Académique Documents
Professionnel Documents
Culture Documents
agency has said it would never deliberately weaken a cryptographic standard, but it remains unclear whether
the agency was aware of the back door or whether the NSA tricked NIST into adopting the compromised
The
revelation that NSA somehow got NIST to build a back door into an encryption
standard has seriously damaged NISTs reputation with security experts. NIST is
operating with a trust deficit right now, Soghoian said. Anything that NIST has
touched is now tainted. Its a particularly bad time for NIST to have lost the
support of the cybersecurity community. In his executive order, Obama tasked
NIST with drafting the cybersecurity guidelines for critical infrastructure such
as power plants and phone companies. Because its an executive order instead of a law, the
standard. NIST is required by law to consult with the NSA for its technical expertise on cybersecurity.
cybersecurity standards are entirely voluntary, and the U.S. government will have to convince the private sector to
The Snowden leaks werent the first to indicate that the NSA is involved in
exploiting commercial security. According to a 2012 New York Times report, the
NSA developed a worm, dubbed Stuxnet, to cripple Iranian nuclear centrifuges.
But the worm, which exploited four previously unknown flaws in Microsoft
Windows, escaped the Iranian nuclear plant and quickly began damaging
computers around the world. The NSA and Israeli officials have also been tied to Flame, a virus that
comply.
impersonated a Microsoft update to spy on Iranian computers. Vanee Vines, an NSA spokeswoman, said the U.S.
government is as concerned as the public is with the security of these products. The United States pursues its
intelligence mission with care to ensure that innocent users of those same technologies are not affected, she said.
cannot stand behind for protecting national security systems and data, she said. The activity of NSA in setting
standards has made the Internet a far safer place to communicate and do business .
risk of leaving the vulnerability un-patched, the likelihood that anyone else would discover it, and how important
consultant who has worked with tech companies and helped The Washington Post with its coverage of the
emphasized that the NSA would never hack into foreign networks to give domestic companies a competitive edge
(as China is accused of doing). We do not use foreign intelligence capabilities to steal the trade secrets of foreign
companies on behalf ofor give intelligence we collect toU.S. companies to enhance their international
competitiveness or increase their bottom line, she said. Jim Lewis, a senior fellow with the Center for Strategic
and International Studies, agreed that NSA spying to stop terrorist attacks is fundamentally different from China
stealing business secrets to boost its own economy. He also said there is widespread misunderstanding of how the
Rising risks, reduced readiness Key findings from the 2014 US State of Cybercrime
Survey", June 2014, co-sponsored by The CERT Division of the Software
Engineering Institute at Carnegie Mellon University, CSO magazine, United States
Secret Service, www.pwc.com/us/en/increasing-iteffectiveness/publications/assets/2014-us-state-of-cybercrime.pdf
*experts
*other nations have better cybersecurity programs- Russia
The risks and repercussions of cybercrime In this 12th survey of cybercrime
trends, more than 500 US executives, security experts, and others from the public
and private sectors offered a look into their cybersecurity practices and state of
risk and readiness to combat evolving cyber threats and threat agents. One thing is
very clear: The cybersecurity programs of US organizations do not rival the
persistence, tactical skills, and technological prowess of their potential
cyber adversaries. Today, common criminals, organized crime rings, and nationstates leverage sophisticated techniques to launch attacks that are highly targeted
and very difficult to detect. Particularly worrisome are attacks by tremendously skilled threat actors that
attempt to steal highly sensitiveand often very valuableintellectual property, private communications, and
the US
Director of National Intelligence has ranked cybercrime as the top national
security threat, higher than that of terrorism, espionage, and weapons of mass
destruction.1 Underscoring the threat, the FBI last year notified 3,000 US companiesranging from small
banks, major defense contractors, and leading retailersthat they had been victims of cyber intrusions. The
United States faces real [cybersecurity] threats from criminals, terrorists,
spies, and malicious cyber actors, said FBI Director James B. Comey at a recent
security conference.2 The playground is a very dangerous place right now. Nation-state actors pose
a particularly pernicious threat, according to Sean Joyce, a PwC principal and
former FBI deputy director who frequently testified before the US House and Senate Intelligence
committees. We are seeing increased activity from nation-state actors, which
could escalate due to unrest in Syria, Iran, and Russia , he said. These groups
may target financial services and other critical infrastructure entities. In todays
volatile cybercrime environment, nation-states and other criminals continually and
rapidly update their tactics to maintain an advantage against advances in security
safeguards implemented by businesses and government agencies. Recently, for instance,
other strategic assets and information. It is a threat that is nothing short of formidable. In fact,
hackers engineered a new round of distributed denial of service (DDoS) attacks that can generate traffic rated at
a staggering 400 gigabits per second, the most powerful DDoS assaults to date.
