DNI Haines, Summit for Democracy 2023

DNI Haines, Summit for Democracy 2023

On March 30, 2023, Director of National Intelligence Avril Haines delivered remarks at the Summit for Democracy 2023 ahead of a panel session titled, “Countering the Misuse of Technology and the Rise of Digital Authoritarianism.” She then participated in the panel discussion with U.S. Secretary of Homeland Security Alejandro N. Mayorkas, Senior Researcher of Citizen Lab at the University of Toronto John Scott-Railton, and CEO of YouTube and Google Neal Mohan, which was moderated by Stanford University’s International Policy Director at the Cyber Policy Center Marietje Schaake. The DNI’s remarks and the panel discussion are available to view here, and the transcript is below.



Summit for Democracy 2023

Director of National Intelligence Avril Haines

Countering the Misuse of Technology and the Rise of Digital Authoritarianism


30 March 2023


DIRECTOR HAINES: Thank you Jean, very much, for the kind introduction, and the opportunity to join this extraordinary event. It is quite something to represent the Intelligence Community at a Summit for Democracy that is literally happening across the world, cohosted by the United States, alongside Costa Rica, the Netherlands, the Republic of Korea, and the Republic of Zambia.


And a special thanks also to Secretary Blinken and his terrific team for putting together such an exceptional forum and program this week. This year when the U.S. Intelligence Community issued its assessment of worldwide threats to U.S. national security, we included for the first time a section on trends in digital authoritarianism and malign influence that gets really to the very heart of this session's focus on the misuse of new and emerging technologies.


And as you've heard from other speakers today, the global erosion of democracy that began more than a decade ago is ongoing. And the technology's role in this is fundamental, particularly in the contest over information. Digital technologies have had a profound impact. They were instrumental in facilitating civil society, and freedom of the press in many places, and yet they sparked a backlash from authoritarian regimes, first to contain the risks posed by freer flows of information, and then to harness these same technologies in pursuit of their own objectives to stifle freedom of expression, and to suppress political discourse.


And today we see how they are deployed by governments as tools of repression and disinformation, both inside and outside of their borders. We even see authoritarian regimes using their information ecosystems to disparage this Summit, underscoring the urgency with which they seek to push back against democratic freedoms.


And in 2022, global internet freedom declined for the 12th consecutive year. The sharpest downgrades were documented by Russia, Myanmar, Sudan, and Libya. A record number of national governments, many authoritarian, also blocked websites with non violent political, social or religious content, undermining user's rights to free expression and access to information.


We certainly saw evidence of this in our own efforts to take on Russian disinformation in the lead up to the invasion of Ukraine. We publicly disclosed intelligence on the Russian government's plans and intentions in an effort to warn the world regarding the invasion. We also did so to undermine Moscow's ability to create a pretext for Russia's invasion, which it hoped would legitimize their military action in the eyes of some countries and divide the NATO Alliance, making it harder for NATA members in other countries around the world to come together to respond to Russia's illegal and barbaric invasion, as we ultimately were able to do.


In part, we were successful. In the United States and Europe, for example, our message was received and the Russian narratives were largely ineffective. We were not effective, however, within Russia, where the vast majority of the population at the start of the war supported Putin's appeal and special military operation, and saw NATO and Ukraine as the aggressors.


And this isn't to say that technology is the only reason for our lack of success. A big part was played in Putin's direct and indirect influence on sources of information within Russia. But there is no question that new technologies, including cyber intrusion tools and commercial spyware, are making it easier for authoritarian governments to engage in digital repression, both inside and outside of their country's borders.


And unless we take action, malicious use of digital information and communication technologies will become more pervasive, automated, targeted and complex during the next few years, further threatening to distort publicly available information, and of course, authoritarian governments are usually the principal perpetrators of such digital repression.


