Social media as a weapon

Nov 10, 2020

8 min

Siobhan Gorman

Best-selling author Peter Singer talks with the Brunswick Review about winning the increasingly crowded and contentious war for attention



What do Isis and Taylor Swift have in common?


According to author and digital-security strategist Peter Singer, both the terrorist organization and pop star are fighting for your attention online and employing similar tactics to try and win it.


ISIS kicked off its 2014 invasion of Mosul with the hashtag, “#AllEyesonISIS.” More recently, the terror group posted photos of its members holding cute cats in an effort to make them more relatable – tactics familiar to most celebrities and online marketers around the world.


These online battles, the rules governing them, and their real-world impact are the focus of Mr. Singer’s latest book, LikeWar, which he coauthored with Emerson T. Brooking, at the time a research fellow with the Council of Foreign Relations.


“A generation ago people talked about the emergence of cyber war, the hacking of networks. A ‘LikeWar’ is the flip side: the hacking of people and ideas on those networks. Power in this conflict is the command of attention,” says Mr. Singer, who in addition to his writing is also a strategist and Senior Fellow at the New America Foundation.


Pretty much everyone who posts online – from governments to marketers to reality TV stars – is a combatant in this fight for virality, according to Mr. Singer. Triumph in a “LikeWar” and you command attention to your product or propaganda or personality. Lose and you cede control of the spotlight and the agenda.


Mr. Singer recently spoke with Brunswick’s Siobhan Gorman about the trends he’s seeing in LikeWars around the world, and what companies can do to avoid being on the losing end.


What were you most surprised by in researching LikeWar?


One of the more interesting characters in the book was at one time voted TV’s greatest villain: Spencer Pratt, a reality TV star on MTV’s “The Hills.” He’s basically one of these people who became famous almost for nothing.


But what Pratt figured out really early was the power of narrative, which allowed him to become famous through, as he put it, “manipulating the media.”


In the same week, I interviewed both Pratt and the person at the US State Department who’s in charge of the US government’s efforts to battle ISIS online. And Pratt, this California bro who’s talking about how to manipulate the media to get attention, understood more of what was playing out online than the person at the State Department.


Spencer Pratt, a reality TV star… understood more of what was playing out online than the person at the State Department.”


How much have online conflicts changed the rules in the last few years?


First, the internet has left adolescence. It’s only just now starting to flex its muscles and deal with some of its responsibilities. The structure of the network changes how these battles play out. So, it’s this contest of both psychological but also algorithmic manipulation. What you see go across your screen on social media is not always decided by you. The rule makers of this global fight are a handful of Silicon Valley engineers.


Another aspect of it is that social media has effectively rendered secrets of any consequence almost impossible to keep. As one CIA person put it to us, “secrets now come with a half-life.” Virality matters more than veracity; the truth doesn’t always win out. In fact, the truth can be buried underneath a sea of lies and likes.


And the last part is that we’re all part of it. All of our decisions as individuals shape which side gets attention, and therefore which side wins out.


But you highlight that this is playing out differently in China.


Exactly. There are two different models shaping the internet, and shaping people’s behavior through the internet, playing out in the West and in China. Essentially, internet activity in China is all combined. Look at WeChat, which is used for everything from social media to mobile payment; it’s Amazon meets Facebook meets Pizza Hut delivery. And you combine that with an authoritarian government that’s had a multi-decade plan for building out surveillance, and you get the social credit system, which is like Orwellian surveillance crossed with marketing.


The social credit system allows both companies and the government to mine and combine all the different points of information that an online citizen in China reveals of themselves, and then use that to create a single score – think of it as your financial credit score of your “trustworthiness.”


For example, if you buy diapers your score goes up, because that indicates you’re a parent and a good parent. If you play video games for longer than an hour your score goes down because you’re wasting time online. And it’s all networked. Your friends and family know your score.


It creates a soft form of collective censorship; if your brother posts something that’s critical of the government, you’re the one who goes to him and says, “Knock it off ’cause you’re hurting my score.” And you do that because the score has real consequences. Already it’s being used for everything from seating on trains and job applications to online dating. Your score literally shapes your romantic prospects.


So, you have this massive global competition between Chinese tech companies and other global tech companies not only for access to markets, but also for whose vision of the internet is going to win out.


How can companies win a “LikeWar”?


Everyone’s wondering: What are the best ways to drive your message out there and have it triumph over others? The best companies I’ve seen create a narrative, have a story and have emotion – in particular, they have emotion that provokes a reaction of some kind.


It’s all about planned authenticity. That sounds like a contradiction, but it’s about acting in ways that are genuine, but are also tailored because you’re aware that the world is watching you.


A good comparison here is Wendy’s versus Hillary Clinton. Wendy’s is a hamburger chain – not a real person – but it acts and comes across as “authentic” online and has developed a massive following. They’re funny, irreverent.


Yet Hillary Clinton – a very real person – never felt very authentic in her online messaging. And that’s because it involved a large number of people – by one account, 11 different people – all weighing in on what should be tweeted out.


Inundation and experimentation are also key. Throwing not just one message out there, but massive amounts of them. Treating each message as both a kind of weapon, but also an experiment that allows you to then learn, refine, do it again, do it again, do it again.


How do you measure and gauge battles online now? Is it just volume?


It all depends on what your battle is, what your end goal is. Is it driving sales? Is it getting people to vote for you, to show up to your conference?


This is what the US gets wrong about Russian propaganda and its disinformation campaigns. We think they’re designed to make people love or trust a government. From its very start back in the 1920s, the goal of propaganda coming from the Soviet Union, and today Russia, has been instead to make you distrust – distrust everything, disbelieve everything. And we can see it’s been incredibly effective for them.


First, we need to recognize that we’re a part of the battle. In fact, we’re a target of most of the battles.


How effective have disinformation campaigns actually been in the US? What can be done?


One of the scariest and maybe saddest things we discovered is that the US is now the story that other nations point to as the example of what you don’t want to have happen.


There’s no silver bullet, of course. But one example was something called the Active Measures Working Group, a Cold War organization that brought together the intelligence community, diplomats and communicators to identify incoming KGB disinformation campaigns and then develop responses to them. We’re dealing with the modern, way more effective online version of something similar, and we haven’t got anything like that.


There are also digital literacy programs. I find it stunning that the US supports education programs to help citizens and kids in Ukraine learn about what to do and how to think about online disinformation, but we don’t do that for our own students.


What can people like you or me do?


First, we need to recognize that we’re a part of the battle. In fact, we’re a target of most of the battles. And we need to better understand how the platforms work that we use all the time. A majority of people actually still don’t understand how social media companies make money.


The other is to seek out the truth. How do we do that? And the best way is to remember the ancient parable of the blind man and the elephant – don’t just rely on one source, pull from multiple different sources. That’s been proven in a series of academic studies as the best way to find the facts online. It’s not exactly new, but it’s effective.


Where will the next online war be fought?


The cell phone in your pocket, or if we’re being futuristic, the augmented reality glasses that you wear as you walk down the street. It’ll come from the keepsake videos that you play on them.


If you want to know what comes next in the internet there have always been two places to go: university research labs and the porn industry. That’s been the case with webcams, chat rooms and so on.


What we’re seeing playing out now are called “deep fakes,” which use artificial intelligence to create hyper-realistic videos and images. There’s also “madcoms,” which are hyper-realistic chat bots that make it seem like you’re talking to another person online. Combine the two, and the voices, the images, the information that we’ll increasingly see online might be fake, but hyper-realistic.


The tools that militaries and tech companies are using to fight back against the AI-created deep fakes are other AI. So, the future of online conflict looks like it’ll be two AIs battling back and forth.


Let me give you a historic parallel, because we’ve been dealing with these issues for a very long time. The first newspaper came when a German printer figured out a way to monetize his press’s downtime by publishing a weekly collection of news and advice. And in publishing the first newspaper, he created an entire industry, a new profession that sold information itself. And it created a market for something that had never before existed – but in creating that market, truth has often fallen by the wayside.


One of the very first newspapers in America about a century later was called the New England Courant. It published a series of letters by

a woman named Mrs. Silence Do-good. The actual writer of the letters was a 16-year-old apprentice at the newspaper named Benjamin Franklin, making him the founding father of fake news in America. In some sense it’s always been there, using deception and marketing to persuade people to your view.

Connect with:
Siobhan Gorman

Siobhan Gorman

Partner, Washington, D.C.

