We're happy to welcome all our guests. We have seven guests today. We would love it if you would stand
so we could greet you with some applause. Please patience with my pronunciations. So please welcome
a guest from the OCE Lab of Civic Engagement, Shilpa Nandiala. Shilpa?
Oh, are you observing? All right, follow up to last week's speaker already. Guest of Mike Baker, David
McFadden. Kyla Cox-Deckard is welcoming three guests with her from the Center for Rural Engagement,
and Elise Jenke.
Gina Vertrees and Milan Gaston. Another guest, Becky Wan, is a guest of Mark Peterson. Becky. And a
guest of Michael Wade, Megan Wade.
Welcome. If you have any questions about Rotary, feel free to ask the folks at your table. And do we
have any guests online? Hey, Hank. Oops. OK. Hello. Yes, Megan Wade is joining us online, so as a guest
online. And other than that, just Rotarians.
saying any of you who'd like to learn more about Rotary, just turn to someone at your table and ask
away. Birthdays, we have several birthdays to celebrate. On the 11th, past club president and past district
governor Lance Eberly. On the 12th, Forrest Gilmore. On the 14th, past club president and district governor
Judy Witt. And on the 15th, Erica Kovacs. One anniversary to observe, Judge Jeff Bradley
Five years with our club, 12 years total as a Rotarian. We have a number of announcements. Please join
the members of the Rotary Book Club following the regular celebration of service at 1 p.m. next Tuesday,
right after the meeting. They will have a brief meetup to field questions that Rotarians might have
about the group, and they'll also decide what the next book will be and the meeting date.
The Rotary District Conference registration is now open, scheduled for May 8th and 9th at the Gold House
in Louisville. And you can learn more and register at rotaryallstars.com and there should be a link
in the roundabout. Save the date for the Wonder Lab Summer Blast Off on May 21st, an afternoon and evening
street party celebrating the last day of school.
Loomington Rotary Foundation is the primary event sponsor, and we'll need some club members to volunteer
that day. It should be a fun time, and if you want to learn more about it, the link will be in roundabout.
Don't forget that during meeting times, club members can also park for free at the Henderson or Atwater
garages. I parked at Atwater today. Campus sidewalks are clear. It was a nice walk.
If you want to avoid some of the parking problems at the Union parking lot, or you don't want to navigate
all the students in front of the Union, both Henderson and Atwater are good choices. So I think I crossed
the line last week because I hugged Brad Fulton, our guest speaker, at the end of his talk. So the net
result is it has been determined that we need to be observed. Maybe I need to be observed.
So anyway, Shilpa there in the back monitoring my behavior. But don't be concerned about this. Seriously,
as we heard last week, they have observed countless organizations, including the Bloomington Rotary
Foundation. And at a board level of the club, we talked about it a couple of months ago and said, yes,
we're willing to do this. So anyway, Shilpa or one of our colleagues will be here at Tuesday meetings.
They'll probably sit down on some kid meeting meetings. They'll probably be at board meetings. So now
that we've welcomed her, forget that she's here, and business as usual. Tyler, if I can get you to stand.
So Tyler Martin Nichols is our Zoom and audio producer. And Tyler is still looking for the right full-time
employment. Main areas of interest are arts administration, student affairs, program project management,
Faculty support, university governance. Tyler has master's degrees from both O'Neill and Jacobs. If
you have an interest in learning more, see Tyler or see me. I'll vouch for Tyler. He's personable, reliable,
very quiet way, very competent. He'd do a good job for anyone.
Last thing, it's been brought to my attention that several of us have received spam emails from people
we know in Rotary, special party invitation. So if you get that, just be very cautious. Let's see. Has
Jeff Richardson walked in yet? Yes. Jeff, are you ready for your reflection? All right. Jeff will give
our reflection for today.
Good afternoon. Reflecting on Lee Hamilton's life reminded me of the Jimmy Stewart character in Mr.
Smith Goes to Washington, a man of intellect, integrity, eagerness, kindness, tenacity, and humility.
And he never lost that competitive edge he had from being a top basketball player in Evansville and
at DePaul. How fortunate we were to have Lee in Congress from 1965
until 1999, then at the Wilson Center, a nonpartisan think tank in DC, and the Center for Congress at
IU, coupled with his teaching at the Hamilton Lugar School of Global and International Studies. He never
stopped serving the public's interest. In fact, his son reported he took his father to his IU office
the day before he died. First, Leonard reminded me of beloved
Charlotte, who was from her bed, still doing lobbying the day before she died. Before I share some personal
reflections, let's visit how just a few national media and local media characterize Lee's passing. A
life of service and global leadership, the Midwestern congressman from Washington who should be remembered,
a compromiser who operates above the fray,
powering figure in national politics with ties to IU, Lee Hamilton, a legacy of honor. Beyond these
and many other headlines, I also connected with some old friends and reminisced about Lee. Speaking
with Wayne and Emily Vance is always entertaining and informative. Wayne worked for Lee both in Congress
and the Center for Congress for over 40 years. Wayne stated that Lee's passion for public service never wavered.
As much as Lee enjoyed his work, he loved coming back to southern Indiana and meeting with his constituents.
He would return to Indiana 41 weekends every year. Wayne explained that Lee felt it kept him grounded,
and his outreach was not limited to folks back home. For example, he went to see the troops in Vietnam
in the mid-1960s and to Iraq during the war there to hear directly from them.
