Cyber, Cyber, Cyber. The word makes most technical people cringe but it’s all the rage right now in DC and other policy circles. The rallying calls are now familiar and the central pitch is that private entities and networks—the buzzword is “critical infrastructure”—should be strongly incentivized to “share” information with the government. In other words, providers should surrender more of their and their customers’ privacy. There’s much danger there and EFF continues to sound the alarm.
But at the same time, the threat of state-sponsored security attacks is real and such attacks can do great damage. And we know that our digital world is massively insecure, all the way from the firmware in our devices to the certificate authority system. That's not even counting the affirmative work done by the NSA and the CIA to further undermine our security.1
So it would be good if the US government shifted gears toward actually helping people who are affected by these attacks.
Yet for a growing number of Americans, the reality of cyberattacks by a foreign government already exists. As Citizen Lab’s latest report confirms, American journalists, activists, and others who work to promote freedom and democracy abroad are regularly under serious attack by the foreign governments. Yesterday's report was about Ethiopia, but we have years of evidence of attacks by pro-government actors in Syria, Vietnam and
China targeting Americans in America.
Where are the US government cyber forces when real people need them?
In our Kidane v. Ethiopia case, EFF represents an American citizen living in Maryland who has had his computer—the one his young son also uses to do his homework—completely taken over by malware manufactured by FinFisher but deployed by the Ethiopian government, with all of his personal information surreptitiously sent to a server in Ethiopia controlled by the government. Citizen Lab has documented several such attacks. These attacks are not one-off situations, but are an ongoing campaign against journalists and others covering the Ethiopian government’s human rights violations, including of course the horrible political trial of the Zone 9 bloggers
Why hasn’t the US government given any support to the Kidane case? Even a letter to the judge or statement in support of basic justice for those harmed by foreign cyber attacks on American citizens would help. Or better yet, why hasn't the government taken direct action against Ethiopia—after all, these are computer crimes and are just as targeted as the Sony attack. The US government would need warrant to gain access to the content of your computer sitting at home on your desk; they shouldn't look the other way when the Ethiopian government does the same with no process whatsoever.
Protecting people when they go online is important. EFF works hard to investigate security risks and support others who do so, including our friends at Citizen Lab, so that we can make our digital world more secure. We are also involved in several tech projects to try to plug holes in our security and build a better Internet. We want a world in which people can trust that they can have a private conversation online, or store their trade secrets in the cloud or work to promote freedom around the world without fear that their computers will be attacked or compromised.
So remember this as the official hoopla around cybersecurity continues: If the US government wants people to believe it when it says it wants to protect our “cyber" against foreign forces, it should start by stepping up to help the people who are currently under attack.
- 1. The revelations that our tax dollars are spent on an entire government sponsored conference to find holes in Apple's security are just the latest in a string of outrages.