With a new major hacking incident seemingly daily, the Department of Defense is scrambling to find the right shield against future for attacks. But why hide behind a shield when you can charge onto the battlefield underneath the invisible but ironclad cloak of the National Security Agency? That’s exactly how the DoD is mounting its first strike back at the hackers–a preemptive strike that will increase online surveillance at defense contractors by partnering with internet service providers for privileged access to the rivers of data flowing through their cables. AT&T, Verizon and CenturyLink are all on board.
Giving the NSA more access to the same internet tubes that power your Gmail account sounds a little invasive. At least that’s what James X. Dempsey, vice president for public policy at the civil liberties watchdog group the Center for Democracy and Technology. “We wouldn’t want this to become a backdoor form of surveillance,” Dempsey told The Washington Post, referring to the pilot program that DoD insists will remain limited to the contractors working closely with the government.
“The U.S. government will not be monitoring, intercepting or storing any private-sector communications,” Deputy Secretary William J. Lynn III said Thursday at a global security conference in Paris. However, he added, “We hope the … cyber pilot can be the beginning of something bigger. It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”
Citing recent attacks on government contractors like Lockheed Martin, Lynn is taking a defensive stance on the privacy issue–pun intended. In other words, the NSA program will test out what some would call surveillance techniques on outside parties, and when the program is ready, it’s not out of the question that the government would move it to the private sector. It makes sense that the DoD is being aggressive. As Reuters reports, the government is getting pretty desperate:
Terabytes of data are flying out the door, and billions of dollars are lost in remediation costs and reputational harm, government and private security experts said in interviews. The head of the U.S. military’s Cyber Command, General Keith Alexander, has estimated that Pentagon computer systems are probed by would-be assailants 250,000 times each hour.
Cyber intrusions are now a fact of life, and a widely accepted cost of doing business.
“We don’t treat it as if it’s here today, gone tomorrow,” said Jay Opperman, Comcast Corp.’s senior director of security and privacy. “It’s like an insect infestation. Once you’ve got it, you never get rid of it.”
We all saw Men in Black. And Hackers. And The Matrix. Sometimes, in the face of an invasion, the government ought to protect itself and its citizens from danger. That’s basically why an institution like the Department of Defense exists–nobody will argue with that.
But another sort of danger is the fact that, in the context of cybercrime, the public understands so very little about the terms of the government’s efforts. Poll Middle America about what “DDoS attack” or “Stuxnet-like weapons” are. Even the term “fingerprints of malicious code” from The Washington Postcoverage of the NSA surveillance program leaves lots of leeway for better informed officials to define the rules of engagement. By its very nature a virtual attack is much harder to visualize than a missile heading to Washington DC. Apologies for the Cold War-style reference, but the Pentagon seems as confused now as they did then about how to balance the actual defense against cyber attackers and the propaganda campaign to win the public’s support.
Which brings us to the mixed messages problem. The other line of narrative around the internet and government protecting the people is a presumably more docile one: the struggle for privacy in the age of Facebook. As enterprising Senators go head to head with the social network and the Google and everyone, lambasting them for deceitfully monitoring American citizens with their confusing privacy policies and location tracking programs, news of a clandestine agreement between internet service providers and the NSA, the most secret of the secret agencies, feels kind of icky. Like a hypocritical bed bug invasion or something.