Link

How Russia Polices Yandex

From Vice Motherboard:

This year, the “news aggregator law” came into effect in Russia. It requires websites that publish links to news stories with over one million daily users (Yandex.News has over six million daily users) to be responsible for all the content on their platform, which is an enormous responsibility.

“Our Yandex.News team has been actively working to retain a high quality service for our users following new regulations that impacted our service this past year,” Yandex told Motherboard in a statement, adding that to comply with new regulations, it reduced the number of sources that were aggregated from 7,000 to 1,000 with “official media licenses.”

The predicable result of the Russian government’s new law is that the government can better influence what information is surfaced to Russian citizens: when state news outlets release the same press release, en masse, Yandex1 and other major aggregators with a large number of readers are predominantly exposed to what the government wants them to see. So while Russia may interfere with foreign countries’ political processes by exploiting how social network and aggregator algorithms function (along with out-and-out illegal exfiltration and modification of communications data) they, themselves, are trying to immunize themselves to equivalent kinds of threats by way of the liabilities they place on the same kinds of companies which do business in Russia.

More broadly, the experience in Russia and changes in how Yandex operates should raise a warning flag for caution advocates in the Western world who are calling for social media companies to be (better) regulated, such as by striking down or modifying Section 230 of the Communications Decency Act (CDA). While there are clear dangers associated with these companies operating as contemporary digital sovereigns there are also risks associated with imposing harsh liability systems for publishing other persons’ content.

While such regulations might reduce some foreign interference in political systems it could simultaneously diminish the frequency at which legitimate alternative sources of information which are widely surfaced to the public. It remains unclear just how we should regulate the spread of malicious political messaging2 but, at the same time, it’s critical to ensure that any measures don’t have the detrimental effect of narrowing and diminishing the political conversations in which citizens can participate. It’s the very freedoms to have such conversations that distinguishes free democratic countries from those that are more autocratic.

  1. Sidenote: Yandex is the only website I’ve ever had to block from scraping my professional website because it was functionally acting as a DDoS.
  2. One idea would be to deliberately cut down on how easy it is to spread any and all information. By requiring additional manual effort to share content only the most motivated would share it. Requiring actual humans to share content with other humans, if done in a robust way, might cut down on the ability of bots to automatically propagate content as though ‘real’ people were sharing it.
Quote

This dark concept of total distrust was mostly spread via the Internet because it was what the Internet was built for—sharing ideas. Although the Internet is the most democratic means of communicating, it can be also be misused by governments and other groups.

Does this mean we should accept the concept that the Internet carries more threats than benefits?

The creators of the Internet supported the opposite concept. Unlike Putin, they believed in people and built the global network under the assumption that it would be used for sharing something good. They may look naïve these days, but we have our modern linked-up technological world thanks to their concepts, not Putin’s. These days, we all speak the language of suspicion and threats posed by the Internet. In a way, in means we are speaking Kremlin’s language. Do we really need to?

Link

The Perfect Weapon: How Russian Cyberpower Invaded the U.S.

As the year draws to a close, it now seems possible that there will be multiple investigations of the Russian hacking — the intelligence review Mr. Obama has ordered completed by Jan. 20, the day he leaves office, and one or more congressional inquiries. They will wrestle with, among other things, Mr. Putin’s motive.

Did he seek to mar the brand of American democracy, to forestall anti-Russian activism for both Russians and their neighbors? Or to weaken the next American president, since presumably Mr. Putin had no reason to doubt American forecasts that Mrs. Clinton would win easily? Or was it, as the C.I.A. concluded last month, a deliberate attempt to elect Mr. Trump?

In fact, the Russian hack-and-dox scheme accomplished all three goals.

This is an absolutely brilliant piece of journalism by Harris, Singer, and Shane. It unpacks the publicly available information about the intrusions into the Democratic National Committee’s systems and how information was subsequently mobilized and weaponized. These sorts of attacks will continue to be effective because all it takes is a single failure on the part of defenders, often in the face of hundreds or thousands of discrete attacks. As a result the remediation process is, today, arguably the most important of a cyber-security event because a dedicated and resourced attacker will eventually penetrate even the best secured networking infrastructure. And the Democratic National Committee, and Democratic Party more generally, still lacks a remediation policy months after the attacks.

Link

WikiLeaks Isn’t Whistleblowing

Mass data releases, like the Podesta emails, conflate things that the public has a right to know with things we have no business knowing, with a lot of material in the middle about things we may be curious about and may be of some historical interest, but should not be released in this manner.

