In its second report detailing the Russian government’s sweeping disinformation campaign on social media leading up to the 2016 election, the Senate Select Committee on Intelligence offered a bureaucratic platitude to combat the problem: improve information sharing between social media companies and the federal government.
“The committee recommends that Congress· consider ways to facilitate productive coordination and cooperation between U.S. social media companies and the pertinent government agencies and departments, with respect to curtailing foreign influence operations that target Americans — to include examining laws that may impede that coordination and cooperation,” the committee wrote in its 85-page report.
According to the Oct. 8 document, titled “Russia’s use of social media with additional views," Congress needs to consider whether to “formalize information sharing" between the public and private sector. The report said that information sharing between tech companies and the public sector “should not be a difficult step," pointing to several examples already in place in the private sector.
But information sharing between the federal government and its partners is not easy, as highlighted in the same committee’s first report on election interference. That document described state governments’ frustration in dealing with the federal government in 2016. And, like working with states skeptical of the federal government’s role in their election processes, working with tech companies can be a challenge because of a lack of trust, several experts told Fifth Domain.
“We need to figure out the structural ways to institutionalize collaboration, which will also help build trust,” said Sasha O’Connell, a former chief policy adviser for science and technology at the FBI and a professor of cyber policy at American University.
The gaps between tech and feds
Tech companies are reluctant to share information with government because they are hesitant to share their users’ sensitive data with the government, while the government is reluctant to share information collected through sensitive sources and methods, said William Carter, deputy director of the technology policy program at the Center for Strategic and International Studies.
“At the end of the day, a lot of this is their users’ personal data," Carter said. "And just sharing that with the U.S. government, particularly in a situation where the government is not approaching them with a warrant, is a really sensitive topic for them.”
The committee report recommended that Congress find ways to “facilitate” better coordination and cooperation between the federal government and social media companies. Information sharing must improve in both directions, they wrote.
“This will improve the ability of social media companies to quickly identify and disclose malign foreign influence operations to the appropriate authorities, and it will improve the ability of law enforcement agencies to respond in a timely manner,” the committee wrote.
The report found that the Internet Research Agency, a Russian group that known for its influence operations in 2016, used misinformation campaigns to support Donald Trump over Hillary Clinton, as well as denigrated several of Trump’s opponents in the Republican primary. Since Election Day in 2016, the committee found that the IRA’s activity on social media has increased, including 59 percent on Facebook, 52 percent on Twitter and 238 percent on Instagram.
Such misinformation campaigns are difficult to combat because they exploit “seams” in the U.S. government system, Carter said, where the federal government, intelligence community, military, law enforcement and private companies may struggle to decide who has the authority and jurisdiction to address the operations.
“They found a way to threaten sovereignty that hits right along all of those key dividing lines where you get into just basic operational questions of how to deal with it, but also really fundamental ethical questions and how to deal with it,” Carter said. “And they’re very clever about identifying those seams and exploiting [them].”
How to improve the public-private relationship
Both Facebook and Twitter representatives told the Senate committee they are working with the FBI and Department of Homeland Security.
But if companies want to improve their relationship with the government, they need to act, O’Connell said. To be successful in disclosing information to proper authorities, tech companies should set up an office dedicated to working with the government on strategic policy issues, she added.
Historically, “there is no hub on the company side that is designed to bring together the thoughts across the company — from the engineers, from the lawyers, from the C-suite — to one place that the government can plug in and coordinate,” O’Connell said.
It’s important that tech companies and government have an “understanding of each other’s incentives, and also requirements and regulations so you really understand each other and what is possible,” she said.
However, some progress has been made. O’Connell praised the Presidential Innovation Fellows program, which brings professionals from the private sector to government to help solve technology challenges, as a great start toward fostering stronger relationships.
Back on Capitol Hill, Sen. Mark Warner, D-Va., called for congressional action.
“As was made clear in 2016, we cannot expect social media companies to take adequate precautions on their own. Congress must step up and establish guardrails to protect the integrity of our democracy," Warner said in a statement. “At minimum, we need to demand transparency around social media to prevent our adversaries from hiding in its shadows.”
But there are also legal challenges in policing social media. One difficulty in stopping the spread of misinformation is that sharing conspiracy theories on platforms like Facebook doesn’t appear to break any laws.
“It’s not clear what government can even do,” Carter said. And without criminal activity, social media companies could be reluctant to turn over information.
“Turning over a lot of information on certain groups on their platform to government that doesn’t pertain to criminal activity — I mean, that’s a really ethically fraught task,” Carter said.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.