When We Wage Cyberwar, the Whole Web Suffers

Responding to concerns voiced by privacy advocates, conservative groups and hundreds of thousands of Americans, the House Intelligence Committee has revised parts of the Cyber Intelligence Sharing and Protection Act, also known as CISPA.

 

Those provisions would have allowed companies to disclose sensitive information to the government without being accountable to U.S. privacy laws. There will be more amendments offered when the bill reaches the House floor, probably Thursday or Friday.

 

But the real problem with CISPA and similar bills now pending in the Senate (one introduced by Connecticut independent Joe Lieberman gives broad spying powers to Homeland Security; one introduced by Arizona Republican John McCain gives broad spying powers to the Defense Department) is much deeper: This flurry of legislation signals that elements of our government want to wage unconstrained war on other nations in cyberspace, no matter what the consequences may be to humanity. The arms race being driven by this desire is threatening Internet freedom here and abroad.

 

In 2009, Defense Secretary Robert Gates designated cyberspace as the “fifth domain” for military action. Deputy Defense Secretary William Lynn said in 2010, “Like air, sea, land and space, we’re going to have to treat cyberspace as an arena where we need to defend our networks and to be able to operate freely.” The U.S. Cyber Command is up and running, enabling cyber “offensive capabilities” for regional commanders. In January, Congress approved the Pentagon’s ability to wage cyberwar.

 

As terrestrial wars wind down, military contractors are looking for new revenue streams. They have become cyberwar doomsayers, banging the drums of fear and claiming that cybersecurity must be our highest priority. They are also buying tools and code that our government can use to attack other countries online.

 

The result: a market for so-called zero day exploits - computer threats that attack vulnerabilities in an online application before the developer knows to fix them - with ever-rising prices. Terrorists probably don’t have the capacity to buy and wield these things, but governments do.

 

Along with this market comes a substantial risk that some of the nasty code whose creation we’ve encouraged will splatter back on our networks. Like all arms races, this vicious cycle provides its own justification: Malicious exploits are out there - our government is buying them - and so we need to wall off and surveil U.S. networks to protect ourselves.

 

The dangers of this digital special-ops saber-rattling are breathtaking. Secretary of State Hillary Clinton has been valiantly advocating for Internet freedom, strategic multilateralism, engagement and “smart power” around the world. The White House has said its objective is to work with other nations to “encourage responsible behavior and oppose those who would seek to disrupt networks and systems.”

 

Purveyors of cyberfear are going in the opposite direction. They are not interested in engaging with other countries to come up with codes of online conduct or to translate the Geneva Conventions for cyberspace - so as to avoid collateral damage and protect hospitals, electrical grids and so on. They want to be able to change ones to zeros on servers around the globe, whatever that means for speech and commerce at home and worldwide.

 

Given the undeniable benefits that the open global Internet has brought to the U.S., building moats around our networks and subjecting them to constant, unaccountable audits and other restraints - all in the service of an immense online warfighting machine staffed by military contractors - would be burning the village in order to save it. It cannot be that we have lost our national ability to think creatively, expand our policy options and engage with other nations to introduce the constraints of the laws of war into online settings. In space, we’re pursuing an international code of conduct that will govern acceptable behavior. We need to translate those norms to cyberspace.

 

Our openness has always carried some risks to the U.S. We can be attacked. We should always prefer principled engagement - even with our enemies - to bellicosity driven by fear, particularly when our own citizens will otherwise be deeply harmed. We don’t have enough guns to direct at everyone around the world. We might as well communicate.