Listen: This week with Jigsaw CEO Jared Cohen: "The first attack on any society is going to be an attack on the conversation."
Subscribe to the GZERO World Podcast on Apple Podcasts, Spotify, Stitcher, or your preferred podcast platform, to receive new episodes as soon as they're published.TRANSCRIPT: A Brave New (Virtual) World with Jared Cohen
Jared Cohen:
I have two daughters, I have a four-year-old and a two-year-old, and I'm probably going to have conversations with them about information and disinformation, data permanence, privacy and security before I ever have the awkward conversation that a father never wants to have with a daughter about, "Just don't talk to boys."
Ian Bremmer:
I'm Ian Bremmer, and welcome to the GZERO World Podcast. I'm host of the weekly show "GZERO World" on public television. In this podcast, we share extended versions of the big interviews from that show. This week I sit down with Jared Cohen, founder of Google's tech incubator Jigsaw, and a veteran foreign policy advisor. Today we'll talk about the crossroads of technology and geopolitics, and I'll be sure to ask him what kind of cybersecurity threats we can look forward to in upcoming elections. Let's get to it.
Announcer:
The GZERO World is brought to you by our founding sponsor, First Republic. First Republic, a private bank and wealth management company, places clients' needs first by providing responsive, relevant and customized solutions. Visit firstrepublic.com to learn more.
Ian Bremmer:
Jared Cohen, CEO of Jigsaw, let me start with asking you about cyber and particularly elections. You don't believe that there is a significant cyber threat to midterms coming up in November here in the United States. Why?
Jared Cohen:
I believe there's a threat to the midterms. I just believe that in the aftermath of the 2016 election meddling, I believe that foreign adversaries are toning it down. It's probably the smart strategic decision for them. If you don't do as robust a meddling in the midterm elections as you did in the 2016 elections, two things happen. One, people are less prepared next time around. Two, it's not as much part of the zeitgeist. Three, people become complacent and feel like they've largely got it under control. Then when it ramps up again, come the 2020 election, people are either flatfooted or they're not prepared for it.
Ian Bremmer:
Is that a theory, or do you have some analytic data that suggests that that is really the case thus far as we're moving into the election cycle?
Jared Cohen:
Well, there's certainly evidence of disinformation deployments in the context of the midterms. My theory, and it is informed by both qualitative and quantitative analysis, is that it's not at the scale that we saw in 2016. It's not at the scale that we saw in Russia's own presidential election. And it's not at the scale that we've seen in some of the European elections.
Ian Bremmer:
So if we were going to look at all the elections that have really been hit, as well as the British referendum on Brexit, where would you say external actors in terms of both hacking and disinformation campaigns rank them? Where have they had the most impact? Where have they been most damaging?
Jared Cohen:
It depends how you define damage, right? What's interesting about disinformation campaigns is it's very difficult to measure how effective they are in terms of changing people's behavior. It may be that some of the greatest impact of disinformation campaigns is the hysteria and the response that it creates, and we have to be very careful not to conflate attempts at disinformation with success of disinformation. I think as a society, we are dangerously rounding up and handing adversaries a victory that maybe they didn't achieve. They certainly have meddled, they certainly have attempted, but we have to stop just shy of being able to say in any definitive way that this is what they accomplished. They have fomented a tremendous amount of chaos in the process. They have exacerbated tensions in the process. They have disseminated secrets by hacking people's accounts and then creating fake accounts to disseminate those secrets throughout the world. So there's real evidence of where they're playing, it's just very, very difficult to measure.
Ian Bremmer:
So we get beyond the diagnosing where, at least for now, the challenges seem to be pretty big. What do you think the responses should look like? If you were advising the US government, the European governments right now, knowing that after this midterm not doing so much, we're going to face a lot of big challenges in other countries, other actors messing with our political legitimacy? We clearly didn't handle it well in 2016. The Brits clearly didn't handle it well with the Brexit referendum. What should we do concretely?
Jared Cohen:
So Ukraine is having its presidential elections in March of 2019. Europe is having its parliamentary elections in May of 2019. Obviously, the US is having its presidential elections-
Ian Bremmer:
2020.
Jared Cohen:
... in 2020. If you subscribe to my theory that it's been toned down, it's still active in our midterm elections, but it's toned down, regardless of the reason, we need to recognize that if we're going to get hit in 2020, it's going to be with 2019 and 2020 tools, not 2016 tools. I believe that, in fact, the best way to protect the European parliamentary election and the US presidential election is to double down on protecting the Ukrainian presidential election. One, we all want to help Ukraine protect the integrity of their process, the right thing to do, and it's a stated policy of most Western democracies. But two, there's nothing that the Russians, for example, would hit the Americans or the Europeans with that they wouldn't hit the Ukrainians with.
