iStockphoto
iStockphoto

Opinion | The laws governing cyberspace have got a lot scarier

Rising instances of cyberattacks suggest that we might be accepting a world of endless warfare

Sometime in the early years of his presidency, former US President Barack Obama signed something called the Presidential Policy Directive 20 (PPD20). This was a secret act that only came into public notice when National Security Agency whistleblower Edward Snowden gatecrashed the world in 2013 with masses of classified documents.

The 18-page PPD20 essentially formalizes the policy of offensive cyberwarfare by the US. However, the topic was considered so sensitive that any such project would have needed coordination at the highest level between intelligence agencies, the department of defence, the state department and, finally, a personal sign-off from the president.

PPD20 states that what it calls Offensive Cyber Effects Operations (OCEO) “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government would “identify potential targets of national importance where OCEO can offer a favourable balance of effectiveness and risk as compared with other instruments of national power". The US had of course employed cyberattacks before, most notably (along with Israel) against the Naranz nuclear facility in Iran that destroyed hundreds of centrifuges. (George W. Bush signed off on that attack secretly with no democratic oversight). I have previously commented on this in Mint.

However, last September, US President Donald Trump, again secretly, made some changes to PPD20. In fact, he may have even rescinded PPD20. We don’t know. However, what it fundamentally means is that the US Cyber Command, which is the American military hacking outfit headquartered at Fort Meade, Maryland (watch Pine Gap on Netflix), has full authority to launch cyberattacks wherever it feels the need to. It does not need oversight from the state department, commerce department and intelligence agencies, and certainly not from the president.

To put it in simple terms, if you are a US general in charge of Afghanistan, you don’t need to call up the Pentagon every time you decide on a new attacking initiative in Tora Bora. Takes too much time, thought, meetings, presentations, phonecalls, the grind up the hierarchy, and the president is asleep.

Trump, like any busy manager, has delegated. The question, of course, is: Should this job have been delegated? (Let’s not ask the next obvious question: Should Trump be taking undelegated decisions on this? Let us not go there. Here is a very well-researched article on whether Trump has ever used a computer. The world knows that countries such as Russia and China use cyber attacks as a standard mode of foreign policy/intimidation. Russia has used its cyber weapons against Ukraine repeatedly to send a clear message about who is the boss. It has also interfered in the 2016 US presidential elections.

In 2014, Chinese hackers working for the People’s Liberation Army stole the entire database of the US government’s office of personnel management (OPM), which keeps records of the millions of people who have worked, currently work, or have applied to work for the US government as employees or contractors—a storehouse of intimate details of the lives of 22 million Americans, or 7% of the population.

A couple of years later, “agents working for a government" (the US has not named anyone), stole the records of 143 million Americans from Equifax, a credit rating agency. The astonishing thing is that this data has not been put up for sale anywhere, not on the internet as we know it, not on the dark net, not anywhere. The data has become invisible. The conclusion: It is not commercial theft, it is geopolitical larceny.

Suppose you were China and had the OPM data and the Equifax data, you would have unparalleled and pinpointed information on all American adults. Forget Google and Facebook. Xi Jinping and his cohorts know more about Al Newburg in Tallahassee than Sundar Pichai does. Perhaps not up to the minute, but they would know about his last extra-marital affair and put some pressure on him to give up some confidential information.

Coming back to cyber warfare, once the US says that the gloves are off, the rules of the game, if there were any, change. What we are accepting is a world of perpetual endless warfare. Yes, of course, human beings may get killed, there will be battles, insurgencies, rebellions, perhaps even revolutions.

However, cybernetics changes things. The first thing is that there is no temporality. There is no night or day. The guy in Ukraine is brushing his teeth as you call it a night and watch BoJack Horseman.

The second and most worrying thing is that there are no geographic constraints. I could be seated in Fort Meade and I would have got you through servers in Algeria, Montenegro or in any other corner of the world. Hello from Delhi. You don’t have to worry anyway. They can shut down your power and phone anytime they want. Thank you. Bye.

Sandipan Deb is a former editor of ‘Financial Express’, and founder-editor of ‘Open’ and ‘Swarajya’ magazines.

Close