Such regimes learn quickly how to exploit new and more intrusive technologies for repression. Various technologies effectively extend a state's power to stifle dissent inexpensively at scale beyond traditional means, such as censoring print media. And the fact that commercial firms around the world are selling these capabilities, simply makes it easier for governments that have an interest in doing so to engage in such repression.


In fact, the commercial spyware industry grew rapidly during the past decade. Journalists in the past year have estimated it now to be worth approximately 12 billion. And while some states use such spyware tools and lawful intercept programs for legitimate purposes, such as to target criminals and terrorists, governments also are increasingly using spyware to target political opposition, and dissidence.


Last year governments, and other actors, shut down the internet at least 187 times in 35 countries; a record. Shut downs were imposed during protests, active conflicts, school exams, elections, periods of political instability where high profile events, such as religious holidays, or visits by government officials, with the ultimate goal of imposing control and silencing voices.


And government leaders used these tools to conduct repression because they fear that open debate of political or social topics could jeopardize their hold on power. A growing number of internet users around the globe only have access to an online space that mirrors the views of the government and its interest. Authorities in 47 of the 70 countries covered by a recent research study limited users access to information sources located outside of their borders.


And officials in at least 53 countries charged, arrested, or imprisoned internet users in retaliation for posts about political or social causes. Their repressive governments were presumably able to track them through digital means. And these examples demonstrate how technology has made it easier for authoritarian governments to control the information environment within their own borders.


But as I mentioned initially, we also see how they use such technologies to increasingly engage in transnational repression, in an effort to monitor and silence dissidence abroad. In particular, disparate populations in a number of democracies are facing a broad range of threats as autocratic regimes turn to digital tools to suppress dissent.


Here again, commercially available technology is exacerbating the problem. Commercial spyware allows authoritarian regimes to remotely target the devices of dissidence, oppositions, journalists, and their associates and families, to collect data, location, information and audio. Some spyware allows devices to be infected remotely, and without requiring the victim to be lured into clicking a link, or opening a malicious file.


Our information suggests almost all of the at least 30 regimes with documented transnational repression efforts have used cyber tools against perceived ex patriot opponents, and host country backers in the U.S., Australia, Canada, and Europe during the past decade. And moreover, these efforts have grown more brazen over time.


As an example, last year Iran conducted a range of disruptive cyber operations against Albania in retaliation for allowing an Albania-based Iranian dissident group to express themselves freely. An astonishing bold and novel attempt by a state actor to use cyber attacks to compel another state to suppress dissidence who were living there in exile.


And finally, and perhaps most relevant to us are the efforts by many autocrats to try to influence and interfere in democratic societies, creating social and political upheaval, shifting policies, and even swaying voter's perspectives and preferences. We are deeply concerned that as the barriers to entry worldwide lower and become increasingly accessible to conduct a range of malign influence operations, more states will look to undertake these operations.


And part of why this is so challenging is because democracies are asymmetrically vulnerable to the threat posed by authoritarian regimes in the information space. In short, such regimes exploit the openness of democratic societies. What we know is a strength, they perceive as a weakness.


And given that our public dialogue is intended to have an impact on our government's decision making, it is clear that if a malicious actor is able to affect our domestic discourse, they can not only shape public opinion, but also have an impact on who we elect, and what decisions we make.


While an open information environment confers critical strategic advantages on free societies over the long run, it is hard to argue that such environments do not create vulnerabilities in the short term. Regimes interested in targeting our societies do so in a number of ways. Employing a diverse set of online technologies and content to convey propaganda and disinformation.


And the advancement of data analytic tools in particular, backed by rapidly improving artificial intelligence and machine learning technologies, and the extraordinary availability of data from commercial government and other publicly available sources and democracies are making it too easy for actors at all levels to exploit such information for their own ends, including as part of their efforts to engage in malign influence operations. Particularly, criminal, covert or coercive effects targeting open societies.


And furthermore, adversaries have grown savvier at information laundering, deploying a web of proxy actors, and online personas, who introduce and amplify variations of the same narratives in an effort to shape our discourse, while producing and providing the adversary an element to plausible deniability.


