RUTHFULLY YOURS

Medialand
New Rules Of Engagement
Trevor Butterworth, 06.15.10, 1:43 PM ET

We don’t know yet whether whistle-blowing Web operation Wikileaks has hundreds of thousands of classified U.S. State Department documents provided by U.S. Army Specialist Bradley Manning or whether it will publish them. But in the meantime Wikileaks’ Julian Assange is providing ammunition to those who believe that the fragile new world of cybersecurity demands a more flexible approach to the rules of engagement.

As Dr. James Lewis, Director and Senior Fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, puts it, there is increasing frustration at being unable to come up with an effective defense to these kinds of events, and it has led some to advocate lowering the boundaries of response. “This would be a mistake,” he says. “The world will not respond well to the use of this kind of force.”

But why should the world know? Why go after Assange directly when, as the New Yorker so memorably pointed out, “On the Internet nobody knows you’re a dog.” Assange has called Wikileaks “an uncensorable system for untraceable mass document leaking and public analysis.” But this assumes that state actors will just put their hands up and say, “this is infuriating but … whatever,” because they are bound to certain kinds of rules of engagement as state actors.

What if a western intelligence agency were to succeed in getting Wikileaks to post hostile information on a third party that, in turn, would have no compunction in going after Assange and anyone associated with the site? Wikileaks can point to its formidable array of volunteer technologists to check up on sources or to screen out dubious or obnoxious information, but the history of spycraft testifies to both human ingenuity and organizational failure. The chain of virtual proxies and non-state actors that could be deployed against the site is dizzying and potentially deadly.

There are two distinct ethical problems at play here. One is old: it requires you to define the public good before you determine what kinds of information should be made public. As the Economist recently noted, this is complicated by the fact that the leaker and his audience may not agree on the logical import of the leaked information. There are unintended consequences to transparency given that people have different interpretative frameworks and values for processing such information. An ethics of publishing that is blindly absolutist simply begs for all sorts of painful, unintended consequences.

The second ethical problem is whether the Internet has really changed everything when it comes to national security. Lewis doesn’t think so. But if the rules of war don’t need to be changed, we still need to be aware that our dependence on an infrastructure of networked applications, built as a virtual Garden of Eden, free from sin, has turned out to be a gift that keeps on giving to criminality and industrial and military espionage.

Even if we are not in the midst of a virtual Pearl Harbor and no single attack rises to the level of a physical force response, the theft, for instance, of the blueprints to the F-35 Joint Strike Fighter, is nontrivial; the risk of nuclear secrets being compromised is nontrivial; and, as a recent debate hosted by Intelligence Squared in Washington D.C. may confirm, many smart people think the threat of cyber warfare is nontrivial.

In other words, the more you grasp the fragility of the Internet, the less you can write off the cybersecurity movement as a Big Brother/Dr. Strangelove power grab by post-Cold War hawks. And given that the conceptual framework for cyberwar is still in a state of definitional flux, the risk is that a series of unfortunate events–a mass leaking of classified documents for instance–may up the ante for redefining the rules of engagement.

All of which is why definitions matter right now: Lewis thinks “war” is unhelpful; Jonathan Zittrain, a professor at Harvard Law School and co-founder of its Berkman Center for Internet & Society, agrees.

“In conventional warfare there are those who fight and those who do not–the basic distinction between soldier and civilian,” he says in an e-mail following his victory, shared with former director of national intelligence, Admiral Mike McConnell, in the Intelligence Squared debate (they argued against the proposition that “the threat of cyber warfare has been grossly exaggerated”).

“Even in unconventional warfare, with, say, terrorists who don’t wear insignia, there are those who are engaging in conflict and those who are not. Online it’s much tougher to distinguish military and civilian points of presence, and so often, as it turns out, otherwise innocent machines are repurposed, unbeknownst to their users, for aggressive ends. That may be why I tend to focus more on vulnerabilities than on particular actors. Who cares if a vulnerability is exploited by a 12-year-old for fun or a soldier at the direction of the state, especially when there’s no easy way to tell who’s behind it?”

The dream of Wikileaks is that a new kind of journalism–show all the primary source material!–will transform politics; but, in many respects, it is utterly conventional. It exploits a traditional vulnerability in any organizational system, one that is virtually impossible to eliminate. Similarly, convention shows within some organizational systems there are those who will not simply shrug off the results as journalism.

Trevor Butterworth is the editor of stats.org, an affiliate of George Mason University that looks at how numbers are used in public policy and the media. He writes a weekly column for Forbes.