Thursday, November 14, 2019
Last month I gave two talks on cyber policy, one in Israel and one in Tokyo, Japan. What I learned was this: The two places could not be further apart!
The Israeli conference was called ICT and you can view their extensive YouTube channel here, but you probably won't so I will summarize it for you in this post in two words: Terrorism bad.
It was election season in Israel, and every single Israeli political figure stepped across the stage of the conference to get interviewed on their positions on the Palestinian Territories. They spoke in great depth, taking tough questions from interviewers about their policies and positions, most of which made any right wing American political figure seem like Bernie Sanders. Surreally pictures of these politicians were on billboards all over the country, often with Donald Trump standing in a close hug.
I say this because not just because Americans cannot leave politics behind at the border. At this conference, partially held in an Israeli Defense University, American and Israeli politicians, spooks, policy makers, and other nations came together to proclaim their continued support in the fight against terror. One of the standout talks was Albania's Minister of Foreign Affairs, which is one of the few talks not on the YouTube channel. It was packed so I stood in the back, ignoring the conspicuous security team that scanned the already extremely well vetted audience the entire time he spoke.
Another amazing talk was Facebook's policy person, who came to explain how not EVERYTHING is its problem and frankly "Just block everything bad as it happens" is an annoying thing for governments to keep asking for.
I want to point out that for many people, when you speak a conference, you expect them to pay for your flight and hotel. But at the high end of conferences, this does not happen!
At the VERY highest end, the conference itself can be more aptly described as a small roundtable discussion at a five star hotel with a paid-for staff of communications experts to organize everything and elicit collaboration since everyone is a speaker and expert at their topic. Typically at these you'll have current government officials and former government officials still making policy decisions behind the scenes as well as the top executives at various large conglomerates and you'll pay for everything as well as a conference "entry" fee that goes to the organizers. In return you'll get a neat printed out pamphlet with everyone's name and position and a picture of them, which saves time when wheeling and dealing.
At a slightly lower (but still super high) end, you still pay for everything (other than conference entry, which is sponsored by the host government or some large corporation or both) and the talks end up being "panels" with some people choosing to do a powerpoint presentation with their fifteen minute introduction speech and some just rambling.
My feeling on panels is that they are almost always terrible, although there are exceptions, like this one with Jennifer Cafarella discussing ISIS's potential reconstitution. But almost because the talks are typically not great, these kinds of conferences attract a special crowd of interested parties, to the point where the local service had someone ask me about what I was doing there and what my background was. I answered one hundred percent honestly - that I'm an executive in a computer company that offers hosting, and that I have an expensive side hobby of attending conferences like this because I masochistically enjoy cyber policy debates. Somehow this was so unbelievable that he then followed up with, "...What other cover stories do you use?" to which I replied "collage student?" which, of course is the one all the Israeli's use at Defcon every year.
Also speaking at both conferences was Sophia d’Antoine and it was sometimes fun to see people not realize how much background she had on both the technical (her speciality is automated program analysis) and policy aspects.
What I mean from "the two places could not be further apart" is that Japan and Israel are almost orthogonal in their approaches to all the important policy problems in the space. In Japan there was a focus on the rule of law as defined very closely with international norms creations efforts. Pacifism is a virtue. Of course, should the Japanese decide to go offensive and use their cyber capabilities for deterrence as I and others recommended, the world would shake.
Israel has a very different view on things. Just down the road from the big Microsoft building in the hip tech town of Herzliya is NSO Group, currently being sued by Facebook for selling 0day capabilities, in what is a silly lawsuit that demonstrates the failure of international norms efforts between nation states that now these sorts of things are hashed out between large corporations.
Probably the most amusing part of ICT for me was when at the end of the panel I was on the moderator asked some simple questions. "What happened to ISIS's cyber capabilities? Why haven't they developed as we thought they would into a force to be reckoned with?" These were Talmudically hypothetical questions of course. Looking out at the crowd you could see the answer in their eyes, an entire conference of deadly spook subclasses dedicated to removing that particular threat from the world.