
Bruce Schneier: Has U.S. started an Internet war? - Titanous
http://edition.cnn.com/2013/06/18/opinion/schneier-cyberwar-policy/index.html
======
mtgx
I've long suspected 90% of the budgets and bills they are trying to pass is to
help them _offensively_ against other countries. And yet, 100% of their
arguments in public were that they are needed for _defense_.

The government seems to be lying about a lot of things it's doing in your
name. You may be okay with it, but just don't act surprised when the
retaliation begins, which of course the US government will make it seem like
_they_ started it, and now they need even more money and you having fewer
liberties to help in the "cyberwar" that they started.

And just like that the "cyberwarfare industry complex" will keep expanding
just like the "military industry complex" for decades to come, if nobody wants
to do anything to stop it before it can't be stopped anymore, and its budgets
will keep increasing year after year, with no one daring to touch them.

~~~
TallGuyShort
>> the US government will make it seem like they started it

This has been done extensively with the war on terror. The idiocy of the "they
hate our freedoms" statement has been weighing on me lately. I agree that
caving to a terrorist's demands immediately is a bad thing to do because it
encourages a violent approach to change, which we shouldn't do. But shouldn't
we also take a step back and say "hey - we're killing people on the other side
of the world - maybe we should stop!". If "they hate our freedoms" they must
be pretty happy to see what the Patriot Act has done in response - because
evidently we gave them exactly what they wanted.

~~~
chubot
You know it has become fashionable to hate on Ron Paul and his supporters, but
he is one of the few politicians I have ever learned anything from.

Namely that in 1988 the US shot down an Iranian passenger plane, in its OWN
air space, with a MISSILE! Which of course killed everyone on board.

Imagine if there was an Iranian aircraft carrier parked around NYC, and it
fired a missile into an passenger airliner taking off from JFK. Imagine what
would happen.

[http://en.wikipedia.org/wiki/Iran_Air_Flight_655](http://en.wikipedia.org/wiki/Iran_Air_Flight_655)

~~~
jacquesm
Holy crap, I completely missed that. I thought KAL007 was the worst incident
like this.

> However, the United States has never admitted responsibility, nor apologized
> to Iran.

Why not? That would seem to be the proper thing to do.

~~~
chubot
Try to get a US politician to talk about anything that we do wrong with regard
to foreign policy. Don't forget that we overthrew their democratically elected
government too
([http://en.wikipedia.org/wiki/1953_Iranian_coup_d'%C3%A9tat](http://en.wikipedia.org/wiki/1953_Iranian_coup_d'%C3%A9tat)).

Ron Paul is intellectually honest; I regret not voting for him now. It would
have been mostly symbolic but you know he would be on the right side of this
whole PRISM debacle.

~~~
cpursley
Seems like the Pauls, father and son, have ideologies that are positive for
the tech industry. I always wondered why the valley and other technologists
pull the left-trigger at the polls. Is it that the right is so bad they are
voting against it, or they actually think the left cares about their interests
(as it is recently apparent that they are not)?

~~~
CamperBob2
_Seems like the Pauls, father and son, have ideologies that are positive for
the tech industry._

Maybe. As a "tech" kind of guy, I'm not quite ready to vote for a medical
doctor who denies human evolution.

~~~
flyinRyan
A one-issue voter is bad enough, but an irrelevant non-issue voter really
takes the cake. Who gives a flying fuck, are you afraid he'll outlaw evolving
or something?

And what does being a medical doctor have to do with evolution? Evolution has
no effect on medication at that level.

~~~
antimagic
Antibiotic resistance? Genetic diseases? The evolution of various viruses? I
for one do not let any doctor near me that doesn't think that evolution is a
real thing.

~~~
flyinRyan
If the doctor learned his material properly, what difference would his belief
that you evolved from some base mammal vs. belief that humans were created by
God a few thousand years ago make? So long as he's following current
understanding of what medicines and procedures _work_ , the _why_ doesn't
matter all that much and what humans were like a million years ago has
literally zero bearing on anything your local doctor will ever do for you.

~~~
antimagic
If a doctor learned his material properly, he would _know_ that humans evolved
from a type of ape. The fact that he believes otherwise _immediately_ puts in
to doubt whether he has or not learned his material.

