We've certainly written an awful lot about the ridiculousness of the concept of "cyber war." Even with things like Stuxnet and Flame, it seems silly to compare what amounts to either electronic espionage or a little hacking as "war." But perhaps we were looking at it the wrong way. In a Foreign Policy article by John Arquilla, he argues that perhaps we should be embracing this kind of "cool war" as it can be effective at stopping threats (even distributed ones like terrorist operations, rather than just centralized ones like governments), while causing minimal bloodshed:

On balance, it seems that cyberwar capabilities have real potential to deal with some of the world's more pernicious problems, from crime and terrorism to nuclear proliferation. In stark contrast to pitched battles that would regularly claim thousands of young soldiers' lives during Robert E. Lee's time, the very nature of conflict may come to be reshaped along more humane lines of operations. War, in this sense, might be "made better" -- think disruption rather than destruction. More decisive, but at the same time less lethal.

And, indeed, if we believe that reports of "cyber attacks" being used to make planes fall from the sky are greatly exaggerated, perhaps we should welcome a "war" that mainly involves hackers vs. hackers trying to disrupt each others "real" warfare capabilities. But, of course, there are plenty of other issues that come up here as well -- such as how secret hacking programs can be abused. If it gets governments to stop physical battles that lead to real lives lost, that does seem like an improvement, though I'm not sure anyone should think that continuing to attack each other through computers is ever a "good" situation overall.

The latest Radiolab "shorts" episode, entitled Grumpy Old Terrorists, seems like a bit of a departure in subject matter for that program -- but fits right in with something we've been talking a lot about lately. Over the past few years, we've noticed the rather disturbing trend in how the FBI keeps publicly celebrating stories about stopping terrorist plots -- but in almost every case the details show that it was actually just stopping its own terrorist plots that it feeds to hapless individuals, often nudging them and pushing them down the road to "become" terrorists, despite commonly displaying little to no aptitude for actual terrorism.

In the last few weeks, the mainstream press has started to notice this as well, with stories about it appearing in both the NY Times and Rolling Stone. However, the Radiolab episode highlights a similar, but slightly different story, that was actually covered in great detail in an article in Esquire a few months back, entitled Waffle House Terrorists -- which includes the mugshots of the four "terrorists."

The youngest one of that bunch is 65-years old. The oldest is 73. As the Radiolab episode and the Esquire piece detail, while these guys do seem hateful, they also seemed absolutely unable to do anything... until an "FBI informant" joined their pack and pushed and prodded them along, introducing them to the "contacts" to get weapons and even providing "the money" to buy said weapons. The Esquire article goes into great detail about the "informant" and his rather questionable legal history (he first contacted the FBI while in jail for molesting his wife's daughter from a previous marriage).

On Radiolab, they play the audiotapes the guy made of the plotting -- and there's obviously some crazy stuff being said. But, as they look deeper into the role of the informant, the Radiolab hosts conclude the episode by noting that the whole situation doesn't really make them feel any safer. Yes, these old guys were hateful and helped join in this plan to cause lots of death and destruction. But, so much much of the plot and the participation of these guys really does seem driven by the "informant," who does not seem like the most credible of guys. And it's this exact scenario that we keep seeing over and over again. It may not reach the level of entrapment, and it may put some people really ignorant and crazy people in jail -- but is this really the best use of the FBI's time and efforts? Creating bogus "terrorist" plots involving people who had no real means to actually do anything?

We've been covering for a while now how the FBI keep setting up and stopping its own terrorist plots in order to make headlines. A few weeks ago, the NY Times wrote about this and now Rolling Stone has its own entry on the subject, which goes one step further, noting that while the FBI keeps turning hapless nobodies into terrorists to arrest and splash all over the front pages, it seems to be ignoring groups that actually represent real threats, because they just don't make nearly as interesting a story. Rather, as the article notes, the FBI seems focused on "ideological enemies" to take down, rather than those who are most likely to actually cause harm:

The contrasts are extraordinarily instructive. When federal law enforcement agencies take an affirmative role in staging the crimes, the U.S. Justice Department then prosecutes, leaving more clear-and-present dangers relatively unbothered, the State is singling out ideological enemies. Violent white supremacists are not one of these enemies, apparently – because, as David Neiwert, probably the nation’s top journalist on the subject, told me, the federal government has much less often sought to entrap them, even though they are actually the biggest home-grown terrorism threat. That is unconstitutional, because law enforcement’s criterion for attention has been revealed as the ideas the alleged plotters hold – not their observed violent potential.

