When the Citizen Lab was founded in 2001, I had in mind a similar image, a planetary network with data collected by researchers and field investigators, this time all related to cyberspace openness and security. When we started we were the only game in town, but over time we built up a network of collaborations with individuals and other university research centres that continues to grow.
Now, more than ten years later, the situation has changed substantially. I have just received an invitation from Harvard’s Jonathan Zittrain (also one of the founders of OpenNet Initiative) to attend a preliminary planning meeting for something he is calling the Internet Health Organization (IHO). His vision for the IHO is similar to my own: a distributed network of research centres monitoring the health of the Internet using a variety of methods and approaches. Included in the preliminary meeting are numerous groups who have undertaken highly imaginative and constructive projects in this broad area: Herdict, a project that collects and disseminates real-time, crowd-sourced information about Internet filtering, denial of service attacks, and other blockages; M-Lab, an “open, distributed server platform for researchers to deploy Internet measurement tools”; and StopBadware, which “aims to make the Web safer through the prevention, mitigation, and remediation of badware websites,” among others.
Just after Zittrain’s invitation came another, this time from the European Commission, which was planning a meeting to discuss the development of a “European Capability for Situational Awareness” platform. According to their invitation, the aim is to gather “reliable and real-time or almost real-time information concerning human rights violations and/or restrictions of fundamental freedoms in connection with the digital environment,” and to determine “what is happening in the Net, in terms of network connectivity and traffic alterations or restrictions.”
Projects like these, and numerous others sprouting up around the globe, show that the mission of the Citizen Lab is resonating with others, and that we are not alone. Will these collective efforts have an impact? Will they be enough to ensure cyberspace remains an open and secure commons of information that helps citizens reach their highest aspirations in this increasingly interconnected and constrained political space?
Just as I am about to send my manuscript to the publisher, a major news story breaks: Syria pulls the plug on the Internet. An announcement on Syrian state TV says that “maintenance technicians are working to fix the problems,” but many suspect the drastic measure is a prelude to a major armed assault on the opposition. The Syrian Internet shutdown comes only a few days before a major meeting in Dubai of the International Telecommunication Union, which has stoked fears about the growing role of states and the UN in Internet governance. The two are not unrelated: the forces moving us towards enclosure, secrecy, and an increasingly dangerous arms race are powerful and grow daily. Sometimes it seems futile to resist them.
In hindsight, the organizers of that May 2012 Calgary conference may have been onto something with their title, “Nobody Knows Anything.” We do know an awful lot these days, with data exploding all around us and information at our fingertips as never before. But the fact remains that nobody really knows where the dark forces in cyberspace are driving us, and whether they can be tamed. We can only keep probing beneath the surface, lifting the lid, and trying to get a handle on this domain that we have created, remembering that cyberspace is, after all, what we together make of it.
NOTES
Portions of Black Code have been inspired by or drawn from previous publications, including “Contesting Cyberspace and the Coming Crisis of Authority” (with Rafal Rohozinski) in Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain (eds.) Access Controlled: The Shaping of Power, Rights and Rule in Cyberspace (Cambridge: MIT Press, 2010); “Meet Koobface, Facebook’s Evil Doppelgänger,” (with Rohozinski), Globe and Mail (November 12, 2010); “Access Contested: Toward the Fourth Phase of Internet Controls,” (with Palfrey, Rohozinski, and Zittrain), in Access Contested: Security, Identity, and Resistance in Asian Cyberspace (Cambridge: MIT Press, 2011); “Liberation vs Control: The Future of Cyberspace,” (with Rohozinski), Journal of Democracy, 24, 1 (October 2010), pp. 43–57; “The Growing Dark Side of Cyberspace (… and What To Do About It),” Penn State Journal of Law & International Affairs (volume 1, no. 2, 2012).
PREFACE
1 CSEC, Canada’s version of the U.S. National Security Agency: Communications Security Establishment Canada’s (CSEC) mandate was updated under Canada’s Anti-terrorism Act of December 2001. The Act stipulates that CSEC collect information from “the global information infrastructure” about the “capabilities, intentions, or activities of a foreign individual, state, organization, or terrorist group, as they relate to international affairs, defence, or security.” A second part of its mandate focuses on security of information infrastructures in Canada, while a third specifies CSEC should assist federal law enforcement and security agencies “in performance of their lawful duties.” Details are in Anti-terrorism Act, SC 2001, c. 41, s. 102, codified as National Defence Act, RSC 1985, c.N-5, s, 273.61–273.7.