As to whether or not someone can just learn what has to be done in a specific
situation or not, let me ask you this: do you prefer working with developer
colleagues that work with Cargo Cult mentality or because they understand the
underlying technology that they use? And which of those two developers
produces better work? Yeah, I choose doctors that understand evolution.

~~~
flyinRyan
If the developer were the best I could hope for I wouldn't take someone
_worse_ because of his sad, but ultimately irrelevant beliefs. I would hope I
could build on his work enough to get someone better later. I would certainly
never shoot myself in the foot by picking someone (or allowing someone to be
picked) who had more solid beliefs but was dangerous to the project.

~~~
antimagic
And we were always at war with EastAsia.

In this particular case, the beliefs are not irrelevant - doctors need to
correctly understand evolution to correctly carry out their duties. Also, I
fail to see how someone that understands their job could be considered more
dangerous in doing that job than someone that is cluelessly copying something
they've been told. To be clear, I can imagine a competent psychopath being
more dangerous than an incompetent normal person, but psycopathy is orthogonal
to the discussion here, I hope you agree.

~~~
flyinRyan
>doctors need to correctly understand evolution to correctly carry out their
duties.

Be concrete. In what way would not knowing anything about evolution affect the
duties of a doctor?

> Also, I fail to see how someone that understands their job could be
> considered more dangerous in doing that job than someone that is cluelessly
> copying something they've been told.

Well, you were making a comparison to a developer who understands what they
work with vs. one who doesn't. For this comparison to work, the one with
understanding would have to be evil or dangerous. In that case, I would pick
the one with lack of understanding provided they at least can get the work
done that I need.

>I can imagine a competent psychopath being more dangerous than an incompetent
normal person, but psycopathy is orthogonal to the discussion here, I hope you
agree.

That I agree with a competent psychopath is more dangerous than an incompetent
person? I would agree with that. I don't necessarily agree that psychopathy is
orthogonal to the discussion tough, it's a key part of the reason why I'd vote
for someone like Paul. :)

------
mseepgood
Some facts about Bruce Schneier
[http://www.schneierfacts.com](http://www.schneierfacts.com)

~~~
contingencies
Incredible. Bruce has been put on a pedestal by the security community for far
too long, these dirty secrets definitely need to be aired.

------
JulianMorrison
Corporations are people, assassin drones make war, the military has stockpiled
cyber weapons… when did the real world turn into Shadowrun? And can we please
get dragons and elves out the deal?

------
systematical
Does the world need a Geneva convention on cyber warfare? I'm beginning to
believe so. Unfortunately we (humanity) might need something catastrophic to
occur first.

~~~
walshemj
In theory the Convention and the laws of war should apply - there is a big
debate if attacking a coutrys power grid is allowed or not.

I would not have said this is news certainly the Foreign secretary implied
that SIS has done this.

I am not sure that reconnaissance is an act of war which is the articles
thesis - certainly most hackers would consider reconisance legal or do you
think a nmap scan should be a criminal offence?

The police woudl not be able to get a conviction against a bank robbery crew
if all they had was them looking at where the security cameras where.

------
jessaustin
This is a reasonable thesis (and it seems the hits just keep on coming from
Snowden), but parts of the exposition ring a bit false. If these people are
really capable of total observation of all traffic through a random router in
Beijing, how is it that they've missed all the APT stuff? We've been told that
we had to basically throw out some components of the new stealth planes and
start the design over because Chinese hacking. This seems like an adversary
that would be vulnerable to the capabilities described here.

If they simply didn't think stealth fighter designs were worth protecting,
then yes I think Schneier is correct that they need to think a bit more
defensively.

~~~
Vivtek
"We've been told..." Yes. Yes, we have.

------
Vivtek
I'm not entirely sure that _this_ is what has me worried. The government
_should_ be using the same tools I could rent from Russian botnet owners and a
geolocation service.

What has me scared is that the people directing this don't actually understand
it all. They don't understand Big Data analysis and why that requires _all_
the phone records. They don't understand how boring a concept geolocation is,
or in fact how boring a database of possible attack vectors is.

It's all magic - magic they can control if they just pass another law
abolishing some silly, antiquated civil rights that only pertained in the age
of musketry.

------
DanielBMarkham
Related blog post from awhile back: [http://freedom-or-safety.com/blog/when-
will-the-first-hacker...](http://freedom-or-safety.com/blog/when-will-the-
first-hacker-be-killed/)

This is tricky business. It is not so clear where the boundaries are.