Ian Bremmer:
They wouldn't test it.
Jared Cohen:
It is the the penultimate example or the most active example of a target practice. There's a bunch of tools that are already deployed to protect elections. Those can be deployed to help protect the Ukrainian elections, test their resilience. There's a huge intelligence benefit of just seeing what the latest and greatest tactics are that are being deployed in the context of Ukraine, how state actors work with disinformation entrepreneurs to do this, how they're active in purchasing capabilities on the dark web. You can begin to ask questions, "Will we see distortion of video in Ukraine?" I don't know, maybe yes, maybe no. Or will it still be largely around distortion of imagery? But what's interesting is you also have a very active, as I mentioned before, set of entrepreneurs and civil society in Ukraine. In New York, everyone works on fintech, in Ukraine, they all work on counter-disinformation, and that's what they're building their companies around. My guess is some of them are pretty good, and so there's an opportunity also to build not just a robust civil society but a robust tech ecosystem around fighting disinformation in the world's most active feeder.
Ian Bremmer:
So then the final question would be, okay, you've done your best to defend, these attacks are coming. After such attacks, how do you think the international community or individual governments should respond?
Jared Cohen:
It's going to constantly be a game of cat and mouse with various adversaries. I think we need to find ways to continue to seek out the places that are the most active theaters.
Ian Bremmer:
Is this like a NATO thing? Is this a-
Jared Cohen:
Well, actually, so here's a couple of concrete examples. Since you mentioned NATO, what I find very interesting about NATO is it's a security architecture built around geography, which makes sense when the world was purely physical. We're now having these growing conversations about NATO expansion, and NATO has become a heightened topic again for all the reasons we understand it. There should be a real conversation about whether we should expand NATO to some of the countries that have the greatest cyber capability but aren't geographically located in a place that has historically made sense for NATO. Because honestly, the greatest threat to NATO countries is probably cyber not physical at this point. I think the physical deterrents are pretty strong. I'm not saying there's no threat, but the cyber attacks are going to happen on a daily basis, and they're going to keep pushing and pushing and pushing. I also think that there needs to be serious thinking around what a cyber attack would have to look like in terms of economic damage, potential loss of life, loss of livelihood to trigger an Article 5 response.
Ian Bremmer:
The component of the NATO Treaty that compels collective self-defense.
Jared Cohen:
And this gets to what I think is the greatest vulnerability geopolitically right now in terms of things that we haven't quite gotten our head around, which is there are no rules of engagement that govern how states respond to each other when attacked. There are no doctrines of proportionate response. There's no taxonomy around types of attacks or types of targets. We can't even get as simple as what are the list of targets that if attacked could lead to loss of human life? That might actually even be a conversation you could have between frenemies.
Ian Bremmer:
The other thing that you've spent a lot of your career on is dealing with, assessing, understanding terrorism. We're not talking as much about terrorism these days. I mean, we've destroyed ISIS. What do you think we're missing?
Jared Cohen:
We need to start thinking now about what a successor to ISIS looks like in terms of its cyber capabilities. My view is what the successor terrorist organization will do, they'll be able to do everything that ISIS did, which is using information and disinformation to recruit and to propagate, finding ways to coordinate logistics and so forth. But one of the hallmarks of how ISIS built up its capabilities was robbing banks, physically robbing banks. So-
Ian Bremmer:
In Mosel, for example.
Jared Cohen:
In Mosel, a billion dollars, right?
Ian Bremmer:
Almost, yeah.
Jared Cohen:
So I suspect that a future terrorist organization will build up their economic resilience through partnerships with various online criminal groups. It's much easier to criminally generate money on the digital front than it is by simply robbing banks. There just aren't enough banks. We'll also see the much more active use of cryptocurrency. We'll see coordinated cyber and physical attacks, so a cyber attack that makes it easier to carry out a physical attack.
Ian Bremmer:
Example of that?
Jared Cohen:
You could imagine a cyber attack on an electrical grid that causes a temporary blackout and then a bunch of people come in with suitcases and so forth. It's like Hurricane Sandy, but not by a natural disaster. I also think that the type of what we typically think of as propaganda, again, the same things that we see being used in our election, are likely to be used by a future terrorist organization as well, the deployment of actual digital people as a much more active way of recruiting.
Ian Bremmer:
Now, it's interesting because all of those things are concerning and growing threats, but they're all indirect. And the one thing you didn't mention is the likelihood that terrorists are going to directly use cyber capabilities to break things. In other words, the terrorist attack itself would be the cyber attack that poisons the water or destroys the nuclear facility or whatnot. Is that because you just don't think they are close to having that level of sophistication?
