SOCIALISM IS THE ANSWER FOR SAVING DEMOCRACY FROM CAPITALISM

Note: If you find my posts too long or too dense to read on occasion, please just read the bolded portions. They present the key points I’m making and the most important information I’m sharing.

Bob Kuttner has written a powerful and poignant article raising the question of whether capitalism is compatible with democracy – or at least a version of democracy that lives up to the American ideals of equal opportunity and government of, by, and for the people. [1] The New Deal of the late 1930s and 1940s created a form of government-regulated capitalism that for 40 years (until 1980) produced a thriving working and middle class, as well as an economy where income and wealth inequality were stabilized, if not narrowed. However, in the last 40 years, the U.S. economy has evolved into a new form of hyper-capitalism (some call it vulture capitalism) that has destroyed the ability of many workers to thrive. (See my previous post for more detail.)

This post presents Kuttner’s thoughts on where we need to go from here to restore our democracy and create more equitable economic and political systems. It’s a bit long, so just read the bolded parts if it’s too much, but do read Kuttner’s conclusions at the end.

Kuttner writes that we need to reverse the deregulation and privatization of important public services and public goods. Health insurance is one example:

Deregulation allowed the transformation of health insurance from non-profit Blue Cross Blue Shield programs into for-profit insurance corporations. This is a key reason the U.S. health care system is the most expensive in the world with some of the worst outcomes.
Private insurers have been allowed to provide Medicare coverage. This has resulted in increased costs and a bewildering array of choices that often confuse and manipulate seniors. This privatization of Medicare ultimately makes health care more complex, confusing, and costly for seniors, thereby undermining confidence in Medicare and our government.

The overall result of this deregulation and privatization is that health insurance plans are so complex that it takes hundreds of pages to explain their benefits and limitations; no consumer fully understands what they are getting or can shop intelligently among plans.

Other examples of harmful deregulation and privatization include:

Drug companies that are allowed to charged exorbitant, unregulated prices in the U.S. that are almost always much higher than in Canada and other countries.
Deregulation of the airlines that allows fares and fees to fluctuate widely. It is also the reason it costs so much more to fly to closer but less frequent destinations than for longer trips to bigger cities.
Privatization of housing subsidies has resulted in the grafting of some incremental public objectives onto a capitalistic, for-profit system run by landlords, developers, and financiers. The results have been both totally inadequate and dramatically inefficient.

Weak regulation has allowed private sector capitalists to aggressively promote products that have caused serious harm to public health, often while lying about their ill effects. Examples include cigarettes and other tobacco products, oxycontin (the prescription, addictive opioid), and fossil fuels and other products that have polluted our air and water. The promotion of fossil fuels, of course, has far-reaching effects that go well beyond public health.

In summary, the privatization and deregulation promoted by capitalists are not improvements or solutions to problems, they are problems. They have provided windfall profits to private investors as evidenced by unprecedented and growing economic inequality. Meanwhile consumers pay added costs and get degraded services, while the values and principles our democracy was founded on are debased. Successful privatization requires strong, effective public oversight to ensure that public goals and values are met, but this rarely happens. Important public goods, such as water and sewer systems, roads and bridges, parking on public property, etc. should not be privatized – as they have been – without strong regulation and reasonable provisions for terminating the privatization contract if goals are not achieved.

Attempts to remedy or ameliorate the problems of capitalism with incremental reforms or weak regulations (some have even argued for self-regulation by private companies) are not only ineffective, they also make service systems, government programs, and even markets for consumer goods convoluted, complex, confusing, and unfair. They create enormous, expensive, administrative bureaucracies that attempt to implement regulations or remedies. The resulting complexities benefit the capitalists and not workers or consumers. Perhaps the classic example of complexity that benefits wealthy individuals and corporations is our tax code. The exemptions, deductions, special provisions, and other loopholes benefit the capitalists to such an extent that average workers and middle-class households are paying a much higher portion of their incomes in taxes than the wealthy.

Delivery of services by the public sector, i.e., government, is not only fairer and more compassionate than delivery by the private sector, it is also more efficient, effective, and streamlined. The profit motive adds costs (i.e., profits, advertising, and administrative overhead) and incentivizes cost-cutting through denying services and cutting corners on quality. The private sector has no incentive to treat customers equitably; its only goal is to maximize profits.

