The militarisation of the internet has been a long time in coming, with 9/11 being a key factor triggering the move in this direction, as shown on this timeline by the Electronic Frontier Foundation on the global digital surveillance system developed over time by the National Security Agency (along with some of its allies).
Web militarisation is a process which encompasses different but converging trends. It’s not only about cyber war or cyber guerrilla, concepts which are already well defined and being put into practice (Stuxnet is a prime example) although often exploited by governments and the media. It has to do with the mass monitoring of communications, the widespread use of digital weapons for infiltrating the computers of organisations and individuals, and the weakening or systematic alteration of standards, protocols, software and devices, not to mention the legislative codes on which the rule of law over the past few centuries in the West has been founded.
2013 was the year of Datagate, where the veil was lifted and the internet stripped of its innocence, long after those working in the sector had already sounded the alarm bells. It seems that it’s one thing to play Cassandra, but laying out on the table the proof of people’s direst, most paranoid suspicions is another matter entirely- like in the case of the leaked information obtained from Edward Snowden by the media.
To quote Jacob Appelbaum, developer of the Tor project and well-known digital rights activist, who has given several presentations on the militarisation of cyberspace,
there was a small period of time in which the internet was really free and we did not have people from the U.S. military that were watching over it and exploiting everyone on it, and now we see every year that the number of people who are hired to break into people’s computers as part of grand operations is growing day by day.
Of course, it’s not just the American military. Even before Datagate, Ronald Deibert, author of Black Code and president of the Citizen Lab at the University of Toronto, wrote that “those who take advantage of the Internet’s vulnerabilities today are not just juvenile pranksters or frat house brats; they are organized criminal groups, armed militants, and nation states”. But the worst part, as Deibert wrote in May 2013, is that “at the very moment when we are surrounded with so much access to information and apparent transparency, we are delegating responsibility for the security and governance of cyberspace to some of the world’s most secretive agencies (…) relaxing legal protections that restrict security agencies from accessing our private data, from investigating us.”
In the light of the revelations which have emerged since June 2013, perhaps trust is not the best approach. Even if you think- and there’s still an astonishing number of people who do- that you’ve got “nothing to hide”. Or lose. Or give up. The fact is you don’t need to be an activist, lawyer or journalist in Morocco, Bahrain or Ethiopia to become a target, although these categories of people are clearly targeted with spyware by governments and security agencies via the internet. Citizen Lab, researchers and activists such as Claudio Guarnieri have documented numerous such cases, sometimes with grave consequences for the lives of those involved.
Closer to home in Europe, news of the Dutch SIM card producer Gemalto being hacked has hit the headlines just recently. This attack could have compromised the (voice and data) communications of millions of people, and is said to have been carried out, according to documents leaked to The Intercept by Snowden by the American NSA and GCHQ in Great Britain. This revelation prompted several European Union politicians to call for explanations and investigations, including Jan Philipp Albrecht, European Parliament rapporteur for the new personal data protection law. “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” he declared. Sophie in ’t Veld, member of the European Parliament for the Netherlands, put it even more clearly: “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
However, these declarations aside, the reaction has been extremely weak considering the gravity of the news. The media, which pursued the Sony Hack story doggedly just a few months ago, barely batted an eyelid.
The Gemalto hack is a very large identity theft example. It isn’t just about privacy or security of calls or data; also about identity!
— Jacob Appelbaum (@ioerror) February 21, 2015
Just imagine how US/UK/Dutch govts would’ve responded to @Gemalto hack if it had been perpetrated by North Korea or China. Instead: silence.
— Ryan Gallagher (@rj_gallagher) February 20, 2015
The hacking of Gemalto seems to be just the latest tip of an enormous iceberg which still remains largely submerged. Not long ago Marcel Rosenbach, journalist for Der Spiegel, together with Hilmar Schmundt and Christian Stöcker, confirmed what many had long been suspecting: the maker of Regin, a sophisticated, powerful malware used in multiple cyber-attacks, including against Belgian telecoms company Belgacom, the European Commission and the International Atomic Energy Agency in Vienna, was the NSA. Regin is actually a cyber-attack platform used by the Five Eyes alliance: USA, Great Britain, Australia, Canada and New Zealand.
It would be misleading to attribute all this to (more or less) legitimate spy warfare, particularly given the elements which have come to light over the past two years. The militarisation of the Internet is a battle for control and its users, first and foremost, are the ones paying for it. Naturally, in a context where freedoms are monitored and restricted, the first to suffer the consequences in tangible ways are those who are most exposed: activists, whistle-blowers, minorities, citizens of authoritarian regimes and reporters all over the world.
That’s not just because, as we saw a few weeks ago, journalists’ communications are monitored and intercepted. It’s not just because governments (including democratic ones) can pinpoint a source solely through communication metadata, shattering what were once relationships of trust between reporters and those known nowadays as “whistle-blowers”, such as James Rosen and Stephen Kim in the USA. It’s also because journalists who cover topics like national security, hacking, whistleblowing and cyber warfare increasingly find themselves faced with rigid intolerance, or even outright intimidation (remember all the problems the Guardian had during Datagate? The call for the destruction of the hard disks and the arrest of David Miranda, partner of Glenn Greenwald detained at the airport on anti-terrorism legislation, just to give two examples).
Unfortunately, just as the arguments and context are becoming increasingly complex and difficult to verify and it is starting to become necessary for those revealing information to monitor and check it (a task which can only call those official sources themselves into question, if there is insufficient proof of their declarations), it is becoming increasingly risky to tackle certain topics. “I may be incarcerated for doing my job”, wrote American journalist Quinn Norton in the meaningfully-titled article We Should All Step Back from Security Journalism. This article was written just a few days after journalist Barrett Brown was handed a five year prison sentence for having posted a link in a chatroom to content hacked by others and already published by others. But there are numerous such cases, from the siege of WikiLeaks to the (now resolved) legal affair with James Risen.
The web has changed in recent years, and continues to change rapidly. We’ve realised it too late. The aggressive action of some governments, not least that of America- as Shane Harris writes in @War: The Rise of the Military-Internet Complex– is changing the fundamental nature of the Internet, and not for the better. What’s more, this action involves major technology companies and a myriad of private contractors, who are invited to use increasingly “proactive” tactics and tools. There’s a whole industry of the cyber-military, with a new complex (the military-Internet complex, Harris calls it), and we should remember that Barrett Brown was one of the few to investigate this topic before Datagate. It is growing and will have an impact on an area, namely the virtual world, which until very recently was considered a global commons, a common good, a space for new freedoms, a means of empowerment. The battle to control cyberspace is redefining the topics on national security agendas at the beginning of the 21st century, and the current rise of terrorism will only serve to boost this trend. If this is the outlook, anyone with a different idea of the world wide web risks isolating themselves, in the best case scenario. In the worst, they may be seen as an obstacle to be removed.
We will discuss the topic at the International Journalism Festival, during our panel “The Internet as a battlefield: what are the implications for journalism?“, together with hacker and civil rights advocate Claudio Guarnieri and Der Spiegel’s Marcel Rosenbach