Page 1 of
2 Will the
Apocalypse arrive online? By
Karen J Greenberg
First the financial
system collapses and it's impossible to access
one's money. Then the power and water systems stop
functioning. Within days, society has begun to
break down. In the cities, mothers and fathers
roam the streets, foraging for food. The country
finds itself fractured and fragmented - hardly
recognizable. It may sound like a scene from a
zombie apocalypse movie or the first episode of
the National Broadcasting Co's popular new show
Revolution, but it could be your life - a
nationwide cyber-version of Ground Zero.
Think of it as September 11, 2015. It's US
Secretary of Defense Leon Panetta's vision of the
future - and if he's right (or maybe
even if he isn't), you
had better wonder what the future holds for
erstwhile American civil liberties, privacy, and
constitutional protections.
Last week,
Panetta addressed the Business Executives for
National Security, an organization devoted to
creating a robust public-private partnership in
matters of national security. Standing inside the
Intrepid, New York's retired
aircraft-carrier-cum-military-museum, he offered a
hair-raising warning about an imminent and
devastating cyber-strike at the sinews of American
life and well-being.
Yes, he did use that
old alarm bell of a "cyber-Pearl Harbor", but for
anyone interested in US civil liberties and
rights, his truly chilling image was far more
immediate. "A cyber-attack perpetrated by
nation-states or violent extremist groups," he
predicted, could be as destructive as the
terrorist attack of September 11, 2001.
Panetta is not the first official in the
administration of US President Barack Obama to
warn that the nation could be facing a
cyber-catastrophe, but he is the highest-ranking
to resort to September 11 imagery in doing so.
Going out on a limb that previous cyber doomsayers
had avoided, he mentioned September 11 four times
in his speech, referring to America's current
vulnerabilities in cyberspace as "a pre-9/11
moment".
Apocalypse soon Since
the beginning of the Obama presidency, warnings of
cyber-menaces from foreign enemies and others have
flooded the news. Politicians have chimed in, as
have the experts - from respected security
professionals like former president George W
Bush's chief counterterrorism adviser Richard
Clarke to security policymakers on Capitola Hill
like Senators Joe Lieberman and Susan Collins.
Even America's no-drama president has
weighed in remarkably dramatically on the severity
of the threat. "Taking down vital banking systems
could trigger a financial crisis," he wrote in The
Wall Street Journal. "The lack of clean water or
functioning hospitals could spark a public health
emergency. And as we've seen in past blackouts,
the loss of electricity can bring businesses,
cities, and entire regions to a standstill."
Panetta's invocation of September 11 was,
however, clearly meant to raise the stakes, to
sound a wake-up call to the business community,
the US Congress, and the nation's citizens. The
predictions are indeed frightening. According to
the best experts, the consequences of a massive,
successful cyberattack on crucial US systems could
be devastating to life as we know it.
It's
no longer just a matter of intellectual-property
theft, but of upending the life we lead. Imagine
this: Instead of terrorists launching planes at
two symbolic buildings in the world's financial
center, cyber-criminals, terrorists, or foreign
states could launch viruses into major financial
networks via the Internet, or target America's
power grids, robbing citizens of electricity (and
thus heat in the middle of winter), or disrupt the
systems that run public transportation, or
contaminate the water supply.
Any or all
of these potential attacks, according to leading
cyber-experts, are possible. Though they would be
complex and difficult operations, demanding
technical savvy, they are nonetheless within the
realm of present possibility. Without protections,
US citizens could be killed outright (say on a
plane or a train) or left, as Obama warned,
without food, fuel, water and the mechanisms for
transacting daily business.
For those of
us who have lived inside the national-security
conversation for more than a decade now, such
early warnings of dire consequences might sound
tediously familiar, just another example of the
(George W) Bush who cried wolf. After all, in the
wake of the actual September 11 attacks,
governmental overreach became commonplace, based
on fear-filled scenarios of future doom.
Continual hysteria over a domestic terror
threat and (largely non-existent) al-Qaeda
"sleeper cells" bent on chaos led to the
curtailing of the civil liberties of large
segments of the US Muslim population and, more
generally, far greater surveillance of Americans.
