An Invisible War
// Posted by Andrew on 02/18/2013 (12:06 AM)
We mentioned in class that the United States is constantly under cyber attacks from other countries, even though it does not make the news very often. According to The Washington Post, China is one of the main instigators of cyber warfare, aiming at “commercial targets linked to military technology” for gains that aren’t always connected to economic interests.
What’s more interesting is that companies in the US are reluctant to admit that they have been attacked from abroad. Whether their silence is due to the need to conceal security vulnerabilities or to not scare investors remains to be seen. Eric Schmidt, Google’s CEO, wrote in his book that China is the most prolific source for hackers in the world and that “it’s fair to say we’re already living in an age of state-led cyber war, even if most of us aren’t aware of it.” It’s happening every day, too. Just two weeks ago, news mogul Rupert Murdock Tweeted that his various businesses had been jeopardized digitally: ”Chinese still hacking us, or were over weekend.”
Because the attacks are coming from an outside country and can be potentially perceived as a national security threat, should the security issues be handled by the attacked companies, private security corporations, or the government itself? President Obama’s administration has rarely discusses cyber crime in the past, but government officials recently decided to conduct a full assessment of the pervasiveness of the cyber attacks coming from China. Not only is the government concerned with the threat to the American economy, but they are also studying whether or not the cyber attacks can be seen as forms of “espionage.”
That was only the first step. Just this week, a “war on cyber war” officially began when President Obama made an executive order “to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats.” His order has been perceived as mostly beneficial, but the other part of Obama’s plan, CISPA, has generated a LOT of criticism. CISPA “allows the sharing of information in both directions – from government to business, and vice versa,” and it provides “broad legal immunity to companies that collect and share CTI with the federal government, as long as they do so “in good faith” – which might mean businesses can’t be sued or charged with crimes for collecting and sharing CTI under CISPA.” This has been seen as a threat to our basic rights to privacy because we won’t be able to punish organizations that we think are “stealing” personal information, and we won’t know when they’re taking it. The government is giving private corporations the right to use our personal information, as long as the corporations uses it in a responsible way (responsible, according to the corporation itself).
This brings me to my final point. With the Chinese security threat attacking us relentlessly from overseas and our proposed rules being received as breaches of national privacy rights, where is the middle ground? How do we combat a severe security threat without jeopardizing our own rights to privacy and security? I think that while it is definitely important for the federal government to acknowledge the significance of cyber attacks, private corporations should not be given the incredible powers that CISPA bestows. They need to work with the corporations they defend to seal loopholes and fix breaches, but not at the expense of the average American’s personal safety.