The Transparent Society
Page 43
Yet the West has its own weaknesses. The U.S. General Accounting Office reported that in 1995 alone, the Defense Department may have experienced as many as 250,000 hacker attacks (attempts to penetrate confidential computer systems via the Internet), of which an estimated 64 percent were successful. In order to safeguard against this security problem, in-house computer systems at many agencies are deliberately severed from all contact with outside computers, separated by “firewalls” of varied effectiveness. Numerous U.S. officials, including State Department officers posted overseas, have no Internet access at their desks or workstations, and are thus handicapped by having to do modern jobs in old-fashioned ways. At the opposite extreme, some worry that our forces may become too reliant on fancy portable computers in the field, which may be vulnerable to cyberwar attacks just as the bombs and missiles begin to fly.
It is a frightening new era. Military analysts cannot even agree what they are talking about. According to Jeffrey Cooper: “Some propose information itself as the target in warfare; others treat information as the weapon; some see information as a critical resource; and still others see information as a realm (like space) or an environment (the ‘infosphere’), as a medium for military operations (like air power). Information could also be considered a catalyst or as a control parameter in a process; and in both of these cases, information is neither transformed nor spent.” What some analysts fear, and others relish, is the possibility that cyber war may bring the realization of Sun Tzu’s two-thousand-year-old dream—“vanquishing the enemy without fighting.”
Netwar, a related topic, is the use of information-based means to threaten or damage an enemy’s homeland, citizenry, or infrastructure base. This use of information technology has become a hot issue during the late 1990s, at summer workshops and gatherings of think tank experts. If our economy and national health are increasingly dependent on information systems, how can we ensure their safety against sabotage or infiltration by those who wish us harm?
Because at present the military capabilities of NATO partners appear unassailable by conventional means, there is increasing concern about potential vulnerability on the home front, where complex societies rely on nested webs of intermeshed computers, communication grids, and intricate software to keep functioning. Unlike past (and ongoing) terrorist threats, the fear in netwar has little to do with direct physical attack against one site or another. The Net’s inherent resistance to damage, as originally designed by Paul Baran to survive nuclear war, still means that a blown cable or data node here and there may have little overall effect. What worries experts far more than old-fashioned explosives is the prospect that some enemy may develop software-based systems capable of ruining their military networks, or bringing the economy to its knees.
In October 1997, the U.S. Commission on Critical Infrastructure Protection reported that the danger was very real. They reviewed security in eight areas: electrical power distribution, telecommunications, banking and finance, water, transportation, oil and gas, emergency services, and government services. They concluded that the yearly budget assigned to infrastructure defense, about $250 million, should rise fourfold over the next six years. According to the commission’s executive summary, “Today, the right command sent over the Internet to a power station’s control computer could be just as effective as a backpack full of explosives and the perpetrator would be harder to identify and apprehend.”
The Computer Emergency Response Team (CERT), a Defense Department group at Carnegie Mellon University, handled over 2,400 reports of cyber attacks in 1995 alone, as a growing sense of siege developed, along with an expectation of worse to come. Some experts believe netwar may be to the twenty-first century what blitzkrieg was to the twentieth. Winn Schwartau, author of Information Warfare: Chaos on the Electronic Superhighway, suggests that the United States could need a fourth military service, a cyberforce, to control this theater of battle. “Net war may be the dominant mode of societal conflict in the 21st century.”
Some early capabilities were demonstrated during the Gulf War of 1991, when electromagnetic pulse bombs were apparently used by coalition forces to disable the Iraqi power grid without having to completely wreck the civilian infrastructure. Homing beacons were included on the circuit boards of military-related products the Iraqis had bought on the open market, and then turned on by remote control when coalition forces were ready to attack. But now planners worry that systems in North America and Europe may be even more vulnerable in their vast intricacy, perhaps to “militia programs” such as worms or logic bombs that might undermine controlling software, wreaking economic damage out of all proportion to some foe’s expenditures. Antagonists need not be hostile nations. Terrorists, drug cartels, black market profiteers, weapons smugglers, extreme ethnonationalists, or grumpy homegrown ideologues might have the resources to mount such a strike. Peter Neumann of Computer Science Laboratory warns of an “electronic Pearl Harbor” unless government and businesses prepare for the threat. Along similar lines, former CIA director John Deutch told Congress that a number of countries around the world are developing strategies and tools to conduct attacks on U.S. information infrastructure. (He did not name countries.)
In his novel The Cool War, Frederik Pohl portrayed a disturbingly credible near future in which tit-for-tat acts of covert sabotage become the rule in international affairs. Citizens are barely aware of combat in the traditional sense—there are few battles or casualty reports—but they endure a spiraling decay in quality of life as ships collide, cities suffer blackouts, bridges collapse, databases dissolve, and commutes snarl in hellish traffic jams. Pohl depicts a world that might have been wealthy, dissolving instead into chaos because of a secret war that few know about and nobody can stop.