Unwitting persons, and third party individuals may subsequently propagate these narratives by forwarding, sharing, liking or discussing unsubstantiated or misleading narratives, compounding their overall reach into open information environments within and among democracies.


And we see how Russia and other authoritarian regimes seek to weaken states by pushing divisive narratives to exacerbate pre existing tensions in societies to decrease trust in public institutions, democratic processes, and to question traditional sources of media. We also have taken note of Beijing's growing efforts to actively exploit perceived U.S. societal divisions, using its online personas, which moves it closer to Moscow's playbook for influence operations.


In sum, the promise of connected technologies comes with peril, and if we fail to establish safeguards, or prevent authoritarian regimes and other malicious actors from the misuse of such tools. The litany of challenges I've identified, coupled with efforts by authoritarian regimes to normalize a perspective that no country should critique the internal affairs of another highlight the task in front of us.


And these technologies continue to hold the promise of allowing freer flows of information, improved communication, the connections we will require to better understand and deal with a myriad of global challenges. We must work to realize this potential.


And within liberal democracies, governments, civil society and business, we'll need to work together, and with urgency to achieve widely held norms and maintain and improve positive technical standards for digital technologies so that we can ensure the free flow of digital information and the protection of human rights into the future.


Our President's new executive order on commercial spyware seeks to address many of these concerns, as do legal frameworks established to protect our data. Many of the things that you've heard from the Secretary today and from Administrator Power.


And there is still need to do more work, and unless we address this problem together we will not be successful. So thank you again for listening to me, for the opportunity to contribute today, and it's now my honor to welcome Secretary Alejandro Mayorkas to the stage.


MS. MESERVE: Thank you Director Haines, and also Secretary Mayorkas, and now let me introduce the other speakers who will join him on stage. Avril Haines, United States Director of National Intelligence joins us again, John Scott Railton, Senior Researcher at the Citizen Lab at the University of Toronto.


Neal Mohan, head of YouTube, and Marietje Schaake of Stanford University, a former Dutch member of the European Parliament, and an early thought leader on technology and human rights. She will be the moderator this discussion. Marietje?


MS. SCHAAKE: Thank you so much Jean, and thank you Director Haines, Secretary Mayorkas for laying out the key topics that we are here to discuss, the many threats that technology can pose when it's used as a tool for repression and authoritarianism, but also the significance of leadership by democratic governments, and particularly the executive order to stop the use of commercial spyware, which you know, if we were to make a spectrum of harmful technologies, I think could easily take the top position.


Where intelligence grade capabilities are for sale for anyone who wants to buy it. We learned about the harms to human rights defenders in the context of the Arab uprisings, and since then, as you mentioned, the market has grown, it's worth billions of dollars now, and the repression doesn't only happen in non democratic countries.


Unfortunately, we also see governments of democracies using these tools to go after judges, journalists, opposition figures. And so, to have a line in the sand, a limit to the use of this technology, is extremely important because it proliferates not only to various governments who can now buy this top notch capability, but also to non state actors, which hasn't been mentioned much before, but I think is also crucial.


If you think about terrorist groups, or Mafia organizations that can get their hands on these very aggressive and invasive technologies. So I'm very happy that we can continue to dive into the ins and outs of the harms and the opportunities to improve things in the interest of delivering on the promise of democracy, and I would like to turn to John Scott Railton first. He's with the Citizen Lab, a leading organization researching the methods and the ways in which commercial spyware has been used.


He is here to stand in for Ron Debert, who unfortunately couldn't make it at the last minute, but your team's work has been really vital, so maybe you can share some observations, not only on why this moment matters, but also on the lessons learned over the past decades that brought us here. Why has it taken a while to get to this concrete action, and what are your hopes for implementation?