And of course, he traveled the world, meeting world leaders, always listening and learning. Wayne added
that Lee believed that his greatest legislative achievement was a passage of Medicare. As a 75-year-old
recipient, thank you, Lee. Lee also counted his tenure on the 9-11 Commission as a ringing success and
top-life achievement post-Congress. One pundit characterized Lee as a quiet man who made himself heard.
So true. I had several specific memories about Lee during my life, but due to time, we'll share just
a few. When campaigning as an IU student volunteer for various Democrats in 1970, that's when I first
heard Lee speak, very impressed. After Frank McCloskey got elected in 1971, Lee would drop by City Hall
to see the mayor, but also make a point of walking the halls to visit others.
1970s, when I was on the city council, he would stop by, always asking how things were going, how are
we doing in Washington, and what should we be doing? Of course, he was a regular at all the Democratic
events in southern Indiana, and along with Birch Bayh, who incidentally, helped get elected in 1962
as a chair of the Bartholomew Democrats, he was a crowd favorite. Bayh once... This is Birch Bayh, once
famous, he said,
If I could ask God, one favorite would be to have a whole bunch of more Lee Hamiltons, the
perfect congressman. When Frank McCloskey was elected to Congress in 1982, I was honored, no, actually
thrilled to be part of Frank's team to get his new office off the ground. During my three months there,
the most regular visitor was Lee, sometimes a few times a day. Always upbeat, joyful, connected,
and eager. He would ask staff how they were doing and if we needed anything.
He knew no strangers. Fast forward to the early 1990s in Indianapolis. I was working for then-Governor
Evan By and the State House. One afternoon, there was a lunch panel with Lee Hamilton and Dick Lugar
about world affairs. It was breathtaking. Each spoke about meetings they had had with world leaders
and named them in the topic and did so with ease and not a hint of self-promotion.
So Lugar would say when I was meeting, and some of it was reflecting back, some of it was current, when
I was meeting with Gorbachev last week, I don't know, whatever, and then not to tip for a tap, but Hamilton
would say, yes, and I remember that when I was talking with Prime Minister Thatcher. And I just sat
there and I said, these two people, and they're so
not pretentious, not self-promoters, and talking about world affairs, and here they are, both from Indiana.
I mean, I was actually moved. I still am, that these two giants were from Indiana and were so compatible.
They sometimes would finish each other's sentences, and they were all civil, gracious, and kind, real-life
role models and real giants on the global stage.
It wasn't until very recently that I learned that Lee and Dick had been friends since 1967 when Dick
was running for mayor. As one pundit would wisely say, trust, respect, and integrity make change possible.
This honesty and wisdom was also the basis for Lee and Dick earlier receiving the Medal of Freedom from
President Obama. Lee's final column, just published a week ago, entitled Congress Needs More Friendships
Why, Lee asked, to reestablish Congress's ability to assert itself as a robust and effective branch
of government. He continued, you need to develop relationships on trust to do more than just put your
name on a bill. He concluded, members will have to join together in friendships and transcend the usual
workday. It's all about friendships, about service above self. And I thank you, Lee.
for a lifetime of public service, you will be deeply missed. Thank you, Jeff. Well done. So celebration
of service. You may remember that just a few weeks ago, we finished our district grant project for this year.
meals on wheels. We had two phases. And then the cycle begins again. And I want to thank for next year's
district grant in order to qualify, each club has to have two Rotarians participate in a one hour phone
call in the month of January. And Michelle Cohen and Sarah Laughlin did that for our club. I think Sarah
has been on as many calls as anyone. She can probably recite it from memory.
but it's one of the requirements. And in order to do it, you become eligible for a $6,000 grant.
So thank you, Michelle and Sarah. And now I'd like to ask Jeremy Graham to come up and join me,
if you would. Stand on either side.
So a native of Gary, Indiana, Jeremy Graham has been a Bloomington resident for almost 14 years. Jeremy
and his wife, Anisha, were high school sweethearts and have been together as a couple for 16 years.
They have a six-year-old son, and they're expecting a newborn son any day now, which is why I suggested
to Jeremy that you can go ahead and leave your phone on. And if all of a sudden I see you dart out the
door, all's good.
Jeremy is a full-time realtor here in Bloomington. He's the team lead for the Century 21 Sheets Graham
team. Anisha works with Jeremy. The two of them love to collaboratively guide, navigate, and assist
buyers, sellers, and investors through real estate transactions. In the community, Jeremy serves as
the membership vice chair of the NAACP Monroe County branch, serves on the welcoming committee for the
Bloomington Chamber of Commerce,
And he's also a shuttle bus driver for City Church, where he transports IU students to and from church
services. For fun, Jeremy enjoys spending quality time with his family, golfing with friends, building
relationships with people. Jeremy joins our Rotary Club as an NAACP organizational member, joining Jim
Sims, Jimmy Torrey, and Patrick Smith. Welcome, Jeremy.
Okay, we have time for an abbreviated membership section today. So today's quiz, we have lots of Rotarians
that exercise in different ways. Many of them work out at the Southeast YMCA.
