We’re really excited to talk about the launch of our second public Riskgaming scenario, “DeepFaked and DeepSixed: AI Election Security and the Future of Democracy.”
DeepFaked and DeepSixed is a bit different from our previous political and economic simulations, which tend toward groups of 4-8 people negotiating, haggling and cajoling over the course of several hours. Instead, this game centers on an intelligence fusion center at the White House where 54 people come together to offer information and to seek out patterns of threats against American democracy. Player roles come from across government, international organizations, the private sector and non-profits, and are designed to offer both a crisp backstory as well as essential clues relevant to that character’s background. Everyone cooperates against the clock to identify critical threats before it is too late.
Lux’s director of programming Laurence Pevsner (who is making his Riskgaming podcast debut) and host Danny Crichton talk about the design of the game, what triggered its creation and the lessons we learned from two runthroughs in New York and Washington this week (including which city did better to protect American elections).
Transcript
Danny Crichton:
Hey, it's Danny Crichton, and this is the Risk Gaming Podcast by Lux Capital. We have a special episode today, a live-to-wire episode, which means not only do you get us unfiltered, you also get all the ums, likes and all the filler words that Chris Gates, our producer normally filters out. But I'm with a special guest and one who I paid to be here all the time, Laurence Pevsner. Laurence, welcome to the program. It's your first show.
Laurence Pevsner:
Yes, first show. So happy to be here. Thanks for having me, Danny, and thanks for paying me to be here.
Danny Crichton:
And Laurence, you officially joined the Lux team a couple of weeks ago, but this is your first podcast.
Laurence Pevsner:
Yes, yes. I've listened in on a few, but this is the first time I'm actually on the pod and I'm happy to be here and hoping to be on many more to come.
Danny Crichton:
And Laurence, I hired you, but I have no idea what you do here. Maybe you explain a little bit what you're doing at Lux Capital.
Laurence Pevsner:
Sure. Yeah. So I am the director of programming, and that specifically has me working on risk gaming quite a bit. So I'm joining you on editorial. We're working on the podcast together, we're working on the newsletter together, and we're working on programming all of these risk games. So we're taking risk gaming from something we were just starting to do and experimenting with to taking it all around the world.
Danny Crichton:
And for those who don't know, we've obviously hosted many of these games over the last two years, but it is very hard to get people, it's hurting cats, but getting all these very busy people from around the world into one room, that is what Laurence's job is going to be. And good luck to you, but before you joined Lux, you had a very interesting job right before.
Laurence Pevsner:
Yeah, so before I was at Lux, I was the director of speech writing for the US Ambassador to the UN, Linda Thomas-Greenfield. I did that for about two and a half years, and then I left to do a fellowship at the Moynihan Center as inaugural public scholar there where I was working on a book about public apologies.
Danny Crichton:
And you're working on a book about public apologies. Why were you triggered about public apologies. You pissed someone off.
Laurence Pevsner:
Yes. Well, I've been writing for these high level politicians and CEOs and often writing apologies for them. The first time I really felt this myself was when I was writing for the ambassador, and I accidentally offended the entire nation of Hungary, millions of people were upset with me because I had accidentally referred to a statue that I thought was in Hungary as being defaced in an anti-Semitic way. Turned out the statue was of a Hungarian person, but in Sweden. And so our Hungarian friends were quite upset, and that triggered a whole apology process through the State Department. And it really got me thinking about our public apology culture, both because now I was on the other end of the stick, but also because I saw how they both work and how they fail and how they really permeate our entire culture.
Danny Crichton:
Or the opposite, you just never apologize and just keep pissing people off, just like in our election day, which is actually the trigger for this particular podcast episode because we are announcing the launch of our second risk gaming scenario publicly, which is deep faked and deep six AI election security in the future of democracy. It's launching Saturday, November 2nd, which is when this episode is coming out. And I want to talk about a little bit of the design. So for those who have been following the Risk Gaming podcast and newsletter for a long time, we launched our first scenario a couple months ago called Hampton of the Crossroads, which focuses on a hurricane hitting the Hampton Roads region in Virginia with implications around climate change and national security. With deep fake and deep six, we have a very different game here. It's a game with dozens of people playing different roles, trying to focus on AI election security.