At some point, you have to wonder how much longer the FBI will be allowed to keep staging bogus threats just so they can arrest people, while mostly ignoring people who are actually trying to pull off violent attacks within the country.

Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there's no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading. Of course, this is mostly due to the work of a neat combination of ex-politicians/now lobbyists working for defense contractors who stand to make a ton of money from the panic -- enabled by politicians who seem to have no shame in telling scary bedtime stories that have no basis in reality.

But it's all working. And, by working, I mean scaring the public unnecessarily. As reported by Wired, a new survey from Unisys finds that Americans are more worried about cybersecurity threats than terrorism, and they seem pretty worried about those threats. When asked about which security issues were the highest priority, survey respondents noted:

1. Protecting government computer systems against hackers and criminals (74 percent)
2. Protecting our electric power grid, water utilities and transportation systems against computer or terrorist attacks (73 percent)
3. Homeland security issues such as terrorism (68 percent)

Of course, it's likely that the vast majority of the American public has absolutely no idea what the actual risk is of any of these things happening. But they are familiar with computers, and there's been a lot of talk about cybersecurity lately, so "ooooooh, scary!" Now, here's where the mainstream press could come in and point out the lack of evidence for any real or significant cybersecurity threat and help people realize that they might be best off focusing their attention elsewhere. But talking about planes falling from the sky is much more fun.

Following our post about the NY Times highlighting how the FBI seems to spend an awful lot of time foiling its own terrorist plots, some of our commenters pointed us to the news that the FBI has done it again (just in time to coincide with our story), arresting five individuals in a plot that appears to have been coordinated by the FBI itself. Even though some of the "anarchists" arrested expressed concerns about how resorting to violence would help, the FBI helped supply fake explosives and that appears to have convinced the group to move forward with its "plot." Prior to that, they seem to have had little actual ability to do much of anything, other than thumbing through The Anarchists' Cookbook and talking about what they'd like to do.

Over the last few years, we've noticed that nearly every victory the FBI celebrates against terrorism is actually about stopping its own terrorist plots that it feeds to hapless individuals, often nudging them and pushing them down the road to "become" terrorists, despite commonly displaying little to no aptitude for actual terrorism.

Add the NY Times to the newspapers who are beginning to question the FBI's penchant for setting up its own plots for the sake of a high profile arrest of some clueless individuals.

The United States has been narrowly saved from lethal terrorist plots in recent years - or so it has seemed. A would-be suicide bomber was intercepted on his way to the Capitol; a scheme to bomb synagogues and shoot Stinger missiles at military aircraft was developed by men in Newburgh, N.Y.; and a fanciful idea to fly explosive-laden model planes into the Pentagon and the Capitol was hatched in Massachusetts.

But all these dramas were facilitated by the F.B.I., whose undercover agents and informers posed as terrorists offering a dummy missile, fake C-4 explosives, a disarmed suicide vest and rudimentary training. Suspects naïvely played their parts until they were arrested.

As the article makes clear, claims of entrapment rarely work in these cases, but it certainly raises questions about whether the FBI is actually protecting us from real plots or spending time creating publicity stunts that leave some people in jail. No doubt, some of these setups bust people who could potentially be interested in taking part in attacks if they had any real opportunity to do so. But, in most cases, it doesn't seem like they would ever have the opportunity (unless the FBI was helping). In one case, the judge -- even as she was sentencing the guy to decades in prison -- admitted that the guy wouldn't be a "terrorist" if it weren't for the FBI:

"Only the government could have made a 'terrorist' out of Mr. Cromitie, whose buffoonery is positively Shakespearean in its scope...."

