Decades from now, historians are sure to see September 11, 2001, as the moment when the basic calculus of our national security shifted. The destructive power available to the wealthiest nation-states—nuclear weapons, missiles, vast quantities of conventional arms, hundreds of thousands or millions of professional soldiers—used to assure the nation-state’s continued power. Today, national security is fragile, with power shifting to technologically equipped terrorist groups, revolutionary movements, criminal enterprises, murky collectives such as Anonymous, and even isolated individuals with an Internet connection. We might cheer when Internet-savvy opposition movements overthrow oppressive, authoritarian regimes, but overall radical connectivity sows chaos and instability, undoing the traditional advantages of powerful militaries. With Big Armies (both good guys and bad guys) fighting to a standstill against ragtag but tech-savvy groups, we must take a cold hard look at our military-industrial complex and reconsider some previously unassailable assumptions of military might. Our approach to national security and to the stability of the nation-state needs to fundamentally change if we are to reckon with the realities of the digital age.
Cyber Warfare
Over the last decade, the U.S. national security establishment does not seem to have made much progress figuring out how to preserve national security in the era of radical connectivity. P. W. Singer, a noted scholar on international relations and the future of warfare, has remarked on the foreign policy and national security establishment’s stubborn tendency to view the digital world through the obsolete lenses of the Cold War. Applying a range of Cold War ideas and tactics, deterrence becomes “cyber deterrence,” and ideas like “flexible response” become enshrined in the new doctrine of “equivalence.” In May 2011, the Pentagon announced a formal change of policy: Digital actions can rise to the level of an “act of war,” necessitating a military response. In other words, if someone launches a cyber attack, that’s grounds for the United States to respond with real bullets instead of digital ones.
As Singer points out, the digital age is not all that similar to the Cold War. The Cold War saw a stark competition in ideology between two nation-states and their allies. The nonstate actors that might use the Internet to launch a cyber attack are multitudinous and often promulgate no coherent ideology. In addition, the digital landscape is deeply interconnected and controlled primarily by private corporations who don’t necessarily hold the same concerns as governments. Singer notes that unlike the coalition of governments in physical space during the Cold War, “the Internet isn’t a network of governments, but the digital activities of 2 billion users,” making it resistant to Cold War tactics. If a group of hackers were to release a crippling virus into the power grid, the U.S. military would need to be able to identify the attackers and locate them to retaliate with physical military action. What if the hackers live in downtown Berlin but are unaffiliated with the German nation-state? Do we retaliate with bullets and bombs?
It’s not that unlikely. Cybersecurity expert Justin Krebs drew attention to an administrator log-in to the U.S. Army Communications-Electronics Command (CECOM) selling for about $500. Granted, the administrator log-in in question doesn’t provide much access, but if it works as advertised, it could give anyone the ability to deface the Web site. It took me just thirty minutes to find and purchase the information—what could a motivated, better-informed troublemaker manage to do? Such accessibility of provocative information is unprecedented. As Singer writes:
The barriers to entry for gaining the ultimate weapon in the Cold War, the nuclear bomb, were quite high. Only a few states could join the superpowers’ atomic club—and never in numbers that made these second-tier nuclear powers comparable to U.S. and Soviet forces. By comparison, the actors in cyberspace might range from thrill-seeking teenagers to criminal gangs to government-sponsored “patriotic hacker communities” to the more than 100 nation-states that have set up military and intelligence cyberwarfare units.
In 2008, the National Security Agency discovered a piece of code—a computer virus, essentially—inside one of the U.S. government’s most secure, classified computer networks. The code was listening in on classified material and reporting back over the Internet to a sort of digital mother ship. It’s not clear exactly how the virus got into this classified network, but it is clear that it came in on a USB drive. Perhaps a U.S. soldier picked up a USB memory stick in a parking lot outside a military base, plugged the stick into his work computer, and without realizing it released a virus into the network that compromised national security. The Washington Post reported on another likely scenario for the transmission of the cyber intruder:
An American soldier, official or contractor in Afghanistan—where the largest number of infections occurred—went to an Internet cafe, used a thumb drive in an infected computer and then inserted the drive in a classified machine. “We knew fairly confidently that the mechanism had been somebody going to a kiosk and doing something they shouldn’t have as opposed to somebody who had been able to get inside the network,” one former official said.
While the perpetrator of the digital listening operation is still not known—was it another country, organized crime, terrorists, renegade hackers?—Seymour Hersh reported in the New Yorker that the U.S. military’s response was to order rubber cement plastered over USB ports on government-issued computers. This response seems primitive, to put it lightly.
Some reporters have subsequently linked this episode to the formation of the U.S. Cyber Command, which has itself been criticized for lacking a clear and coherent vision for national security in the digital age. Even more terrifying, the national security establishment has responded in part by trying to assert more control over the everyday online activity of all American citizens. If every fifteen-year-old with a laptop and an Internet connection is a threat, then we need to treat them like threats, or so goes the thinking. General Keith Alexander, the head of the U.S. Cyber Command and the director of the National Security Agency, is quoted by Seymour Hersh complaining about how he is constrained by U.S. government law from spying on citizens: “[General Alexander] has done little to reassure critics about the N.S.A.’s growing role. In the public portion of his confirmation hearing, in April, before the Senate Armed Services Committee, he complained of a ‘mismatch between our technical capabilities to conduct operations and the governing laws and policies.’”
Our think tanks and national security policy-making bodies remain mired in approaches that fail to adequately address or even understand the threats posed by individuals with an Internet connection, a laptop, and a reasonable degree of technical expertise. The former Clinton administration antiterrorism adviser and Bush administration cybersecurity czar Richard Clarke sees cyber war as a major unaddressed policy issue; he is primarily concerned with the potential for a cyber war with China. Despite his status in the national security establishment, his book "Cyber War: The Next Threat to National Security and What to Do About It" aroused nothing but ridicule in technology circles. Wired magazine’s review noted, “So much of Clarke’s evidence is either easily debunked with a Google search, or so defies common sense, that you’d think reviewers of the book would dismiss it outright. Instead, they seem content to quote the book liberally and accept his premise that cyber war could flatten the United States, and no one in power cares at all.” If we’re going to think seriously about the role of radical connectivity in national security, we need to be clear-eyed and resist hyperbole. Yet we also must acknowledge, as Clarke at least attempted to do, that the balance of power has shifted away from traditional militaries toward small groups of sophisticated, dedicated troublemakers.
Recent months have brought the revelation that the United States military, possibly with the Israeli military, has released at least one and perhaps two computer viruses into the world with the intent of crippling Iran’s slow march to nuclear capabilities. The first virus was called Stuxnet, and was targeted at specific kinds of machines that would be in use for uranium enrichment. The second virus is called Flame, and it has not been definitively linked to the United States, although the evidence is strong. These proactive acts of “cyber war,” while significant programming projects, hardly raise the scale of resource-intensive military operations such as designing, building, and maintaining an aircraft carrier. Comparatively small, nimble teams can carry out cyber war.
But as computer security expert and investigative journalist Chris Soghoian has warned, the way these viruses have been created and released into the wild exhibits a blindness to the unintended consequences of cyber war. Soghoian has suggested that Flame exposes the average citizen to a significant level of security risk on their personal computer by undermining automatic security updates, not to mention the growing consumer privacy concerns.
As the preceding discussion suggests, the term “nonstate actor” has its limitations; it’s conceivable that every technically literate person with a laptop and an Internet connection might be able to influence global geopolitics as a nonstate actor. In fact, it’s already happening. Consider Bradley Manning and Julian Assange; together they changed diplomacy and, arguably, the governments of several countries—without any exceptional technical knowledge or expertise. Bradley Manning is a computer programmer, but not a technical genius. He was a low-ranking U.S. Army soldier, a private first class, who made use of a fundamental attribute of digital files: They are easily copied and, once copied, easily shared. Manning allegedly had access to the files through the U.S. military’s online data-management tools and copied them to share online on WikiLeaks. Julian Assange, a computer programmer and activist, had been working with a team to build WikiLeaks into a known repository for whistleblowers and a trusted source for journalists. He turned the steady supply of material from Manning into wave after wave of disclosures and leaks, starting with a video of U.S. Army soldiers in a helicopter hunting down two Reuters journalists in Iraq. The mother lode was more than half a million “confidential” State Department cables that turned the institutions of diplomacy on their head and caused political uproars in dozens of countries.