Siobhan Gorman concentrates on crisis, cybersecurity, public affairs, and media relations.

Cyber SecurityCyberattacksNational SecurityLitigationMedia Relations

You might also like...

Check out some other posts from Brunswick Group

2 min

Cybersecurity introduction

This is a business imperative, not a tech issue, says Brunswick’s Cybersecurity and Privacy team Cyber threats are generating some scary statistics: $400 billion a year in losses from attacks, with some larger businesses experiencing more than 12,000 attacks each year. But there is also good news. Companies are recognizing that cybersecurity is not a technology concern but rather a critical business issue and one they are preparing to deal with. To address the significant business and reputational risks involved, companies are using a cross-functional, top-to-bottom approach, one that treats cybersecurity as a business imperative. Many companies are beginning to strengthen their “human firewall,” creating a business culture where every employee sees cybersecurity as their responsibility. People, not software, are often the weakest link in a security system and that is a problem no software patch will solve. Regulation is growing increasingly complex and governments’ expectations differ from those of companies and consumers. The rules are murky and lag far behind the technology – and the threat. To deal with competing and at times conflicting requirements, some companies are moving beyond the minimum demanded of them, and aiming for a higher standard. To be effective, a company’s cybersecurity program needs to weave these threads into its underlying business plan. Cybersecurity is more than just a strong defense, more than compliance. It must be a part of corporate culture. It represents an opportunity to differentiate yourself from your competitors, increase the efficiency of your operations and earn a greater level of trust from customers, shareholders and the community.

