By Bruce Horovitz, USA TODAY
There's one pivotal question that the nation's major online marketers want to know about the proposed "Do Not Track" tool for Internet users: Just how big could it really get?
"If consumers were to (use Do Not Track), en masse, the industry could take an enormous hit," says Abbey Klaassen, editor of trade publication Advertising Age.
Do Not Track is a Web browser tool proposed earlier this week by the Federal Trade Commission that would prevent advertisers and marketers from tracking the Internet browsing habits of consumers.
Marketers find these habits valuable to know, which is why online ad revenue continues on a tear — up nearly 12% for the first half of 2010 to $12.1 billion, reports the Interactive Advertising Bureau.
SET-UP: Don't Track technology is simple, experts say
EARLIER: U.S. seeks 'Do Not Track' online privacy measure
But there's wide disagreement — both inside and outside the industry — about how far-reaching this proposed consumer privacy tool could be.
Some key factors in play:
•It's not like a phone call at dinner. It sounds creepy to many consumers that information about the things they do and buy online is being collected — and sometimes sold — by marketers. But it's not as irritating as the unwanted phone call at dinner or in the middle of your favorite TV show. "It doesn't interrupt your family time, so there's not as much of an uproar over it," Klaassen says.
•Younger folks are used to sharing information. Call it the Facebook effect. Younger consumers are more comfortable than are their parents about sharing a great deal of information online, says Scott Shackelford, professor of law at Indiana University, who is writing a book on privacy. So, Millennials may be far less interested in a Do Not Track list, he says.
•Do Not Track could ultimately benefit some marketers. When people feel their privacy is gone or threatened, they typically become "unhappy, agitated and not very good consumers," says Janna Malamud Smith, author of Private Matters: In Defense of the Personal Life. If consumers feel more at ease about privacy, she says, they'll probably buy more.
•It could create a super-class of consumers. Websites make money by convincing advertisers that they've got the most valuable and targeted audience for them. Under a new Do Not Track system, those consumers who opt-in to specific websites would become "an extremely valuable audience," says Evan Hendricks, editor of Privacy Times newsletter.
•It would lead to heftier incentives. Online marketers would have to find more substantive ways to coax consumers to let themselves be tracked, says Katy Bachman, senior editor at Mediaweek. Under Do Not Track, consumers would likely get better or more free stuff for signing up, she says.
Monday, December 6, 2010
Friday, November 5, 2010
Getting Burma Back Online
Published in the Huffington Post, Nov. 5, 2010
Burma, already one of the most censored nations on Earth, has recently been knocked off the Internet entirely. Cyber attacks starting in late October have worsened in the last few days, overwhelming Burma's Internet connection just days ahead of its upcoming November 7 elections. Some reports speculate that the Burmese military, anxious to stay in control by restricting the flow of information, is behind the attacks. But they may have an unlikely accomplice -- you and me.
The cyber attacks that are now crippling Burmese networks are known as Distributed Denial of Service (DDoS) -- attacks that work by flooding a host with requests until it crashes. How do they work?
Start by considering that more than 90 percent of the 140 billion emails sent daily are spam. Of these, about 16 percent contain moneymaking scams, including phishing attacks in which e-mail is sent from someone the user supposedly knows and trusts. Once opened, infected attachments download malware onto a host's computer, allowing access to confidential information stored on the computer system. This can turn computers into zombies, which may be linked with millions of other computers around the world to create a "botnet." These botnets then launch DDoS attacks. Which nation is currently the number one source for such attacks, due to its unsecured networks? The United States.
Even though there is not yet any direct evidence that the attacks are emanating from U.S. systems, there are a few simple steps can help keep your computer from turning into a zombie of the Burmese military.
* Install antivirus and antispyware software, like Microsoft Security Essentials.
* Keep all software up to date, especially Windows, but also programs like Adobe Reader, Flash, and Java, which are often convenient backdoors that can be closed through frequent updates.
* Use strong passwords of at least 14 characters, and keep them secret.
* Consider starting with a favorite sentence, and then just take the first letter of each word. Add numbers, punctuation, or symbols for complexity.
* Never turn off your firewall; it's an important software program that helps stop viruses and worms.
* Use flash drives cautiously. They are easily infected --in fact the biggest breach of U.S. military systems to date was due to a flash drive.
* Encrypt sensitive information on your computer with programs like Identity Finder.
* Download a program that can scan your computer for vulnerabilities.
* Be conscious of what you click on, both in emails and on the Web.
