Disinformation and national security

Moncloa (Spanish presidential department) and Defense place the fake news in the field of espionage and cybercrime. 

Image posted in The Economist.

This spring 2020, with the health crisis caused by the disease known as COVID-19, a health specialist - I am sorry I can’t remember her name - commented that we are accumulating information about this coronavirus and its behaviour at a very fast pace, something that was not usual in the past. Globalisation and the speed with which information travels are in favour of health research today; Therefore, we have more and more data, cases and information; but we lack knowledge - she added - we have not yet integrated these initial data into a system of understanding that would allow us to draw conclusions and reduce the risk in decision-making thereafter. Something similar could be said about disinformation / fake news: we have the diagnosis, which is no small thing, we have some partial and decontextualised data, we know the symptoms of the disease but we lack knowledge, analysis and preventive treatment.

It is a fact that distorted information with a specific objective - usually economic and/or political - is a widespread and negative phenomenon of our time, and therefore it is common to see how it appears in every circumstance we live, either in electoral processes, the emergence of political trends, or crises of various kinds that always have political and social effects, regardless of their economic origin or, in this case, regarding health. We therefore now welcome the disinformation linked to the coronavirus, whose less interesting effect is the list of nonsense that has arisen, whether it be the disinfecting power of bleach in the diet, ultraviolet light or the intrigues of the Bill Gates-Miguel Bosé conspiracy.

The treatment of disinformation from a public perspective is of greater interest, whether it is from the field of security, international relations, from the technological point of view, from the European Union or from the essential analysis required by the journalistic profession and those of us who work in some aspect of communication. 

From the security point of view, the Spanish 2020 National Defence Directive was signed at the beginning of June, a document that establishes the lines of action and objectives that the Government-Ministry of Defence is pursuing for the legislature. It is a political communication, always generalist, and novel this time because the document that sets the general lines on defence policy was not elaborated since 2012 (María Dolores de Cospedal went through the Ministry of Defence without setting its political priorities on paper). 

The 2020 National Defence Directive says in a somewhat alarmist way that "the last decade has witnessed substantial changes in the international security architecture, which has resulted in a remarkable erosion of the international order and an unusual prominence of the use of force. It has also profoundly changed the relationship between governments and the governed. The media and digital communications have contributed to these changes. 

Up to this point, a somewhat defeatist and descriptive text, which immediately advances towards not very reassuring statements: "Security challenges now come from both state actors, among whom there is intense strategic competition, and non-state actors (terrorism and organized crime), with a great capillarity between all of them, especially evident in disinformation actions and aggressions in cyberspace". There is no document on security that does not refer today to disinformation, which always appears mixed with cybercrime in an already multiple and powerful threat, without determining the weight of each of the parties. 

"There are no longer problems exclusive to Defence, but Defence is part of the solution to any Security problem" (capital letters in the original), the 2020 National Defence Directive states categorically in a quite successful play on words, adding that "in the scenario that includes the national territory and the spaces of sovereignty and interest -sea, air, and those of cyberspace with a defence dimension- one will usually act with one's own capacities". Defence must then be in the response to disinformation as a threat to our security, with instruments shared within the framework of the EU and NATO, but above all with national means.
We therefore understand that the Ministry of Defence is preparing itself against disinformation, we assume that it will do so by employing hundreds of journalists, however, if the response does not include a specialist in communication on the payroll, we suspect that the interest of Defence is centred on networks, through which information, disinformation, data and the command and control of military systems circulate: "Secure access to networks and the protection of private data, and cyberspace in general, is a key element in the security of the 21st century", adds the 2020 National Defence Directive. 

"The action scenarios for the Armed Forces have increased in complexity since the publication of the last 2012 National Defence Directive (...). In cyberspace and in the field of information it is common for some adversaries to mask their action and keep the application of their strategies within a grey area, located below what they have identified as our response threshold". This means that hybrid conflicts and disinformation are ambiguous scenarios, chosen to avoid direct conflict, which is somewhat contradictory to the alarmist vision oozing from the 2020 National Defence Directive. 

Disinformation is a phenomenon that mainly affects communication, so the Directive is right when the goals are placed there: "In order to deal with hybrid strategies, the aim will be to achieve an appropriate integration of available resources in all areas, whether civil or military, national or multinational, in order to preserve security, improve strategic communication, increase confidence in institutions and foster social resilience". 