Kuttner notes that “the history of the past century proves again and again, when market forces [i.e., capitalism] overwhelm the security and livelihood of working people, they are far more likely to turn to ultra-nationalism and fascism” than to collective action through democratic advocacy or labor unions. (page 11) This is particularly likely if there are demagogic “leaders” or “information” sources pushing them in that direction. The result typically is a rise in racism and xenophobia, as well as plutocratic control of the economy and policy making by wealthy individuals and corporations through the politicians they buy with campaign spending or otherwise.

Kuttner writes that “The signal disgrace of our era is the ease with which the corporate center-right has gone along with Trump and the Republican efforts to destroy what remains of democracy.” (page 14) He also notes that since 1980 “much of the Democratic Party has been so compromised and bedded down with Wall Street that displaced middle- and working-class people are skeptical that Democrats and liberal remedies can make much of a difference in their lives.” (page 13)

To ameliorate the economic hardship and insecurity of working Americans, Kuttner recommends providing public supports for workers and families, while resisting and reversing privatization and deregulation. Public supports should include paid family leave, cash support for families with children, subsidies for child care, easier access to good health insurance, regulation of drug prices, and free tuition at community colleges – all parts of the original Build Back Better bill proposed by President Biden and most Democrats in Congress.

Republicans will try to brand these programs as socialism and they do have a socialistic flavor when compared to our current, very individualistic, hyper-capitalism. However, they are immensely popular with the U.S. public and exist in all other wealthy countries. Moreover, socialism doesn’t elicit the negative reaction that it used to; 70% of millennials (i.e., people born between 1980 and 1995 who are 26 to 40 years old now) have a positive view of socialism. While Republicans will try to conflate socialism with communism, keep in mind that in communism the government owns all property and businesses. Not even the most aggressive policy proposals of Senator Sanders (a socialist) take any step in that direction. Also keep in mind that the branding of public policies as socialism was used by white supremacists in the post-Civil War years as their rationale for keeping Blacks from voting. Therefore, calling Democrats’ proposals socialism has racist undertones. (See this previous post for more detail.)

To reverse the scourge that the current version of hyper-capitalism has clearly become, we need to assert strong public control of our economy. Strong oversight and regulation of employers to protect workers and of companies to protect consumers are essential.

Promotion of the public good as the primary goal of government will drive workplaces and the economy to be fairer and more efficient, and to treat people with decency and respect. Think about how different our health care system would be if the public good was foremost instead of maximizing profits. Think about how different our financial system would be if we had public banks (as North Dakota does) and basic banking functions through the post office (as we once did). Think about having public broadband Internet service, which Chattanooga and Europe have, that is cheaper and higher speed than what most of us get in the U.S. Think about patent-free drugs that aren’t controlled and priced by monopolies. Think about the original Health Maintenance Organizations (HMOs) of the early 1970s that were cooperatively owned and run. Think about Medicare for all, especially without the distortions of the private insurers who’ve been allowed to offer complicating alternatives to Medicare. Think about savings and loan banks and health and other insurance companies that were non-profit, mutually-owned (by customers), and prevalent up until the 1970s. Think about publicly-owned, high-quality, mixed-income housing that is a major part of the housing market in Vienna, Austria.

Kuttner concludes that “Saving democracy, the planet, and decent lives for regular people requires moving beyond capitalism. To be an effective liberal today, you need to be a socialist.” (page 2) He states, “I’ve come around to this view gradually, not because my values have changed but because reality has changed.” (page 4)

He notes that our history has shown that the social democracy [2] of the New Deal did not stand up to the test of time. It deteriorated into a capitalistic welfare system with a supposed safety net that was politically vulnerable and, therefore, eroded over time. This produced today’s grossly inequitable U.S. economy where many workers and their families simply cannot survive on the compensation they are given.

Therefore, he concludes that the U.S. must move to democratic socialism [3] where there is substantial public or social control or ownership of important functions in our society that serve the public and the public good. This is necessary to dethrone capitalism as the dominant system of our society. Otherwise, as we’ve experienced, capitalism in a democracy will evolve into hyper-capitalism that serves wealthy individuals and corporations but leaves everyone else behind.

[1] Kuttner, R., 12/1/21, “Capitalism vs. liberty,” The American Prospect (https://prospect.org/politics/capitalism-vs-liberty/)

[2] Social democracy is a system of government that attempts to assert values to similar socialism, but within a capitalist framework. The people have a say in government, but the capitalistic, money-based, competitive economy means that a public safety net is needed to help people whose low-paying jobs do not support subsistence.

