Those of us in the data privacy business have been expecting an “I-9/11” event for some time. We knew too well that the “big, scary event” routine worked in 2001, and that the control freaks would eventually reprise it.
Our “cyber-9/11” idea started looking especially good in July of 2008, when Internet law expert Larry Lessig recounted the details of a conversation he had with Richard A. Clarke, a longtime (and very high-level) counter terrorism official.
Lessig reported that as his conversation began, Clarke revealed that the Patriot Act had been sitting in a drawer at the US Justice Department for 20 years, before an event came along that allowed it to be pushed it into law. In other words, they were waiting for some big fear to come along and frighten people enough to accept it.
Once that fear showed up, the plan was pulled out of its drawer and signed into law.
Lessig then asked Clarke if there was such a plan for the Internet, ready to be pulled out of its drawer after some sort of cyberattack. “Of course there is,” said Clarke.
So our suspicion that the boys in Washington are holding a plan to further bastardize the Internet rests on a solid foundation. And by the way, you can find the original Lessig story with the Wayback Machine. (There used to be a YouTube video showing Lessig talking about this, but it has been removed.)
One of the hottest budget items for militaries over the past few years has been cyberwar. New and obscure things always stoke fear the best, and fear is the bedrock of government and military budgets. As a result, we’re getting a lot of noise about cyberwar.
Here are just two of the recent stories that have been widely promoted:
- The chairman of the House Committee on Homeland Security wants us to fear a “Cyber Pearl Harbor.” Please note that this controller of budgets blames the Sony hack on “a nation state,” when that is all but certainly false. See here, here, and here.
- The UK prime Minister wants to forbid any encryption that he and his minions can’t read. These people are taking 1984 as an instruction manual, and at the same time presenting themselves as agents of the good.
Here’s a superbly produced series of videos pumping the fear of cyberwar. The series was paid for by an interesting triumvirate, including:
- The International Cyber Security Protection Alliance (ICSPA), “established to channel funding, expertise and assistance directly to assist law enforcement cyber crime units in both domestic and international markets.”
- The European Police Office, Europol, the law enforcement agency of the EU.
- Trend Micro, a “global security software company.”
And just last week, we were treated to the FBI’s former assistant director wanting to “Keep Fear Alive.”
The usual suspects are hungry for funding and control; they are longing for cyberwar—it’s the answer to their problems.
The Guys Who Knew How to Fix Things Were Criminalized
The one area of cybercrime that has affected average folks is identity theft. What few people know about identity theft, however, is that it was solved a long time ago.
The solution was anonymous, digital cash, and it eliminated identity theft by separating identity and money. The problem was that governments hated it and did their best to stop it… and stop it they did.
So the next time someone complains about identity theft, you might remind them that it only exists because the guys who knew how to solve the problem (the cypherpunks) were treated like criminals.
One has to wonder what other problems cypherpunks could have solved if they had been permitted to live freely.
While on the topic, I should probably insert an important side subject: cybercrime is made serious by imprudent engineering.
With so many systems automated and interconnected, no one really knows where all the vulnerabilities lie these days. That, to me, is bad design.
Power grids, for example, don’t need to be connected to the Internet. Some engineers have disagreed with me on this, claiming benefits and having great faith in “industrial firewalls.” Needless to say, I didn’t find those arguments convincing; power distribution systems, after all, worked just fine before the Internet.
Were I in charge of a critical system, there’s no way I’d allow it to be connected to the Internet; the risk is far greater than the small payoff that might be gained from putting it online. I’d rather hire a couple of extra people to relay communications between known and trusted parties. What would that take away from the bottom line at a utility company, 0.0001%?
However it comes along, there will be some kind of “cyber event” in our future; that much is clear. A certain percentage of humans have always done stupid and/or bad things, and there’s no reason to think that they’ll stop now.
So, whenever and however it is that a cyber event happens, we can also expect a surfeit of public fear stoked by all the usual suspects and followed by a tremendous new plan that will take away our fear! (And benefit them greatly.)
That moment will be another test for the people of the West: Will they throw themselves at the feet of their fearmongers again? Or will they recognize fear as the brain hack that it is?
Sooner or later, in one way or another, that day of testing approaches.
This article was originally published by Casey Research.