SPY EYES

2010 and the first half of 2011 have shown that the ubiquitous, expanding and accessible nature of the internet as a tool for sharing information and connecting people has presented a dire threat to government control. Wikileaks generated backlash against the conflicts in Afghanistan and Iraq last year.

For the first time, the world was able to catch a glimpse of the secretive world of international diplomacy with the leak of the State Department Diplomatic Cables. Several gaping holes had been blown in the iron curtain separating the ruling elite from the common citizens and silencing their concerns. Throughout the world, people have rushed into the breach to reclaim their voices. Politicians have recognized the growing threat of ‘information warfare,’ which has acted as the spark for popular conflagrations in several countries thus far, and they are rushing to insulate themselves from digital subversion with its disturbing revelations concerning corruption and graft within the ruling regimes of Tunisia. Several recent pronouncements and pending pieces of legislation signal coming retaliatory measures on those using the internet to advance political messages, exercise free express, freely share information, and lift the curtain of government censorship.

The established order is being upset, and the establishment is gearing for a crackdown.

WikiLeaks Probe

Bradley Manning and Wikileaks have been a touchy subject, and criticism directed towards them has raised the ire of their supporters. A Frontline documentary focusing on WikiLeaks and Manning’s private life drew attacks on PBS by the hacker group LulzSec, resulting in the network’s site being defaced, the dumping of its internal databases, and the posting of a fake story about Tupac Shakur being alive.

The U.S. government, a year after the arrest of Private Bradley Manning on suspicion of leaking secret materials to WikiLeaks, is looking to make an example of somebody as a punishment for the black eye the whistleblowing website has inflicted on its international image. Manning may be the ‘fall guy’, but there are those within the Obama administration and Congress who do not want the inquisition to end with his prosecution and simply want to use his case as a stepping stone to ramp-up a further probe into WikiLeaks.

Julian Assange, in a joint teleconference with fellow document-leaker Daniel Ellsburg of thePentagon Papers fame, claims the persecution of Manning and Wikileaks “will criminalize all investigative journalism, erect a situation where the collaboration between a source and a journalist is interpreted as a conspiracy to commit crime.” Any further pressure put on Wikileaks or Assange by the U.S. Justice Department potentially creates a precedent that may drag any publication that has printed stories containing secret information into the spotlight and essentially silence any material the government finds objectionable or a ‘threat to national security’.

The increasing number of Wikileaks-inspired sites such as Quebec Leaks, Crowdleaks, and OpenLeaks may additionally come under fire as a result. In March, the U.S. government won a court battle granting them access to Twitter and the followers of the Wikileaks account, signaling a ramping-up of efforts against the website.

New Pentagon Policy Against Cyber Attacks

It was recently reported that the IMF fears a pending attack from Anonymous. This follows Anonymous DDOS attacks against the U.S. Chamber of Commerce and the theft of visa applications, including scanned passports and over 10,000 emails, from the Iranian government to mark the second anniversary of 2009′s Green Revolution. Last week, Lockheed Martin’s security was infiltrated by unidentified hackers. Threats of cyber attacks and ‘online terrorism’ have struck fear in governmental and corporate institutions.

Earlier this week, the Pentagon announced that cyber attacks against systems tied to the nation’s defense and infrastructure are subject to military retaliation. Pentagon spokesman Colonel Dave Lapan told reporters during a Tuesday press conference: ”A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table.” Colonel Lapan confirmed the Pentagon is drawing-up a cyber defense strategy, and he went on to state: ”If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

This is slightly ironic, as the Stuxnet worm which crippled Iranian nuclear facilities in July 2010 is thought to be a joint operation between the United States and Israeli governments. As of February of this year, it has been reported that Anonymous and others have obtained the Stuxnet source code, which is freely available for download from several sources online.

Obtaining the technology to cripple a power plant or a water treatment plant is one thing, but successfully implementing it is quite another. The sort of attack the Pentagon is referring to would have to be state-sponsored, and even then only a handful of countries even have the means of carrying out such an attack at this time. On Thursday it was reported that the British intelligence agency MI6 hacked the website for an al-Queada magazine and replaced bomb-making instructions with cupcake recipes. The UK’s coalition government also recently unveiled plans to recruit hundreds of ‘cyber-soldiers’ into a new defense task force aimed at combating online attacks. Nations such as the UK, China, and Russia continue to implement cyber warfare in their arsenal, but there is no evidence at this time that they possess the means to cripple another country’s critical infrastructure. On that basis, this change in policy could simply be a proactive deterrent against governments who may be exploring the possibility of launching a true ‘cyber war’ with the United States.

The question remains whether attacks from individual groups would be subject to the kind of military action Colonel Lapan has mentioned? There are countless hacker groups, independent agents and collectives operating around the globe, and many act independently of a state sponsor. Whether countries will be held responsible for hacker groups operating within their borders remains to be seen after the Pentagon releases its new policies. What is clear is that the paradigm continues to shift when virtual actions can be met with violence and loss of life.

