Page 20 of 46
In Spring Semester, I’m running a reading group—which seems to be a formal variant of a study group—at Harvard Law School on “Security, Power, and the Internet. I would like a good mix of people, so non law students and non Harvard students are both welcome to sign up.
Thomas Rid, Cyber War Will Not Take Place, Oxford University Press, 2013.
Cyber war is possibly the most dangerous buzzword of the Internet era. The fear-inducing rhetoric surrounding it is being used to justify major changes in the way the Internet is organized, governed, and constructed. And in Cyber War Will Not Take Place, Thomas Rid convincingly argues that cyber war is not a compelling threat. Rid is one of the leading cyber war skeptics in Europe, and although he doesn’t argue that war won’t extend into cyberspace, he says that cyberspace’s role in war is more limited than doomsayers want us to believe. His argument against cyber war is lucid and methodical. He divides “offensive and violent political acts” in cyberspace into: sabotage, espionage, and subversion. These categories are larger than cyberspace, of course, but Rid spends considerable time analyzing their strengths and limitations within cyberspace. The details are complicated, but his end conclusion is that many of these types of attacks cannot be defined as acts of war, and any future war won’t involve many of these types of attacks.
None of this is meant to imply that cyberspace is safe. Threats of all sorts fill cyberspace, but not threats of war. As such, the policies to defend against them are different. While hackers and criminal threats get all the headlines, more worrisome are the threats from governments seeking to consolidate their power. I have long argued that controlling the Internet has become critical for totalitarian states, and their four broad tools of surveillance, censorship, propaganda and use control have legitimate commercial applications, and are also employed by democracies.
A lot of the problem here is of definition. There isn’t broad agreement as to what constitutes cyber war, and this confusion plays into the hands of those hyping its threat. If everything from Chinese espionage to Russian criminal extortion to activist disruption falls under the cyber war umbrella, then it only makes sense to put more of the Internet under government—and thus military—control. Rid’s book is a compelling counter-argument to this approach.
Rid’s final chapter is an essay unto itself, and lays out his vision as to how we should deal with threats in cyberspace. For policymakers who won’t sit through an entire book, this is the chapter I would urge them to read. Arms races are dangerous and destabilizing, and we’re in the early years of a cyber war arms race that’s being fueled by fear and ignorance. This book is a cogent counterpoint to the doomsayers and the profiteers, and should be required reading for anyone concerned about security in cyberspace.
This book review previously appeared in Europe’s World.
Slashdot asks the question:
I’m a big fan of Bruce Schneier, but just to play devil’s advocate, let’s say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?
So far, I haven’t seen the good reasons why I might be untrustworthy. I’d help, but that seems unfair.
It’s a Tumblr feed. Right now there are only six posts, all a year old. Presumably that will change soon. To clarify: I have nothing to do with the feed, and anyone can post stuff to it.
This is a video of me talking about surveillance and privacy, both relating to the NSA and more generally.
EDITED TO ADD (10/13): YouTube link is more reliable.
I spoke at TEDxCambridge last month on security and power. Here’s the video.
I was interviewed for Technology Review on the NSA and the Snowden documents.
I’m quoted (also here) as using this analogy to explain how IT companies will be damaged by the news that they’ve been collaborating with the NSA:
“How would it be if your doctor put rat poison in your medicine? Highly damaging,” said Bruce Schneier, a US computer security expert.
Not the most eloquent I’ve been recently. Clearly I need to relax.
You can find my new PGP public key and my OTR key fingerprint here.
EDITED TO ADD (9/13): Hacker News is discussing my PGP key length.
Sidebar photo of Bruce Schneier by Joe MacInnis.