Their worry is that foreign countries will eventually retaliate by charging people who are involved in US government programs to hack those foreign countries.
Another worry is that indicting people might give away information information about your sources and methods.
How are non "cyber" crimes handled? Is it normal to charge people for the murders, thefts, and other illegal activities intelligence officers perform?
I'm not going to make a moral judgement here, I'll just say that I'm not a fan of treating "cyber" as some magical realm where there are no norms.
In the former case a physical crime was committed where the suspect and criminal act were both in the geography where the crime is alleged. If not for diplomatic status there would be nothing unique about this case and criminal proceeding would move forward with the suspect in apprehension.
In the later the suspect has no relationship to the geography where the crime was committed. The suspect is not a resident or citizen and was not present or planning to visit the geography in question. Furthermore the suspect was likely acting on orders of a nation-state and so bears limited responsibility. There is no legal recourse to apprehend the suspect.
Well that's just wrong.
There's diplomatic immunity unless the visiting country explicitly waves it. It's not based on some hypothetical legal theory of whether she should have it or not. The visiting country either waves it, or doesn't.
In this case, the police requested a diplomatic waiver and were denied.
Additionally, the husband was not on a diplomatic mission, was not a registered diplomat, and does not qualify for diplomatic immunity by the rules of the host country.
Neither does his wife.
The rules only matter with regard to who's allowed entry under what status. They're not subject to review after entering, except for expulsion.
I'm going to assume you're conflating the definitions of diplomat. The Vienna convention only sets a minimum standard. The things you're taking about might matter if it's the US and maybe Libya.
For friendly countries, there are agreements that extend the diplomatic privileges well beyond the core diplomatic party.
And once rules are agreed upon, they only apply to who is let into the country under what status. So entry can be denied, but once allowed in with a diplomatic or official passport, the host country can't change that status. All they can do is expel the person.
If the UK allowed entry under a diplomatic / official passport, that's all that matters.
Regardless, in a "possession is 9/10s if the law" sort of way, the only thing that matters in practice is if the visiting country waives immunity.
The victim's family recently accused the driver of working for the CIA, and if she was in fact a spy she absolutely doesn't have immunity. That's just an accusation, of course.
There's no other measure of quality that matters in a practical sense. If the host country wants to dispute that, their recourse is expulsion.
And CIA and other agencies certainly do act under the auspices of diplomatic protection. Barring any movie-like treasonous behavior, why wouldn't they? They're government officials working in an official capacity while abroad.
Besides, being ex-CIA doesn't disqualify spousal immunity. Even if the host country had a problem with that, the recourse is... expulsion.
This is such an American-centric view of the world. If you don't want to abide by the moral standards of another country, maybe... uh... don't go there?
Laws and courts are there for all. The fact that this lady killed a child, and chose to flee the country, says a lot about her character. All this would have probably been resolved with a generous compensation (by the US gov to the victim's family)(all except bringing the child back). She didn't do anything on purpose until she flipped the finger to UK justice and the victim's family and ran away like the rat she is (let's not forget that she killed a child). US gov on the other hand protects its citizens (even those who kill children and flee justice - great job USA)(she was in the UK, she would have a fair trial). It's a messed up sorry that only has pain, sorrow, and anger.
I'm not saying there shouldn't be any compensation or repercussions, but the possibility of 14 years for an accident is absurd. If it wasn't an accident or if she was in fact negligent, that's another story. And what precedent would the US gov be setting by turning over gov employees working abroad (or their families)?
Now that you know I basically have gone through this, maybe you should re-think your sentiment.
But isn't Anne Sacoolas walking free?
You haven't "basically gone through this", since person that killed your sister was held accountable for their actions.
Anne Sacoolas was not held accountable, that family has no closure unlike yours.
> If it wasn't an accident or if she was in fact negligent, that's another story
She is to be charged with "causing death by _dangerous_ driving", not an accident.
All that being said I'm sorry about your sister and I hope you're doing OK.
On the contrary, I think we are pulling in too many assumptions into "cyber". Imagine this: if someone had left their door unlocked and someone came in and stole their lawn mower, you could say they deprived the owner of use of their lawn mower. However, imagine if equifax removed [authorize] in an http endpoint like /v2/person/:id allowing anyone to just GET /v2/person/1 .. 999999999 consecutively. Is this a criminal matter? I'd say no. I'd go further and say that this "cyber" fearmongering has gone too far and we should ABOLISH the CFAA. The EFF has still laid their hopes on reform but I for one think it is irredeemable and must be abolished with no replacement.
