As voters, as journalists, as citizens, and as writers, as participants alive in what was once considered a secure democracy, we are today living in the US through what Masha Gessen (following Bálint Magyar)
Read in The New Yorker 'The Trump administration's war on the government is an autocratic attempt'
calls an “autocratic attempt”.
Read in The New Yorker ‘The Trump administration’s war on the government is an autocratic attempt’
Let those words sink in for a moment: an autocratic attempt … ”The build up to actually wielding autocratic power.”
When a political figure who has gained power tries to use that power to probe the possibilities for establishing an autocratic state, that’s an autocratic attempt. The other stages in the process are an “autocratic breakthrough” and an “autocratic consolidation”. I hope we never get to either point. But I cannot say with confidence that we will not. Neither can Masha Gessen. (Read
Read more on the publisher's website
Read more on the publisher’s website
Read 'Four radical ways the media can protect US democracy from Trump'
In my previous article
Read ‘Four radical ways the media can protect US democracy from Trump’
I recommended that the big national newsrooms create threat modelling teams to help organise coverage of the Trump government and the 2020 elections. My concern was that US democracy was being put at risk. Traditional campaign coverage is not capable of addressing that kind of threat.
But how would this work in practice?
I consulted two people who have worked with threat modeling in other danger zones, and I asked them to help me imagine its possible uses in a newsroom setting.
Read Geltzer's bio on Georgetown University's website.
Read more here
” title=”Read Geltzer’s bio on Georgetown University’s website.”>
currently a visiting professor of law at Georgetown University. From 2015 to 2017 he was senior director for counterterrorism on the National Security Council staff, where he participated in what are called “table top” exercises that try to imagine how threats would play out. (This is often called “threat ideation.”) As a “customer” working on counter-terrorism for the executive branch, he used the products of threat modeling teams based in the intelligence agencies and law enforcement.
Read in The Atlantic 'Trump has launched a three-pronged attack on the election'
He has also written
Read in The Atlantic ‘Trump has launched a three-pronged attack on the election’
about Donald Trump’s attacks on the 2020 election.
My other informant is
Read Stamos' bio on Stanford University's website.
Read more here
” title=”Read Stamos’ bio on Stanford University’s website. “>
former chief security officer at Facebook, and chief information security officer at Yahoo, which he described as “the most senior person at a company who is solely tasked with defending the company’s systems, software and other technical
At Facebook his duties were two-fold. One involved defending the company’s IT systems against hacking: “supervising the central security team that tries to understand risk across the company and work with many other teams to mitigate that risk”. His other duty was to help prevent misuse of Facebook products to cause harm. “Exploiting a software flaw to steal data is hacking. Using a product to harass people, or plan a terrorist attack, is abuse,” he explained.
The full text of my interview with Alex was published at The Verge
” title=”At Facebook his duties were two-fold. One involved defending the company’s IT systems against hacking: “supervising the central security team that tries to understand risk across the company and work with many other teams to mitigate that risk”. His other duty was to help prevent misuse of Facebook products to cause harm. “Exploiting a software flaw to steal data is hacking. Using a product to harass people, or plan a terrorist attack, is abuse,” he explained. “>
assets from attack”.
Incorporating what I learned from Geltzer and Stamos – and from an off-the-record briefing about election threats put on by the Aspen Institute, which I attended recently – here is how I see it working.
The recommendation: the big national news providers – ABC, CBS, NBC, CNN, NPR, PBS, AP, Reuters, The New York Times, The Washington Post – should have threat modelling teams, just as they all have pollsters. These teams would try to identify the most serious threats to a free and fair election and to US democracy
Although the election is in less than a week, the winning candidate won't be sworn in until 20 January 2021.
” title=”Although the election is in less than a week, the winning candidate won’t be sworn in until 20 January 2021.”>
over the next three months,
so that their newsrooms can take appropriate action.
What is threat modelling and how does it work?
“Threat modelling is the effort to articulate dangers in ways that allow us to prepare to prevent, mitigate, or respond to them,” said Geltzer. “It’s a way of identifying and describing threats that helps us to address them.” Its purpose is to assess vulnerabilities and anticipate attacks in a more systematic fashion than just being worried about them.
Stamos put it this way. “Threat modelling” is a formal process by which a team maps out the potential adversaries to a system and the capabilities of those adversaries, maps the attack surfaces of the system and the potential vulnerabilities in those attack surfaces, and then matches those two sets together to build a model of likely vulnerabilities and attacks.
What does it take to do threat modelling well?
Geltzer told me: “You need to have a deep sense of what you’re trying to protect in the first place.” (I will come back to this point later; it is critical.) You also need expertise in the kinds of dangers that are likely to arise. For Trump as a threat to US democracy,
For example, this book by Steven Levitsky and Daniel Ziblatt
this might mean consulting people
For example, this book by Steven Levitsky and Daniel Ziblatt
who have devoted serious study to “how democracies die”.
For other kinds of threats newsrooms often have in-house expertise, in the form of beat reporters who know their terrain intimately, like NBC’s Brandy Zadrozny and Ben Collins, who have been tracking
A far-right conspiracy theory. It alleges that a cabal of Satan-worshiping pedophiles is running a global child sex-trafficking ring and plotting against Trump, who is battling them.
Read more about QAnon here
” title=”A far-right conspiracy theory. It alleges that a cabal of Satan-worshiping pedophiles is running a global child sex-trafficking ring and plotting against Trump, who is battling them.”>
and other misinformation rabbit holes.