Introduction
Over the course of the last year, a host of cyberattacks1 have been perpetrated on
a number of high profile American companies. In January 2014, Target announced
that hackers, using malware,2 had digitally impersonated one of the retail giants
contractors,3 stealing vast amounts of dataincluding the names, mailing
addresses, phone numbers or email addresses for up to 70 million individuals and
the credit card information of 40 million shoppers. 4 Cyberattacks in February and
March of 2014 potentially exposed contact and log-in information of eBays
customers, prompting the online retailer to ask its more than 200 million users to
change their passwords.5 In September, it was revealed that over the course of five
months cyber-criminals tried to steal the credit card information of more than fifty
million shoppers of the worlds largest home improvement retailer, Home Depot.6
One month later, J.P. Morgan Chase, the largest U.S. bank by assets, disclosed that
contact information for about 76 million households was captured in a cyberattack
earlier in the year.7 In perhaps the most infamous cyberattack of 2014, in late
November, Sony Pictures Entertainment suffered a significant system disruption
as a result of a brazen cyber attack 8 that resulted in the leaking of the personal
details of thousands of Sony employees.9 And in February of 2015, the health care
provider Anthem Blue Cross Blue Shield [end page 1] disclosed that a very
sophisticated attack obtained personal information relating to the companys
customers and employees.10
The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a
broader trend: the frequency and ferocity of cyberattacks are increasing,11
posing grave threats to the national interests of the United States. Indeed,
the attacks on Target, eBay, Home Depot, J.P. Morgan-Chase, Sony Pictures, and
Anthem were only a few of the many publicly disclosed cyberattacks perpetrated in
2014 and 2105.12 Experts suggest that hundreds of thousands of other entities may
have suffered similar incidents during the same period,13 with one survey indicating
that 43% of firms in the United States had experienced a data breach in the past
year.14 Moreover, just as the cyberattacks of 2013which included incidents
involving companies like the New York Times, Facebook, Twitter, Apple, and
Microsoft15were eclipsed by those that occurred in 2014, 16 the consensus view is
that 2015 and beyond will witness more frequent and more sophisticated cyber
incidents.17 To the extent that its expected rise outpaces any corresponding rise in
the ability to defend against such attacks, the result could be troubling news for
countless businesses that rely more and more on computers in all aspects of their
operations, as the economic losses resulting from a single cyberattack can be
extremely costly.18 And the resulting effects of a cyberattack can have effects
beyond a single companys bottom line. As nations are becoming ever more
dependent on information and information technology, 19 the threat posed by any
one cyberattack [end page 2] can have devastating collateral and cascading
effects across a wide range of physical, economic and social systems.20
With reports that foreign nationssuch as Russia, China, Iran, and North Korea
may be using cyberspace as a new front to wage war,21 fears abound that a
cyberattack could be used to shut down the nations electrical grid,22 hijack a
commercial airliner,23 or even launch a nuclear weapon with a single
keystroke.24 In short, the potential exists that the United States could suffer a
cyber Pearl Harbor, an attack that would cause physical destruction and
loss of life25 and exposein the words of one prominent cybersecurity expert
vulnerabilities of staggering proportions.26
First, a wide range of events have already been mistakenly interpreted as indicators of attack, including weather
phenomena, a faulty computer chip, wild animal activity, and control-room training tapes loaded at the wrong time.
terrorist groups or other actors might cause attacks on either the United
States or Russia that resemble some kind of nuclear attack by the other nation
by actions such as exploding a stolen or improvised nuclear bomb , 10 especially if
such an event occurs during a crisis between the U nited States and Russia. 11 A variety
of nuclear terrorism scenarios are possible. 12 Al Qaeda has sought to obtain or
construct nuclear weapons and to use them against the U nited States. 13 Other methods
9 Second,
could involve attempts to circumvent nuclear weapon launch control safeguards or exploit holes in their security. 14
example. It is possible that U.S.Russian relations will significantly deteriorate in the future, increasing nuclear
There are a variety of ways for a third party to raise tensions between the
United States and Russia, making one or both nations more likely to misinterpret
events as attacks.
tensions.
The relevance of Snowdens disclosures to cyber security The scope and reach of
the NSAs surveillance is important. The NSAs surveillance posture is as has been
repeated by General Keith Alexander, and is reflected in the NSA slide in Figure 1 to "collect it all":32
from undersea cable taps, to Yahoo video chats, to in-flight Wi-Fi, to virtual worlds
and online multiplayer games like Second Life and World of Warcraft. The NSA has at least three different
programmes to get Yahoo and Google user data. This shows that they try to get the same data from multiple
mechanisms.33 With the GCHQ under the MUSCULAR programme it hacked into the internal data links of Google
In addition to
highlighting the NSAs massive institutional overreach and global privacy invasion,
Snowdens disclosures also highlight the many points at which our data is
insecure, and the vast numbers of vulnerabilities to surveillance that exist
throughout our digital world. However, while the NSA is the largest threat in the
surveillance game, it is not the only threat. Governments all around the world are
using the internet to surveil their citizens. Considering the rate of
technological change, it is not unforeseeable that the methods, tools and
vulnerabilities used by the NSA will be the tools of states, cyber criminals
and low-skilled hackers of the future. Regardless of who the perceived attacker
or surveillance operative may be, and whether it is the NSA or not, large-scale,
mass surveillance is a growing cyber security threat. It has also been disclosed that
the NSA and GCHQ have actively worked to make internet and technology users around
the world less secure. The NSA has placed backdoors in routers running vital
internet infrastructures.35 The GCHQ has impersonated social networking websites like LinkedIn in
order to target system administrators of internet service providers.36 The NSA has been working with
the GCHQ to hack into Google and Yahoo data centres.37 The NSA also works to
undermine encryption technologies, by covertly influencing the use of weak
algorithms and random number generators in encryption products and
standards.38 The NSA in its own words is working under the BULLRUN programme
to "insert vulnerabilities into commercial encryption systems, IT systems,
networks, and endpoint communications devices used by targets" and to influence
policies, standards and specifications for commercial [encryption] technologies. 39
and Yahoo34 for information that it could mostly have gotten through the PRISM programme.
Cyber Command, has argued that shared norms are a basic building block for cybersecurity. He has called on
actors in academia and civil society to help design them and to assist in their spread. It may seem strange that
soft tools rather than hard military options, but there are four
good reasons why norms are the best option available. First, the United States is
vulnerable to cyberattacks and this weakness is difficult to address using
conventional tools of military statecraft. Second, it is difficult to ensure that complex
information systems are fully defended, since they may have subtle technical
weaknesses. Third, classical deterrence is not easy in a world where it is often
challenging to identify sophisticated attackers, or even to know when an attack has taken place.
Lastly, treaties are hard to enforce because it is so difficult to verify compliance
particularly in cyberspace, where weapons are software, not missiles. Although norms are hazier than
Pentagon officials are arguing for
treaty rules, they may still have important consequences. Norms against the use of nuclear weapons have taken
Robust
cybersecurity norms might, over time, rule out some kinds of attacks as
normatively inappropriate. They might encourage other states to see norm breaches
as attacks on their security, too, spurring cooperation to prevent or stop attacks. Finally,
norms can provide shared understandings between states that allow them to work
together where they have shared interests and manage relations where their interests clash. Challenges to
Norm Promotion It is hard to spread norms, even in the best circumstances. Unfortunately,
these are far from the best circumstances for the United States . U.S. policymakers face
hold since the 1950s, making their use nearly unthinkable in ordinary circumstances.
three major problems. First, it is easiest to promote norms when one can invoke common values to support them,
yet the world's cyber powers have differentand radically incompatiblevalues over how to protect cyberspace.