Understanding WikiLeaks
WikiLeaks raises intriguing questions about ethics, journalism, privacy, and governance in an age when the Internet has made the mass storage and publication of information practically free to anyone. “Leaks” refers to material that has been kept confidential or secret, with an implied protection of a corrupted power. “Wiki” is originally a Hawaiian word that means “fast” or “quick,” but it has come to be used as a noun to describe a piece of software that allows any user to edit a document. A wiki is open by design, inviting collaboration and participation. It is an incredibly powerful tool for information sharing, for use in a wide variety of contexts, from internal wikis to track the history of projects, to wikis used to collect useful information about a product (a manual written by users), to the ubiquitous Wikipedia. Famously, every single page on Wikipedia has a link at the top that says “edit this page.” And anyone can click on “edit this page,” on any topic on Wikipedia, and make his or her changes available to the world.
Wikipedia has developed a complex and compelling culture, becoming one of a new breed of distributed, network-centric institutions with growing power. It’s an odd kind of power, though, because it is distributed and accessible to literally everyone, its only barrier being Internet access. At this point, more than 5% of the world’s population—not the world’s online population, not the world’s literate population—visits Wikipedia on a regular basis (at least monthly). That is stunning reach. But like many of the platforms we’ve looked at, Wikipedia is composed entirely of small: Everyone in the world who wants to participate in the power of Wikipedia is invited to do so, by clicking that button on every page to make their own edits and additions. Part of the checks and balances of Wikipedia is a radical transparency—every edit, every decision, and indeed every move is published online. These two core values of Wikipedia—that anyone can edit it and that everything is transparent—are part of the attraction of the “wiki” in WikiLeaks. While WikiLeaks actually started as a wiki, it is no longer one. But WikiLeaks is a place that wants to bring radical transparency to the world’s largest institutions and prove that anyone—even a lowly private in the U.S. Army—can be powerful beyond imagination.
What is the role of secrecy in democracy and diplomacy, and what does it mean in a digital age where secrecy and privacy have nearly disappeared? It’s an important question, because whatever WikiLeaks’s future, Internet-fueled leaks are certain to rise again. Assange sees WikiLeaks as a new force in the world, one that works to bring accountability to large institutions like the U.S. government. In a series of blog posts explaining the purpose of WikiLeaks, he writes, “the more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie.… Since unjust systems, by their nature, induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.” To Assange WikiLeaks is something between the accountability journalism of newspapers and the transparency activism of the open-source movement. By his count, WikiLeaks has released more classified documents than the rest of the world press combined: “That’s not something I say as a way of saying how successful we are—rather, that shows you the parlous state of the rest of the media. How is it that a team of five people has managed to release to the public more suppressed information, at that level, than the rest of the world press combined? It’s disgraceful.”
Some political leaders in the West have labeled Assange as a terrorist and even gone so far as to call for his death. Former Republican presidential candidate Mike Huckabee called for the head of “whoever” did WikiLeaks, former Republican vice presidential candidate Sarah Palin called for the person behind WikiLeaks to be “hunted down like Bin Laden,” and Vice President Joe Biden explicitly denounced Assange as a “digital terrorist.” Others see him as a journalist and a hero. Daniel Ellsberg, who leaked the Pentagon Papers, has been out in front defending Assange: “If I released the Pentagon Papers today, the same rhetoric and the same calls would be made about me … I would be called not only a traitor—which I was [called] then, which was false and slanderous—but I would be called a terrorist.… Assange and Bradley Manning are no more terrorists than I am.”