And for Mac users, don;t think that you're completely immune. Cybersecurity specialist Charlie Miller will soon be announcing a record-breaking 20 security holes found in OS-X, the Mac operating system.
Cyber attacks are a big and growing problem. In fact, forty-two percent of businesses now rate cybercrime as the greatest threat to their well-being, more than natural disaster, terrorism, and traditional crime combined. Things have gotten so bad in fact that James Lewis of the Center for Strategic and International Studies in Washington, D.C., has said: "We have a faith-based approach, in that we pray every night nothing bad will happen."
But by taking these simple steps, we can all help make it a lot harder for criminals, terrorists, and even some nations from launching the kinds of attacks that are now crippling Burmese systems. So if you want to support democratic reforms in Burma, consider starting off by checking your firewall settings.
Scott Shackelford is an Assistant Professor of Business Law and Ethics at Indiana University-Bloomington. He is also a fellow at the Center for Applied Cybersecurity Research, and the author of the forthcoming book, The New Cyberwarfare: Countering Cyber Attacks in International Law, Business, and Relations.
Burma, already one of the most censored nations on Earth, has recently been knocked off the Internet entirely. Cyber attacks starting in late October have worsened in the last few days, overwhelming Burma's Internet connection just days ahead of its upcoming November 7 elections. Some reports speculate that the Burmese military, anxious to stay in control by restricting the flow of information, is behind the attacks. But they may have an unlikely accomplice -- you and me.
The cyber attacks that are now crippling Burmese networks are known as Distributed Denial of Service (DDoS) -- attacks that work by flooding a host with requests until it crashes. How do they work?
Start by considering that more than 90 percent of the 140 billion emails sent daily are spam. Of these, about 16 percent contain moneymaking scams, including phishing attacks in which e-mail is sent from someone the user supposedly knows and trusts. Once opened, infected attachments download malware onto a host's computer, allowing access to confidential information stored on the computer system. This can turn computers into zombies, which may be linked with millions of other computers around the world to create a "botnet." These botnets then launch DDoS attacks. Which nation is currently the number one source for such attacks, due to its unsecured networks? The United States.
Even though there is not yet any direct evidence that the attacks are emanating from U.S. systems, there are a few simple steps can help keep your computer from turning into a zombie of the Burmese military.
* Install antivirus and antispyware software, like Microsoft Security Essentials.
* Keep all software up to date, especially Windows, but also programs like Adobe Reader, Flash, and Java, which are often convenient backdoors that can be closed through frequent updates.
* Use strong passwords of at least 14 characters, and keep them secret.
* Consider starting with a favorite sentence, and then just take the first letter of each word. Add numbers, punctuation, or symbols for complexity.
* Never turn off your firewall; it's an important software program that helps stop viruses and worms.
* Use flash drives cautiously. They are easily infected --in fact the biggest breach of U.S. military systems to date was due to a flash drive.
* Encrypt sensitive information on your computer with programs like Identity Finder.
* Download a program that can scan your computer for vulnerabilities.
* Be conscious of what you click on, both in emails and on the Web.
And for Mac users, don;t think that you're completely immune. Cybersecurity specialist Charlie Miller will soon be announcing a record-breaking 20 security holes found in OS-X, the Mac operating system.
Cyber attacks are a big and growing problem. In fact, forty-two percent of businesses now rate cybercrime as the greatest threat to their well-being, more than natural disaster, terrorism, and traditional crime combined. Things have gotten so bad in fact that James Lewis of the Center for Strategic and International Studies in Washington, D.C., has said: "We have a faith-based approach, in that we pray every night nothing bad will happen."
But by taking these simple steps, we can all help make it a lot harder for criminals, terrorists, and even some nations from launching the kinds of attacks that are now crippling Burmese systems. So if you want to support democratic reforms in Burma, consider starting off by checking your firewall settings.
Scott Shackelford is an Assistant Professor of Business Law and Ethics at Indiana University-Bloomington. He is also a fellow at the Center for Applied Cybersecurity Research, and the author of the forthcoming book, The New Cyberwarfare: Countering Cyber Attacks in International Law, Business, and Relations.
Wednesday, October 27, 2010
How to Stop Zombies
There could be a zombie sitting in your living room right now, ready to feast. Worse yet, studies have found that there could be hundreds of millions of zombies around the world waiting to attack at any moment. Before you grab a bat, call Will Smith and head for the hills though, there may be an easier option—update your anti-malware.