At first sight, defending against such threats may appear hopeless. How can nations guard a “front” that is as porous and hyperdimensional as the Internet? Nevertheless, suggestions have been offered. 1. Pursue research to create “mapping programs” that can accurately describe even the complex and convoluted Internet, locating critical points of vulnerability that should receive special attention, then building security systems and firewalls to defend those crucial nexi.
2. Develop systems of validation and verification, many of them encryption-based, that may prevent false or forged authorizations.
3. Encourage the design of new systems that are “fail-safe,” that is, operate at least minimally, even when severely degraded or damaged.
4. Encourage all organizations that keep vital records, including banks, hospitals, and so on, to maintain and update nonvolatile memory storage backups at secure locations, so that important services and parts of the economy can be reconstructed in case information systems are corrupted.
5. Unleash vigorous “tiger teams” of imaginative and well-trained hackers to test important systems by launching attacks under controlled conditions. (Recent experience in the military with such teams shows that they succeed in their mock assaults over 80 percent of the time, often with trivial ease. The best way to solve such lapses would be to keep hammering away until most flaws and errors are found.)
6. Then, within the limits of realistic security, invite outsiders to test a variety of systems, by establishing a series of challenge awards to any clever hackers who succeed in uncovering hidden failure modes. (An added condition for the prize would be to suggest solutions.)
7. Keep as few secrets as possible. The remaining ones will be easier to protect. And the trust engendered will help demolish many of the paranoic fantasies that are eroding faith in Western institutions.
8. Encourage a society whose distributed nodes of power, services, and expertise are capable of operating both in unison with remote locales and in isolation, in much the same way that the Internet can absorb damage and route around it. These nodes must include nongovernmental and noncorporate units that are capable of supplementing, and even standing in for, more formal institutions in the event of an emergency or breakdown. In
other words, take advantage of the century of amateurs.
9. Undertake strong measures to ensure that aggressors will be identified and punished, so that impunity does not encourage more of the same. (See further discussion later in this chapter.)
10. Recognize that doing all these things properly will involve letting go of hierarchical power, without necessarily giving up the advantages of a clearly defined modern state. This is hard to do, but the neo-West already has a myriad precedents, as well as an educated population that is more than willing to turn the devolution of skill and authority into a national resource.
This final theme arises in a recent book about netwar and cyberwar, edited by Rand Corporation researchers John Arquilla and David Ronfeldt: In Athena’s Camp: Preparing for Conflict in the Information Age, a collection of papers that explores many of the new and perilous types of confrontation that we touched upon briefly here. Most of the contributing authors appear to agree on one conclusion: the information revolution favors and strengthens networked forms of organization, while making life difficult for hierarchical forms. Those nations that take advantage of networks and minimize the vulnerabilities of hierarchical control will stand a better chance in the years ahead.
Ultimately, the secret to surviving attacks against our infrastructure’s vulnerable keystones will be to have none. When the cathedral is transformed into a living forest of semiautonomous trees, an enemy may topple pillar after pillar, yet never succeed in bringing down the roof.
Repression is not defensible whether the tradition from which it springs is Confucian, Judaeo-Christian, or Zoroastrian. The repressed individual still suffers, as does society, and there are consequences for the global community. Real costs accrue in terms of constrained human creativity, delayed market development, the diversion of assets to enforce repression, the failure of repressive societies to adapt well to the rapidly changing global environment, and the dislocations, struggles and instability that result from these and other factors.
DAVID ROTHKOPF
CAN NETWARS BE WON?
At present, the overall advantage in information warfare still seems to lie with the neo-West, which can aim torrents of alluring, individualistoriented media toward any center of totalitarianism. In a conflict between world Zeitgeists, one benefit of openness is an ability to unleash autonomous groups to challenge the opposition. The activities of these groups need not be centrally coordinated and can even be disavowed, as was the case when activists Dan Haig and Richard Schneider set up full Internet capabilities for the Tibetan government in exile in 1997, enabling it to contact and coordinate the dispersed refugee community. Such activities are in harmony with overall Western goals, while public officials can claim total detachment, which is just as well, because no government could interefere in any event.
There are also potential drawbacks to openness. Free movement and lack of internal passport controls may frustrate the FBI and other agencies charged with public safety, and we just saw that a complex modern infrastructure provides a wealth of tempting targets. When sabotage efforts finally succeed (and some will), one effect may be to deflect the national agenda. By engendering a sense of fear, adversaries may hope to change neo-Western society, provoking panicky laws that shut down some freedoms, “for safety’s sake.”
