This is the question preoccupying the New York Times in today's thumb-sucker.
Mainly because of the war in Syria -- which is backed by Iran and Russia -- and the consequences of trying to take on these vicious states directly or indirectly, in reality or in virtuality.
Typically this debate devolves instantly to the implications of making and using -- and losing control -- of Stuxnet, which was used by the US against Iran's nuclear system - and never looks at the larger problem of the rogue nuclear state under theocrats who are willing to mass-murder their own civilians who protest against their oppression, and assassinate their critics abroad.
THE CAPITALIST TOOL IS HACKED
There might be reference to the Syrian Electronic Army, which hacked Forbes last week. (Note in reading that piece how organized, cadre-like, rigidly ideological and extreme that organization is, i.e. showing signs of training, far from the "looseknit group of hackers" people sometimes claim it is "not affiliated with any government". And note the chatty and friendly journo who friended these hackers in order to understand their sad childhoods, seemed utterly gullible on this point: "He said they are self-funded, not supported by an outside group or the Syrian government as has been alleged." Right. Then see Andy Greenberg's enthusiastic account of his own employer's hacking, which I had hoped might make him sympathize with hacker victims more -- except I think he just finds it too intellectually exciting to follow their antics.)
Maybe you can start to see the problem here.
As always, it's hard to have this conversation about Syria and cyberwarfare meaningfully in the liberal "arms control" strait-jacket that myopic anti-Americans want to put it into.
A HELSINKI ACCORDS FOR CYBERWARFARE?
This concept has been cropping up more in recent years, and you can see it in blog posts like this, asking for a "Geneva Accords" for cyberspace.
I immediately note that the East West Institute is not an honest broker for this process, in my view. It was pro-Soviet in the 1980s and remains under the exact same leadership as it had then, and is rather uncritical of Russia today -- it's a think tank that has to maintain access to the Kremlin to stay in business. That means it isn't getting to the heart of the problem that would have to precede any accord: candid admission that the real problem originates in Russia's awful human rights record in meat-world, first; its propping up of the tyrannies of Iran and Syria; its cyber attacks on Western Europe and the US which are overwhelming in number by contrast to whatever dirty tricks might be put on the Western docket; and the Kremlin's unwillingness to admit this, obviously.
It's great that 40 think-tankers self-selected in this process tilting toward the Kremlin are making little rules about spam that even Russians might sign, but that is beside the point -- and lumping together that process with NATO in Tallinn really is disingenuous (these initiatives come from very different places with different goals).
Sure, it would be nice to have a kind of new "Helsinki Accords" of cyberwarfare, where states got together and solemnly pledged not to use these new and powerful and unpredictable forms of warfare against each other.
I used to talk about this more hopefully a few years ago - I remember a year ago or so at one of the Brussels Forums special sessions on cybersecurity, my tweeted question about the possibility of "Helsinki talks" like this even got on the list, and was even discussed by people like Estonian President Toomas Hendrik Ilves. But here's the thing -- and I believe he was the one to make this point at the time -- it's kind of hard to have a new Helsinki Accords sort of agreement on something this complicated when the existing Helsinki Accords and its institutional framework --the Organization for Security and Cooperation in Europe -- have such a very difficult time getting Russia to concede to basic principles of human rights and even arms control these days.
Russia has been very, very busy crippling the capacity of the OSCE in recent years by doing everything from challenging its human rights budgets to demanding re-negotiation of its principles in a new "security charter" that would benefit its Eurasianist take on life, ruining all the progress seemingly made in the last 35 years on these principles. (Russia is also busy trying to kill the UN treaty bodies' system in exactly the same way, with little publicity or pushback.)
In a climate where Russia is being as bad as it can be at home, say, to NGOs or demonstrators, as well as abroad, in backing up the Syrian tyrant and pressuring Ukraine and even supplying help with some of the deadly force used by the Yanukovych government against demonstrators, how could you possibly open up a new treaty (or "non-binding agreement") process with them on cybersecurity?! You couldn't. The same factors that make for insecurity in cyberspace -- Russia making the overwhelming lion-share of attacks on Western Europe in both political and commercial hacks - are the factors that make a poor climate for negotiation. The problem starts with Russian denial of the problem -- and Western European reluctance to call out what the real issue is -- the Kremlin.
