Now a Harvard Lawprof. Jack Goldsmith could only tolerate 9 months in the Office of Legal Counsel during the Bush administration, documented in his book The Terror Presidency. You might think that the lessons learned inside Ashcroft’s Justice Department would have sunk in, but unfortunately not, as shown in his New York Times Op-Ed.
After describing the obvious, that the nation, it’s daily functioning and ultimately our national security, relies on the viability of the internet, he points out that a chain is only as strong as its weakest link.
One of many hurdles to meeting this goal is that the private sector owns and controls most of the networks the government must protect. In addition to banks, energy suppliers and telecommunication companies, military and intelligence agencies use these private networks. This is a dangerous state of affairs, because the firms that build and run computer and communications networks focus on increasing profits, not protecting national security. They invest in levels of safety that satisfy their own purposes, and tend not to worry when they contribute to insecure networks that jeopardize national security.
This is a classic market failure that only government leadership can correct. The tricky task is for the government to fix the problem in ways that do not stifle innovation or unduly hamper civil liberties.
Already, the question asked suggests how Goldsmith is going to veer off course. or not “unduly hamper civil liberties.” What are the chances that his “unduly” will align with the “unduly” of the rest of us?
Goldsmith’s contention that our nation needs a secure internet, capable of preventing everyone from hackers to terrorists from seizing control of our systems and crashing our nation. But to suggest that private networks have no interest in security, and therefore needs to be under the thumb of our government to protect us from them is the attitude of those who are true believers that government, and only government, can be trusted. This trust of government leads Goldsmith down the wrong path.
Goldsmith’s contention that our nation needs a secure internet, capable of preventing everyone from hackers to terrorists from seizing control of our systems and crashing our nation. But to suggest that private networks have no interest in security, and therefore needs to be under the thumb of our government to protect us from them is the attitude of those who are true believers that government, and only government, can be trusted. This trust of government leads Goldsmith down the wrong path.
Our digital security problems start with ordinary computer users who do not take security seriously. Their computers can be infiltrated and used as vehicles for attacks on military or corporate systems. They are also often the first place that adversaries go to steal credentials or identify targets as a prelude to larger attacks.
So stealing my passwords is the key to infiltrating our government computer systems? I don’t think so. Hard as it is to imagine, I have no entrée into the government’s computers. I would like to, but I don’t. Assuming computer hackers with evil intent get hold of my computer, they could lay waste to Simple Justice, but I believe that the government remains safe.
The problem with this paragraph is that this is where Goldsmith meanders down the road from major computer systems to the computers of the little people, which now, by extension, require the same government oversight, “for our own good.” See where this is heading yet?
The problem with this paragraph is that this is where Goldsmith meanders down the road from major computer systems to the computers of the little people, which now, by extension, require the same government oversight, “for our own good.” See where this is heading yet?
But the private sector cannot protect these networks by itself any more than it can protect the land, air or water channels through which foreign adversaries or criminal organizations might attack us. The government must be prepared to monitor and, if necessary, intervene to secure channels of cyberattack as well.
And here it comes. We can’t protect ourselves, which is why we need the government to do it for us. Analogies between “land, air or water channels” are curious, considering they certainly require the efforts of a large military force to defend but bear no similarity to the internet. Goldsmith lays it out as if it’s obvious, but offers zero explanation for the value of this comparison. Will our wi-fis have little soldiers running in and out of the waves?
The Obama administration recently announced that it would set up a Pentagon cybercommand to defend military networks. Some in the administration want to use Cybercom to help the Department of Homeland Security protect the domestic components of private networks that are under attack or being used for attacks. Along similar lines, a Senate bill introduced in April would give the executive branch broad emergency authority to limit or halt private Internet traffic related to “critical infrastructure information systems.”
The internet version of the Gulf of Tomkin Resolution is on the table. After all, given how vital these systems are to the wellbeing of our nation, and how an attack can come at any moment and the executive branch must be prepared to respond at that very moment, we must give our President the tools to protect us. And if we can’t trust the President, who can we trust?
The government must be given wider latitude than in the past to monitor private networks and respond to the most serious computer threats.
After all, the government can’t fight with one hand tied behind its back, right?