And Laurence, you joined us as we were getting these groups together, and we'll talk about what happened in New York and DC recently. But when you can think about the design of the game, what comes to mind?
Laurence Pevsner:
What struck me as totally different about this game is most of the other risk games that we have there are, first of all, the different players are often competing with each other and they have different metrics for success. This is a game where everyone is on the same team, they're all trying to work together, and they all have one metric of success that's a combined metric of success. So it has a totally different feel than some of our other risk games, which are more intimate and more mono-e-mono. This one is about cooperation.
Danny Crichton:
And in this game we have 54 roles. So people are playing everyone from the intelligence agency directors to people who work at the White House, Department of Homeland Security, all the way into the private sector, so people working at telcos, social media companies, et cetera. And the goal here is to bring them together in the storyline into an intelligence fusion center. So a place where we're trying to connect dots with disparate pieces of information around election security. And Laurence, you've seen this played out a couple of times, but how does that interaction work in the game?
Laurence Pevsner:
Yeah, it's actually a little bit chaotic. You have a whole room of people, tons of different roles. Everyone is running around trying to first understand their own role, understand what their information they have is, and then identify who else has similar matching information and how can they piece this big puzzle together. It almost feels a little bit like a murder mystery party, I would say.
Danny Crichton:
Yes, yes.
Laurence Pevsner:
There's a hint of that, but of course, it's a little more serious and there's also a lot more going on than in that scenario, rather than just being one murderer or something like that. There's a lot of different potential threats that they're trying to identify, a lot of different threads to put together.
Danny Crichton:
So Colonel Mustard is in the ballot box counting room, and he just burnt the ballot. But no, in reality, there's two scenes. So in the game we have a before election scene, so in the week or so before the US election coming up, and then we have a scene that is during and after the election, so both people actually voting and then actually counting those ballots or recounting them as the case may be. And in both of those scenes, there's a defined number of threats, real threats that come together. And those threats are complicated. They revolve around foreign actors, domestic actors, influencing elections, different motivations. Sometimes they're political motivations, sometimes they're economic motivations, sometimes they're just for the lols as the kids say these days. The idea here is to highlight how many disparate pieces of information you need to connect the dots and the chain to figure out what these threats are.
Laurence Pevsner:
And the players would have to connect these different pieces of information, and then they would have to report the threat. In this case, to me, I was the central command, and they would've to come to me and say, okay, here's the threat. And sometimes actually they thought they knew what the threat was and they would actually show up in the room and be like, oh, wait, there's something with Iran. It's like, okay, that's naturally not a threat. You got to get a little more specific.
Danny Crichton:
And the key here is, from a learning objective, is one, to highlight just how much information is just diffused around the United States when it comes to election security. So think of companies that have SMS texting capabilities, companies like Twilio, Amazon Web Services in real life. You send us SMS messages, well, those SMS messages also encompass those services, can actually send out all those campaign alerts, all the reminders to go to the polling places. And those are Fauci where people can actually influence elections either through misinformation, disinformation, et cetera. You also have too technologies like social media where advertising goes around the web influencing voters. You have obviously the intelligence community. So there's all these disparate pieces of data coming together, and it's hard to connect because in real life, it's hard to get dozens of people into one room and actually figure out what is going on here.
Laurence Pevsner:
Yeah. And the other challenge, of course, is that not all the data is true. There's people who have clues, they have information they think is totally valid and real just like in real life, but actually it goes nowhere. There's no actual threat associated with it, and that is reflected in the way that we grade the game. So there's actual scores, there's actual numerics behind how this all works, and if you identify a threat and it's not actually a threat that it impacted your score.
Danny Crichton:
And I would also say in addition to just data and connecting dots, one big focus of this was around deep fakes and artificial intelligence, so emerging technologies that are influencing the elections. And several threats include this, I think in a judicious way because I think if you look at real life, we haven't seen an enormous number of deep fake threats coming through the election this cycle in 2024. And so a lot of threats are not just saying, Hey, deep fakes are everywhere, and that this didn't really happen. In some cases, people are getting messages from their grandparents and they didn't realize that those were faked into their phones. In some cases, it's a pastor or other local leaders who are being faked, and it's very, very specific, very targeted. And that was one of the major emphases we wanted to put out is with big data, machine learning, generative AI, you have the ability to customize a lot of messages in a way that you had to be more broadcast in the past.
