On November 16, CLTC was honored to host a seminar featuring Camille Francois, Principal Researcher at Jigsaw, a think tank and technology incubator within Google / Alphabet. The event was part of CLTC’s 2017 Fall Seminar Series, which has the theme, “Cybersecurity and Democracy: The Shifting Implications of Citizenship in the Digital Age.”
In her role at Jigsaw, Francois leads an interdisciplinary research program focused on state-sponsored cyber threats against civil society, and media manipulation. She also established an internal working group on fairness and algorithmic biases in machine learning. Previously, Camille served as a Special Advisor to the CTO of France within the Prime Minister’s Office, led research projects on cybersecurity and human rights for the Mozilla Foundation or the U.S. Defense Advanced Research Projects Agency, and worked for Google’s Market Insights team.
“I’m very inspired by the mission of the center,” Francois told the audience. “There’s actually very few places that want to take a step back and have a long-term thinking about cybersecurity, which is generally a very reactive field.”
In what she described as “a conversation about some of the ingrained ideas that are embedded in the way we think about cyber operations,” Francois discussed how our current concept of cybersecurity has evolved—and how decision-makers have struggled to develop mutually agreeable norms. “There’s little to no consensus to which norms actually apply to government behavior in cyberspace, and there’s no agreement on the rules of the road for how governments should behave in cyber operations,” she said.
Francois noted that the U.S. and other nations (e.g. France) should not have been surprised by the Russian hacks throughout the 2016 election cycle. “What’s broken about the way we look at our threat landscape? What have we not focused on? What are the signals that we have not computed?” she asked. “[The Russian cyber-campaign] was not a surprise for people who are on the front line in Europe, and it seems to have been a surprise for these powerful democracies.”
Francois looked back over the past few decades to trace how this current mindset evolved. “From the very beginning of our western thinking on cyber operations, we have really ignored the need to focus on positive peace-building mechanisms, and we have ignored individuals,” she said. “We have obsessed with war and did not invest in peace, and we have obsessed with governments and disregarded civil society, and that’s a hell of a blindspot.”
She noted that the concept of “information warfare” has been around since the 1970s, and she noted that it was the 1980s film WarGames that encouraged a paradigm (the “bad kid” paradigm”) that persists to this day. She explained that this film led to delegating authority over cybersecurity to the NSA, and led to regulations like the Computer Fraud and Abuse Act. “If you’re thinking, does it make sense to have anti-hacking laws that are 30 years old and that were drafted after everyone panicked about a Hollywood movie, I think the answer is in the question.”
As she considered other examples from subsequent decades, she painted a landscape in which governments around the world have increasingly turned to cyber as a means of surveillance on activists, journalists, and other individuals. She noted that it has been left to Google and other companies to notify users when they may by vulnerable to spying or cyberattack by their own governments. “This is a problem we’re not solely going to solve with technology,” Francois said.
“When we think about cyber operations and norms, and when you think about the future of cybersecurity, I think it’s on us to put human rights back at the center of that conversation, to put the focus back on the individuals,” Francois argued. “It will make us so much smarter about the future of cyber threats. It will make us better informed about the types of threats that are likely to disrupt our democracies and to bring governments down, and it will make peace time a more fair and transparent endeavor…. As we think through the future, we must prioritize building cyber peace rather than panicking about cyber warfare.”