Aug 5, 2020



Hello, and welcome to this week's edition of Codebook.

This week, we explore the twisty relationship between foreign disinformation and American politics, the way even protective measures against digital surveillance can compromise intelligence officers, the trouble with TikTok, and more.

  • It all has us thinking about legendary CIA spymaster James Jesus Angleton's description of counterintelligence as "the wilderness of mirrors."

Today's newsletter is 1,465 words, a 5.5-minute read.

1 big thing: When U.S. politicians exploit foreign disinformation

Illustration: Aïda Amer/Axios

U.S. political actors will keep weaponizing the impact of widespread foreign disinformation campaigns on American elections, making these operations that much more effective and attractive to Russia, China, Iran or other countries backing them.

Why it matters: Hostile powers’ disinformation campaigns aim to destabilize the U.S., and each time a domestic politician embraces them, it demonstrates that they work.

Where it stands: There are several ways this dynamic will play out this fall and, if unchecked, in future elections.

1. U.S. politicians will amplify these false messages for their own electoral ends.

  • The First Amendment bars regulating or censoring the speech of domestic political actors and press outlets, even when it amounts to disinformation and propaganda.
  • Norms are the only thing stopping officials and candidates from becoming loudspeakers for a foreign active measures campaign. And norm-smashing politicians including the president have already shown themselves eager to — intentionally or not — boost disinformation from hostile states.

2. The call will come from inside the house.

  • U.S. politicians or their proxies will also be the source of falsehoods that foreign actors will then be able to seize on and boost online as part of a disinformation campaign.
  • Domestic political actors can then cite this publishing or social media activity as “evidence” of the very falsehoods they themselves generated.

3. The threat and basic contours of disinformation campaigns may be obscured as they get sucked into the partisan maelstrom of U.S. politics.

  • President Trump has long dismissed the reality of Russia’s 2016 meddling. And now Democrats argue the Trump administration is being deliberately vague about disinformation threats posed by China, Iran and Russia in what they contend is an effort to gloss over the pro-Trump campaign pushed by Russia specifically.
  • In response to those complaints, intelligence officials provided classified briefings to the House about the three nations’ interference campaigns. That only further enraged Democrats, who are demanding greater transparency, particularly about Russia’s plans.
    • Intelligence officials promised more public disclosures on 2020 interference in a less-contentious Senate briefing, lawmakers present said.
  • These briefings are “unprecedented,” says an official with the Office of the Director of National Intelligence, marking the first classified election interference briefings given to all of Congress, including lawmakers who aren’t used to receiving classified information.

Between the lines: The American public will benefit from more information about covert foreign electoral interference campaigns. But with intelligence sources and methods to protect and, yes, political sensitivities to consider, there will always be limits to what intelligence officials will say openly.

  • Meanwhile, closed-door briefings allow politicians and other officials to selectively leak information that can then be repackaged for purposes of domestic political warfare.
  • There’s a ratchet effect here. Each time officials disclose more intelligence, that very act of disclosure may power the spread of more disinformation.

Think of hypothetical scenarios like Republicans learning that Iran is boosting Democrats in the interest of reviving a nuclear deal, or Democrats being briefed that Russia is pushing nationalist GOP candidates for Congress with the aim of sabotaging NATO.

  • U.S. politicians may soon volley perpetual accusations of malign foreign support against members of the opposing party, citing U.S. intelligence community assessments. Guilt by association is a powerful tool.

The bottom line: Disinformation campaigns are low-cost and easy to replicate. The NSA can fizzle a troll farm's servers, but it can't stop Russia from simply purchasing and deploying new ones. And as long as these interference campaigns are successful, foreign states will devote the necessary resources to seeing them through.

  • Much of the responsibility falls to elected officials (and, to a lesser extent, the media and tech platforms), not U.S. intelligence agencies, to stop foreign propaganda from proliferating stateside.
2. NSA releases data tracking guide

The NSA Tuesday released a detailed guide on the dangers that cellphones, Internet of Things devices, social media accounts, and vehicle communications may pose to military and intelligence personnel.

The big picture: There are a whole host of ways devices like smartphones can be used to track individuals’ every move, and the NSA concludes that ditching them may be the only surefire way to avoid tracking by a determined adversary.

Details: Bluetooth, WiFi, GPS and apps that track a user’s location can all reveal granular information about someone’s locations, movements and larger patterns of life, says the NSA.