Aside from Halloween, another scary fact about October is that it’s also National Cyber Security Awareness Month. Why’s that so terrifying? Because cyber attacks, which were already a big problem, are on the rise.
According to a recent Symantec study, cyber attacks are up from an average of one or two per week on a given computer system in 2005, to 77 today. More than 90 percent of the 140 billion emails sent daily are spam. Of these, about 16 percent contain moneymaking scams, including phishing attacks in which e-mail is sent from someone the user supposedly knows and trusts. Once opened, infected attachments download malware onto a host’s computer, allowing access to confidential information stored on the computer system. This can turn computers into zombies, which may be linked with millions of other computers around the world to create a “botnet” – a kind of zombie evil empire. These botnets can then send spam and launch new cyber attacks, adding zombies to the virtual armies of criminals, terrorists, and even some nations.
In fact, forty-two percent of businesses now rate cybercrime as the greatest threat to their well-being, more than natural disaster, terrorism, and traditional crime combined. Things have gotten so bad in fact that James Lewis of the Center for Strategic and International Studies in Washington, D.C., has said: “We have a faith-based approach, in that we pray every night nothing bad will happen.”
But fear no more. There are a few simple steps can help keep your computer from turning into a zombie.
Install antivirus and antispyware software, like Microsoft Security Essentials.
Keep all software up to date, especially Windows, but also programs like Adobe Reader, Flash, and Java, which are often convenient backdoors that can be closed through frequent updates.
Use strong passwords of at least 14 characters, and keep them secret. Consider starting with a favorite sentence, and then just take the first letter of each word. Add numbers, punctuation, or symbols for complexity.
Never turn off your firewall; it’s an important software program that helps stop viruses and worms.
Use flash drives cautiously. They are easily infected – in fact the biggest breach of U.S. military systems to date was due to a flash drive.
Encrypt sensitive information on your computer with programs like Iden
tity Finder.
Download a program that can scan your computer for vulnerabilities.
Be conscious of what you click on, both in emails and on the Web.
And for Mac users, don’t think that you’re completely immune. Cybersecurity specialist Charlie Miller will soon be announcing a record-breaking 20 security holes found in OS-X, the Mac operating system.
The only way to stop the zombies is to hit them where it really hurts – open, unsecured systems that are making the world a far scarier place than it needs to be. So this Halloween, while you’re watching Night of the Living Dead, I Am Legend, or Shaun of the Dead, join the fun and help kill off a few thousand zombies with just a few clicks of the mouse.
Aside from Halloween, another scary fact about October is that it’s also National Cyber Security Awareness Month. Why’s that so terrifying? Because cyber attacks, which were already a big problem, are on the rise.
According to a recent Symantec study, cyber attacks are up from an average of one or two per week on a given computer system in 2005, to 77 today. More than 90 percent of the 140 billion emails sent daily are spam. Of these, about 16 percent contain moneymaking scams, including phishing attacks in which e-mail is sent from someone the user supposedly knows and trusts. Once opened, infected attachments download malware onto a host’s computer, allowing access to confidential information stored on the computer system. This can turn computers into zombies, which may be linked with millions of other computers around the world to create a “botnet” – a kind of zombie evil empire. These botnets can then send spam and launch new cyber attacks, adding zombies to the virtual armies of criminals, terrorists, and even some nations.
In fact, forty-two percent of businesses now rate cybercrime as the greatest threat to their well-being, more than natural disaster, terrorism, and traditional crime combined. Things have gotten so bad in fact that James Lewis of the Center for Strategic and International Studies in Washington, D.C., has said: “We have a faith-based approach, in that we pray every night nothing bad will happen.”
But fear no more. There are a few simple steps can help keep your computer from turning into a zombie.
Install antivirus and antispyware software, like Microsoft Security Essentials.
Keep all software up to date, especially Windows, but also programs like Adobe Reader, Flash, and Java, which are often convenient backdoors that can be closed through frequent updates.
Use strong passwords of at least 14 characters, and keep them secret. Consider starting with a favorite sentence, and then just take the first letter of each word. Add numbers, punctuation, or symbols for complexity.
Never turn off your firewall; it’s an important software program that helps stop viruses and worms.
Use flash drives cautiously. They are easily infected – in fact the biggest breach of U.S. military systems to date was due to a flash drive.
Encrypt sensitive information on your computer with programs like Iden
tity Finder.
Download a program that can scan your computer for vulnerabilities.
Be conscious of what you click on, both in emails and on the Web.