Intent has to matter a lot in these cases, though.
If a bill blows a mile away and somebody happens to find it with no knowledge of the crash, that's qualitatively different than witnessing the accident and then rushing to grab the money you watched spill out.
Maybe I'm wrong about this, but I'm pretty damn sure if you use tor the right way they're not ever going to find you unless you give yourself away some other way.
How about to copy?
I think that a better comparison would be with an armoured truck having left open its doors and spilling top secret documents all over the road.
If you want to print them though, I am pretty sure that it is legal as long as you include a clear disclaimer that they are fake.
These are very different things and regulated in different ways. This is some weird version of strawman.
This is different from information which is inherently not physical, so any copy of representation is a copy. The grey area of course is a lossy copy... redistributed low-res copies of art, etc.
The "place" metaphor was intended to help people who don't have an intuitive understanding of communication networks. Since POTS had existed for many decades, it's not clear that this metaphor was ever necessary. No one ever confused a phone number with a place. Now that most living people have had childhoods during which the internet existed, the metaphor is certainly not necessary now.
If host A on the internet responds to a simple unauthenticated GET from host B with PII, we really shouldn't be blaming host B. The "place" metaphor obscures that fact.
Furthermore, perhaps I operate a crawler or an internet archiving service, and i dont even know i am collecting it.
It depends, I'd say mostly on the public outcry. For "extralegal renditions" aka kidnapping by the CIA in Europe, some investigations were happening, some charges were brought, but I haven't heard anything about conclusions.
Cyberspace attacks even against allies have generally been considered part of diplomacy, e.g. the US breaking into Germany's telecommunication systems to spy on Merkel's SMS.
Since this isn't even a state <=> state issue, it's more like the NSA's decades long industrial espionage: business as usual.
And that's ignoring the implications of it possibly being a state actor.
Good. If you get caught committing a crime you should be charged with it.
> Another worry is that indicting people might give away information information about your sources and methods.
Also good. US intelligence should not be holding back 0days.
So any military personnel that kill someone while doing his job should be able to be charged for murder?
- the military personnel did not kill someone in order to defend themselves
- they kill civilians
- they kill other military personnel during peace time
Then yes, they should be charged with murder.
I see that you did some effort choosing the word "peace time" to be able to say "well we are at peace with China, thus this is fine to charge them", but at the end of the day, what is peace time? Does receiving the order to attack a target make it become a war? They got an order to attack the US company, this is not peace.
Incorrect, actually I did it because I am against events such as the murder of the Irani general. I personally do not think that hacking should be illegal so I do not think that the chinese agents should be charged in this instance.
> but at the end of the day, what is peace time?
Not having a formal declaration of war.
If it were really about providing secure services then we'd be holding companies responsible, and even encouraging hackers to clean up those systems by hacking them. But it isn't about security so instead we're criminalizing hackers and engage in security-theater.
Presumably you’re fine with trying all of the US soldiers who killed other soldiers in war with murder?
Shooting the enemy is not murder.
It’s ridiculous how many people here seem to think China is somehow special as far as this sort of hacking goes.
Shadowbrokers leaks even make it easy to identify specific NSA operators, for example Michael A Pecoraro, Nathan S. Heidbreder, Gennadiy Sidelnikov and a Brian C Fong
Going after specific Chinese individuals means throwing these US operators under the bus.
Considering many of these soldiers are probably conscripts and might be killed or imprisoned if they don’t follow orders to hack us, I can see the case for treating them like normal soldiers and not like criminals.
On the other hand I guess charging individuals is a way for the government to ignore that ultimately China’s government is the one responsible for their military’s actions.
1. Foreign nationals, working (?criminally) to exfiltrate information from US companies (or servers in the US) can now be subject to US laws directly?
Isn't this the same as what I saw with the Julian Assange case, where he facilitated his actions while in a foreign country?
It seems there's been a new international law that's been set up that draws a line for any international hacking? But the article doesn't read that way... There no international criminal courts mentioned...
If that's the case, should I start recording all the US ips that try to hack into my servers, and take legal steps to have them arrested and extradited to my country? (What a nightmare!)
2. The ability for doxxing of these individuals by the US despite taking significant steps to hide their tracks indicates a certain level of Pwn-ership of the internet as a whole by the US. How could individuals have been revealed? Is ipv6 enough to de anonymise to individuals machines or is the US able to 'packet watch' across the entire internet?
