Page 2 of
2 Will the
Apocalypse arrive online? By
Karen J Greenberg
Once the information has
been shared within the government, who's to say
how long it will be held and how it will be used
in the future? Or what agency guidelines exist, if
any, to ensure that it won't be warehoused for
future uses of quite a different sort? As former
Department of Homeland Security head Michael
Chertoff put it, "You need to have a certain
amount of accountability so government doesn't run
roughshod [over people's right to privacy], and
that's been a hard thing to architect."
Enemy creep. If you think it has
been difficult to distinguish enemies reliably
from the rest of us in the "war on terror" (as in
the 600 Guantanamo detainees that the Bush
administration
finally declared "no
longer enemy combatants" and sent home), try
figuring it out in cyberspace. Sorting out just
who launched an attack and in whose name can be
excruciatingly difficult. Even if, for example,
you locate the server that introduced the virus,
how do you determine on whose behalf such an
attack was launched? Was it a state or non-state
actor? Was it a proxy or an original attack?
The crisis of how to determine the enemy
in virtual space opens up a host of disturbing
possibilities, not just for mistakes, but for
convenient blaming. After all, George W Bush's top
officials went to war in Iraq labeling Saddam
Hussein an ally of al-Qaeda, even when they knew
it wasn't true. Who is to say that a US president
won't use the very difficulty of naming an online
enemy as an excuse to blame a more convenient
target?
War or crime? And what if
that enemy is domestic rather than international?
Will its followers be deemed "enemy combatants" or
"lawbreakers"? If this doesn't already sound
chillingly familiar to you, it should. It was an
early theme of the "war on terror" where,
beginning with its very name, "war" won out over
crime.
Cyberattacks will raise similar
questions, but the stakes will be even higher. Is
a hacker attempting to steal money working on his
own or for a terrorist group, or is he in essence
a front for an enemy state eager to take down the
US? As Kelly Jackson Higgins, senior editor at the
information security blog Dark Reading, reminds
us, "Hackers posing as other hackers can basically
encourage conflict among other nations or
organizations, experts say, and sit back and
watch."
Expanding presidential
fiat. National-security professionals like
Defense Secretary Panetta are already encouraging
another cyber-development that will mimic the "war
on terror". Crucial decisions, they argue, should
be the president's alone, leaving Congress and the
American people out in the cold. President Bush,
of course, reserved the right to determine who was
an enemy combatant. President Obama has reserved
the right to choose individuals for drone
assassination on his own.
Now, an ever
less checked-and-balanced executive is going to be
given war powers in cyberspace. In fact, we know
that this is already the case, that the last two
US administrations have launched the first state
cyberwar in history - against Iran and its nuclear
program. Going forward, the White House is likely
to be left with the power of deciding who is a
cyberattacker, and when and how such enemies
should be attacked.
In Panetta's words,
"If we detect an imminent threat of attack that
will cause significant, physical destruction in
the United States or kill American citizens, we
need to have the option to take action against
those who would attack us to defend this nation
when directed by the president."
Given the
complex and secretive world of cyberattacks and
cyberwar, who is going to cry foul when the
president alone makes such a decision? Who will
even know?
Secrecy creep. While
government officials are out in full force warning
of the incipient cyber-threat to our way of life,
it's becoming ever clearer that the relationship
between classified information, covert activities,
and what the public can know is being further
challenged by the new cyber-world. In the "war on
terror" years, a cult of government secrecy has
spread, while Obama administration attacks on
government leakers have reached new heights. On
the other hand, Julian Assange and WikiLeaks made
the ability to access previously classified
information a household premise.
So the
attempt to create an aura of secrecy around
governmental acts is on the rise and yet
government secrets seem ever more at risk. For
example, the US intended to keep the Stuxnet
virus, launched anonymously against Iranian
nuclear facilities, a secret. Not only did the
attacks themselves become public knowledge, but
eventually the US-Israeli ownership of the attack
leaked out as well. The old adage "the truth will
out" certainly seems alive today, and yet the
governmental urge for secrecy still remains
ascendant.
The question is: Will there be
a heightened call - however futile - for increased
secrecy and the ever more draconian punishment of
leakers, as has been the case in the "war on
terror"? Will the strong arm of government
threaten, in an ever more draconian manner, the
media, leakers, and those demanding transparency
in the name of exposing lawless policies - as has
happened with Central Intelligence Agency leaker
John Kiriakou, New York Times reporter James
Risen, and others?
Facing the
cyber-age When it comes to issues like
access to information and civil-liberties
protections, it could very well be that the era of
Big Brother is almost upon us, whether we like it
or not, and that fighting against it is obsolete
behavior. On the other hand, perhaps we're heading
into a future in which the government will have to
accept that it cannot keep secrets as it once did.
Whatever the case, most of us face enormous
unknowns when it comes to how the cyber-world,
cyber-dangers, and also heightened cyber-fears
will affect both America's security and Americans'
liberties.
On the eve of the US
presidential election, it is noteworthy that
neither candidate has had the urge to discuss
cyber-security lately. And yet the US has launched
a cyberwar and has seemingly recently experienced
the first case of cyber-blowback. The websites of
several of the major banks were attacked last
month, presumably by Iran, interrupting online
access to accounts.
With so little
reliable information in the public sphere and so
many potential pitfalls, both Obama and his
challenger Mitt Romney seem to have decided that
it's just not worth their while to raise the
issue. In this, they have followed Congress'
example. The failure to pass regulatory
legislation this year on the subject revealed a
bipartisan unwillingness of US representatives to
expose themselves to political risk when it comes
to cyber-legislation.
Whether officials
and policymakers are willing to make the tough
decisions or not, cyber-vulnerabilities are more
of a reality than was the threat of sleeper cells
after September 11, 2001. It may be a stretch to
go from cynicism and distrust in the face of
color-coded threat levels to the prospect of
cyberwar, but it's one that needs to be taken.
Given what we know about fear and the
destructive reactions it can produce, it would be
wise to jump-start the protections of law,
personal liberties and governmental
accountability. Whoever the next US president may
be, the cyber-age is upon us, carrying with it a
new threat to liberty in the name of security.
It's time now - before either an actual attack or
a legitimate fear of such an attack - to protect
what's so precious in American life, its
liberties.
Karen Greenberg is
the director of the Center on National Security at
Fordham Law School, a TomDispatch regular, and the
author of The Least Worst Place: Guantanamo's
First One Hundred Days, as well as the editor
of The Torture Debate in America. Research
assistance for this article was provided by Jason
Burke and Martin West.
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
