SPECIAL SERIES:Cybersecurity: The Next Great Battlefield
In this series of articles running from March through this week, RealClearPolitics and RealClearDefense take an in-depth look at the intersection of cybersecurity, technology, and warfare in the 21st century. Below is Part 13.
On May 23, 2013, President Obama delivered a speech at Fort McNair, a military base where Americans have worn the uniform of their country since 1791. The long war against Muslim terrorists in Afghanistan, Iraq, and elsewhere had lasted a dozen years by then -- with no end in sight. Bearing that in mind, the 45th U.S. president invoked a warning sounded by the fourth American commander-in-chief:
“No nation,” James Madison wrote, “could preserve its freedom in the midst of continual warfare.”
Yet, at the Fort McNair campus of the National Defense University that is exactly what Barack Obama was saying his countrymen must find a way to do: wage war against an implacable foe while retaining the values that define a free people.
“We strengthened our defenses: hardening targets, tightening transportation security, giving law enforcement new tools to prevent terror,” Obama said, recounting the government’s response to the 9/11 attacks.
“Most of these changes were sound,” he added. “Some caused inconvenience. But some, like expanded surveillance, raised difficult questions about the balance that we strike between our interests in security and our values of privacy.”
Within weeks of that speech, an unprecedented breach occurred at the National Security Agency. It was an inside job, and its scope was stunning: an avalanche of top secret documents stolen from NSA computers, and some of the material was released to the media. The culprit was a 29-year-old technology officer not even employed directly by the U.S. government. His name, as the whole world would soon know, was Edward J. Snowden, a computer whiz and libertarian who once described the Internet in his online chat group as “the most important invention in all human history.”
Snowden had come to believe that this invention was being misused – by the U.S. government, no less – and he endeavored to do something about it. Unlike most national security whistleblowers, Snowden didn’t mask his identity. He had too much he wanted to say publicly to hide behind a cloak of anonymity. One of the things he said, after settling in exile in Moscow, was this: “A child born today will grow up with no conception of privacy at all.”
A History of Watchfulness
For the most part, Washington’s elected officials, national security types, and political commentators were in no mood for an academic debate about privacy vs. security, especially one moderated by a hacker on the lam. Publicly accused of treason, Snowden was formally charged with espionage. He was denounced as a double agent, a Russian stooge, and a “grandiose narcissist who belongs in prison.” A bipartisan report issued by the House Intelligence Committee -- before that committee devolved into a squabbling partisan circus over the 2016 Russia investigation -- described Snowden as a “disgruntled traitor” whose claims that he had acted to defend the right to privacy were “self-serving and false.”
Not yet running for president, but perhaps privately considering how as commander-in-chief he’d deal with this issue, Donald Trump took to Twitter to call Snowden a coward and a spy who should be executed.
Among those who took a more nuanced view was the actual commander-in-chief at the time of the NSA’s stunning security lapse. What did President Obama call the notorious cyber thief? He called him “Mr. Snowden.” Obama seems to have been among those who understood that this young man had quickly become a touchstone for one of the most profound challenges faced by democratic societies in our time: In 21st century warfare, how can the government protect its citizens without simultaneously trampling on their civil rights and eviscerating the very concept of privacy?
In a January 17, 2014 speech at the Justice Department -- the one in which he alluded to “Mr. Snowden” while discussing this dilemma -- Obama began by extolling the importance of espionage in American history.
“At the dawn of our Republic, a small, secret surveillance committee born out of the Sons of Liberty was established in Boston,” he said. “The group's members included Paul Revere. At night, they would patrol the streets, reporting back any signs that the British were preparing raids against America’s early patriots. Throughout American history, intelligence has helped secure our country and our freedoms.”
After World War II, the Cold War and the proliferation of nuclear weapons amplified the need for sustained intelligence gathering, which led President Truman to create the NSA. Its mission, as Obama explained, was “to give us insights into the Soviet bloc and provide our leaders with information they needed to confront aggression and avert catastrophe.”
In our time, the rise of a stateless enemy that operates under the cloak of religion in nearly every corner of the world, including our own country, has made this need all the greater -- and much thornier.
The ‘Nothing to Hide’ Argument
Prior to Obama’s presidency and Snowden’s NSA caper, a spirited debate was already taking place in this country over the stunning loss of personal privacy ushered in by the digital age. Long before a special prosecutor was delving into Russian attempts to interfere with U.S. elections – and years before Donald Trump entered politics – the intellectual battle lines were forming. But the demarcations weren’t always clear-cut.