Edit: better wording of concerns
Of course. We live in the 21st century, it's possible to commit crimes in countries you've never visited from halfway across the world. If such people weren't subject to criminal law where they committed their crimes, IT-support scammers, ransomware crooks, and all kinds of other criminals would act with even more impunity than they already do.
Should China issue an Interpol warrant for CIA's John Doe that handles US spy assets in China? I am sure there's a Chinese law against it
Whataboutism, according to my understanding, would be saying that it's OK for China to hack because the US hacks. That's not what the top comment is about.
The top comment is about some in the US intelligence community saying that the US indicting named foreign hackers for hacking US targets might put US hackers in danger and might leak information about US intelligence capabilities.
>The nine-count indictment alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke(许可) and Liu Lei (刘磊) were members of the PLA’s 54th Research Institute, a component of the Chinese military.
How were they identified exactly? I'm always fascinated with these DOJ indictments of foreign state actors but I'm always left wondering how they managed to narrow it down to a small group of people. I'm guessing that "PLA’s 54th Research Institute" employs thousands of people so how does the FBI/DOJ identify the culprits so precisely? Is it through CIA/NSA spying and moles inside the PLA?
You don't see foreign governments identifying individual NSA employees when the NSA hacks into something... so how does the DOJ do it?
My guess is they counter-hacked the PLA’s 54th Research Institute to identify the culprits, then used parallel construction for the indictment.
IIRC, the public intelligence report on the Russian 2016 election influence campaign revealed that the US had counter-hacked some of the Russian groups involved, and used the information gained from that as evidence to attribute the overall campaign to the Russians.
I'm sure he does. You've been introducing several confusions into this subthread, and the above is one of them.
If there's been any national confusion on this topic, it's been between the Dutch and the Americans.
Your reply to that comment was about Russia, so everything from that on down was probably a waste of time. Then again, we're talking about DoJ indictments of foreign soldiers for allegedly accessing data that was open to all, so the whole thing has been a waste of time from the beginning. It's a good thing there isn't any real crime in USA for DoJ to investigate.
Can you even follow the thread? The TFA is an American indictment against some Chinese government hackers. There are some unanswered questions about it, which were partially answered by speculation informed by parallels to a similar indictment against Russian government hackers  and related reporting .
 See https://www.justice.gov/opa/pr/grand-jury-indicts-12-russian...: "In 2016, officials in Unit 26165 began spearphishing volunteers and employees of the presidential campaign of Hillary Clinton, including the campaign’s chairman. Through that process, officials in this unit were able to steal the usernames and passwords for numerous individuals and use those credentials to steal email content and hack into other computers. They also were able to hack into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC)..."
 https://arstechnica.com/information-technology/2018/01/dutch...: "The information gathered during the surveillance, Modderkolk’s sources suggested, was key to the US intelligence agencies’ attribution of the DNC breach to Russia."
Indictments don't contain evidence. Sometimes they contain rumors of evidence.
I just noticed that you made a pretty mind-boggling claim there. Is it really your position that Equifax's data was "data that was open to all"?
> There was an unsubstantiated claim that something had happened in one nation, therefore we can assume it happened in some other nation!
No, we can make informed speculation in a discussion. That's quite different than "assuming it [actually] happened."
The main issue here is that you appear to read something, misunderstand or exaggerate it into hyperbole, then respond to your own hyperbole. That's not a good way to have a discussion with anyone.
If you knew anything about cybercrime attribution, you'd know that indictment was detailed far beyond anything we've ever seen from the DOJ. They took the extraordinary step of giving away hints on collection sources/methods just to make the evidence overwhelming and undeniable.
Which was my point, which instead of addressing you keep trying to obfuscate. Because you are a troll.
Cut out the trolling, please. It's neither clever nor valuable in the slightest, and just increases the noise level.
The "war" you referenced btw, the one we are discussing in this thread, is against the US. Do tell us how the Chinese Military hacking American private companies is somehow the fault of America.
The case will never go to court. The DOJ knows it so they don't have to have actual evidence.
The indicment is being publicised for political reasons.
The Chinese are a bogeyman comparable to the Russians. Being tough on them and have the other party being in bed with them is something that is surely useful in a coming election campaign.
As for the ability to trace back traffic sent through 30+ computers placed around the world including China; just think of what surveillance and logging that would entail. It is not really possible.
