Just recently Thomas Rid, the author of a new book entitled Cyber War Will Not Take Place
, was on the Surprisingly Free podcast
, and had a very interesting discussion about the fact that the whole concept of "cyberwar" is incredibly overhyped (as we've also discussed
in the past
). At best, it's often really about espionage, not war, and (on the good side) unlike war, the likelihood of serious physical harm and deaths is much more limited when it comes to technological attacks. I highly recommend listening to the podcast, because Rid does a nice job laying out his thesis, much of which I agree with.
However, I was then somewhat surprised to see him over at Slate arguing that the rest of the documents Ed Snowden leaked should be destroyed
. Unlike some others, he's not arguing that the leak was evil and that Snowden was a traitor. Instead, the argument is somewhat more nuanced. He basically argues that a lot of good things
have already come out of the leaks that have been published, but he's unsure of the marginal benefit of additional leaks, while much more worried about potential harm from continued leaks. I think this argument is wrong, but it does provide an interesting thought experiment.
Rid does point to the good things the leaks have done, namely: (1) kicking off a long-overdue debate on these issues, (2) informing the public about digital security issues that they've ignored for ages and (3) convincing many tech companies to take security much more seriously. We all agree those are three good things that have come out of the leaks. However, it appears that Rid isn't sure that future leaks will do much more than existing leaks to further any of those points. Of course, I'd argue that part of the problem is he leaves out the fourth important point: putting into motion events that hopefully will lead to more limited surveillance, less abuse of the surveillance infrastructure and much more respect for things like the 4th Amendment and basic privacy rights. And it seems pretty clear that continued leaks do
help to drive that forward.
However, Rid seems to see limited upside to further leaks, and also significant downsides
to existing leaks, which he thinks could get worse with more. I think he's wrong on the downsides, but let's go through them:
One is that intelligence capabilities are damaged. There is no doubt that signal intelligence agencies are an essential tool necessary for international statecraft as well as for maintaining the domestic constitutional order. Revealing capabilities and tactics often means they become worthless as a result. Measuring such tactical costs is hard, but the damage is significant.
This is overblown. Yes, intelligence and espionage are always going to be a part of the way things work, but that has never meant that we should make it easy. In fact, the likelihood of abuse is so high that we've always tried to make this very, very difficult. There are reasons that the 4th Amendment has requirements for things like probable cause, warrants (i.e., oversight by a third party) and reasonable
and limited searches.
This means, secondly, that militants, violent extremists, and adversaries—think the Syrian regime—are already racketing up their communication security. In the future it will be harder to detect and foil terrorist attacks. In the future it will be harder to say if some regime possesses or used a specific weapon system. In the future it will be harder to unveil wealth-draining cyberespionage. This is very serious.
The history of signals intelligence is littered with the cat and mouse game of finding new ways to hide messages, followed by someone cracking them, and people moving on to other methods. Arguing there's some awful damage from this is an unsupportable statement. Out of what's been leaked so far, much had already been suspected by many -- meaning that the major terrorists and foreign enemies almost certainly were already using methods to try to avoid such systems. There is little evidence to suggest the damage is really that significant.
Meanwhile, thirdly, authoritarian states get a confidence boost. “Washington ate the dirt this time,” wrote China’s Global Times, an outlet sometimes called the Fox News of China. The U.S. administration “has long been trying to play innocent victim of cyberattacks” but now turned out to be “the biggest villain,” said Xinhua, the state-run news agency. This argument, of course, is hypocrisy. The National Security Agency is not spying in order to round up Obama's political opposition, and Government Communications Headquarters is not listening to Internet traffic to help London's banks—both of which stand in sharp contrast to China's own practices. Nevertheless, Snowden's revelations make it easier for the world's authoritarian regimes to crush dissent at home.
I agree with the impact here, but it's not the fault of the Snowden leaks. This is the fault of the US (and others) being overaggressive in its surveillance activities. The way to avoid losing the moral high ground is to, you know, stay on the moral high ground
. It's fairly ridiculous to argue that Snowden's leaks are to blame here. It's the NSA's actions that are to blame.
A fourth result: Internet governance is creaking. Diminishing America and Britain’s diplomatic and moral standing is threatening the multistakeholder approach, so far a guarantor for a free and open Internet. A patchwork of smaller, sovereign "Internets" is becoming more and more likely. As a result, the Internet could now become more authoritarian, not less.
Finally, and perhaps most significantly, American and British Internet and telecommunication companies are under economic pressure, set to lose disgruntled customers at home and large contracts abroad. This last damage multiplies all previous ones.
Ditto my comment above. This is blaming the messenger. The problem here is not the leaks, but rather the actions of the NSA in going overboard with surveillance. Rid tries to cut off this argument with the following:
Some may retort that it was the NSA and its allies who created this damage in the first place, not Snowden and his allies. But this argument is problematic: Spy agencies spy, all of them. Suggesting that all secrecy is bad is plainly naive. Instead there is a moral case to be made for open democracies to have the most capable intelligence agencies, operating lawfully with robust oversight mechanisms. No liberal mind can want the NSA to sit in Beijing or Moscow.
But that's not responding to the actual argument. While I'm sure some are arguing against any and all espionage, most of us are not. We're arguing against overly broad
surveillance, often for no legitimate reason, with little oversight and no actual threat to deal with. We're not saying that "all secrecy is bad," but rather that there has been massive overreach here, and little benefit. That seems worth discussing, and the Snowden documents keep revealing just how bad that overreach really is. Rid is responding to a strawman here, rather than the actual argument most people are making.
As Julian Sanchez notes
, Rid seems to be basing the entire article a belief that is unsupported: that terrorism is a threat to democracy, when the reality is that it's authoritarianism and surveillance that are the real threats to democracy. Yes, terrorism can do tremendous damage, but it's difficult to believe that terrorism alone harms the democratic process. A surveillance state is simply antithetical to democracy. Rid seems to not understand that, which is too bad, given his recognition of how much the claims about "cyberwar" are overhyped.