And for Mac users, don’t think that you’re completely immune. Cybersecurity specialist Charlie Miller will soon be announcing a record-breaking 20 security holes found in OS-X, the Mac operating system.
The only way to stop the zombies is to hit them where it really hurts – open, unsecured systems that are making the world a far scarier place than it needs to be. So this Halloween, while you’re watching Night of the Living Dead, I Am Legend, or Shaun of the Dead, join the fun and help kill off a few thousand zombies with just a few clicks of the mouse.
Tuesday, October 19, 2010
The Future of the Internet
What will the Internet look like in 10 or 50 years? Check out the scenarios that the Internet Society has put together at http://www.isoc.org/tools/blogs/scenarios/.
Tuesday, October 5, 2010
Thursday, September 30, 2010
State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem
This Article reviews both the applicability and desirability of the two vying regimes for state responsibility under international law as applied to cyber attacks: the effective and overall control standards. Due to the technical difficulties with proving attribution for cyber attacks, along with the unreasonably high burden of proof required by the ICJ’s interpretation of the effective control standard, this Article argues for the adoption of the overall control standard as being both within the best interests of NATO as well as the international community.
Estonia Three Years Later: A Progress Report on Combating Cyber Attacks
Hackers have been online since a Cornell graduate student infected MIT’s burgeoning network with the first Internet worm on November 2, 1988. But recently cyber attacks on states have proliferated both in numbers and severity. The best-known recent example of such a cyber attack was on April 27, 2007. In a matter of hours, the websites of Estonia’s leading banks and newspapers crashed. Government communications were compromised. An enemy had invaded and was assaulting dozens of targets across the country. But this was not the result of a nuclear, chemical, or biological weapon of mass destruction. Nor was it a classical terrorist attack. A computer network was responsible, with attacks coming from thousands of zombie private computers around the world. And this was just the beginning. Flash forward to August 7, 2008 when immediately prior to the Russian army invading Georgia en masse a cyber attack reportedly crippled the IT systems of the Georgian military including air defense. Georgian command and control was forced to resort to U.S. government and Google accounts while Estonian advisors helped to deflect the ongoing cyber onslaught.
These cyber attacks are far from unique. Literally thousands of largely unreported major and minor cyber attacks occur daily. Power utilities in the United States, Polish and South Korean government websites, and UK technology firms have all be hit by cyber attacks in just the past few months. Even school districts in Illinois, Colorado, and Oklahoma have lost millions to fraudulent wire transfers. Responses have been varied, with many nations such as Singapore creating new cyber security authorities responsible for safeguarding IT.
Together these episodes exemplify that cyber attacks against states are increasingly common, and increasingly serious. No longer does it take thousands of planes and divisions of soldiers to destroy vital governmental institutions. It can now be done by a relatively small group of knowledgeable persons linking together zombie computers into a clandestine network that may be used to crash nearly any computer system in the world connected to the internet, from air traffic control to sewage treatment plants.
The central topic of this article is uncovering in brief what is being, and can be done to counter these attacks, both at the national and international level. The focus is on the last two-and-a-half years since the specter of cyber war fully entered public consciousness on the international scene with the cyber attack on Estonia. The question presented is what progress has been made since that time? In short, the answer is very little. Many nations have found mutual benefit in the status quo strategic ambiguity. National information infrastructures, and the World Wide Web in general, remain acutely vulnerable to cyber attacks. Without concerted multilateral action, such as by coordinating the more than 250 Cyber Emergency Response Teams (CERTs) currently operating around the world while also clarifying the applicable legal regime, this intolerable state of affairs will continue.
The structure of the article is as follows. Part I analyzes the threat of cyber attacks to international peace and security. Part II briefly summarizes the current cyber defense policies of the major players, to the extent that information is publicly available, including the United States, Russia, China, and NATO. Part III lays out the current legal regime that may be applied to cyber attacks, highlighting the significant gaps in the system. Finally, Part IV concludes by arguing for the need for a new regime for regulating cyber attacks and proposes new minilateral and multilateral measures that should be taken to more effectively protect information infrastructures from cyber attacks.
These cyber attacks are far from unique. Literally thousands of largely unreported major and minor cyber attacks occur daily. Power utilities in the United States, Polish and South Korean government websites, and UK technology firms have all be hit by cyber attacks in just the past few months. Even school districts in Illinois, Colorado, and Oklahoma have lost millions to fraudulent wire transfers. Responses have been varied, with many nations such as Singapore creating new cyber security authorities responsible for safeguarding IT.