Micah Sifry, a noted commentator and journalist on technology and politics, regards WikiLeaks as a symptom of a much broader global trend. In his book "WikiLeaks and the Age of Transparency," he writes, “What is new is our ability to connect, individually and together, with greater ease than at any time in human history. As a result, information is flowing more freely into the public arena, powered by seemingly unstoppable networks of people all over the world cooperating to share vital data and prevent its suppression.” At the heart of this trend is the idea—foundational to our nerd oligarchs—that information should be freely available to those who seek to use it, and the open-source approach that such transparency and openness produces not only better software but also better solutions to many problems.
Eric Raymond, in his landmark essay that lays out a new sort of programming philosophy, “The Cathedral and the Bazaar,” uses the expression “given enough eyeballs, all bugs are shallow” to describe the power of transparency to bring about accountability. In a computer program, a “bug” is a problem. Closed-source computer programs do not allow anyone except the creators to read their code. Open-source computer programs allow anyone to read their code. If more people are reading a code, they are more likely to bring to light every possible problem or “bug.” It’s not dissimilar to Chief Justice Brandeis’s saying that “sunlight is the best disinfectant.” Transparency is an important part of Western democracy; it helps bring about accountability in the institutions of our society. A rising global transparency movement is a part of the way those outside the political establishment seek to hold political power accountable. Power corrupts, and the history of Western political thought is in large part about the struggle to hold that power accountable in ways that strike acceptable bargains between freedom on the one hand and security and stability on the other.
WikiLeaks certainly inaugurated a new era of radical transparency, one that was a long time in coming for the leaders of our institutions. If you are a leader today, you must assume that every conversation, every utterance, every e-mail or text could find its way on to the public space of the Internet, the “digital commons.” The political consequences have been immense and, by historical standards, almost instantaneous. By ripping the lid off institutions, WikiLeaks became something of a catalyst for three very different but not unrelated political movements: the movements collectively referred to as the Arab Spring, the rise of the hacker collective Anonymous, and the broader movement for global transparency that has surfaced from Russia to Chile to Indonesia. I want to be careful not to overstate the role of WikiLeaks and radical connectivity generally in on-the-ground political protest, but they played some role as catalysts and organizing vehicles for a wide range of political protest and related activity. This returns us to our original focus, the physical challenges posed to Big Armies. We’ve talked about how radical connectivity has empowered terrorists; let’s now take a look at how it has enabled civil society to take on established national powers armed with conventional militaries.
Other Reasons Big Governments Are No Longer All That
Of course, repressive regimes have a whole arsenal of digital responses at their disposal beyond merely flicking the “off” switch. Evgeny Morozov highlights the “trinity of authoritarianism: propaganda, censorship, surveillance,” noting the opportunities provided by the digital world on all three fronts. But even in these areas, technological trends favor the individual over the institutional. Take surveillance. More and more solutions to anonymize online activity and protect online users from surveillance appear every day. For instance, anyone can go to TorProject.org and download a copy of Tor, a computer program designed to provide complete anonymity to anyone using the Web. Originally programmed by—you guessed it—the U.S. military to protect online communications, Tor has become an open-source project with significant backing from a range of sources, including the Electronic Frontier Foundation. Tor is widely used by political dissidents in authoritarian countries to advocate for democracy. The nonprofit Reporters Without Borders recommends all “journalists, sources, bloggers, and dissidents … use Tor to ensure their privacy and safety.” According to Tor’s own statistics, the network averages almost half a million users a day.
Using Tor is not an ironclad guarantee of anonymity and safety from prying eyes, but as far as technology goes, it’s pretty tight. Tight enough that a whole criminal underground has emerged, using Tor to create hidden, anonymous Web sites that act as a giant black market. In about twenty minutes, you can download and install Tor on your computer without much effort and no technical expertise—and a few minutes after that be browsing a digital black market. The most infamous such black market is called the Silk Road. Imagine Amazon.com—complete with ratings and comments—selling everything that is illegal: every conceivable drug, files containing millions of stolen credit card numbers, weapons, child pornography, military passwords, and more.
