Over in the New Republic, Jack Goldsmith has an essay that cuts through the fog surrounding the subject of cyber warfare. The piece's occasion is a new book on the subject by Richard A. Clarke and Robert K. Knake that sounds the alarm about the danger we might face one day from a concerted attack on the computer systems that underpin our economic and military infrastructure.
Goldsmith is alarmed about the danger, too. Along the way to explaining why, he takes aim at Clarke, and also Secretary of State Hillary Clinton, for decrying malicious cyber activity emanating from abroad while ignoring the fact that our own country "is widely viewed as—and actually is—a major source of cyber attacks and a major spur to the cyber-arms race. We have among the biggest botnets that are used for cyber attacks around the globe, and we have done practically nothing to clean them up."
Goldsmith is pointing to a real problem. Computer users everywhere, including here at home, would benefit if our government redoubled efforts to locate and prosecute domestic perpetrators of botnet and other kinds of malicious attacks.
But Goldsmith also goes on to note that the United States "provides support for 'hacktivists' who use digital tools to achieve political ends, such as circumventing content filters in networks in authoritarian states." Our government, he observes, "views these activities as benign, but the Chinese view them on a par with the Google hack" that earlier this year led Google to stop complying with Chinese censorship and move its operations to Hong Kong.
Goldsmith is right about the Chinese government's view of such activities, although we hardly have to accept its conflation of very different categories of activity. One of the questions to emerge from his essay is whether there are circumstances under which we should ever cease using our technological tools to help pry open closed and semi-closed societies like China or Iran?
During the cold war, our ability to beam in information to the Communist world via outfits like Radio Liberty and Radio Free Europe played a critical role in fostering internal dissension that ultimately had a corrosive effect on some of the world's worst tyrannies. In the Internet age, the use of computers to accomplish the same ends remains important if the remaining pillars of autocratic rule are ever to fall.
A critical question thus suggested by Goldsmith's essay, and sure to be debated intensively in the period ahead, is whether our offensive cyberwarfare activities, both those publicly or privately sponsored, should be limited by cyber arms control agreements. Clarke and others are now bruiting such accords, including the establishment of an "International Cyber Forensics and Compliance Staff” to monitor violations.
Goldsmith does not pass judgment on the political and moral issues that such accords would raise, but argues persuasively that cyber arms control agreements would be unenforceable here at home without "extensive and intrusive" governmental regulation of private computer networks, while abroad they would be unverifiable.
Of course, unenforceabilty and unverifiability have never stood in the way of the desire—sometimes almost religious in its unshakable nature—to address international conflicts via arms control. We need to be careful about tying our hands in self-defeating ways even as our adversaries plunge ahead. We also need to bear in mind that certain kinds of cyber warfare, when waged by democracies, can be a powerful tool for human freedom.
Gabriel Schoenfeld is the author of Necessary Secrets: National Security, the Media, and the Rule of Law.