The dawn of Cyber-Colonialism
21 June 2014
I read today a brief missive about the Russian government’s intent to replace US sourced CPUs, the heart of a modern computer, with domestically produced ones. This is presumably a move to protect their critical infrastructure from hardware back doors, that are difficult to detect or eliminate. This is a good opportunity to share my thoughts on what is at stake in the current debate about the NSA’s and GCHQ’s pervasive surveillance infrastructure, including historic attempts to prevent the development and widespread use of security and cryptology technologies, and their current active compromise of international communications and end-users.
A lot has been written about the right to privacy of American citizens, and to some extent now British subjects. In my opinion, this important domestic issue lies on the insignificant end of the global impact of the Snowden revelations. It is also the only issue that may be resolved through better oversight and stronger privacy guarantees in national laws (with the caveats relating to the “liberal fallacy“).
What is truly at stake is whether a small number of technologically-advanced countries, including the US and the UK, but also others with a domestic technology industry, should be in a position to absolutely dominate the “cyber-space” of smaller nations. About 20 years ago, this may have been a minor concern as few things were critically dependent on IP or mobile networks. Today, most social and economic interactions are mediated through such technologies, or could economically benefit from being so, if only due to “security and privacy concerns”.
Take the example of a procurement manager at a small nation’s train operator. Should they buy modern computerized signaling equipment, containing CPUs and relying on off-the-shelf networking technologies? Or should they stick with traditional electro-mechanical signaling based on miles of dedicated copper wires alongside tracks, and outdated control systems? What we have learned through leaked NSA documents in the past year suggests this is an impossible choice.
If the manager decides to go with modern internationally sourced computerized system, it is impossible to guarantee that they will operate against the will of the source nation. The manufactured low security standards (or deliberate back doors) pretty much guarantee that the signaling system will be susceptible to hacking, ultimately placing it under the control of technologically advanced nations. In brief, this choice is equivalent to surrendering the control of this critical infrastructure, on which both the economic well-being of the nation and its military capacity relies, to foreign power(s).
Not opting for computerized technologies is also a difficult choice to make, akin to not having a mobile phone in the 21st century. First, it is increasingly difficult to source older hardware, and the low demand increases its cost. Without computers and modern network communications is it also impossible to benefit from their productivity benefits. This in turn reduces the competitiveness of the small nation infrastructure in an international market; freight and passengers are likely to choose other means of transport, and shareholders will disinvest. The financial times will write about “low productivity of labor” and a few years down the line a new manager will be appointed to select option 1, against a backdrop of an IMF rescue package.
I call the landscape of technology policy options that force a choice between foreign cyber-domination and technologically staying in the 20th century, cyber-colonialism. (This term was in fact suggested by Dr Paul Bernal at UEA). To paraphrase the Oxford Dictionary, I define “cyber-colonialism” as:
“The policy or practice of acquiring full or partial political control over another country’s cyber-space, occupying it with technologies or components serving foreign interests, and exploiting it economically.”
Cyber-colonialism and traditional economic domination (which is a legacy of traditional colonialism) complement each other nicely: choosing an outdated technology for fear of cyber-colonialism exposes the country to traditional economic domination due to lack of competitiveness, and ultimately its inability to export, and its reliance on imports for the most mundane of technological goods.
In this context violations of privacy and confidentiality are just the tip of the iceberg, a hint of what pervasive surveillance and active infrastructure compromise means for the rest of the world. Of course the US / UK access to private conversations provides a valuable insight into the intentions of political, economic and military elites, and an edge when it comes to dominating a smaller nation economically or militarily.
Maintaining the ability of western signals intelligence agencies to perform foreign pervasive surveillance, requires total control over other nations’ technology, not just the content of their communication. This is the context of the rise of design backdoors, hardware trojans, and tailored access operations.
As cyber-space merges with physical production and day to day life, effective foreign control of the infrastructure extends “cyber-colonialism” to all aspects of the dominated nation: its economic production, that may stop at a flick of a switch, its military might that could be turned against it, and its political institutions and parties that can be promoted or disrupted at will. The higher our belief in the transformation potential of modern technology, the tighter the shackles of cyber-colonialism will be.
These thoughts will be presented at the Privacy Enhancing Technologies Symposium panel on “PETs Post-Snowden: Implications of the revelations of the NSA and GCHQ Surveillance Programs for the PETs community” (July 15-17, 2014, Amsterdam). Many thanks to @GenKnoxx and @zooko for corrections. Ian Brown points me to a related article on cyber-imperialism.