This is the same guy who laughed at earlier attempts by an FBI informant to get him to get involved in a plot.

There's no doubt that there are real plots being attempted. But wouldn't the FBI be better off focusing on those, rather than play acting all the time?

Wizz points us to a speech that French President Nicolas Sarkozy recently gave in response to the death of the suspect in the Toulouse murders after the police shot him as he tried to escape, when they raided his apartment after a 32-hour standoff. As part of the speech, Sarkozy decided to use it as an opportunity to push for more anti-internet legislation, including a plan to criminalize visiting certain websites too often. Here's the video in French, with his comments coming around 2:20. Translating the key line, he says:

Anyone who habitually visits Internet sites that advocate terrorism or carrying calls for hate or violence will be punished under criminal law.

It appears that there is already a law in France that similarly makes it a criminal offense to "habitually" visit child porn sites, and this is a push to expand that same law to terrorism, hate and violence sites (original French). Of course, there are all sorts of problems with this. Obviously, accessing child porn is a strict liability kind of thing, where it's clearly illegal. Merely reading about terrorism, hate or violence is not.

Also, there's a question of how do you know if someone "habitually" visits such sites, raising fears that Sarkozy wants to implement a pretty broad deep packet inspection spying system to make this work. This has, quite reasonably, raised significant concerns among human rights/free speech activists (original French) about just what Sarkozy is actually planning. Others point out that such a law almost certainly wouldn't pass French constitutional scrutiny.

Either way, just the idea is quite a dangerous leap. Criminalizing the visiting of websites because they contain information? If the content itself is illegal, go after those who create the website. Going after people for reading it reaches towards the level of establishing thought police. It also seems to greatly overestimate (as many politicians do) the power of a simple website to convince people of certain things. We see the same thing in the US with Senator Lieberman's grandstanding against terrorist content, which he wants banned and blocked in the US as well. It seems to assume that people are all complete suckers who, as soon as they read a terrorist pitch, automatically become terrorists. In reality, all they're really doing is legitimizing much of this ridiculous content, by suggesting that it really is "dangerous" and somehow must be criminalized.

We've been talking about the faux urgency to pass some cybersecurity legislation coming from the federal government, with plenty of fear mongering from politicians who never seem to want to point out any factual basis for why we need such new laws. Instead, it's all been about Hollywood movie script-style scenarios about planes falling from the skies. It appears that the White House is heavily involved in this bogus fear mongering as well, having recently set up a "simulated cyberattack on New York City's power supply" to convince elected officials to move forward on the legislation.

During a classified briefing in the Office of Senate Security, Homeland Security Secretary Janet Napolitano and White House counterterrorism adviser John Brennan showed lawmakers how a hacker could breach control systems of the city’s electric system and trigger a ripple effect throughout the population and private sector, according to a source familiar with the scenario.

“The fact that we could be subject to a catastrophic attack under the right circumstances and we now know some of the things that would help us to protect against such an attack, that’s why it’s important now for the Congress to take this up,” Napolitano said in an interview with POLITICO.

Now that's interesting. Just how could a hacker breach control systems of the power grid? Apparently with an email phishing attack:

During the simulation, the hacker gains access to the electric supply’s control system through a simple “spearphishing” attack, in which a worker merely clicks on a link in an email that appears to be from someone they know.

Um, there's your problem. If the NYC power grid is attached to the public internet in such a way that it can be taken down, then um, shouldn't we take it off the internet? This isn't about cybersecurity, this is about common sense, where things like the power grid should not be accessible via the internet -- and I'm pretty sure they're not (back here in reality). But in the world where we need fear, uncertainty, doubt and the ability for the federal government to spy on private networks, we have to pretend such a scenario is likely.

Of course, I also question why the White House chose NYC as the showcase for the simulation and suggested that there would be deaths and other massive harm from such a power grid takedown. After all, it was just about a decade ago that the power grid in the Northeast did, in fact, fail. It was an inconvenience for many people, certainly, but it was hardly damaging in the way the White House seems to have implied with this scare tactic.

