The impact of social media on political communication remains a top concern worldwide. A request for comment on disinformation policy has been issued by the UN Special Rapporteur on freedom of expression. Biden’s incoming Director of National Intelligence is being pushed to support mandatory cybersecurity information sharing by the private sector. A last-minute Trump Executive Order tries to strengthen national boundaries on cloud services.

Should Trump be banned from social media?

A search for appropriate policies to govern social media content remains a top concern in the aftermath of the Trump riots and the subsequent deplatformings. We examined the fate of Parler in a blog four days ago. Facebook has asked its new Oversight Board to answer two questions about deplatforming Trump: 1) Should Facebook’s decision to suspend Trump’s account indefinitely be upheld or overturned? Whatever decision the board makes is supposed to be binding on the company. 2) What policy guidance can the board make about Facebook’s treatment of political leaders? This guidance will not be binding, but addresses a tough tradeoff: exposing and making accessible the statements of public leaders and holding them accountable for it on the one hand, vs. denying them an audience when they are perceived as destabilizing, offensive, or threatening. The whole incident puts to the test one of the new governance mechanisms established for social media, Facebook’s Oversight Board. Harvard Lecturer Evelyn Douek concludes: “There is no greater question in content moderation right now than whether Trump’s deplatforming represents the start of a new era in how companies police their platforms, or whether it will be merely an aberration.” For those wishing to weigh in, Facebook has set up a public comment channel.

How about Navalny?

For those who complain that private actors should not be the ones moderating political expression on social media, Russia is providing an example of how state actors do it. Russia’s Internet regulator Roskomnadzor said it will fine all major social networks for “spreading calls” to join pro-Navalny demonstrations on January 23. Putin’s government claimed the messages on the platforms illegally incited minors to attend unauthorized rallies. Although their metrics are unclear, Roskomnadzor said TikTok deleted 38% of videos calling for minors to attend Saturday’s nationwide protests, about 50% of posts from YouTube and VKontake were deleted, and 17% of the rally calls disappeared from Instagram.

The rallies happened anyway in 100 Russian cities, leading to nearly 4,000 arrests.

UN to look at disinformation and free expression

The UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression is seeking comments for her upcoming report to the Human Rights Council that will focus on the issue of disinformation and freedom of opinion and expression. The report, to be presented in June 202, is seeking to clarify how human rights law applies to disinformation, identify key issues that would benefit from further consideration by the Human Rights Council and formulate recommendations to States and other stakeholders on the best way to tackle disinformation whilst protecting the right to freedom of opinion and expression.

Towards that end, the Special Rapporteur is inviting stakeholders to share their views, any relevant documents, reports, news or academic articles on challenges raised by disinformation. The details of the call for comments is available here and the deadline for sending in comments is by 15 February 2021.

SolarWinds breach used to push mandatory info sharing agenda

In confirmation hearings before the U.S. Senate, Avril Haines, Biden’s nominee for Director of National Intelligence, said she found it “concerning” that the SolarWinds breach was discovered by cybersecurity company FireEye instead of “U.S. government cybersecurity operators.” This comment, which suggests that Haines may not deeply understand what keeps cyberspace secure, came after members of the Senate Select Committee on Intelligence (SSCI), told her they are worried about a “lack of mandatory threat information sharing between the private sector and government.” Haines promised to review the relationship. The comments imply that both the SSCI and Haines think of cyberspace as a geographic territory and that foreign intrusions into “our” space can be detected via some military “cybersecurity operators” on the country’s perimeter. In fact, nearly all American networks and applications are connected to all other networks and applications, and the boundaries between tens of thousands of independently managed networks and millions of applications are primarily logical, not geographic. Nation-state actors who exploit software vulnerabilities are not going to pop up on a radar screen as a foreign invasion, they are only going to be visible as intrusions to the organizations or software suppliers being breached. Companies cannot share meaningful threat intel without also sharing detailed and sensitive information about their networks, applications, security procedures and policies.

Aligning the Internet: Trump’s last gasp

On his last day in office, Donald Trump issued Executive Order 13984, invoking yet another “national emergency” to enable further bordering of the Internet. The EO gave the U.S. Commerce Department 180 days to develop “know your customer” rules similar to what regulated banks use. The EO targets “infrastructure-as-a-service” providers (IaaS), which the order defines as providers of “the ability to run software and store data on servers offered for rent or lease without responsibility for the maintenance and operating costs of those servers.” IaaS providers must :

“verify the identity of persons obtaining an IaaS account … and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors’ access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.”

Section 3(b) of the Executive Order also advances the agenda of mandatory information sharing, requiring the Attorney General and Secretary of DHS to issue recommendations in 240 days regarding “voluntary information sharing” between private IaaS providers and just plain “information sharing” with government agencies. Internet infrastructure accounts may eventually be monitored and controlled as much as the monetary system, and  (like financial transactions) used as the leverage for sanctions and surveillance. Keep an eye on the rules to be issued by the Commerce Department within the next 6 months.