Together these episodes exemplify that cyber attacks against states are increasingly common, and increasingly serious. No longer does it take thousands of planes and divisions of soldiers to destroy vital governmental institutions. It can now be done by a relatively small group of knowledgeable persons linking together zombie computers into a clandestine network that may be used to crash nearly any computer system in the world connected to the internet, from air traffic control to sewage treatment plants.
The central topic of this article is uncovering in brief what is being, and can be done to counter these attacks, both at the national and international level. The focus is on the last two-and-a-half years since the specter of cyber war fully entered public consciousness on the international scene with the cyber attack on Estonia. The question presented is what progress has been made since that time? In short, the answer is very little. Many nations have found mutual benefit in the status quo strategic ambiguity. National information infrastructures, and the World Wide Web in general, remain acutely vulnerable to cyber attacks. Without concerted multilateral action, such as by coordinating the more than 250 Cyber Emergency Response Teams (CERTs) currently operating around the world while also clarifying the applicable legal regime, this intolerable state of affairs will continue.
The structure of the article is as follows. Part I analyzes the threat of cyber attacks to international peace and security. Part II briefly summarizes the current cyber defense policies of the major players, to the extent that information is publicly available, including the United States, Russia, China, and NATO. Part III lays out the current legal regime that may be applied to cyber attacks, highlighting the significant gaps in the system. Finally, Part IV concludes by arguing for the need for a new regime for regulating cyber attacks and proposes new minilateral and multilateral measures that should be taken to more effectively protect information infrastructures from cyber attacks.
Web Tastes Freedom Inside Syria, and It's Bitter
It’s no secret that some nations often censor information that is shared with the public. They block access to Internet sites with information or openness that they have deemed sensitive, to national security issues or otherwise. What may be less well-known is how often those government measures are averted. In the case of Syria, most social networking sites, like Facebook, are blocked by the government. However, as the attached article explains, young Syrians often get around such censorship by hacking into other computers. As Robert Worth of The New York Times writes: “Foreign proxy server numbers are traded among young people like baseball cards.” While this may lead to positive civil rights among youth in Syria, as depicted in this article, it also highlights the difficulty in tracing cyber attacks.
From Net War to Nuclear War: Analogizing Cyber Attacks in International Law
On April 27, 2007, Estonia suffered a crippling cyber attack launched from outside its borders. It is still unclear what legal rights a state has as a victim of a cyber attack. For example, even if Estonia could conclusively prove that Russia was behind the March 2007 attack there is no clear consensus on how Estonia could legally respond, whether with armed force, its own cyber attack, or some other measure. The scholarly literature dealing with these questions, as well as the ethical, humanitarian, and human rights implications of information warfare (IW) on national and international security is scarce. Treatments of IW outside the orthodox international humanitarian law (IHL) framework are nearly non-existent. This underscores the tension between classifying cyber attacks as merely criminal, or as a matter of state survival calling for the same responses as conventional threats to national security.
International law has been slow to adapt. The facts on the ground, and the widespread, amorphous use and rapid evolution of the internet in many ways challenge state sovereignty. I will advocate that the best way to ensure a comprehensive regime for cyber attacks is through a new international accord dealing exclusively with cyber security and its status in international law. Yet, the international community lacks the political will to tackle this issue directly. Until such an accord becomes politically viable, it is critical to examine how existing treaty systems may extend to cover the novel facts presented by cyber attacks. Together, existing treaties form a dual track approach to cyber attacks - one that is available for cyber attacks that do not rise to the level of an armed attack, and another that is activated once an armed attack occurs. To that end this paper will examine the most apt analogues in international law to form an appropriate legal regime for the various types of cyber attacks - whether it is humanitarian law (laws of war), human rights law (regulation of nation states behavior), or some novel combination of these and other treaty systems. In framing this regime, it will be argued that cyber attacks represent a threat to international peace and security as daunting and horrific as nuclear war.
Yet the nuclear non-proliferation model is not a useful analogy since the technology necessary to conduct IW is already widespread in the international community. Instead, other analogies will rely on communications and cyber law, space law, and the law of the sea. The main failings of existing international treaties that touch on cyber law though are that most do not carry enforcement provisions. Nor do they specify how the frameworks change or fall away entirely during an armed attack. Nevertheless, regardless of whether or not cyber attacks fall below the threshold of an armed attack these bodies of law have a role to play in forming an appropriate regime. The cyber attack on Estonia in April, 2007, presents an example of the dire need for clarity in the international law of non-conventional warfare using modern technology.
To read the full article, go to http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1396375.
