I was in a discussion today about information being used in social media as a possible weapon. The people I was talking with have a tool which scrapes social media sites, gauges their sentiment and gives the user the opportunity to automatically generate a persuasive response. Their tool is called a “Social Networking Influence Engine”. No, not related to the SMISC BAA from a few years ago. Better.
I was then asked if we need an export license from the International Traffic in Arms Regulations (ITAR) folks at the US Department of State for us to sell it to another country.
My short answer is, I don’t know, but I’m going to find out.
Can this be categorized as a munition? I looked through and it does not seem to apply.
The implications seem to be profound for the information environment.
First, if it is true we need ITAR approval to sell to another country, it is a validation of decades of work saying that information is a weapon. As a historical precedent, in 2001/2002 the US Army took approval for operational use of IO away from then LIWA and put it at the Army Staff, now G-3/5/7. LIWA belonged to INSCOM, the US Army’s Intelligence and Security Command. Up until that point only intelligence organizations, or US Code Title 50, had oversight and approval authority over the use of Information Operations. After that point the oversight and approval belonged to Title 10, or the operational part of the Army. The Army recognized information could be categorized as a weapon.
A small caveat, when most people referred to IO at that point, they were specifically thinking of cyber. This was also one of the major sticking points of the US Cyber Command. Thus, almost every IO person was widely miscategorized as a cyber expert whereas IO was and is all about influence. Yes, that includes cyber. Cyber for cyber’s sake is a waste of electrons without an underlying purpose.
Second, if information is categorized as a weapon, this means that all facets of information activities should be integrated with all other parts of information activities. Things like Public Relations and Public Affairs should be under operational control authorities.
Third, timing is critical, so press releases, press conferences and other information activities should be integrated with all other information activities so their impact is maximized. No more typing it up and just hitting send, no sir. Perhaps if that information needs to be released as quickly as possible, yes.
The implications may have far-reaching impact beyond Department of Defense. The people who own this tool are in the civilian world and don’t even remotely touch the defense sector, so getting approval from the US Department of State might not even occur to them. If this does require ITAR approval, the corporate world that deals with information and influence will definitely be affected.
The worst thing about this is if State says ‘yes, you need ITAR approval’. Then the company would have to go through excruciating pain and submit the packet of paperwork and wait for someone to ‘approve with the appropriate caveats’.
So… my question is, who at the US Department of State must I coordinate with to get a ruling if this “Social Networking Influence Engine” must receive ITAR approval?