[3] Democratic socialism is defined as having a socialist economy in which the means of production are socially and collectively owned or controlled, alongside a liberal democratic political system of government.

IS CAPITALISM COMPATIBLE WITH DEMOCRACY?

In the post-Depression and post-World War II era, the New Deal created a fundamental shift in ideology and power in American society and in our economy from laissez-faire capitalism to regulated and managed New Deal capitalism. It was based on a strong social contract that gave substantial power to government to regulate private companies and manage the economy. It gave substantial power to workers through collective bargaining over pay, benefits, and working conditions via their unions.

The results were a thriving working and middle class, where the rising tide of the economy did indeed lift all boats. Income and wealth inequality were stabilized, if not narrowed.

The era of New Deal capitalism lasted for 40 years until 1980. However, in the last 40 years, Kuttner argues, we’ve not just moved back toward the laissez-faire capitalism of pre-Depression days, but gone beyond it to a new form of hyper-capitalism that some call vulture capitalism. It has destroyed the ability of many workers to thrive by driving down wages, employment security, and benefits (including reducing retirement benefits and paid sick time). It has destroyed the ability of many working parents to provide their children with a safe, secure, and healthy childhood due to unaffordable and inaccessible child care, a lack of paid family and medical leave, unstable work hours, and poverty-level wages.

The life, liberty, and pursuit of happiness promised by the Declaration of Independence are a myth to many workers. They are unable to pursue any meaningful happiness for themselves due to their economic insecurity and low incomes, let alone provide happiness for their families. Any true feelings of liberty are constrained by their lack of the economic resources required to have meaningful freedom in making choices in our capitalist system. And life, literally in some cases, is at risk. Workers are getting injured, disabled, and killed in meat packing plants and other dangerous jobs, even without Covid. Sweatshop working conditions of the 1920s have returned in places like the meat packing industry and Amazon warehouses. When people have health problems or suffer injuries, many of them are bankrupted, and some die, because of our capitalistic health care system.

Deregulation at home and in global trade have produced giant corporations that often have monopolistic power nationally or regionally. These companies have the power as huge employers to strip workers of pay, benefits, and even their jobs, typically by moving jobs overseas (or threatening to do so). Similarly, consumers have limited choices and get reduced value in many important areas from health care to Internet service because of the monopolistic power of providers. These giant, monopolistic companies, particularly in technology-driven markets, have also stripped our economy of many small businesses and entrepreneurs through predatory acquisitions or market place practices that stifle competition.

Deregulation of financial practices has also fed these trends through venture capital, private equity, and hedge fund profiteers that aggressively minimize labor costs, strip companies of assets, and often drive companies into bankruptcy while they pocket huge profits. These vulture capitalists, as they have been called, are at the leading edge of the predatory, hyper-capitalism that Kuttner identifies as taking the laissez-faire capitalism of the early 1900s to a whole, new level of greed and economic inequality.

Kuttner states that rather than the theoretical “invisible hand” of capitalism creating efficient markets that work smoothly and produce high quality goods and services at competitive prices for consumers, the current U.S. version of capitalism creates inefficiency and market failure as its norm. It is efficient only from the perspective of profit and wealth maximization for large, wealthy companies and shareholders, including corporate executives.

Nonetheless, the capitalist market mentality is so deeply embedded in our collective psyche that we have allowed capitalistic values and market norms to overrule other norms and values, such as the importance of the public good, providing access to affordable health care, reducing child poverty, and addressing climate change.

Moreover, the incredible wealth of the giant companies and their shareholders has given them substantial power in our political system. Through their campaign spending, extensive lobbying of public officials, and the movement of senior company employees into and back from policy making positions in government (the revolving door), they have gotten public policies and regulation (or lack thereof) that work to their benefit.

We have seen the result of this political power in recent weeks in the opposition of many members of Congress (i.e., almost every Republican and a handful of Democrats) to the Build Back Better legislation that would support workers and their families in ways that are favored by over two-thirds of the country’s voters – for example, through paid family leave, support for families with children and for child care, and enhanced access and affordability for health care and drugs. Members of Congress have been weakening, undermining, and outright opposing these policies that their constituents overwhelmingly support. Congress is also opposing investments in human capital and in slowing climate change that have broad support among the public.

The Build Back Better opponents in Congress are reflecting the wishes of their wealthy campaign donors, not their constituents. This is emblematic of the power and influence of wealthy capitalists and a direct outgrowth of the hyper-capitalism of the last 40 years.

As a result of this hyper-capitalism in the U.S., many workers have had their economic security, their middle-class lifestyle, and their plans for retirement stripped from them. The frustrations of these workers, their feelings of helplessness and hopelessness, are what has led to the appeal of Senator Bernie Sanders and Donald Trump – both of whom promised to upset the current political system and restore economic security for workers.

In my next post, I will review Kuttner’s thoughts on where we need to go from here to restore our democracy and have fairer, more equitable economic and political systems.

[1] Kuttner, R., 12/1/21, “Capitalism vs. liberty,” The American Prospect (https://prospect.org/politics/capitalism-vs-liberty/)

STOPPING CYBERCRIME AND CIVILIAN HARM FROM CYBERWARFARE

This is the final post of my nine-part series on computer hacking and cyberwarfare based on New York Times cybersecurity reporter Nicole Perlroth’s outstanding book, This Is How They Tell Me the World Ends. [1] These posts have summarized the book’s information on the scale of computer hacking, cybercrime, and cyberwarfare; and have shared a number of examples. The previous post provided an overview of steps that can be taken to counter cybercrime at the personal, organizational, and governmental levels. This post discusses steps that are being taken to counter ransomware and to stop cyberwarfare from harming civilians.

The Biden Administration is working to reduce the frequency and profitability of ransomware attacks. It is disrupting the infrastructure ransomware hackers use to collect their ransom. It has put sanctions on cryptocurrency exchanges that are frequently used for ransomware payments and warned U.S. companies not to pay ransomware. In June, it was able to recover over half of the $4.4 million in cryptocurrency that Colonial Pipeline had paid to its ransomware attacker. [2] The U.S. Department of Justice (DOJ) reports that ransomware attacks have cost the U.S. almost $600 million in the first six months of 2021.

In November, the DOJ announced that a Ukrainian hacker had been arrested and charged in connection with a group of ransomware attacks. It also announced the recovery of $6.1 million from ransomware attacks by a Russian who was charged separately and is listed as wanted by law enforcement. In December, the head of the U.S. Cyber Command and the Director of the National Security Agency announced that the military had taken offensive actions against ransomware attackers who had targeted critical infrastructure. [3] These actions represent the strongest U.S. government response to ransomware attacks to-date and reflect a marshalling of resources across multiple agencies. European law enforcement officials also announced that seven ransomware hackers have been arrested in Europe since February. [4] Recently, a multi-national effort succeeded in shutting down, at least temporarily, a major Russian ransomware entity. In October, the Biden Administration convened over 30 countries to develop plans to combat ransomware attacks around the globe. [5]

Back in April, the Biden Administration announced tough sanctions on Russia for previous cyberattacks and, in June, President Biden warned Russian President Putin that future Russian cyberattacks would be grounds for additional retaliation.

Three former U.S. cyber intelligence agency employees, who had been hired by the United Arab Emirates (UAE) to conduct cyberespionage, pleaded guilty in September to cyber hacking and violating export laws by transferring military cyber technology to a foreign government. The DOJ is deferring criminal prosecutions of them if they pay hundreds of thousands of dollars in fines and abide by the terms of a three-year settlement agreement. They are also prohibited from ever receiving a U.S. security clearance. [6] Numerous former U.S. cyber intelligence employees have been lured to work for private companies and foreign governments to do cybersecurity or cyberespionage. Many do legitimate cybersecurity work but more than a few have done illegal or at least unethical work for their new employers.

In October, Biden’s Commerce Department announced a rule that limits the export and sale of hacking software to authoritarian and repressive governments. This effort is difficult for many reasons, in part because it needs to avoid inhibiting cybersecurity collaboration among countries and among companies located in different countries. Furthermore, some private companies and some other countries don’t share this goal of keeping hacking tools out of the hands of such governments. For example, the Israeli company NSO Group (with suspected but unproven connections to the Israeli government) sells spyware that can be hacked onto an individual’s phone, allowing the hacker to track the person’s location and monitor their communications. Governments and others have used it to track dissidents, activists, lawyers, politicians, and journalists. Saudi Arabia used it to track associates of Jamal Khashoggi, the journalist that it murdered. Most recently, it was identified as being used to spy on Palestinians. [7]