But here's a list of four Rotarians. And one of these Rotarians does not exercise at the Bloomington
Southeast YMCA. And your choices are Rex Hillary, David Wright, Tracy Yovanovich, Steve Engel. So if
you think Rex Hillary is a Rotarian who does not work out at the Bloomington Southeast Y, put up your
hand and do the same online. Boy, no takers.
All right, how about David Wright? If you think David Wright is the one. All right, we have a few. Tracy
Ivanovich, and I will qualify, Tracy's on a cruise now, so we're talking about when she's home. If you
think Tracy is the one who does not work out at the Southeast Y, put up your hand. We have a few. Finally,
if you think Steve Engel,
is the one who does not work out. And I see one. All right. Well, if you guessed Rex Hillary,
you are wrong. Rex participates regularly in YMCA classes. Here's a picture of Rex from a few years
ago. Rex is front left. And on the background, you can also see Mike Wade and Gus Juskalis. All right.
If you guessed David right, you would be right. David enjoys hiking and biking, but he lives
near Martinsville. So it'd be a long way for him to work out at Southeast Y. David has done some reflections.
He also, we had a club session with David as a speaker. He is our club puppeteer. Tracy Ivanovich. If
you guessed Tracy, you would be wrong.
Tracy has been a runner for many years. Now, she is very much a walker. If any of you have ever tried
to keep up with Tracy as she goes around the wide track, good luck with that. Here's a picture, a couple
of us here on July 1st. Tracy is the more attractive individual on the left. And finally, if you guessed
Steve Engel, you would be wrong.
Steve is a regular weightlifter at the Y. So he's there exercising on a regular basis. So we did pretty
well. I would say for those who voted correctly picked David Wright. Rotary International, seven areas
of focus. And February is Peacebuilding and Conflict Prevention Month. We're going to skip Happy Dollars
today, but we have a short rodeo
rotary video to show. It's very difficult to even define peace. It goes beyond, of course, the absence
of war. It's about
social equity. It's about living and feeling respected where you live. And it's about showing this respect
to every person. Respect to every person. As a humanitarian organization, peace is a cornerstone of
Rotary's mission.
We believe when people work to create peace in their communities, that change can have a global effect.
Our Peace Center alumni, our dedicated peace builders, are leading the charge for that change. In Peace
Fellowship, you feel support of a very powerful organization, which is Rotary. The organization of the
program is unique because it is not purely academic. You meet
a lot of people coming from different parts of the world. So every new person brings you new perspectives,
new ideas. They come from those conflict areas or they are interested in working in those conflict areas
to minimize the effect of conflict. Their long-term role can be also in building mutual understanding
between the conflicting communities to make sure that future conflicts will not arise.
Peace building is really a kind of work. Mediate, transform conflict, stop conflict, create an environment
of peace, to connect people who made a choice to create these environments of peace. Try to bring people
from across the divide together in a way that they can see that the other doesn't have an enemy face.
bringing people together across everything and to do whatever it is that they're interested in. People
can come together to play board games and people can come together to learn how to tango. This means
that peace of course, ideally speaking, is a sort of desire.
but it's also a strong need we have in this world in order to offer people opportunity to thrive and
have an environment where human potential could flourish. There will always be times of conflict and
that's where the peace builders' role exists. They will try always to increase the mutual understanding
to make sure that those conflicts will not escalate.
So there is a strength that is coming from their commitment and dedication, their competencies and skills.
And this perhaps is going to fight against violence and fight against situations where peace is truly
missing. If people stop believing that it's possible, then it cannot happen. One of my worst quotes
is, if you want to have peace, you should prepare for war. I hate that quote. If you want to have peace,
you should prepare for peace. Alan Barker will introduce our speaker. Thank you very much, Steve. Hi,
everybody. It's great to see you. And that was an amazing video. It really was incredible.
And within the theme of peace, our talk today will illuminate a completely different area. And so I'm
delighted to introduce our very own Rotary member as guest speaker, Professor Scott J. Shackelford.
And I'm going to say a few things about him. This amazing individual who you probably all know about
is a Provost Professor of Business Law and Ethics at the IU Kelly School of Business.
He's also the director of the Center for Applied Cybersecurity Research and helps lead the Ostrom workshops,
work on cybersecurity and internet governance. So he has a number of different roles at Indiana University
and makes a huge impact. In short, he spends his time thinking about and helping us shape how societies
can navigate the risks and opportunities of our increasingly digital world. Scott is one of the authors
of Securing Democracies in an Age of
Instability, a timely and important book that examines how democratic institutions are being challenged
by cyber security, threats, disinformation, and rapid technological change. So the title of Scott's
talk today, Securing Democracies in the Digital Age, could not be more relevant and present in our world
these days.
At a moment marked by political polarization, geopolitical tensions, rapid advances in artificial
intelligence, and boy, do I know about that this morning, I had a bunch of conversations that have sort
of rocked me back on my heels, and widespread concerns about misinformation and cybersecurity interference,
questions about how democracies can remain resilient and trustworthy feel especially urgent. So, we're
very fortunate to have one of our own, Scott,
To help us make sense of these challenges, please join me in offering a warm rotary welcome to one of
our own, Professor Scott Shackelford. Well, thank you so much. Good afternoon, everybody. How are you?
I have to say we timed this spectacularly, okay? So today, if you didn't, if you weren't aware, now
you will be, it is Safer Internet Day.