NATO Threats Against Online Activists

In the wake of Anonymous operations directed at Libya, the collective’s path has crossed with NATO while the military alliance attempts to arbitrate the civil war tearing the country apart. In NATO’s report on ‘cyber hacktivism’, it states: ”Today, the ad hoc international group of hackers and activists is said to have thousands of operatives and has no set rules or membership.” NATO leaders have been warned in the aftermath of sophisticated attacks against HB Gary and the Chamber of Commerce that Anonymous “could potentially hack into sensitive government, military, and corporate files.” This would be change in the collectives ‘policy’ (aka common sense) not to attack military targets, yet NATO seems concerned enough to issue a statement claiming that the alliance is prepared to “persecute” Anonymous and “round up its members”.

Apparently, portions of NATO’s report are similar to reports written by Anonymous members in the past concerning online activism. How exactly NATO plans to “persecute” Anonymous is unclear. This does mark a change in attitude towards online activism and is the second statement in a week from a military organization detailing fears of a coming age of ‘cyber warfare’. This could set a precedence of persecution against bloggers and webmasters who appear sympathetic to the cause of freedom in North Africa and the Middle East. Even though Anonymous has been attempting to cripple websites belonging to Kaddafi’s oppressive regime, the same regime it stands against, NATO still views internet activists as a threat, and they are not alone as they watch the social media driven revolutions of Egypt and Tunisia in horror.

The Internet ‘Killswitch’

Democratic Senators Joseph Lieberman and Jay Rockefeller took a good hard look at what had happened in Egypt when then-President Mubarak shutdown his country’s internet access in the midst of a massive popular uprising that eventually removed him from power. This caused them to renew efforts they had pitched in 2010 to grant the power over an ‘internet killswitch’ to the president. Senator Harry Reid had combined their two separate proposals last August into a single bill which has made a comeback as of January.

The bill also has the support of Republican Senator Susan Collins, who claims that the president ‘already’ has power to shutdown the internet as a result of the 1934 bill that created the FCC. This bill would simply expand the powers already in the president’s possession to specifically include the internet in the case of “wartime”, a ‘national cyber security emergency’ or a “state of public peril or disaster or other national emergency”. As of March, the bill is continuing and refuses to die, and still does not define what kind of ‘emergency’ would be required to use a killswitch.

Civil libertarians view the legislation with suspicion and the lack of specifics are disturbing. Corporations such as Microsoft, Verizon, and EMC have come out in support of the bill, indicating it could have lobbyist backing as well. Regardless of the bill’s intent, granting a single man the power to shutdown critical communications systems that would affect average citizens above anyone else is something that only dictators have done in the few years since such an action has been possible.

COICA/PROTECT IP

In 2009 the Australian government caught flack for the introduction of an ‘internet blacklist’. The U.S. is looking to do something similar.

The U.S. government, a longtime friend of the music and movie industries, has renewed efforts to crackdown brutally on copyright offenders. Senator Patrick Leahy, a Democrat from Vermont, introduced the wildly unpopular Combating Online Infringement and Counterfeits Act (COICA) in 2010. The most recent version has earned an even longer name as the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PROTECT IP).

This bill would allow the U.S. federal authorities to force ISPs and search engines to censor and remove websites deemed guilty of copyright infringement. Freedom of information advocates view this as an endangerment of the free flow of information. The FBI would gain the power to seize domains, institute ISP blockades, censor search engine results, and restrict the funding of offending websites. This grants a wide berth for abuse, as the accusing corporations have far more weight and influence with the government than the average citizen, especially one accused of digital piracy.

The Department of Homeland Security has already been seizing domains related to ‘piracy’ and ‘copyright infringement’, often based on flimsy evidence.

DDoS attacks in response to an Anonymous announcement were at first underwhelming, but quickly gained steam. Anonymous continued operations against the U.S. Chamber of Commerce, one of the chief backers of the PROTECT IP bill, and took down the organization’s homepage and compromised its webmail. Attacks against the website of several senators resulted in them being taken offline from 6PM – 10PM EST; the targets included bill supporters Senators Chuck Grassley and Lindsey Graham, along with organizations such as the National Association of Theater Owners.

Whether one supports digital piracy or not, it is clear that these measures endanger the concept of ‘fair use’. Making a trademarked reference, sharing a copyrighted image, with or without attribution, or uploading a clip of a favorite movie or TV show may be a thing of the past if this legislation passes into law.

This will give further muscle to corporations and other companies such as the copyright troll Righthaven, which has launched hundreds of lawsuits in attempts to shakedown cash from offending websites. Each lawsuit has demanded $75,000 and the surrendering of the offending domain name from copyright violators. Righthaven has filed these suits on behalf of newspapers it owns and has targeted rival publications such as the Denver Post for cited infringement. Even quoting a previously published article from a Righthaven represented outlet can lead to a lawsuit, without warning, which has forced many victims to settle out of court to avoid costly legal battles.

The government’s efforts to ‘defend intellectual property’ will only serve to embolden money-hungry conglomerates and stifle the flow of information between users. People are going to be less likely to share the content they enjoy if there are stiff penalties involved. This damages the audience participation that has defined the social media boom of the last decade and takes a portion of the internet’s power and places it squarely in the hands of the powerful.

