A cybersecurity battle is raging. In recent weeks, Chinese hackers stole, or attempted to steal, terabytes of data from the U.S. government, businesses, and private individuals. Digital predators gained access to the Twitter accounts of Elon Musk, former President Barack Obama, and other high-profile individuals. And President Donald Trump says he is considering banning the Chinese-made app TikTok over security concerns.
Klon Kitchen, director of The Heritage Foundation’s Center for Technology Policy, joins the podcast to explain the severity of America’s cybersecurity threats, what actions the government should take, and how you can keep your personal information safe from hackers.
Also on today’s show, we read your letters to the editor and share a good news story about a mom who won a little money playing the lottery but decided to give it all to a police officer in Kansas City, Missouri, who recently was shot in the line of duty.
Listen to the podcast below or read the lightly edited transcript.
“The Daily Signal Podcast” is available on Ricochet, Apple Podcasts, Pippa, Google Play, and Stitcher. All of our podcasts can be found at DailySignal.com/podcasts. If you like what you hear, please leave a review. You can also leave us a message at 202-608-6205 or write us at [email protected]. Enjoy the show!
Virginia Allen: We are joined by Klon Kitchen, director of The Heritage Foundation’s Center for Technology Policy. Klon, thanks so much for coming on the show.
Klon Kitchen: Yeah, it’s my pleasure.
Allen: A couple of weeks ago, the Department of Justice charged two Chinese nationals with trying to steal America’s COVID-19 vaccine research and a lot of other information, both from government, businesses, and even individuals. What do we know about how much information those hackers were actually able to steal?
Kitchen: On that specific case, we don’t know a whole lot, just because it’s part of some sealed DOJ documents as it regards to the indictments.
But what we know more broadly is that a number of nations, China being one of the most aggressive, are actively going after U.S. research centers, actually U.S. and European and other research centers, trying to get access to research data associated with vaccine development for the COVID-19. And yeah, it’s a real challenge.
While we don’t think that it’s intended to somehow manipulate or make U.S. vaccine development somehow more dangerous—it is likely just focused on them trying to develop their own vaccines—it does slow down the process, because time and energy and resources are now being dedicated toward security that might otherwise be dedicated to research.
Allen: OK, OK. That’s interesting to hear that connection. So, I’m no cybersecurity expert, so when I hear those words, hack or terabytes of information stolen, I understand that that’s a national security threat, but could you just explain a little bit more broadly what the severity of China’s cyberattacks really are, as far as being a threat to America? How serious should we be thinking of these?
Kitchen: Our national cybersecurity posture is decisively important, right? In the modern age, securing the nation means securing networks, and there is no more aggressive or capable adversary than China.
Now, they’re certainly not the only one. Russia, North Korea, Iran, others certainly demonstrate very real capability, all of which has to be protected against. But China is especially specificated.
They have a very broad effort. They target everything from intelligence and military defense-related information, to all kinds of corporate and economic espionage targets, to academic and research institutions.
And they have proven themselves to be adept at not only getting that information, but then leveraging that information and creating their own domestic equivalents of our own company’s technical capabilities. But then also using that information to target politicians and individual citizens for manipulation or blackmail.
Allen: How does China’s activity online against America and other nations work within its larger strategy? How important is hacking for China’s kind of larger goals regarding the U.S. maybe?
Kitchen: Well, it’s a fundamental capability. So it’s decisive because it, one, is a primary means of gaining access to information that is otherwise withheld from them.
You know, if they didn’t have cyber means, then they would have to figure out some type of like physical way of gaining access to this information, or having it brought to them by some type of human spy or something like that. But with a cyber capability, that gives them, essentially, global access to all this information.
Two, it provides a level of deniability. It is often very difficult to do attribution on cyber activity. And even when you can do it, because of particular sources and methods, we’re not always quick to publicly ascribe blame because that could ultimately expose our own kind of capabilities. So it’s a really attractive capability where it’s really low risk.
Allen: President [Donald] Trump has taken actions against China in recent weeks, from increasing sanctions in various ways to closing the Chinese Consulate in Houston, Texas. Do you think there are other actions that he should be taking against China, or the administration should be taking against China right now?
Kitchen: Over just the last two weeks or so, we’ve seen, actually, a pretty systematic effort against China, using some of the things that you identified in terms of sanctioning, the indictments that we were talking about earlier.