Laurence Pevsner:
How did you come up with this game, Danny? Where did it come from? What was the inspiration? How did you end up writing about this particular topic?
Danny Crichton:
Yeah, about a year ago I was working with Miles Taylor and Evan Burfield, and they run the Future.us, a think tank focused on emerging technologies and either from a national security lens, from an economic development lens, what are the risks and rewards for those particular technologies? And one of Miles's major topics was election security. And so he had reached out to us, he's a friend of Locke's, I think we've maybe even had him on the podcast maybe two years ago. I lose track because there's so many episodes these days, but he's been a long time friend. And so we started collaborating and he was hosting basically a policy lab day for a bunch of secretaries of state, senate candidates, DHS, CISA, a bunch of the major agencies. And it was like, look, how can we make something more interactive, something that's actually connects the dots for folks beyond just a couple of demos and a big discussion panel, whatever.
And so that's where the genesis of the game is. It started with about 24 roles. It was a fairly small group, and then people kept joining. So some of the chaos of this game actually comes out of the fact that we started 24, we ended up with 54, and at some point I was like, I just can't do any more people. Ironically, and we'll get into the games we just ran this week in New York and DC, we actually had the exact same problem. People kept joining, people kept bringing friends. So we actually had to invent a couple of additional roles this week for New York that were comedic and funny. But the goal here was really to highlight the public-private partnership problem, which is the government has a certain piece of information. Obviously the private sector has an enormous amount of purview into elections, whether it's campaigns, advertising, influence, social media, messaging, narratives, whatever the case may be.
And that doesn't mean they have to influence those elections. They're trying to stay out of it, quite frankly. But they do know if Russia is spending money on particular ad networks or Iran or North Korea or whatever the case may be. And so being able to connect the dots from the private sector into the public sector was a huge part of that discussion.
Laurence Pevsner:
Yeah, that makes a lot of sense. What did you find when you were researching for the game? What surprised you about what you learned about election security AI? For example, I was really shocked by this idea that not all of the foreign actors are in it to influence the elections. Some might just be trying to make a quick buck. We have an instance of that with North Korea here. Can you talk more about that?
Danny Crichton:
Yeah. I think the media likes to focus on one or two narratives, and I call the Putin is bad narrative, and it's, Vladimir Putin is a dictator. He invaded Ukraine, he wants to influence the election in a certain way. And by the way, in a way of creating the most chaos and just trying to neutralize the United States as an actor, it's not even clear that there's a particular candidate necessarily, but trying to create chaos. And so that's a very clean narrative, and you hear it reinforced again and again across article after article after article. But when you actually get into the security issues around elections, the motivations are so much more diverse. The way that people go about influencing elections or just hitting them up logistically is so much more broad. So for instance, you don't necessarily have to change polls or you actually change ballots. You can just change the appearance of ballots.
So we have a thread around how do people hack into election systems to show the draft data so that the New York Times and Wall Street Journal and other media companies report bad data for a period of time, increasing the sense that the election is being stolen or the election is being changed. Nothing actually happens, but perception can matter just as much as the actual results. And so I think the highlight we were trying to do as I was doing research and trying to build out the threats was trying to show, look, there's a lot of chains of logic that it takes to actually understand what these threats are, that's A. B, that the motivations are very diverse, ranging from economic to political, to, again, just for having fun. So you have a teenage hacker that's going into the election system. They don't even have a political point of view, they're just having a good time.
And we also try to highlight these emerging technologies. So the interaction between SMS, generative AI, the ability to have new cybersecurity hacking tools, et cetera. Every election is different. We fast-forward, at least on the big cycles in the United States, every four years. And so all these technologies we didn't have in 2020. We didn't have ChatGPT, we didn't have Anthropic, we didn't have Runway, we didn't have any of this going back then. So we have all new playbooks every time we run an election. Those were the highlights.
Laurence Pevsner:
Yeah. And for me, one of the other highlights was the complexity stack, the way that, okay, we can have someone who's motivated just for the lols, they just make a fake video domestically. They don't have any foreign interference stacked on top of that, but then Russia or Iran or a bad threat actor can take that domestic product and then use it for their own ends. They can distort it, they can spread it using bot networks. That added complexity, I think for our players made it really hard to track where different threats were coming from and how the chain of custody worked.
