17 comments

[ 3.0 ms ] story [ 46.9 ms ] thread
It's an absolute and utter joke to call for the demilitarization of the Internet on the part of the US government, in the wake of the Sony attack.

Nation states are waging war on US companies. Regardless of what you think or believe in the US policy abroad, the US needs to find a way to defend its citizens from attack.

In what way is militarization going to defend against the likes of the Sony attack?

The government is not equipped to handle this kind of security. You can't post marines in US data centers to keep out foreign attackers, that's not how it works. Offense isn't a defense; MAD doesn't work when you can't reliably attribute attacks or the attacker doesn't have any meaningful infrastructure to retaliate against.

The best thing the government could do in this context is provide money for public security research and for security audits of popular software. But that has nothing to do with the military or offensive capability, and the government seems intent on going the other way with their renewed attacks on the widespread use of encryption.

Private companies shouldn't be going to war against nation states. The US government should be able to defend itself and its citizens from attacks by foreign nations.

Maybe you're right and the answer is to let private companies wage wars against nations, but right now US government agencies have to sit on their hands due to a lack of direction from congress on these issues.

There is no RoE for cyberwar. There really ought to be.

It isn't a war. Nobody dies.

There is nothing for US government agencies to do. When a bank gets robbed because they held their money in a cardboard box instead of a vault, the question is not what the FBI can do to prevent that. The location of the problem is not the government. The location of the problem is the cardboard box.

What?

These aren't some random bank robbers, these are entire countries.

What the hell do I pay the US government for, if not to protect me from other nations?

No one even has remotely enough budget to deal with foreign nations attacking them. Not Google, not Microsoft, nobody.

> These aren't some random bank robbers, these are entire countries.

Sony's annual revenue is more than North Korea's GDP. That there can be a legitimate question as to whether the Sony attack was carried out by North Korea or some individual with a grudge probably puts it into the proper context.

> What the hell do I pay the US government for, if not to protect me from other nations?

That's a fair point; maybe we shouldn't pay them as much.

> No one even has remotely enough budget to deal with foreign nations attacking them. Not Google, not Microsoft, nobody.

So budget is the issue then? Maybe you're on to something here -- we can cut the NSA's budget and give the money to Google and Microsoft and other tech companies so they can use it to improve security.

I'm glad you think you can spitball solutions to global issues better than folks who do it for a living.

That must feel good, for you.

Right, sorry, I was mistaking this for a democracy. We should definitely just do whatever the man from the government said and not think about it too hard.

But remind me again how the military is going to defend against the likes of the Sony attack?

Well, considering this is a representative democracy, we actually kind of should do what the folks we elect to tell us what to do say we should do.

If we don't like what they're telling us to do, we can always pick different people.

But anyway, the military isn't going to do the same thing they've always done with intelligence -- liaise with civilian government orgs to gather intel and ultimately launch operations based on that intel.

> If we don't like what they're telling us to do, we can always pick different people.

On what basis are the voters supposed to make that decision? What we see is that our representatives take money from defense contractors and then do what those defense contractors want them to do. If they have a good reason for that they aren't sharing it.

That's the problem you're ignoring. "We can't tell you because it's a secret" is something they can trivially say when the actual reason is blatant corruption. Doing what defense contractors want for the same reason we subsidize corn in Iowa is indistinguishable from having an actual reason when the actual reason is secret. Which means we either have to assume that having no public reason implies corruption, or have no defense from corruption and consequently prolific corruption. And we can't have a corrupt and unaccountable military, that is totally crazy.

So what you're really saying is that they either have to give us the reason (or end the programs) or we need to "pick different people". Which is kind of what I'm saying.

> But anyway, the military isn't going to do the same thing they've always done with intelligence -- liaise with civilian government orgs to gather intel and ultimately launch operations based on that intel.

What operations? There is no military operation you can launch to prevent someone from breaking into a computer when you don't even know they've done it until after it's already over. You don't have a time machine.

This isn't a military problem. Look at the real world analogy of what they're afraid of: It's like a foreign government having a spy infiltrate an American company and steal their private documents. The defense from that has to be from inside that company. You can't solve it from the top down.

It's almost as if you have been completely ignoring all news events over the past couple of years when you say "on what basis are the voters supposed to make that decision?"

Guess what -- corruption is a possibility of our system. The end. Pick guys who you don't think are going to be corrupted, or haven't been outed as corrupt if you find that important.

Most Americans don't find corruption to be that big of a deal. You know how I know that? Because they keep voting the same corrupt people into office. Apparently, as long as things keep getting done, no one seems to mind the corruption.

