Susan Crawford on The Militarization of the Internet
1. Cyberattack – there appears to be a deep interest in the ability to declare war online, as evidenced by cybersecurity research and public speeches by Herbert Lin, a key player who has worked on several cybersecurity reports for the National Research Council. Ethan Zuckerman has summarized a presentation by Lin, which included the following paraphrase of Lin’s remarks:
If we’re interested in pre-empting cyber attack, “you need to be in the other guy’s networks.” But that may mean breaking into the home computers of US citizens. To the extent that cloud computing crosses national borders, perhaps we’re attacking computers in multiple jurisdictions. Lin wonders whether a more authenticated internet will actually help us to pre-empt attack. And he reminds us that US Strategic Command asserts authorization to conduct “active threat neutralization” – i.e., logging into your machine to stop an attack in progress. . . .
Dr. Lin notes that it’s not a violation of international law to collect intelligence abroad. It’s possible to engage in covert action as regulated by US statute. And there’s an array of possible responses the US could launch in response to cyberattack (Lin pauses to note that he’s not advocating any of these) – we could attack enemy air defenses, hack their voting machines to influence an election, conduct campaigns of cyberexploitation to spy within those nations. Given all this, aren’t nations entitled to fear the consequences of a “free and open” internet? Might they reasonably choose to tighten national control over the internet?
2. A “more authenticated Internet” would obviously include using the leverage provided by network operators to permit only fully-authorized, identified machines to connect. The ability to remotely disconnect machines or devices until they are cleansed is now within reach for federal networks – this same capability will inevitably spread to private connections. […]
7. The Internet is not the same thing as a telephone network. It’s a decentralized agreement to route packets of information to particular addresses. It has made possible unparalleled innovation, free speech, and improvements to human lives around the world. Retrofitting it to make it fit law enforcement’s (or national security’s) “authentication” needs would be an enormous, retrograde step.
But it would certainly help us wage war online.
The ginned-up cyberwar threat works: 61 percent of Americans polled for a new security study believe the president should have an Internet “kill switch.” The results suggest that the public may support a pending cybersecurity bill giving greater authority over the Internet to the president in the event of an emergency.