .pull-left[ > When you pay cash, there is no middleman; you pay, you receive goods or services — end of story. When a middleman becomes part of the transaction, that middleman often gets to learn about the transaction — and under our weak privacy laws, has a lot of leeway to use that information as it sees fit. Jay Stanley, _Say No to the “Cashless Future”_ ] .pull-right[ .picblock[  ] .medium[ > The paradox of cryptocurrency is that its associated data create a forensic trail that can suddenly make your entire financial history public information. John Bohannon, _Why criminals can't hide behind Bitcoin_ ] ] ??? - States are able to leverage the fact that D ICTs rely upon corporately owned infrastructure - The long tail of data enables control over time - This is why some people are worried about cashless society - Anonymous markets rely upon crypto currencies that rely upon permanently stored transaction chains - Anonymous markets like Silk Road amenable to state action (RE-ID and arrest of Ross Ulbricht) --- # Preserving Rights of Access .pull-left[  ] -- .pull-right[  ] ??? - Fundamentally, traditional state tools - law and coercive power - enable them to limit the scope of anonymity - TOR and https might limit this, but states create legal requirements on storage of user data to help them track individual users in the context of criminal cases - Another key tool, VPNs, amenable to state control - states can block VPNs - This points to a future of a fractured internet, but one in which individual states can exert authority over those within their borders --- # Hostile Access and Astroturfing .pull-left[  ] .pull-right[ States spend money on means of hostile access, but not all states have the capability to build and maintain institutions like NSA and GCHQ "Zero day" exploits are expensive To understand digital repression, we need to look at wider context: the global market for digital surveillance products. ] ??? - Lastly, hostile access - states breaking into your stuff - Important to differentiate between custom and generic forms of hostile access - With enough time and resources, you are done (NSA illustration on the left) - But key point - states don't have to use gucci options most of the time - Next lecture section looks at the market in digital surveillance technologies --- class: inverse # Part 2: The Digital Surveillance Market ??? - Reflection on course: population control - We looked at how population control was a key theme in dirty wars - We should consider how digital tech enables population control - State use of digital tech for repression exists in the context of a market for surveillance products - This is everything from breaking password protected devices, to spyware apps installed on phones --- # Surveillance Products > XCP and MediaMax presented unique marketing challenges for Sony BMG. Since fully-informed customers were unlikely to pay full price for what they would view as an inferior product, Sony BMG faced a choice. It could either develop a product that included DRM but was nonetheless attractive to consumers-most likely by significantly reducing retail prices--or it could obfuscate the nature of the product it sold and prevent its customers from excising the unwanted DRM post-purchase. All evidence suggests that Sony BMG adopted the latter approach. Deirdre K. Mulligan & Aaron K. Penanowski, _The Magnificence of the Distaster: Reconstructing the Sony BMG Rootkit Incident_ ??? - Key point: corporate surveillance is often indistinguishable from state surveillance at a tech level - EG Rootkits - software that enables a third party access to your computer without consent or knowledge - A good controversy of this in the civilian world was corporate responses to filesharing - Sony produced CDs that would install rootkits on users' computers to prevent them from copying the music - This introduces vulnerabilities - as we discussed in encryption lecture last week --- # Spyware .pull-left[ > "Malware" is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al. Robert Moir, _Defining Malware_ ] .pull-right[ Spyware is a form of malware that gathers information without a user's knowledge and transfers it to a third party. There are many reasons for using malware ] ??? - Spyware is a common form of malware used for surveillance - Reliance upon digital devices means susceptibility to malware use - Malware is distinguishable from corporate systems monitoring by consent and knowledge of the user - However many apps in commercial world are, for all intents and purposes, data harvesters, and considered Malware by some https://docs.microsoft.com/en-us/previous-versions/tn-archive/dd632948(v=technet.10)?redirectedfrom=MSDN --- # Stalkerware .pull-left[ .medium[ > Though often, and shamelessly, advertised as a tool for parents to track the activity of their children, these apps are commonly used against survivors of domestic abuse. > It serves as no surprise. Stalkerware coils around a victim’s digital life, giving abusive partners what they crave: control. David Ruiz, _Helping survivors of domestic abuse: What to do when you find stalkerware_ ] ] .pull-right[  ] ??? - The need to monitor other digital devices exists in many contexts - At a device level, the monitoring of your kid's phone is no different to monitoring a spouse's phone, no diff to intelligence agencies monitoring phone for intel collection - Relating back to last week's lecture - hollowing