Sidebar: anybody who writes a lot will understand the feeling you get when,
after writing an article, you suddenly understand a topic in a way that you
did not before putting your thoughts together. One of the things I got from my
article that I didn't expect was that, whatever else they are, _computers are
weapons_.

Weird concept.

~~~
anigbrowl
You know the earliest digital computers were developed for the purpose of
doing ballistics calculations during WW2, right?

Of course, that doesn't make them weapons, any more than math is a weapon or
maps are a weapon, despite their long utility in military contexts.

~~~
DanielBMarkham
I think you're generalizing a bit much.

Yes, computers were originally used for ballistic calculations, code-breaking,
even.

What's different now is that virtually every computer is connected to a world-
wide network which is connected to physical things. That means you're no
longer having a special-purpose computer assisting a specialized weapon.
Instead you've opened up all sorts of mayhem and damage to anybody with a
smartphone.

An axe is also a weapon, but it's also the best thing we have to cut wood.
Computers are moving into a similar role: things that have practical value
which can also be very deadly. And _any_ computer, with the right
program/operator can inflict far more damage than an axe.

------
doctorstupid
A quote from the leaked document:

"Malicious Cyber Activity: Activities, other than those authorized by or in
accordance with U.S. law, that seek to compromise or impair..."

It's a nice way to render the U.S. incapable of being malicious.

------
sage_joch
This reads like the backstory to a Terminator movie.

~~~
uptown
I've often wondered how technical advancements might have evolved differently
if the content of our entertainment were to have provided a different
prospective roadmap.

------
adventured
I'd argue that China started the war, and the US is going to escalate it. At
least a decade before the US had an organized plan for fighting a digital war,
China had organized, very large, and very effective hacking efforts underway
targeting the US government and US companies.

------
sneak
They've probably not started a war. I honestly believe it takes a bit more
than that. (Admittedly, they should not be doing stuff in the category of
"might start a war" without the knowledge/consent of the general public.)

However, this whole "foreign entity" business did just start them a domestic
war - with the entire US internet industry, which they have just entirely
thrown under the bus with regards to their foreign customers (which, it is
worth pointing out, outnumber their US customers by a sizable multiple).

------
bborud
If so, then the US has fired the first shot and hit...its foot.

------
serverhorror
Started? Not so much (I think)...rather made some stupid decisions so that it
went public.

To me the real question is: Who is fighting (nationalities, companies,
individuals)? AND: Are the combatants attacking who they think are their
targets or just some enemy so that we are entering a circle where
informational warfare is simply being carried out for the sake of being able
to do it?

I can imagine one party going for another when indeed they have the same
goals...

------
RyanMcGreal
In the embedded video, I quite enjoy the barely-masked contempt in Greenwald's
face when he answers the interviewer's last question.

------
wallio
Is all this secrecy just "security through obscurity" which is well know to be
unreliable. In other words, would we be better off just letting everyone
(citizens and enemies) know exactly what you are doing (e.g. tapping phones or
not)?

The benefits are certain but the costs are uncertain.

------
albertyw
It's MAD 2.0

------
throwaway10001
Unless we start spending less than 1% of our GDP or so on Pentagon Inc, I
don't mind this. What's the point of having a $12 Billion aircraft carrier if
a Chinese hacker can hack it? Or having a $700 Billion a year military if a
kid with telnet can hack your power grid? I mean to say that war has been
shifted to computer networks and we need to be ready.

I just think it can be done without tracing all the phone calls my aunt makes.

~~~
ryusage
I think that's part of Schneier's point though. This spending seems to be
primarily on cyber "weapons", not cyber "shields". We DO need to spend money
on making our networks more secure and redundant. But instead of that, we seem
to just be taking more of a MAD-style first strike approach to things. Glass
cannons, essentially.

~~~
zokier
> we seem to just be taking more of a MAD-style first strike approach to
> things

But that actually worked during the cold war. I mean MAD prevented it turning
hot. Sure, it wasn't the most pleasant or elegant solution but it worked.

~~~
nostrademons
Big difference is detection. When somebody launches an ICBM at you, you know
it, and can react appropriately (which makes them tend not to launch ICBMs at
you). When somebody hacks your computer, if they're good at it, there are
often no fingerprints, and so the parties involved can continue conducting
offensive warfare with no threat of retaliation.