See my mysteriously flagged comment demonstrating exactly this https://news.ycombinator.com/item?id=22290767
Of course, we don’t know who TSB were. But it’s not like individual NSA hackers have gone unidentified.
Then DOJ would have to reveal their sources, wouldn’t they?
Of course not, that would be idiotic, and horrible for morale. You don't give your own people up, regardless of whether or not they are innocent or guilty.
As such, this is a spherical cow thought experiment. To address it - it's quite likely that the sources would not be revealed in an open trial, due to the catch-all of national security. For a helping of double irony, the sources are likely the product of... Espionage (Digital or otherwise).
Also consider how US treats 'threats to national security' - Chelsea manning, indefinite detention in Guantanamo bay, etc.
This is also why the US is not even a signatory of the ICC. It, by principle, opposes the sheer notion of Americans facing international trials for war crimes, even in impartial, third party courts. There's no way in hell it would extradite its spies to face trials for computer crimes.
It's arguments for not participating in the ICC are that the trials would be political, and not impartial. That's a stick with two ends.
Did the DOJ just indict a bunch of procurement people? ;-)
If they made it public, they could never do it again.
You don't see foreign governments identifying individual NSA employees when the NSA hacks into something...
I suspect that it does happen, but most people don't know about it because that requires knowing another language, and then regularly keeping up with the media of another country in that language.
There also hasn't been aggressive legislation about it until CCPA. Start adding minimum costs for a breach and things may change.
It's the executives job to keep software up-to-date? Not the engineers building the software or implementing open-source tools? I understand being buck-stops-here accountable for the hack, but how could they be charged for negligence? Was there a conscious decision by the execs to not update the software?
It's be hilarious/sad if the executives got punished for something like not updating software, because you know what the result would be? Companies would set up a system to protect execs and ensure the line-workers would be held accountable for hacks or breaches. That'd make our jobs super fun.
Ultimately, yes. They are in charge, they are accountable.
> because you know what the result would be? Companies would set up a system to protect execs and ensure the line-workers would be held accountable for hacks or breaches.
As if most big companies didn't already have these systems in place.
The US has essentially on omnipotent traditional military force that can either engage or assure mutual destruction of any opponent on the earth. Nobody can compete successfully. But humans are crafty, and come up with ways to defeat irresistible force.
As we've seen predicted for 20+ years and demonstrated in the public space for 10, our nation's weakest link is that election system and political finance system, particularly for legislators. The checks and balances that are supposed to prevent egregious behavior are broken (see what happened to most US Attorneys since 2016, the impeachment circus, and 100 other things at the state/local level).
Building dossiers on Americans are a great, obvious way to wield this power and to target and enable espionage/influence activity. Recall that the federal agency that keeps records on background checks was breached a couple of years ago. So now you have a hostile nation state that knows everyone, and all of their background data, with security clearances. You can cross-walk that with Equifax information, health insurance breaches (Recall that Blue Cross was also breached), etc and do all sorts of interesting things.
How many times in the past two years have our boats crashed into one another? The F35 program is a complete failure. When we ran Hormuzi wargames, a rag-tag group that fought through guerilla warfare won until our Navy cried and made the other side "fight fair." In the past 80 years the only win we can claim is the Gulf War. This is seriously overstating our military capabilities.
I'm not saying that, I'm that the entirety of the US military is incompetent and pumped too full of cash (despite its many failures) that's it's ridiculous to act like no one can compete.
> The US and allies
I know we like to take our satellite states for granted, but that day will come to an end and it seems likely that taking real action against China could be the catalyst.
The war in Iraq hasn't really gone well, has it?
My inclination is that China would be perfectly capable of doing so, but that they have more effective jobs programs than the States.
No the idea that either China or America would "win" a war with each other is naive at best
Wargames are designed to teach lessons. Example: https://time.com/5772665/uboat-wargames
That exercise happened in 2002, after the USS Cole bombing in 2000 ashore with a similar attack. How many warships were sunk by speedboats in the last 18 years?
The US won a war in Afghanistan and two in Iraq. Now, the occupations afterwards? Different story.
You say that as if it would be a bad thing...
Omnipotent and "assure mutual destruction" are contradictory if you think about it. MAD ( mutually assured destruction ) resulted from a lack of omnipotence. If one was omnipotent, one wouldn't require MAD.
> As we've seen predicted for 20+ years and demonstrated in the public space for 10...
