The Culture of the Internet and the Fallacy of Fair Play

Part of the issue with the cyber realm is the difficulty in conceptualizing it in a way that is meaningful and understandable to the broader public. It’s everywhere but everyone’s experience of it is completely unique. With that in mind, the following line from Peter W Singer discussing Fred Kaplan’s new book ‘Dark Territory: The Secret History of Cyber War‘ is particularly interesting:

…leaders in Washington are having a hard time accepting a simple fact — that while the Internet may have been created by a United States government research program, it is no longer under American ­government control, or even American in its makeup.

The internet has moved from an American majority to a non-American majority place. There are two issues with this worth noting.

One, I think is what I call the Fallacy of Fair Play that has dogged the thinking of US businesses and organizations on the internet. Because the internet was created in the US there is an assumption that US values, derived from courts and law, are its natural operating environment. The truth is US values no longer predominate. In fact, the understanding of the internet is very different depending on where you are on the globe.

I would compare it to how kids often understand a technology’s application in a new way from the older generation’s intentions for the technology’s use. Nations like Russia, Iran and China may have initially seen the internet as a Made-in-the-USA threat to their domestic power structure. Over time, these same nations have come to see blind spots in the America’s use of the internet – the openness, the ease of accessibility, the expectation of transparency. All of it can be subverted and exploited from outside. In addition to the spoofed emails used in APTs, there are social cyber attacks, viral news manipulation, etc.

For those of us who remember the 1980s, when the computer-to-computer communication was popularised in films such as War Games (referenced, apparently in the Kaplan’s book), the internet also spawned its own sub-culture: conspiracy theory,  RPGs, sci-fi, libertarianism, the hacker ethos, and if I recall: talk of the Illuminati and the Church of the Sub-Genius. Being a wild land that knew no distances, but brought likeminded strangers together, there were shared codes of conduct that simply emerged, drawn from the other cultures, including gaming, that many early internet users knew.

A lot of that culture informs sites like Boing Boing today. For them, the culture of the internet has been about information being free. But now nations like China and Russia make it their business to have a say in what kind of information is published online, how the conversation progresses, etc. The goal is to shape the internet-using public’s views.

The second issue: in this new world, internet users in the the US, and other open democracies, constitute a kind of outpost in a global environment not so tolerant of Western standards. As I’ve argued before, one upside is that this may offer a meaningful way for Americans to think about the internet. After all, a hostile, unknown terrain, rife with unforeseen danger (cyber aggression) and opportunity from afar are themes of the explorer and frontier days. They speak to a Wild West of sorts.

This concept could provide a cultural shorthand which American stakeholders from all walks can rally around online. It would mark a change to the existing libertarian techno culture that prevails today and that is dominated by ‘heroes’ such as Edward Snowden and Chelsea Manning and Julian Assange. But judging from the current US election, Americans themselves may be tiring from the grandiose promise of libertarianism.

Follow Chris Zappone on Facebook

OPM hack: US sanctions option

While the US’s tussle with China over cybersecurity often gets noticed because of the industrial espionage concerns,  the White House executive order designed to address economic espionage allows the US…

to sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States.

That could include the Office of Personnel Management hack. Yet the kind of data the Chinese are accused of accessing is plain ol’ vanilla details on 21.5 million US employees. Not the business plans and intellectual property theft that is outside the “norms” of accepted behavior in state sponsored hacking. If there is any takeaway on the US side, it seems to be how flawed the OPM’s security was.

OPMHow was the US be so complacent for so long? At some level, those in charge (including the White House) must have believed they had the luxury of working within a kind of vacuum of threats. The elites in Washington and everyone else are seeing that rather than a vacuum the US is in a kind of pressure-cooker. Call it, the new normal.

Sony cyber hacking fallout: Lawful cowboys versus Elizabethan pirates

North Korea’s exact role in the Sony Pictures hack is unclear but what’s certain is the cyber attack on Hollywood is part of a a much bigger trend. What’s unique about the Sony incident is the way the plundered documents have been splashed around the internet. But frankly these kind of malicious cyber intrusions happen all the time, with much less, or even no fanfare. And the trend is for governments to use third-party hacker groups to stage damaging attacks on businesses, governments and institutions. This has created a dilemma for modern Western governments – because they are not dealing with a traditional state-to-state political problem, but they’re also not dealing with purely criminal gangs either.

