Today we learned from the Wall Street Journal that the National Security Agency, with the help of defense contractor Raytheon, has been developing a system “dubbed ‘Perfect Citizen’ to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants.” Disturbingly, a Raytheon email obtained by The Wall Street Journal “stated flatly that “Perfect Citizen is Big Brother.” Such comments no doubt contribute to “Some industry and government officials familiar with the program see[ing] Perfect Citizen as an intrusion by the NSA into domestic affairs.”
Revelations about the NSA’s Perfect Citizen/Big Brother system come on the heals of an early version of the Cybersecurity Act of 2009 that would have given the President emergency powers over the Internet. While a so-called Internet “kill switch” for the President was removed from that bill, it has found it’s way back into the more recent Protecting Cyberspace as a National Asset Act. In response to concerns about the “kill switch,” chief sponsor of the bill, Senator Joseph Lieberman, suggested to CNN’s Candy Crowley that the U.S. should follow China’s lead and develop the ability to “disconnect parts of its Internet in a case of war.” Based on the assertion that “Cyber-war is going on in some sense right now,” Liberman advocated that “We need the capacity for the president to say, Internet service provider, we’ve got to disconnect the American Internet from all traffic coming in from another foreign country.” He believes that his bill does exactly that.
Liberman’s reasoning is based on the argument by assertion that cyberwar exists now, even though neither he nor the other government officials and industry experts with the burden to define the phenomenon, prove its existence, and prove the level of threat it actually poses have consistently failed to do so. Unfortunately, it is a pattern of reasoning that is all too common among cyberwar apologists.
On the very day that we learned about the NSA’s Big Brother system, Firewall contributor Richard Stiennon endorsed a post by Matt Olney of the VRT Blog for “telling it like it is” about the existence of cyberwar. The “way it is” is that, yet again, an argument for the existence of cyberwar contained no supporting evidence. But not to worry. According to Olney, lack of evidence does not weaken the case for the existence of cyberwar, but rather, should serve to heighten our concern! Implying that those who are skeptical and who demand actual evidence of cyberwar are closed minded, Olney argues that “When they are at their best, nobody sees the enemy. The most real and dangerous thing in the world are those that no one can see. […] Nobody can conceive or imagine all the threats that are unseen and unseeable in the world.” Donald Rumsfeld’s “unknown unknowns” have made a comeback, it seems.
Olney is certainly correct that lack of evidence is not evidence of lack. But his mistake is twofold. First, to those who rightly say, “Show us the evidence that cyberwar exists,” Olney essentially responds, “You can’t prove that cyberwar doesn’t exist.” But the burden of proof is on those who claim cyberwar’s existence as justification for spending billions of tax dollars to take actions that could very well erode privacy, not the other way around. Second, Olney’s reasoning treads dangerously close to a typical pattern found in conspiracy theories, in which lack of evidence of the conspiracy becomes evidence that the conspirators are even more skilled and dangerous than previously believed–i.e. the conspirators are so good that they have even destroyed the evidence of their very existence!
But it’s not just Olney who subscribes to this kind of specious reasoning. In its story about the NSA’s Perfect Citizen/Big Brother system, the Wall Street Journal reported that “Officials are unable to describe the full scope of the [cybersecurity] problem, however, because they have had limited ability to pull together all the private data.” By this reasoning, the very inability of officials to provide evidence to justify the development of systems like Perfect Citizen (or measures like the creation of a China-style Internet kill switch for the President) itself becomes the justification for these systems and measures.
When government officials and private cybersecurity experts alike resort to claiming that their inability to provide evidence is itself justification for a military Cyber Command, presidential Internet kill switch, and NSA surveillance system being called “Big Brother” by its developer, it’s time to say “enough is enough” and demand better from officials and experts alike.