9 min

U.S.-Iran Crisis: Outlook and Implications

Executive Summary: The immediate crisis following the death of Iranian general Qassem Soleimani in a U.S. airstrike and Iran’s retaliatory missile strikes against two U.S. airbases appears to have settled down. However, the conditions for a future flare-up remain in place because the underlying conditions have not changed. Going forward, each side is likely to double down on its stated strategic objective, with Iran pushing for an end to U.S. presence in the region and the U.S. pushing for an end to the Iranian nuclear program. Further, the norms that had previously prevented an open exchange of fire between the two sides have been eroded. Why It Matters: The events of January 3rd and 8th represent the first time since the skirmishes of the “Tanker Wars” of 1987-88 that the military forces of the United States and Iran have directly and openly exchanged fire with each other. For the last three decades, the contest between the two states has been a shadow war of proxy conflicts, plausible deniability, and non-military measures. The American decision to strike Soleimani and the Iranian decision to fire missiles in response removed many of the guardrails that have set limits on previous escalations of tensions. The Iranian decision to renounce cooperation with the 2015 nuclear agreement places back into contention an issue that had previously brought the U.S. and Israel to the point of war with Iran in 2012-13. Business Impact: Markets have been largely taking a wait-and-see approach in order to determine the form of Iranian response to Soleimani’s death, and they responded with relief when President Trump signaled that the U.S. would not retaliate. To an extent, uncertainty in the Middle East had already been priced into the markets due to tensions in the second half of 2019. A significant or prolonged conflict would have an obvious negative impact on energy markets and regional economies. In addition, American and Western companies operating internationally or their employees could suffer collateral damage from any future Iranian proxy attacks against visible symbols of U.S. presence overseas. Looking Forward: In the immediate term, the resolution of the crisis represented one of the best possible outcomes: Iran has publicly signaled that the missile launches conducted on January 8th constituted the extent of their military retaliation to Soleimani’s death and President Trump’s White House address acknowledged Iran’s desire to de-escalate and spoke of finding mutually beneficial outcomes with no further mention of military action. Going forward, both Iran and the United States are likely to double down on their desired strategic outcomes. Iran will seek to use all of the levers of its influence to drive the United States from the region, beginning with Iraq but also including indirect pressure on the Gulf states that host U.S. forces. Offensive cyber operations and deniable proxy attacks against civilian infrastructure in the Gulf could be part of that campaign, returning to tactics observed in the past. For its part, the United States will continue its maximum pressure campaign over the Iranian nuclear program, with President Trump promising additional economic sanctions even as he stepped back from military action. Therefore, although both sides appear to be committed to non-military means, the points of tension that caused the most recent crisis are all still present and have arguably increased based on Iran’s increased non-compliance with JCPOA. It remains to be seen whether coming close to the brink of open conflict will have changed the risk tolerance of either side or whether the first acknowledged exchange of fires between the U.S. and Iran for 32 years will usher in a new period of low-level conflict. The View from Tehran: Iran has played Soleimani’s death for maximum strategic benefit. The messaging of the past 96 hours was aimed at various audiences within the country, the region, and around the world. Having been caught on the backfoot by the U.S.’s strike on Soleimani, the Supreme Leader allowed the IRGC to retaliate against U.S. forces in Iraq in a calibrated manner, likely calculating that a strike with limited casualties would satisfy demands for vengeance while not prompting a response. Khamenei’s Decision: Ayatollah Khamenei is an inherently conservative figure and one who is above all else motivated by the priority of regime survival. Given their long-standing personal relationship, there is ample reason to believe that his displays of emotion of Soleimani’s death, including weeping over his coffin during the funeral on January 6th, were genuine and heart-felt. However, his expressed desire for revenge has been tempered by the overarching imperative to avoid a conflict that would have threatened the regime’s hold on power, either from within or without. Rally Around the Flag: Within Iran, the regime is seeking to use Soleimani’s death and their subsequent retaliation to build national unity following a period of significant domestic unrest. This has been emphasized by the extended period of mourning for Soleimani, days-long funeral spectacle, and the invocation of religious and cultural symbols associated with Shi’a martyrs. The death of Soleimani comes on the heels of a series of mass protests in Iran that originally began on November 15th in response to proposed increase in the price of gas, but which have since expanded to a wider challenge to the regime. Media reporting from late December suggested as many as 1,500 Iranian civilians have been killed as part of a regime crackdown on the protests, which have been characterized as the most serious challenge to the regime since the Green Movement of 2009. JCPOA as a Wedge Between U.S. and Europe: Iran announced on January 5th that it would cease compliance with the remaining provisions of the 2015 Joint Comprehensive Plan of Action but would be willing to return to compliance if sanctions are removed. The nuance in Iran’s position highlights the fact that it is continuing to attempt to use the nuclear issue to drive a wedge between European signatories to the agreement and the United States, which unilaterally walked away from the treaty in May 2018. Regime Dynamics: Soleimani was a high-profile figure within Iran, but his outsized influence on Iranian foreign policy also created friction with other stakeholders in the regime, including leaders of the conventional military forces, the ministry of foreign affairs, and the intelligence services. He was one of few genuinely strategic thinkers in the Iranian national security apparatus and the one with the most extensive and deepest connections within the Arab-speaking world. His replacement as commander of the Quds Force is his long-time deputy who will be familiar with the day-to-day operations of the IRGC’s external operations arm but will not have the