Home / Blogs

The Militarization of the Internet

Susan Crawford

Someone needs to take a good hard look at those Internet surveillance stories being strategically placed on the front page of the New York Times.

There's a trail here, I believe, that's worth following. Here are some data points:

1. Cyberattack – there appears to be a deep interest in the ability to declare war online, as evidenced by cybersecurity research and public speeches by Herbert Lin, a key player who has worked on several cybersecurity reports for the National Research Council. Ethan Zuckerman has summarized a presentation by Lin, which included the following paraphrase of Lin's remarks:

If we're interested in pre-empting cyber attack, "you need to be in the other guy's networks." But that may mean breaking into the home computers of US citizens. To the extent that cloud computing crosses national borders, perhaps we're attacking computers in multiple jurisdictions. Lin wonders whether a more authenticated internet will actually help us to pre-empt attack. And he reminds us that US Strategic Command asserts authorization to conduct "active threat neutralization" — i.e., logging into your machine to stop an attack in progress. . . .

Dr. Lin notes that it's not a violation of international law to collect intelligence abroad. It's possible to engage in covert action as regulated by US statute. And there's an array of possible responses the US could launch in response to cyberattack (Lin pauses to note that he's not advocating any of these) — we could attack enemy air defenses, hack their voting machines to influence an election, conduct campaigns of cyberexploitation to spy within those nations. Given all this, aren't nations entitled to fear the consequences of a "free and open" internet? Might they reasonably choose to tighten national control over the internet?

2. A "more authenticated Internet" would obviously include using the leverage provided by network operators to permit only fully-authorized, identified machines to connect. The ability to remotely disconnect machines or devices until they are cleansed is now within reach for federal networks — this same capability will inevitably spread to private connections.

3. A "more authenticated Internet" would also include more-easily tappable applications as well as machines. That's what FBI Director Mueller is talking about in this video at 3:29.

4. There must be deep stress inside the USG re what the overall public position of the Administration will be on enhancing surveillance, authentication, and the ability to declare war online. Secretary Clinton's "Internet Freedom" speech of January 2010 made clear that the free flow of information online is an important component of the nation's foreign policy.

5. Given this stress, the agencies that are most interested in forwarding cyberattack abilities, surveillance, guaranteed back doors for encrypted communications, and all the other trappings of a "more authenticated Internet" have an interest in portraying their vision of the future Internet as inevitable. Part of that campaign would logically be to get the story into the mainstream media.

6. So, here we go - another front-page story yesterday in The Times: "Officials Push to Bolster Law on Wiretapping." This is a hugely contentious issue. Should law enforcement be able to require all technologies online to have "back doors" allowing officials to (essentially) require that the same information be produced to them that was produced during the circuit-switched telephone era?

7. The Internet is not the same thing as a telephone network. It's a decentralized agreement to route packets of information to particular addresses. It has made possible unparalleled innovation, free speech, and improvements to human lives around the world. Retrofitting it to make it fit law enforcement's (or national security's) "authentication" needs would be an enormous, retrograde step.

But it would certainly help us wage war online.

By Susan Crawford, Professor, Cardozo Law School in New York City
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Authentication does not make the Internet easier Phillip Hallam-Baker  –  Oct 20, 2010 2:45 PM PDT

Authentication does not make the Internet easier to wiretap, quite the reverse.

The only type of authentication that can make the Internet easier to wiretap is authentication with a hole in it.

That is why some people are trying to use DNSSEC as an excuse to push aside the established market based infrastructure of PKI with an alternative with a single root of trust they can control. And not all those people are in the US which suggests to me that some of those countries do not expect to be using the ICANN DNSSEC root.

Which is all going to be an exercise in utter futility in the long run, but in the near term will start to cause all sorts of issues as people try to get control of their local internet.

Greater scrutiny for the privacy practices of social networking sites while LEA get a free pass? Frank Bulk  –  Oct 21, 2010 7:27 AM PDT

There's been a lot of news about the privacy practices of social networking sites such as facebook and Google's Buzz, but when LEA talk about gather even more information, they seem to get a free pass!

While the issues aren't the same, hopefully privacy advocates are educating organizations like the EFF, and vice versa, so that there's a healthy balance between access and safety.

Is it Intel Inside or a bug inside? Sivasubramanian M  –  Oct 21, 2010 10:34 AM PDT

It is difficult to consider American cyberwar strategic thinking as defensive. If the possibilites include attacking air defenses, hacking voting machines, cyberexploitation, "active threat neutralization"—i.e., logging into anyone's computer to stop an attack in progress, if the US requires all technologies to have backdoors, if the strategy includes making applications as well as machines more-easily tappable, then it sounds very aggressive, aggressive on the people of America and aggressive on the whole world. This aggressive CyberWarfare stategy is impractical unless US Military and Intelligence draws upon the capabilities of the American companies. Most of the significant companies that offer Computer and Internet hardware, software and services happen to be American. These companies might not even be aware, but their technologies, products and services are bound to be part of America's Cyber Defense Strategy.

From these reports it does not appear to be a future event that US military and US intelligence will build in back doors and traps. Everything might be well in place already.

US Government might handle public opinion with its expertise in propaganda. It hired Hollywood for propaganda during World War II. It is a world of a more elaborate media now, so public opinion should be easy for the US Government.

Despite propaganda, International Opinion wouldn't be easy on America. If the US Government encourages/allows itself to be influenced by, or is just powerless to balance such aggressive military thinking, it would start another wave of distrust around the world against anything American. The rest of the world would distrust not only America, but the American Corporation, its products - processors, memory modules, hard disk drives, modems, routers, its operating systems, its database and application software, Internet security and antivirus software, its cloud and it search engines. Perhaps the American Corporation should increase its Advertising outlays?

Wow, that's a powerful call to arms. Christopher Parente  –  Oct 25, 2010 12:20 PM PDT

Wow, that's a powerful call to arms. It's actually full of opinion, not "data points." And is the New York Times that much of a government patsy?

Which is not to day I disagree with your main point — elements within government do want to trumpet the idea of cyberwar, because it logically leads to a militarized response.

Whether cyber attacks equal cyber war was the topic of a debate I wrote about in June. Marc Rotenberg and Bruce Schneier argued that cyber attacks were serious, but the focus on them was also a way mask government control of the Internet. Unfortunately, their arguments didn't sway the audience: http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign