So the Chinese are hacking our defense, government and corporate digital data, and trying to make it look like the Indians did it. This week’s news revealed that officials in the US and the UK believe China has been aggressively undertaking highly sophisticated and often multi-stage attacks to steal information on pretty much anything it wants – and in a particular recent instance, went to great lengths to make it look like the government of India was behind it. It is extremely difficult to detect and trace these attacks, and the pool of brainpower who can do this difficult work is narrow. I heard a story on the radio last night in which a Chinese hacker was quoted as saying ‘information on the Internet wants to be free’. Really? Digital content behind strict firewalls is not just hanging out on the Internet waiting to be plucked. The hacker said the Chinese government’s position was that such activity would be illegal, but it’s becoming pretty well known that they actually sponsor a lot of it. Yet call it out and they’re just SHOCKED and deeply offended that they would be victimized yet again through such vile accusations. Get over it. It is time for the U.S. government to get very tough on this issue. For those who worry that our next physical war could be with the Chinese, I don’t think that’s very likely. Cyberspace is the new front line, and so far, we’re losing the battle.
Author Archive for Kathy Stershic
Cyberspace is the New Front Line
Social Pushback
I guess it had to happen. Facebook is officially becoming ‘uncool‘ with its recent acquisition of Instagram. Getting too Big Friend-ish. I actually know of multiple people who have been pulling back on their FB posting in recent months, due to continual changes to the interface, fluid privacy policies and too many forgotten people from the past now wanting to be online friends. With the hoopla around the pending IPO, and houses in Palo Alto selling way above asking with competing offers, FB is feeling maybe just a little too big corporate for some.
I don’t think anyone would argue that cyber security is a BIG problem. Not just hackers trying to get at your hard drive through sneaky emails. There are bad guys out there who might want to do things like take down the power grid. Or knock out entire networks. Or bring transportation systems to their knees. The threats are real and many. There is a definite and proper role for strong, coordinated government initiatives to protect the country from cyber attacks – such action is, in my opinion, overdue. But who in the government is given that responsibility – and substantial accompanying authority – is up for grabs, and a power play is unfolding. I suspect most Americans have no idea of the changes that could happen fairly soon.
There is a Senate cyber security bill sponsored by John McCain [called SECURE IT] that would authorize internet service providers and other private sector companies to monitor communications and share information – potentially YOUR communications – with the National Security Agency (NSA) – the secret spy guys – or other Federal agencies. The bill contains very loose language defining ‘cyber threat indicators’ that would give the NSA a lot of leeway to track pretty much whatever they want – in effect imposing military authority over civilian activities. Information sharing would be “notwithstanding any law.” That means any other existing law would be subordinate to it. And with the NSA being a secretive agency by its nature, any misuses or over-reach would be hard to get at.
A probably more suitable agency to take on cyber security management is the Department of Homeland Security. It is non-military and more appropriate to oversee private sector concerns. Even then, we still need a line between private sector networks and government entities – not everything should be the government’s for the taking. The implications for individual citizens and American corporations are staggering.
There are other bills under consideration in the House and the Senate that would be less threatening to civil rights and personal privacy – I won’t claim to understand the detailed legalese – but McCain’s bill seems to have some momentum that should not be ignored. Our government needs to do something, very soon, but I don’t think we need a Patriot Act for the internet. A reasonable balance between security and privacy must be maintained.
Average people need to understand that there will soon likely be significant albeit unseen changes in the open and free internet we’ve grown up with. While Google’s recent lack of ‘privacy policy’ made big news, I wonder how many people actually changed their online habits to protect their own data. If the NSA is next to have at our digital information, I think we’ve really moved One Giant Step closer to Orwell’s Big Brother. For those who find this possibility troubling, you might need to do something – like write your Senator and tell them so.
More information on the SECURE IT and other cyber security bills is available on the Center for Democracy and Technology’s web site.
The Rutgers Verdict
I was deeply troubled a year ago when Tyler Clementi took his life after his roommate outed him using a spycam over the web. As an alumnus of Rutgers, I was outraged that this shame was brought upon our school. Today, the perpetrator was found guilty of criminal conduct and is going to jail for quite a while, or else facing deportation back to India, or both. As RU students back in the dark age, we conducted our share of pranks, but this situation was entirely different – just way over the line. The ruin of two young lives is tragic, and the implications for digital privacy are perhaps ground-breaking. In an age when anything and everything seems like fair game online, a jury of ordinary people have finally said ‘enough’. While this wasn’t a data privacy issue, it drives the issue of privacy front and center. The case is bound to set legal precedent, and hopefully will serve as a reminder to others who believe that because it can be done, it’s ok to be done. I wonder if its implications will elevate awareness and some thoughtfulness, particularly among younger people, about the implications for other layers of privacy in a continually connected world.
Hillicon Valley today reports that the House Energy and Commerce Committee is going to draft new legislation this week to overhaul how the Federal Communications Commission operates. New legislation would require the FCC to “identify a market failure, consumer harm or regulatory barrier before adopting new regulations” [new laws about new laws?], and to demonstrate how benefits of any proposed regulations would outweigh their costs. That thinking seems a little after the fact to me. Given all of the current hubbub over Google’s new privacy policy, I guess I’ve been expecting more legislative action on privacy, but it looks like we may not see any real action on that for a while.
Double Standards
Microsoft seems to have a double standard on standards. In acquiring online videoconferencing leader Skype last year, Microsoft refused to commit to standards-based interoperability between Skype and other video communication products. The US and the EU gave their ok for this deal as-is, thereby enabling proliferation of a proprietary Skype platform with the market reach and resources of Microsoft behind it. Their belief was that consumers would still have plenty of other VoIP choices, so this was not an anti-competitive situation.
