Congress to Question Tech Giants Over Foreign Influence During the Election

BY Justin Torres

United States Capitol Building, Washington, DC


On November 1, representatives from Facebook, Twitter and Google will appear in front of both the Senate and House Intelligence Committees.

These three companies were instrumental to the efforts of the Internet Research Agency (IRA), the Kremlin’s private incubator for online discussions and real life actions. Additionally, ranking members of the Senate and House Intelligence Committees have authored the Honest Ads Act, a light-touch measure to treat online political ads like traditional mediums.

Senator Mark Warner tells NPR that in “an era where $1.4 billion was spent on political advertising in the 2016 campaigns - and that number is only going to go up - there needs to be equality between traditional radio and broadcast and social media and Internet political advertising.” All three companies experienced some sort of foreign activity, the details of which - content of ads, how they were targeted, and who paid for them - is reported to connect to the IRA. The multi pronged attack was simple in complexity, but reached impressive scales with high returns on investment.

Relaxed bot policies at Twitter allowed legions of accounts to promote fake news from select key accounts
Twitter’s problem stemmed from easily made accounts without the real name policies of Facebook or Google. A survey of traffic estimates 50 percent of accounts are automated. The effort and influence of each account varies. The majority are “egg profile” accounts with names like @henrywilliams52048910 and then you have the top performing, high maintenance accounts which sit on impressive flocks of followers. Perhaps the biggest draw for wanting to use Twitter over the other social networks is that you have a much better chance of having your message seen, liked, or even retweeted by the President of the United States.

@TEN_GOP was one such top-tier account. Established in 2015, the account reached a peak audience of over 140,000 before Twitter suspended it this August. “It was in no way affiliated with our office,” says Candice Dawkins, the real Tennessee Republican Party's (@TNGOP) communications director. Archived tweets document consistent subject matters such as supporting the firing of James Comey, Russia having nothing to do with the election and sharing fake news with divisive hashtags.

Some are calling for the service to be purged of bots, which would be a terrible idea. Third-party developers often use the Twitter API for creative and productive ways, like one blogger who made a raspberry pi tweet the entirety of “The Adventures of Tom Sawyer,” or a bot that looks for other bots.

Twitter’s verified program gives high-profile users a little blue check after they can prove who they say they are. Accounts which are primarily controlled by bots should have a similar badge, which indicates some or all of the posts are automated. Ideally, the bot detection methods would be a combination of several different vendors, with at least one of them being open sourced.

“Without Facebook, we wouldn’t of won”
No Silicon Valley giant played a bigger role in the 2016 presidential election than Facebook. Trump’s campaign saw the value of social media early on and went all in, spending $85 million to run advertisements using deeply personal data points from over 200 million Americans.

“Without Facebook, we wouldn’t of won. I mean Facebook really and truly put us over the edge,” said Theresa Wong the head of the digital campaign and manager of Facebook activities for the Trump campaign. Ads would be changed ever so slightly, sometimes between 35 and 45 thousand variations, to optimize interactions and conversions.

Facebook had sought an exception on political disclaimers back in 2011 since their “character limited ads” maxed out at 160 characters. This request was not without precedent, with Target Wireless in 2001 and Google in 2011 both making cases for text limitations. With Facebook’s ruling tied at 3-3, the social media company took their changes and proceed on with omitting the disclosures, which would let it become the favorite site for political advertisers.

Not surprisingly, the IRA was discovered to of taken full advantage of the Facebook ecosystem. One former member details 12 hour shifts, starting with a stack of cultivated articles and media, selected for its ability to spark discussions online. English was peer reviewed, House of Cards was binge watched, and mistakes like forgetting to use a VPN resulted in a scolding. Identities were falsified, fake news was spread, and politically charged ads over Black Lives Matter and anti-gun were appearing to swing state voters.

Google reluctantly investigates systems and discovers foul play
In the aftermath of Twitter suspending 201 accounts and Facebook turning over 2 thousand ads to special and congressional investigations, Google initially downplayed the influence of Russian trolls on their network. Many, including Google themselves, thought that if anyone could detect automated or falsified activities on their servers it would be Google. Now with November 1 approaching quickly, the company behind the world’s largest advertising and video site offers troubling details.

After announcing stricter limits on demographic filters, Google reveals it had sold nearly $100,000 in ads to accounts operated by the Internet Research Agency, which also ran disinformation campaigns on search results, Youtube videos, Google News and other services.

People familiar with Google’s investigation said fake users were discovered in their system because of data taken from Twitter. For a small fee, developers accessed tweets dating as far back as 2006. They then matched Russian accounts to ones that bought ads or posted content elsewhere.

Just another data breach?
In a bipartisan reaction from Congress, Senators Amy Klobuchar, Mark Warner and John McCain have put forth the Honest Ads Act. The measure would redefine “electioneering communication” to broadly include digital communications and add fines for non-compliance.

“There are already established rules that apply to TV and all existing media” says Senator Mark Warner. Ads about a specific candidates or an issue of national significance would also require disclosure, with public file of the content of those ads. But will the increased transparency even slightly deter troll farms from their continued campaigns of disinformation?

The IRA and other troll operations will be only slightly impeded. They will rename themselves, start up new virtual machines, and tweak the operation to strengthen its weakest aspects. New SIM cards, names and online accounts will be purchased in bulk and the

When Equifax experienced the largest data breach of its 118 year old history, it was due to it running out of date software that got exploited by culprits still at large. The details of which was kept secret for months, during which executives who had no knowledge of the intrusion dumped millions in shares. How did Equifax deal with the data breach? CEO Richard Smith stepped down and then Congress kills the ban on forced arbitration. Now consumers have fewer legal outcomes, and companies like Equifax are free to innovate and use admin for their login passwords.

Information security is a constantly shifting landscape which can’t wait around for Silicon Valley or Capital Hill to react. Vulnerabilities like the WPA2 wireless encryption bug which affect nearly all Wi-Fi devices are just perfect setups for the next big data breach. Virtual private networks (VPN) like Tunnelbear and Private Internet Access are gathering mainstream support for anyone remotely concerned about their privacy.

We will have to wait and see what other details come to light on November 1, and what changes inevitably make their way into the Honest Ads Act. No matter what happens, we can not act as if nothing happened at all.

Justin Torres

Justin Torres is a staff contributor to Bigger Law Firm Magazine, Chief Programming Engineer with Adviatech, and oversees all of the company's security protocols.


WordPress Plugins for Law Firms

Supercharge Your Law Firm’s Website: 5 Must-Have WordPress Plugins!

Are you looking to maximize your law firm’s website’s potential? You’re in the right place. WordPress offers a wealth of plugins that can improve your website’s functionality, from search engine optimization to online event scheduling. Here are five must-have plugins for law firms: Gravity Forms – Communication is key when it comes to your law…

Security vulnerability infected websites

WordPress Security Breach Used Vulnerabilities in Plugins in Themes

Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy’s Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks,…

Law firm partner learning about SEO

How to talk to the partners about SEO

As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…