stature or the network of Soleimani. As a result, other stakeholders may jockey to move into the vacuum created by his death. The View from Washington: The present challenge for the U.S. is how to maintain both a deterrent posture and establishing the means to avoid further escalation. The policy on Iraq going forward will have to balance President Trump’s desire to disengage from the conflict while not creating the appearance of having been pushed out by Iran. Escalate to Deter: President Trump’s decision to kill Soleimani reflected an “escalate to deter” strategy, using a sudden and unexpected escalation of force during a crisis in order to reestablish deterrence after previous provocations in 2019 had gone largely unanswered. However, deterrence is only as good as the last demonstration of a willingness to respond. The decision to not respond to Iran’s retaliatory missile strikes reflected a pragmatic decision to de-escalate. National Security Decision-Making: Nearly three years into his presidency, Donald Trump feels increasingly confident making national security decisions based on his own instincts. The original coterie of experienced national security establishment members such as Jim Mattis and H.R. McMaster who had populated the Situation Room during the early days of the administration have largely resigned or been fired and replaced with individuals of lower profile and/or proven loyalty. Although the mechanisms of the formal interagency process continue to function, President Trump increasingly makes decisions based on a network of informal advisors and media sources. Domestic U.S. Considerations: The decision to launch the strike on Soleimani came during a period of high political tension in Washington, as it had been expected this month that the U.S. Senate would begin a trial in response to articles of impeachment passed by the House of Representatives in December. The Soleimani strike is being taken up by both Trump’s supporters and opponents as evidence of either his credentials as a decisive commander-in-chief or his unsuitability for office, depending on their perspective. Congress has proposed votes to limit President Trump’s independent authority to initiate hostilities with Iran, but this is unlikely to gain traction in the Senate. Separately, the first voting in the Democratic primary is less than one month away, and a sudden shift in focus to national security issues could have results that are difficult to predict, either boosting those with national security credentials (such as former vice president Joe Biden and military veteran Pete Buttigieg), or rallying support among primary voters for anti-war (such as Bernie Sanders). Third-Party Perspectives and Responses: Iraq: The strike at Baghdad International Airport that killed Soleimani also killed the deputy commander of Iraq’s Popular Mobilization Front, a coalition of militias that forms a part of Iraq’s official security apparatus. Iraq’s new Prime Minister Adel Abdul Mahdi has condemned the attack as a “massive breach of sovereignty” and an “aggression on Iraq”. Iraq’s parliament passed a draft law on January 5th calling for the removal of all foreign troops from Iraqi soil, but the law was non-binding and the session had been boycotted by most of the Sunni and Kurdish members of the legislature. Iranian presence has also been the recent target of Iraqi ire, such as in November when a crowd of Iraqis burned down the Iranian consulate in the Shi’a holy city of Najaf, and the Iraqi government will likely try to play both sides against each other to maximize its leverage for military and financial support. Withdrawal from Iraq would mean that the remaining American forces in Syria could no longer be supplied or supported through the western desert of Iraq and would therefore also have to be withdrawn. Iran will likely seek to use all its considerable levers of influence in Iraq to convince the government to see through the expulsion of American forces. The United States leaving Iraq and Syria due to Soleimani’s death would be a fitting legacy from the Iranian perspective and a perverse one from the American perspective given that Soleimani was responsible for the deaths of hundreds of American servicemembers in Iraq (and thousands of Iraqi civilians) through his support for Shi’a militias in the mid-to-late 2000s. Europe: Statements from European capitals emphasized the need for restraint and de-escalation. French President Macron is likely to view this event as further justification for his proposals that the EU develop a defense and security apparatus independent of NATO in order to avoid being entangled by potentially reckless American actions. Iran will likely continue to use this event as an opportunity to drive a wedge between the U.S. and Europe on the nuclear program and other issues, and their chosen retaliation was likely calibrated at least in part to allow them to continue positioning themselves as a responsible actor. For his part, Trump is urging the European signatories to join him in walking away from the JCPOA in order to increase Iran’s international isolation. United Kingdom: The British government has tried to tread a fine line in its responses to the strike, with Prime Minister Johnson calling for de-escalation while also stating that he “will not lament” the fact that Soleimani is dead. The U.K. is likely trying to balance its desire to remain aligned with France and Germany in trying to keep the JCPOA together with its traditional close alliance with the United States and Johnson’s personal relationship with President Trump. Russia: Unsurprisingly, Russian President Vladimir Putin condemned the American strike, which removed a valuable interlocutor for Russian forces in Syria. Russian troops and Iranian-backed militias in Syria had periodically found themselves with diverging interests in their campaign to support the Assad regime, and Soleimani performed a critical function in directing the activities of those militias to ensure that both Russia and Iran achieved their strategic objectives in Syria. A potential American withdrawal from Iraq and Syria would advance Russia’s interest in establishing itself as the indispensable foreign power in resolving the crisis in Syria and within the region more broadly. China: In line with their long-standing principle of non-intervention and their own interest, China condemned the strike, but the response was muted overall. Chinese interests are primarily economic and tied to ensuring a steady supply of petroleum. One of China’s newest and most capable naval destroyers recently participated in trilateral naval exercises with Iran and Russia in the Gulf of Oman. Although such exercises primarily serve a strategic messaging and diplomatic function, they do signal an emerging alignment of interests between the three states that would be significant for the response to any future crises.