CSEC is Canada’s partner in the so-called Five Eyes alliance of signals intelligence agencies that includes the United States (National Security Agency), the United Kingdom (Government Communications Headquarters), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau). See Martin Rudner, “Canada’s Communications Security Establishment, Signals Intelligence and Counter-terrorism,” Intelligence and National Security (2007); James Bamford, Body of Secrets: Anatomy of the Ultra-Secret National Security Agency (New York: Anchor Books, 2002); and Jeremy Littlewood, “Accountability of the Canadian Security Intelligence Community Post 9/11 : Still a Long and Winding Road?” in ed. Daniel Baldino, Democratic Oversight of Intelligence Services (Annandale, NSW: Federation Press, 2010).
2 The Citizen Lab did not trespass or violate anything: The ethical and legal issues underpinning the Citizen Lab’s research are discussed in Masashi Crete-Nishihata and Ronald J. Deibert, “Blurred Boundaries: Probing the Ethics of Cyberspace Research,” Review of Policy Research 28 (2011): 531–537.
3 9/11 ripped into all of that and left us all reeling: See Ronald J. Deibert, “Black Code: Censorship, Surveillance, and Militarization of Cyberspace,” Millennium: Journal of International Studies 32, no. 3 (2003).
4 in a Globe and Mail op-ed: Ronald Deibert, “The Internet: Collateral Damage?”, Globe and Mail, January 1, 2003, http://www.theglobeandmail.com/commentary/the-internet-collateral-damage/article790542/.
5 Another word, a few words actually, about the title: Lawrence Lessig’s, Code and Other Laws of Cyberspace (New York: Basic Books, 1999). Key McLuhan works are The Gutenberg Galaxy: The Making of Typographic Man (Toronto: University of Toronto Press, 1962) and Understanding Media: The Extensions of Man (New York: McGraw-Hill, 1964). Those of Harold A. Innis include Empire and Communications (Toronto: University of Toronto Press, 1950) and Bias of Communications (Toronto: University of Toronto Press, 1951). My take on Innis can be found in Ronald J. Deibert, “Harold Innis and the Empire of Speed,” Review of International Studies 25, no. 2 (1999). I wrote about media ecology theory and world order transformation in my first book, Parchment, Printing and Hypermedia: Modes of Communication in World Order Transformation (New York: Columbia University Press, 1997). Joshua Meyrowitz uses the metaphor of media as “environments” in No Sense of Place: The Impact of Electronic Media on Social Behavior (New York: Oxford University Press, 1985).
6 The science fiction writer Arthur C. Clarke argued: Clarke’s comments about technology are part of his “three laws” of prediction and are outlined in Arthur C. Clarke, Profiles of the Future: An Inquiry Into the Limits of the Possible (London: Gollancz, 1962).
INTRODUCTION:
CYBERSPACE: FREE, RESTRICTED, UNAVOIDABLE
1 Connectivity in Africa: Information on Internet connectivity and growth rates is collected at Internet World Stats: Usage and P
opulation Statistics, http://www.internetworldstats.com/stats.htm.
2 Few of us realize that data stored by Google … are subject to the U.S. Patriot Act: The official title of the Patriot Act is “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001” The full Act can be found at http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/pdf/PLAW-107publ56.pdf. See also “USA Patriot Act,” Electronic Privacy Information Center, http://epic.org/privacy/terrorism/usapatriot/default.html.
3 Mobile devices are what Harvard’s Jonathan Zittrain: Jonathan Zittrain warns about the shift towards “tethered appliances” in The Future of the Internet and How to Stop It (New Haven: Yale University Press, 2008).
4 Botnets … can be rented from public forums and websites: A price list of illicit products and services sold in the Russian cybercrime underground is documented in this Trend Micro report: Max Goncharov, “Russian Underground 101,” Trend Micro, 2012, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf. Many more details about cyber crime are provided in Chapter 8.