That experience should indeed make us suspicious
of doomsday predictions and distrustful of claims
that extraordinary measures are necessary to
protect "national security".
For the
moment, though, let's pretend that we haven't been
through a decade in which national-security needs
were used and sometimes overblown to trump
constitutional protections. Instead, let's take
the recent cyber-claims at face value and assume
that Richard Clarke, who before September 11,
2001, warned continuously of an impending attack
by al-Qaeda, is correct again.
And while
we're not dismissing these apocalyptic warnings,
let's give a little before-the-fact thought not
just to the protection of America's resources,
information systems and infrastructure, but to
what's likely to happen to rights, liberties and
the rule of law once we're swept away by
cyber-fears. If you imagined that good
old-fashioned rights and liberties were made
obsolete by the Bush administration's "global war
on terror", any thought experiment you perform on
what a response to cyberwar might entail is far
worse.
Remember former White House counsel
Alberto Gonzales telling us that when it came to
the interrogation of suspected terrorists, the
protections of the US constitution were "quaint
and obsolete"? Remember the argument, articulated
by many, that torture, Guantanamo and warrantless
wiretapping were all necessary to prevent another
September 11, whatever they did to Americans'
liberties and laws?
Now, fast-forward to
the new cyber-era, which, we are already being
told, is at least akin to the threat of September
11 (and possibly far worse). And keep in mind that
if the fears rise high enough, many of the sorts
of moves against rights and constitutional
restraints that came into play only after
September 2001 might not need an actual
cyber-disaster. Just the fear of one might do the
trick.
Not surprisingly, the
language of cyber-defense, as articulated by
Panetta and others, borrows from the recent
lexicon of counterterrorism. In Panetta's words,
"Just as [the Pentagon] developed the world's
finest counterterrorism force over the past
decade, we need to build and maintain the finest
cyber-operators."
The cyber threat to
US rights and liberties Cyber is "a new
terrain for warfare", Panetta tells us, a
"battlefield of the future". So perhaps it's time
to ask two questions: In a world of cyber-fear,
what has the "war on terror" taught us about
protecting ourselves from the excesses of
government? What do policymakers, citizens and
civil libertarians need to think about when it
comes to rights that would potentially be
threatened in the wake of, or even in anticipation
of, a cyberattack?
Here, then, are several
potential threats to constitutional liberties,
democratic decision-making processes, and the rule
of law to watch out for in this new cyberwar era.
The threat to
privacy In the "war
on terror", the US government - thanks to the
Patriot Act and the warrantless surveillance
program, among other efforts - expanded its
ability to collect information on individuals
suspected of terrorism. It became a net that could
snag all sorts of Americans in all sorts of ways.
In cyberspace, of course, the potential for
collecting, sharing and archiving data on
individuals, often without a warrant, increases
exponentially, especially when potential attacks
may target information itself.
A recent
probe by the US Federal Bureau of Investigation
illustrates the point. The Coreflood Botnet
utilized viruses to steal personal and financial
information from millions of Internet users,
including hospitals, banks, universities and
police stations. The focus of the Coreflood threat
- which also means its interface with the
government - was private information. The FBI got
warrants to seize the command-and-control servers
that acted as an intermediary for the stolen
information.
At that point, the government
was potentially in possession of vast amounts of
private information on individual US citizens. The
FBI then offered assurances that it would not
access or make use of any of the personal
information held on those servers.
But in an age that has become
increasingly tolerant of - or perhaps resigned to
- the government's pursuit of information in
violation of privacy rights, the prospects for
future cyber-security policy are worrisome. After
all, much of the information that might be at risk
in so many potential cyberattacks - let's say on
banks - would fall into the private sphere. Yet
the government, citing national security, could
persuade companies to turn over that those data,
store them, and use them in various ways, all the
while claiming that its acts are "preventive" in
nature and so not open to debate or challenge. And
as in so many post-September 11 cases, the courts
might back such claims up.
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