The clashing interests between democratic and authoritarian regimes on the value of an open Internet and
adopters of norms
are likely to be more receptive if they do not think the proponent of the norms is
acting in bad faith. To be sure, many states were happy to use the Snowden
revelations as a cover for opposition to any rules of behavior Washington might
offer. But for others, efforts at persuasion have been damaged by the exposed
gap between U.S. rhetoric and actions. At the very least, other states must be persuaded that
definitions of security make effective global treaties impossible. Second, the potential
following a norm is in their national interest. The disclosures, however, reinforced the view of many states that the
United States disproportionately benefits from an open, global, and secure Internet, and is only committed to
In light of the
Snowden disclosures, the United States is poorly placed to persuade other actors
of its good faith or its commitment to shared interests and values. The extent of the
damage to the U.S. reputation was revealed when the United States accused North
Korea of hacking into Sony's servers and announced its intention to retaliate against North Korea
these values to the extent that they further U.S. economic, political, and military objectives.
through low-level sanctions. Building on previous indictments of Chinese soldiers for hacking into U.S. firms, U.S.
officials followed an approach of "naming and shaming" cyberattackers while pursuing sanctions and possible
criminal charges. These actions are highly unlikely to result in successful prosecutions, but potentially serve a
normative purpose by signaling to the world that some actions are unacceptable. Although a few states criticized
many did not buy U.S. claims that Pyongyang was responsible. Members
of the business and technology communities also expressed polite skepticism over the
North Korea,
on Cybersecurity and Consumer Protection at Stanford University here. The summit, which focused on publicprivate partnerships and consumer protection, is part of a recent White House push to focus on cybersecurity.
Obama said the prospect of cyberattacks are one of the nation's most pressing national security, economic and
safety issues. The specter of a cyberattack crippling the nation's air traffic control system or a city with a blackout
is real, and hacks such as the one on Sony Pictures last year are "hurting America's companies and costing
American jobs." He also said they are a threat to the security and well-being of children who are online. "Its one
of the great paradoxes of our time that the very technologies that empower us to do great good can also be used
to undermine us and inflict great harm," Obama said before a cheering, friendly audience here at Stanford's
conversation" about encryption and said he likely leans more toward strong data encryption than law
U.S.
government surveillance activities have been seen as a potential liability for tech
companies that operate globally. Seventy to 80 percent of the user bases for a lot of these companies
enforcement, but is sympathetic to them because of the pressure they are under to keep people safe.
are the foreigners who get very little protection under our system, explained Julian Sanchez, a senior fellow
focused on technology and civil liberties at the Cato Institute. If they dont display some push back, they know
front have outpaced governmental and legislative efforts, said Andrew Crocker, a legal fellow at civil liberties
group the Electronic Frontier Foundation.
Senior Counsel and Director of the Free Expression Project at the Center for
Democracy & Technology, former Senior Staff Attorney at the Electronic Frontier
Foundation, former Justice William Brennan First Amendment Fellow at the American
Civil Liberties Union, holds a J.D. from the University of Southern California Law
School, 2015 (Doomed To Repeat History? Lessons From The Crypto Wars of the
1990s, Report by the Open Technology Institute at the New America Foundation,
June, Available Online at https://static.newamerica.org/attachments/3407-125/Lessons%20From%20the%20Crypto%20Wars%20of%20the
%201990s.882d6156dc194187a5fa51b14d55234f.pdf, Accessed 07-06-2015, p. 19)
Strong Encryption Has Become A Bedrock Technology That Protects The Security
Of The Internet
The evolution of the ecosystem for encrypted communications has also enhanced
the protection of individual communications and improved cybersecurity. Today,
strong encryption is an essential ingredient in the overall security of the modern
network, and adopting technologies like HTTPS is increasingly considered an
industry best-practice among major technology companies.177 Even the report of
the Presidents Review Group on Intelligence and Communications Technologies, the
panel of experts appointed by President Barack Obama to review the NSAs
surveillance activities after the 2013 Snowden leaks, was unequivocal in its
emphasis on the importance of strong encryption to protect data in transit and at
rest. The Review Group wrote that:
Encryption is an essential basis for trust on the Internet; without such trust,
valuable communications would not be possible. For the entire system to
work, encryption software itself must be trustworthy. Users of encryption
must be confident, and justifiably confident, that only those people they
designate can decrypt their data. Indeed, in light of the massive increase in
cyber-crime and intellectual property theft on-line, the use of encryption
should be greatly expanded to protect not only data in transit, but also data
at rest on networks, in storage, and in the cloud.178
The report further recommended that the U.S. government should:
Promote security[] by (1) fully supporting and not undermining efforts to create
encryption standards; (2) making clear that it will not in any way subvert,
undermine, weaken, or make vulnerable generally available commercial encryption;
and (3) supporting efforts to encourage the greater use of encryption technology for
data in transit, at rest, in the cloud, and in storage.179
Plan Text
The United States federal government should substantially
curtail its use of backdoor encryption standards and metadata
collection programs.
