Cyber War? Jonathan Zittrain Weighs In

More

by Ella Chou

I am grateful for all the comments on my cyber security article. Yet I didn't write the post just to share my own views, I was hoping to learn about the perspectives of Jim Fallows' wide and highly educated audience. Cyber security is a niche field of study that the best and the brightest of the experts have very different approaches.

I am thrilled to share with you here an e-mail from a leading expert on cyber law, Internet governance, and computer security.

Jonathan Zittrain, professor of law at Harvard Law School and Kennedy School of Government, professor of computer science at Harvard's School of Engineering and Applied Sciences, co-founder of Harvard's Berkmen Center for Internet & Society, author of the great book The Future of Internet -- And How to Stop It, offers his insights:

We face paired dangers.  The first is that our networks are successfully attacked.  The second is that our fear of attack will cause us to destroy what makes the Internet special.  Sadly, most experts are concerned with only one danger, and ready to deal with it by ignoring the other.  We have to become more subtle, and soon.

A note on definitions: the danger of network attack is both accentuated and obscured by the term "cyber."  It depicts a realm greater than the sum of its parts -- hence cyberwar or cybersecurity sounding much more grave than "Internet war" or "Internet security."  The cyber- prefix -- these days also used as a standalone noun -- can mean too many things at once.  So let's break it out.  First are attacks on the network itself: What could make the Internet go down?  Second are attacks on devices attached to the Internet.  What could make a Web site -- a bank, or Amazon, or theatlantic.com - become inoperative?  Could my own PC suddenly stop working after getting some bad bits over the network?  Third is spying: what data might be compromised from afar, whether letters and spreadsheets on your PC, a raft of credit card numbers and prescription data from an online pharmacy, or plans for a missile defense system stowed on the server of a government contractor. Finally there are attacks on physical infrastructure that's intertwined with the Internet, such as an electric grid or air traffic control.

Scenarios like the Clarke's conflate all of these.  To be fair, it's not like an enemy wouldn't hesitate to mix and match various forms of attack.  Any state in the world might think itself entitled to try and all if it thought it would yield advantage.  But the vulnerabilities behind each type of problem, and the ways to fix them, vary greatly.

While it's not easy to rank these dangers against one another, the most lurid attacks -- those against physical infrastructure like the electric grid -- are the easiest in theory to protect against.  Such systems aren't meant to be exposed to the public, and access to their use can be restricted as much as the balance between paranoia and efficiency dictates.

The other three are trickier.  They share in common the fact that attacks are typically anonymous.  A stream of bad bits leads back to a compromised machine run by an innocent party.  This is called the "attribution problem," and some experts and government officials have called for a wholesale reworking of the way the Internet works in order to have every packet of data that traverses it permanently engraved with the identity of its source.  This is true of other networks: dial from a typical mobile phone and the operator can see which phone placed that call, and often phones are registered to individual people.  Solve the attribution problem, the theory goes, and it becomes easier to track down bad guys.  Then they can be caught or deterred.

This, however, means that our fear of attack will cause us to destroy what makes the Internet special, both technologically and socially.  Technologically, the Internet works thanks to loose but trusted connections among its many constituent parts, with easy entry and exit for new ISPs or new forms of expanding access.  To achieve the level of identity possible with mobile phones one would have to eliminate the practice of sharing Internet connections, such as through an open wi-fi access point.  Terminals in libraries and cyber cafes would have to have verified sign-in rosters so that activities could be traced back to individuals.  Or worse, Internet access would have to be predicated on providing a special ID akin to a government-issued driver's license - perhaps in the form of a USB key.  No key, no bits.

Criminals and states wanting to act covertly wouldn't be stopped cold, but they'd have to invest much more in achieving the level of anonymity that comes so naturally today.  The price would be high for them, and it would be even higher for us.  The Internet's distinct configuration may have facilitated anonymous threats, copyright infringement, and cyberattacks, but it has also kindled the flame of freedom in ways that the framers of the American constitution would appreciate - the Federalist papers were famously authored pseudonymously.  One repressive state after another has had to face the dilemma of wanting abundant Internet for economic advancement, while ruing the ways in which its citizens can become empowered to express themselves fearlessly.  An Internet without the attribution problem has a new issue: citizens can be readily identified and punished for their political activities.  Content filtering and monitoring that is currently expensive if it is to be at all effective would become easy roughly in step with the ease of identifying truly bad actors.  The attribution problem can't go away.  It just becomes a different problem: attribution is too easy.

So: I wouldn't be at all surprised if China had honed expertise across all the different kinds of what people call cyberwar.  But the question is what we should draw from that.  One state doesn't need the provocation of another to ramp up a cyberattack posture, and good defenses -- especially if one has sensitive information, as a government would -- are important.  I just wouldn't want to see a cybersecurity threat as a wedge through which to initiate changes to Internet architecture that pressure a bunch of other values we hold dear.

Many thanks for your great insights, Professor Zittrain!

Ella Chou, who grew up in Hangzhou, China, is a graduate student in Regional Studies-East Asia at Harvard, studying law and comparative politics.

Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.
Get Today's Top Stories in Your Inbox (preview)

The Time JFK Called the Air Force to Complain About a 'Silly Bastard'

51 years ago, President John F. Kennedy made a very angry phone call.


Elsewhere on the web

Video

Adventures in Legal Weed

Colorado is now well into its first year as the first state to legalize recreational marijuana. How's it going? James Hamblin visits Aspen.

Video

What Makes a Story Great?

The storytellers behind House of CardsandThis American Life reflect on the creative process.

Video

Tracing Sriracha's Origin to Thailand

Ever wonder how the wildly popular hot sauce got its name? It all started in Si Racha.

Video

Where Confiscated Wildlife Ends Up

A government facility outside of Denver houses more than a million products of the illegal wildlife trade, from tigers and bears to bald eagles.

Video

Is Wine Healthy?

James Hamblin prepares to impress his date with knowledge about the health benefits of wine.

Video

The World's Largest Balloon Festival

Nine days, more than 700 balloons, and a whole lot of hot air

Writers

Up
Down

More in Technology

From This Author

Just In