Over time, iconic Silicon Valley entities such as Sun Microsystems and Apple Computers decided to draw the line at helping the government snoop on private individuals -- even those accused of heinous crimes -- refusing to unlock encryption keys for the FBI. Meanwhile, software giants Google and Facebook were coming under intense scrutiny for collecting vast volumes of personal information about their customers. Chafing at the criticism, Google CEO Eric Schmidt articulated a blunt defense in a famous 2009 interview with Maria Bartiromo. “If you have something that you don’t want anyone to know,” Schmidt said, “maybe you shouldn’t be doing that in the first place.”
This became known in tech circles as the “nothing to hide” argument, and although the pushback was spirited, today the terrain of the debate has shifted. The ability to manipulate computers and covertly collect data is not merely another tool in a corporation’s business arsenal -- or even a weapon in the arsenal of a terrorist or unfriendly foreign government. Increasingly, cyber manipulation is more capacious than that. It’s the so-called “fifth domain” of warfare.
Cyberwar is no longer a hypothetical. Cyberattacks emanating from Russia have become a threat to democratic elections ranging from Estonia to the United States. In the U.S., both major political parties were compromised by Russian hackers during the last presidential election. And though a special prosecutor has indicted 25 Russian nationals for their 2016 activities, no reputable cybersecurity expert believes the menace has been neutralized. Meanwhile, almost every major U.S. corporation has been penetrated electronically, with vast troves of personal information compromised.
So what’s the answer? RealClearPolitics has been exploring various aspects of this crisis in articles, interviews, and podcasts for months. Several themes have emerged. The first is that cybersecurity is a growth industry – in the private as well as the public sector – and that, so far, neither one is keeping up with the bad guys. The embarrassing fact is that the government entrusted with protecting Americans from cyberattacks has itself been penetrated repeatedly, including in the most sensitive agencies and departments.
"Unfortunately, the security vs. privacy debate is largely over. … [P]rivacy died with the Information Age."
Meanwhile, Americans have proven willing to sacrifice privacy and security for convenience, and this is true of corporations as well as individuals. The country’s enemies are motivated and capable, while it citizens’ attention span is sporadic. It’s clear there is neither a magic bullet, nor a simple public policy solution. There isn’t even a national consensus on whether personal privacy is still worth fighting for. Some say it’s already a lost cause.
“Unfortunately, the security vs. privacy debate is largely over. … [P]rivacy died with the Information Age,” national security expert Eric R. Sterner wrote before Obama spoke on this topic at the Justice Department.
“Information and communication technologies make life better,” he added. “They improved economic productivity, efficiency, and economic growth. More personally, information digitization created opportunities to grow, relate to others, and generally realize one’s creative potential. Connected to the Internet, we create, post, and retrieve vast amounts of data, almost all of which is in the hands of third parties.”
Sterner wasn’t extolling this brave new world as much as acknowledging reality. But not everyone accepts this modern notion that while privacy might be a nice idea, public security is more essential. Tech journalist and software engineer Jon Evans begs to differ. In his view, the dichotomy between personal privacy and public security is a false choice “promulgated by people who should know better.”
In an essay for Tech Crunch written earlier this year, Evans made the case that the accumulation of massive amounts of personal data itself compromises Americans’ well-being. A lack of privacy, he asserted, has a chilling effect on dissidence and original thinking. “Private spaces are the experimental petri dishes for societies,” he wrote. “If you know your every move can be watched, and your every communication can be monitored, so private spaces effectively don’t exist, you’re much less likely to experiment with anything edgy or controversial.”
Evans also worries at how technology keeps getting better at manipulating consumer behavior. If you think online ads are bad now, he says, just wait until they are powered by artificial intelligence.
“When accumulated private data can be used to manipulate public opinion on a massive scale, privacy is no longer a personal luxury,” he wrote. “When constant surveillance … systematically chills and dissuades people from experimenting with new ideas and expressing contentious thoughts, privacy is no longer a personal luxury.”
Do such fears conflate qualms about rampant consumerism with the very real threat of cyberwar from those who want to destroy our very way of life? Perhaps. Yet it’s also worth noting that Paul Revere and the network of subversives exalted by Barack Obama were not working for the government. They were working to overthrow the existing order.
“People who say they don’t care about privacy because they have got nothing to hide have not thought too deeply about these issues” -- that’s how Edward Snowden put it. “What they are really saying is ‘I do not care about this right.’ When you say, ‘I don’t care about the right to privacy because I have nothing to hide,’ that is no different than saying, ‘I don’t care about freedom of speech because I have nothing to say -- or freedom of the press because I have nothing to write.’”
Carl M. Cannon is the Washington Bureau Chief for RealClearPolitics. Reach him on Twitter @CarlCannon.