These new powers should be strictly defined and regularly vetted to ensure legal compliance and effectiveness. Last year’s amendments to the nation’s secret wiretapping regime are a useful model. They expanded the president’s secret wiretapping powers, but also required quasi-independent inspectors general in the Department of Justice and the intelligence community to review effectiveness and legal compliance and report to Congress regularly.
You see, the problem isn’t that the government can’t be trusted, but that there are occasional regimes that overreach more than others.
Many will balk at this proposal because of the excesses and mistakes associated with the secret wiretapping regime in the Bush administration. These legitimate concerns can be addressed with improved systems of review.Ask the wrong question and you arrive at the wrong answer. Goldsmith’s solution is to vest the government with yet another secret power to “wiretap” our computers, and while acknowledging that this might be just a wee bit intrusive, dismisses the problem by offering that one finger of government can keep a post hoc eye on the rest of it. Problem solved!
This train of thought goes off the tracks at the very beginning, with its assumption that private industry lacks sufficient desire or interest in internet security to adapt. Goldsmith’s assumption doesn’t hold water. The problem isn’t will, but way. If the government has a magic solution that will secure the airwaves from attack, then why is it hiding it? Private lanes in the information superhighway would love to be secure, free from crashes if you will, but hasn’t figured out a foolproof plan. Neither had the government, obviously, yet Goldsmith would give the government access to our laptops in the name of our protection.
Worse still, the zealous belief that government, at the end of the day, is a trustworthy player, whether in its entirety or, as Goldsmith expressly states, via some quasi-independent inspector general system of review to keep the government honest, is nothing more than an article of faith. Either we’re willing to give the government access to every aspect of our lives that exists within our hard drives, and trust the government not to abuse its authority, or not. Goldsmith’s faith is with the government. Is yours?
And yes, I do have an alternative proposal. Our government, the one that could put a man on the moon when it put it’s nose to the grindstone, may well be capable of developing security systems that can protect our computer infrastructure from outside attack. Why not put the same zeal that would otherwise go into accessing the personal computers of every American into developing the secure system, which can then be made available to every private access point around the nation, if not the world,
It may well be beyond the ability of private enterprise to develop a truly secure system, but I’m sure everyone will be more than happy to take what the government develops and use it. It’s like Tang or the pen that writes upside down. While the government may have been the impetus for the development, it can subsequently benefit everyone (except the Ruskies, who ignored the pen and used a pencil instead). We just need to make sure that our friends at the CIA don’t build their own backdoor into the secure system, “just in case.”
And what if the government can’t come up with a fool-proof secure system? Then they haven’t really demonstrated any reason why they should be allowed to access our laptops instead. If this is about security, then the failure reveals that the government doesn’t bring any more to the table than anyone else. It doesn’t have the technology to protect us, but only to spy on us in the purported hope that they will catch the hacking terrorist before the damage is done. A big if, coupled with a big intrusion.
If this is about Big Brother keeping its eye on me to make sure that Osama Bin Laden isn’t trying to bring down western civilization via my laptop, then I’m not prepared for the trade-off. And before I would even consider it, let Goldsmith focus his solutions on the government developing real solutions to internet security before they go for the fear factor of accessing my PC. If he trusts the government so much, then why not trust its ability to come up with a real solution that doesn’t require its intrusion into the lives of Americans. For our own protection.
Discover more from Simple Justice
Subscribe to get the latest posts sent to your email.
Just FYI, regarding your computer, if some hacker compromised your computer, they could install remote control software that turned it into a zombie that would do whatever they want it to. They could then use it indirectly to launch an attack on government computers, thus adding layer of indirection that hides their own location in the network. Experts think there are over a million zombie computers at any given time. They can be used to launch difficult-to-trace break-in attempts, and hoards of thousands of zombies can act in concert to conduct denial-of-service attacks by overwhelming web servers with hits. I believe that nearly all email spam enters the email system from zombie computers.
I think this is one of the things Goldsmith is worried about, and it’s a real problem. But I don’t think Goldsmith is offering a real solution. What he describes is like trying to reduce the incidence of sexually transmitted diseases in the military by allowing federal inspectors to enter everyone’s bedrooms to make sure nobody is engaged in unsafe sex.
If you like this that one look at this one Baltimore Tries Online Crime-Fighting Tools,
The police are going to send text messages to citizens etc? I wonder how they will use this against civil liberties.
http://www.officer.com/web/online/Top-News-Stories/Baltimore-Tries-Online-Crime-Fighting-Tools/1$47318