Danny Crichton:
Yeah. And I would say, what you're getting at is this thing of amplification. So in some cases, you're not just trying to create something de novo, you're not trying to create a new organization because that's really hard if you're overseas to create a domestic organization and build it up. It's better just to highlight the things you think will create chaos. So you take things that are already happening and you drive advertising revenue to it, you drive attention to it, and so you can actually get a lot more bang for your buck. And that was one of the things we wanted to highlight. But that's the game. That's a lot of the threats. It's the concept of it. The full PDF, the rules, the scenario. You can read all of it now online, absolutely everything is public. We posted on to luxcapital.com/riskgaming, so do go there.
But the fun thing we did this week is we ran with a hundred people, two groups, one in New York City and one in DC, this scenario. We had about 65 or 66 folks here up in New York. We had about 35 down in DC. Laurence, you were the organizer, you joined us and organized this whole group together. We had this competitive two city technologists and financial people with a little bit of potpourri of policy down against the DC types. What happened?
Laurence Pevsner:
Well, it was fascinating, Danny. In advance thought it might be interesting to have slightly different groups, one in New York and one in DC, and see which one did better. And frankly, we were surprised, or at least I was surprised. The New York group scored 10.5 out of a possible 14 points, which is pretty good. And then the DC group scored 5.5 out of the possible 14. So really much poorer. They got walloped by New York, which goes against your intuitions a little bit. You would think the people who are experts on AI and cyber security and elections, people who actually work on these issues on a day-to-day basis would do better than a bit of a more potpourri crowd that we had in New York. But it was in fact exactly the opposite.
Danny Crichton:
And why was that?
Laurence Pevsner:
Well, I think there were a number of factors. One of the ones that stood out to me was this idea of what I call super connectors. There were people in New York who when they were going around the room, everyone was talking, trying to understand, okay, what clues represent different threats? There were people who would say, oh, the thing you're telling me about actually has nothing to do with the information that I know, but I talked to somebody else that has something related, so I'm going to connect you to. That was something we saw a lot of in New York, these people who were really interested in making sure that everybody talked to the right people, even if they were involved. And in DC, that was less of the case. There were more people were focused just on their particular area, what they actually knew. And if you weren't relevant to what they knew, they tried to move on quickly.
Danny Crichton:
And the other thing I noticed, particularly with the DC crowd is a lot of folks, every role has clues that they can offer into the group that either are real or not, but they don't know that. It's all authentic and no one's lying, but they have clues. And one of the interesting things that was very common in DC that you did not see in New York was people filtered themselves. So they would look at their clue and they would say, oh, I have this information about a North Korean unit that's trying to target the election, or whatever the case may be. And they would actually independently, without actually talking to anyone else, say, I don't think that's real. I don't think that's true. So I'm just not going to tell anyone about this information.
And what's interesting is in many cases, because of these complex threats, you actually have to connect dots across five, six, seven clues at the same time in order to figure out the full scope of what's taking place. When one person pulls out their piece of the pie, it's really hard to recover that because no one else has made that exact same piece of information and you're not able to connect the dots.
Laurence Pevsner:
And adding onto that, there was a bit of fox versus Hedgehog thinking as well, where even people who thought their clues were relevant, who thought their clues were true and weren't just hiding them, they still would not necessarily evaluate that someone else's clue that didn't seem directly related when they talked to them immediately, if they said, oh, do you have something about shooting at polling places? And they say, no, we don't, then they would just give up talking to them and try to move on quickly for the sake of efficiency. But the problem with that is that they might miss, okay, it doesn't on the surface in those three keywords seem related, but if I go a little bit deeper, we might be able to see actually there is an oblique connection that helps us piece this all together.
Danny Crichton:
And I think when you look at institutions, that's both foreign actors as well as domestic. They're not just doing one thing. And I think that's one of the additional complexities we try to add into this game is whether it's the Russians, the Iranians, the Chinese, a bunch of folks who want to influence US elections overseas and of course domestic groups as well. They're not just doing one thing. They're not just saying, I'm going to send a couple texts, and that's job well done for 2024. They're doing 20, 30, 50, a 100 different campaigns, thousands of different campaigns if you actually scale it up with AI. And so just because your one fact doesn't necessarily align with someone else, doesn't mean you completely understand everything that organization's trying to get done.
