I’m working on a paper for a conference at U of T next Summer. I think it’ll be useful in helping me develop the surveillance/privacy aspect of my thesis, as most of my work thus far has focused on the security and risks/threats side and only really touched on surveillance. Coming from a cybersecurity perspective, I’ll look at the technical and legal possibilities for surveillance versus the popular conception of what the government/NSA are allowed to do and what is technically possible.
In popular culture, from 1983 and the release of War Games or 1984’s Neuromancer by William Gibson, the popular understanding of computers- and especially networked computers- has been that they can be manipulated by anyone with the requisite skills into doing almost anything, even accidentally starting nuclear war. Written in an era of intense insecurity and doubt, especially with regards to technology, the imprint of the Cold War is clear in these popular imaginaries. More recently, in an equally strong climate of fear, season 7 of the TV show 24 showed terrorists hacking into the air traffic control network in a display marrying the intense fear of terrorism centred around the hijacking of commercial flights on 9/11, with the growing uneasiness around these technological devices that we are so dependent on but don’t really understand. The most recent Die Hard movie, Live Free or Die Hard, took this uneasiness further, suggesting that hackers could take over the transportation system, air traffic control, phone and television networks, the power grid, the computer system at the FBI… anything run by a computer was potentially at risk, or was a threat.
More worryingly, however, is the message that comes from mainstream media, following a similar line. CNN in collaboration with the DHS earlier this year released footage of an experiment carried out on a generator like those operating the electrical power grid. The experiment was to show how easily an experienced hacker could break into the computers operating the generator, and not just shut it down, but blow it up. (The insider knowledge required to complete such a feat was not mentioned; nor was the fact that the hacking had occurred on a software program similar to the SCADA software operating the real grid.) The fear that there could be physical repercussions for acts carried out in cyberspace is not a new one, Weekly World News Ran this story in 2000:
Weekly World News is known for its outlandish cover stories which often verged on the satirical, however satire is based on reality. The actually alarming thing is that this rhetoric which was once restricted to sci fi movies and tabloids is now the fodder of mainstream newscasters such as CNN, who also recently ran a two hour special “focumentary”, Cyber Shock Wave, in which a situation room made up of current and former government officials attempted to formulate a strategy to deal with the catastrophic effects caused by a cyberattack. Richard Grusin describes this onslaught of cyber-fear mongering as part of a strategy of “premediation”, through which the media reports on potential threats with such detail and immediacy as to keep viewers in a constant state of low-level fear, and thus prepare the nation to face any threat that might occur in the future, rather than being surprised by the unthinkable in the manner of the 9/11 attacks. Grusin provides an interesting breakdown of this strategy at work in Cyber Shock Wave in his blog here.
Perhaps more alarmingly, while some strategists and members of the military and intelligence communities have been worrying about cyber attacks for some time, the hype and rhetoric involved is in some cases beginning to approximate that of CNN. Richard A. Clarke, counter terrorism and cybersecurity adviser for the Bush Sr., Clinton, and Bush Jr. administrations recently published a book warning of the perils of cyberterrorism and cyberwar which sounds at times as if it has borrowed great chunks from Die Hard 4.0; all that’s missing is a battered and bleeding John Maclean (but others are battered an bleeding in his place, as a result of the explosions triggered at oil refineries, chlorine gas released from chemical plants, the disabling of air traffic control, trains crashing into each other, and the entire country being plunged into darkness). For a more detailed review of Clarke’s book, visit Wired Magazine’s article “Richard Clarke’s Cyberwar File Under Fiction”.
However his book is not without merit. He offers a breakdown of the potential threats and various administrations’ and military and intelligence organizations’ reactions to these threats with a clarity and detail afforded by an insider. And his analysis of the threats is often quite reasonable and grounded- he presents the issues and potential solutions clearly and assesses them logically. However once he has done away with the workable potential for any limited solution, his alternative suggestions are so extreme that they would seem more fitting to the tightly regulated regime of China rather than the hands-off, limited big government ethos favored by Americans. In fact in describing the Great Firewall of China, he explains how China is in a much better position defensively due to the level of control is has over its networks, sounding somewhat envious of this level of regulation. Objectively this is probably true, but is he advocating such a controlling system for the US? It would seem so, as later on he promotes the idea of using deep packet inspection on Internet backbone ISPs (as an alternative to the apparently distasteful idea of using real incentives to force industry to regulate itself). While championing the American ethos of non-regulation of industry, he seems happy to do away with privacy rights as an alternative. Rather than promoting education and using stronger incentives to encourage industry to regulate itself, he would rather that we lock the Internet down as the safest and most fool-proof solution. He claims that “our nation’s strong belief in privacy rights and civil liberties is not incompatible with what we need to do to defend our cyberspace” (2010, P162). The people just need to trust in their government and intelligence organizations that this surveillance is not being misused, but is only used to protect. That’s a big ask considering, among other things, the recent warrentless wiretapping scandal over the NSA.
These are this issues I hope to explore in my paper. The public perception, the hype, the premediation, and in this context the strategies being pushed by the administration and their potential impact on privacy and civil liberties. Surveillence mechanisms and proposals to review will include the Einstein programs, Perfect Citizen, and, briefly, Echelon, as well as getting into some of the legal and jurisdictional issues.