An action criterion that must also be shared between departments: "The Government will provide decisive support to the work of the Ministry of Defence for the promotion of the Culture and Awareness of Defence, within the framework of the National Security culture, offering truthful and attractive information, and favouring the knowledge of all Spaniards about the daily activity of their Armed Forces and its repercussion on the protection and promotion of social progress and citizen welfare".
This is the most interesting aspect of the Directive: the Government's commitment to offer truthful and attractive information, the only way to gain credibility and become a reference when we are attacked by a disinformation campaign.

National Security Report

A second indicator after the 2020 National Defence Directive on how disinformation is viewed from the public sphere is the 2019 Annual National Security Report, approved in March, released in May and presented to Parliament in June 2020. In the introduction, the report states that "special mention should be made of hybrid threats, one of its components being disinformation, which, through the manipulation of information on the Internet and social networks, leads to the polarization and radicalization of citizens". Disinformation is therefore defined not as a threat or a challenge, but as an ingredient of hybrid threats. 

"The consolidation of the 'grey zone' on the strategic game board has been established. The new normality (sic) registers daily operations of information, subversion, economic and financial pressure together with military actions, to mobilize and take public opinion to extreme positions, and to destabilize and discredit the institutions that sustain the political regimes of liberal democracies". It is therefore a phenomenon to be taken into account, especially during the last year: "Hybrid threats and disinformation have been elements of priority attention in 2019 in general, as a vector of concern for the citizens; and specifically, with regard to the protection of the integrity of the electoral processes". 

Over the last year, the report mentions some moments in which special caution should be taken, such as the Spanish general elections in April and November; the municipal, regional and European elections in May; a G7 summit in Biarritz in August; and something undetermined in October that seems to be related to the Supreme Court's ruling on the independence process in Catalonia, foreseeing some kind of digital consequence that did not occur: "In the various calls for elections in 2019, information manipulation activities have been detected, which, however, have not constituted sustained or massive disinformation campaigns". In the conclusions, the National Security Report places disinformation -in the company of others- at the head of our concerns: "The factors of greatest concern are those derived from the malicious use of cyberspace. Data theft or access to sensitive information, cyber attacks on critical infrastructure or disinformation are perceived as risks of high impact and high probability of affecting society, businesses and the public administration".
Disinformation is not central to any of the 15 areas of national security developed in the Report, although it appears in many of its 280 pages. Where does the Department of Homeland Security/Government place the disinformation? Preferably in two areas: counter-intelligence, that is, foreign intelligence services, and the field of action of the National Intelligence Centre (CNI) in Spain; and cyber-security, critical infrastructure, computer security, communication networks, a very broad field with a technological-industrial character in terms of the physical channels that support and defend it. 

It would be difficult to include in the previous approach very specific phenomena of disinformation coming from, for example, the extreme right-wing in the country or from allies, or those who practice it for reasons of economic profitability, sometimes combined. With regard to counter-intelligence, it is stated that "disinformation actions deployed mainly in the large online communication platforms, social networks and also in digital spaces" are of particular importance. It is therefore aimed at the stage, not at those who place it there. "This is because of their potential for political destabilization, since they generally seek to discredit democratic institutions by generating mistrust and social polarization, which encourage radical responses and extremist ideologies". 

Therefore, the political polarization pursued by these disinformation campaigns has not acted in the various calls for elections in 2019, which is its time, always considering that the rise of the extreme right in Spain does not rest on these instruments, which it uses profusely, but on others that are unspecified. 

Those responsible for national security who jointly prepare this report do not seem to be very interested in national actors. "The report adds that the case of the different aspects of the so-called Hostile Intelligence Services is particularly relevant, as they began to increase their activity in Spain prior to the crisis in Catalonia, in line with the greater dynamism seen in other Western countries (Germany, the United States, France and the United Kingdom), centering their actions on disinformation campaigns that focus on domestic policy issues, especially in the area of cyberspace". By exclusion, the writer refers to Russia.  