18 The OpenNet Initiative (ONI) … notes that roughly 1 billion Internet users: The ONI was founded in 2002 as a partnership between the Citizen Lab at the Munk School of Global Affairs, University of Toronto, Berkman Center for Internet & Society at Harvard University, and the Advanced Network Research Group at the University of Cambridge, U.K. (later, the SecDev Group) by myself, Rafal Rohozinski, John Palfrey, and Jonathan Zittrain. The ONI’S publications can be located at http://opennet.net/. The ONI estimates that in 2012, more than 620 million people lived in censored jurisdictions; see “Global Internet Filtering in 2012 at a Glance,” OpenNet Initiative, April 3, 2012, http://opennet.net/blog/2012/04/global-internet-filtering-2012-glance.
ONI has documented the use of Western-made software for Internet filtering in the Middle East and North Africa in Helmi Noman and Jillian C. York, “West Censoring East: The Use of Western Technologies by Middle East Censors, 2010–2011,” http://opennet.net/west-censor-ing-east-the-use-western-technologies-middle-east-censors–2010–2011.
6 Dissidents in the United Arab Emirates and Bahrain: Instances of U.A.E. and Bahrain dissidents being targeted by British- and Italian-produced network intrusion kits have been reported in Vernon Silver, “Spyware Leaves Trail to Beaten Activist Through Microsoft Flaw,” Bloomberg News, October 10, 2012, http://www.bloomberg.com/news/2012–10–10/spyware-leaves-trail-to-beaten-activist-through-microsoft-flaw.html; and Vernon Silver, “FinFisher Spyware Reach Found on Five Continents: Report,” Bloomberg News, August 8, 2012, http://www.bloomberg.com/news/2012–08–08/finfisher-spyware-reach-found-on-five-continents-report.html. More details about this emerging marketplace can be found in Chapter 13.
1: CHASING SHADOWS
1 So began the story of GhostNet: Both the GhostNet and Shadows investigations were done under the auspices of the Information Warfare Monitor Project (2002–2011), a collaboration between the Citizen Lab at the Munk School of Global Affairs, University of Toronto and the Advanced Network Research Group at University of Cambridge, U.K. (later, the SecDev Group). Rafal Rohozinski was a co-principal investigator on the Information Warfare Monitor and one of the co-authors on both reports. Portions of the GhostNet field/technical research were carried out by Dr. Shishir Nagaraja of Cambridge University. Nagaraja and his supervisor, Dr. Ross Anderson, released their own report coinciding with our GhostNet publication: Ross Anderson and Shishir Nagaraja, The Snooping Dragon: Social-malware Surveillance of the Tibetan Movement, Cambridge University Computer Laboratory Technical Report, 2009. The Shadowserver Foundation collaborated with the Information Warfare Monitor on the Shadows report, and Steven Adair was a co-author on that report. We documented our GhostNet and Shadows investigations in Information Warfare Monitor, Tracking GhostNet: Investigating a Cyber Espionage Network, March 29, 2009, http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; and Information Warfare Monitor and Shadowserver Foundation, Shadows in the Cloud: Investigating Cyber Espionage 2.0, April 5, 2010, http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-into-cyber-espionage-2-0/. John Markoff reported on our investigations in, “Vast Spy System Loots Computers in 103 Countries,” New York Times, March 28, 2009, http://www.nytimes.com/2009/03/29/technology/29spy.html?pagewanted=all&_r=0; and together with David Barboza in, “Researchers Trace Data Theft to Intruders in China,” New York Times, April 5, 2010, http://www.nytimes.com/2010/04/06/science/06cyber.html?pagewanted=all.
2 a huge compromise of American military and intelligence agencies: For more on “Titan Rain,” see James A. Lewis, Computer Espionage, Titan Rain and China, Center for Strategic and International Studies, December 2005, http://csis.org/files/media/csis/pubs/051214_china_titan_rain.pdf.
3 “Who done it?”: Useful primers on the difficulties of attributing the sources of cyber attacks can be found in David D. Clark and Susan Landau, “Untangling Attribution,” and W. Earl Boebert, “A Survey of Challenges in Attribution,” both of which can be found in Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, 2010, http://www.nap.edu/catalog/12997.html.