For 25 years, the U.S. and 42 other countries have blocked the sale of weapons and military technology to authoritarian and repressive governments. The Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, originally signed in 1996, sets voluntary export controls on a list of weaponry. The list of controlled products is updated every December and cyber hacking and surveillance products were added to the list in 2013. However, the U.S. did not adopt controls on these products until now. This new Commerce Department rule will allow the U.S. to coordinate efforts to control the export of hacking tools with the 42 other countries that are part of the Wassenaar Agreement. [8]

Also on the international front, there have been calls for a treaty banning cyberwarfare from targeting civilians and civilian infrastructure, similar to the Geneva Convention for traditional warfare. Brad Smith, Microsoft’s president, called for such a treaty in 2017 after vulnerabilities in Microsoft software had been the vehicle for Russia’s devastating cyberattack on Ukraine’s civilian infrastructure and for North Korea’s worldwide ransomware attacks. Noting that the 1949 Geneva Convention protects civilians during traditional warfare, he called for a new convention to protect civilians from cyberwarfare – from attacks on hospitals, electric power grids, elections, and the intellectual property of private parties. Previously, after the 2010 U.S. attack on Iran’s uranium enrichment facility, European, Russian, and some U.S. officials had also called for such a treaty.

However, the U.S. has not pursued such a treaty, at least in part because it has been the world’s dominant cyber superpower. Nonetheless, U.S. businesses and civilians, as the most Internet-dependent ones in the world, are bearing the brunt of escalating cybercrime and cyberwarfare. Furthermore, the U.S. has continued to engage in its own cyberwarfare, including building its capacity to attack civilian infrastructure such as the Russian electric power grid.

I urge you to contact President Biden and thank him for his efforts to stop ransomware attacks and to keep cyber hacking tools out of the hands of authoritarian and repressive governments. Ask him to continue this work and to do more to protect civilians from cyberwarfare. You can email President Biden at http://www.whitehouse.gov/contact/submit-questions-and-comments or you can call the White House comment line at 202-456-1111 or the switchboard at 202-456-1414.

I also urge you to let your U.S. Representative and Senators know that you support strong steps to reduce ransomware attacks and the potential harm to civilians from cyberwarfare. You can find contact information for your U.S. Representative at http://www.house.gov/representatives/find/ and for your U.S. Senators at http://www.senate.gov/general/contact_information/senators_cfm.cfm.

[1] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021.

[2] Perlroth, N., 10/25/21, “A rare win for the good guys in cat-and-mouse game of ransomware,” The Boston Globe from the New York Times

[3] Barnes, J. E., 12/6/21, “US military has acted against ransomware groups, NSA chief says,” The Boston Globe from the New York Times

[4] Tucker, E., & Suderman, A., 11/9/21, “US charges 2 suspected ransomware operators,” The Boston Globe from the Associated Press

[5] McLaughlin, J., 10/13/21, “White House brings together 30 nations to combat ransomware,” National Public Radio (https://www.npr.org/2021/10/13/1045248842/white-house-brings-together-30-nations-to-combat-ransomware)

[6] Mazzetti, M., & Goldman, A., 9/15/21, “Former intelligence officers admit crimes,” The Boston Globe from the New York Times

[7] Kingsley, P., & Bergman, R., 11/9/21, “Spyware aimed at activists, group says,” The Boston Globe from the New York Times

[8] Nakashima, E., 10/21/21, “US aims to limit sale of hack tools to dictators,” The Boston Globe from the Washington Post

STOPPING CYBERCRIME AT THE PERSONAL, ORGANIZATIONAL, AND GOVERNMENTAL LEVELS

This is the first of my final two posts (out of nine total) on computer hacking and cyberwarfare. These two posts discuss steps that can be taken to counter cybercrime at the personal, organizational, and governmental levels, as well as efforts to stop cyberwarfare from harming civilians. This series of posts presents my overview of New York Times cybersecurity reporter Nicole Perlroth’s outstanding book, This Is How They Tell Me the World Ends. [1] These posts have summarized the book’s information on the scale of computer hacking, cybercrime, and cyberwarfare; shared a number of examples; and the previous post provided an overview of Russia’s continuing attacks on the U.S., including on the 2018 and 2020 elections.

It is clear today that passwords, antivirus software, and firewalls will not protect a computer from reasonably sophisticated cyber hacking. With entities willing to pay over a million dollars for a vulnerability in a widespread piece of basic software, such as Microsoft Windows, Apple operating systems, Adobe, Java, and countless others, cybersecurity needs to be designed into these basic pieces of software and to have many layers of protection. Traditionally, basic software has only been tested to make sure it works, not to identify and eliminate vulnerabilities that hackers could use. This needs to change. When complex software is everywhere, even in cars, software vulnerabilities are ubiquitous and our whole mindset about cybersecurity must change to include preventing vulnerabilities, as well as protecting computers when they are attacked.

Individuals and businesses should assume that passwords alone are no longer effective protection from serious hackers because passwords are likely to have been stolen in one of the hacks of a large customer database or some other way. Two-factor or multi-factor authorization (2FA or MFA) is the best basic defense against cyber hacking and cybercrime. This is the process where when one logs into a system, a one-time code is sent by phone text or email that has to be entered to gain access. Turn on 2FA wherever it’s available and for any function where security is important, such as banking and financial transactions.

Voting simply cannot be safely conducted on-line according to Perlroth. She notes that as-of the date of her book, there was not a single on-line voting system that hackers had not been able to penetrate – often quite quickly and easily. [2] Voter registration databases and other election support systems need to be rigorously protected and audited to ensure their security.

While the Trump Administration largely ignored cybercrime and civilian harm from cyberwarfare, the Biden Administration has already been aggressive in tackling them. The U.S. Cybersecurity and Infrastructure Security Agency has recently announced that it is working to develop a national cybersecurity strategy. It noted that public-private collaboration will be essential as critical infrastructure must be secured whether it is in private or public hands.

The U.S. needs to establish strong mandates for cybersecurity for public entities and private companies that are part of critical infrastructure. The U.S. lags far behind other countries in doing this. Norway in 2003 and Japan in 2005, for example, implemented national cybersecurity strategies that have made them among the safest countries in the world in terms of cyberattacks. [3]

However, Congress has repeatedly failed to pass legislation that would establish even basic standards for companies operating critical infrastructure such as hospitals, fuel pipelines, the electric power grid, dams, and nuclear power plants. Such standards would, for instance, require operators of critical infrastructure to use up-to-date, well-maintained software; to change passwords regularly; to use two-factor authorization for system access; and to conduct regular, sophisticated tests of their protections against hackers.

The U.S. Chamber of Commerce and other business leaders have argued against even voluntary standards, claiming they are too onerous. Current events are proving that NOT having such standards and NOT having solid cybersecurity in place are far too dangerous and too costly for businesses and customers.

The Biden Administration is urging all companies to enhance their cybersecurity practices, including requiring two-factor authorization for employees to log in to computer systems. [4] It also needs to educate the American public about cybersecurity and about on-line disinformation campaigns; these need to be part of our national consciousness.

Public and private entities should be required to report and make public successful cyberattacks so:

Customers and the public can be appropriately warned and protected,
The entities have an incentive to fix problems and prevent successful future attacks, and
Appropriate law enforcement and national security responses can occur.

On the flip side, when U.S. intelligence agencies become aware of a vulnerability in computer software or hardware, they should be required to inform the product’s vendor and work with it to eliminate the vulnerability.

The private sector is not only stepping up its defensive measures against hacking but also going after hackers directly, rather than leaving this work to law enforcement as has been the practice. Google is suing two Russia-based individuals for using a massive network of hacked computers for a range of criminal activity. It is also working with other private companies to disable the computers used by the hackers. The hacked network has been tracked by law enforcement and cybersecurity experts for years and is estimated to include about a million Microsoft Windows-based computers around the globe. In cleaning up the damage that has been done and the vehicles the hackers used to spread their harmful software, Google has removed from the Internet about 63 million Google Docs, more than 1,000 Google accounts, and over 900 Google Cloud projects. Microsoft has also been active in this direct action, deleting from the Internet websites used by a China-based hacking group. [5]

I urge you to contact President Biden and thank him for his work to improve cybersecurity, including his efforts to create and implement a national cybersecurity plan. Ask him to continue this work and to do more to require private entities operating critical infrastructure to strengthen their cybersecurity. You can email President Biden at http://www.whitehouse.gov/contact/submit-questions-and-comments or you can call the White House comment line at 202-456-1111 or the switchboard at 202-456-1414.

