Cyberwar debates

There has been some robust debate happening on a corner of the Internet. I’ve written before about some of my concerns about the rhetoric of “cyber” war in the past (Related pieces here and here), but recently I was compelled to write in to the Lowry Interpreter, commenting on a piece by cyber security expert Ian Wallace. Ian was discussing the coming age of cyberwarfare and new cyberweapons, and I expressed some skepticism as to exactly what these ‘things’ are, requesting some clarification.

His original piece is linked here and I’ve quoted my response below (which you can also read here).

“I found the recently published post by Ian Wallace another example of a somewhat frustrating article on ‘cyber’ warfare.

That there is some kind of ‘warfare’ taking place on telecommunications networks (outside of fictional networked video games) is increasingly becoming a taken-for-granted fact. Espionage, crime – sure – but warfare? Unless the definition of warfare has changed substantially, I’m still unsure how an actor might actually use the Internet to gain strategic or tactical advantages in the field of war. Yet articles like the one Ian Wallace has published indicates that there is, or there might be, such uses for the Internet .

Questions I’d love answered include: have there been recorded cases of states or non-state actors using networked technology for a strategic or tactical advantage in war? Or, in what circumstances can an actor gain advantage in war through use of cyber ‘weapons’ (whatever they might be) that couldn’t be gained using preexisting ‘conventional’ weaponry?

It seems to me that those advocating the existence of cyber war (or its possibility) do a poor job of articulating the utility of cyberspace as a domain of conflict outside of describing it in terms more relevant to espionage or crime. Call me paranoid, but the increasing rhetoric of ‘cyber’ warfare seems more about consolidating state power over the Internet than it has to do with actual important security concerns.”

Unexpectedly, the Interpreter published it and the original author wrote back with a much more detailed and, I think, better response via the Lowry Interpreter which is linked here. I particularly am drawn to this point

“How should governments deal with cyber acts that have a national security impact (espionage, sabotage and subversion, if you will) but which fall below the threshold of ‘war’, especially when the perpetrators are based overseas and often beyond the reach of law enforcement?”

…which I think is a very legitimate concern.

Other people have written in to share their views, such as engineer Tony Healy who opens up with a discussion of Stuxnet making some excellent points and pointing out some key challenges for security. For the record, I don’t disagree that cyber threats don’t exist, I’m essentially engaging in a argument of the appropriateness of the term ‘cyber warfare’.

To briefly clarify, I’m aware of the potential for using networked technologies to gain advantages in ‘war’ however I’m still skeptical as to the current level of utility networked technologies, or technologies or methods that exploit networks have over conventional methods of ‘doing war’. No doubt this viewpoint will change as technology gets even more advanced and integrated and perhaps after our view on what constitutes ‘cyber’ and what doesn’t as it still seems to me that ‘cyber’ is a blanket term used to describe acts of war that might use some aspect of newer technology.

The war over the Internet

If you leave the door open to your house, and someone enters and steals some items, you don’t say you’re at war. You’ve been robbed certainly, but you’re not in a state of war.

I completely agree with Sam Roggeveen’s sentiments over at The Intepreter regarding the cyber warfare rhetoric that is doing the rounds in both within Australian Government circles and also in the media.

While I have written about it before, I do find it very interesting that nation-states like the US and Australia can seemingly easily lay blame for network intrustions on the shoulders of nation states like China. Now I don’t expect for a second that they don’t have experts advising them on how networks like the Internet function, it is interesting how network connections from IP Addresses allegedly within China, become ‘Chinese Hackers’ and then morph into ‘China’.

While I’m not for a second claiming that Chinese security personnel are not engaging in a form of espionage (Citizen Lab in Canada is doing a lot of interesting research work on these issues), one should be aware that IT security professionals are well aware at how easy it is to spoof IP Addresses and route traffic through other countries on their way to other destinations. I frequently find that the articles on cyber-attacks and cyber war gloss over the question of how one knows where exactly an attack or network intrusion comes from.

Buzan’s and Waever’s ideas on ‘securitisation’ seem so obviously applicable here in the way cyberwar is being discussed, particularly within contemporary Australia politics. Call me paranoid, but my fear is that these alleged ‘cyber attacks’ are being increasingly discussed as existential threats in the hopes the government’s around the world can increase their control over the networked domain. We have seen with the likes of Wikileaks that the Internet doesn’t always exactly play nice with the interests of governments.

The reality of these attacks is, at least to me, that many of these network intrusions come down to poor IT infrastructure and security protocols domestically. Other nodes on the network exploit these weaknesses. Opportunity knocks. Don’t leave your doors open.


Perhaps of interest, here’s an address by IT Security expert Marcus Ranum talking about how the analogies of war don’t work in cyber space.

Some other commentary from around the web:

Cybercrime as a security issue.

robert-mcnamara-vietnam

I’m presently doing a bit of reading into the concepts of cyber warfare and international security. It’s a fascinating and fairly new field and my reading comes at a time when the Australian PM, Julia Gillard, has specifically articulated threats emanating from cyberspace as a security priority for Australia within the next decade. Gillard’s speech and the government’s subsequent paper has actually drawn quite a bit of international attention.

Personally, I find the idea of cyber warfare as a security issue somewhat controversial. No doubt that malicious Internet activity impacts many, many people, but does it impact nation-states to the extent articulated by many politicians and policymakers? The empirical evidence as well as the historical ledger seem a bit thin here, particularly when you consider the social and financial costs of other security issues (namely, the health of biosphere) are getting pushed aside for what may be a fashionable potential security issue in cyber warfare and cyber crime.

One thing that is obvious to me regarding the nexus between concepts of ‘security’ and the computer networks that power the Internet, is the lack of understanding of the nature of these networks and how they operate that many politicians and policymakers seem to demonstrate. Case in point is British MP Keith Vaz, a self-confessed technological ‘dinosaur’ and Chairman of the Home Affairs Select Committee, who have been considering the potential impact of malicious internet activity on the security of Britain. He was interviewed by Al Jazeera on cyber crime, and continually spoke about such activities in terms of malicious activity by nation-states before confusing the viewer by talking about non-state actors, including individuals.

He then continued on to frame cyber crime specifically in terms of fraud (such as stealing credit card numbers) as well as email hacking, and failing to articulate why exactly cyber crime or cyber warfare (whatever that may be) should be considered a security issue rather than a criminal activity. Not to criticise Vaz too much (fraud and cyber crime are a serious issue after all) but it does seem to me that politicians are fond of framing a hacker, individual or otherwise, as something that should require the full gaze of a state’s security resources, rather than let legal or other processes deal with these issues.

This strikes me as strange – how can the malicious and online actions of individuals, or even a large collection of individuals be equivalent to interstate warfare? This is where the whole cyber warfare as a pressing security issue falls down. Malicious cyber activity is probably better conceptualised in terms of globalised crime rather than an explicit and existential threat to human existence.

Thinking back to Gillard’s speech at ANU on cyber activity as a security issues recalls Buzan and Waever’s ideas of securitisation – where state’s talk about threats in terms of security in order to justify certain emergency measures. It’s actually the lack of boundaries, the lack of control on citizen discourse that may be a bigger threat to states and their governments rather than identity theft or hacker intrusion. The Internet allows open discourse and allows citizens to question the leviathan, and subsequently threatens their legitimacy. You can see evidence of that given the treatment of Julia Assange and the power of Wiki leaks.

Regardless, there seems to be more pressing security issues than cyber attacks. Ben Eltham’s New Matilda piece regarding environmental security gives a good Australian perspective.

There could be a day when my sentiments are proved wrong and where malicious cyber-attacks can be attributed as cause for loss of life or social disruption. I’m yet to see actual evidence of that yet, so I’m content to remain skeptical.

It’s funny, as I write this (though probably not funny for the people being effected); Bundaberg citizens are getting airlifted from their homes due to flooding cause by yet another extreme weather event. The cost of these events to Australia will be substantial, dare I say significantly more than computer crime. One gets the feeling that environmental security may have been put in the too hard basket, but that’s another consideration for another day.

Cyberspace, commodification and the history of me

408px-Objectivist1

A friend of mine recommended I watch the documentary “All Watched Over By Machines of Loving Grace”, a three-part series devoted to exploring the culture of technology, its evolution and its impact upon modern society.

The first episode, “Love and “ starts off by using Ayn Rand’s objectivism as a touchstone (never a good thing in my view) but breaks off into a variety of discussions on the rise of Silicon Valley in the 1980s and 1990s and, more importantly, the unleashing of western markets on the worldwide economy, where faith in market stability was hedged on the power of computer networks.