I know, I know. Every day, ideally, should be Safe for Internet Day, but it's actually today. So a lot
of reasons to, I think, have this timely discussion right now. And actually, as part of Safe for Internet
Day, I was giving a keynote for a conference in New Delhi earlier today. And you know the title of the
conference? The Cyber Peace Summit, the Global Cyber Peace Summit. They had more than 70 countries there.
So a little bit about what I'll be talking to you about today is very much a global movement. So it's
not all going to be doom and gloom, I promise.
It's a beautiful day outside. We'll try to let some of that light shine on this topic as well. Thanks
so much again for the opportunity and for that very warm welcome. It's great to be back. I wanted to
just do a few things upfront per usual. There's too much content to get through, so I'd rather have
time to get through discussions about especially a topic on all of our minds is this, but a few things upfront.
One, if you haven't been over to the Ostrom workshop in a little while, come check us out. There's a
lot of exciting stuff going on, including with regards, Alan, as you were saying, to AI governance.
tech governance, as well as, of course, environmental challenges, you name it. We just did a joint session
with the Environmental Resilience Institute this last Friday on the environmental impacts of data centers,
for example, here in Indiana and around the world. Really awesome talks every Monday and Wednesday,
a lot of ways to get engaged, and we still have copies of that children's book, which I should have
brought with me today.
But if anybody wants to follow me over, we still have Lynn's on Common Life, which actually they're
doing a teacher training workshop on that in a couple weeks here for civics classes and things like
that. So her work is getting out there, which is great.
The Center for Applied Cybersecurity Research still does a lot of work on election security, but also
more broadly looking at local critical infrastructure protection. Real hot topic these days, which could
be a separate talk, is water. Water utilities in particular are a very unfortunate soft target. So we're
working with a lot of those around the state and beyond to see how we can come together and build some
resilience in those systems.
Okay, and here's some of the work on Cyber Peace. Bit of a trilogy, I'm still waiting on the movie deal.
Matt Damon, I mean, come on, you're done with the Odyssey, this is the natural next step. So I'll be
peppering in a few insights from that work on Cyber Peace, but again, the focus is gonna be on this
brand new book, and it just came out last month on securing democracies in the digital age.
And that book, I'm happy to say, it's published with Cambridge Press, but it's open access. So anybody
around the world can freely download
access the contents, no paywalls, nothing like that. I wouldn't be really preaching the gospel of the
commons if it was any other way, but I still wanted to flag that, right? And kudos upfront to my co-editors,
Frédéric Doucet from Paris 8 and Chris Ankersen from NYU. There was a slate of amazing scholars and
practitioners all around the world that were involved with this project. The focus of the book, if you're
interested, was basically three geopolitical hotspots. So we looked at Eastern Europe,
We looked at Middle East, North Africa, and we looked at East Asia and South Asia to see how these advancing
and emerging democracies are dealing with a whole array of challenges, as you just heard in the intro,
right? So threats to election infrastructure, how we manage misinformation, disinformation, deepfakes.
And a lot of the US focus was on how we, as in the US, are managing those threats from abroad. We didn't
focus on homegrown threats.
We can take this in lots of directions. I grant you there's rabbit holes upon rabbit holes that we can
go down, but for purposes of the book and my presentation, just know that it's more of that
global perspective. Okay, so very briefly, when we approach this topic of protecting our elections,
it's good to think about it first at the 30,000 foot level, then we'll drill down, okay?
Critical infrastructure, what the heck is that? Here in the US, we have 16 critical infrastructure sectors,
and you see them all labeled up there. They run the gambit. Think about everything that's really vital
that if it goes down, you're having a really bad day, right? So healthcare, telecom, right? Agriculture,
okay? Elections is one of those systems. And the US, there's only a few countries around the world that
specify that, but we're one of them actually, and that's been the case since 2017.
So that means that organizations historically, like DHS, have a bigger role in safeguarding election
infrastructure and systems. I just wanted to mention that up front. This has been a long-running problem.
We see that in the elections context and more broadly. There have been groups that have tried to undermine
election outcomes and frankly just confidence in elections dating way back, believe it or not, if you
guys remember, the South African elections that actually elected Nelson Mandela in the early 90s. That
was one of the first documented attempts of using some early internet worms to interfere with voting
machines, right? So that was a little while ago now, more than 30 years. Of course, as was mentioned
these days, the technologies, the techniques have really
advanced quite a bit in some scary ways, and we're all racing to catch up. So again, I'll be focusing
mostly on some of that stuff. There's been a variety of attacks on these different types of critical
infrastructure over the years. We can talk more about it, but suffice it to say, everybody's been breached,
right? And there's this old joke that if you weren't, if you think you haven't been breached, well,
you just haven't found out yet, right? I mean, why do we have to tell us here in Monroe County even,
right? Like it happens. It happens with some regularity. And of course, IU is no stranger to that either,
Globally, there are some big trends that are feeding this, right? So there's a lot of geopolitics lurking
in the background, as always. Unfortunately, Ukraine has been a testbed for both information warfare
and cyber warfare since their elections in 2013, right? So we've seen that, of course, most recently
in the international armed conflict, but
They've also pioneered, as I'll talk about in just a minute, some responses for how you get ahead of
disinformation and deep fakes. They basically have a version of the PBS NewsHour, where every night
they're debunking the kind of fake news or the deep fake story of the day in real time, right? And it's
different when you think about Beijing.
Okay, so in the book, we try to do this with some granularity, figuring out how different adversaries
around the world who are commonly trying to undermine trust collectively in the democratic process are
approaching these, right? You see there that Russia versus China's approach
could not be more different. They're both at opposite ends of this spectrum, right? One is trying to
sow chaos, confusion, right? The other is really trying to plant some seeds to undermine long-term trust
in the stability of these systems, such as by sowing divisions, but also more broadly. And I'll say
we're not unique in the U.S. in that regard. These campaigns have been playing out all around the world.
I promise it's not all doom and gloom. We're gonna get there. There are a lot of good stuff, good work
that's being done here in Indiana.
and more broadly to get a better handle on some of these challenges. Some of them are just frankly voting
machines, right? Like here in Monroe County, how do we vote? You better remember that usually it's a
touch screen and there's like a little, or you have a little optical scan paper ballot that you scan
in, that you scan in, right? Depending on the place. Those are gonna be phased out, but anybody know
when they're gonna be phased out by? The Indiana legislature passed this law a couple of years ago.
2027 is our deadline.
All right. So not super forward leaning. You'll see a map in a second that's going to give you some
more details on that. Other states, you know, a bit further along and a part that's driven by the fact
that there is problems as you see here in the software ecosystem supporting those different machines
and just more broadly to the supply chain. We've been doing a lot of work on how you rethink accountability
for software. So if you're Microsoft, there's something called Patch Tuesday, right? You put out a new
product today,
If it causes a problem, you patch it tomorrow. And who's responsible for all the damage that happens
in the meantime? Maybe you remember the CrowdStrike incident a couple years ago, where there was a patch
that went out, caused a world of hurt if you were flying that day, but also more broadly, the NHS, for
example, systems went down. But the question has always been lurking is, well, why aren't we treating
tech companies liable for all that? We're treating them with kid gloves. Just as of last month, Europe
has extended their product's liability directive to software. That's a fancy legal way for saying, if
there's a bug in code that leads to real world harm, now in Europe, you get to hold the tech company
liable, strict liability. I was involved with a software liability summit at the White House. This was
a while ago now, mid-24, where we were talking about the same thing, should the US follow suit or not.
That's a game change. We're starting to see that with things like social media for kids. We're not seeing
it more broadly yet.
But still, it's worth kind of keeping that broader scope in mind. And lastly, these are some of the
big trends feeding into all this. I'll say a bit more about AI, but honestly, you name it, each of these
is important for thinking about ways that we can secure democracies. Even internet access from space
is really taking off. Forgive the pun. We're actually launching a space cybersecurity digital badge
program later today here at IU, which is pretty cool. So there's a lot of neat work there.
And again, more broadly, there's ways to think about this from more of a peace perspective as a shared
responsibility. And there's different ways to approach that. Okay, given time, let's focus on democracy
here. So in the book, we're trying to look at this from a variety of different perspectives. There's
this grid that gives you a bit of a flavor for how we think about democratic resilience. Yes, it's about
protecting election infrastructure. So the voting machines, the tabulation systems that count up the
votes, but it's also a much broader problem.
If it was that easy, we would have gotten ahead of it a while ago. So this just kind of gives you a
flavor of that. You'll see a specific when we dig into the case study about what went down in 2016 and
thereafter. This was a fun one. I did a separate book, a history book, called Forks in the Digital Road
that looked back at the history of the internet and cybersecurity. There's been hacking going on a long,
long time, including, as you all know, hacking of elections, depending on how you like to define the term.
Some cities, some states are notorious for this kind of thing. Of course, what's different is the scale
that's possible by undermining the shared systems that all of this infrastructure relies upon. And that's
one of the things we're focusing on here. Like we said, here in Monroe County, mostly we're using these
optical scan paper ballots. Now, help me. We'll make it a bit more interactive because I know it's middle
of the afternoon. I need some coffee as well.
From a security perspective, what do we think? Which of these is going to be best? Should we go back
to those hanging chads? Oh man, those are the good old days. Great Halloween costumes, though. What
do you think? From a security perspective, you want to have as many layers of authentication as possible,
right? So you can double check the results in close selections. What do you think?
Okay, okay, okay. So in other words, if you have some kind of system where there can be a paper audit
after the fact, that can build confidence and ultimately trust in the democratic process, right? What's
the problem if you don't have the paper trail? Like a lot of jurisdictions still don't around Indiana.
Well, in a close election, or if there's intelligence after the fact that in some way, shape or form,
it was undermined, it's tough to go back forensically and double check those results. So the gold standard,
long story short these days,
is what's called a risk limiting audit. So you have a jurisdiction, I'll give you a flavor for what
this looks like nationwide. So you pick a state where they're all green. You institute a risk limiting
audit and you take a statistical sample of the votes cast and then you compare it against the reported
results just to make sure they're consistent. Colorado was the pioneer in doing that.
Then Rhode Island, we have a half a dozen states that have these laws on the books. Indiana's going
in that direction. There's some legislation around a risk-limiting audit, but again, we don't have the
underlying tech yet to really make it possible statewide. When you look at this map, it looks pretty
different from 2016. So some states have really gotten on the ball. So Georgia, back in 2016, was bright
red. All right. Pennsylvania.
bright red. In other words, some core swing states had some technology that was problematic. There have
been groups that were able to hack into some of these voting machines that were still running Windows
XP just to show what was possible. It's not great. That's not great. As a reminder, Windows XP hasn't
been updated since 2014. So nobody's really double checking that. So that's a problem. And we haven't
really invested in this stuff at a federal level since that 2002 Help America Vote Act.
