In recent weeks the governments of Britain, Israel, the US, Japan, India and China have reported alleged cyber attacks by foreign militaries, hackers, and malicious software like Duqu, a virus similar to the Stuxnet cyber weapon constructed by Israel and the US for use against Iran’s nuclear program. Although the nature and origin of the attacks or even whether they took place at all cannot be independently confirmed, the supposed threats are being used to propose punishing new legislation aimed at stifling internet freedoms and are igniting new rivalries in what many see as the battlefield of the 21st century: cyberspace.
In the US, a report to congress by the National Counterintelligence Executive is touting cyber-espionage as a major threat to the American economy. In a section entitled “Pervasive Threat from Adversaries and Partners” the report reads:
“Chinese actors are the world’s most active and persistent perpetrators of economic espionage” and “Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.”
In the wake of the report, DARPA, the Defense Advanced Research Projects Agency tasked with maintaining the US military’s technological advantage, has asked for a 73% funding increase in fiscal 2012, from $120 million to $208 million. Meanwhile, China has lashed out at the report, calling such allegations “irresponsible.”
Now, governments around the world are using fears over cyber attacks as an excuse to crack down on the internet freedoms of their own populations.
Last month, China vowed a crackdown on social media websites and microblogs as a response to increased boldness in Chinese bloggers in criticizing the government. Beijing’s poor response to the high-speed rail crash in Wenzhou earlier this year led to such an outpouring of abuse on the internet that the story was picked up by China’s mainstream broadcasters. A statement from the State Internet Information Office is vowing that such criticism will not be tolerated however, with Xinhua reporting that three of the offending bloggers have been punished by local authorities.
Just days after that announcement, the U.S. Department of Homeland Security announced that it’s considering using social media to track and surveil its own population. DHS Undersecretary Caryn Wagner said that the government fears social unrest like that seen in Tunisia last December and wants to use social media services like Twitter to monitor its own population. Last January, Senators Lieberman and Collins renewed calls to give the president a kill switch over the internet to protect the government in times of emergency, a call echoed by Senator McCain last July.
Last week, British Prime Minister David Cameron spoke of the need to strike a balance between cybersecurity and freedom of speech. Speaking at a London cyberspace conference, he renewed British calls for an international framework for cybersecurity. Internet security expert Eugene Kaspersky, speaking at the same conference, defended his own idea for internet passports as a requirement for logging on to the internet and an internet police force for cracking down on unwanted behaviour, adding that countries that did not agree to such a framework should simply be cut off from the internet.
Kaspersky is not the only one arguing for a so-called passport or license to access the internet. In the past, the idea has been proposed by Craig Mundie, Microsoft’s chief technology officer, and the White House drafted a proposal earlier this year encouraging the private-sector development of an Internet ID.
Critics say that such a plan would be the end of the internet as we know it, making legitimate political protest and government crticism impossible. In a scathing critique of Kaspeserky’s proposal, security technologist Bruce Schneier lashed out at attempts to end anonymity on the internet:
“Universal identification is impossible. Even attribution – knowing who is responsible for particular internet packets – is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide,” he wrote. “Attempts to banish anonymity from the internet won’t affect those savvy enough to bypass it, would cost billions, and would have only a negligible effect on security.”