So, hey, in the absence of any Realism from the Kremlin, or Realism from the EU regarding what the real source of the problem is -- Russia -- let's by all means just myopically focus on the US, mkay? Hence the New York Times, fretting about all this.
You can see how all this has been nicely set up by America's enemies:
The head of the N.S.A., Gen. Keith B. Alexander, said in an interview last year that such weapons had been used only a handful of times in his eight-year tenure.
But Syria is a complicated case, raising different issues than Iran did. In Syria, the humanitarian impulse to do something, without putting Americans at risk or directly entering the civil war, is growing inside the administration. Most of that discussion focuses on providing more training and arms for what are seen as moderate rebel groups. But cyberweapons are in the conversation about stepping up covert action.
Part of the argument is that Syria is a place where America could change its image, using its most advanced technology for a humanitarian purpose.
“The United States has been caught using Stuxnet to conduct a covert cybercampaign against Iran as well as trawling the Internet with the massive Prism collection operation,” Mr. Healey wrote recently, referring to the N.S.A.’s data-mining program. “The world is increasingly seeing U.S. cyberpower as a force for evil in the world. A cyberoperation against Syria might help to reverse this view.”
Of course, Iran has been caught ruthlessly suppressing its population, arming local insurgents and terrorists, propping up the mass crime against humanity in Syria, pressuring Israel, and receiving Putin on a mission to resume arms sales from Russia. Not to mention obstructing the Internet and hacking enemies. But do let us keep that focus on the US as the "force for evil in the world."
Let me suggest that Obama is really not the one to be adjudicating this entire debate, given that his premises and principles, drawn from his days in and around the Democratic Socialists of America, would not give him the intellectual framework to do anything else other than Blame America First.
THOSE NASTY TACTICS AGAINST HACKERS BY THE NSA!
There's another interesting context to this "agonizing" debate on Syria surfacing now in the New York Times -- i.e. being leaked by some participant in it in the Administration who wants to force Obama's hand in one way or another - and that's the diabolical work of First Look, Glenn Greenwald's new blog funded by Pierre Omidyar.
Over there, we see that this week, the story is about those evil creatures, the NSA and the GCHQ, using these awful, unethical methods on hackers.
Interesting how these two topics -- US contemplating cyberware on Syria and Iran and the Western tactics said to be used on Anonymous -- come together in Leak-land this week, eh?
And there, too, to hear Glenn tell it, there is absolutely no past to this story, and nothing ever occurred before these slides were created.
THE DISCUSSION WE'VE BEEN HAVING ON THIS FOR YEARS, YOU KNOW
Of course, if you followed my blogs for the last 10 years -- my, it's been a long time -- you'd know that the issue of the hackers came first. THEY used these awful methods FIRST.
And, as Gus on Twitter has pointed out, the hacker methods are the "Saul Alinsky methods". Except, Saul didn't invent them, they came ultimately from Lenin and anarchist and communist movements a hundred years ago, and percolated their way into the Students for a Democratic Society, and the more radical Weathermen, and other groups and movements that drew on these ideologies. These methods include things like freezing a target and assaulting him with one-sided attacks, particularly trying to show that he is not what he seems because he does something that is at odds with his supposed public stance, especially if that is perceived as moral.
So, for example, in modern terms, if you are in Moveon.org or one of these moronic leftist online movements, you will take something like a corporation, which you hate for ideological reasons because you hate capitalism, and then pick out something that it does which is at odds with its purported public persona, i.e. capitalist. So you accuse it of receiving "corporate welfare" or getting tax cuts or benefits from the state -- at oddds with its belief in go-it-alone hard-scrabble can-do free enterprise.