You need to be able to step into the shoes of your adversary, and think like they do. You need the right temperament, says Geltzer, “to take seriously dangers without inflating them (which can happen when you start thinking hard about them!) and also without underestimating them,” which cognitive bias and organisational pressures can make us do.
What kinds of things do threat modellers do?
They identify weaknesses or likely points of attack, what Stamos called “attack surfaces”. For each plausible threat they try to divide the assessment of how consequential it would be from how likely it is to happen, and then carefully combine those two to determine its overall urgency. As Geltzer said, they study how attacks can be prevented, how the damage can be mitigated if they do happen, and what kind of response is required if an attack succeeds.
Threat modelling also flows into exercises that help an organisation prepare for threats and understand them better. At Facebook, Stamos helped run “red team” exercises. “A red team is a team, either internal to the company or hired from external consultants, that pretends to be an adversary and acts out their behaviour with as much fidelity as is possible,” he said. “At Facebook, our red team ran large exercises against the company twice a year. These would be composed based upon studying a real adversary – say, the Ministry of State Security of the People’s Republic of China.”
What is the product – or deliverable – of good threat modelling, and what does it help you do?
One answer: it helps you deploy scarce resources. As Stamos said to me, his security team had only so many people. They could only take on so many projects. Threat modeling can tell you how to spend your budget. The parallel to the newsroom is clear: you only have so many reporters. There is a limited number of investigations you can do before the election. With Trump in power there is always a flood of news. How do you decide what’s urgent?
Another answer: done well, threat modelling – and what’s called threat ideation – makes your staff more alive to dangers that their routines or assumptions might have obscured. It’s an awareness tool.
Beyond raising awareness, what specific uses would threat modelling have in a newsroom setting?
In a previous article, I described a published product that could emerge: A Threat Urgency Index. It would summarise and rank the biggest dangers (to the election and to US democracy) by combining assessments of how consequential, how likely, and how immediate each threat is.
The index would have a web address. It would be updated when there is new information, sort of like Five Thirty Eight’s Election Forecast. You could also subscribe to the index as a newsletter. Right now, for example, the the attempt to whip up fears about mail-in voting might rank highly on that list. Or the call – echoing from Trump’s Twitter feed – for armed militias to “protect” the vote count in a disputed election.
Another use might be to run exercises that raise newsroom awareness around the possible manipulation of the news system as we get closer to the election. “The obvious one is hacked documents,” said Stamos. “Worked great in 2016. Why change horses?”
What problem is threat modelling supposed to solve?
As Steve Bannon
” title=”Source: Bloomberg.”>
Trump’s method for neutralising the news media is to “flood the zone with shit”. There’s always too many things to pay attention to. Threat modelling could help with that by separating things that sound scary from things that really are scary – and could happen.
That’s one answer. Another comes from Kyle Pope, the editor of Columbia Journalism Review,
Columbia Journalism Review.
” title=”Source: Columbia Journalism Review. “>
who recently wrote:
“The American people are living on the edge of death and economic despair. Those are the stakes of the 2020 election, one whose integrity is in jeopardy thanks to
Read 'The tech titans go (virtually) to Washington' in the Columbia Journalism Review
the hypocrisies of Silicon Valley
Read ‘The tech titans go (virtually) to Washington’ in the Columbia Journalism Review
Read more in The New York times
the influence of foreign (and domestic) actors,
Read more in The New York times
on top of voter suppression –
Read 'Manipulation machines' in the Columbia Journalism Review
by online disinformation campaigns
Read ‘Manipulation machines’ in the Columbia Journalism Review
Read 'Georgia betrays its voters again' in The New Yorker
Read ‘Georgia betrays its voters again’ in The New Yorker
Read 'Is the postal service being manipulated to help Trump get re-elected?' in The New Yorker
manipulating the post office).
Read ‘Is the postal service being manipulated to help Trump get re-elected?’ in The New Yorker
The press must look past the campaign coverage that was and embrace its role as
Read 'The media’s vital role in safeguarding elections' in the Columbia Journalism Review
a safeguard of democracy.”
Read ‘The media’s vital role in safeguarding elections’ in the Columbia Journalism Review
To be a safeguard of democracy you cannot just react to what explodes into the news from now until 20 January. You have to zoom forward in imagination, glimpse danger, and then work your way back to decisions made today and tomorrow. Threat modelling helps you move about in time.
If threat modelling is defensive, what is it that journalists should be trying to defend?
To me this is one reason to do it. In order to deploy a threat modelling, or threat “ideation” team you have to know what you are trying to protect against. You have to own that responsibility. Which is a lot different from reporting whatever comes down the pike.
Earlier in the campaign, I wrote a post about this problem: You cannot keep from getting swept up in Trump’s agenda without a firm grasp on your own. But what should that agenda be? I think it has to be some kind of defence of US democracy and its central ritual: free and fair elections that engender trust in the outcome, and thereby make the peaceful transfer of power possible.
Earlier in the modern era, journalists covering election campaigns had been able to assume the existence of a stable system, and therefore focus on the contest itself. That doesn’t work for 2020. For it is by no means guaranteed that we will have a free and fair vote. Journalists have to plant their flag on the sacred ground of legitimate elections, and help defend it against all threats. Threat modeling can assist with that project. And that is my argument for its adoption by the big national news providers.
Four radical ways the media can protect US democracy from Trump
Donald Trump consistently spreads lies about the coronavirus and actively tries to undermine public confidence in the results of the election. When US democracy is at stake, the media needs a new way of doing journalism.
Read my article here