Worse, our citizens may come to accept the vile concept of “trade-offs,” attempting to walk the knife edge of some devil’s dichotomy, with both freedom and safety offered on a sacrificial altar. If such a plan succeeded, it would be a greater defeat than any the West endured during the Cold War.
There is a transparency option. Terrorists operate under cloaks of anonymity and secrecy, their movements, supply routes, and sources of funding carefully hidden. This is especially true of their concealed finances, which are often funneled through those so-called banking havens we discussed earlier. Recent scandals over accounts hidden from Holocaust victims after World War II may have begun eroding the benign mask of smiling neutrality worn by such institutions, but the real impulse to force them open may only come after some band of terrorists manages to kill thousands with a gas attack, or blow up a skyscraper, or poison a reservoir, or “dust” a city with radionuclides. When this happens, many will call for draconian solutions, granting the state new police powers. But there may be an alternative, deflecting citizen ire toward a true center of culpability.
The transparency option would demand that the world’s cash flow finally become open and accountable, thus denying criminals, terrorists, and conspiratorial elites the power to hide away—and hide behind—mountains of untallied cash.
I am well aware of many difficulties blocking such a reform. It would have to come by some degree of consensus, with plenty of sympathetic help for tiny, independent countries that have few resources other than their banking laws. Above all, it would require reciprocity from the U.S. and other governments—an opening of secret ledgers in Washington, New York, and elsewhere—a win-win scenario from the perspective of those who worry about all potential threats to freedom. Without substantial and verifiable reciprocity, the enhanced financial transparency would be unbalanced and potentially destructive.
Economists would be thrilled to have the flow of dollars, yen, and marks openly observable by all, freeing markets from many unnatural biases and handicaps. Honest agents of the law would appreciate the way it helps them make the world safer, though the price they pay in nosy citizen oversight panels and open budgets might feel irksome at first. Middle-class taxpayers could see their burden ease a little as wealthy tax cheaters pay their share or at least explain in an open political process why their interests merit special treatment. And poor nations might find out where present and former dictators stashed the loot from decades of graft. In contrast, the reader is invited to write a list of those in the world today who would suffer actual, rather than ideological, harm by such a “radical” move. Decide for yourself if protecting a right of anonymity for a short catalog of unsavory characters justifies maintaining the status quo.
Again, it is probably too drastic a move to happen overnight. But the discussion has to begin somewhere.
Global transparency is much too involved a topic to be covered here in any detail. For instance, it is quite clear that Western corporations will need to use sophisticated tools of encryption in many foreign lands for some time to come, because transparency works best when it is truly reciprocal. The open society may ultimately be a far better game for humanity, but it can be difficult to manage when the other side insists on playing by older rules. Clearly, common sense is essential during a time of transition.
In the long run, our best strategy may be to overwhelm others with puppydog-syle friendliness, an eager torrent of information and generosity that may at first seem like cultural imperialism.
Only it won’t be, because we will also listen, now and then.
At least that would be the right—and the smart—thing to do.
A LITTLE LOYALTY
The dilemma of today is not that human values cannot control a mechanical science. It is the other way about: the scientific spirit is more human than the machinery of governments. We have not let either the tolerance or the empiricism of science enter into the parochial rules by which we still try to prescribe the behavior of nations.
JACOB BRONOWSKI
Whenever I have given public talks about transparency, I found that certain kinds of audiences react differently. For example, some angry young men on college campuses understandably react sharply to being called “T-cells,” whose rebelliousness was programmed by relentless propaganda.
But my most difficult audiences by far are scientists.
When I speak in praise of criticism as an antidote to error, they shrug. When I observe how easily human beings fool themselves, and discuss the ever-lurking temptation to conceal our mistakes, they respond with looks of strained patience, as if I were stating the obvious. In describing transparent accountability and the productive synergy between coope
ration and competition, I am preaching to the choir.
“So?” they respond. “Tell us something we don’t already know.”
Some critics will surely say that my emphasis on mutual accountability comes from my background as a physicist. Transparency is the fundamental mode of interaction in science, where hypotheses and evidence are posed openly. Scientists are trained to invite, and sometimes even relish, the eager criticism of other sharp minds.
This does not make them saints—far from it! Preening and egotism are as rife in science as any other realm of human endeavor. But it does show that openness has a good track record of achieving its chief goals—fair—ness, error correction, and rapid creativity—in at least one vast and highly profitable arena. A track record that merits close attention from the rest of society.
I say this not only from my experience as a scientist, but as one who has worked in many other walks of life, including the arts. I’ve witnessed examples of wit, inventiveness, generosity, humor, and even genius in all those areas, on a par with scientific experts. Many people have feet planted in two or more worlds, using hobbies and avocations to conquer archaic boundaries of specialization, as we saw in chapter 2. Those who have spent at least some time in the scientific world tend to speak often about the importance of accountability for the achievement of genuine honesty.