In recent memory, ransomware has gone from major nuisance to international crisis. Criminal gangs that target computers, encrypt their contents, and demand a ransom in order to provide a decryptor tool have struck critical infrastructure around the world. They have disrupted Ireland’s entire healthcare systems, shut down hundreds of food retailers in Sweden, and disrupted fuel delivery to the U.S. Eastern Seaboard, among countless other examples.
At the heart of the ransomware phenomenon is a misalignment of economic and policy incentives that allow criminals to operate successfully and with impunity. But as ransomware has proliferated, addressing this problem most often falls on the shoulders of its victims—businesses facing difficult decisions about whether or not to pay ransoms to regain access to critical systems and data. And as victims have paid up in order to mitigate damage, there are now growing calls for businesses to be banned from paying ransoms.
But these calls to ban ransom payments outright fail to capture what is an enormously complicated policy issue. As it stands, the ransomware model favors the criminal, but will banning ransom payments outright reverse this imbalance of incentives? We hail from different countries and different cybersecurity backgrounds; one of us is mostly experienced in the private sector and the other in government. One begins from a presumption in favor of a ban, the other against one. Here, we examine the vexing issue of whether or not to ban ransom payments and wider ideas about how to disrupt the flow of money to the criminals and use our differing perspectives to offer some solutions.
When unprecedented protests erupted last week in Cuba, some observers were quick to argue that improving access to the internet had made possible a protest movement in a country where freedom of speech and assembly are significantly restricted. As with the Arab Spring, these techno-optimists saw the power of the internet at work in a Cuban protest movement that coalesced around long-promised, long-delayed economic reforms and a fumbling response to spiking COVID-19 cases. President Biden even suggested that providing private internet to the Cuban people might be a strategy the U.S. government could pursue. But a closer look at the data reveals a more complicated picture that should make policymakers cautious in relying too much on internet access as a tool to counter sclerotic authoritarians.
Based on an analysis of nearly four million Facebook posts from public pages and groups from June 1, 2019 to July 20, 2021, Cubans have become more engaged on Facebook, both in terms of the volume of content and average engagement with posts. Since July 2019, when the Cuban government began lifting restrictions on internet access, total content has grown steadily over time. In the lead up to the most recent wave of protests, average engagement with content on Facebook grew rapidly, spiking on July 13, 2021, two days after the eruption in protests and a day after the Cuban government restricted internet access. Since then, the volume of and engagement with Facebook content has dramatically declined. As of July 21, it has yet to return to pre-protest levels, likely due to government shutdowns, though the focus of conversations that are still ongoing has not fundamentally changed. Though a Facebook live broadcast is largely credited with sparking the most recent wave of protest across the island, policymakers should be careful not to overemphasize the role internet access is playing in fomenting this recent protest movement.
President Joe Biden recently toured Europe with a simple message: “America is back.” Following the tumult of the Trump years, Biden attempted to repair frayed ties with U.S. allies and to build consensus on a series of ambitious policy goals: ending the COVID-19 pandemic, fighting climate change, and resolving issues around Big Tech and the internet. Indeed, on both sides of the Atlantic, policymakers are examining how to rein in the power of major technology companies. But despite broad agreement on this basic goal, U.S. and EU internet strategy aren’t as aligned as some politicians might proclaim.
In a bid to help bridge this divide, Biden and his EU counterparts agreed to form an EU-US Trade and Technology Council that will bring together officials from both sides of the Atlantic to write rules on a range of sensitive technology issues spanning investment to supply chains. But if Europe and the United States are to effectively promote democratic technology, the EU and the United States must prevent the Tech Council from falling into a clear and looming trap: becoming entirely about China.
At first glance, the ability of most African states to prevent or respond to a cyberattack by state-backed hackers would appear limited. African countries tend to have low levels of cyber maturity and possess limited offensive and defensive cyber capabilities. Virtually all rely on foreign actors to supply critical information infrastructure and manage data using cloud technologies. This limits sovereign control over the electronic information produced by African citizens and renders tech stacks in countries across the continent vulnerable to compromise. African governments and regional organizations have already been targeted by some high-profile state-sponsored attacks, including Chinese espionage at the African Union and North Korea’s 2017 Wannacry Ransomware attack.
Though few African states can compete with the world’s major cyber powers, the region is not inherently more susceptible to state-sponsored cyber threats. Like other regions, Africa faces its own series of opportunities and challenges in the cyber domain. For now, low levels of digitization limit the exposure of many countries in comparison to the world’s more connected, technology-dependent regions. As internet-penetration rates increase, African states can draw on established good practices, international partnerships, and regional cooperation to identify, prevent, and respond to state-sponsored cyber espionage or sabotage of critical infrastructure.
