Big Tech and IT Security
Google, Facebook, Twitter, and Microsoft control and operate a large part of the nation’s IT and Communications infrastructure sectors. This includes the services they provide through YouTube, Google search, Facebook, Twitter, and Linkedin. Per the Critical Infrastructures Protection Act of 2001, the critical national infrastructure must be protected against physical and cyberthreats, including impairment and malicious exploitation, by all actors, not excluding the companies that own and operate elements of that infrastructure. There are sixteen designated critical infrastructure sectors, including dams, nuclear, defense industry, communications, and Information Technology (IT).
The current model of IT/communications infrastructure security is based on a public-private partnership, per a series of executive orders, stretching over three administrations. The private companies are responsible for the security of the infrastructure they operate, and the federal government assists them in that. But since 2016, these companies have not only neglected their duty to secure it but have impaired and maliciously exploited it themselves.
National Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) describes the critical Information Technology Sector (emphasis added):
“The Information Technology Sector is central to the nation's security, economy, and public health and safety... These virtual and distributed functions produce and provide hardware, software, and information technology systems and services, and -- in collaboration with the Communications Sector -- the Internet.”
This definition is not limited to the access, connectivity, or transmission of network packets, but includes all “distributed functions'' and “information technology systems and services”. Today, this description fully applies to Twitter, Facebook, YouTube, and many other services. Microsoft and Apple (and CrowdStrike), are current members of the CISA IT Sector Coordinating Council. Google was a member in the recent past.
In addition to the laws securing the nation’s critical IT infrastructure, there are also laws governing the security and protection of IT infrastructure “directly used” by the federal government. This includes hardware and software which the government merely uses, even if it neither owns nor operates it.
Exploitation of This Critical Infrastructure
Big Tech is impairing and maliciously exploiting the nation’s critical IT and communications infrastructure for their own benefit and the benefit of third parties. During COVID-19, a declared national emergency, they have:
- Interfered with medical advice and communications of doctors and other medical practitioners regarding COVID-19.
- Prevented patients and doctors from accessing medical information and/or blocked medical advice about COVID-19.
- Banned accounts and/or deleted content from physicians and scientists who recommended specific COVID-19 treatments, such as Hydroxychloroquine.
- Threatened to block all medical advice contradicting recommendations of the World Health Organization.
- Replaced (rather than merely deleted or restricted) medical content which they do not like with their own content and denigrated the original content.
Almost all the interventions related to COVID-19 went against any useful treatments and prophylaxis, but spread panic, and promoted lockdowns, and masks. This nicely aligned with their own interests -- reducing interpersonal communication, leading to increased reliance on their services, and thus, increasing their profits and power. Big Tech profits have skyrocketed during this pandemic. This also coincided with the strategy of the Democrat party to use COVID-19 as a pretext for adopting fraud-ridden mail-in voting, for blaming President Trump for COVID-19 suffering, and for blanket house arrest orders (lockdowns). Big Tech also interfered with the bidirectional communications between the government and the public in general.
These actions are incompatible with “the reliable provision of cyber and physical infrastructure services critical to maintaining the national defense, continuity of government, economic prosperity, and quality of life in the United States,” required by the Critical Infrastructures Protection Act.
The First Amendment
Operating critical national infrastructure is not speech or another First Amendment activity. In fact, the government must prevent Big Tech from depriving U.S. citizens of their First Amendment rights. Government accounts on Twitter, Facebook, and YouTube are designated as public forums (Knight Institute v. Trump, SDNY, 302 F. Supp. 3d 541, 2018). The government has no authority to block access to these accounts and cannot delegate such authority.
The only legal way for Twitter, Facebook, or YouTube to host government accounts is to have entered into an implicit or explicit contract with the government and to provide full access to those accounts to everyone, on reasonable and non-discriminatory terms (rather than on their purported Terms of Service and Community Guidelines).
Government should Secure the Nation’s Infrastructure
The President can issue an executive order, requiring Big Tech to stop impairing the IT infrastructure they control. The federal government can also sue tech companies over their past violations, and obtain an immediate injunction against them, unless it is “impracticable to enforce the laws of the United States in any State by the ordinary course of judicial proceedings.” At the very least, the government should demand that Big Tech cease and desist from:
- Interfering with any U.S. government and government officials’ accounts , including restricting content distribution and defacing such content with their labels.
- Interfering with the accounts and content of physicians, treating COVID-19, or anything else. Big Tech is not licensed to practice medicine.
- Interfering with users accessing government accounts or medical information
The federal government should also demand reports from Big Tech: what infrastructure they secure, their actions to increase or undermine this security, and the internal chain of command having impact on the infrastructure security. Their networks and the source codes should be inspected.
State attorneys general can also sue Big Tech and similarly obtain emergency orders preventing Big Tech from interfering with the citizens of their states and their state governments’ functions relying on Big Tech services. Section 230 is not relevant to such actions.
Big Tech also allowed foreign actors to exploit the U.S. IT infrastructure. Most of the accounts on Twitter, Facebook, and YouTube, operating in the U.S., are foreign. Big Tech have also censored U.S. accounts to satisfy the wishes of the foreign governments. Thus, a substantial part of the threat is also foreign.
In 2018, the U.S. government created a Cybersecurity and Infrastructure Security Agency (CISA) within DHS. Former Microsoft lawyer for government affairs Chris Krebs, became CISA Director. He was dismissed after the elections when his involvement in the election fraud was uncovered. It is not surprising that Krebs has not even tried to secure or prevent the exploitation of the nation’s critical IT infrastructure. With Krebs out of the way, it is time for the government to take the action.
Image: Matt Britt