Among buckets of saccharine rhetoric linking freedom and democracy to the image of “the little girl who was pulled from the rubble on Monday in Port-au-Prince” (wtf?), Hillary Clinton’s speech on internet freedom amounts to a declaration of cyber war against China.
Were Google’s highly unusual public statements about Chinese-sourced attacks on it and 33 other corporations part of a larger plan? After all, as Crikey reported Monday, such industrial espionage is hardly new.
Sure looks like it.
Now that the media has spent a week backgrounding cyber warfare for the punters, the Secretary of State is talking tough.
“Our ability to bank online, use electronic commerce, and safeguard billions of dollars in intellectual property are all at stake if we cannot rely on the security of information networks,” Clinton said in a section of her speech labelled “Freedom from Fear”.
“States, terrorists, and those who would act as their proxies must know that the United States will protect our networks. Those who disrupt the free flow of information in our society, or any other, pose a threat to our economy, our government and our civil society. Countries or individuals that engage in cyber attacks should face consequences and international condemnation.”
Clinton also condemned internet censorship, naming China as well as Tunisia, Uzbekistan, Vietnam and Egypt.
While it’s no secret that the US assists dissidents in other countries communicate in the face of political censorship — 40 countries, according to Clinton — she revealed that the US is developing new tools to help them.
“We are working globally to make sure that those tools get to the people who need them, in local languages, and with the training they need to access the internet safely,” Clinton said.
“The United States has been assisting in these efforts for some time. Both the American people and nations that censor the internet should understand that our government is proud to help promote internet freedom.”
Clinton is presumably speaking of a new generation of tools such Tor.
Tor encrypts your internet traffic and bounces it through a series of random servers scattered around the world before it emerges and continues to its destination. From the destination’s point of view, the traffic looks like it’s coming from the Tor exit node, not you.
Tor was originally developed by the US Naval Research Laboratory for use by US agents abroad, but is now run by a non-profit with a variety of financial supporters including anonymous NGOs.
A next-generation Tor would presumably fix some of its known weaknesses, including the ability for attackers to eavesdrop on the exit nodes.
Tor isn’t the only online privacy system. Myriad virtual private network (VPN) services allow businesspeople to avoid eavesdroppers while using open wireless access points at airports, for instance. Someone who isn’t me honestly could, completely hypothetically, use an American VPN provider to watch US shows on Hulu.
Only this week, the founders of The Pirate Bay launched their Ipredator VPN service in response to Sweden’s Intellectual Property Rights Enforcement Directive (IPRED), which forces ISPs to reveal the identity of alleged copyright offenders.
Whether the motivation is avoiding censorship — yes, including Australia’s mandatory internet “filter” — copyright violation, avoiding geographic licence restrictions or just keeping your private information private, all these tools perform much the same job. Protect privacy and anonymity. Avoid blocks.
However a US-sponsored system would potentially have one key difference.
Ipredator’s committed policy is to never monitor its users’ traffic in any form. The US government, not so much.
So is America going to cut its aid to police state Egypt? Or just cyber-sabre-rattle against China?
You’re not actually expecting consistency between words and actions, are you Niall?
Stilgherrian,
I’d be fascinated to hear what you think about Freenet, both in terms of privacy protection and as an alternative to the commercialised internet.
I had a look at it and found it very reminiscent of the mid-90s internet in it’s basic graphics, lack of adverts, and quirky interesting content. I also found it quite slow and hard to use!
What’s your take on it?
Regards.
@Bob the Builder: To be honest, I haven’t explored Freenet enough to form a proper opinion. However three key issues come to mind.
1. What’s to stop “the bad guys” just creating false identities and joining Freenet themselves, thus immediately being “inside” the network. If I were, say, a Chinese intelligence organisation, I’d already have a programmer or systems administrator or three working within the project itself and building up trust.
2. In an oppressive regime, simply using privacy and encryption tools marks you out as a problem to be investigated.
3. Attackers focus on the weakest links. In almost every case the weakest link isn’t the data in transit or even the servers it’s shared from, but the end users’ computers. It’s relatively easy to get keystroke loggers onto users’ computers and monitor that way.
I recall security expert Bruce Schneier saying he’s not worried if websites taking his credit card details don’t have SSL encryption because the endpoints are the vulnerability. Encrypting the credit card numbers in transit, he said, is like using an armoured car to move cash between people who live in cardboard boxes