Anonymous, untraceable private networks—the kind that can be built by technology like FabFi or Tor—are called “darknets,” literally networks that exist in the shadows of the Internet. They are increasingly easy to build, approaching a trivial level of technical competency. A tool like Tor is a lifesaver for pro-democracy activists risking their lives for fundamental ideals of justice, liberty, and freedom, but it also makes some of the most egregious pedophiles and terrorists harder to catch and hold accountable. Tor has spawned a terrifying dark side, an unregulated free-for-all where anything—literally, anything—goes, without consequence or concern for human safety and social mores. This, too, is part of radical connectivity’s abiding and intensifying challenge to the traditional power and authority of the nation-state.
Anonymous
Talk of darknets leads naturally to Anonymous, that loose affiliation of hackers who undertake digital actions for vigilante justice. In October 2011, Anonymous managed to take down one of the larger pedophile sites from part of Tor’s darknet, posting account details for more than 1,589 users from the site’s database. Anonymous has also played a role in many of the episodes detailed here—from launching massive hacker attacks on the enemies of WikiLeaks, to assisting political dissidents across North Africa and the Middle East in the quest for more open and accountable government, to engaging in other morally questionable activities. More than any other story from our modern era, Anonymous illustrates the crazy, mind-bending paradox of the opportunities and dangers of an era in which the authority conferred by military power is in decline. Anonymous also offers a glimpse into what future institutions might look like—networked versus hierarchical, with strong cultures, customs, and values, but without a due process in which every individual is equally empowered. Understanding Anonymous is an important part of understanding where we’re heading in the End of Big.
Anonymous grew out of an online community called 4chan, a Web site founded in 2003 by a fifteen-year-old named Christopher Poole interested in anime and (not surprisingly for a fifteen-year-old boy) porn. At first, 4chan was a place to post pictures, but it has evolved into a place where anyone can come and talk about or share anything. At any given moment, hundreds of thousands of people will be on 4chan.org at once. It’s an online home to millions of people and the birthing ground for many an Internet meme, including Lolcats, “probably the Internet’s top meme—the hundreds of thousands of pictures of cats that float around every corner of the Net, with cat-speak captions: ‘om nom nom goes the hungry cat.’” Other noteworthy 4chan accomplishments include lodging a swastika on Google’s list of breaking trends and spreading a “rumor that Steve Jobs had a heart attack,” causing Apple shares to plummet.
In 2008, as 4chan.org was approaching its fifth birthday, it began to develop something of a political consciousness. An internal Scientology video featuring Tom Cruise was leaked, and when the Church of Scientology took legal action against many online communities to suppress the video, the 4chan.org community fought back. What started as an effort to foil Scientology’s efforts mushroomed into a much larger effort, including a massive attack on the Scientology Web site. Administrators of 4chan.org started policing their forums more tightly, so a group of 4chan-ers broke off and created a splinter group called Anonymous to continue the crusade against Scientology. Anonymous takes its name from a crucial part of the 4chan.org culture: Everything is temporary and anonymous. There are no archives, no ability to search the site. In contrast to Facebook, which demands that your online identity be synonymous with your real-life identity, 4chan.org encourages anonymity.
Scientology remains an ongoing Anonymous target, with regular protests organized in front of Scientology offices worldwide. Longtime critics of Scientology are stunned by the influx of people and supporters from the Anonymous effort, even as they plead with Anonymous to tone down its more destructive tactics. On NPR, Tory Christman, a former Scientologist who is now a vocal critic said, “It feels like we’ve been out in this desert, fighting this group one-on-one by ourselves, and all of a sudden this huge army came up with not only tons of people, thousands of people, but better tools.” Anonymous has since moved beyond Scientology to undertake other political actions, including operations offering substantial technical support to various Arab Spring movements as well as attacks against enemies of WikiLeaks (Anonymous went so far as to hack into PBS.org in retribution for a Frontline documentary about WikiLeaks perceived as unduly negative).
