A vindication of civilian-based cyber defense
Originally published by Libre Solutions Network.
You can taste the palpable salty feeling from the US Federal Government having to tell citizens they should use encrypted communications. After ages of fighting citizen’s right to private communications from the very beginning, it seems that desperate measures must be taken to prevent foreign adversaries from having access to sensitive information. This is a radical departure from the top-down message of “nothing to hide, nothing to fear.”
Telecommunications Breach
Since 2022, a hacking group presumably linked to the Chinese government categorized as “Salt Typhoon” have gained incredibly sensitive access to telecommunications infrastructure all over the world. This has recently escalated, to there being evidence of targeted spying on both 2024 presidential candidates.
What’s most troubling about this breach, is that it also included the “lawful access” backdoor wiretaps. So not only are everyone’s sensitive communications vulnerable in specific contexts, but also by anyone with the capabilities of leveraging Salt Typhoon’s intrusion. Currently, there is no announced timeline for this being addressed. There’s not a whole lot of reason to be optimistic. Last month, a Senate Judiciary Committee discussed just how logistically challenging it is to address this issue.
Never Let A Crisis Go To Waste
Naturally this kind of disaster is a great pretext for governments to push sweeping changes in impacted industries. At minimum, we can expect massive changes to be driven in cybersecurity, telecommunications, and hardware manufacturers. While many of these changes are long overdue, with security professionals rejoicing, others are not so benign.
This massive breach itself can be used as a rallying cry to consolidate control over digital products, companies, and even entire digital ecosystems. As the cyber security industry has advanced, the line between “cyber” and human problems becomes quite blurry. Serious concerns, like transnational repression can potentially be weaponized against subsets of the population. What’s more is that almost any aspect of what people currently take for granted as “digital freedom” can evaporate away as ’national security’ interests take priority.
I am not so naive to believe this is the long-overdue wake-up-call to governments that their citizen’s security matters. If anything, this is a rallying cry for control freaks to demand more top-down micromanagement of all things technological. Instead of working on strategies from the ground up to create a truly resilient and secure digital landscape, these concerns will be leveraged to seize even more control over the World Wide Web. We have the opportunity to push for a different direction, but time is vanishingly short.
Re-Introducing Civilian-based Cyber Defense
Originally, I introduced the idea in Good Governance in Cyberspace: Digital Freedom Policy Framework for Policies for the People. The idea is inspired by the idea of Civilian-Based Defense, which is a fascinating model for society-wide resilience and freedom. Bringing civilian-based defense to cyberspace is likely to be much more effective than any top-down approach and can radically transform our digital landscape for the better.
The Structural Basis of Freedom
When power is effectively diffused throughout the society among strong loci, the rulers’ power is most likely subjected to controls and limits, thus enabling the society to resist oppression, usurpation, and aggression. This condition is associated with political “freedom” When, on the other hand, such loci have been seriously weakened or their independence of action has been destroyed, when the subjects are all equally impotent and the society’s power has become highly centralized, then the rulers’ power will most likely be uncontrolled. This condition is associated with “tyranny.”
It is no accident that past totalitarian systems have attempted either to eliminate all independent groups or to subject them to full control by the party or state. Ultimately therefore, freedom is not something that rulers “give” their subjects. Nor, in the long run, do the formal institutional structures and procedures of the government (as, for example, may be laid out in the constitution) by themselves determine the degree of freedom or the limits of the rulers’ power.
A society may in fact be more free or more oppressed than the formal constitutional or legal arrangements would indicate. Instead, the extent and intensity of the rulers’ power and the actual degree of freedom of the society will be set by the strength of the subjects and the condition of: the institutions of the whole society. The rulers’ power and the degree of the society’s freedom may in turn, be expanded or contracted by the interplay between the actions of the rulers and those of the subjects: some rulers may choose not to be as oppressive as the structural condition permits, and other rulers may receive more support than the structural condition requires, making them more powerful.
Increases in the rulers’ power are directly or indirectly determined, on the one hand, by the willingness of the subjects to accept the rulers, to obey to cooperate and to carry out their orders and wishes. On the other hand, reductions in the rulers’ power are determined by the subjects’ unwillingness to accept the rulers, coupled with their ability to disobey, to withhold cooperation, to defy orders, and to refuse demands made upon them.
The degree of liberty or tyranny in any political society is, it follows, largely a reflection of the relative determination of the subjects to be free, of their willingness and ability to organize themselves to live in freedom and, very importantly, their ability to resist any efforts to dominate or enslave them. In other words, the population can use the society itself as the means to establish and defend its freedom. Social power, not technological means of destruction, is the strongest guarantor of human freedom.
Civilian-based Defense – A Post-Military Weapons System: Page 32
This maps directly onto our digital experience. The Free Software movement has demonstrated the incredible potential of building solutions that put power in the hands of the user. By building verifiable, open and transparent systems more people can collaborate to innovate on genuine solutions to pressing problems. The Open Source model of development has been so powerful that even giant mega-corporations have adopted it (in part or in full) for their needs. True digital decentralization requires a hard look at how our devices are manufactured, built, and repaired. The entire “lifecycle” of the devices we use is filled with opportunities for genuine advancement.
Devices and software built with this in consideration can radically lower the “technical knowledge” barrier required for everyone to comfortably navigate. Many of our current challenges are precisely caused by the present condition of so much consolidated control over digital technology. I would encourage the future cyber rebels in our midst to consider building for the future we all want. Instead of corporate or state requirements driving innovation in this space, people can take on the challenge of learning to construct within new paradigms and discover novel approaches. The beauty of programmable circuits is that their potential is very often more constrained by our imagination than physics.
Everyone needs to consider who we are empowering when we allow nations to seize control over the digital landscape in the name of keeping us safe. Are we truly protecting ourselves from digital threats when we accept governments and corporations dictating our digital futures to us? If we do accept ceding more and more control in the name of safety, how can that control inevitably be abused? What should we focus on when it seems that our entire future is highly intertwined with present changes in the digital landscape?
I ask these questions aloud because there are no simple answers, only urgent lines of inquiry. More study, less complacency is the way out of digital totalitarianism. More passion, less apathy is what we need to truly push back against nefarious forces. I’m convinced that the public does have the qualities to build a much better technological future, all that’s required is some effort and creativity. In these times, this can’t be more urgent. If we desire strong freedoms within and without our societies, a much stronger emphasis on bottom-up problem-solving is required. The nature of cyberwarfare is that there aren’t really battle lines, merely troubles that come for us all, in one form or another. Governments and corporations will take care of themselves, but who’s thinking about everyday people?