In the first episode it mentions an allegedly very influential essay on the nature of the individual in Cyberspace by Carmen Hermosillo, a denizen of early 1990s message boards, but also a essayist and research analyst. Composed under the alias ‘humdog’, she wrote a scathing critique of the early nature of Cyberspace, seeing it as another mask by which power, particularly political and corporate power, could wear.

The essay “Pandora’s Vox: On Community in Cyberspace” was published in 1994 and started with the following sentence:

“when i went into cyberspace i went into it thinking that it was a place like any other place and that it would be a human interaction like any other human interaction. i was wrong when i thought that. it was a terrible mistake.”

In one interesting passage, Hermosillo reasoned that her activities in Cyberspace resulted in her commodification. Her words and personal thoughts written on newsgroup pages owned by corporate networks could potentially be commodified. She did not own herself and she had made herself into a product yet derived no profit from her own words. Here is the telling paragraph:

“i have seen many people spill their guts on-line, and i did so myself until, at last, i began to see that i had commodified myself. commodification means that you turn something into a product which has a money-value. in the nineteenth century, commodities were made in factories, which karl marx called ‘the means of production.’ capitalists were people who owned the means of production, and the commodities were made by workers who were mostly exploited. i created my interior thoughts as a means of production for the corporation that owned the board i was posting to, and that commodity was being sold to other commodity/consumer entities as entertainment.

that means that i sold my soul like a tennis shoe and i derived no profit from the sale of my soul. people who post frequently on boards appear to know that they are factory equipment and tennis shoes, and sometimes trade sends and email about how their contributions are not appreciated by management.”

Immediately after comes a chilling realisation.

“as if this were not enough, all of my words were made immortal by means of tape backups”

Obviously Cyberspace has developed rapidly since 1994, but many of the ideas Hermosillo worried about in 1994 still seem like problems today, particularly in the age where social media is the one of the dominant forms of interaction on the Internet. It’s difficult not to think of what we’re giving away simply by existing on the likes of Facebook and Twitter. Us, as consumers, derive some enjoyment, leisure and occasionally financial restitution from operating on these large networks, but those who own or control these structures surely derive much much more.

One other personal concern raised after reading Hermosillo’s essay was the idea that my ‘immortal words’ could resonate henceforth, shaping my future identity in ways I may not be able to directly control. Questions begin to form in my mind – how can one detach themselves from their Cyberspace identity? Will Cyberspace warp or imprint a false impression of my own identity on current or future peoples? The impact of the Internet on history will be very interesting, and perhaps extremely concerning.

Hermosillo’s essay is great and contains much more interesting ideas than I’ve detailed here. Many of these ideas still resonate loudly today, some uncomfortably so.

The problem of IP: SOPA, PIPA, development economics and Down Under

The whole world has been going a bit crazy over the issue of Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) bills that have been proposed for voting in US Congress. As you might know, Wikipedia and reddit closed down their sites for 24 hours and many other prominent web hubs have expressed their concerns regarding the potential for these bills to censor the Internet. It looks like the actions of these sites have signalled the death knell for these bills, but it is worrying that they even saw the light of day.

While my knowledge on these two bills is fairly limited, a facebook debate with a friend of mine made me recall some of the great work of development economist Ha-Joon Chang, and his arguments against strict intellectual property (IP) regimes in relation to developing nations.

His article, Strong IP regime not in interest of developing countries, published on the Third World Network distills many of his core arguments.

He rejects the neoliberal view that strong IP regimes are requisite for promoting strong economies, increasing innovation and promoting growth, arguing instead that new knowledge doesn’t necessarily evolve due to patent regulations, using the open-source technology movement as one principle example. He rails against the pharmacuetical industry and their profiteering on the back of overpriced medicines, nothing that many of the ideas used to create these drugs originating from research in public institutions, like universities. It’s an interesting read.

(I’d also recommend having a read of his booking Kicking Away the Ladder: Development Strategy in Historical Perspective for a fascinating historical investigation of how the strategies used by Western powers to retain their economic power over developing nations. Patent law comes in for a right ol’ kicking here, and, while it might not convince the most hardened patent fans, it’s still very well written.)

