DSI White Paper – By Richard Wottrich, CEO & Senior Consultant
May 14, 2013, Chicago USA
Over six billion humans use cell phones. Over 2.4 billion of us are on the Internet. Where would we be without our connectivity? The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to serve billions of users worldwide. We like to think that the Internet is freely accessible – free of politics – free of governments and their constraints. Is it?
In less than twenty years the Internet has had a tremendous impact on our global culture and commerce. We are – each and almost every one of us – hugely dependent upon nearly instant communication via email, instant messaging, Voice over Internet Protocol (VoIP) “phone calls,” two-way interactive video calls, GPS mapping services, almost unlimited “Cloud” storage of our “stuff,” and the World Wide Web with its myriad blogs, Twitters, discussion forums, audio streaming, video “channels,” social networking, and online shopping sites.
The Internet’s main perceived benefits are free access and free expression. We want to believe that the Internet cannot be controlled or taxed. But it is exactly those two attributes that are drawing unprecedented attention from governments the world over.
China Internet Controls
China expends an enormous amount of time, energy and money seeking to completely control the Internet within its borders and beyond.
Ren Xianliang, Vice-Minister of Propaganda in Shaanxi Province, China, wrote in an editorial recently, “Just as political power grows out of the barrel of a gun, the Party’s control of the media is an unassailable basis of the Party’s leadership.”
The Party already controls the Internet in China. The state employs literally hundreds of thousands of people in a massive, sophisticated, and entrenched effort so pervasive that no other platform today poses a credible threat to the Party. Party leaders hold top positions at major Internet corporations (as they do in every major Chinese company) and they are expected to be loyal to government. Through 2012, Chinese government agencies maintained over 175,000 Weibo accounts.
This cross-breeding of the Party and the corporate world in China is immensely important, as major corporations act as extensions of Party power.
Huawei Investment & Holding Co., Ltd. is a classic example of this premise. Based in Shenzhen, China, Huawei has revenues of $35 billion, 155,000 employees and has overtaken Ericsson (OM:ERIC B) as the largest manufacturer of telecommunications equipment globally.
Huawei has long been accused that its equipment contains “digital backdoors” that could be used to spy on government and commercial data. Huawei has its equipment in Internet communication systems in 140 countries. Many believe that its equipment is critical to the Chinese government’s espionage efforts.
U.S. spy agencies, armed with very specific evidence, have raised to a certitude that many hundreds of people at Chinese military facilities in Beijing and Shanghai have been routinely hacking 80% to 95% of U.S. computer systems.
A recent 84-page Pentagon report stated that, “China is using its computer network exploitation (CNE) [Internet] capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs.”
Internally Chinese authorities have terminated the micro-blog accounts of several prominent liberal intellectuals and harassed civil rights lawyers advocating against unofficial “black jails’, underlining the determination of the China’s new leadership to control dissent.
Li Cheng, an expert on China politics at the Washington DC-based Brookings Institution said, “The controls are tighter than ever. The challenges are greater, so the suppression is escalating.”
U.S. Utah Data Center
Lest you think this is restricted to just China, recent disclosures have accused the U.S. Justice Department of secretly collected two months of telephone records from reporters and editors at the Associated Press (AP).
AP President Gary Pruitt said, the digital records sourced by Justice covered calls from several AP bureaus and the personal phone lines of staffers. Pruitt said that the subpoenas were a “massive and unprecedented intrusion” into its reporting.
Pruitt went on to say that, “These records potentially reveal communications with confidential sources across all of the newsgathering activities undertaken by the AP during a two-month period, provide a road map to AP’s newsgathering operations and disclose information about AP’s activities and operations that the government has no conceivable right to know.”
Think this is a one-off? Think again.
The U.S. government has been building a unique and massive resource; The Utah Data Center (UDC), also known as the Intelligence Community Comprehensive National Cybersecurity Initiative (CNCI) Data Center. This is and will be the primary data storage facility for the United States Intelligence Community; capable of storing data on the scale of yottabytes (1 yottabyte = 1 trillion terabytes, or 1 quadrillion gigabytes).
UDC’s purpose is to support the CNCI, but beyond that opaque sophistry its precise mission is secret.
According to a James Bamford’s Wired magazine article “The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)” dated March 12, 2012, UDC supposedly can capture “all forms of communication, including the complete contents of private emails, cell phone calls, and Internet searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter’.”
This is Big Data writ large. If they build it, they will use it. This would seem to be exactly the same description of what we are accusing the Chinese government of doing.
According to the FISA Amendments Act of 2008, the federal government is legally prohibited from collecting, storing, analyzing, or disseminating the content of the communications of U.S. citizens, whether inside or outside of the country, unless authorized by an individual warrant from the Foreign Intelligence Surveillance Court.