Baseless rumors about new technologies spreading cancerous radiation. Politicians condemning negative stories as “false” or “defamatory.” Deepening polarization amid constant online manipulation. These might sound like recent episodes in U.S. public life. But they in fact come from South Korea, where rumormongering and manipulation of public opinion have become key features of its politics.
Although South Korea consistently tops indices measuring a country’s digital maturity, digital disinformation is changing its politics. Despite evidence to the contrary in the United States, South Korea’s experiences suggest that political polarization is not the death knell for the state’s ability to address domestic disinformation and provide clear guidance during crises like COVID-19.
China’s leaders have staked the country’s future on innovation. In its latest blueprint for national economic development, China has pledged to end its reliance on imported technology and to focus on domestic consumption as the primary driver of growth. At a conference in May for engineers and scientists, Chinese leader Xi Jinping urged greater self-reliance in science and technology, which would serve, he said, as “the strategic support for national development.”
China’s drive toward technological independence has raised alarm bells in the West, where a resurgent China powered by a leading technology industry is widely considered the key strategic challenge of the 21st century. But these fears all too often fail to consider the internal obstacles facing Beijing’s push toward tech supremacy. Among them is one very low-tech problem: a prevailing sense of social and professional stagnation.
The drive toward self-reliance has encountered an unlikely form of resistance in a generation of young Chinese who balk at the Party’s high-minded calls for “continued struggle” alongside an deeply engrained culture of overwork without the promise of real advancement. They opt instead for “lying flat,” or tangping (躺平). The “lying flat” movement calls on young workers and professionals, including the middle-class Chinese who are to be the engine of Xi Jinping’s domestic boom, to opt out of the struggle for workplace success, and to reject the promise of consumer fulfilment. For some, “lying flat” promises release from the crush of life and work in a fast-paced society and technology sector where competition is unrelenting. For China’s leadership, however, this movement of passive resistance to the national drive for development is a worrying trend—a threat to ambition at a time when Xi Jinping has made grand ambition the zeitgeist of his so-called “New Era.”
A global shortage of semiconductors has policymakers wondering how government can work with industry to spur production. Such collaboration has possible precedent in the 1987 launch of Sematech, a consortium that revitalized the U.S. chipmaking industry. In this episode of MITRE Engenuity’s Circuit Talk, Dr. Nadia Schadlow and Pavneet Singh sit down with, Dan Armbrust, the co-founder and director of Silicon Catalyst, a semiconductor incubator, to discuss the launch of Sematech and the partnership between the U.S. government and the semiconductor industry that led to its creation.
In 1995, the U.S. National Telecommunications Infrastructure Administration was the first government body to empirically document the existence of the “digital divide”—the gap between those who do and do not have ready access to internet service. In a report that year—”Falling Through the Net“—the agency described the geographic, demographic, and economic divides in the adoption and use of the internet. The report was prescient in recognizing the role that disparate infrastructure and hardware access played in driving digital inequality and showed how those inequalities impacted how people were using the internet.
The NTIA report also made a crucial wrong bet. It assumed that there was “an” internet and that fixed-line broadband to a personal computer would be the common denominator technology to enable access. But the world didn’t primarily adopt fixed-line broadband. Instead, mobile phones and the mobile internet became the primary mode of access. While the NTIA was right that the primary drivers of digital adoption were content and services, the presumption of a computer-based internet shaped a generation of service providers to design for digital platforms that fail to reach nearly half the world, making those services inaccessible to those who need them most.
While the digital divide is now a globally understood phenomenon, more than 25 years after the NTIA report, service designers are still designing and building public technology systems that depend on the internet, preferencing the well-connected and embedding the digital divide. The tendency to design services for the internet—in both technology adoption and in the services that depend on them—is the digital services design divide.
Across the technology industry, the collection of massive amounts of user data is reshaping the way companies interact with their users. This collection of data—and its use in informing business decisions—has fundamentally changed the video-game industry, where the greater availability of data has allowed for more personalized game design. Indeed, video games represent much more than a form of interactive entertainment. They pose challenging public policy questions, for speech, propaganda, and politics. And as video games play an increasingly important role in society—as hugely popular forms of entertainment but also as an arena for contesting politics—data-driven game design also raises questions about whether user data is being used in manipulative ways, whether privacy rights are being violated, and whether the rights of children are being protected.
Amid a global shortage of semiconductors, policymakers in Washington and U.S. technologists are seeking solutions for bolstering the domestic chip-making industry. In this episode of MITRE Engenuity’s Circuit Talk, Dr. Nadia Schadlow and Pavneet Singh sit down with Susie Armstrong, a senior vice president at Qualcomm, to discuss the engineering and financial challenges faced by the U.S. chip industry.