MR. SCOTT RAILTON: Well Marietje thank you so much for that introduction, and thanks to everyone for having me. And I am a stand in for Director Ron Devers, who has written a really interesting article not long ago in foreign policy on the topic of the sort of exploding proliferation of mercenaries power and commercial surveillance. I would highly recommend you read it.


That said, sitting in the green room just before coming in here listening to the talk given by DNI, I was reflecting on how many of the things that you evoked are things that civil society has been saying for a decade, and feeling mostly in the wilderness about it.


For a decade, civil society groups and researchers have been finding evidence of the abuse of commercial spyware, and mercenary spyware technology against civil society. And we have been sounding the alarm until we're hoarse. And unfortunately, for many of those years I think people saw this issue as a human rights problem, something bad, something regrettable.


Most governments didn't want to talk about it. The reason? National security. Sort of like the arms market before this was something not to be talked about. But things began to change. They changed not just because of the mountain of abuses that researchers like us, Amnesty International, Access Now, and many other groups around the world have found.


They changed because of the pace of proliferation, which was so fast and dramatic that it began harming U.S. companies, big platforms, and their interests. And they moved from a posture of technical mitigation to a posture of legal engagement to try to block the growth of the proliferation of mercenaries power, but it didn't stop there.


Somehow, not long ago, in 2021, the government the U.S. government entered the chat. And that really was the third leg of the stool of the problem after civil society and tech. And the first thing the U.S. government did was put an SO group, and three other commercial spyware offenders on the entity list.


Now, at the time I remember thinking the entity list. This doesn't feel like a very needy sanction. What does this really mean? What's interesting though is that it had an outsized impact on the industry because suddenly companies that have been engaged in this really reckless proliferation were beginning to wonder if the music was going to stop.


And then more recently, in fact, this week we've seen a remarkable set of actions by the U.S. government, and then today a series of actions by a joint group of governments around the world. Great. I think what's remarkable is that it took us so long to get here. It took us so long for civil society sounding the alarm.


But at the end of the day it really required the recognition that the problem of mercenary surveillance was one that cut across considerations of our communities, and of your communities, tech, and government. So all good, right? Well sort of. We're in a period where the interests of these different groups have aligned, and it's remarkable, and we're seeing change. But there are still major gaps.


For example, the Executive Order, a remarkable document in many ways that I think is going to pump the brakes on proliferation, has gaps in how it talks about how the U.S. government would use spyware, and mercenary surveillance tools, and around transparency, and how technology is imported, and how the technology is exported.


To me that's a key gap, and it reminds me of why civil society is so important, which is we say the uncomfortable things. Not only about the abuses, but about what we need in order to move further. And often what we need is more transparency and clarity. I'm just going to flag this, which is today there was this joint statement, and the thing that most heartened me about it was actually some of the first bullet point, which pointed out that a group of governments are going to commit to being more accountable in how they use commercial and mercenary spyware.


Great. I hope you have accounts for the United States too. Thanks.


MS. SCHAAKE: Thank you very much. Civil society's role is crucial. Yeah, you can clap. I know a lot of people through working on this topic for so long are in the audience, so this is indeed a great success of civil society pushing relentlessly, and shining light in dark places.


Another important actor is, and he represents the industry, is the industry tech platforms are often the place where intrusions, but also other harms happen. You're the new incoming head of YouTube, congratulations. Maybe you can talk a little bit about industry response, and why you wanted to join us.


MR. MOHAN: Yeah. I'll first of all, it's an honor to be here, so thank you for having me, and I'll build on some of the conversation. And just start off by saying that some of it goes back to first principles. You know, I'm speaking here on behalf of YouTube, Google, but we are a proud U.S. company that's built on principles of freedom of speech.


That's a core tenet of YouTube and Google, human rights, and also integrity of the democratic process writ large in a broad sense, and those are core principles across YouTube, across Google, and everything really starts with that because that's an organizing principle in terms of where we put our resources, how we make trade offs, lots of decisions are trade offs between two difficult choices.