Then you compare and contrast what conservatives say about "welfare queens" or "spongers on public dole" -- poor people, the jobless, minorities without access to good jobs -- and then apply that rhetoric to your frozen target. Voila. That these are very different types of support with very different outcomes doesn't matter; the point is to pervert the meaning of language and use it in a bad-faith manner.
Greenwald tunes into this issue with his Snowden-leaked document as if there was no history of even the cheer-leading tech press documenting the massive assaults by hackers on government, corporate, nonprofit, and media websites, not to mention individual blogs. As if something like the Syrian Electronic Army attack on Forbes never happens.
It's a good time to remember some of the discussion even of only three years ago about the assaults caused by WikiLeaks and Anonymous -- which, after all, attacked the US government *first* with, um, WikiLeaks itself (my, how quickly people forget the basics!)
My BloggingHeads debate with Robert Wright about WikiLeaks, and the use of the DDoS as a means of "civil disobedience" (I said it was illegitimate).
The vicious attack on me from the old Alphaville Herald (Second Life press) for getting such high-profile attention by being on Wright's show, and debating him directly. This is of course the work of Peter Ludlow, the linguistics professor who supports Anonymous and WikiLeaks ardently, and his sidekick Mark McCahill, Internet pioneer and lover of hacker mayhem himself.
Along the way I published an open letter to invester Ken Lehrer questioning his support of Moot, the founder and owner of 4chan.org -- a site where a lot of hackers are recruited and trained for attacks.
If you read the comments at the Herald, I am mercilessly ridiculed and heckled for taking this position, and even accused of somehow queering a job prospect for some kid (a start-up genius who got millions of dollars -- who then failed, and got more funding -- yeah, right). But do read the comment there from mercury which sums up my position and its ramifications very well.
Then let's go over to Nancy Scola, who took a supportive stance re: the legitimacy of the DDoS and I debated her at TechPresident.
I've had to constantly explain over the years why the DDoS is NOT like the lunch-counter sit-ins -- which were peaceful, non-coercive, and not disruptive.
I've had to take on people like Deanna Zandt, inspired by the hacker chaos of Berlin in her education, who is pro-DDoS.
And note that I'm not alone in this -- Andrew Keen of course takes this position against the DDoS.
Morozov on Slate naturally defended the DDoS -- Slate was happy to publish this as they are radical revolutionaries celebrating violent movements like Occupy. And of course, Morozov was quite cunning in his actual defense of the DDoS despite the critics -- which I called him out on.
I won't even get into the entire discussion that occurred around the *mere plans* for HBGary to use hacker methods on Anonymous, the counter-attacks that pre-emptively assaulted HBGary with a merciless hack; the hack on Stratfor; the arrests of hackers like Jeremy Hammond and the turning of Sabu -- and entire chapter in this story of hackers doing this first, as the NSA or FBI only began to get its act together to try to counter it -- and to plan using its own methods on it.
Don't forget that this a lot like Russia buying South Koreans or Brazilians to win the Olympics: the agencies in our country feel they "have to" have hackers on their teams to win, so they bring them in -- and suffer the consequences (Snowden).
So again, the question I have for Greenwald and all the Snowdenistas: how come you're tuning into this topic YEARS LATER, after the hackers HAVE DONE THIS FIRST?
I mean, even the last three years of this debate, given the links I've just provided, would clue you in. Lots of people discussed Anonymous' use of the DDoS, very much backed up by WikiLeaks (and we now know they even recruited hackers to help them fight their enemies like PayPal) -- and the usual suspects like Morozov and TechPresident and Slate and Zeandt all endorsed the use of this awful method of crashing other people's servers. Where were you?
HACKERS ATTACK SNOWDEN CRITIC
And this isn't somehow an abstract notion that happens to other people, oh, those corporations like PayPal that have phalanxes of engineers to fix their hacker problems in a few days.
It's a very real climate of intimidation that Snowden critics really live with (as I can testify myself -- one only has to look at the drive-by assaults on my book on amazon and the type of methods used in making "reviews" to understand that).