There are some impending decisions on the TikTok social media app, which is owned by a Chinese company, ByteDance. We’ve seen actions on Huawei, the Chinese telecommunications company, where we have, the United States has convinced some of the world’s leading microchip suppliers not to provide that company with microchips because they operate on behalf of the Chinese state.
So, there’s a whole host of actions that I would like to see. I’d like to see that screw continue to get turned because the goal isn’t just to be mean or punish China, the goal is actually to compel them to assume a different posture, a posture that is more proactive and fruitful in engaging with the West, so that we can both engage with one another in a way where we thrive and where we’re not kind of face to face and stealing things.
Allen: You mentioned TikTok, it’s a very popular app, especially among young people. And Trump has actually said that he might consider banning that app in America because of security concerns. What [are] your thoughts on this? Should the app actually be banned?
Kitchen: Yeah, so, the security concerns are essentially undeniable, and that’s the case because China has laws, cybersecurity laws and national security laws, that require any Chinese company, even one operating here in the United States, to make available to the Chinese government any and all data that they collect.
So any information that TikTok collects on U.S. users, under Chinese law, must be made available to the Chinese Communist Party. That’s a big problem. And it’s a problem that actually extends well beyond TikTok, to essentially every Chinese company. And we’re really struggling with that.
I suspect that here in the next few days, we are likely to get an announcement of some type of action against TikTok. That action could be some type of a ruling from the Committee on Foreign Investment in the United States, sometimes called CFIUS, or the White House may choose to put TikTok on the entities list as it did with Huawei and ZTE.
Allen: I don’t use Tik Tok, but I have a lot of friends that do, family members that do. … For listeners who have it, or maybe their kids have it, should they get off? Is it really that much of a danger or a threat if you’re just kind of posting funny, silly videos?
Kitchen: Well, I mean, I would certainly get off and I would certainly encourage others to get off, but I mean, the concern isn’t that the Chinese government is going to get your silly dance videos, right? Nobody’s really worried about that. It’s the reams and reams and reams of other data that they collect.
TikTok collects what we call telemetry data. It collects your GPS position, it collects your contacts, it collects your online viewing habits. So it knows who your family is and knows where you live and knows where you’ve been, and knows where you’re likely going. It has the content of the videos itself, which means that they can do voice analysis, video facial recognition, and all kinds of other stuff.
And all of that information is getting dumped into large data pools back in China, and then commingled with other data that they’re stealing and [using] for who knows what. I can speculate on a whole host of ways that can be used that Americans wouldn’t like, but the point is … that by law that’s happening and right now U.S. users are voluntarily providing all of that information to TikTok.
Allen: Wow. Gosh, that’s pretty scary, Klon. All right, so I want to switch gears for a second away from China and talk about Twitter.
Just a few weeks ago, Twitter had a major security breach, in which a hacker or hackers were able to control a number of really high-profile accounts, including that of Elon Musk, Joe Biden, President Trump, a host of others.
The hacker posted a tweet saying sort of something along the lines of, “Hey, I’m feeling generous. If you send money to this Bitcoin account, I’ll send you back double whatever you send.” Well, a handful of people fell for this, but in retrospect, this was a pretty small scam compared to what it could have been.
So I guess this kind of ultimately raises the question of, can we trust Twitter or any other social media platform with our information?
Kitchen: The interesting thing about the hack on Twitter here recently was, you’re right, this was a little bit like stealing a Ferrari to listen to the radio—the fact that they tried to pull a Bitcoin scam. I think they ended up collecting about $185,000.
But what they were able to do in terms of gaining access to what’s called verified accounts—these are accounts that Twitter, they have the little blue check and they do that, Twitter does that, so that users can essentially know that, “Hey, this is the verified account. So when it says that this is the Twitter account of Donald J. Trump, it’s the Twitter account for Donald J. Trump.”
By kind of doing what they’ve done, they’ve undermined that whole verification model. This was a big deal. And we’re going to keep hearing more about this particular hack as more information comes out.
But one of the net outcomes of this is, that as we enter the 2020 election cycle in earnest, it just further undermines the legitimacy and reliability of online information—at the point where verified accounts on Twitter can no longer be trusted as being from the people they purport to be from. It’s just another kick in trustworthy news online, and that’s going to be a problem for us.