Laurence Pevsner:
Exactly. Well, there was also some things that both games had in common, I noticed. The same trends started to emerge with the way people played. For an example, I was the central command. People would come and report threats to me. And when people would come and report threats, first of all, they would often come towards the beginning of the scene. They would say, oh, I've got a threat. I've got a threat. And I'd say, okay, great. What's the threat? And they'd say, well, Iran is doing something shady. It's like, okay, that's not quite a threat. You need to give me a little bit more information on that. And so people would think they had something, they would feel it in their guts or they would see something there. But then actually when they tried to articulate it, it wasn't quite there yet. So that was very common.
Another thing that was common was people would report a threat and they would have some information, but then they would come back and be like, okay, wait, I just talked to five more people and I want to revise what we said earlier. And I thought that was actually quite good. People didn't just give up after they thought they had identified something. They kept talking and they kept moving around and they realized actually the complexity here is really important and we have to keep updating our priors.
Danny Crichton:
Yes. Yes. And look, this was a fiction, and it was a stylized fact of, look, we're bringing all these folks together. We have the CEOs of these companies, or in many cases, I think the titles were VP of policy or VP of government affairs from the private sector and obviously a lot of the agency directors. In real life, this doesn't really happen. We don't connect everyone into one room. There is no election security fusion cell. So even the storyline itself is fake. Now, we did have one special guest that came in in DC. Who was our special guest?
Laurence Pevsner:
Our special guest was Senator Mark Warner, and of course, he's the chairman of the Senate Intelligence Committee. So he works on some of these issues quite directly. And yeah, go ahead.
Danny Crichton:
And he was talking about how obviously he's working on this at the federal level, all the intelligence directors and everyone else getting ready for election security, both in the prior weeks and post the election. But we did talk a little bit about the challenges of connecting the private sector into the election community.
Laurence Pevsner:
Yeah. This is one of the things that even when the government is practicing this kind of thing, they often don't include the private sector in their practice sessions. And one of the things our game really highlighted was the way that, okay, we actually need everyone at the table. You need to know that one of the big telecommunications operators will actually have information that's quite relevant to a potential hack or to understanding where threats are coming from. And if you aren't practicing with those people, if we had just cut all of the private sector roles out of our game, I think it would be an impossible game.
Danny Crichton:
Because you just have this entire black hole of knowledge that you don't have. And so none of those dots can get connected with lines. And the other thing that Senator Warner highlighted, which I agreed with thematically is, and we started at the top of the show, is deep fakes has not been as big of an issue in this election as I think a lot of people feared a year ago.
Laurence Pevsner:
So far.
Danny Crichton:
So far, so far, yet, yet. But so far, we have not seen phone calls, we've not seen videos, we've not seen texts. There's been little itsy bitsy pieces of this here and there. It does percolate a little bit, but does not seem that at least as what we know so far, and that maybe there's millions of voters who have been affected by something that we have not seen yet. Hard to believe given that kind of scale. We have not seen sort of a complete deep fakes of public figures influencing the election from foreign actors.
Laurence Pevsner:
But what we know is that every election is different. Every four years, there's a totally different mishmash of threats. The technology has been updated both on the voting side, how we vote changes, and then also what the threats are and what their capabilities are. Deep fakes were really not a possibility to be convincing four years ago. They are fairly convincing now, but they're going to be much more convincing four years from now. So I think that even if we haven't seen much of the deep fake threat, it's the dog didn't bark this time. It's going to be barking soon.
Danny Crichton:
Yes, yes. So let's talk about some solutions before we close out here. So one of the things that I suggested as a potential solution is, look, elections are very infrequent. It's actually one of the most important takeaways we try to deliver as a learning objective, if you will, for this risk gaming scenario. But elections don't happen that often. And so we can't employ thousands of cybersecurity professionals whose job it is to protect elections because they happen to infrequently. You can't have these folks on staff all the time. And so, one of the things to really emphasize is how do we have some surge capability around cybersecurity, around intelligence collection, around basically this fusion cell mentality of saying, look, for 46 months a year in the cycle, we're totally fine. We don't really have to do that much, but a couple months, every four years, we actually need this huge surge of people who are collecting data, synthesizing it, delivering it across both the federal government and the private sector and asking questions around what's happening around security. We don't have the capability today.