This appears to have not been the case in the recent Justice Department expropriation of AP’s phone records – no warrant was offered to AP – no warning was given to AP. It was done in secret behind closed doors.
Less you think this small beer – the UDC headquarters is planned at 1 million to 1.5 million square feet at a projected cost of $2 billion when finished in September 2013. Telecommunications equipment, computers and software will cost another $2 billion. The completed spy center is expected to have a power demand of 65 megawatts, costing about $40 million per year – enough to power 65,000 average homes.
Federal Trade Commission Sues Wyndham Worldwide Corp.
Hackers broke into the Wyndham computer systems between 2008 and 2010 and allegedly stole payment-card numbers for thousands of their customers. The Federal Trade Commission subsequently sued Wyndham alleging that the company had lax data-security systems that exposed customers to theft. The FTC is asking that Wyndham “redress injury” caused by the hacking. Wyndham says no customers suffered any financial loss as a result of the hacking.
This suit takes government Internet interference in private corporations to new levels of hubris. The Internet hackers are not the problem, rather the company that was hacked is the problem.
Wyndham said in a recent court filing that “This is the Internet equivalent of punishing the local furniture store because it was robbed and its files raided.”
Congress has NOT given the FDC any explicit authority to regulate corporate cybersecurity in general, or to order companies to beef up their security systems. The FDC saw fit to do this on its own. This is but one of a dozen similar suits lodged by the FDC; including Twitter Inc. and the U.S. unit of mobile-device manufacturer HTC Corp.
Companies that fail to protect customer data will pay a huge price in the market with customers and inroads from competitors. It is not in the FDA’s purview to dictate corporate actions on the Internet, as that means ipso facto that the government will be privy to what those security systems are – giving the government back-door access.
It is also not up to a government agency to make political policy regarding what private corporations can and cannot do, but rather it is up to the three branches of the U.S. government to establish such guidelines through the normal political process.
Senate Approves Bill to Tax the Internet
The U.S. Senate passed a bill 69-27 on May 6th, 2013, to give state and local governments additional powers to collect Internet sales taxes. The states have long held that they must have this power, as they see billions of dollars in revenues passing across the Internet in front of their very eyes. We all know how frustrating that must be for them.
The problem is this bill will force all online retailers to collect sales taxes for all 9,600 state and local government entities. There quite literally is no software system available that can actually do this at an acceptable cost. And anything less than an acceptable cost will put thousands of smaller Internet companies out of business.
As this is political theater, there’s more. You have to read the bill to find out what’s in it. Courtesy of Senate Majority Leader Harry Reid the definition of what “state” meant was rewritten to include “any tribal organization.” There are at least 566 federally recognized tribes and Alaska Natural Resources Committees – all of which will qualify for official tax audit status in addition to all 50 states. That means that a small Internet retailer will be responsible for sales tax audits from at least 616 legal entities, and there will be no legal recourse against 566 of them, as they are foreign territory under the law.
Why would Senator Reid do this? Well, there are at least 215 Indian casinos in Nevada, and each and every one of them can make political contributions to Senator Reid. Few Senators realized that Harry put this language in the bill.
The House of Representative is contemplating this bill now. We suspect that very few Representatives know that this language is in the bill either. One can only hope that too few Representatives have casinos in their districts to pass the bill.
The Balkanization of the Internet
Balkanization is a pejorative term used to describe the process of fragmentation or division of a region or state into smaller regions or states that are often hostile or non-cooperative. It refers to the fragmentation of the Balkan peninsula, as the Ottoman Empire lost power, into a plethora of smaller states between 1817 and 1912.
It came into use again after the First World War, with reference to the birth of scores of new states after the collapse of the Austro-Hungarian Empire and the Russian Empire. And again after the breakup of Yugoslavia and the Soviet Union.
The Internet has been called the world’s largest ungoverned space. No longer. Governments are snipping and intervening on all levels to control political dissent, collect taxes, convey punitive actions and frankly just seek to control for the sake of power. Welcome to age of the Balkanization of the Internet.
Authoritative regimes across the globe are spending precious and limited resources to suppress what their citizens can do online. Arab governments dealing with the so-called Arab Spring have made efforts to control social media sites and track dissent with varying degrees of success.
Famously Hosni Mubarak’s government tried to compel Vodafone to release information on its Egyptian users during the 2011 Egyptian uprisings. They failed and the state failed, but its replacement regime is attempting to install the same controls.
China is the most blatant of Internet filtering systems. The U.S. still has few controls over Internet use, but as the aforementioned cases demonstrate, this could change in a heartbeat.
As Edmund Burke said, “Bad laws are the worst sort of tyranny.” And as Cinderella sang, you “don’t know what you got (till it’s gone).”
Richard L. Wottrich, firstname.lastname@example.org