Consumer choice of a platform is not necessarily the issue, but I don’t think regulators understand this. Like with the telphone, one way calls don’t work. People will choose different vendors’ platforms, and those should be able to talk to each other.
Yesterday, networking giant Cisco, a major player in the Video and VoIP business, filed an appeal with the General Court of the European Union asking for a review of the EU’s approval of Microsoft’s Skype acquisition. The basis for the objection is not the merger itself, but Microsoft’s refusal to embrace standards-based interoperability between Skype and other video communications products. Cisco’s stated goal is to “ensure broader customer choice, greater competition…and to help foster an environment in which video calling is as easy and seamless as a voice call or an email is today.”
Microsoft has a history of trying to monopolize markets, and I would have thought they would have learned from the Internet Explorer anti-trust bruhah with the EU that incurred years of costly litigation and huge fines. But the current Skype issue is all the more audacious, considering that when Cisco acquired Swedish video company Tandberg in 2010, Microsoft lobbied the European Commission for the same kind of standards based interoperability commitments, to which Cisco agreed. Now in the opposite position, Microsoft isn’t interested in playing fair, and it would seem isn’t confident enough in its ability to deliver the product of consumer choice, so that it is dug in to a protectionist stance.
It puzzles me that in this internet era, companies think they can still lock up proprietary markets. Skype is a popular platform, but VoIP video conferencing is still nascent. As adoption grows, I believe consumer demands will force the need for openness, as is happening in so many other online applications. While the EU is the target of this week’s action, the US is certainly as complicit in approving the deal last year. That legislators still don’t get the recurring pattern of what happens with ICT lets me know there’s a long way to go with making sense of technology and policy.
Quick Left Hook
I came to DC in large part to explore the relationship between Silicon Valley and government and figure out how I could participate. What I’ve found over the course of my studies is a big disconnect between the two – a lack of understanding, a major cultural chasm, different realities and different world views. While Tech seems to ignore government as much as it can, the recent SOPA/PIPA confrontation brought these two domains to a face to face stare down, and Tech won in short order. One day of protest by such staples of modern life as Google, Wikepedia, Craigslist, and many more knocked Congress for a loop, backing away from legislation that had previously been pretty much assured passage.
With writing having been a big part of my career, I’m very sensitive to intellectual property rights. I am opposed to taking for-profit digital content for free. But in reality, we live in a radically different world where these practices are not only possible, they flourish – and it’s not just the Chinese or Russians doing it. Like the drug trade, illegal product is put where there is market demand – that includes the U.S. The demand must be stemmed – through education, through more realistic economic models (look what iTunes has done for 99 cents) as well as through technology. Young people in particular need to understand that illegally taking content costs jobs.
President Obama gave a nod to this issue in the SOTU address Tuesday night as he took on the issue of unfair trading practices. Policy approaches may be useful, but nothing hits home like real experience. When and if people in countries like China actually start to apply their own innovation and creativity, and then see their intellectual content stolen, they’ll get it.
But the internet cannot and should not be policed in the way SOPA was suggesting. Starting back with Napster [I know, dating myself], the world changed. Old laws no longer apply, and with technology moving so fast, there is no one who knows or even can know quite what to do about this problem. We are in uncharted territory. With one powerful jab last week, Internet content aggregators let it be known that they’re not going to take that responsibility- pushing Congress back to the ropes.
Exposed
The Economist Intelligence Unit, with backing from Booz Allen Hamilton, has just published the CyberPower Index, an index of G20 countries’ ability to withstand cyber attacks and to “deploy the digital infrastructure necessary for a productive and secure economy.” On the one hand, I suppose this report can serve as a wake-up call, as it exposes legal/regulatory, economic and technical vulnerabilities that these countries need to address. I can see it being influential to investors looking for safe international opportunities. But on the other hand, it seems a bit provocative, maybe even mean-spirited, to point out who is most vulnerable, and why. Like telling a burgular which house is empty and where the goods are. The Index is backed by research papers, which Booz describes as ”examining how the business community is responding to the opportunities and challenges offered by cyber.” This covers how organizations and governments can build cyber resilience, particularly in an era of mobile computing. I’m sure this is a way for Booz to sell consulting services, but such a tactic seems a bit over the top to me. I’d welcome any insights and discussion on why this is a good thing.
Think New
Hopeful start to the new year that on January 6th the Department of Commerce released a meaty report and policy paper The Competitiveness and Innovative Capacity of the United States to the U.S. Congress. This work indicates the growing level of urgency around our slipping national competitiveness and the need for both sides of the aisle to take this seriously and think and act long term. In advocating for more support of STEM education, government investment in research, and needed incentives for industry, the paper is an interesting follow up to the National Academies’ 2005 Rising Above the Gathering Storm, which formally presented many of these same ideas and messages. While Gathering Storm was considered a wake-up call at the time, sadly we are not in any better a position seven years later. It also came from an academic perspective, but now we have Commerce, advised by the National Economic Council, beating the drum. By summarizing the abundance of issues, from SmartGrid to broadband spectrum management to next gen air traffic control and more, hopefully the new Competitiveness and Innovation report will start getting Congress more focused on these big issues that are already impacting us economically and socially.
The Growing Innovation Gap
“You don’t have to slow down to be passed by others; they speed up.”
These evocative words from Bran Ferren, Co-Chairman Applied Minds, resonated through the Potomac Institute’s symposium – Effective Innovation: Keeping America On Top. Whether from slipping national investment in R&D or poor STEM education among the student population or inadequate processes for tech transfer, we are losing our national competitiveness in innovation. If there was ever an issue for improved technology policy, this is it.