I also urge you to let your U.S. Representative and Senators know that you support strong steps to improve cybersecurity, including requiring private businesses, especially those operating critical infrastructure or large aggregations of consumer data, to take meaningful steps to improve their cybersecurity. You can find contact information for your U.S. Representative at http://www.house.gov/representatives/find/ and for your U.S. Senators at http://www.senate.gov/general/contact_information/senators_cfm.cfm.

My next post will provide an overview of the Biden Administration’s efforts to combat ransomware attacks, address cybersecurity internationally, and protect civilians from harm from cyberwarfare.

[1] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021.

[2] Perlroth, N., 2021, see above, page 397

[3] Perlroth, N., 2021, see above, page 398-399

[4] De Vynck, G., 9/22/21, “Treasury’s fight against hackers targets crypto payments,” The Boston Globe from the Washington Post

[5] De Vynck, G., 12/8/21, “Google sues hackers tied to vast ring of infected devices,” The Boston Globe from the Washington Post

CYBERWARFARE: RUSSIA’S ATTACKS ON THE 2018 AND 2020 ELECTIONS AND THE TRUMP ADMINISTRATION’S RESPONSE

This is my seventh post on computer hacking and cyberwarfare and part of my overview of New York Times cybersecurity reporter Nicole Perlroth’s outstanding book, This Is How They Tell Me the World Ends. [1] My first post summarized the book’s information on the scale of computer hacking, cybercrime, and cyberwarfare; the 2017 North Korean ransomware attack; and the 2009 U.S. National Security Agency (NSA) cyberwarfare attack on Iran. My second post covered the leaks from the NSA, electronic surveillance in the U.S., and the use of encryption to protect privacy. My third post described Russia’s cyberattacks on Ukraine. The fourth and fifth posts described China’s cyberattack on Google and Google’s response. The sixth post described Russia’s cyberattack on the 2016 U.S. election.

This post summarizes Russia’s attacks on the 2018 and 2020 U.S. elections and the responses of the Trump and Biden administrations.

Under the Trump Administration, concern for cyberwarfare and cybercrime seemed absent. For example, the Obama Administration had reached an agreement with China to stop its industrial espionage, however this ended when Trump began his very public trade war with China. Similarly, the Iran nuclear agreement worked to keep Iranian hackers at bay. Trump’s voiding of the nuclear deal resulted in levels of Iranian cyberattacks that were unprecedented. Furthermore, as Trump backed off both sanctions and rhetoric against Russia for its hacking and election interference, Russia continued to hack our election systems and infrastructure, as well as to spread division, distrust, and chaos through social and other media. Even Saudi Arabia, with no sanctions from the Trump Administration for its murder of Washington Post journalist Khashoggi, was emboldened to engage in cyber espionage targeting the U.S. Cybercriminals engaged in ransomware attacks on cities, towns, and other infrastructure with regularity – and with little response from the Trump Administration.

By 2018, Trump had eliminated the position of White House cybersecurity coordinator and had made it clear that he never wanted to hear anyone in his administration, including the director of Homeland Security, mention election interference or election security. As the 2018 elections approached, the Russian social media propaganda agency, the Internet Research Agency (IRA), was engaging in sophisticated election disinformation on social media. In the six months before the elections, it spent at least $10 million on its efforts to influence the U.S. elections and to sow division, distrust, and chaos.

Fortunately, in September 2018, Trump had ceded decision-making for offensive cyberattacks to the new director of the NSA, General Paul Nakasone, who also served as the head of the Pentagon’s Cyber Command. John Bolton, in his brief tenure as Trump’s national security advisor, had developed a new cyber strategy that gave the Cyber Command increased flexibility. So, in October, the Cyber Command posted warnings directly to the IRA’s computers threatening indictments and sanctions if Russia continued to meddle in the 2018 elections. Then, on Election Day, the Cyber Command shut down the Russian hackers’ computer servers and kept them offline for several days as votes were tabulated and certified. No one knows what might have happened if the Cyber Command had not done this, but the 2018 election results were processed without any serious glitches.