Allen: So, in other words, you’re saying that we could see the election in November potentially impacted by things like Twitter hacks, by people putting up information that might be inaccurate, or saying this person is polling well or this one isn’t, and affecting the way that people vote?
Kitchen: Well, what I’m saying is, there’s going to be a lot of that kind of activity, undoubtedly. The barriers to entry are so low that foreign actors and other malicious actors, it’s just too attractive a target and too low a cost for them not to do it. So there’s going to be a lot of foreign influence activity online. And there already is.
The impact that has on people’s actual voting remains to be seen. Typically people are pretty locked in, and they orient themselves on news that kind of supports that going in position. And there’s not a whole lot of information that supports radical changes in people’s viewpoints, but they can still be misled. And that’s a problem. We saw that in 2016.
Allen: Yeah. Well, you mentioned 2016. In the 2016 election, it was effected by emails, both hacked and leaked. So far, we haven’t seen that for 2020, but do you think that security is better than it used to be and that we won’t see that kind of email hacking again? Or do you think that there’s a chance that, with this election, we might see kind of those same tactics taken?
Kitchen: I think two things. One, security is better. And two, there’s no doubt in my mind is that we’re going to see the same type as activity.
I think at the end of this election, regardless of who wins, both candidates are going to have enough of a reason to claim some type of legitimate interference, that it’s going to make the outcome very messy. And if the voting outcome isn’t decisively one way and it’s really close, it’s going to be even harder.
But even if it is decisive one way, there will still be enough activity, bad guy activity online to where people are going to have legitimate claims of manipulation. And that’s why we’ve been saying for four years that this has to be addressed and it has to be changed.
Allen: And is it being aggressively addressed and changed?
Kitchen: In some quarters, yes, but at the end of the day, I think we have to recognize that we have not fundamentally changed the calculus of nations like Russia and China. And what we have seen just from a pure metric standpoint is an increase in activity along these lines from Russia, China, Iran, North Korea, and even some individual hacking syndicates.
So there’s been a lot of effort. There’s no doubt about it. Whether that effort is sufficient I think is still very much in question.
Allen: So how do we as American citizens go about protecting our information online?
Kitchen: Yeah. There’s some very basic things that an individual can do. And in fact, James Di Pane and I have just kicked out a recent paper on basic cybersecurity where we discussed this, and that can be found on the Heritage website.
But you know, the simple things are, one, be careful what you say and do online. You know, just remember that when you post on Facebook that picture of your family vacation, you’ve just told all the people who can see your profile that you’re away from your home and out of town. And somebody could drop by and visit if they want.
Be careful if you’re dropping your kids’ and your grandkids’ names and their birthdays and things like that. And that type of information can be accumulated and all kinds of insights can be drawn from it.
Two, especially a lot of the Twitter hack, turn on what’s called two-factor authentication, or 2FA. It’s where you have to provide a second method of verifying that you are in fact the person that’s trying to log into your account. That’s a great way to kind of push bad guys a little further out and not make it easy for them.
And then finally, another easy thing to do is start using a password manager. There’s a host of those out there. Essentially what it is, is you only have to remember one password and then the password manager manages everything else. It’s a great way to have strong passwords without having to have a super memory. And those are often free or very cheap. And I would recommend everybody adopt those practices.
Virginia Allen: What are the cybersecurity issues that you’re kind of looking at, that you’re tracking and following right now that you recommend listeners also keep their eye on moving forward?
Kitchen: One of the awesome and challenging things about what we’re doing at the Center for Technology Policy at Heritage is it’s pretty audacious, where we’re trying to look at tech policy comprehensively and from an interdisciplinary perspective.
So we’re looking at everything from, of course, tech competition with China, which involves everything from market dynamics, to cybersecurity and foreign policy, and even human rights. But we’re also looking at, earlier this week we had the tech CEOs before Congress talking about antitrust, and we’re looking at those issues.
We’re also looking at facial recognition technologies and the government’s use of those capabilities and what legal constraints might be necessary for that type of activity.
So all of those things are things that are really important to individual citizens, they’re really important in the policy space, and they are taking a great deal of our attention at the CTP.
Allen: Klon, thank you so much for your time today. We really appreciate you coming on.
Kitchen: My pleasure.