All campaigns need to have internal discussions. Taking one campaign manager’s email account and releasing it with zero curation in the last month of an election needs to be treated as what it is: political sabotage, not whistle-blowing.

These hacks also function as a form of censorship. Once, censorship worked by blocking crucial pieces of information. In this era of information overload, censorship works by drowning us in too much undifferentiated information, crippling our ability to focus. These dumps, combined with the news media’s obsession with campaign trivia and gossip, have resulted in whistle-drowning, rather than whistle-blowing: In a sea of so many whistles blowing so loud, we cannot hear a single one.

This is one of the best arguments against the recent activities of Wikileaks. Not because Wikileaks is operating as a front for Russia. Not because the contents of the recent leaks aren’t newsworthy. Not because the public doesn’t find the revelations to be interesting and fun.

No, the core issue with the latest rafts of leaks is that they were not sufficiently currated, with the impact being that obstensibly private information is taken and circulated and mischaracterized. This has the effect of stunting the electoral process while, simultaneously, reconfirming to persons in power that they need to adopt a culture of oral communications and decisions. This is not a governance direction that is in the public’s best interests.

However, it’s important to also situate Wikileaks’ activities in some context. Wikileaks is designed to clog up the machinery of government states and bureaucracies. Part of its mission is to scare organizations with the threat of leaks in an effort to hinder what Julian Assange/Wikileaks regards as harmful or objectional activities. So the leaks associated with the DNC and staff affiliated with Clinton are perfectly aligned with Wikileaks’ raison d’être. In the past such activities may have been regarded are more legitimate – the organization was principally focused on state level activities – but it is now focused on deliberately releasing information at core points in an electoral cycle. Doing so may have affected the unfolding of the election but it’s important to acknowledge that Wikileaks’ intent was not driven by Russia (presuming that was a source of at least some of the leaked information): instead, this was a case where Russian and Wikileaks just happened to have directly overlapping objectives.

Link

Russian Hackers Now Targeting U.S. Think Tanks That Specialize in Russia

Russian Hackers Now Targeting U.S. Think Tanks That Specialize in Russia:

“Any respectable think tank has been hacked,” Lewis told Defense One on Monday. “The Russians just don’t get the idea of independent institutions, so they are looking for secret instructions from Obama. Another benefit is they can go to their bosses and show what they took to prove their worth as spies.”

Any respectable think tank is proud to have such garbage security that the intellectual property it hopes to profit from, to say nothing of political advocacy, is available to unauthorized third parties.

Right….

Link

Turns Out You Can’t Trust Russian Hackers Anymore

Turns Out You Can’t Trust Russian Hackers Anymore :

Navalny denies receiving funding from Soros and says he has had no support from Yandex. Laura Silber, a spokesperson for Open Society, said the foundation has never supported Navalny and that the edited documents posted by Cyber Berkut amounted to a libelous claim.

The Kremlin, Navalny wrote in an email to Foreign Policy, “really likes that type of tactics: posting fake documents among real hacked documents.” The goal, he wrote, is to create a mess for the opposition.

“At the end of the day everyone will understand — documents are fake, but it will be a two-week-long discussion: ‘Is [the] opposition and Navalny in particular using Soros’ money?’,” Navalny wrote.

The Kremlin hates George Soros because Open Society, his marquee philanthropy, focuses on boosting democracy in the former Soviet bloc and elsewhere. Silber says Open Society “supports human rights, democratic practice, and the rule of law in more than 100 countries around the world.”

We can’t fully believe all the documents that are stolen, and then subsequently posted online by Russian-affiliated groups with an agenda of discrediting certain parties?

Shocking.

Russia passes ‘Big Brother’ anti-terror laws

Russia has passed legislation which functionally adopts many of the worst — and largely discredited — surveillance provisions that Europe adopted in the past and is now abandoning. Specifically, Russian telecoms will be required to retain data traffic information for 6 months, as well as assist government agencies decrypt information. The law will also (further) penalize those who support terrorist activities or engage in other types of social disturbances: the problem is that such accusations are increasingly used to target those disliked by the government as opposed to those whom are actually supporting terrorism or the destruction of Russian society.

It will be particularly interesting to see what, if any, effect the EU has on Russia’s new law. Will the law, which flagrantly violates human rights, inhibit Russia’s ability to trade with EU member nations or will the infringement be ignored? Or will the EU be so consumed by the Brexit that it cannot — or will not — turn its attention to one of its largest trading partners?