Internet
Contention 2 is Internet:
Next is the Cloud Computing Scenario:
Domestic surveillance erodes American competitiveness in the
cloud-computing industryother countries are using the
specter of NSA surveillance as a selling point, costing
American companies billions
Kehl, Policy Analyst at New Americas Open Technology
Institute, 14
Daielle, Kevin Bankston, Policy Directorat OTI, Robyn Greene, Policy Counsel at
OTI, Robert Morgus, Research Associate at OTI, "Surveillance Costs: The NSA's
Impact on the Economy, Internet Freedom & Cybersecurity", July 2014, New
America's Open Technology Institute Policy Paper,
https://www.newamerica.org/downloads/Surveilance_Costs_Final.pdf
*trust gap in squo
*webhosting services are having an economic fallout- foreign companies are
benefiting
*180 billion dollar loss in 3 years
*long term drought for this market= econ collapse
Costs to the U.S. Cloud Computing Industry and Related Business Trust in
American businesses has taken a significant hit s ince the initial reports on the PRISM
program suggested that the NSA was directly tapping into the servers of nine U.S.
companies to obtain customer data for national security investigations .28 The
Washington Posts original story on the program provoked an uproar in the media and prompted the CEOs of
several major companies to deny knowledge of or participation in the program.29 The exact nature of the requests
the relationship
between American companies and the NSA still created a significant trust
gap, especially in industries where users entrust companies to store sensitive
personal and commercial data. Last years national security leaks have also had a commercial and
financial impact on American technology companies that have provided these records, noted
made through the PRISM program was later clarified,30 but the public attention on
Representative Bob Goodlatte, a prominent Republican leader and Chairman of the House Judiciary Committee, in
the first disclosures, reports began to emerge that American cloud computing companies like Dropbox and
Amazon Web Services were starting to lose business to overseas competitors.32 The CEO of Artmotion, one of
Switzerlands largest offshore hosting providers, reported in July 2013 that his company had seen a 45 percent
jump in revenue since the first leaks,33 an early sign that the countrys perceived neutrality and strong data and
Foreign
companies are clearly poised to benefit from growing fears about the security
ramifications of keeping data in the United States. In a survey of 300 British and
Canadian businesses released by PEER 1 in January 2014,36 25 percent of
respondents indicated that they were moving data outside of the U.S. as a result of
the NSA revelations. An overwhelming number of the companies surveyed
indicated that security and data privacy were their top concerns, with 81 percent
stating that they want to know exactly where their data is being hosted. Seventy
percent were even willing to sacrifice performance in order to ensure that their
data was protected.37 It appears that little consideration was given over the past decade to the potential
privacy protections34 could potentially be turned into a serious competitive advantage.35
economic repercussions if the NSAs secret programs were revealed.38 This failure was acutely demonstrated by
the Obama Administrations initial focus on reassuring the public that its programs primarily affect nonAmericans, even though non-Americans are also heavy users of American companies products. Facebook CEO
Mark Zuckerberg put a fine point on the issue, saying that the government blew it in its response to the scandal.
He noted sarcastically: The government response was, Oh dont worry, were not spying on any Americans. Oh,
wonderful: thats really helpful to companies [like Facebook] trying to serve people around the world, and thats
really going to inspire confidence in American internet companies.39 As Zuckerbergs comments reflect,
edge U.S. companies have in cloud computing into a liability , especially in Europe.45 In a
follow up to the ITIF study, Forrester Research analyst James Staten argued that the think
tanks estimates were low, suggesting that the actual figure could be as high as
$180 billion over three years.46 Staten highlighted two additional impacts not
considered in the ITIF study. The first is that U.S. customersnot just foreign companies
would also avoid US cloud providers, especially for international and overseas
business. The ITIF study predicted that American companies would retain their domestic market share, but
Staten argued that the economic blowback from the revelations would be felt at home, too. You dont have
to be a French company, for example, to be worried about the US government
snooping in the data about your French clients, he wrote.47 Moreover, the analysis highlighted
a second and far more costly impact: that foreign cloud providers, too, would lose
as much as 20 percent of overseas and domestic business because of
similar spying programs conducted by other governments . Indeed, the NSA
disclosures have prompted a fundamental re-examination of the role of intelligence services in conducting
coordinated cross-border surveillance, according to a November 2013 report by Privacy International on the
Five Eyes intelligence partnership between the United States, the United Kingdom, Canada, Australia, and New
As Georg Mascolo and Ben Scott predicted in a joint paper published by the Wilson Center and the New America
Foundation in October 2013, Major commercial actors on both continents are preparing offensive and defensive
For
example, Runbox, a small Norwegian company that offers secure email service,
reported a 34 percent jump in customers since June 201 3.54 Runbox markets itself as a safer
strategies to battle in the market for a competitive advantage drawn from Snowdens revelations.53
email and webhosting provider for both individual and commercial customers, promising that it will never
the Runbox email service is governed by strict privacy regulations and is a safe alternative to American email
services as well as cloud-based services that move data across borders and jurisdictions, company
representatives wrote on its blog in early 2014.56 F-Secure, a Finnish cloud storage company, similarly
Presenting
products and services as NSA-proof or safer alternatives to Americanmade goods is an increasingly viable strategy for foreign companies hoping
to chip away at U.S. tech competiveness.58
emphasizes the fact that its roots [are] in Finland, where privacy is a fiercely guarded value.57
these actions
will undermine confidence in our industry and in the ability of technology
companies to deliver products globally.65 Much like Cisco, Qualcomm, IBM,
Chambers wrote in a letter to the Obama Administration that if these allegations are true,
Microsoft, and Hewlett-Packard all reported in late 2013 that sales were
down in China as a result of the NSA revelations.66 Sanford C. Bernstein
analyst Toni Sacconaghi has predicted that after the NSA revelations, US
technology companies face the most revenue risk in China by a wide margin , followed
by Brazil and other emerging markets.67 Industry observers have also questioned whether
companies like Applewhich hopes to bring in significant revenue from iPhone
sales in Chinawill feel the impact overseas.68 Even AT&T reportedly faced
intense scrutiny regarding its proposed acquisition of Vodafone, a European wireless carrier, after
journalists revealed the extent of AT&Ts collaboration with the NSA.69 American
companies are also losing out on business opportunities and contracts with
large companies and foreign governments as a result of NSA spying . According
to an article in The New York Times, American businesses are being left off some requests
for proposals from foreign customers that previously would have included them. 70
This refers to German companies, for example, that are increasingly uncomfortable giving their
business to American firms. Meanwhile, the German government plans to change
its procurement rules to prevent American companies that cooperate with the