We discover that Lawfare Blog has been under assault for its criticism of Snowden and has had its server crashed and disabled repeatedly.
Ken Anderson, who is my old colleague from Human Rights Watch in the 1980s-1990s, has an interesting article about this at the Washington Post, which I comment on there.
And because comments can get so drowned out there, let me reprint here my thoughts on the hacking of Lawfare:
I don't wish this experience on my worst enemy, but in a way, Ken, I'm glad you are finally seeing up close and personally the strength, ugliness, persistence and sinister nature of the hacker movements that otherwise libertarians tend to dismiss as mere "trolls" or "kids". It's important to see that these are hard-core, echeloned cadre organizations sometimes even with hostile state backing. And they really are determined to make sure that no one uses the Internet in any way that they don't approve first. I say this after blogging for 10 years.
One way to try to combat these movements is to use commercial blogging sites, so that the headaches of these attacks and subterfuges go on the engineers at these sites who are more experienced. But the problem is the hacker culture is among them, too. And large and busy commercial sites don't always understand not to respond to falsified DMCA takedown notices on fake grounds which are merely meant to chill speech. Or to realize that malicious inclusion of your blog site in a malware list on sysadmin's lists when of course you have no malware is very hard to undo. Another technique is to deluge your site with porn or commercial spam to force you to close or remove comments -- I have found it not uncommon to get 20,000 pieces of spam injected on my site by bots in an hour just to stop me from being able to keep comments open or from posting as the site hangs.
The only way to address this is to start documenting and fighting it like the human rights abuse that it is. But you have to change your mindset about it first. It's not really so much about cost, as you can get a commercial site for $14.95 or $21.95 a month. But it's about combating on a systematic basis and constantly documenting and reporting.
So when Glenn Greenwald is ready to concede free speech for thee and not just for me, and concede that Lawfare shouldn't be hacked by his friends, then maybe we can talk. Except, I probably wouldn't even begin the conversation with them since the entire thing is in bad faith.
As usual, all these slides and documents from the NSA are context-free and we don't know the most important thing: were these concepts used?
Is there a list of actions taken as a result of these concepts?
Or is it more like HBGary planning to hack Anonymous but not getting to it?
IF these methods were used, then surely we can get *some facts*. You know, names, dates, places, wind chill factors. Details.
Of course, all these hacker movements are "injured if not innocent" at best -- and I'd love to have a conversation about how everyone thinks they will be stopped -- along with the Syrias of the world -- if we are supposed to adhere to an ethics charter that no one else has signed or implemented.
That conversation can only start with a conversation about where the problem started and who is to blame.
BTW, read the obnoxious Christine Fair's timeline, if you want to see some Twitfights recently on the "who started it theme" in Central Asia, where everybody naturally blames the US for the Taliban (false), and she helpfully points out to a debater that aid to the Afghan rebels went through Pakistani intelligence -- which props up the Taliban even today. Then her various insincere and anonymous interlocutors rant about CIA dirty tricks in the 1950s in Latin America or Africa or Asia, to which I can only say: two wrongs don't make a right, i.e. moral equivalence is wildly out of order here given the mass crimes of humanity perpetrated by the Soviets from the 1900s through the 1940s in particular -- which help set up the Cold War.
The Helsinki Accords, begun before the Soviet invasion of Afghanistan and persisted in negotiations with Kremlin henchmen even as they prosecuted this war in the 1980s, eventually was a framework that bore fruit in terms of the free flow of people and ideas. But while it was helpful in breaking up the Communist bloc and saving some countries for the EU -- and bringing Central Asia into a context of care that it really has nowhere else -- it has suffered terrible reversals in the last 10 years in particular. I guess I would have to conclude for now that the cybersecurity issues cannot be successfully grafted on to OSCE (although that's likely where some will graft them) and that a new Helsinki Accords of any kind, least of all on cybersecurity, will not work.
Meanwhile, I don't plan to become a booster of American use of cyberwarfare any more than I am a booster of drones -- I just expect to remind those raging about these issues that they are horrificially onesided in their approach.