That was, of course, in response to all the hanging chads. It was about a $4 billion investment that
went to the states, because, again, we don't have one national election, right? We have more than 3,000
local elections that get aggregated up. So it helped to purchase a lot of equipment. But back in 2002,
what was the main headache we were trying to solve? Those long lines of polling places and the confusion
around hanging chads, right? Cyber security wasn't exactly front of mind. So what did a lot of these
jurisdictions go out and do?
including in Georgia and Pennsylvania, well, they bought a lot of these handy systems where they're
just touchscreens, but without a paper trail, right? So it's that kind of technical debt that now we're
having to go back to and refresh, right? Here in the US, but also around the world. Okay, so looking
to the midterms this fall, but in 2024, you know, equally valid, this just kind of gives you a flavor
of all the different layers that the bad guys could focus on and try to sow
distrust, right, or try to manipulate some processes. So that goes all the way from voter information.
So their information we rely on platforms, right? So as you know, social media is flooded these days
with AI generated content. I mean, I think that's 80% at this point of X. I don't even know. It's ridiculous.
So what we can trust.
Who really said what? What video is legitimate? That's already become a real issue. Some states, including
Wisconsin, even Indiana, have some new laws on the books that actually attach civil penalties if you
spread disinformation or deep fakes involving candidates within a certain number of days of an election
cycle. So that's fine. That's one little aspect of this issue. Finding the perpetrators, et cetera,
is easier said than done. But that's only, obviously, one piece of this.
Again, other jurisdictions like the EU, they've gotten a lot further in this regard. There's some pretty
stiff penalties. Election rules. So these are basically where you're registered to vote. So those can
be manipulated as well. So picture like an elaborate Excel spreadsheet. If you can get access to that,
and unfortunately, there's no even state law still requiring us to encrypt all that data,
So there's still some precincts that have it unencrypted. You can imagine any kind of other
Excel spreadsheet, right? You can manipulate the cells. You can make it look like somebody's registered
to vote there when they're actually registered to vote there. That can lead to long lines, sow distrust,
and again, ultimately undermine confidence. No evidence that happened in 24, to be clear, but that is
the issue. And we know back in 2016, election rolls in Illinois
were compromised. Again, no evidence that anything was changed, but because so much of it is
still unencrypted, that's still an issue. Voting machines, we talked about. Tabulation systems are just
fancy software for adding up votes, all right? Like any software, that can be manipulated. No evidence
that happened in 24, but other democracies, like the Netherlands, have been so concerned that in one
of their last elections, they went back and hand counted every paper ballot.
They didn't have any trust in their tabulation systems because they had some intelligence that they
had been compromised. Dissemination of news is also a problem, right? So imagine what you could do if
you hacked into the AP Newswire on election day to make it look like a candidate or a party was ahead
or behind in the polls in a country like ours with multiple time zones. That could also impact turnout,
right? And also sow distrust. No evidence that's happened to the AP or otherwise
But that's still a potential headache. And we have seen that, unfortunately, in other countries like
Ukraine, in terms of news sites being targeted in that way, which gets us thinking about, well, heck,
is news critical infrastructure? That has other big First Amendment problems, right? If we do have more
of a government role there. Talked about critical infrastructure, too. So if you can snarl traffic,
if you can cause blackouts, you name it, not across the nation, but just in certain core swing cities,
certain core swing states, that can also be problematic.
right? So these broader issues can come back and lurk in this context as well. Okay, what are we doing?
We're doing a lot.
There have been some positive steps forward. One of them was in the information sharing network called
the LISAC. So basically it's an information sharing and analysis center. It allows election officials
to share information and learn from intelligence about threats in real time. We didn't have that in
2016. Now the issue is right now DHS is in the process of unwinding.
So looking ahead to 2026 election a lot of local election officials won't have potentially as updated
information as they've grown accustomed to for the last seven years. There are some other shifts that
have played out again if we had more time we could talk about how some of the parties are responding
and how we're looking more globally.
Again, the good news is that we are working together more than has been the case in the past and that
the word is getting out, especially with a pretty wide array of democracies about some of these best
practices. So in the book, we dig into these in a little bit more detail. By and large, all these democracies
and plenty others around the world
are embracing a lot of these best practices. So a lot that had electronic voting machines are going
back to paper or involving paper at some point in the process. They're doing risk limiting audits. The
only real country that's going the opposite direction is Estonia. They still allow online voting, and
they have since the early 2000s, right? But keep in mind, this is a country pretty homogenous with a
population the size of San Diego.
So a bit of a different vibe than the United States in that regard. And they're different in other ways,
too. It's an incredible country, though, if you haven't been. All the others, right? Embracing paper.
Which just gets thinking about these other layers of the problem though, okay? So you might remember
this seems so antiquated at this point, but there was this whole like puffy jacket thing. This was an
early deep fake of the Pope that really went viral, right? And this was one of the first times like,
wow, I had no idea it's such fashion sense, right? People weren't aware of what all the...
technologies can do. If you're a kind of a relative newcomer to kind of AI and deepfakes, I think we
can send out the slides. I included some links to some really great podcasts like any Radiolab fans
out there. They went and they interviewed the original researchers from the University of Washington
who put out some of these tools. These days, it's incredibly easy to do. If none of you, let me just
ask, how many of you have tried to create an AI generated picture or video at some point? Okay.