Who is "we"?
If you have a list of federal employees + a list of people's credit histories you can do things like spot people who have security clearances but no credit history.
Jenna McLaughlin did a great piece on how breaches like this are making it almost impossible for intelligence agents to operate under traditional cover:
The days of creating a SSN, issuing it a passport + an entry in OPM as a "cultural attaché" at some embassy are waning fast, if not gone already.
Maybe it was to guard against generating useful metadata that could be later breached? Very interesting.
They’re very particular about this; particular meaning polygraphs and agents talking to your family members. I know because I almost took a job like this (and know a number of people who have) but the pay and location were crap.
How much do you think legislative aides are scrutinized? Political party staff who aren't on the government payroll?
>"The FBI has about a thousand investigations involving China's attempted theft of U.S.-based technology in all 56 of our field offices and spanning just about every industry and sector," Wray said.
>John Brown, FBI Assistant Director for the Counterintelligence Division, said the bureau has already made 19 arrests this fiscal year alone on charges of Chinese economic espionage.
>In comparison, the FBI made 24 arrests all last fiscal year, and only 15, five years earlier, in 2014.
Makes all the people talking about suing Equifax for subjecting them to identity theft look pretty silly.
It would be easy to know who to bribe if you know who works in government, and which one has debt. As part of security clearance check, if you have substantial debt you're not suppose to be able to get a clearance...but I'm sure there are some who get exempt.
The evidence for why is sealed unless there's a trial. There's never going to be a trial, because those guys aren't going to show up to their court date.
It's entirely possible that this has been fabricated for political purposes... It's not like the only people who could disprove the lie (the accused) have any interest in disproving it.
E.g. APT17: https://intrusiontruth.wordpress.com/2019/07/25/encore-apt17...
From https://en.wikipedia.org/wiki/Office_of_Personnel_Management... I gather that only hearsay was provided to the public, no credible evidence.
Equifax didn't have good oversight of which systems were patched and instead relied on a single employee to remember to do it. One got forgotten. People broke in using an old exploit and then leveraged into Equifax's network.
Equifax's first problem was bad patch policy. Its second problem was lack of network isolation/intranet security/onion-ing. As soon as an edge server was compromised the attacker hit the jackpot and had everything.
The last problem was lack of audit/accountable into who/what was accessing sensitive data on the intranet. If they had that they still would have been compromised and lost data, but not every customer's record (which took a long time).
Frankly, this really does explain why they were treated with kids gloves after the incident. I was certain after insider trading came to light, the company will fight with US government to stay alive.
Boy was I an optimist.
If the US can identify the individual hackers, then they should be able to identify the physical location from which the military committed the acts of war and respond with the use of force as permitted by the UN Charter and international laws and norms. By responding with grand jury indictments the US sets a terrible and dangerous precedent and is telling foreign governments the US will not do anything in response to military based acts of cyber warfare.
I honestly don't see how the US could spin anything positively on the world stage in that regard, they are by far the worst offender as far as spying is concerned. It's not even funny to compare. And there is documentation that tech/trade secrets from foreign companies aquired by e.g. CIA or NSA was given to US companies — industrial espionage isn't exactly new or surprising, but when conducted by Federal Agencies above any control, responsibility or accountability to the US public, let alone the UN or the world...
Your suggestion is disingenuous at best and, I'm sorry to say so, terribly blind to the reality of the world, wherein the US is certainly not an all around good guy. Especially these days, it's clearly a hostile power to most others. As seen from the EU, at least, I can't speak for other places/cultures. But I hear it's not that great in general.
I 10000% disagree they should ever have any accountability to the UN or any other international body
I also do not feel bad that they spied on Angela Merkel, I do care that they spied on US Citizens. Spying on Angela Merkel is constitutional and within their remit, Spying on US Citizens is Unconstitutional and not in their Remit
Well not exactly. One was a state sponsored military act of cyber warfare that indiscriminately targeted an entire populace and infrastructure (i.e. a military infringed on the sovereignty of an entire nation state). The other was a targeted intelligence operation.
>Your suggestion is disingenuous at best and, I'm sorry to say so, terribly blind to the reality of the world...
Being from Europe I would assume you would be very familiar with the dangers of failing to act when one military infringes on the sovereignty of another. Though I guess we will see either China will continue hacking and escalate their hacking or they won't...if I were a betting man I would happily take you up on such a bet that China will continue and escalate its military hacking against all nation states.