2: FILTERS AND CHOKEPOINTS
1 What is cyberspace?: Canadian science fiction author William Gibson is credited with coining the term cyberspace in his short story “Burning Chrome” (New York: HarperCollins, 2003), and popularizing it in his novel Neuromancer (New York: Ace, 1984). Although cyberspace and Internet are often used interchangeably, they are not the same. The Internet is a global network of computer networks configured to operate according to a common protocol of intercommunications (the TCP/IP protocol). Cyberspace is broader and includes the entire domain of global communications, including (but not limited to) the Internet.
2 Every device we use to connect to the Internet: Attempts to control cyberspace often start with interventions in the physical infrastructure, specifically at key chokepoints. This has been documented in Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain, eds., Access Denied: The Practice and Policy of Global Internet Filtering (Cambridge: MIT Press, 2008); Mark Newman, Networks: An Introduction (New York: Oxford University Press, 2010); and David D. Clark, “Control Point Analysis” (Paper presented at the 2012 TPRC, 40th Research Conference on Communication, Information and Internet Policy, Arlington, Virginia, September 21–23, 2012), available at: http://dx.doi.org/10.2139/ssrn.2032124.
3 Much of the software that operates cyberspace is “closed,” or proprietary: On studies of the security of closed- and open-source operating systems, see Kishen Iyengar, M.K. Raja, and Vishal Sachdev, “A Security Comparison of Open-Source and Closed-Source Operating Systems” (Proceedings of South West Decision Sciences Institute’s Thirty-eighth Annual Conference, San Diego, CA, 2007), http://www.swdsi.org/swdsi07/2007_proceedings/papers/236.pdf; and Jim Rapoza, “eWeek Labs: Open Source Quicker at Fixing Flaws,” eWeek, September 30, 2012, http://www.eweek.com/c/a/Application-Development/eWeek-Labs-Open-Source-Quicker-at-Fixing-Flaws/. An in-depth analysis of the political economy of open-source software can be found in Steven Weber, The Success of Open Source (Boston: Harvard University Press, 2008).
4 In 2010, while mapping for its popular Street View service: For more on Google’s Street View wifi controversy, see David Kravets, “An Intentional Mistake: The Anatomy of Google’s Wi-Fi Sniffing Debacle,” Wired, May 2, 2012, http://www.wired.com/threatlevel/2012/05/google-wifi-fcc-investigation.
5 In 2012, Cisco provided updates to its popular Linksys: Cisco’s updates are detailed in Joel Hruska, “Cisco’s Cloud Vision: Mandatory, Monetized, and Killed at Their Discretion,” Extreme Tech, July 2, 2012, http://www.extremetech.com/computing/132142-ciscos-cloud-vision-mandatory-monetized-and-killed-at-their-discretion.
6 in 2012, a cyber security researcher named Mark Wuergler: Mark Wuergler’s research on the exp
osure of MAC addresses in Apple devices has been documented in Dan Goodin, “Loose-Lipped iPhones Top the List of Smartphones Exploited by Hacker,” Ars Technica, March 16, 2012, http://arstechnica.com/apple/2012/03/loose-lipped-iphones-top-the-list-of-smartphones-exploited-by-hacker/.
7 In 2012, ONI discovered that users in Oman: The OpenNet Initiative documented its findings on upstream filtering affecting Omani ISP Omantel in Citizen Lab, “Routing Gone Wild: Documenting Upstream Filtering in Oman via India,” 2012, https://citizenlab.org/2012/07/routing-gone-wild.
8 In 2005, ONI found that when the Canadian ISP Telus blocked: The OpenNet Initiative documented its findings on collateral filtering by Telus in “Telus Blocks Consumer Access to Labour Union Web Site and Filters an Additional 766 Unrelated Sites,” OpenNet Initiative, August 2, 2005, http://opennet.net/bulletins/010/.
9 In 2008, the Pakistan Ministry of Information ordered Pakistan Telecom: Pakistan’s 2008 collateral filtering of YouTube is documented in Martin A. Brown, “Pakistan Hijacks YouTube,” Renesys, February 24, 2008, http://www.renesys.com/blog/2008/02/pakistan-hijacks-you-tube-1.shtml.
Black Code: Inside the Battle for Cyberspace Page 25