NSA or other intelligence organizations from being awarded federal IT contracts. 71
The government has already announced it intends to end its contract with Verizon ,
which provides Internet service to a number of government departments.72 There are indications that
Verizon is legally required to provide certain things to the NSA, and thats one of
the reasons the cooperation with Verizon wont continue, a spokesman for the
German Interior Ministry told the Associated Press in June.73 The NSA disclosures
have similarly been blamed for Brazils December 2013 decision to award a $4.5
billion contract to Saab over Boeing, an American company that had previously
been the frontrunner in a deal to replace Brazils fleet of fighter jets .74 Welber Barral, a
former Brazilian trade secretary, suggested to Bloomberg News that Boeing would have won the contract a year
Germany and Brazil are also considering data localization proposals that could harm U.S. business interests and
prevent American companies from entering into new markets because of high compliance costs. Cost to Public Trust in
American Companies The pressure is increasing on American companies to respond to the revelations in order to mitigate potential backlash and prevent foreign companies from
poaching their business. According to the R Street Institute study, It appears the NSAs aggressive surveillance has created an overall fear among U.S. companies that there is guilt
by association from which they need to proactively distance themselves.79 Some companies have tried to regain trust by publicly stating that they are not part of PRISM or other
NSA programs, issuing disclaimers along the lines of those published by Amazon and Salesforce in June 2013.80 Others that have been directly linked to the NSA programs have
publicly criticized the American government and called for greater transparency in order to rebuild user confidence and counteract potential economic harms.81 To that end, nine
major American companiesAOL, Apple, Dropbox, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoojoined together in the Reform Government Surveillance campaign in
January 2014, where they launched a website and wrote an open letter to government leaders laying out principles for surveillance reform, including an end to bulk collection and
opposition to data localization requirements.82 Since the launch, the coalition has urged reform on Capitol Hill through outreach and letters to Congress, supported the February
2014 The Day We Fight Back activist campaign, and hired a lobbyist to bolster their efforts to curb the NSAs reach.83 This unlikely, public partnership of some of Internets biggest
rivals speaks to the seriousness of the threats to their collective business interests.84 Indeed, according to an April 2014 Harris poll commissioned by a data security company, nearly
half of the 2,000 respondents (47 percent) have changed their online behavior since the NSA leaks, paying closer attention not only to the sites they visit but also to what they say and
do on the Internet.85 In particular, 26 percent indicated that they are now doing less online shopping and banking since learning the extent of government surveillance programs.
Clearly, there are significant financial incentives for companies to distance themselves from the programs, and as a result, they are expending capitalactual and politicalto do so.
Other companies have taken it a step further, developing new products or taking additional precautions to assure customers that their data is safe from the NSA. Many tech
companies feel they have no choice but to try to develop NSA resistant products because customers from China to Germany threaten to boycott American hardware and cloud services
they view as compromised, wrote USA Today in February 2014.86 Companies like Yahoo and Google have devoted increased resources to hardening their systems against NSA
surveillance in order to assure users that their data is adequately protected.87 Yahoo implemented automatic encryption on its email service in January 2014, and in March 2014
began encrypting all traffic that moved between its data centers, as well as queries on its homepage and its messaging service.88 Googles Vice President for Security Engineering,
Eric Grosse, referred to efforts to protect users data from government surveillance as an arms race, when discussing the companys move last fall to encrypt all information
travelling between its data centers.89 In June 2014, Google unveiled a source code extension for the Chrome browser called End-to-End which is designed to make email encryption
easy, and announced a new section of its transparency report called Safer Email which details the percentage of email that is encrypted in transit and identifies the providers who
support encryption.90 These changes are part of a new focus on encouraging users and companies to harden their systems against NSA surveillance, and the strategy appears to be
working. Almost immediately, Comcast announced its plans to work with Google to encrypt all email traffic exchanged with Gmail after the cable company was described as one of the
worst offenders in the new report.91 Meanwhile, Microsoft has been publicizing its policy that allows customers to store their data in Microsoft data centers in specific countries.92
John E. Frank, deputy general counsel at Microsoft, told The New York Times, Were hearing from customers, especially global enterprise customers, that they care more than ever
about where their content is stored and how it is used and secured.93 IBM is reportedly spending over a billion dollars to build overseas data centers in an effort to reassure foreign
customers that their data is protected from U.S. surveillance.94 In reference to foreign customers asking about whether their data is protected from government snooping, an IBM
executive said, My response is protect your data against any third party whether its the NSA, other governments, hackers, terrorists, whatever, adding that it is time to start
talking about encryption and VPNs and all the ways you can protect yourself.95 Finally, faced with an impossible choice between maintaining user trust and complying with
government requests, a handful of American companies that provide secure email services have had to shut down their operations altogether. Lavabit, a secure email service provider
that experienced a 1,900 percent increase in account registrations after the Snowden revelations, shuttered its business after it became clear that user data could not be protected
from government surveillance. When the NSA could not read Lavibits communications directly by breaking its encryption, the agency obtained orders compelling the company to
hand over information related to its encryption keys, which would have given the NSA the ability to decrypt the communications of all 400,000 of Lavabits customers.96 Silent Circle,
a secure communications provider that saw a 400 percent revenue increase following the Snowden revelations, followed Lavabits lead and shut down its secure mail service,
again, we are well positioned to lead the world out of this one. Want proof? American businesses systemically and
culturally react fast. Two years after the economic downturn began the United States was generating 97% of its
economic output with only 90% of the labor. This sort of gain in productivity ultimately translates into increased
economic activity, the ability to pay down debt and a higher standard of living for those of us who are employed.
productivity gains
from working harder can only take us so far. Innovation and technology can and
must take us the rest of the way, creating new jobs and new industries . Our so
called information economy, for example, is ripe for innovation. Today, all
organizations are dependent on information technology. What makes me
optimistic about the future is that we have not even begun to scratch the surface of
all that can be accomplished by actually applying information technology
pervasively. We have spent trillions of dollars worldwide for the computers to create
and process information, networks to move it around and the hardware to store it.