As for military response, there are plenty of military operations you can launch to deny foreign nations the capability of hacking into a company like Sony, just like there are plenty of military operations you can launch to prevent foreign aggressors from shooting down US passenger planes, or pirating along US coasts, or any of the dozen other preventative military operations the US performs every single day.

> Guess what -- corruption is a possibility of our system. The end.

That's like saying that crime is inevitable so we should disband the police. Just because you can't totally eliminate something bad doesn't mean you can give up fighting against it.

> Most Americans don't find corruption to be that big of a deal. You know how I know that? Because they keep voting the same corrupt people into office. Apparently, as long as things keep getting done, no one seems to mind the corruption.

Are you honestly taking the position that murder and human rights violations are fine as long as enough people in the district of the chairman of the oversight committee are more interested in some other issues?

The response to "people don't care enough" is not that we should give up and go home, it's that we need to find a way to make them care.

> As for military response, there are plenty of military operations you can launch to deny foreign nations the capability of hacking into a company like Sony, just like there are plenty of military operations you can launch to prevent foreign aggressors from shooting down US passenger planes, or pirating along US coasts, or any of the dozen other preventative military operations the US performs every single day.

OK, give an example of one. For example, the US Coast Guard can prevent marine piracy by pirates in US territorial waters by shooting at them with heavy weaponry until they go away, are captured, or die.

That's an actual thing that the military can do. What are they going to do against people sitting behind computers in foreign countries? I'm honestly asking. It doesn't make any sense to me.

The attackers never leave their home jurisdictions. Are we going to invade China because they hacked Google?

Let's just put aside the charade and call it what it is. They want permission to attack foreign infrastructure and use it to spy. That whole thing with the NSA? They want to do more of that, more aggressively, world-wide.

Corruption is a problem, but it's an inherent part of our system, just like crime. Pretending like it can be eliminated is a massive time waster.

As for dealing with hackers, they can't really hack things if their systems are compromised, can they? Ask Iran how their nuclear development is going, thanks to Stuxnet, for example.

You're just being sensationalist and melodramatic, and you're why places like HN become echo chambers of stupid and untenable ideas, with your worthless phrases like "murder and human rights violations", and "find a way to make them care".

> Corruption is a problem, but it's an inherent part of our system, just like crime. Pretending like it can be eliminated is a massive time waster.

There is no hope of eliminating it, but that's hardly the same thing as allowing it to proliferate without bound.

> As for dealing with hackers, they can't really hack things if their systems are compromised, can they? Ask Iran how their nuclear development is going, thanks to Stuxnet, for example.

Stuxnet is by far the outlier. If you compromise their systems they will, at worst, have to get new ones. The cost difference between a PC and a uranium enrichment facility is something like five orders of magnitude. Meanwhile you've likely handed your enemies the 0-day you used to compromise them.

The capability necessary to launch these "attacks" is in the possession of every sophomore computer science student in the world. No amount of retaliation can fix that, we have to improve domestic computer security past the point that that is no longer the case.

And going on the offense is creating a precedent that gives our enemies the advantage. North Korea doesn't have anything worth compromising. We do. And we can't credibly object to state-sponsored attacks while engaging in them.

> You're just being sensationalist and melodramatic, and you're why places like HN become echo chambers of stupid and untenable ideas, with your worthless phrases like "murder and human rights violations", and "find a way to make them care".

So to be clear, are you claiming that no killings or human rights violations have occurred, or that they have but you think that's perfectly acceptable, or that you just don't care or think that anybody else should?

You have no idea what you're talking about, I can't continue. "North Korea [the largest standing army in the world] has nothing worth compromising"? Right.
This is a specious article. The internet landscape is not like 3D space. One can agree to keep Antarctica demilitarized because it would be too expensive for a private person to 'militarize' it. The internet, anyone can 'militarize' it. So you have to have both offensive and defensive capabilities because the barrier to entry for militarization by any third party is trivial.

In addition, it would seem they are conflating a freedom of the public internet with keeping the internet medium free of maleficence. The latter is night impossible. The internet is a medium not an object.

The thing about Iran is that it was the best option. You don't refuse to use a tool like that over principle and instead choose a hardware or 'hot' war instead. It would be like refusing to use spies because spies are 'unseemly'. And to be strict, it was not done over the internet but via USB sticks.

It's an article to get people thinking but in reality it's self-satisfaction. I'm sure I could try to be cleaver and write something called 'the hypocrisy of amateur internet journalists'

I wouldn't call it Hypocrisy, I would call it bias.