of policy options - I'd ban stalkerware, but parents might resist - Also, we can see how platforms transcend context - e.g. Absher app in Saudi Arabia that monitors KSA's Guardianship laws --- # Designed Values .pull-left[ Remember this? > The instruments which serve authority best are those which expend the smallest amount of energy possible to produce the effects of control or domination. Olivier Razac, _Barbed Wire: A Political History_ ] -- .pull-right[ A new way of controlling the land, designed to make more efficient use of it, transformed the relations not only between humans and animals but also between different human groups — distinguished by their different access to the new technologies of control over space. Reviel Netz, _Barbed Wire_ ] ??? - This brings us back to population control - All states now exist in a world where there is an open market for surveillance tech and malware - This is very different from optimistic visions for internet/WWW - But perhaps it is a better reflection of what human beings are like? - Digital ICTs now enable new forms of observation and control, with obvious impacts for population control --- class: inverse # Part 3: Exporting Technology and Practice ??? - So we have to corporate context, but how are states operating in this context? - Leads back to points we came across in first term - state aid for repression in other countries - In this session we will cover the export of technologies and practice for political repression - This is going to be increasingly important - digital tech is well positioned for export as a form of infrastructure - Just as AWS can be dragged and dropped across the planet, so can filtering capabilities, etc, but this is imperfect - also need expertise --- # Exporting Repressive Capabilities .pull-left[ We have encountered this in our course so far, e.g.: - US aid to South American governments with interrogation techniques - US assistance in Vietnam ] .pull-right[ What does it mean to "export repression"? - Imposing domestic political repression upon groups abroad - Enabling political repression in other states - Providing capabilities, training, and other forms of assistance ] ??? - Inter-state dimension of political repression is important - For example, understanding Operation Condor and relations between LA states and USA during dirty war and other similar campaigns is as important as relations between revolutionary/terrorist groups - Key point: states learn from each other, often transmit capabilities via technical assistance and training - Often key controversies in liberal democracies - e.g. School of Americas in US taught COIN techniques to repressive states --- # Information, Advice & Assistance .pull-left[  ] .pull-right[ Model of states as information processing entities: some are better at processing than others - Provision of collected/processed information - Training in information processing Practical dimension to repression: it requires tools (and people) - Global markets for tear gas and other crowd-control devices ] ??? - Note, culture, values, law shapes adoption of capabilities, e.g. water cannons in the UK - Key in our context is provision of capabilities that enable data processing and data access - These are sustained by global markets for equipment and people - These are state-supported - unlikely that such markets would persist without state support for industry, or state customers for products - That said, also strategic, keeping own defence base alive often requires exports --- # Expertise > Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy. > She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Christopher Bing and Joel Schectman, _Inside the UAE’s Secret Hacking Team of American Mercenaries_ ??? - A key issue is that individuals often acquire expertise in matters related to repression by working for the government - In a free market, these individuals look to get paid for their skills elsewhere - In war studies, we are used to the study of mercenaries and PMCs - key purchasers of military expertise - In context of digital repression, need to consider market for "black hat" technical experts and intelligence officials - This exists in context of global market for information security professionals - hard to regulate --- # Tools & Technologies > The law does not prohibit the sale of surveillance and interception equipment to foreign governments and law-enforcement agencies, the exports are approved by the Defense Exports Control Agency (a unit in the Defense Ministry), and the items in question are used to thwart terrorism and crime. Hagar Shezaf and Jonathan Jacobson, _Revealed: Israel's Cyber-spy Industry Helps World Dictators Hunt Dissidents and Gays_ ??? - Regulation of repressive technology exports has context - regulation of provision of riot control technologies and expertise - Access to digital devices requires tools, and private companies now develop these - Inextricably tied to defence industry and export controls for defence technologies - Here government regulation shapes what can, and cannot, be built and exported - But these companies make money - how to differentiate between mobile apps that harvest data, tracker apps and malware providers is a legal/social question --- class: inverse # Part 4: Digital Repression and International Politics ??? - Key frame for understanding importance of exports is "export of authoritarianism" - This is the idea