  • But people can only mitigate data leakage from their devices, not stanch it entirely, the agency finds. So intelligence personnel performing operational acts who simply cannot afford to be tracked at all may have to take more severe steps.
  • Concerned individuals may want to “determine a non-sensitive location where devices with wireless capabilities can be secured prior to the start of any activities. Ensure that the mission site cannot be predicted from this location,” says the NSA.
  • Then, according to the NSA, these individuals should “Leave all devices with any wireless capabilities (including personal devices) at this non-sensitive location. Turning off the device may not be sufficient if a device has been compromised.”

Yes, but: Here’s a counterintelligence koan of sorts: the absence of a signal can be a signal.

  • What’s one possible way to spot an intelligence officer conducting an operation? Find the person without a smartphone.
  • Close watchers may even be able to deduce specific operational activities. If there’s a crowd of 1,000 people in a public square, and 998 are giving off digital emissions from their cellphones, and two people walking from opposite directions closely cross paths: Voila, you’ve probably observed a brush pass.

The bottom line: For spies, there are no easy solutions to the problems the digital age poses for human-centered tradecraft. If you give off electronic signals, you’re vulnerable and trackable; if you don’t, paradoxically, you may find yourself in the very same situation.

3. TikTok drama clouds genuine security concerns

Illustration: Aïda Amer/Axios

Political and economic motivations behind a sale or shutdown of TikTok in the U.S. are obscuring sincere security concerns raised by the rise of the Chinese-owned social video app.

The big picture: U.S. intelligence officials evince deep worry over Chinese companies’ ability to resist Beijing’s demands for data.

Where it stands: TikTok as it’s used by most Americans — for memeable short videos of people dancing, joking and lip-syncing to other videos — doesn’t immediately scream security risk. But national security officials worry that Beijing, should it compel TikTok parent ByteDance to turn over data, could still farm the app for intelligence-gathering purposes.

TikTok data could…

  • Reveal users’ locations, personally identifiable information and larger social networks to Beijing’s spies. That in turn could help Chinese intelligence agencies hunt down foreign intelligence operatives (such as CIA officers), potential intelligence targets (such as businesspeople) and Chinese dissidents abroad.
  • Be scraped for information like email addresses that could be used to help hack targets’ other accounts.
  • Be mined to hone artificial intelligence systems or otherwise improve China’s big data capabilities. For instance, China could improve government facial recognition tech by training it on a wider range of ethnicities than is possible domestically, noted a former senior intelligence official.

The other side: TikTok says all of its data is stored outside of China and is therefore safe from potential prying by Beijing. (TikTok is not actually available for users in China; ByteDance instead operates a nearly identical app domestically.)

  • Still, that’s done little to assuage China hawks, who note that recent Chinese laws assert the power to demand data from any company that so much as does business in the country.

Catch up quick: President Trump’s recent threat to ban TikTok unless it is sold to an American buyer has led to intensive negotiations between ByteDance and Microsoft on a possible deal.

4. Ex-U.K. trade minister hit by Russian hack

Classified U.K.-U.S. trade negotiation documents that were dumped online in advance of Britain’s 2019 elections were stolen from a former U.K. trade minister’s email by suspected Russian operatives, Reuters reports.

The big picture: This new reporting adds heft to prior disclosures about a pro-Brexit Russian active measures campaign that sought to magnify dissent and discord within U.K. domestic politics.

Background: Months ahead of the December 2019 U.K. general election, Reddit discovered a coordinated group of Russian-backed accounts using the site to disseminate the U.S.-U.K. trade documents, which quickly spread to mainstream media outlets.

  • The Labour Party cited those reports as evidence the Conservative Party wanted to privatize Britain’s prized National Health Service. But Conservatives ended up winning the election in a landslide.
  • Analysts said the leak mirrors previous efforts by the Russian group the Atlantic Council called Secondary Infektion, down to the types of language errors made. “It's either the Russian operation or someone trying hard to look like it," Graphika’s Ben Nimmo told Reuters in 2019. U.K. officials later confirmed Russia was behind the campaign.

Between the lines: While it’s not clear which Russian intelligence agency or agencies were behind the hack and subsequent data dump, this 2019 campaign closely resembles the strategy pursued by the GRU, Russia’s military intelligence agency, during the 2016 U.S. presidential election.

  • This includes using relatively unsophisticated tools to gain access to the email accounts of public figures, then repackaging (and sometimes misrepresenting) the sensitive material contained therein in order to inflame the electorate.
5. Odds and ends