April 21, 2013

The Boston Bombings, Knee-Jerks, Arthur C. Clarke, and CISPA

A couple of days ago on my Google+ feed, I mentioned that this has been one of those weeks where I've really felt that I've been channeling Mr. Spock.

This generated an immediate comment from one of my regular followers, who noted that it seems to him that I'm actually doing that 52 weeks a year.


But as we consider the events in Boston of the last week, it's worth keeping in mind the incredibly bad decisions flowing mainly from emotional responses to 9/11, that appear poised for a repeat performance now.

I don't really need to remind you of the list, but here's just a quick refresher of a few examples. Emotion over logic yielded us DHS and TSA with their heavy-handed abuses, wars in Iraq and Afghanistan that have been unimaginably expensive in terms of lives and treasure with no real positive results to be seen, the rise of targeted "video game" killings via drones with significant deaths of innocents including children, and generally an increase in anti-U.S. hatred that has radicalized even some American citizens with backgrounds originally void of terrorist leanings at all.

Now, in the wake of the Boston bombings, we're hearing familiar themes once again.

More cameras. Drones galore. Fewer civil liberties.

You know the drill.

Politicians are incredibly sensitive creatures in their ability to sense the public attitude of the moment, especially if it can help them come the next election. Whether or not they act on these signals depends on their perceived risks/benefits analysis.

Thus we see politicos ignoring the will of 90% of the U.S. population in favor of expanded gun background checks, but we also already see these same elected officials now scrambling to jump on the knee-jerk technological surveillance bandwagon, even if a week ago they were taking an essentially contrary stand.

Technological realities are generally not germane to their analytical viewpoints.

We know a lot about domestic video surveillance now, and the overwhelming bulk of evidence suggests that it is relatively useless in stopping terrorist attacks (or even much ordinary crime) and is mainly of use to track down culprits after the damage is already done -- if then.

This proved true even in the case of the Boston bombings, the locale of which must have represented one of the densest concentrations of video and still photography in a single location in history. And even there, despite what you might have heard, highly touted tech such as facial recognition systems apparently played virtually no role at all. The reality is that these systems are only useful under very narrowly defined conditions, the breathless pronouncements of their vested supporters notwithstanding.

And in addition to knee-jerk reactions, we have actual political jerks as well.

Since the capture of the teenage bombing suspect now in hospital -- a naturalized U.S. citizen, by the way -- we've already seen the specter of GOP senators expressing their disdain for the U.S. justice system, demanding that he be declared an "enemy combatant." This despite the fact that based on what we know right now, there is no legal justification for such a determination, and in fact the enemy combatant system -- which could have been better run by "The Three Stooges" -- is tied up in knots of incompetency which make the worst problems in the conventional justice system look trivial by comparison.

And what was unspoken by these U.S. senators was explicitly tweeted by a New York state senator, who apparently graduated from the Air Force Academy without understanding what the Bill of Rights is all about, who blatantly called for "torturing the punk."

To my mind, the sensibilities expressed by these officials are far more dangerous to our civil liberties and way of life than any terrorists.

There are those two words again that so many politicians attempt to ignore: civil liberties.

Understandably pushed into the background during the week was the U.S. House of Representatives passing CISPA legislation that would enable information sharing between government and private industry, that many observers view as rife with the potential for civil liberties abuses.

CISPA is a complex topic. There is no denying that there are actual "cyber" threats. Some of the major Internet firms that had been more openly opposed to previous legislative attempts along these lines have not been presenting formal stances one way or another on CISPA, likely assuming (with some genuine justification from their standpoints) that the current bill is probably the best they could hope to see in the ongoing toxic political atmosphere, and that anything else likely to appear would probably be even worse all around.

In my view, and the view of many others, cyber threats -- while they obviously do exist -- have been vastly overstated by homeland security and military entities, and of course by their affiliated contractor minions in what we might call the "cyberwar-industrial complex" (or my preferred term, the "cyberscare-industrial complex").

Their purpose is clear enough. Sow FUD - Fear, Uncertainty, and Doubt, in a blatant attempt to accumulate vast resources (both in terms of power and funding) to their own both ostensibly offensive and defensive "cyber" regimes, that will enhance their own organizations, not to mention their post-military employment and financial opportunities.

Cyberfear is perfect for these goals. It's almost impossible to prove that a "cyber attack" (whatever that actually means) came from any particular source, or to defend against such accusations. This makes blaming your current "designated enemy" politically expedient indeed.

There are real world consequences to this approach. Already, we've seen high ranking defense officials claiming that "cyberwar" is more dangerous than conventional terrorism. They impress politicians with carefully rigged demos of imaginary cyber-based infrastructure attacks, and demand ever more money for their "cyber armies."

Until bad publicity got in their way, they were even disgracefully planning to give medals to "cyber troops" (and also to remote drone operators, by the way), who faced absolutely no personal risks compared to our brave troops actually fighting in the trenches.

This is all basically part of a concerted effort to elevate military cyberops to the same level as conventional war -- made all the more explicit by arguments about when a conventional retaliation is justified in response to a cyber attack. And remember, as we just discussed, proving where a cyber attack actually comes from is highly problematic. How handy.

Yet if we pull back a bit and look at the broader picture, we find that the disingenuous nature of these official pronouncements is even more extreme.

The disgraceful fact is that we see officials attempting to equate people being unable to access online banking for a few hours to the situation engendered by a terrorist carrying a suitcase nuke into the heart of a major city.

We see enormously overblown concerns about Internet-based infrastructure attacks, when the reality is that one guy in the desert with conventional explosives could take down a high tension power line and be enormously disruptive, or cut off water to millions by simply blowing away a chunk of a major aqueduct. And so on.

But there's no political "sexiness" -- no major funding or power grab opportunities -- in trying to defend against low tech attacks that can be extremely effective, but nearly impossible to prevent.

Remember, officials shut down the entire Boston area, invoking what could arguably be called a de facto martial law condition, to search for a single teenaged suspect armed only with conventional guns (thanks NRA!) and homemade explosives of a sort that anyone could produce in a few hours after gathering components at the local Walmart.

Which brings us back to CISPA.

At least prior to last week, word from the White House was that President Obama's advisers would urge that he veto CISPA if it reached his desk (after consolidation with any parallel Senate legislation) without significant pro-privacy changes.

That is, this was the word we had prior to the incredibly low tech but still quite effective attacks in Boston, conducted by a pair of youthful brothers who apparently didn't even have an effective escape plan in mind, and despite thousands of video cameras in the immediate vicinity.

Given all that we've reviewed above, I would not be at all surprised to see the president backtrack and now be viewed as being much more accepting of CISPA, bowing to the political pressure that will be actively attempting to conflate even the amateurish attack in Boston -- based on hardware from a hardware store, not from a computer store -- with the exaggerated and self-serving FUD of the cyberscare community. I personally still hope that President Obama holds firm to his originally reported stance in this regard.

More than sixty years ago, Arthur C. Clarke published a short science fiction story called "Superiority" -- that we should very much keep in mind today.

It tells the saga of an interstellar war, where the technologically far superior side, by virtue of diverting so much of its attention and resources to high-tech systems that never really performed as promised by their proponents, were ultimately overwhelmed by their technologically inferior adversaries using comparatively low-tech weapons.

As we consider the aftermath of Boston, and the potential effects of CISPA, it would be unfortunate indeed -- and yes, "highly illogical" -- if we fell into the same trap as the losing side in Clarke's story, all the more so if our civil liberties become collateral damage in the process.


Posted by Lauren at April 21, 2013 10:59 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein