Protecting democracy is a passion for Ashish Jaiman.
He is director of technology operations at Microsoft and leads the work on the company’s security service designed to protect organizations in the political space from cybersecurity threats: AccountGuard.
Jaiman grew up in the world’s largest democracy, India, and has spent almost his entire adult life in the world’s second largest democracy, the U.S. He has an unshakeable belief that it is everyone’s duty to protect the freedoms that are sometimes taken for granted.
“You have to wake up and work for it every day,” says Jaiman about democracy.
AccountGuard is part of the Microsoft Defending Democracy Program that works with governments, political campaigns, academics and journalists around the world to protect the democratic process from hacking, increase political advertising transparency online, explore technological solutions to preserve and protect electoral processes, and defend against disinformation.
We spoke to Jaiman about AccountGuard, the threats facing democracy and what drives him in his search for solutions.
[Subscribe to Microsoft On the Issues for more on the topics that matter most.]
What were the origins of AccountGuard?
We saw in 2016 that attackers had started targeting individuals’ online assets as a way to compromise organizations. So, if someone wants to get to Microsoft, they may try to compromise my teenage son’s machine to get on my home network. From there, they could compromise my machine and eventually get into the Microsoft network.
That is the problem that AccountGuard tries to solve. We wanted to create a solution to track and mitigate this kind of “hybrid threat scenario,” in which the threat moves from a consumer account to an enterprise account. AccountGuard operates a little like an onboarding platform. An organization can enroll its enterprise accounts, then individual employees can add their personal accounts and those of their immediate family and friends.
Everyone is seeing a lot of phishing attacks. Let’s assume my employer is enrolled in AccountGuard, and as an employee, I’ve enrolled a friend’s personal account. If my friend is compromised by a nation-state actor, it’s likely their goal is not my friend, but my employer. AccountGuard will notify the organization of the potential emerging threat.
What kind of threats is democracy facing?
Authoritarian nation-states want to challenge democracy by using all kinds of tools and technologies to enhance discord wherever they can. For example, they will focus on issues that people are struggling with and blame those problems on the very idea of democracy.
Is technology a tool or a weapon in this context?
Technology is empowering. But every innovation that can be used to enable and empower people can also be – and is – weaponized to create disruption. And that has been true since the earliest days of innovation. The internet was envisioned as somewhere that would allow people to congregate and share ideas and information openly and freely. But it was weaponized in the early days and we saw the growth of cybersecurity attacks.
In many ways, that’s where we are now when it comes to the phenomenon of disinformation. Of course, disinformation is nothing new. What has changed recently is the speed and scale of it. If you were to stand up 50 years ago in a town square, you could maybe reach out to 50 or 100 people at once. But if I announce something on social media, I can reach millions of people at the click of a button.
What can be done to tackle disinformation?
When people were building software and IT systems 30 or 40 years back, they didn’t think about security as a first principle. But that has changed as a response to the growth in cyberattacks. Now security is designed into software from the beginning.
When it comes to the problem of disinformation, we are at the point cybersecurity was 30 years ago. We started building tools for sharing information, but we never thought of disinformation as a kind of attack.
We have learned a lot in the past 30 years, and we have an opportunity to use some of that knowledge to guard against disinformation. It’s time we started regarding disinformation as a cybersecurity threat.
What organizations are most at risk, and how are you working with them?
Journalism and news media organizations are seeing similar kinds of threats. In 2020, we saw threats relating to Covid-19, targeting first responders, hospitals, vaccine makers and so on. So we expanded our program to include human rights organizations, journalists and first responders, in addition to electoral bodies. Many of these customers have enterprise-level cybersecurity needs, but they only have the skills and the infrastructure of a startup.
Do you think technology is the answer to these problems?
We really have to understand that this is a social problem. And most of the time what we are trying to do here is find a technology solution to the social problem of disinformation. To solve it, we need ethicists, social activists and behavioral scientists in the room – not just technical people.
What drives you to keep working on these solutions?
I strongly believe in innovation with a purpose. I’m in a place both personally and professionally where I seek out opportunities where I can have a purposeful impact. And the work I have been doing in recent years is very fulfilling, because I can map it back to the greater good and it has a purpose. It’s not about me but about society. It’s about democracy; it’s about doing the right thing.
I’m fortunate to not only do the things that I am passionate about – technology and cybersecurity in AI – but also to map them back to a more fulfilling and purposeful life.