And what has been done? Of special relevance has been the approval by the National Security Council, on March 15, 2019, of the Action Plan against Disinformation. This document does not seem to be one issued at that time by the National Cryptologic Centre (CCN) -attached to the CNI- with some useful tips to deal with disinformation, but rather a document of internal functioning that is not public. The creation of a contact cell recommended by the European Union to countries in order to exchange alerts and information may be related to this Action Plan. With regard to cyber security, the report points out that the vulnerability of cyberspace is the most dangerous risk, given the level of impact and possibility of occurrence. 
Among the achievements, it mentions "combating online disinformation and false news through the Secretariat of State for Communication and the Department of National Security, both belonging to the Government's Presidency". The latter makes more sense, that in the face of an information problem the Secretariat of State for Communication should act, even if it has less glamour than other departments of the General State Administration. 

In various sections of the National Security Report, reference is made to the actions of the European Union on disinformation, as a framework and as national development of guidelines from Brussels, which has been particularly active since 2017 on these issues and drew up an Action Plan at the end of 2018 and recently, on June 10, approved a Communication on the subject. It is not possible here to analyse the development of the EU in this field, of great interest, only to note that the Union has left reports with content on the subject and has focused much of its action on the large digital platforms that support information, disinformation and entertainment.

An important new feature of the 2019 National Security Report is that it incorporates for the first time a perception survey in which a hundred specialists have participated, a kind of analysis of future risks (Horizon 2022), with impact and degree of probability of threats, in which cyberspace occupies the first position. 

The prospective refers to the "analysis of five factors of a predominantly technological nature associated with the vulnerability of cyberspace: access to sensitive information and data, cyberattacks, the illegitimate use of cyberspace to carry out illicit activities such as disinformation, propaganda or the financing of terrorism, cyberattacks specifically directed against critical infrastructure, and threats to security and economic competitiveness arising from disruptive technologies". Too many ingredients in this paragraph to give him accommodation in the same house (in a similar case, El Gran Combo de Puerto Rico sang 'no hay cama pa' tanta gente' (there is no bed for so many people). 

To sum up, the 2019 National Security Report places disinformation as a threat coming from foreign states/intelligence services; and as one of the dangerous phenomena of the digital ecosystem, at the same level as, say, computer viruses that could attack or control a nuclear power plant, the drinking water supply of a large city or the military command and control of a weapons system. 
The previous interpretation would leave out of the phenomenon the national dimension of disinformation (local actors), it does not enter in the way of reinforcing the credibility of the institutions (and of the traditional mass media) or the capacity of the citizen to interpret the avalanche of digital contents; it is also obvious the business dimension that affects today in the form of existential crisis to many of the information producing agents. 

We are told that disinformation is something that comes from outside, it is digital and also extremely dangerous, capable of altering choices and even minds, gigantic generalizations and unproven threats. References to disinformation in national security documents often resemble a rhetorical device, made important by the company because of the cocktail it is said to contain with other dangerous ingredients. 

Disinformation fulfils all the requirements to be used as an almost existential threat, in the heat of the digital ecosystem in which we live; omnipotent, we are told, omnipresent and 24 hours a day active through our mobile phones, and if it is diffuse it is even more threatening, but we can object that as citizens we lack concrete examples that would allow us to gauge its effects; and furthermore we understand that those responsible for public security will have set in motion a response proportional to such an enormous threat, of which we also have no proof. We suspect that our state and armed forces are better equipped for anti-submarine warfare in the mid-Atlantic than for the threats that headline strategic documents. There are undoubtedly studies of interest in the military field on the hybrid threat, the operations of information and influence, the Russian action in Ukraine and China in its waters and islands of interest, we take it for granted that Spain-NATO analyses and applies it in its foreign policy. 

However, perhaps it should be considered a national security objective to empower the citizen to be able to discriminate reliable information from the hoax (media literacy); to promote strategic communication ("truthful and attractive", reliable we would add) of public bodies; critical spirit and knowledge/culture about the cyber-information ecosystem in which we move. Also in this field of disinformation, security seems to move away from the citizen it protects. 

Confusion is the main objective of disinformation and clearing up the confusion should be the first element to fight it.
We must ask each actor, agent, field, for what they are capable of. The media do not have the mission of transmitting reality, but rather exceptionality. The field of security does not seem to be called upon to explain to us what we are facing in terms of disinformation, but rather to warn of the risks, presented with others in a way that is as grey and ambiguous as the threat in which it is framed. 
We will keep on searching.

------------

Original text in Spanish. Translation is courtesy of Atalayar magazine, a journalistic bridge between shores and cultures where this article was also published.