International law has been slow to adapt. The facts on the ground, and the widespread, amorphous use and rapid evolution of the internet in many ways challenge state sovereignty. I will advocate that the best way to ensure a comprehensive regime for cyber attacks is through a new international accord dealing exclusively with cyber security and its status in international law. Yet, the international community lacks the political will to tackle this issue directly. Until such an accord becomes politically viable, it is critical to examine how existing treaty systems may extend to cover the novel facts presented by cyber attacks. Together, existing treaties form a dual track approach to cyber attacks - one that is available for cyber attacks that do not rise to the level of an armed attack, and another that is activated once an armed attack occurs. To that end this paper will examine the most apt analogues in international law to form an appropriate legal regime for the various types of cyber attacks - whether it is humanitarian law (laws of war), human rights law (regulation of nation states behavior), or some novel combination of these and other treaty systems. In framing this regime, it will be argued that cyber attacks represent a threat to international peace and security as daunting and horrific as nuclear war.
Yet the nuclear non-proliferation model is not a useful analogy since the technology necessary to conduct IW is already widespread in the international community. Instead, other analogies will rely on communications and cyber law, space law, and the law of the sea. The main failings of existing international treaties that touch on cyber law though are that most do not carry enforcement provisions. Nor do they specify how the frameworks change or fall away entirely during an armed attack. Nevertheless, regardless of whether or not cyber attacks fall below the threshold of an armed attack these bodies of law have a role to play in forming an appropriate regime. The cyber attack on Estonia in April, 2007, presents an example of the dire need for clarity in the international law of non-conventional warfare using modern technology.
To read the full article, go to http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1396375.
Google Needs Help Agasint Cyber Attackers
In January 2010, corporate America was compromised. Again. Computer attacks possibly emanating from within China were directed at stealing Google's intellectual property along with that of 40 other corporations, mostly in the United States.
In this case, the attacker used a tactic known as phishing, in which e-mail is sent from someone the user supposedly knows and trusts. Once opened, infected attachments downloaded malware on the host's computer, allowing access to confidential information stored on the computer system. Google has stated that little if any of its property was lost. But it is estimated that similar attacks have led to the loss of 10,000 to 20,000 gigabytes of sensitive information in recent years. The actual figure is probably far higher.
Many computer security experts have called the attack on Google routine. Indeed it was: The number of "computer security incidents" that the U.S. Computer Emergency Readiness Team investigates grew from six in 1988 to 52,658 in 2001. In fact, the United States is "under cyberattack virtually all the time," according to Defense Secretary Robert Gates.
What can the U.S. government do in response? Not enough. It has been reported that the State Department will make a formal protest to Chinese authorities over the Google incident. Why can't we do more? The problem is twofold.
First, it's very difficult to prove who is behind the attacks. The science of tracing such attacks is primitive at best. Sophisticated attacks by knowledgeable hackers, whether private or state-sponsored, are nearly impossible to trace to their source. The current foundation of network communications over the Internet, consisting of the Transmission Control Protocol and the Internet Protocol that route information to its destination, dates to 1982. This antiquated system of communication, designed for a small number of academic and governmental researchers sharing information with low risk of system breaches, is at the heart of the problem.
Second, even if the U.S. government working with Google could definitively state that China was behind the attacks, which seems increasingly likely given recent findings of Chinese code in the malware, legal options are limited. Cyber-attacks activate one of two areas of international law, depending on severity. If the attack is as bad as an armed attack by regular military forces, the laws of war apply. But if it isn't as serious, like the one on Google, other treaties are activated. None of these, however, has any teeth. In recognition of this, the United States and Russia recently took the first steps toward negotiating a treaty for online security, but the countries are still far apart.
Such a treaty, though, would give Google options. It could provide for reparations and sanctions against aggressor nations, like China, when online attacks occur. It could define the burden of proof needed to establish state responsibility for Internet attacks. And, most important, it could provide a forum, a court, where Google could bring a case against China.
Short of a treaty, the Obama administration could push for a national law on online attacks, establishing criminal sanctions against proven attackers and requiring the Department of Justice to prosecute offenders.
Urgent action is needed. So long as the Internet remains open and the legal system undefined, people and nations alike will continue to launch online attacks. Right now, they have nothing to fear.
For a full copy of this article published in the San Francisco Chronicle, go to http://articles.sfgate.com/2010-01-24/opinion/17835314_1_google-attacks-computer-emergency-readiness-team
Subscribe to:
Posts (Atom)