Platt Perspective on Business and Technology

From stuxnet to heartbleed – the impact of US national cybersecurity doctrine and practices on businesses and markets 5

Posted in business and convergent technologies, in the News by Timothy Platt on March 19, 2015

This is my 24th installment in an occasional series on international cyber-security and the changing nature of threats faced and responses offered to them (see Ubiquitous Computing and Communications, postings 58 and loosely following for Parts 1-15 and that directory’s Page 2, posting 296 and following for Parts 16-23.) This is also my 9th installment in a sub-series within that, with its posting titles collectively identified as: From Stuxnet to Heartbleed.

I began Part 23 in this series/Part 8 in this sub-series by listing two points that I intended to at least begin addressing there:

1. The specter of the USA PATRIOT Act and how it has come to be interpreted, and how some of the United States’ closest ally governments have come to see the US government itself as violating their privacy and confidentiality laws.
2. And China and their cybersecurity and intelligence gathering activities, as viewed from the perspective of this context and as a special case in point.

I did in fact lay a foundation in that posting, for addressing the first half of Point 1 of that list, with a discussion of the PATRIOT Act itself and how it has come to be interpreted and followed, first under President George W. Bush, and now under President Barack Obama. And in reiteration of a point that I have been making throughout this series, and certainly over its most recent eight installments, this law has been used to legally justify an amazingly wide-ranging assortment of open-ended surveillance programs that have directly impacted upon essentially everyone who goes online or uses a telephone – everywhere.

That is a stunningly wide claim to assert. But its apparent accuracy seems difficult to deny, and certainly given Edward Snowden’s leaks and related disclosures concerning still-ongoing US National Security Agency (NSA) programs and the US government’s responses to those leaks – confirming their accuracy. And that brings me specifically to the second half of Point 1 as stated above: “… and how some of the United States’ closest ally governments have come to see the US government itself as violating their privacy and confidentiality laws.” This claim has come to be widely accepted as true too, and both in the United States and more globally.

I have already written in this series about the impact of American cyber-policy on individuals, and on businesses and their credibility. And I have written about how these surveillance programs have been used against specific leaders of allied countries (e.g. Angela Merkel in Germany.) I write here about the impact of this ongoing policy and its implementation on the credibility of the United States as a nation, and particularly as a nation that has always stood for democratic principles and the protection of human rights, and on freedom and liberty as its defining principles.

Public awareness of what the United States national security system have come to call “enhanced surveillance techniques” have come to damage the reputation and credibility of this country. And it is in that context that a second use of this new interpretation of the word “enhanced” has forcefully come to light too, with ongoing revelations about US use of waterboarding and extraordinary rendition of prisoners who have not in fact been charged with any specific crimes, and now with the public release of an unclassified version of the United State Senate Select Committee on Intelligence report: Committee Study of the Central Intelligence Agency’s Detention and Interrogation Program. This link leads to the declassified revision version of the 499 page summary document to that report as initially publically released on December 3, 2014, and as initially approved in its top secret classified version on December 13, 2012.

Neither of these “enhanced”-program components of the overall United States led War on Terror work, at least to positive effect and either for the United States as a country or for its citizens, or for its allies or their citizens. Enhanced surveillance programs as developed in haste and out of existential fear of world terrorism and its threats, have not and will not work to positive benefit that in any way matches their cost. And neither do the enhanced interrogation programs that have been deployed and used, as developed out of that same source of haste and fear – and with as little foresight as to their long-term cost. And in both, monetary cost is only one small part of what the United States and their participating allies have paid for all of this.

I noted above that I would cite China and their cyber-policies and activities in this context, and I do so here. I have actively and recurringly discussed and analyzed these programs and their foundations in this blog, and in postings and series that I have specifically cited with links throughout this series. My core point here, related to them is that when the United States and her closest allies, partners to these “enhanced” programs, speak out against the activities of other nations, China included for their cyber-espionage and related activities, they open themselves up to dismissive challenges of simply displaying hypocrisy.

The basic principles that the United States was founded upon as a nation are not easy to achieve, as they are ideals. American history has, in many respects been a journey towards living up to them and their lofty ambitions. Acting out of fear, and acting in haste and with short-term consequences the only ones considered, have led the leadership of the United States to lose its way in this journey.

I find myself thinking back to my earlier cyber-security postings where I admit, I did not want to think that the government of a country like the United States would launch a cyber-attack like Stuxnet against another sovereign nation. And now I have studied and written about the immerging Bush, and now Obama cyber-security doctrine and how this has been carried out.

I will probably come back to the issues of cyber-security, and the programs that the United States and her allies have developed and implemented as they seek that illusory goal of absolute, perfect safety and security. But I end this series on this note, which I would argue is not so much a political note as a human rights one – remember, both Democrats and Republicans have built and continued these programs.

We as a nation, and I write this as an American, have to return to our roots, and to the ideals that this country was founded upon. And we have to acknowledge our mistakes and step back from them. And when I began writing this blog, and when I began writing this series, I did not anticipate ended this series or anything like it on that type of note, but I find myself doing so anyway. I write a lot about best practices and I train people and businesses to better identify them and follow through on them. I write here of a best practices approach too, and of what in the long-term might be the only viable path forward – rethinking what we need to protect and what we need to do in order to achieve that, and without losing ourselves as a nation in the process. And we need to reestablish and reaffirm our trustworthiness and our adherence to a moral code that others would look up to again, which we cannot do as long as we pursue “enhanced” solutions to difficult problems.

You can find this posting and related at Ubiquitous Computing and Communications – everywhere all the time and at its Page 2 continuation. (This posting was written over several days, and finished for uploading to the blog server on December 21, 2014.)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: