Matt-
Here's a revised version of the op-ed I sent last night; I thought my
original ending wasn't sufficiently clear, and have made some other
changes here and there.
**
The issue of cybersecurity makes difficult demands on those of us who
wish to understand it. It is not only complex, but growing quickly
more so as the internetization of mankind proceeds apace - and as
new opportunities for conflict, crime, oppression, and revolution are
conceived and executed by states and individuals acting on motivations
that are themselves similarly complex, and occasionally even
justifiable. Complexity aside, though, it is an issue that still
eludes popular understanding in part because certain parties do not
wish it to be understood.
John Arquilla, the US Naval Postgraduate School professor who coined
the term cyberwarfare and who recently spoke to this newspaper, is
not among them, having long sought to educate the public and influence
policymakers. In this weeks interview, he deemed the unusual vigor
with which the U.S. has prosecuted hackers to be ridiculous, citing
missed opportunities and a poisoning of the relationship between the
state and the hacker community that might represent missed
opportunities. Going further, he has proposed that the U.S. government
relax any restrictions that might prevent masterful hackers with
criminal histories from being utilized by the military and
intelligence communities.
Such a question is certainly worth pondering. Under other
circumstances, my answer would be yes. Redirecting talents used
wrongly and shifting them to purposes of good is a fine idea, one that
has been pursued with some success throughout history. That my answer
must be somewhat different than yes has a great deal to do with
those certain parties who would prefer that the issue not merely be
complex, but misunderstood - and who are firmly in charge of both
cybersecurity and cyberwarfare policy as practiced by the U.S.
Such men include former USAF Lt. Col. George A. Crawford, who wrote
the following in 2001:
Personnel skilled at conducting strategic information operations--to
include psychological operations, public information, deception, media
and computer network operations, and related activities - are
important for victory. Despite robust DoD and Intelligence Community
capabilities in this area, efforts to establish organizations that
focus information operations have not been viewed as a positive
development by the public or the media, who perceive
government-sponsored information efforts with suspicion. Consequently,
these efforts must take place away from public eyes.
Crawford now serves on the board of Archimedes Global
(http://wiki.echelon2.org/wiki/Archimedes_Global) - one of countless
intelligence contracting firms that provide a range of little-known
information operations services to the intelligence community. That
his opinion is representative of those men whose views actually become
policy becomes clear when we consider such things as the NSA
warrantless wiretapping program, along with other unprecedented
assaults on the U.S. Constitution which were intended to take place
away from public eyes."
Of course, some large portion of what we refer to as cybersecurity
consists of legitimate defense of state and commercial assets in the
face of actual threats. In such cases, sound policy could certainly
include the utilization of former criminal hackers who bring needed
skill and insight to a necessary pursuit. But some other large portion
is instead geared towards the surveillance of the American public -
something that we know only because of the efforts of whistleblowers.
What we will never know is how much of U.S. cybersecurity consists of
the former category and how much consists of the latter. We may only
be certain that the latter will continue to expand, always under the
direction of men who hold the public in contempt. There is too much
power and money at stake for it to be otherwise, and too little
interest from the citizenry for the trend to be reversed.
In such a context as this, it becomes more difficult to advocate the
introduction of criminal talents into the mix of things - not
necessarily because of any threat the criminal may represent to the
enterprise, but because of the threat that the enterprise now
represents to the public.
On Tue, Jul 10, 2012 at 10:25 PM, Barrett Brown <barriticus@gmail.com>
wrote:
Sorry for the delay, just got into NYC today for
Bloomberg/Businessweek round table on security I'm participating in on
Thu and had to run around a bit this afteroon. Let me know if this
works, I'll be around in the morning otherwise.
**
The issue of cybersecurity makes difficult demands on those of us who
wish to understand it. It is not only complex, but growing quickly
more so as the internetization of mankind proceeds apace - and as
new opportunities for conflict, crime, oppression, and revolution are
conceived and executed by states and individuals acting on motivations
that are themselves similarly complex, and occasionally even
justifiable. Complexity aside, though, it is an issue that still
eludes popular understanding in part because certain parties do not
wish it to be understood.
John Arquilla, the US Naval Postgraduate School professor who coined
the term cyberwarfare and who recently spoke to this newspaper, is
not among them, having long sought to educate both the public and
influence policymakers. In this weeks interview, he deemed the
unusual vigor with which the U.S. has prosecuted hackers to be
ridiculous, citing missed opportunities and a poisoning of the
relationship between the state and the hacker community that might
represent missed opportunities. Going further, he has proposed that
the U.S. government relax any restrictions that might prevent
masterful hackers with criminal histories from being utilized by the
military and intelligence communities.
Such a question is certainly worth pondering. Under other
circumstances, my answer would be yes. Redirecting talents used
wrongly and shifting them to purposes of good is a fine idea, one that
has been pursued with some success throughout history. That my answer
is must be somewhat different than yes has a great deal to do with
those certain parties who would prefer that the issue not merely be
complex, but misunderstood - and who are firmly in charge of both
cybersecurity and cyberwarfare policy as practiced by the U.S.
Were Arquilla representative of those in charge of such things, we
could probably expect many cybercriminals to be safely and ethically
deployed against legitimate enemies of the U.S., or defending national
infrastructure. As things stand, they are more likely to be corrupted
by a mentality in which the citizenry must be deceived by powerful men
who knew better. This prevailing view is well-represented by former
USAF Lt. Col. George A. Crawford, who wrote in 2001:
Personnel skilled at conducting strategic information operations--to
include psychological operations, public information, deception, media
and computer network operations, and related activities - are
important for victory. Despite robust DoD and Intelligence Community
capabilities in this area, efforts to establish organizations that
focus information operations have not been viewed as a positive
development by the public or the media, who perceive
government-sponsored information efforts with suspicion. Consequently,
these efforts must take place away from public eyes.
Crawford now serves on the board of Archimedes Global - one of
countless intelligence contracting firms that provide a range of
little-known information operations services to the intelligence
community and private corporations. That his opinion is widely shared
among men of the sort whose views become policy by default may be
confirmed by such things as the NSA warrantless wiretapping program,
along with other unprecedented assaults on the U.S. Constitution which
were intended to take place away from public eyes.
That the benighted public has had the opportunity to understand this
particular aspect of cybersecurity was due to the heroic efforts of
whisteblowers, several of whom were thereafter raided by the FBI and
prosecuted by the Department of Justice. As such, they were literally
treated like criminals for acting like defenders of the public.
The question of whether actual criminals ought to be involved in
cybersecurity is difficult to answer when we cannot define the term
criminal with any clarity. It becomes far easier wh