But we are at a point where we spend 60 to 70% of IT budgets just to maintain
those systems and infrastructures. No wonder progress in applying IT is so slow. This is the
Unfortunately it does not directly address the issue of unemployment. The fact is that
technology equivalent of every organization in the world, big or small, investing the
capital and human resources to build and operate their own electricity producing
power plants. But instead, picture a world where software platforms are available
online and easily customizable. Picture a world where compute power is generated
off site, available in quantities when and where you need it. And picture a world
where information is safely stored, efficiently managed and accessible, when and
where you need it. These are cloud infrastructures. The economies of scale,
flexibility and efficiency they offer will not only save organizations massive amounts
of capital and maintenance costs but emancipate them to apply and use
information as never before. An unbelievable opportunity to raise productivity while
creating unprecedented opportunities for businesses and workers. Now picture a healthcare system where a doctor has medical records at his fingertips, can see x-rays with the click of a mouse, is able to
learn and apply the latest diagnostic and surgical technique from anywhere in the world. Think of the efficiencies in
hospital supply chains, the delivery of prescription drugs, the processing of billing and insurance claims, reductions
in fraud, and the application of best practices for cost controls. The capacity for improvement is endless. As a
the nature of our society: egalitarian, free, open and competitive that make us the most adaptive, inventive and
resilient country in the world. Time again for us to lead.
economic
instability between the First and Second World Wars could be attributed to the lack
of an economic hegemon (Kindleberger 1973). But economic instability obviously has spillover effects into the
international political arena. Keynes, writing after WWI, warned in his seminal tract The Economic Consequences of the Peace that
Germanys economic humiliation could have a radicalizing effect on the nations political culture (Keynes 1919). Given later
events, his warning seems prescient. In the years since the Second World War, however, the European continent has not relapsed
into armed conflict. What was different after the second global conflagration? Crucially, the United States was in a far more
powerful position than Britain was after WWI. As the tables above show, Britains economic strength after the First World War was
about 13% of the total in strength in the international system. In contrast, the United States possessed about 53% of relative
economic power in the international system in the years immediately following WWII. The U.S. helped rebuild Europes economic
strength with billions of dollars in investment through the Marshall Plan, assistance that was never available to the defeated
powers after the First World War (Kindleberger 1973). The interwar years were also marked by a series of debilitating trade wars
that likely worsened the Great Depression (Ibid.). In contrast, when Britain was more powerful, it was able to facilitate greater
free trade, and after World War II, the United States played a leading role in creating institutions like the GATT that had an
essential role in facilitating global trade (Organski 1958). The possibility that economic stability is an important factor in the
Another
theory that could provide insight into the patterns observed in this research is that
of preponderance of power. Gilpin theorized that when a state has the
preponderance of power in the international system, rivals are more likely
to resolve their disagreements without resorting to armed conflict (Gilpin
1983). The logic behind this claim is simple it makes more sense to challenge a weaker hegemon than a stronger one. This
overall security environment should not be discounted, especially given the results of my statistical analysis.
simple yet powerful theory can help explain the puzzlingly strong positive correlation between military conflicts engaged in by the
hegemon and conflict overall. It is not necessarily that military involvement by the hegemon instigates further conflict in the
international system. Rather, this military involvement could be a function of the hegemons weaker position, which is the true
cause of the higher levels of conflict in the international system.
If anything,
this research points to the central importance of economic influence in fostering
international stability. To misconstrue these findings to justify anything else would
be a grave error indeed. Hegemons may play a stabilizing role in the international
system, but this role is complicated. It is economic strength, not military
dominance that is the true test of hegemony. A weak state with a strong
military is a paper tiger it may appear fearsome, but it is vulnerable to even a
short blast of wind.
justification to engage in conflict or escalate military budgets purely for the sake of international stability.
the global
distribution of power is shifting, and the inevitable result will be a world that is
less peaceful, liberal and prosperous, burdened by a dearth of effective conflict
regulation. Over the past two decades, no other state has had the ability to
seriously challenge the US military. Under these circumstances, motivated by both
opportunity and fear, many actors have bandwagoned with US hegemony and
accepted a subordinate role. Canada, most of Western Europe, India, Japan, South Korea, Australia, Singapore and
the Philippines have all joined the US, creating a status quo that has tended to mute great power conflicts. However, as
the hegemony that drew these powers together withers, so will the pulling power
behind the US alliance. The result will be an international order where power is
more diffuse, American interests and influence can be more readily challenged, and conflicts or wars may
be harder to avoid. As history attests, power decline and redistribution result in
military confrontation. For example, in the late 19th century Americas emergence as a regional power saw it launch
its first overseas war of conquest towards Spain. By the turn of the 20th century, accompanying the increase in US power and
waning of British power, the American Navy had begun to challenge the notion that Britain rules the waves. Such a notion would
eventually see the US attain the status of sole guardians of the Western Hemispheres security to become the order-creating
Leviathan shaping the international system with democracy and rule of law. Defining this US-centred system are three key
characteristics: enforcement of property rights, constraints on the actions of powerful individuals and groups and some degree of
Americas authority, although sullied at times, has benefited people across much of Latin America, Central and Eastern Europe,
the Balkans, as well as parts of Africa and, quite extensively, Asia, the answer to this question could affect global society in a
Public imagination and academia have anticipated that a posthegemonic world would return to the problems of the 1930s: regional blocs, trade
conflicts and strategic rivalry. Furthermore, multilateral institutions such as the
IMF, the World Bank or the WTO might give way to regional organisations. For
example, Europe and East Asia would each step forward to fill the vacuum left by
Washingtons withering leadership to pursue their own visions of regional political and economic orders. Free markets
would become more politicised and, well, less free and major powers would
compete for supremacy. Additionally, such power plays have historically possessed
a zero-sum element. In the late 1960s and 1970s, US economic power declined relative to the rise of the Japanese and
profoundly detrimental way.
Western European economies, with the US dollar also becoming less attractive. And, as American power eroded, so did
As we get closer to the centenary of Gavrilo Princips act of terrorism in Sarajevo, there is an ever more vivid fear:
it could happen again . The approach of the hundredth anniversary of 1914 has put a
spotlight on the fragility of the worlds political and economic security systems . At the
beginning of 2013, Luxembourgs Prime Minister Jean-Claude Juncker was widely ridiculed for evoking the shades
emanated from the United States but affected the rest of the world and demonstrated the fragility of the whole
international financial order. The aftermath of the 1907 crash drove the then hegemonic power Great Britain - to
reflect on how it could use its financial power. Between 1905 and 1908, the British Admiralty evolved the broad
outlines of a plan for financial and economic warfare that would wreck the financial system of its major European
rival, Germany, and destroy its fighting capacity. Britain used its extensive networks to gather information about
opponents. London banks financed most of the worlds trade. Lloyds provided insurance for the shipping not just
of Britain, but of the world. Financial networks provided the information that allowed the British government to
find the sensitive strategic vulnerabilities of the opposing alliance. What pre-1914 Britain did anticipated the
private-public partnership that today links technology giants such as Google, Apple or Verizon to U.S. intelligence
gathering. Since last year, the Edward Snowden leaks about the NSA have shed a light on the way that global
networks are used as a source of intelligence and power. For Britains rivals, the financial panic of 1907 showed
the necessity of mobilizing financial powers themselves. The United States realized that it needed a central bank
analogous to the Bank of England. American financiers thought that New York needed to develop its own
commercial trading system that could handle bills of exchange in the same way as the London market. Some of
the dynamics of the pre-1914 financial world are now re-emerging. Then an
economically declining power , Britain, wanted to use finance as a weapon against its
larger and faster growing competitors, Germany and the United States. Now America is in turn obsessed
by being overtaken by China according to some calculations, set to become the worlds largest
economy in 2014. In the aftermath of the 2008 financial crisis, financial institutions
appear both as dangerous weapons of mass destruction , but also as potential instruments for
the application of national power. In managing the 2008 crisis, the dependence of foreign banks on U.S. dollar
funding constituted a major weakness, and required the provision of large swap lines by the Federal Reserve. The
United States provided that support to some countries, but not others, on the basis of an explicitly political logic,
as Eswar Prasad demonstrates in his new book on the Dollar Trap. Geo-politics is intruding into banking
practice elsewhere. Before the Ukraine crisis, Russian banks were trying to acquire assets in Central and Eastern
Europe. European and U.S. banks are playing a much reduced role in Asian trade finance. Chinese banks are
being pushed to expand their role in global commerce. After the financial crisis, China started to build up the
renminbi as a major international currency. Russia and China have just proposed to create a new credit rating
agency to avoid what they regard as the political bias of the existing (American-based) agencies. The next stage
in this logic is to think about how financial power can be directed to national advantage in the case of a diplomatic
tussle. Sanctions are a routine (and not terribly successful) part of the pressure applied to rogue states such as
Iran and North Korea. But financial pressure can be much more powerfully applied to countries that are deeply
embedded in the world economy. The test is in the Western imposition of sanctions after the Russian annexation
of Crimea. President Vladimir Putins calculation in response is that the European Union and the United States
cannot possibly be serious about the financial war. It would turn into a boomerang: Russia would be less affected
The threat of systemic
disruption generates a new sort of uncertainty, one that mirrors the decisive feature
of the crisis of the summer of 1914. At that time, no one could really know whether
clashes would escalate or not. That feature contrasts remarkably with almost the entirety of the Cold
War, especially since the 1960s, when the strategic doctrine of M utually A ssured D estruction
than the more developed and complex financial markets of Europe and America.
left no doubt that any superpower conflict would inevitably escalate . The idea of
network disruption relies on the ability to achieve advantage by surprise, and to win at no or low cost. But it is
inevitably a gamble, and raises prospect that others might, but also might not be able to, mount the same sort of
there is an enhanced temptation to roll the dice, even though
the game may be fatal.
An American decline would impact the nuclear domain most profoundly by inciting a crisis
of confidence in the credibility of the American nuclear umbrella. Countries like South Korea, Taiwan, Japan, Turkey, and
even Israel, among others, rely on the United States extended nuclear deterrence for security . If they were to see
the United States slowly retreat from certain regions, forced by circumstances to pull
back its guarantees, or even if they were to lose confidence in standing US
guarantees, because of the financial, political, military, and diplomatic consequences of an American decline, then they
will have to seek security elsewhere. That elsewhere security could originate from only two sources: from nuclear
weapons of ones own or from the extended deterrence of another powermost likely Russia, China, or India. It is possible
that countries that feel threatened by the ambition of existing nuclear weapon states, the addition of new nuclear weapon states,
or the decline in the reliability of American power would develop their own nuclear capabilities. For crypto-nuclear powers like
Germany and Japan, the path to nuclear weapons would be easy and fairly quick, given their extensive civilian nuclear industry,
their financial success, and their technological acumen. Furthermore, the continued existence of nuclear weapons in North Korea
and the potentiality of a nuclear-capable Iran could prompt American allies in the Persian Gulf or East Asia to build their own
nuclear deterrents. Given North Koreas increasingly aggressive and erratic behavior, the failure of the six-party talks, and the
widely held distrust of Irans megalomaniacal leadership, the guarantees offered by a declining Americas nuclear umbrella might
Russia might even become inclined to extend nuclear assurances to their respective client states. Not only could this signal a
renewed regional nuclear arms race between these three aspiring powers but
United States would thus precipitate drastic changes to the nuclear domain.
insecure American allies and/or an arms race between the emerging Asian powers
outcomes. This ripple effect of proliferation would undermine the transparent management of the nuclear
domain and increase the likelihood of interstate rivalry, miscalculation, and eventually
even perhaps of international nuclear terror. In addition to the foregoing, in the course of this century the world will
face a series of novel geopolitical challenges brought about by significant changes in the physical environment. The management
of those changing environmental commonsthe growing scarcity of fresh water, the opening of the Arctic, and global warming
will require global consensus and mutual sacrifice. American leadership alone is not enough to secure cooperation on all these
Asia. The latter is likely to be the case especially in regard to the increasingly scarce water resources in many countries.
According to the United States Agency for International Development (USAID), by 2025 more than 2.8 billion people will be living
in either water-scarce or water-stressed regions, as global demand for water will double every twenty years.9 While much of the
Southern Hemisphere is threatened by potential water scarcity, interstate conflictsthe geopolitical consequences of cross-border
water scarcityare most likely to occur in Central and South Asia, the Middle East, and northeastern Africa, regions where limited
water resources are shared across borders and political stability is transient . The combination of political insecurity and resource
scarcity is a menacing geopolitical combination. The threat of water conflicts is likely to intensify as the economic growth and
increasing demand for water in emerging powers like Turkey and India collides with instability and resource scarcity in rival
countries like Iraq and Pakistan. Water scarcity will also test Chinas internal stability as its burgeoning population and growing
industrial complex combine to increase demand for and decrease supply of usable water .
dispute
between India and China over the status of Northeast India, an area through which the vital Brahmaputra River
flows, also remains a serious concern. As American hegemony disappears and regional
competition intensifies, disputes over natural resources like water have the potential to
develop into full-scale conflicts. The slow thawing of the Arctic will also change the face of the international
competition for important resources. With the Arctic becoming increasingly accessible to human endeavor, the five Arctic littoral
statesthe United States, Canada, Russia, Denmark, and Norwaymay rush to lay claim to its bounty of oil, gas, and metals. This
run on the Arctic has the potential to cause severe shifts in the geopolitical landscape, particularly to Russias advantage. As
Vladimir Radyuhin points out in his article entitled The Arctics Strategic Value for Russia, Russia has the most to gain from
access to the Arctic while simultaneously being the target of far north containment by the other four Arctic states, all of which are
members of NATO. In many respects this new great game will be determined by who moves first with the most legitimacy, since
very few agreements on the Arctic exist. The first Russian supertanker sailed from Europe to Asia via the North Sea in the summer
of 2010.10 Russia has an immense amount of land and resource potential in the Arctic. Its territory within the Arctic Circle is 3.1
million square kilometersaround the size of Indiaand the Arctic accounts for 91% of Russias natural gas production, 80% of its
explored natural gas reserves, 90% of its offshore hydrocarbon reserves, and a large store of metals.11 Russia is also attempting
to increase its claim on the territory by asserting that its continental shelf continues deeper into the Arctic, which could qualify
Russia for a 150-mile extension of its Exclusive Economic Zone and add another 1.2 million square kilometers of resource-rich
territory. Its first attempt at this extension was denied by the UN Commission on the Continental Shelf, but it is planning to
reapply in 2013. Russia considers the Arctic a true extension of its northern border and in a 2008 strategy paper President
Medvedev stated that the Arctic would become Russias main strategic resource base by 2020.12 Despite recent conciliatory
summits between Europe and Russia over European security architecture, a large amount of uncertainty and distrust stains the
Wests relationship with Russia. The United States itself has always maintained a strong claim on the Arctic and has continued
patrolling the area since the end of the Cold War. This was reinforced during the last month of President Bushs second term when
he released a national security directive stipulating that America should preserve the global mobility of the United States military
and civilian vessels and aircraft throughout the Arctic region. The potentiality of an American decline could embolden Russia to
more forcefully assert its control of the Arctic and over Europe via energy politics; though much depends on Russias political
orientation after the 2012 presidential elections. All five Arctic littoral states will benefit from a peaceful and cooperative
agreement on the Arcticsimilar to Norways and Russias 2010 agreement over the Barents Straitand the geopolitical stability
it would provide. Nevertheless, political circumstances could rapidly change in an environment where control over energy remains
Global climate change is the final component of the environmental commons and the
Scientists and policy makers alike have projected
catastrophic consequences for mankind and the planet if the world average temperature rises by more
than two degrees over the next century. Plant and animal species could grow extinct at a rapid pace, largescale ecosystems could collapse, human migration could increase to untenable levels, and
global economic development could be categorically reversed. Changes in geography, forced
migration, and global economic contraction layered on top of the perennial regional security challenges could create a
geopolitical reality of unmanageable complexity and conflict, especially in the densely populated and politically
Russias single greatest priority.
unstable areas of Asia such as the Northeast and South. Furthermore, any legitimate action inhibiting global climate change will
require unprecedented levels of self-sacrifice and international cooperation. The United States does consider climate change a
serious concern, but its lack of both long-term strategy and political commitment, evidenced in its refusal to ratify the Kyoto
Protocol of 1997 and the repeated defeat of climate-change legislation in Congress, deters other countries from participating in a
global agreement. The United States is the second-largest global emitter of carbon dioxide, after China, with 20% of the worlds
share. The United States is the number one per capita emitter of carbon dioxide and the global leader in per capita energy
demand. Therefore,
countries
to
cooperate,
but also in actually inhibiting climate change. Others around the world, including the European Union and Brazil,
have attempted their own domestic reforms on carbon emissions and energy use, and committed themselves to pursuing
renewable energy. Even China has made reducing emissions a goal, a fact it refuses to let the United States ignore. But none of
those nations currently has the ability to lead a global initiative. President Obama committed the United States to energy and
carbon reform at the Copenhagen Summit in 2009, but the increasingly polarized domestic political environment and the truculent
American economic recovery are unlikely to inspire progress on costly energy issues. China is also critically important to any
discussion of the management of climate change as it produces 21% of the worlds total carbon emissions, a percentage that will
only increase as China develops the western regions of its territory and as its citizens experience a growth in their standard of
living. China, however, has refused to take on a leadership role in climate change, as it has also done in the maritime, space, and
cyberspace domains. China uses its designation as a developing country to shield itself from the demands of global stewardship.
Chinas tough stance at the 2009 Copenhagen Summit underscores the potential dangers of an American decline: no other country
has the capacity and the desire to accept global stewardship over the environmental commons. Only a vigorous Unites States
could lead on climate change, given Russias dependence on carbon-based energies for economic growth, Indias relatively low
insecurity, endanger some vulnerable states, produce a more troubled North American neighborhood, and make cooperative
management of the global commons more difficult is not an argument for US global supremacy. In fact, the strategic complexities
of the world in the twenty-first centuryresulting from the rise of a politically self-assertive global population and from the
dispersal of global powermake such supremacy unattainable. But in this increasingly complicated geopolitical environment, an
America in pursuit of a new, timely strategic vision is crucial to helping the world avoid a dangerous slide into international
turmoil.