Occasionally Anonymous seems to overstep, as when the group threatened the Zetas, a violent Mexican drug cartel. While the details are hazy, it appears that the Zetas kidnapped a member of Anonymous, perhaps unknowingly. When Anonymous publicly threatened to expose massive amounts of gang data, including personal information, the Zetas threatened to kill ten innocent people for every Zeta exposed by the hacker group. Anonymous seemed to announce they were backing down—but the entire episode is shrouded in confusion. It’s curious and worth noting that the threat of long jail sentences and the wrath of most of the world’s major law enforcement and military entities have never convinced Anonymous to back down, but a violent, beyond-the-law drug cartel’s threats seem to have had the desired effect. When two loosely knit organizations that exist in secrecy outside established norms face each other, the one with guns evidently wins.
Who, or what, is Anonymous? That is very, very hard to say. There is no clear leadership, no hierarchy, no particular home. Things happen with Anonymous via a sort of snowballing: one person starts to do something and then reports back via any one of a number of online forums where like-minded folks might be hanging out, and activities gradually take shape, with support gathering from across the Internet. Tens of thousands of people—perhaps even hundreds of thousands—have participated in Anonymous actions, from online hacker attacks to real-world, in-person protest marches where Anonymous members wear Guy Fawkes masks. When Anonymous claims to have struck, it could be just about anyone, so loose is the label.
But even if Anonymous seems an ill-fitting label for a vague movement of people across the Internet, it still carries cultural weight as an embodiment of the changing nature of security and power. Responding to a series of attacks by LulzSec, a splinter group that later appeared to rejoin Anonymous, the security journalist Patrick Gray wrote this on his blog: “LulzSec is running around pummelling [sic] some of the world’s most powerful organisations into the ground … for laughs! For lulz! For shits and giggles … Surely that tells you what you need to know about computer security: there isn’t any.” Digital technology and radical connectivity grant enormous powers to individuals, almost completely without restraint. When a handful of people with the requisite technical expertise want to wreak havoc, they can. And they’re almost impossible to catch. Despite dozens of arrests over the last four years, law enforcement globally appears unable to shut down Anonymous—because there isn’t anything tangible to shut down, just a culture giving rise to an identity.
As we’ve seen, the real threats facing national security these days are not other states so much as nonstate actors. If you’re in the United States, a nonstate actor might be a terrorist organization, like Al Qaeda. But if you’re a repressive regime, the threats to power come from the opposition of your people. Technologies like YouTube (designed for commercial use) and Tor (designed to help activists evade repressive regimes) empower both sides of the equation—pro-democracy human rights activists and loose networks of terrorists. The paradigms used to understand the world to date—ideas about nation-states, military might, and warfare—are not so useful anymore. Anonymous encapsulates the challenges of our digital-fueled expansion of individual power while inciting some measure of fear and misunderstanding. It seems to operate with impunity while adhering to its own incomprehensible code.
I would propose, though, that Anonymous is a bit more than a culture. It’s the beginning of a new institution, part of the massive reorganizing of power happening in our age of radical connectivity. The phenomenon is figuring itself out, trying different modes of operation—including different modes of participation—and trying to build some kind of coherent philosophy. It may not always look that way, and you may not like the institution it is becoming, but it is without a doubt becoming something.
The task of imagining new institutions is hard. How do we do things without precedent? Anonymous is like a volunteer police force targeted to entities that pursue censorship and surveillance—the opposite of anonymity. But it exists without the kind of process, context, or companion institutions that might shape it in ways that would improve it, and our world. Anonymous jettisons centuries of intense debate about the purpose of government and the methods of holding power accountable, and yet it seems better suited to the challenges of our era than many of our militaries and related entities. Our challenge is to take the lessons of Anonymous and its emerging model and recraft it so as to ensure public order and sustain the fundamental values of our democratic institutions.
Excerpted from "The End of Big: How the Internet Makes David the New Goliath" by Nicco Mele. Published by St. Martin's Press. Copyright 2013 by Nicco Mele. Reprinted with permission of the publisher.
Shares