4 min

Governing for Resilience

COVID-19 has raised the stakes for boards, argues Brunswick’s Paddy McGuinness, former UK Deputy National Security Adviser. We now live with COVID-19. Fewer business leaders are making the mistake of talking about “post-COVID” or “when this is over.” The better of them have factored in COVID-19 related constraints to their medium-term plans and are even thinking about how the world may change in the long-term. They are building capacity to take advantage of an early recovery within months, yet they are modeling and encouraging grit for current and indeed harder conditions to last much longer. In the past, when health emergencies—say the Spanish Flu pandemic of a century ago—subsided, there was a greater return to economic normality than had been expected during the crisis. Extreme events often heighten or even distort our perception of wider risks. That old journalistic cliché “one thing is certain, nothing will be the same again” is rarely true. But the pandemic has created the expectation that businesses will be resilient—that they will be able to respond to an event and recover to the state prior to the event, incorporating the lessons learned into business practice. Many business leaders feel they have not done too badly responding to a once-in-a-hundred-years event. Business Continuity Plans (BCPs), which were understandably sketchy for pandemics, were pulled out of second-line risk management and owned and improved in real-time by executive committees. The transition to remote working and, at least in Asia and some of Europe, the gradual return to offices again, has been managed. Services and even vital production have been maintained. Leaders have absorbed the personal and collective strain of this. Good reason then for some satisfaction as they delegate certain COVID-19 responses and focus on the economic tsunami that follows the pandemic. The public seems to largely agree with business leaders’ assessments. While many national and scientific leaders find themselves beset by “blamestorming,” corporate executives have been given more slack. They weren’t expected to have foreseen a pandemic. Their sometimes scrabbling responses are understood. However, behind this lucky pass lurks an expectation that businesses will now be more prepared for crises and foreseeable risks. Resilience cannot be relegated to BCPs and traditional risk-management structures. It is categorically a board issue—regulators, lawyers, politicians and the public say so. The reputations of individual board members and the collective are at stake. Think how fast leaders have been expected to respond to the issues raised by the Black Lives Matter movement. Alacrity will be required. The speed and scale of decisions in response to the pandemic leaves board committees playing catch up to assure themselves that risks have been managed. The move to working from home has been rapid, so too the digitization of the business. Some see these as new, streamlined ways of working, yet the negative consequences are not yet fully apparent. Working from home, for instance, is attractive to some employees as well as chief financial officers, who may relish the chance to reduce fixed costs. Concerns about the impact on the coherence of the business’s culture, its productivity and innovation, the security of data held at home, hardships for those in difficult home conditions, and, indeed, the needs of the younger demographic who seem to favor a return to the office, need to be given due consideration. It may be a case of “decide in haste, repent at leisure.” Resilience is categorically a board issue—regulators, lawyers, politicians and the public say so. The reputations of individual board members and the collective are at stake. Boards also need assurance that the business has regained its balance and can manage parallel or interrelated crises. In recent weeks we have been helping several clients respond to major cyber events unrelated to the COVID-19 outbreak. They have probably needed more external support than otherwise because their leadership capacity was inevitably denuded by pandemic response. And they have benefitted from us already knowing each other and having experience of how to work together in crisis. After the Great Financial Crash there was a heavy focus on balance-sheet resilience and having the requisite finance skills on boards. Business leaders are now beset by advice on the heightened obligation to be resilient in much a broader sense of the word. Regulators, lawyers and risk consultants are sharing checklists of factors for executive committees to take into account when managing risks and for boards to oversee. The challenge here is defining what changes your specific business needs and how to actually bring those about. Shareholders will be expecting a judicious move away from “just in time” systems to ones that can endure foreseeable risks. This isn’t just about potential legal liability or reputational risk. This is about setting your business culture for success. Undermanage risks and the business is wide open to damage from foreseeable shocks with all the loss of confidence and capability that follows. Overmanage and the business losses its competitive edge just when there is opportunity in the recovery. In order to track broader resilience, boards and their committees will need access to a wider set of skills and insight. Board membership emerges as an obvious area of focus. Yet each board will take more time and belonging to too many—“over boarding”—may well be unacceptable. Risk methodology and information flows will also have to be reviewed, alongside how to strengthen board members’ awareness and skills. Before the pandemic, chairs and CEOs were already wrestling with this for their difficult-to-price risks, such as data, technology risks and cyber. Individual experts on boards created siloed responsibility for what should have been a shared risk. A focus on process and method often led to a focus on the management, rather than genuine oversight of, risks. External advice didn’t always help (as we have learned from the plethora of competing advice around COVID-19). No single intervention will meet the new standard for resilience. Nor will simple prescription. A broader and more articulated approach is required if governance is to maintain stakeholder confidence and corporate reputation.

View all posts