1) It’s not just North Korea. From a Western perspective, the US should “recognize that most malicious actions in cyberspace directed against the United States come from hackers in two countries: China and Russia,” writes James Lewis of Center for Strategic and International Studies. And those countries, along with North Korea and Iran, outsource their most aggressive cyber actions to create a new dynamic in the contested cyberspace. Today, China and Russia “encourage their hackers to go after networks, data and money in the United States, and they protect them from prosecution,” says Lewis. Criminal groups in Russia steal from Western banks while China uses military units to steal plans and intellectual property for everything from the “F-35 fighter jet (the Joint Strike Fighter) to the formula for house paint,” he says.

2) So this is war, then? Not exactly. In China’s case, while much of the hacking is done by the military, much is aimed at economic and trade rather than military targets abroad. A lot of Chinese hacking is done by freelancers and even government employees in their off-hours. In many cases, it’s not even clear what the relationship is between the government and the hacking gangs. This arrangement brings to mind the way the British used pirates to overwhelm the superior Spanish armada in the 1500s, write Jordan Chandler Hirsch and Sam Adelsberg:

[In the 1500s, during the England’s Elizabethan Era] the Spanish empire boasted a fearsome navy, but it could not dominate the seas. Poorer and weaker England tested Spain’s might by encouraging and equipping would-be pirates to act on its behalf without official sanction. These semi-state-sponsored privateers robbed Spain of gold and pride as they raided ships off the coasts of the New World and Spain itself, enriching the English crown while augmenting its naval power.

3) Why is the hacking such a challenge? Because the way it’s being used is a recipe for what cyber analyst Kenneth Geers calls pandemonium. “Governments today are confronted with a paradox: to disconnect from the global Internet is folly – and yet network connectivity provides adversaries with a medium through which to commit cyber crime,  cyber espionage, or even cyber war,” he writes. The problem is made worse by the fact that pre-internet based law enforcement jurisdiction “ends every time a network cable crosses an international border.”

The Isles of Scilly where pirates once sailed and terrorized passing ships
The Isles of Scilly where pirates once ruled

Western governments’ last major great power geopolitical challenge was the Cold War, a time before the internet. Today, write Hirsch and Adelsberg

Neither the United States nor China can slice cyberspace into the reassuring structure of spheres of influence [such as those seen during the Cold War]. With no obvious borders for states to violate or defend, power in cyberspace is at once easier to exercise and harder to maintain, a battle of subtleties rather than hard-nosed deterrence.

4) So how are Western governments reacting? The US, publicly at least, has taken a nimble approach, bringing cases against foreign individuals accused of cyber crime including North Korean officials. Over the longer term, experts like Geers and CSIS’s Lewis see an international treaty about acceptable behavior online as the best way to stabilize the volatile situation.

Lewis says the Wild West frontier days of the internet “are over” and that now is the time for laws, rules and enforcement to be put in place to help weed out the kind of hacking threats faced by governments and businesses everywhere. He gives the example of the Western classic The Man Who Shot Liberty Valance, in which “a mild-mannered lawyer (played by Jimmy Stewart) supplants a larger-than-life cowboy (played by John Wayne) who pioneered the West.” Bottom line: what the world needs, is an inclusive, all-encompassing treaty on what exactly is kosher activity online, many Western experts say.

The Western movie poster
The Western movie poster

5) Wouldn’t a treaty hurt internet freedom? After all, isn’t the internet a place where ideas and content level the playing field with governments and powerful interests? Lewis acknowledges that the idea of “formal cooperation among governments is anathema to the old-school Internet community.” It would be a tough sell not just internationally but domestically. Look at the backlash over the Australian government’s meta-data retention laws or the prospect of creating a two-speed internet in the US in which companies can buy faster download speeds.

6) Good luck with that treaty idea. While China and the US recently made climate deal announcements side-by-side, what is the upside for China to cooperate on an issue that poses a greater threat to a US-led world order than Chinese-led one? The paradox is more stark when you look at rocky Russia-US relations. Why would Russia, which wants to block perceived American ‘imperialism’ at its border, strengthen the US’s hand by adopting Uncle Sam’s vision of a tamed internet? Further, Russian hackers are considered some of the most skilled in the world – why would Russia set aside that tool at a time like this?