I'd say at least a third, right? Bordering on half. What was that experience like? Was it pretty easy
to do? Yeah? Yeah, Alan, as well? Okay, okay. If you don't mind me asking, what tool did you use? Yeah.
Okay. Most all of the big AI platforms can do this now, right? So Jim and I, for example, Google's version.
Sora, which is like this basically slop on steroids from open AI.
I mean, you name it, it's incredibly easy. And it's frankly, it's just so easy and it requires basically
no technological sophistication at this point that the cat's completely out of the bag, right? So the
only real options are legislation to really hold tech platforms fully accountable, buck stops there,
you can't put it on the users, right? Or we have to think about, you know,
everything else that would be nice, but isn't going to change things, you know, full stop. It's going
to be a long-term evolution, basically digital citizenship training, right? That's important. We do
it in schools. We could do a better job. But frankly, there's not a lot of other fantasias out there.
Okay. Here in the US, we're also, you know, we have, I don't want to say handcuffs exactly, but we definitely
have our freedom of movement at the federal level limited because of this.
Right? So if you're not familiar, Section 230 of the Communications Decency Act, this is what gives
those shields to those tech platforms. OK? So if it wasn't for this law, and it was passed with really
good intentions, and frankly, it made a lot of sense in the 90s, because at that time, you could sue
the equivalent of Google or Meta or Facebook, you name it, because of the content they host on their
site. So if there was hate speech that you came across on Facebook, you could sue Facebook. Right? This
was the law saying you can't do that.
All right, simply put. And because of that, that's really changed the incentives for these companies
to not really moderate as much as they could. The issue is everybody agrees they don't like section
230 anymore, but nobody can come together and come up with a consensus about what do we do about it?
All right. Like Biden, for example, and Trump agree on almost nothing. They both hated this. Okay. But
what comes next? If you take this down, you know, the incentives can go one extreme or the other. Either
it's super moderated,
sanitized, or digital hellscape, right? There's not a lot of movement in between the two. So that's
why we still have it, but it does limit a little bit what we can do at the federal level and as a result
at the state level. What are other countries doing? Well, a lot of experimentation. I mentioned Ukraine
before. In the UK, actually, they treat coding as a second language. All their kids are getting some
coding as they go through school.
And they're also doing digital citizen training, including spotting AI and deep fake content as part
of that. They can do that, of course, because it's the UK. There's a national curriculum. They don't
have the same setup that we have here in the States. But that doesn't mean we school districts, including
MCCSC and otherwise, couldn't learn from some of those experiences and help kind of raise the overall
level of cyber hygiene and awareness. There's also some major international initiatives. The Munich
AI Election Accords are one of them.
So all the major democracies, this was about a year and a half ago now, and all the tech platforms got
on board with that to limit the spread of disinformation, deep fakes, and violent extremism online.
But again, they're norms, right? So what happens when they're violated? This gives you a sense on the
AI side, what's happening at the regional level and the national level. I kept the US executive order,
even though it's been repealed, just to give you a flavor for what it would have done. So in the EU,
they have this kind of
three-tier structure for what's the most problematic uses of AI, all right? Elections is one of them,
all right? But there's some other things too, like spotting somebody's emotional state in public. That
was also banned, okay? Social credit scores of the kind they do in China, that was also banned in the
EU. Certain healthcare applications, certain autonomous driving applications are much more heavily regulated.
So they have this three-tier structure that we don't have, okay? In the US, what do we have?
Well, one, a lot of action at the state level. So California has really filled the gap here along with
a variety of other states, including with regards to some new prohibitions on what you can and can't
spread online and penalties for tech companies that violate some of those. And I can go into more details
if folks are curious. This is what the executive order would have done if it would have stayed in place
basically for these big large language models that have a national security implications for what they roll out.
They would have had to get basically a red team pre-approval first. But again, that's now gone by the
wayside. Okay. Important role for international law in all of this. If we had more time, you know, we
could talk about it.
But you can also just read the book, which is great. It's a good beach read for spring break. I promise
it's going to help you feel good. This gives you a sense for all the contributors where they're coming
from. As you can tell, lots of universities, lots of institutions all around the world. Andy Grotto,
who was in the White House, the Office of the National Cyber Advisor during the Obama administration,
he's now at Stanford, did a great piece looking at the history of US election security. I'd really hardly
recommend that one.
And ultimately, I'll just leave us with thinking about this. It's a whole of society approach, right?
As Len Ostrom famously said, there are no panaceas, and trust is the most important resource. There's
not a lot of trust to go around these days. I know, I know. But this is an area where I think we can
come together. I think the peace-building literature is so important in that regard. And think about
all the different layers here locally.
In working with a state, because even frankly, some things like protecting kids from social media, they're
pretty bipartisan these days, right? And when push comes to shove, a lot of the stuff that we're talking
about here is still pretty bipartisan too. So there's a lot more that we can do. And ideally, do together
so that we have democracies helping each other around the world.