So, once again, can we take a step back and ask some simple questions: what's the real threat and the real risk here? If it's that the NYC power grid is accessible by a simple password over the public internet, then the problem isn't cybersecurity, it's whoever was stupid enough to connect the power grid to the internet. Let's fix that. But let's not regulate and spy on large segments of the public internet to cover for a few bad decisions.

A couple of weeks ago, Techdirt reported on UK politicians calling for ISPs to "take down" terrorist content. Now it seems that the idea has not only spread to other European countries, but even acquired a cheesy name: "the Clean IT Project".

The internet plays a central role and is of great strategic importance for terrorists and extremist networks. These networks know that propaganda is a critical tool for generating funding, recruits and support for their cause within these communities. Historically they have used a variety of media channels, such as television, radio and publishing, in order to communicate their views. During the past decade of huge global growth of the internet, Al Qaida influenced extremists for example, have made increasing use of this medium. The internet and its fast and anonymous means can contribute to individual radicalization processes. There are concerns about the illegal use of the internet for terrorist purposes and the misuse of legal / neutral websites. The question is if we can limit the use of internet for terrorist purposes, without affecting our online freedom. Therefore this project is based on a public-private dialogue.

Those last two sentences are particularly ominous. First, because they show no awareness that any attempt to "clean" the Internet inevitably affects everyone else's online freedom. Given that there are no hard and fast rules about what is terrorism, the past teaches us that there is always collateral damage in the form of over-reaction -- not least because people understandably err on the side of caution in this area.

The other reason we ought to fear this new initiative is that it is based on getting the private sector to act as online police, using a "non-legislative" approach:

The main objective of this project is to develop a non-legislative 'framework' that consists of general principles and best practices. The general principles will be developed through a bottom up process where the private sector will be in the lead. Through a series of workshops and conferences, the private and public sector will define their problems and try to draw up principles. These principles can be used as a guideline or gentlemen’s agreement, and can be adopted by many partners. They will describe responsibilities and concrete steps public and private partners can take to counter the illegal use of Internet.

This is of a piece with similar attempts to get ISPs to spy on their users, or search engines to censor their results: since everything is done through a non-legislative 'framework', there is no oversight and no formalized legal recourse. It's part of a general move to control the Internet through extra-judicial means, thus avoiding all the risks of a democratic debate or the need to produce any evidence that the measures are effective and proportionate. Significantly, it's also one of ACTA's key (bad) ideas.

Even though the project is being sold as a voluntary "gentlemen’s agreement", the reality is that lurking in the background is the usual implicit threat:

The covenant, the principles and the practices should be non-legislative because they will be adopted on a voluntary basis with support from the industry. It should also be possible to implement them quickly in any European Member State, or even worldwide. Nevertheless, it is possible that one of the results will be a call for better regulation by governments.

That is, if industry doesn't adopt the principles and practices -- and implement them "quickly", too -- it will be forced to do so through legislation.

It's not even clear that "limiting terrorist use of internet" is the best way to fight terrorism. There is an argument that it would be better for as much terrorist activity as possible to take place where security agencies can keep it under close surveillance. Shutting down the more obvious sites and means of communication will simply drive terrorists deeper underground, and make it harder to monitor and thus counter them.

So once more, we have the worst of both worlds: while the rights of the general public are diminished further in the name of "combatting terrorism", the actual fight will be made more difficult.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

We've talked multiple times about how the FBI seems to spend an awful lot of time stopping its own terrorist plots, and it appears to have done so yet again. iamtheky points us to the story of a "terrorist plot" to blow up the capitol averted... thanks to the fact that the whole thing was planned by the FBI, so it was pretty easy to stop the one dupe who thought it was real. Now, as some people always point out, these kinds of operations do seem to get people off the street who wouldn't mind causing harm to Americans, but it's unclear if any of them would ever actually have the means to do so in reality. What's telling is that these seem to be basically the only terrorist plots we hear about the FBI stopping these days -- which makes you wonder if they just have too much free time to manufacture plots to stop.