And it's important to have those principles. We have been investing to do our job in this realm for many, many years. I'll talk about this week to your question in a second, but it's built on a foundation of years of work. Everything from the trustworthy advisory group tag, which I think many people are familiar with, which is a center of excellence within Google, designed to combat these coordinated deceptive practice actions by state actors.


But also now increasingly cyber mercenaries, cybersecurity for hire, spyware for hire firms that led to efforts like Project Zero within Google, which I think people are familiar with. An effort to really identify and thwart these zero day type threats. It's where a lot of discovery around NSL and Pegasus came from.


So, there's been a long history, track record, and concerted effort around what is a problem that we need to continue to work on, and that's foundational, so that's one aspect. The other aspect is what Director Haines was talking about, which is the information warfare side, influence operations, et cetera, and that's where a lot of the framework that we have at YouTube around a policy architecture, not allowing things like deep fakes, coordinated deceptive practices, our good neighbor policy that immediately removes videos and channels.


We remove on the order of thousands of channels in partnership with TAG when we identify these threats that come from state actors. We're public with that on a regular basis. So that's one policy framework that we have. But it can't just be about policy. It's also got to be about enforcement, so our investment in machine learning technologies, AI, that actually allow us to do this at scale, and actually training people around the world to be able to do this.


And this is the reason why a lot of the actions that you saw happen on our platform with relation to the war in Ukraine happened so quickly, whether it was around thwarting misinformation campaigns, geo blocking channels on YouTube that might have been spreading that type of misinformation.


Making sure that citizens on the ground in Ukraine actually had access to high quality information, how to protect their families, how to seek refugee status, et cetera. And so, that's a big part of our efforts as well. And so that's all foundational leading up to the announcement this week.


We've been really proud to shape the principles an sign on to the principles, the industry principles, to combat cyber mercenaries. That is an important milestone. It really compliments the executive order from the President, but it's again, a milestone, and it's part of work that needs to continue. This battle happens in the shadows.


We need to remain vigilant, and so, I'm really appreciative of the partnership across civil society, our government partners, and across the tech industry to make sure that we try to remain ahead of this.


MS. SCHAAKE: Thank you very much.


SECRETARY MAYORKAS: Am I allowed to ask a question?


MS. SCHAAKE: Of course you are.


SECRETARY MAYORKAS: Terrific. And thank you. Thank you all. So John, I want to go to back to what you articulated at the outset. You spoke of how long it took for governments to act.




SECRETARY MAYORKAS: Be that as it may, I mean our high risk community protection initiative now I think meets the moment, and we are quite vigilant right now. You mentioned sort of a catalyzing event. Our placement of the organization on the entity list, and the sanctions.


Given your organization's sort of global reach, as well as perspective, how did you see other countries respond to that?


MR. SCOTT RAILTON: Well thank you for that question. I had a whole theory of change around mercenary spyware and it looked like this. Well it's probably going to be Europe first because of their fine commitments to privacy, as in trying GPR. And maybe it's going to come to the U.S. through the vector of human rights issues.


None of that was true. I was totally wrong. In the end it came from commerce, and then eventually from the NSC executive order. What was so interesting about that entity listing is that from my perspective, it was the first real signal delivered by a government that had credibility that there was a problem.


And it was a signal of U.S. governmental displeasure. And it was tremendously useful for us, as researchers, and I know for journalists, to be able to say look, this problem doesn't sit in the box just of dissidents. It doesn't sit in the human rights defended box. It doesn't sit in the freedom of expression box. It is in that box, but it's not limited to that.


This was very powerful. But I have another question, which is one designation, four entities. Since that time we have seen more information about more spyware companies being very bad. One hope would be that there were more designations in the future.


And I know statements made by members of Congress, including the Ranking Member of House Intelligence, asking questions about sanctions. These are good questions. Another great question is about the entity list, and whether that remains an effective tool, not only for creating direct consequences, but also good signaling.