Welsh pirate Bartholomew Roberts aka Black Bart (public domain)
Welsh pirate Bartholomew Roberts aka Black Bart (public domain)

7)  Because Russia and China have an internet problem too. Terrorism, dissent and news control are issues for the governments of China and Russia. Because of the internet’s roots in the US, coupled with revelations about the extent of the NSA’s capabilities, there is the perception of the internet in its current form is an extension of American power, and thus a threat to Beijing and Moscow’s aspirations. Russia, China and some ex-Soviet Republics have proposed an International Code of Conduct for Information Security that would favor information security, rather than network security, in maintaining an authoritarian preference for censorship. Another split in views over the future of the internet can be seen in the debate over governance at the International Telecommunication Union. Geers notes: “There are already hints of emerging alliances in cyberspace.”

8) But for now, the internet is a Wild West… The Wild West analogy, like the pirate analogy isn’t perfect. But they’re an approximation of the geopolitical situation online. And to extend the Wild West analogy it’s fair to say today’s cyber competition is less a showdown at high noon than an Indian raid by an endless parade of tribes that are impossible to identify, with motives that aren’t entirely clear. While the US will lobby for the case of laws on this frontier, the current state of affairs may benefit Moscow and Beijing too much to change it. That’s why the hope for an internationally acceptable treaty is a long shot. CSIS’s Lewis compares the need for a cyber treaty to the Bretton Woods agreements on “rules, norms and institutions to manage” created at the end of World War II. But today China is challenging a global system built on the Bretton Woods agreement.

The US-China cyber working group, for example, has halted cooperation. Besides, even if governments in Washington, Moscow, Beijing and Canberra forged an agreement, it’s the relationship between governments and underground and unofficial cyber gangs that matter. China relies on military hackers. Does China’s Communist Party exercise full control over the military? Russia relies on criminal hacking gangs. Can the Kremlin fully control them, or, like the rebels in Ukraine, are they on a long leash?

In fact, Hirsch and Adelsberg see a risk of Western countries trying to grapple with cybersecurity issue as if it were a Cold War-era geopolitical matter. “The cold war model of a struggle with calibrated boundaries, clear rules, and the threat of mutual assured destruction simply doesn’t fit cyberspace,” they write.

9) And if it’s a world of pirates? Pirates flourished until the end of the Thirty Years War in Europe, when the Treaties of Westphalia in 1648 was signed in Europe, effectively putting into place the foundations of the modern nation-state. At the same time, navies of the new world nations were stronger and capable of subduing pirate ships at seas. In other words, the decline of the pirates coincided with the rise of nation states with sovereign borders.

Today, however, rising powers, like China, are not based on the rule of law as much as rule of power. Russia, meanwhile, is willing to ignore internationally recognized borders to achieve strategic goals. All in all, a vastly different situation on the ground than the last Cold War, which ended with the Fall of the Berlin Wall in 1989.

Can Washington and other liberal democracies step into this Wild West, and like the lawyer Ranse Stoddard from The Man Who Shot Liberty Valance, see the power of law prevail over the power of force? Hopes for a treaty align nicely with a law-based government. But law-based societies begin at home and the current crop of Republicans who have just won back power in US Congress don’t seem to understand this.

Also, governments with kleptocratic tendencies that rely on bandits to attack targets in the West are effectively getting into bed with the kind of lawlessness that could destabilize the authoritarian regimes themselves, making the Western-favored rules-based order more attractive. But unfortunately, the world may need to see more chaos before that option looks attainable. Meanwhile, the digital frontier remains wild and Hollywood scripts, rather than giving a pop-culture example for the solving the problem, are themselves part of the booty today’s pirates have plundered.

Progress? US and China agree to talk about cyber rules

I guess public shaming does have a role…

From the NYTimes…

The United States and China have agreed to hold regular, high-level talks on how to set standards of behavior for cybersecurity and commercial espionage, the first diplomatic effort to defuse the tensions over what the United States says is a daily barrage of computer break-ins and theft of corporate and government secrets.

Talks begin in July, after Obama and Xi’s face-to-face. Why wait? I ask

Elsewhere, others are already questioning if the US should pursue a strategy developed during the Cold War, a time of set borders and gun-point diplomacy.