that states, like China, seek to export technolgies to make the world safe for authoritarianism - Reflect back to IR: soft power and hard power - is this either? - Democratic states have sought to make the world safe for democracy, and tech has helped - e.g. US Office of Naval Research/DARPA involvement in development of TOR - Export of technical means for repression therefore key area of contention in international politics --- # Exporting Authoritarianism Beijing no longer views information technology solely in terms of economic development, but also its value to Chinese foreign policy and strategy. The Xi regime has aggressively pushed Chinese information technology as part of its Belt and Road Initiative (BRI), the strategic investment vehicle China uses to finance major infrastructure projects abroad. Alina Polyakova and Chris Meserole, _Exporting Digital Authoritarianism_ ??? - View in the 1990s was that the arc of history tended towards liberal democracy - In truth, both west and soviets propped up authoritarian states during cold war for geopolitical reasons - Authoritarian states proved capable of navigating the currents of a globalised world - China has both economic and strategic reasons to push BRI - Democracy is hard to push - enabling top-down control perhaps easier --- # Export Controls > Open societies will need to marshal an array of responses in the contest ahead. Democracies will need to slap sanctions on the individuals and groups using new tools for repressive ends, inflict higher costs on technology companies complicit in gross human-rights abuses, invest in countermeasures and harden their own systems against external intrusions. Free governments will also have to differentiate between using new technologies for legitimate purposes (such as traditional law enforcement) and using them to solidify single-party control, curtail basic rights and meddle in democracies abroad. Richard Fontaine and Kara Frederick, _The Autocrat's New Tool Kit_ ??? - Key point: Companies in the west have been part of the problem from the outset - Cisco and the great firewall of china - Export of authoritarian tech/capabilities easy to reconcile for an authoritarian state - Strategic, economic, and value divergence in liberal democratic states - Commitment to free trade and international competition - challenges economic structure, and cedes markets to authoritarian competitors - China now equal in sophistication in numerous domains of the ICT industry --- # The Defence Industry/Arms Trade Basic problem in defence planning: - Defence industrial base needs profit to survive - Requires state support to survive - Exports reduce costs to the state, and make companies viable Exports are licensed, and this is a highly political area The UK's defence sector produced £14bn of exports in 2018 ??? - Key point: Strategic/economic value of exports is important to many states - Need exports to sustain domestic industry - Alternative is hugely expensive defence spending - Look to Campaign Against the Arms Trade for examples of political controversies here - Export controls on military tech, vs riot control tech vs intangible capabilities --- # Digital Export Controls  .medium[ > Some of these companies lead the world in cutting-edge technology development, particularly in the AI and surveillance sectors. But this technology development is focused on servicing authoritarian needs, and as these companies go global (an expansion often funded by PRC loans and aid) this technology is going global as well. This alone should give Western policymakers pause. Danielle Cave, Fergus Ryan & Vicky Xiuzhong Xu, _Mapping more of China's tech giants: AI and surveillance_] ??? - Competition in digital technologies is a huge strategic issue - Technologies underlying many surveillance use-cases require data - This is different from an arms race/traditional competition - Worry is that if CN companies get a market edge, they will develop an incomparable lead - Huge geostrategic problem - note lack of EU tech companies - how will those develop? - Ultimately, my view is that UK etc shouldn't compete in malware/stalkerware, but what about surveillance infrastructure? --- class: inverse # Part 5: Conclusions and Connections ??? --- # Key Issues States have responded to the challenges related to digital technologies in a variety of ways Digital technologies have enabled key problems for democratic states seeking to preserve liberal values Many digital surveillance technologies are inherently "dual use" - the challenge lies in regulating the design and use of underlying technologies The export market for surveillance-related technology is a problem for democratic states ??? - Summing up lecture - Digital tech changing both social mobilisation and forms of social control - Tech used for repression hard to separate from tech used for good - State competition in "exporting authoritarianism" - what can liberal states offer to compete? - Outcome is open, but note the idea of infrastructure lock in --- # Key Questions Should liberal democratic states treat spyware like weapons? If so, how should we regulate apps that parents use to keep tabs on kids? What tools do liberal states have to challenge the export of authoritarian technologies? Is it ever possible to benefit from some of the projected good uses of "smart" technologies without introducing a systemic risk of their being repurposed for social control? ???