“By 2020, the U.S. was in the most precarious position it had ever been in the digital realm,” according to Perlroth. [2] More than 1,000 local governments had been hit with ransomware attacks over the previous year. Russian cybercriminals were getting billions of dollars because local governments and their insurers calculated that it was cheaper to pay the ransom than to have to recreate computer systems and data. Cybersecurity experts worried that the ransomware attacks were a smokescreen to probe municipal computers and develop the capability to disrupt voter and election related systems during the 2020 election. Some of these experts also thought the election hacking and interference in 2016 and 2018 might be trial runs for more extensive efforts planned for the 2020 elections. Apart from the elections, in September 2020, over 400 hospitals were the subject of ransomware attacks, coming, of course, at the worst possible time – in the middle of the pandemic.

In Congress, a number of efforts were made to address concerns about election security, including bills requiring paper trails for every ballot and rigorous post-election audits, banning voting machines from being connected to the Internet, and mandating that campaigns report contacts with foreign entities. These were largely uncontroversial security measures that generally had bipartisan support and were deemed critical by election integrity experts. However, Senator Mitch McConnell, the Republican Majority Leader, refused to let any election security bill move forward toward passage. Only after critics took to calling him “Moscow Mitch” did he relent and begrudgingly allow approval of $250 million to help states protect election infrastructure – a tiny amount of money when split among the 50 states (only $5 million each on average), especially given the seriousness of the threats their election systems were facing.

In early 2020, U.S. intelligence officials warned the White House and Congress that Russian hacking and election interference were working hard at promoting Trump’s re-election. Trump was so incensed that this information had been shared with Democrats that he fired his acting director of national intelligence and publicly dismissed the intelligence findings as misinformation. Beginning in August, Trump’s new head of intelligence refused to provide in-person briefings on election interference to Congress. The U.S. intelligence agencies had always been non-partisan, but the Trump administration increasingly manipulated their actions and statements to serve their political interests. Meanwhile, Microsoft revealed that in one two-week period Russian hackers had attempted to access 6,900 personal email accounts of politicians, campaign workers, and consultants of both parties.

During the 2020 election cycle, the Russians didn’t have to create “fake news” to foster distrust, division, and chaos; Americans, including President Trump, were providing plenty of such content on a daily basis. The Russian trolls simply worked to amplify, among other things, the vaccination debate, the lockdown protests, the misinformation about the benefits of mask wearing, and the blaming of the racial justice protests and any violence that occurred on violent, left-wing radicals.

As the 2020 election approached, the Cyber Command, the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security, the NSA, and the FBI worked diligently to protect election infrastructure in the states and nationally, as well as to actively counterattack. Many of the officials involved figured it was likely that Trump would fire them for their hard work as soon as the election was over, but they persisted in doing their jobs. On Election Day, CISA officials briefed reporters every three hours and, in the end, Election Day came and went with no evidence of fraud, outside efforts to alter vote tallies, or even a ransomware attack.

Perlroth notes that while she would like to credit the work of our cybersecurity agencies for the uneventful Election Day, she feels that the 2020 election went as smoothly as it did, not because the Russians were deterred, but because they (and specifically Russian President Putin) concluded that their work here was done and had been successful. Discord, distrust, and chaos were being created by American actors without the need for Russian interference. If Putin’s goal, in the U.S. elections and otherwise, was to undermine American democracy and American influence in world diplomacy, he had probably succeeded beyond his wildest dreams.

Nonetheless, Russian cyber hacking continues. In 2020, Russia’s premier intelligence agency, SVR was responsible for the cyberattack via the Solar Winds security software, a highly sophisticated attack that affected many government agencies and large companies. It gave the Russians access to tens of thousands of users’ computer systems. (By the way, SVR was also the first hacker to gain access to the Democratic National Committee’s computers in 2016.)

In October 2021, the Russians engaged in another massive campaign to hack into computer networks in the U.S. Microsoft announced that it had notified 600 organizations that they had been targeted by SVR with about 23,000 attempts to illegally access their computer systems in October alone. It noted that the attacks were relatively unsophisticated and were or could have been blocked by basic cybersecurity practices. It also stated that, for comparison, there had been only 20,500 such attempts by all other international governmental actors over the past three years. ^[3]

This Russian cyberattack occurred only six months after President Biden imposed sanctions on Russian financial and technology companies in April 2021 as punishment for previous cyberattacks. At the time, he noted that the sanctions could have been more severe but that he was trying to de-escalate confrontation between the two superpowers.

My next post will review things that can be done to counter cybercrime and warfare at the individual and governmental levels.

[1] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021.

[2] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021. page 347

[3] Sanger, D.E., 10/26/21, “Russia tests US again with broad cybersurveillance,” The Boston Globe from The New York Times