SECRETARY MAYORKAS: So I would say look. The entity list is a critical threshold move, and then it all comes down to how we enforce it, right? With the dissemination of information, and quite frankly, the enforcement regimes that we could bring to bear. It's not just the imposition of sanctions, but it's also law enforcement actions as well.


We have a whole suite of tools, but you know, the placement on the list is a very important step of course, but it's all in how we enforce it, and how we enforce efforts to circumvent it.


MS. SCHAAKE: Well maybe I can build on that question and just open it to anyone on the panel who wants to respond, which is what do we anticipate the effects will be of this new executive order? So, obviously the government is not going to use commercial spyware anymore, but what ripple effects are you hoping to achieve? There are diplomatic efforts to bring in other governments.


There's efforts by the private sector, but this has been a market that has, you know, probably been steadily if not exponentially growing. Will the market be restricted? Do you expect ripple effects there? Any thoughts on the scenarios?


SECRETARY MAYORKAS: So, I would say the following. I mean in this space we cannot act alone to achieve the desired outcomes, right? This requires a community of response. I think John put it very aptly with respect to civil societies being victimized by this, calling out for assistance. Well now we are moving.


And we are not moving unilaterally, we are moving with critical partners. I don't know if necessarily the market contracts, and it's not necessarily about contraction, it's about guardrails of use. I think that to me is what is critical, and developing guidelines.


One thing that's very important is the issue of trust. The trust in what we do, and to John's point again, we only build that trust if we ourselves are open and transparent with respect to our uses of it, and also our control of it. But I would turn to other, and Neal you know the market far better than do I, whether you anticipate a contraction, or whether a controlling a more controlled environment if you will.


MR. MOHAN: Yeah. I'd say two things to build on what the Secretary said. The first is things like the entity list help. We use obviously, that serves as guidelines for us in terms of how we approach things. At TAG we're monitoring, 30 entities right now, and that number might continue to grow, it might shrink, but that's kind of the order of magnitude of what we're looking at in this space.


And what I would say the other aspect from a marketing standpoint that's very important, is the friction that technology companies can put into this as well. And so a lot of our investment is not just about detection and monitoring and research. We try to be as transparent as possible about these things.


We released a report, I think, a little while ago that said phishing attacks on Ukrainian citizens were up 250 percent. On NATO citizens, up 300 percent, so just making people aware of what's happening is certainly one aspect of sort of part of the market dynamics.


But the other is all the protections, so Project Shield, as an example right, which is back to the people that are susceptible to these types of attacks, whether they're news websites, human rights organizations, so is there technology that we can bring to bear that protects those entities, or our you know, our advanced protection program, which is geared towards individuals that are vulnerable.


All the individuals that you all called out in your remarks that are the target of these types of attacks. What are the things that we can do in terms of our products and capabilities to just heighten the protection that they have? And so, I don't want to describe it as sort of an arms race in that sense, but it's an important component to the market dynamics.


And one of our big contributions is going to be not just in terms of detection and thwarting, but also building sort of these permanent defenses that can come into play to protect both entities and individuals, so I think that's an important component here.


MS. SCHAAKE: Yeah John, do you want to add something?


MR. SCOTT RAILTON: Yeah. Well and I want to build on something you said. One of the sources of information for the last decade about very naughty bad things done by the mercenary surveillance industry has been civil society and investigative journalism.


I guess this project would be a great example. But another really critical input for this whole conversation is the naming, shaming and attributing that has come from TAG around the mercenary surveillance industry, and the exploit industry, from Microsoft, Apple and others. I see this as a critical part of the information eco system in part because your barriers are different than those that a government might face around calling entities out.


So, we really welcome it when TAG does its reports. And I would just say there was a great TAG report earlier this week talking about vendors of exploits and vulnerabilities, and this is critically important, and we hope that you keep doing it.