And we've seen some green shoots in that regard. I saw some wonderful things happening in India earlier
today and across the global South. And I hope there's a time here in the US where we can more actively
contribute to that conversation at the federal level too. So again, I will pause there to make sure
that we have time for at least a couple questions or thoughts, but just thanks again for the opportunity.
And don't let any of this convince you not to vote.
All right, that's how foreign adversaries that are trying to undermine confidence, and even domestically,
that's how they win, right? So cast a vote, participate. That's the main takeaway. So yeah, happy to
take any questions.
So thank you, Scott. That was amazing. That was incredible. And just thinking about you and the depth
of knowledge that you have and the security that we have that you're delivering information that we
can believe seems to be- Or am I a deep fake? You don't know. Exactly. Or you're a plant of some kind.
That's right. But anyway, my question really is,
more sort of a very general question of your sense of whether or not disinformation and fake information
is propelling itself into our universe to the point where all of the information that you've provided
to us, all of the serious research, all of the dedicated commitment that you've had is being sort of
washed away by this alternative reality that seems to be sort of
like the slop that's coming towards us. Yeah. Yeah. I mean, I would still like to think, you know, Alan,
that this stuff resonates and is broadly useful, but you're right. It is an echo chamber. And in a lot
of these, especially on social media, those algorithms and how they're feeding all of us matter a lot, right?
So I think it's up to us in higher education to inform and push back and burst those bubbles and to
shine a light that they exist because oftentimes it is just too easy to fall into a groove and just,
you know, be very, very happy with your own little echo chamber, right? So that's why I think, you know,
work like this, again, that's open access and freely available is, you know, super important.
So I would appreciate that chance to, you know, talk about it and would love to share, you know, preach
the gospel as it were to any other folks in groups who, you know, might come to mind too. So in the
Netherlands, what happened with that election? Was it accurate? Do you know?
It was okay, but they were able to do it in part again because they had the system set up to do that
hand counting. It's a different scale than we're used to, but it was not a problem because they got
the intelligence in advance and they had the backup processes available. So that was a good news tale
about what was caught.
That was OK. There have been a lot of other attempts, as you would guess, across Europe, especially
given the ongoing war there, to undermine confidence and manipulate the results of a lot of different
elections. But they have something called a cooperation group in the EU, where basically all the election
officials across the entirety of the EU get together regularly, share best practices, and they invest
a ton in kind of raising all boats.
And that's mirrored as well. They have something called the Digital Services Act. And that's the thing
that has really rigid requirements for the tech platforms. And if they breach them, up to 4% of global
total revenue is on the line. So they stand up and they take it seriously. So even in the war in Gaza,
that was mostly regulated by the EU through the Digital Services Act in terms of what was being fed
and disinformation and deepfakes online. Last question.
long refrain that the US innovates while the EU regulates. And this is another example of that. So you
talked a bit about just the, and I'm seeing this intensely in social media that the amount of fake news
has kicked up tremendously even in the last few months. Like just, I'm seeing stories that are completely
fabricated and written in a way that looks authentic and it's tricking a lot of people.
on all political sides. And what I'm wondering about from the corporate side of things is does I am
under this suspicion that that financially benefits these social media companies and so they don't have
an interest to change it and fix it. But what I'm curious is if is the technology available to actually
limit, strictly limit that or even eliminate it? Like, does that exist at this point? And could they
implement it if they were had the will or were forced to? Yeah, so unfortunately, we are headed in the
wrong direction and a lot of these platforms. So a lot of the trust and safety teams have been gutted,
especially at formerly Twitter, now X, but even at, you know, Google, even at Microsoft, right? So
That's a problematic starting point, because the teams that were there that had the institutional knowledge
and had the memory of how this was done, a lot of them are gone now. So that's the starting point, which
is a tough one. Can you do it is another really good question. So the utility and the technology of
how we spot AI deepfakes, it kind of varies per application. In short, we're good at pictures. We can
spot that pretty well. Not so good at sound, and we're really bad at video.
believe it or not, in terms of automatically. We can see it oftentimes with our naked eyes, better than
the actual computer vision, the systems that are monitoring for this stuff. So that means we can get
ahead of some of these challenges more easily than others. And there's some legislation around the world,
but there's also, on the norm building side, some efforts to require basically labels
kind of like we have for other things. You picture like Energy Star or something that tells you something
meaningful about the energy use or the privacy and security of a product. Do that for AI generated content,
right? And there's no reason the state couldn't do that, right? And potentially, you know, the federal
government could at some point come into that too. As you could guess, it's tricky for sure. And if
it happens, it's gonna happen in the EU first. That was too much doom and gloom.
Sorry. Thank you all. Scott, thank you for a very interesting presentation. Your credit to our club.
In honor of your talk, a donation will be made this quarter to Amethyst House. I'd like to thank today's
volunteers, Diana Hoffman, Hank Walter, Alann Barker wearing three hats, Joy Harder, Jeff Richardson,
Michael Shermas. Next regular meeting will be here in the Georgian Room next week.
Audrey McCluskey will speak to us about capturing joy, a childhood in Jim Crow America. Tyler, if you
would put up the graphic for the four-way test and please stand if you're able and join me. Of the things
we think, say or do, first, is it the truth? Second, is it fair to all concern? Third, will it build
goodwill and better friendships?
Fourth will be beneficial to all concerned. And fifth, is it fun?