Laurence Pevsner:
Yeah. And to that end, whether we have a cybersecurity surge or whatever group you want to get together, we should be getting groups together like this. We should have some practice sessions that include the private sector, that allow everyone to get in a room together. People walked away from this experience, wow, I learned so much. Even people who had long expertise in this field. It's just different to actually have that face-to-face communication where you understand that complexity and practice makes perfect.
Danny Crichton:
That's right. And I think keep practicing is going on really, really important. And then one of the things that we try to emphasize, and unless you really understand the election system, elections are handled at the local level. So in the United States, we don't have a national election bureau. All the voting machines are not the same in every single district. That's very common throughout the western industrialized world. But we don't see that here. We have basically a bottoms-up approach to elections. Every county handles it on its own. And so, one of the biggest challenges as you're thinking about trying to secure thousands and thousands of counties, all of whom are underfunded, under strapped, understaffed, because again, they happen to infrequently, you're using these machines every couple of years. By the time you come back to it, you're like, okay, we need new machines in the same way you upgrade your own laptop or whatever the case may be, trying to figure out ways of decentralizing, building up capacity at the county level for these election bureaus to be safer and stronger with each cycle.
Laurence Pevsner:
Yeah. In risk gaming, we often talk about trade-offs, that every decision is a trade-off. And that's true for the way we run our elections as well. So we do have this bottom-up approach. And on the one hand, that means there's lots of different ways that we vote in this country. And every county has their own system, their own way of protecting those votes. And that means it's a little bit... A hacker can't just say, oh, I'm going to hack the entire United States election, because you can target a county, you can target a group. You can't just do the whole thing. On the other hand, we also know that we've gotten so good at polling and identifying what the swing states are and what the swing counties are, that as a hacker, you don't actually need to hack the entire United States election to affect an outcome. You just have to hack the most important counties.
Danny Crichton:
That's right. So we focus on Maricopa County, we focus on Miami-Dade County. We focus on, and ironically, I think Miami-Dade is not as much of a swing as it used to be in the last few cycles. So again, these things get updated. But we do know that there are pinch points in the US election system. We're here in New York City. I can assure you none of our votes matter for any outcome at the presidential election. But they do matter in a lot of other places. And it's not just the Americans who understand this. Foreign adversaries also understand that as well. And I actually say it is a huge advantage for them to do their influence campaigns.
Laurence Pevsner:
Yeah, exactly. And so I think we were talking about solutions, and one of the solutions is for us to really beef up security in exactly the places we suspect we're most vulnerable and where we know we're going to be targeted. It just makes logical sense that we don't need to have as much of an emphasis on protecting the cyber votes in New York where we know what are, frankly, we know how the state is going to vote versus in a place like Pennsylvania.
Danny Crichton:
That's right. So look, that's basically it. Laurence, any other thoughts before we close out?
Laurence Pevsner:
I would just say we're going to be doing a lot more of this. We ran this game twice. We're going to continue to run the game. We encourage other people out there to run the game. The entire PDF is online. All the information you need to do to run your own game is there. And so if you do run the game, let us know. We want to hear what the results are. Hopefully you can do better than DC with a 5.5 and let us know if you beat New York's 10.5.
Danny Crichton:
You can beat the real professionals. So deep fake and deep six AI election security in the future of democracy risk gaming scenario number two, you can download at luxcapital.com/riskgaming. And if you ever want to join one of our in-person run throughs with us, with me, Danny Crichton, and Laurence Pevsner, please reach out to us, riskgaming@luxcapital.com. Send us an email. We'll get you signed up. It doesn't matter where the city is, we are doing games all over the world. We're doing a game in Tokyo coming up here in a little bit, although that's already closed. We've done games in London, all across Europe and across the United States. So no matter where you are, we'd love to host you, riskgaming@luxcapital.com. And with that, I'm Danny Crichton. Thank you so much for joining us.
Laurence Pevsner:
I'm Laurence Pevsner. Thanks for joining us.