Last night Intelligence Squared and Neustar conducted a fascinating, Oxford style debate on whether the threat of cyber war has been exaggerated. A packed house at the Newseum in Washington, DC heard four cyber heavyweights go toe-to-toe verbally both for and against the proposition that the threat has been exaggerated. The audience size was all the more impressive considering the competition on a very big night in DC — Stephen Strasberg was making his major league pitching debut, Conan O'Brien was in town and there was also a James Taylor/Carole King concert.
The discussion was fascinating and a welcome change from the self-interested rhetoric that often surrounds this important issue. I've got a strong personal interest, but I was attending last night in a professional capacity. I assist Neustar with their public relations, and had invited some media to attend last night. Mostly I was introducing them to Neustar exec and long-time Internet expert Rodney Joffe.
Rodney also serves as Chairman of the Conficker Working Group and was just featured prominently in an excellent Atlantic Monthly article on the battle against Conficker. There were lots of interesting people in the crowd — while talking to Chris Dorobek of Federal News Radio, he introduced me to Craig Newmark, the founder of Craigslist. It was very cool to meet the guy behind one of the seminal successes of Internet commerce, and one who has steadfastly refused to cash out.
The teams arguing for and against the proposition were very distinguished. Arguing for, in other words Yes the threat has been greatly exaggerated, were:
Marc Rotenberg, executive director of the Electronic Privacy Information Center and adjunct professor of information privacy law at Georgetown University.
Bruce Schneier, renowned security technologist, author of Crypto-Gram and chief security technology officer at BT.
Arguing against the motion, in other words No the threat has NOT exaggerated:
Mike McConnell, VAMD (Retired) and executive vice president and leader of the National Security Business for Booz Allen Hamilton. McConnell served from 2007-2009 as US Director of National Intelligence (DNI), under Presidents Bush and Obama.
Jonathan Zittrain, professor of law at Harvard Law School and co-founder of its Berkman Center for Internet and Society.
John Donvan of ABC's Nightline was the moderator, and he explained the rules. Each member would be given strict time slots, like in a political debate. All panelists would give opening statements, then they would have seven minutes to speak, then there would be Q&A from the audience. Every member of the audience had a keypad device tethered to their chair. Opinions would be taken at the start, and then again after the debate. The team that had changed the most minds in the audience would be declared the winners.
Here's where the audience stood prior to the debate, on the question of whether the cyber war threat was exaggerated:
Yes, it is exaggerated: 23%
No, it's not exaggerated: 54%
Man, I'm just so undecided: 22%
So Marc and Bruce were starting out in a hole, but there was a large block of undecided voters in the audience. But the winning team didn't need a majority as in an election; they just had to move the most minds.
There's no way for me to capture every thrust and parry. Suffice to say the debate broke down pretty much like this — Marc and Bruce argued that the exaggeration of the cyber war threat was the continuation of a campaign by government and the military to control the Internet. Mike and Jonathan said no its not, it's a realistic appraisal of the risks today and they can be resolved without ceding too much control to the military and becoming a police state.
Here are some specific speaker notes I jotted down:
Marc – Very passionate on privacy, made some good points about the NSA's Clipper Chip efforts in the early 1990's to force everyone to use encryption they controlled, got in some points about the government pressuring ISPs and telcos to break the law and release personal data after 9/11.
Bruce – Seemed to deliberately take the most blase tone of the speakers, called the rhetoric around cyber war "silly," made the good point that when you view things as criminal you get police solutions, when you view things as war you get military solutions. On two occasions Bruce also seemed to make an implicit accusation that working for Booz Allen Hamilton warped McConnell's view on the proposition, making reference to $400 million in BAH cybersecurity government contracts.
Now I dislike the revolving door of public service to private profit in DC as much as the next guy, but this seemed to me an ad hominem attack that didn't seek to persuade the audience through logic.
Mike – This debate had nothing to do with controlling the Internet, and he repeatedly mentioned that if Congress gets the "law right," that won't be an issue. He also threw out some financial numbers to highlight our current vulnerability. According to him, in an economy that totals about $14 trillion per year, two banks in New York routinely move over $7 trillion per day. What if just those two banks could be disrupted? When the panel debated just what war is - how can you have war without actual fighting and destruction, etc. — McConnell made a comparison the Cold War period. No fighting, but most considered it war at the time.
Jonathan – He conceded that many often exaggerate the threat but didn't think considering it war naturally leads to a police state. He described the way the Internet works as "bizarre," it's surprising it actually does work most of the time and stressed the vulnerabilities. He referenced the Pakistan blocking YouTube incident, and talked about how Professor Edward Felten at Princeton thinks he could take down the Internet in two weeks, given the right team and resources.
OK, enough suspense. Here's where the audience stood after the debate concluded:
Yes, threat is exaggerated: went from 23% to 24%
No, threat is not exaggerated: went from 54% to 71%
Man, I'm still just so undecided: went from 22% to 6%
So Mike and Jonathan won the debate, pretty handily in fact. I was in the small undecided minority — I actually went from a No, not exaggerated to an undecided vote. I agree with the majority that Mike and Jonathan presented better than Marc and Bruce, but I feel the For team did make important points that suggest this very important topic can't be decided during a one hour debate, for me at least.
Maybe that will strike some readers as a punt by me. I'd really like to hear what CircleID-ers think about this question, which I'm sure will be revisited as both the cyber threats and our dependence on the Internet continue to grow. The debate will be distributed via Bloomberg TV, NPR radio and Newsweek magazine. If an online video feed eventually becomes available, I'll add it to this post.
Update: Jun, 18, 2010 – Video recording of the Intelligence Squared debate “The Cyber War Threat Has Been Grossly Exaggerated” posted below:
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DDoS Protection
Neustar DNS Services
Minds + Machines