Jared Cohen:
I do worry about it, don't get me wrong, and I do believe that at some point we're going to see some kind of an attack that has significant damage. It's so hard to know where it will come from, what target it will hit, that I find the fearmongering around it not necessarily to be the most productive way to engage in that debate. Whereas, I think that drawing people's attention to the fact that if we see a state-sponsored cyber attack or a criminal cyber attack that does something like causes a blackout or some kind of chaos that we should next be looking for a physical attack.
Ian Bremmer:
When you deal with physical terrorism in the United States, obviously there's been that kind of significant big reaction, and yet you seriously harden your air facilities, you don't with buses or with trains. Some could argue that doesn't make a lot of sense, costs a lot of money economically. Is there an equivalent either mistake or lack of appropriate focus in the cyber domain thinking about this?
Jared Cohen:
For some reason in government, we keep wanting to create cyber this and cyber that. The problem with that is we need to get to a point where we actually just stop talking about cyber, right? When we talk about war, we don't have conversations about tanks, planes, and boats. We do it in a nuanced way. A feeder of conflict is multidimensional, it's physical and it's digital. The capabilities are both physical and digital. We don't talk about our adversaries this way anymore. There's no such thing as a cyber terrorist, there's just terrorists and they have physical and cyber capabilities. Same thing with criminals. So government has to find a way to figure out how to integrate cyber into everything that it does as opposed to having these orphaned apparatuses that are tasked with doing cyber.
Ian Bremmer:
How do you think the world changes most as humans become more virtual?
Jared Cohen:
Well, I think, let's start with humans. The citizen of the future is increasingly splitting their time between physical and digital domains. They're proliferating versions of themselves. Ian Bremmer has multiple email accounts, multiple social networking profiles, multiple phone numbers, and-
Ian Bremmer:
And a puppet.
Jared Cohen:
And a puppet. You basically have a virtual entourage of yourself walking around, and that virtual entourage has multiple personalities. You are many... you're basically able to punch way above your weight as a physical citizen by proliferating yourself. So the global demographics change a lot in that sense, and a country like Iran that's 80 million people, online looks more like a billion people. So that creates an interesting tension for governments that run the risk of miscalculating by overreacting or under-reacting to things that they see online.
Jared Cohen:
A second thing is the first attack on any society is going to be an attack on the conversation. And so what we see playing out on the conversation, whether it's just people being mean or it takes a political, ethnic, or sectarian tone is going to be the first indicator of what happens, of what might spill into the street. Now, on the one hand, it's good that there's something that happens before it goes into the street, and we're not just going from zero to machetes in the street. The bad news is the barriers of entry to virtually venting or being obnoxious are-
Ian Bremmer:
Are zero.
Jared Cohen:
... much lower. So it could also accelerate it. The good news is anything that's written down can be measured, and this is one area where machine learning can be quite helpful. For instance, right here at Jigsaw, we've trained machine learning models to measure toxicity in language on a score of zero to 100. So we can feed any comments or language to these models and tell you how likely that comment is to be perceived as toxic and return that score to whoever is moderating the platform.
Jared Cohen:
So there are some interesting technical things that can be done to try to restore civility to the internet, but I think the biggest thing that's going to change is also just the mass proliferation of data. We spent the last decade talking about what happens when societies come online. Now technology's completely ubiquitous, and what that means is a society can't function without having both physical and digital stability. I think governments understand what physical instability looks like and how to deal with it. It's not fair nor is it going to work to rely entirely on governments to deal with the digital stability problem.
Ian Bremmer:
So Black Mirror or Ready Player One, if you had to choose, which are we more heading towards?
Jared Cohen:
Oh, Black Mirror really freaks me out, so just by default, I'm going to go to Ready Player One.
Ian Bremmer:
Very good. Jared Cohen, good to talk to you.
Jared Cohen:
Alright, thanks Ian.
Ian Bremmer:
That's our show this week. We'll be right back here next week with Kevin Rudd, president of the Asia Society's Policy Institute and former prime minister of Australia, a country you have heard about. Don't miss it. In the meantime, if you like what you've seen, check us out on gzeromedia.com.
Announcer:
The GZERO World is brought to you by our founding sponsor, First Republic. First Republic, a private bank and wealth management company, places clients' needs first by providing responsive, relevant and customized solutions. Visit firstrepublic.com to learn more.
Subscribe to the GZERO World Podcast on Apple Podcasts, Spotify, Stitcher, or your preferred podcast platform, to receive new episodes as soon as they're published.