The grand powers on the world stage are constantly posturing and taking actions to further their own power. The United States is no different. We, civilians don't know the majority of what is taking place.
A "hot" war between two powers would be of such a great cost in human life, you would want to avoid it at all costs. This means indicting with a grand jury instead of starting a war.
I was very careful to specify "respond with the use of force as permitted by the UN Charter and international laws and norms." In other words the UN Charter only permits a response in proportion to the offense. I do think an act of cyber warfare may legally allow us of "armed force" but it would likely have to be limited to targeting the installations where the attacks were coming from (but realistically it is a new and undeveloped area of law with respect to cyber warfare).
The problem in my opinion with failing to act is we signal that there will be no military response, and these acts of cyber warfare escalate to hacking power grids or other infrastructure than results in indirect lose of life. Then due to political pressure all out war becomes more realistic.
I believe it raised to a level above spying and intelligence gathering. It was a state sponsored military act of cyber warfare that infringed on the US' territorial sovereignty.
>The appropriate response would be more akin to hacking back into China's social credit scoring company and snooping around.
The purpose of a proportionate response to military acts under the UN Charter and the use of force and armed conflict is not so much "an eye for an eye" (i.e. you hack me, I hack you), but to put an end to the military operations infringing on your sovereignty ...for example, assuming you believe Iraq had WMDs and chemical weapons or response is not to create stock piles of our own chemical weapons.
How about we start with securing our systems? Modernize identity and credit reporting, stop relying on social security numbers, etc.
The Response should be shifting the Liability back to the credit providers, not the consumers
The idea of "Identity Theft" should be a thing of the past, for you did not have your identity stolen, you still have your identity, no the bank was defrauded by giving money to someone they did not properly vet. 100% of the liability should be on them, not the person who they claim had their "identity stolen"
the Liability for financial Fraud in the US is 180 degrees from where it should be.
Launching missiles at China may make you feel good, but it does not solve the root cause of the problem
"Fixing" takes a long time that does not mean one should not deter attacks on the current system. How does one respond to a broken legacy software system that can be taken advantage of? You restrict the actions that can be performed on that system until it is replaced.
No the response from me, internally is, is how did they get in, how can I plug that hole, and how can I make my systems more robust.
Your response is making china (the hacker) pay, in order to "prevent" future attacks, that is simply naive IMO nor it is a viable solution.
^ this is the deter I am talking about.
APT is on a different level than what you are used to. Also my question was rhetorical. Didn't actually mean for you to answer it. For you or your company it is not a viable solution since you don't have the resources.
But I, as a civilian am not qualified to answer that question. Nor do I want to answer that question.
This is not a perfect analogy, and I don't want you to think that geopolitics is a zero sum game. But, imagine two heavyweight boxers circling each other in a ring. They are bouncing on the balls of their feet. They are moving in what you would almost call a dance. Most of the "fight" is in their footwork, their positioning. When one does jab, the other blocks, or moves out of the way, or takes the hit. Sometimes they counter. Sometimes they punch. This fight goes on for a long, long time. It is not tit for tat. They both want to win.
What you are saying is "That boxer needs to jab back, because the other boxer jabbed at him."
I think it is best for the population on the other side to feel that as well which is why I prefer an electronic counter attack. We need deterrence. If China was to "jab", let them use other means of interaction that doesn't make us want to attack them physically. The more people who are affected financially by this, the more the call for a physical deterrence whether we agree with people's feelings or not.
Oh wait, the congress abdicated it's constitutional duty to be responsible for declaring war via the unconstitutional War Powers Act and AUMF's...
AUMFs are (often limited and/or conditional) declarations of war, from a Constitutional perspective, not an abdication of the power; the Supreme Court has consistently held that the Constitution doesn't require magic words when exercising the Constitutional power to declare war.
Look at the range of actions the AUMF's are applied to. The AUMF's, in effect, allow the executive to wage war pretty much anywhere on the planet for an indefinite amount of time.
In your view, is Congress honoring the spirit of their Constitutional duty?
Most declarations of war do not have temporal or geographic bounds. What was unusually expansive about the 9/11 AUMF (not AUMFs more generally, neither prior nor subsequent AUMFs have had this feature) is that it also delegates the decision of the actual primary opponent(s) to executive discretion, which, yes, is an abdication of Congressional responsibility. But that's the 9/11 AUMF, not AUMFs in general.
