May 20, 2013
Will the Apocalypse Arrive Online?
Posted on Oct 22, 2012
By Karen Greenberg, TomDispatch
Remember former White House Council Alberto Gonzales telling us that, when it came to the interrogation of suspected terrorists, the protections of the U.S. Constitution were “quaint and obsolete”? Remember the argument, articulated by many, that torture, Guantanamo, and warrantless wiretapping were all necessary to prevent another 9/11, whatever they did to our liberties and laws?
Now, fast forward to the new cyber era, which, we are already being told, is at least akin to the threat of 9/11 (and possibly far worse). And keep in mind that, if the fears rise high enough, many of the sorts of moves against rights and constitutional restraints that came into play only after 9/11 might not need an actual cyber disaster. Just the fear of one might do the trick.
Not surprisingly, the language of cyber defense, as articulated by Panetta and others, borrows from the recent lexicon of counterterrorism. In Panetta’s words, “Just as [the Pentagon] developed the world’s finest counterterrorism force over the past decade, we need to build and maintain the finest cyber operators.”
The Cyber Threat to American Rights and Liberties
Here, then, are several potential threats to constitutional liberties, democratic decision-making processes, and the rule of law to watch out for in this new cyber war era:
The Threat to Privacy: In the war on terror, the government—thanks to the Patriot Act and the warrantless surveillance program, among other efforts—expanded its ability to collect information on individuals suspected of terrorism. It became a net that could snag all sorts of Americans in all sorts of ways. In cyber space, of course, the potential for collecting, sharing, and archiving data on individuals, often without a warrant, increases exponentially, especially when potential attacks may target information itself.
A recent FBI investigation illustrates the point. The Coreflood Botnet utilized viruses to steal personal and financial information from millions of Internet users, including hospitals, banks, universities, and police stations. The focus of the Coreflood threat—which also means its interface with the government—was private information. The FBI got warrants to seize the command-and-control servers that acted as an intermediary for the stolen information. At that point, the government was potentially in possession of vast amounts of private information on individual American citizens. The FBI then offered assurances that it would not access or make use of any of the personal information held on those servers.
But in an age that has become increasingly tolerant of—or perhaps resigned to—the government’s pursuit of information in violation of privacy rights, the prospects for future cyber-security policy are worrisome. After all, much of the information that might be at risk in so many potential cyber attacks—let’s say on banks—would fall into the private sphere. Yet the government, citing national security, could persuade companies to turn over that that data, store it, and use it in various ways, all the while claiming that its acts are “preventive” in nature and so not open to debate or challenge. And as in so many post-9/11 cases, the courts might back such claims up.
Once the information has been shared within the government, who’s to say how long it will be held and how it will be used in the future? Or what agency guidelines exist, if any, to ensure that it won’t be warehoused for future uses of quite a different sort? As former Department of Homeland Security head Michael Chertoff put it, “You need to have a certain amount of accountability so government doesn’t run roughshod [over people’s right to privacy] and that’s been a hard thing to architect.”
Enemy Creep: If you think it’s been difficult to reliably distinguish enemies from the rest of us in the war on terror (as in the 600 Guantanamo detainees that the Bush administration finally declared “no longer enemy combatants” and sent home), try figuring it out in cyber space. Sorting out just who launched an attack and in whose name can be excruciatingly difficult. Even if, for example, you locate the server that introduced the virus, how do you determine on whose behalf such an attack was launched? Was it a state or non-state actor? Was it a proxy or an original attack?
The crisis of how to determine the enemy in virtual space opens up a host of disturbing possibilities, not just for mistakes, but for convenient blaming. After all, George W. Bush’s top officials went to war in Iraq labeling Saddam Hussein an ally of al-Qaeda, even when they knew it wasn’t true. Who is to say that a president won’t use the very difficulty of naming an online enemy as an excuse to blame a more convenient target?
War or Crime?: And what if that enemy is domestic rather than international? Will its followers be deemed “enemy combatants” or “lawbreakers”? If this doesn’t already sound chillingly familiar to you, it should. It was an early theme of the war on terror where, beginning with its very name, “war” won out over crime.
Cyber attacks will raise similar questions, but the stakes will be even higher. Is a hacker attempting to steal money working on his own or for a terrorist group, or is he essentially a front for an enemy state eager to take down the U.S.? As Kelly Jackson Higgins, senior editor at the information security blog Dark Reading, reminds us, “Hackers posing as other hackers can basically encourage conflict among other nations or organizations, experts say, and sit back and watch.”
1 2 3 NEXT PAGE >>>
Previous item: Character Matters at the Foreign Policy Debate
New and Improved Comments