The Pentagon continues to beat the drum of potential cyberwar. As US cybersecurity deteriorates with the rise of unwelcome attacks on US military networks, Defense Secretary Leon Panetta has dubbed cyberspace “the battlefield of the future.”
But in the midst of the Pentagon’s preparation for this next generation of war, critics have raised concerns about just how this bolstering of network defenses might impact the privacy of everyday US citizens.
Several new bills before Congress seek to increase information-sharing among government departments, among them the National Security Agency, the entity responsible for electronic eavesdropping.
Will these new cyberdefense initiatives mean that the NSA will, say, stockpile the private e-mails of Americans?
This week, Gen. Keith Alexander, the head of US Cyber Command, made an effort to reassure an audience at the conservative American Enterprise Institute that cybersecurity and the protection of privacy are not mutually exclusive.
He also said that the NSA’s new data center would not “hold data on US citizens” or pour over the e-mails of Americans. “We won’t do that,” he said, calling such speculation “baloney.”
Gen. Alexander sought to elaborate on this point. “They're not reading your e-mail per se,” he explained. “They're looking at the stream of data that's coming in ... looking for signatures or ports or different types of activity.”
This is a valid point, says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies. “The information that would be shared is ‘ones and zeros,’ ” he says – in other words, numbers that point to malicious codes. “There’s very little personal information in this code,” Mr. Lewis says.
For those who remain skeptical, Alexander pointed to the sheer numbers. “If you think about just the volume of US emails – just think statistically ... we're talking about, you know, probably 30 trillion emails a year or more. Anybody read 30 trillion – think about how that is.”
Indeed, while the historic problem in espionage has been collecting data, Mr. Lewis points out, it is now storing and sorting it.
“I tell people, ‘If you think about terrorism, China, weapons of mass destruction, Russia, Iran, Pakistan, North Korea, where do you fit into that list?” Lewis says. “If you’re not doing something that involves that, they don’t have time to be looking at you.”
That said, it’s understandable that Americans remain suspicious, given America’s legacy of unauthorized wiretaps, Lewis says.
“The big problem is still, unfortunately, the Bush warrantless wiretap program that created such a huge level of distrust, particularly in the privacy community.” For that reason, “of course it’s reasonable to be suspicious,” he adds. “The NSA can’t go to people and say, ‘Trust me.’ ”
Alexander for his part warned, too, of the difficulty of managing the demands for privacy versus the need to respond quickly in the face of a cyberattack.
“It's like a missile coming into the United States. If you think about a missile coming into the United States, there is two things you could do. We could take the snail mail approach and say, ‘I saw a missile going overhead,’ ” he told the AEI audience.
“Now, cyber is at the speed of light. I'm just saying we perhaps ought to go a little faster – probably don't want to use snail mail,” he ventured. “Maybe we could do this in real time and come up with a construct that you and the American people know that we're not looking at civil liberties and privacy – we're actually trying to figure out when the nation is under attack and what we need to do about it.”