MR. MOHAN: Yeah. We intend to. I think it's an important part. It helps our business, but more importantly it really helps move this conversation forward, and so that's a key component to TAG. It's sort of it's something that we're very proud of, and we want to we put information out there really oftentimes as soon as we have it.


MS. SCHAAKE: Well I think the examples that you give underline how basically no one can escape the sort of impact of this industry right, where first it looked like human rights defenders were the "only ones" to be targeted, but then it became a bigger group of targets, but also U.S. citizens.


I think that it's important to mention as well that U.S. citizens working elsewhere, whether it be for international organizations, or as diplomats serving your governments everywhere in the world are easy targets through this technology.


And so perhaps, one effect could also be the relocation of some of these industries, or the starker difference between governments that allow, and governments that don't allow the use, and so that will lead to new questions of how to better implement, and I guess work with partners.


We're almost running out of time, but I wanted to return to Director Haines before we close to share some additional thoughts on sort of the scope of threats that you have in view. We've zoomed in very much on the commercial spyware industry because I think it is one of those critical risks that need to be targeted, but there are many, many others.


So, perhaps you can set the agenda for us to take home after we close this panel. And I'm sorry for the audience that we cannot get to your questions because we've been reduced in time, but I hope that there will be other ways to interact.


DIRECTOR HAINES: Okay. I'll try to do so very quickly because I suspect John and others may want to add to this, but you know, I sort of laid out the sort of three areas that we look at right, what are they, what technologies are being used by authoritarian regimes within their borders to essentially censor and manipulate information that go to their own citizens.


And as we've identified, commercial spyware is a piece of that, as it is across all the other categories that I'm going to mention. But there are other things too, such as the you know, shut downs of the internet, sort of homemade, technical platforms that allow them to ultimately curate what information is able to get to citizens.


There are a lot of other sort of ways in which technology is being used, and I think that's going to be a critical aspect of you know, work as we move forward, is really trying to understand that, and hopefully set up standards, and things that we can monitor and use to create the kind of transparency that I think that we're looking to use to basically highlight these problems, and then take action against them.


When it comes to exporting, you know, transnational repression essentially towards dissidence, again commercial spyware is another piece of it, but so is you know, other forms of the internet shutdown that I mentioned with respect to Albania trying to use technology to ultimately pressure other states or actors to suppress for those governments.


And then finally, you know, in the context of disinformation and so on, as Neal was talking about, I think you know, we see automated disinformation as a really challenging thing to manage, not to mention the kind of you know, fake prospects for technology in a variety of different ways, and it is all of these things I think are critical for us to figure out how can we identify these challenges.


How can we monitor them, how can we actually prevent them, and how can we create, in a sense, the technological landscape that is more resilient against them, and that is something that I think we're trying to understand better, obviously with the kind of expertise that sits around this table.


MS. SCHAAKE: That's great. Any responses to add?


MR. MOHAN: I would just build very quickly on what Director Haines said. I think that third bucket in particular is really interesting, and where a lot of innovation has happened, and where we need to remain vigilant, just again going back to the war in Ukraine. A lot of the misinformation narratives were novel and brand new, so they literally didn't exist one week, and then they were kind of rampant the following week.


And so, what's required there is not just an awareness from an intel standpoint, which that's where that intel desk that I was mentioning comes into play, but you need to have the technical wherewithal then to train machine learning classifiers, and all the AI investment to be able to really understand ground troops that literally didn't exist a few days before, learn it, and then basically deploy it across all of these information network, YouTube being one, but really across the entire internet, and so I think that that's a really important sort of frontier that we need to remain vigilant on.




MR. SCOTT RAILTON: So, I have to say this, as somebody who comes out of the civil society space, I am reflexively mistrustful when suddenly the alignment between government and tech are participating. And I reserve the right to remain mistrustful.