My own view is somewhat muddled and somewhat limited by my lack of knowledge of IP law. I find myself drawn to arguments against strict IP regimes, but I also value incentives to innovate. I am, however, firmly against censorship of the Internet and am convinced the MPAA is taking the easy way out. Indeed, failure to innovate on behalf of record companies and film companies seems to me to be a bigger reason for piracy. In this case, perhaps IP is hindering innovation.

John Quiggin has also put forth some interesting analysis on the current SOPA/PIPA debate.

An aside

I’m reminded of the famous Down Under copyright case, where Australian group Men At work were sued by an entity known as Larrikin Music for allegedly stealing part of the famous Australian song ‘Kookaburra Sits in the Old Gum Tree’. Now Larrikin Music didn’t have anything to do with ever creating this song (which was written by Marion Sinclair in 1935), yet had obtained the IP rights to Kookaburra, then sued Men At Work for copyright infringement because the flute riff in ‘Down Under’ sounded similar. Clearly a case of IP gone mad.

Some initial concerns on selling uranium to India

Uranium mining is a particularly divisive topic in Australia. It was only ten years ago that news headlines were dominated by those protesting the development of a uranium mine at Jabiluka in the Northern Territory. However, yesterday, the Australian discourse surrounding uranium took an unexpected detour, with Prime Minister Julia Gillard openly courting the idea of selling uranium to India.

While Australia has been selling uranium to other states for some time, the significance of this move is that the Prime Minister is considering selling Australian uranium to a state who is not a signatory to the Nuclear Non-Proliferation Treaty (NPT).

For those not in the know, the NPT is the primary international agreement that seeks to control the sale of materials between states in an effort to prevent the spread of nuclear weapons. True, it is lopsided, with non-nuclear weapon states (the vast majority) being prevented from developing nuclear weapons, while nuclear weapon states are obliged to pursue disarmament (though with no strict timetable). However, the agreement permits the trade of nuclear material between signatories for non-weapons ‘safe’ purposes such as energy.

However, India, along with Pakistan and Israel, are non-signatories, and therefore theoretically prevented from purchasing nuclear materials from states within the NPT regime. The first two are confirmed nuclear powers. Furthermore, India is not (yet) a member of the Nuclear Suppliers Group, which places further exports control on the trade of nuclear material between signatories, which goes beyond the NPT.

I must confess that this sudden change in foreign policy is somewhat disturbing, arguably undermining Australia’s disarmament credentials, increasing tensions between nuclear powers in the region, all in favour of short-term domestic economic gains. It is true that other states signatories to the NPT, such as the United States, have opened up bilateral channels with India and have actively traded in nuclear technology with India over the past few years. However, I find this fact to be a less than convincing justification for an act that sets a dangerous precedent for Australia, a country that sits within a region with growing security concerns. I love India and I love Indians, but the ongoing friction between Pakistan and India, both armed with nuclear weapons, means that the possibility of nuclear exchange is a definite reality. This is something that might not be evident to Aussie Joe citizen given our relative isolation in the South Pacific.

Furthermore, if we’re going to sell to India, why don’t we also sell to Pakistan? Does it even open the possibility of selling to North Korea? Does it legitimise other countries with fewer scruples from supplying other states with nuclear material that could be used in nuclear weapons? Considering the worries over Iran’s clandestine nuclear program, the Prime Minister’s position on uranium sale should be thoroughly scrutinised, with its wider possible international implications teased out.

Some tweets from the PM yesterday, which sought to reassure concerned Australians about the safeguards, also seemed flimsy. She stated that India was the world’s largest democracy, inferring that this somehow acted as a safeguard. History shows otherwise, Julia. The only state to use a nuclear weapon in war was a democracy. Moreover, it is true that sections of the US politic recommended using strategic nuclear weapons against the VietCong during the Vietnam War. Democracy does not mean a nuclear muzzle.

It’s only the start of the debate, and I really need to learn more about the nuts and bolts of the proposed policy if it does eventuate. The Interpreter has an interesting piece arguing the other way, that selling uranium to India will actually bring Australia closer to the subcontinent. Still, there are risks, and the government need to explain the safeguards in detail to assure sceptics like myself.

Some closing questions that are of interest. Will the proposed sale of uranium to India harm Australia’s bid for a non-permanent seat on the UN Security Council? And how will this affect Australia’s relationship with Pakistan? Will it damage Australia’s disarmament creditials? How will China react? All pertinent questions that could be impacted by this new foreign policy angle.