Viacom, the parent company of both CBS and Comedy Central, has long been known to use and abuse the DCMA and copyright infringement claims to take down content and sue those who share and post clips of their shows without permission. Denizens of the internet would argue that uploading a clip from The Daily Show, for instance, would fall under the auspices of copyright ‘fair use’, which allows such content to be posted and shared for the sake of discussion and commentary so long as there is no effort or intent to resell or reap a profit from the content in question. The Supreme Court agreed when Viacom lost their $1 billion lawsuit against YouTube in June 2010, protecting the video-sharing site from DCMA claims made against its users. This has not prevented Viacom from seeking-out infringing content across the internet, and even demanding that webhosts and ISPs hand over the IP addresses of ‘copyright offenders’. If PROTECT IP is passed into law, huge media conglomerates will have officially purchased a powerful enforcer, the FBI, to fight their battles.

National Strategy for Trusted Identities in Cyberspace

Pilot programs to institute a universal internet ID could start as early as next year according to Obama administration officials. There is “no reliable way to verify identity online” said Commerce Secretary Gary Locke at an event hosted by the Department of Commerce in January where the initiative was first announced. Officially referred to as the National Strategy for Trusted Identities in Cyberspace (NSTIC), the White House has released a 55-page document describing the measure, the details of which remain vague.

White House Cybersecurity Coordinator Howard Schmidt has described the proposed program as creating an “identity ecosystem”. The United States Department of Commerce has been given the reins of the project. The government has claimed that the NSTIC will be entirely voluntary, and Jim Dempsey of the center for Law and Technology has stated that the private sector will take charge of instituting such an identity layer on the web.

Facebook seems to have its eye on the contract and appears to be lobbying the government to have its “Facebook Connect” API act as the technological framework for an internet ID. Essentially, Facebook wants to be our internet driver’s license. To make this more alarming, Facebook has recently made a habit of deleting the profiles of activists, based on a longstanding policy that people registering with names different than that on their state or national IDs will face account suspension. They not only have been deleting entire accounts of activists in the Middle East, North Africa and elsewhere, the site has been specifically removing content deemed offensive or controversial without reason or warning. This is likely to be a result of ‘false flagging’ campaigns by users opposed to activist messages. Facebook has not revealed how its reporting mechanism works. Regardless, it has resulted in the censorship of political messages and anonymous profiles on the social network.

NSTIC would put people’s identities and personal information at risk, as any single sign-on, universal ID would. It is considered unwise to use the same password for everything from bank accounts to online stores, yet this proposal would seem to institutionalize poor security practices for the sake of eliminating online anonymity, which would not only put consumers at risk, but remove the protections political activists and whistleblowers hide behind to deliver information securely and without repercussion.

ACTA

The United States is far from the only country where the government has gone to bat for media conglomerates. New Zealand has recently raised the ire of information advocates and internet activists for its passage of the the Copyright Infringing and File Sharing Amendment Bill, which gives the country’s authorities the power to monitor its citizens and cutoff their internet access upon the suspicion of digital piracy. The government will also start to log IP addresses of internet users to look for incriminating data to use as grounds for initiating a lawsuit on behalf of several large media corporations. Soon New Zealand may not be alone in instituting these new measures.

ACTA, the Anti-Counterfeiting Trade Agreement, is an international treaty that has been in the works since 2006, the existence of which was revealed by Wikileaks in 2010. The United States, the European Community, Switzerland, Japan, Australia, the Republic of Korea, New Zealand, Mexico, Jordan, Morocco, Singapore, the United Arab Emirates and Canada have started negotiations to ‘combat copyright infringement’.

This bill would allow countries to force internet service providers and search engines to censor websites they do not like under the guise of “copyright protection”, similar to the provisions outlined in the PROTECT IP bill, but on an international scale. The agreement aims to ”encourage ISPs to cooperate with right holders in the removal of infringing material”. Little is known about it except for the documents shared with the public by Wikileaks.

Increasing Tensions

In the last couple weeks LulzSec has been on the warpath, targeting the PlayStation Network, PBS and now the FBI. In response to this week’s pronouncements from the Pentagon and NATO, LulzSec had this to say:

It has come to our unfortunate attention that NATO and our good friend BarrackOsama-Llama 24th-century Obama have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website(Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it, check it out if it’s still up: http://infragardatlanta.org/

While not very many logins (around 180), we’d like to take the time to point out that all of them are affiliated with the FBI in some way. Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too.

A general lack of security, combined with the willingness of hackers to exploit those weaknesses, is going to escalate the government’s concerns rapidly as they rush to stop the bleeding. As Sony has learned (or perhaps has not learned judging by their disgraceful measures following previous breaches), there is no such thing absolute cyber security.

As we saw following the 9/11 terrorist attacks and the passage of The Patriot Act, security and freedom tend to be mutually exclusive. As world governments race to combat new and increasing dangers online, the collective power the internet grants average people threatens to diminish.