But I think you mentioned the issue of trust, and I'd like to use that to frame something, which is if this is for real, if we're really concerned not just about mercenary spyware and proliferation and its impact on U.S. national security, and citizens abroad and at home, but we actually care about the complete breakfast of surveillance technologies, and their impact of freedom of expression, fear, and freedom from fear, free elections around the world.


It is absolutely critical that the United States put its money where its mouth is, and that means a couple of really critical things, including really leaning into transparency and honesty about what the U.S. does with its surveillance powers, including at home, including on domestic topics. And I am over the moon at all the cool things that have happened this week. It's great to see.


But I reserve my right to be mistrustful, and I will believe some of that when I see it.


DIRECTOR HAINES: Can I respond to that because I think you're absolutely right. This is either to my mind one of the ironies of being here right is the fact that in many authoritarian governments right, like the people who live there look at their intelligence services as part of the problem, and obviously a critical tool that is used by their government against them, and --


MR. SCOTT RAILTON: No one thinks that in the United States of course.


DIRECTOR HAINES: Understood. But the point is that for me, and obviously leading the Intelligence Community I believe this, but I believe the intelligence community is in fact what helps to secure our democracy right? And the point is that that's only true if we are subject to democratically passed laws, that we are basically, you know, have robust oversight, that we have the values and the ethics that were expected to operate under, and that we're implementing that appropriately.


And of course, we're not as transparent as other parts of the government by the nature of our work. But the reality is we have to find ways to ensure that we can build the trust of our population.


And to your point, and I think that's sort of the place where we try to, we have to do more, and we are doing quite a bit in terms of trying to disclose here are the frameworks within which we operate and don't operate, and basically what we can and what we can't do to your point, right?


And to be honest about that, and to reflect that. And I think that's crucial to our legitimacy, and our sustainability, right? Which is to say that when things, you know, get disclosed or happen, or things like that, people have to be able to look back at our framework and say okay, that was within that framework, or that wasn't, and if it wasn't, then you should be held accountable for having violated it, right?


And that's part of the process. So, I think that's crucial to our future in these spaces, and I just want you to know that I believe that that is the right way to think about these things. But I will tell you that it is a national security issue from my perspective.




DIRECTOR HAINES: Human rights are a national security issue in many respects, right?




DIRECTOR HAINES: So, it's you know, when I look at what's been happening in Ukraine, to Neal's point, like you know, so much of what they did in the occupied territories for example, information, you know, suddenly all of the infrastructure is now going through Russian infrastructure, the internet and other things, so that they can manage it, so that they can manipulate it.


That is part of what we're supposed to be looking at and helping the people basically understand, and policymakers and others, like the wonderful Secretary that sitting next to me, to actually take action on.




SECRETARY MAYORKAS: By the way, you know, I will mention national security. I've spoken about the fact that national security is converged with homeland security in this role. And I think John, it's your obligation to be mistrusting because mistrusting then, you know, drives you to hold our feet to the fire and live up to the ideals that we espouse.


And so, I would worry a tremendous amount if those in civil society were not mistrusting of the government and holding us accountable.


MS. SCHAAKE: Well I think the idea of leading by example, and keeping the checks and balances in place should be a process that's never finished. I mean I don't think there will ever be a conference where we can put a point at the end of the sentence and say we're now done with democracy. In fact, while it's under so much pressure it's important to look at how it can become more resilient either at home or abroad, and so on.


I have to say I'm a little bit confused about time. I see all these clocks ticking. I understood we were out of time, so maybe somebody can tell me because if we're not out of time, then we will go to the audience, but it's not entirely clear to me. I apologize. Do we indeed still have 13 and a half minutes for the audience?


SECRETARY MAYORKAS: They're saying you're out of time.


MS. SCHAAKE: Okay. I thought so too. Okay. I apologize.


SECRETARY MAYORKAS: You are not trusted.


MS. SCHAAKE: I apologize for that, and I'm sorry we had to cut this panel a little bit short, but I hope you found it as inciteful as I did, please join me in thanking the panelists for their fine words today. Thank you.