Because apparently it must be said, I am not a "Nazi sympathizer". I would have preferred that the Nazis had never existed let alone dominated a large portion of Europe. Similarly, it would have been better had we not invaded Iraq and caused ISIS to exist.
But sure you can ignore the nuance.
I would venture to guess I have significantly more experience and knowledge with the UN Charter Article 2(4), the UN Security Council and the international laws on the use of armed force than you.
No one said anything about "go to war", the Use of armed force is not "going to war". The UN Charter permits the use of armed force in response to acts that infringe on the sovereignty of any nation by military action.
To bury ones head in the sand at this point in history to foreign military acts against a populace is inviting more invasive and damaging acts of cyber warfare. Do you honestly think China is going to say we got away with this we should deescalate?
> The UN Charter permits the use of armed force in response to acts that infringe on the sovereignty of any nation by military action.
Should France have nuked Fort Meade to stop the NSA from infringing on their sovereignty?
I don't understand this line of thinking, it's basically "if we do it, yeah, it's cool. If they do it, it's an act of war against our innocent republic", and you figure everybody will agree to that and not treat your cyber attacks similarly?
Consider the US Seal Team military operating in Pakistan where Bin Laden was killed. That was use of armed force, we infringed on Pakistani territorial sovereignty, conducted a military operation and even killed a couple people...I hope you understand that this example of using armed force is not the equivalent of "going to war."
It's not a "war" because Pakistan isn't a match for the US. It's very much an act of war, though, Pakistan just chooses to ignore the offense because they can't really do anything about it. That's different with China or Russia. Please don't try landing a Seal team in Moscow to extract some hacker.
China is not nearly as constrained by diplomatic inroads or other mechanisms at play (such as cultural considerations) that would vastly change the potential of any overt action against China causing an exponential series of increasing escalations that could end up as a major war.
I'm not excusing China and not saying the US or other western countries should lay down for China's increasingly agressive diplomatic and strategic actions, but rather that the utmost care should be taken in the response, just as the US is doing in the conflicts going on in the south China sea and increase in espionage cases.
As an Iraq combat vet who has spent quite a bit of time trying to understand these subjects, my general thought is that I really dislike so many armchair quarterbacks speculating and being so eager to throw away others lives, even if in the of potentialities such as your suggestion. War is one of the most horrible things humans can ever experience and any avoidance of it should be sought in almost all cases possible. It's also annoying how many of those armchair quarterbacks usually don't volunteer to serve themselves.
I fully understand that. The thing you are missing is that by ignoring act of cyber warfare from a foreign military and/or treating acts of war by a foreign military as a domestic criminal case, escalates the risk of causing acts of war much larger than if they were to be nipped in the bud now.
>As an Iraq combat vet who has spent quite a bit of time trying to understand these subjects, my general thought is that I really dislike so many armchair quarterbacks speculating and being so eager to throw away others lives
I trust you understand there are many uses of force that do not result in lost lives. The very nature of my argument is that the actions of China's military is an act of war and use of force...yet no lives were lost. As I said we should respond proportionately as authorized by the UN Charter and international law...I am not suggesting WW3, nukes or throwing away lives as has been suggested by countless people in this thread.
Just as much as I am admittedly "speculating" that treating cyber warfare by a foreign military will result in escalated attacks...it is also a speculation to suggest China will deescalate their cyber warfare against us.
So the question would fall to you is the US strategy of treating cyber warfare by a foreign military as crimes going to deescalate China's attacks here?
Know quite a few people with these qualifications, they are highly polarized human beings who seem to have trouble discussing politics.
I specifically said "respond with the use of force as permitted by the UN Charter and international laws and norms."
It seems clear the people responding talking about all out war and "end of human civilization" don't have much experience with the UN Charter, security council and international laws and norms for the use of force. Generally the legal terms of art I used.
The idea is a proportional response to deescalate future cyber warfare attacks...not end all of humanity.
The CCP routinely engages in this class of behavior of salami slicing. Tiny little cuts that unto themselves wouldn’t be cause for aggression.
This is the child poking another. Violence isn’t preferable but if one refuses to correct...
I am no hacking expert, but the fact that the internet is such an open place and knowledge sharing is so widespread, I would lean to the side that they have comparable hacking capabilities as America. I've yet to hear of a reason why they wouldn't other than the standard " 'Murica #1". And given a dictatorship presiding over a massive economy and a valid raison d'etre for such capabilities, there is no reason they cannot fund an equivalent of the NSA
So does the US. If you treat this as an act of war, you automatically classify any cyber operation your operatives have executed as an act of war. Against Russians, against EU countries etc. I don't think anybody really wants that.
