The website WikiLeaks.org and its founder Julian Assange have been receiving a great deal of attention lately. Wikileaks made waves in April of this year with the release of what it called “Collateral Murder,” leaked gun camera footage from a U.S. Army attack helicopter that killed two Reuters journalists in Baghdad. In the last several weeks, Wikileaks and Assange have been in the news once again, this time for posting the so-called “Afghan War Diary,” a collection of roughly 90,000 classified documents about the war in Afghanistan. A U.S. Army intelligence analyst, Pfc Bradley Manning, has been arrested for leaking the gun camera footage and the documents. Assange has claimed that he is preparing to release more, perhaps even more sensitive documents.
Needless to say, U.S. defense and intelligence officials are angry, and understandably so. Chairman of the Joint Chiefs of Staff, Adm Mike Mullen, has said that Wikileaks has “blood on its hands.” And if the Taliban has anything do with it, he will likely be correct. They have claimed that they are scouring the documents for names of Afghan informants. It’s not hard to imagine what they will do to those they uncover in the WikiLeaks documents.
The purpose of this post, therefore, is not to defend WikiLeaks, but rather, to call attention to the way that some journalists, commentators, and former government officials have been framing the recent Wikileaks incident and the solutions that they have proposed. Specifically, a number of not insignificant voices have recently framed the Wikileaks incident in terms of “cyberwar” and “cyber attack,” and have, as a result, proposed some rather disturbing responses to the challenge posed by Wikileaks and Assange.
For example, on July 27, on CNN’s “American Morning” program, and speaking of the WikiLeaks incident, Pentagon correspondent Barbara Starr said, “there’s a lot of discussion always about cyber attacks, cyber warfare. This was perhaps the largest cyber attack.” It was a claim that she repeated that same day on the “CNN Newsroom” program, telling viewers that they should “Think of this as a cyber attack.”
Starr wasn’t alone in framing the WikiLeaks incident in terms of “cyber attack” and “cyberwar.” When asked about the incident, Gen Michael Hayden (ret), one-time director of the NSA and then the CIA, said that “This is an interesting aspect of a cyberwar [that] would not exist in physical space” and asked, “So how now do we deal with this?”
One possible answer was provided in a press briefing on Thursday when Pentagon spokesman Geoff Morrell said that if WikiLeaks did not remove the documents from its website, that the United States would consider options to “compel” it to do so. But how?
At least two conservative commentators have offered solutions. In a Washington Post op-ed, Marc Thiessen, former speechwriter to President George W. Bush and Secretary of Defense Donald Rumsfeld, floated the idea that U.S. intelligence, military, and law enforcement assets could and should “act alone” and “override international law” if other countries will not bow to diplomatic pressure to turn over Assange and shut down the WikiLeaks website. In the first case, he suggested that “the United States can arrest Assange on their [our allies’] territory without their knowledge or approval” if they refuse to hand over Assange to U.S. authorities.
In the second case (i.e. shutting down the Wikileaks site), given the emergence of a “cyberwar” framing of the incident it is not surprising that Thiessen would recommend the use of the newly-formed U.S. Cyber Command (USCYBERCOM) to carry out offensive cyber attacks aimed at taking down WikiLeaks. He recommended that, “With the stroke of his pen, the president can authorize USCYBERCOM to protect American and allied forces by eliminating WikiLeaks’ ability to disseminate classified information that puts their lives at risk.”
Another conservative commentator and former Bush Administration official, Liz Cheney, daughter of former Vice President Dick Cheney, concurred with Thiessen’s recommendations. On Fox News Sunday this week she said, “I would really like to see President Obama move to ask the government of Iceland to shut that Web site down. I’d like to see him move to shut it down ourselves if Iceland won’t do it.”
If USCYBERCOM does get the order to strike, hopefully they are getting their targeting intelligence from someone other than Cheney because, as CNET has pointed out, “WikiLeaks.org is hosted on a server in Sweden,” not Iceland.
This is not the first time that we have seen irrational, potentially dangerous and self-defeating responses proposed to incidents of supposed “cyber attack” or “cyberwar.” In July 2009, Rep. Peter Hoekstra called for a “show of force”–which he said could include “a counterattack on cyber”–in response to a supposed North Korean cyber attack against websites in the U.S. and South Korea. ABC News commentator Michael Malone agreed and asked why the United States would not respond to such incidents by “crashing that country’s digital infrastructure.”
The answer to Malone’s question is that he and Hoekstra’s preferred solution would have been a dangerous response out of all proportion to the damage done by the cyber attack in question. What’s more, the U.S. government later determined that North Korea was not, in fact, involved in the July 2009 attacks in question.
Similarly, I have noted previously on The Firewall that Tea Party members and supporters such as Sarah Palin, Michelle Bachmann, and Sean Hannity have all called for nuclear retaliation to remain on the table as a possible response to cyber attacks.
This time around, Thiessen and Cheney’s proposed solution to the WikiLeaks incident should serve as an impetus for us to think seriously about the the potential implications of unilateral, offensive cyber attacks by the United States against its adversaries online. Again, it is a topic about which I have written previously.
In particular, the United States must consider the “communicative” dimensions of a potential cyber attack and attempt to avoid creating the kind of glaring “say-do gaps” that CJCS Adm Mike Mullen has noted [PDF] that U.S. adversaries are so good at exploiting. The U.S. opens itself to accusations of a “say-do gap” when it declares itself exempt from international law and acts unilaterally and without permission within allied nations to apprehend their citizens. Such actions seem to contradict American values of justice and the rule of law. Similarly, in cyberspace, the U.S. narrative about the threat to global “Internet freedom” and security posed by countries like China and Russia, whose pursuit of offensive cyber weapons demands our reluctant response, would be undermined if the U.S. were to openly and brazenly carry out offensive cyber attacks of its own.
The leak of almost 100,000 classified documents during time of war is cause for great concern. The possibility that the release of these documents could lead to loss of life among Afghans who cooperated with U.S. and NATO forces is a very real possibility that should not be taken lightly. But the United States should not give in to the temptation to respond by acting offensively in cyberspace. Such a response would only serve to create a enormous “say-do gap” that its adversaries would certainly use to justify their own development and use of offensive cyber weapons and efforts to thwart whatever possibility there is for international cooperation on cybersecurity.