Page 2 of 2
Will the Apocalypse arrive online?
By Karen J Greenberg

Once the information has been shared within the government, who's to say how long it will be held and how it will be used in the future? Or what agency guidelines exist, if any, to ensure that it won't be warehoused for future uses of quite a different sort? As former Department of Homeland Security head Michael Chertoff put it, "You need to have a certain amount of accountability so government doesn't run roughshod [over people's right to privacy], and that's been a hard thing to architect."

Enemy creep
If you think it has been difficult to distinguish enemies reliably from the rest of us in the "war on terror" (as in the 600 Guantanamo detainees that the Bush administration finally declared "no longer enemy combatants" and sent home), try figuring it out in cyberspace. Sorting out just who launched an

 

attack and in whose name can be excruciatingly difficult. Even if, for example, you locate the server that introduced the virus, how do you determine on whose behalf such an attack was launched? Was it a state or non-state actor? Was it a proxy or an original attack?

The crisis of how to determine the enemy in virtual space opens up a host of disturbing possibilities, not just for mistakes, but for convenient blaming. After all, George W Bush's top officials went to war in Iraq labeling Saddam Hussein an ally of al-Qaeda, even when they knew it wasn't true. Who is to say that a US president won't use the very difficulty of naming an online enemy as an excuse to blame a more convenient target?

War or crime?
And what if that enemy is domestic rather than international? Will its followers be deemed "enemy combatants" or "lawbreakers"? If this doesn't already sound chillingly familiar to you, it should. It was an early theme of the "war on terror" where, beginning with its very name, "war" won out over crime.

Cyberattacks will raise similar questions, but the stakes will be even higher. Is a hacker attempting to steal money working on his own or for a terrorist group, or is he in essence a front for an enemy state eager to take down the US? As Kelly Jackson Higgins, senior editor at the information security blog Dark Reading, reminds us, "Hackers posing as other hackers can basically encourage conflict among other nations or organizations, experts say, and sit back and watch."

Expanding presidential fiat
National-security professionals like Defense Secretary Panetta are already encouraging another cyber-development that will mimic the "war on terror". Crucial decisions, they argue, should be the president's alone, leaving Congress and the American people out in the cold. President Bush, of course, reserved the right to determine who was an enemy combatant. President Obama has reserved the right to choose individuals for drone assassination on his own.

Now, an ever less checked-and-balanced executive is going to be given war powers in cyberspace. In fact, we know that this is already the case, that the last two US administrations have launched the first state cyberwar in history - against Iran and its nuclear program. Going forward, the White House is likely to be left with the power of deciding who is a cyberattacker, and when and how such enemies should be attacked.

In Panetta's words, "If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us to defend this nation when directed by the president."

Given the complex and secretive world of cyberattacks and cyberwar, who is going to cry foul when the president alone makes such a decision? Who will even know?

Secrecy creep
While government officials are out in full force warning of the incipient cyber-threat to our way of life, it's becoming ever clearer that the relationship between classified information, covert activities, and what the public can know is being further challenged by the new cyber-world. In the "war on terror" years, a cult of government secrecy has spread, while Obama administration attacks on government leakers have reached new heights. On the other hand, Julian Assange and WikiLeaks made the ability to access previously classified information a household premise.

So the attempt to create an aura of secrecy around governmental acts is on the rise and yet government secrets seem ever more at risk. For example, the US intended to keep the Stuxnet virus, launched anonymously against Iranian nuclear facilities, a secret. Not only did the attacks themselves become public knowledge, but eventually the US-Israeli ownership of the attack leaked out as well. The old adage "the truth will out" certainly seems alive today, and yet the governmental urge for secrecy still remains ascendant.

The question is: Will there be a heightened call - however futile - for increased secrecy and the ever more draconian punishment of leakers, as has been the case in the "war on terror"? Will the strong arm of government threaten, in an ever more draconian manner, the media, leakers, and those demanding transparency in the name of exposing lawless policies - as has happened with Central Intelligence Agency leaker John Kiriakou, New York Times reporter James Risen, and others?

Facing the cyber-age
When it comes to issues like access to information and civil-liberties protections, it could very well be that the era of Big Brother is almost upon us, whether we like it or not, and that fighting against it is obsolete behavior. On the other hand, perhaps we're heading into a future in which the government will have to accept that it cannot keep secrets as it once did. Whatever the case, most of us face enormous unknowns when it comes to how the cyber-world, cyber-dangers, and also heightened cyber-fears will affect both America's security and Americans' liberties.

On the eve of the US presidential election, it is noteworthy that neither candidate has had the urge to discuss cyber-security lately. And yet the US has launched a cyberwar and has seemingly recently experienced the first case of cyber-blowback. The websites of several of the major banks were attacked last month, presumably by Iran, interrupting online access to accounts.

With so little reliable information in the public sphere and so many potential pitfalls, both Obama and his challenger Mitt Romney seem to have decided that it's just not worth their while to raise the issue. In this, they have followed Congress' example. The failure to pass regulatory legislation this year on the subject revealed a bipartisan unwillingness of US representatives to expose themselves to political risk when it comes to cyber-legislation.

Whether officials and policymakers are willing to make the tough decisions or not, cyber-vulnerabilities are more of a reality than was the threat of sleeper cells after September 11, 2001. It may be a stretch to go from cynicism and distrust in the face of color-coded threat levels to the prospect of cyberwar, but it's one that needs to be taken.

Given what we know about fear and the destructive reactions it can produce, it would be wise to jump-start the protections of law, personal liberties and governmental accountability. Whoever the next US president may be, the cyber-age is upon us, carrying with it a new threat to liberty in the name of security. It's time now - before either an actual attack or a legitimate fear of such an attack - to protect what's so precious in American life, its liberties.

Karen Greenberg is the director of the Center on National Security at Fordham Law School, a TomDispatch regular, and the author of The Least Worst Place: Guantanamo's First One Hundred Days, as well as the editor of The Torture Debate in America. Research assistance for this article was provided by Jason Burke and Martin West.

Used with permission TomDispatch.

(Copyright 2012 Karen J Greenberg)

1 2 Back