By declaring such intrusions as an 'act of war' (or maybe something literally just a little less hard sounding) it's a signal to foreign powers of the seriousness of such activities.
There is no doubt that this is a really, really serious act that has to have serious consequences.
In this new 'information era' we have to establish new boundaries. Those boundaries will help establish clarity, validate responses, enable 3rd parties to take a judicial view instead of just a political one etc..
Edit: For the last 30 years, China has been on a fairly exponential path to increasing aggression, there's no reason at all to believe this will not continue to the extent they have the material ability (i.e. supporting economy) unless they are stopped, or it becomes too painful for them to continue. If there is little meaningful response to this action, it will grow 10x. Charging the military staff responsible is the wrong tactic as the state is responsible, not these actors (it may even be against the Geneva convention), but more importantly, the cost to the state is nothing. Throw a few officers under the bus for a massive attack? That is 'no consequence' to them, and maybe even not said charged officers. There won't be any lack of volunteers. There has to be a pretty comprehensive coordinated response, and definitely not just some artefact/negotiating point in a trade war. The response may include trade, but it shouldn't be part of a tit-for-tat in a trade deal.
It may not seem like a distinction to some, but I think there is a difference from hacking by an intelligence agency and directly by a military. Now if you disagree, that is fine, but also each hack would need to be looked at on the merits to determine what would be a proportionate response, if any.
Personally I am impressed that the War Hawks were unable to persuade the Administration to start a Conventional War over this. Good for them for refusing such an action
Should every CIA black and grey op... And any operation by the NSA be considered by the target country as an act of war, too?
If a government employee hacking some software system is an act of war, then the US has committed acts of war against China, Russia, Germany, France, the UK, etc, etc, etc.
Committing an act of war against four nuclear powers sounds pretty irrational to me... Maybe we should reign those two organizations in a bit, before they get everyone killed?
I'd be careful throwing around wishes like that. Are you sure the US doesn't do similar hacks? I'd much prefer people steal data than damage/penetrate critical infrastructure. (The latter is something that should be treated much more harshly, in my opinion)
Unsure why they would join a shooting war.
Perhaps aiding and abetting? But an act of war, no.
Why would you believe this? The last time they didn't like their government, they replaced it with the current government. Even the Ayatollah was pissed off that they mistakenly shot down a plane full of Iranians; they weren't about to curb the relatively limited public demonstrations that agreed with him on that topic.
Oh, let me guess... you learned of the average Iranian's great political discontent from the USA war media. "Wishful thinking disguised as reporting" leads to wishful thinking in place of analysis.
Russia won't, neither will most African nations.
There won't be a war anyhow.
Orgs like Equifax should not exist. I did not consent to this kind of surveillance, I was forced into it because I needed a paycheck and a place to live. Now I'm paying for it because of the incompetence of others - if the U.S. government instead had this power it would become much more difficult to differentiate between incompetence and malice.
If the US government ran this, you would at least have a chance at congressional oversight. Equifax is largely unchecked in its present corporate state.
I’d argue for a people very dependent on credit, a financial credit score already approaches the burden of a social credit score.
You might find this becomes their Sputnik moment.
“If Washington can cut China off from American technology at will, China will be determined to build its own technological infrastructure, top to bottom.“
Make life miserable for those directly involved and responsible. Next time, others will push back against an order to attack like this because consequences will be personal for them, not just another move in a war
You think Chinese soldiers will push back against orders from above because one time the US made the (supposed) perpetrators lifes miserable?
What do you think China will do? Just say "OK, on second thought you don't have to do that"?
I doubt any government wants someone working for them that invests the majority of their wealth in an adversarial country.
I don't think so. People usually follow orders until the bitter end, especially when the government wields as much power as China's.
If this were a rogue state, or rogue actors, or non-state related activity like general corruption, as we see with Russian figures, it might make more sense to go after the individuals.
a) They are charged with conspiring with each other to this, but simultaneously
b) "fits a disturbing and unacceptable pattern of state-sponsored computer intrusions", and in the process they managed to commit
c) "conspiracy to commit wire fraud"
None of those 3 things make any sense in the face of the others. How is doing this kind of things even legal?
How cool is that. They have been able to grab and correlate netflow from across 20 countries.