Crypto Affirmative - DDI 2015 ST

1AC
1AC
SQ
Cryptowars are coming now. The NSA and FBI want to block
and undermine strong encryption in favor of easy surveillance
of all digital communication, Computer scientists are fighting
back.
Tokmetzi 2015
Dimitri, Data Journalist at the Correspondent (Netherlands) Think piece: How to

protect privacy and security? Global Conference on CyberSpace 2015 16 - 17 April
2015 The Hague, The Netherlands
https://www.gccs2015.com/sites/default/files/documents/How%20to%20protect
%20privacy%20and%20security%20in%20the%20crypto%20wars.pdf
We thought that the Crypto Wars of the nineties were over , but renewed fighting has
erupted since the Snowden revelations. On one side, law enforcement and intelligence
agencies are afraid that broader use of encryption on the Internet will make their
work harder or even impossible. On the other, security experts and activists argue that
installing backdoors will make everyone unsafe. Is it possible to find some middle ground between
these two positions? This is the story of how a handful of cryptographers hacked the NSA. Its also a story of
encryption backdoors, and why they never quite work out the way you want them to. So began the blog post on
the FREAK attack, one of the most ironic hacks of recent years. Matthew Green, assistant professor at John Hopkins
university, and a couple of international colleagues exploited a nasty bug on the servers that host the NSA website.
By forcing the servers to use an old, almost forgotten and weak type of encryption which they were able to crack
within a few hours, they managed to gain access to the backend of the NSA website, making it possible for them to
alter its content. Worse still, the cryptographers found that the same weak encryption was used on a third of the 14
million other websites they scanned. For instance, if they had wanted to, they could have gained access to
whitehouse.gov or tips.fbi.gov. Many smartphone apps turned out to be vulnerable as well. The irony is this: this
weak encryption was deliberately designed for software products exported from the US in the nineties. The NSA
wanted to snoop on foreign governments and companies if necessary and pushed for a weakening of encryption.
This weakened encryption somehow found its way back onto the servers of US companies and government
agencies. Since the NSA was the organization that demanded export-grade crypto, its only fitting that they should
be the first site affected by this vulnerability, Green gleefully wrote. The FREAK attack wasnt only a show of
Ever since Edward Snowden released the

NSA files in June 2013, a new battle has been raging between computer security
experts and civil liberties activists on one side and law enforcement and intelligence
agencies on the other. There was one set of revelations that particularly enraged the security community. In
technological prowess, but also a political statement.
September 2013 the New York Times, ProPublica and the Guardian published a story on the thorough and persistent
In a prolonged,
operation dubbed BULLRUN, the intelligence agencies used
supercomputers to crack encryption, asked, persuaded or cajoled telecom and web
companies to build backdoors into their equipment and software, used their influence to
plant weaknesses in cryptographic standards and simply stole encryption keys from
individuals and companies. A war is looming But security specialists argue that by
attacking the encryption infrastructure of the Internet, the intelligence agencies
have made us all less safe. Terrorists and paedophiles may use encryption to protect themselves when
planning and committing terrible crimes, but the Internet as a whole cannot function
without proper encryption. Governments cannot provide digital services to their
citizens if they cannot use safe networks. Banks and financial institutions must be able to
communicate data over secure channels. Online shops need to be able to process payments safely.
And all companies and institutions have to keep criminals and hackers out of their
systems. Without strong encryption, trust cannot exist online.
Cryptographers have vowed to fight back. Major web companies like Google and Yahoo!
efforts of the NSA and its British counterpart GCHQ to decrypt Internet traffic and databases.
multi-billion
promised their clients strong end-to-end encryption for email and vowed to improve the security of their networks
and databases. Apple developed a new operating system that encrypted all content on the new iPhone by default.
And hackers started developing web applications and hardware with strong, more user-friendly encryption. In the
past few years we have seen the launch of encrypted social media (Twister), smartphones (Blackphone), chat
software (Cryptocat), cloud storage (Boxcryptor), file sharing tools (Peerio) and secure phone and SMS apps
(TextSecure and Signal). This worries governments. In the wake of the attack on Charlie Hebdo in Paris, UK Prime
Minister David Cameron implied that encryption on certain types of communication services should be banned. In
the US, FBI director James Comey recently warned that the intelligence agencies are going dark because of the
In Europe, the US and elsewhere

politicians are proposing that mandatory backdoors be incorporated in hardware
and software. Some even want governments to hold golden keys that can decrypt
all Internet traffic. The obvious question is how we can meet the needs of all concerned? One the one hand,
emergence of default encryption settings on devices and in web applications.
how can we ensure that intelligence and law enforcement agencies have access to communications and data when
they have a legal mandate to do so? Their needs are often legitimate. One the other, how can we ensure strong
data protection for all, not only a techsavvy few? As we shall see, this crypto conflict isnt new, nor is the obvious
question the right question to ask at this moment.
And, if intelligence agencies win the cryptowar the result

would gravely undermine the security of all digital
communication. Computer scientists conclusively vote aff.
Weitzner et al, 2015,
DANIEL J. WEITZNER, Principal Research Scientist at the MIT Computer Science and Artificial
Intelligence Lab; HAROLD ABELSON, Professor of Electrical Engineering and Computer Science at
MIT; ROSS ANDERSON, Professor of Security Engineering at the University of Cambridge; STEVEN
M. BELLOVIN, Professor of Computer Science at Columbia University. JOSH BENALOH, Senior
Cryptographer at Microsoft Research; MATT BLAZE, Associate Professor of Computer and
Information Science at the University of Pennsylvania; WHITFIELD DIFFIE, discovered the concept
of public-key cryptography opened up the possibility of secure, Internet-scale communications.
JOHN GILMORE, co-founded Cygnus Solutions, and the Electronic Frontier Foundation; MATTHEW
GREEN, Research Professor at the Johns Hopkins University Information Security Institute. PETER
G. NEUMANN, Senior Principal Scientist at the SRI International Computer Science Lab; SUSAN
LANDAU, professor of cybersecurity policy at Worcester Polytechnic Institute. RONALD L. RIVEST,
MIT Institute Professor; JEFFREY I. SCHILLER was the Internet Engineering Steering Group Area
Director for Security (19942003); BRUCE SCHNEIER, Fellow at the Berkman Center for Internet
and Society at Harvard Law School; MICHAEL A. SPECTER, PhD candidate in Computer Science at
MITs Computer Science and Artificial Intelligence Laboratory. Keys Under Doormats: Mandating
Insecurity By Requiring Government Access To All Data And Communications 7/6/15 MIT
Cybersecurity and Internet Policy Research Initiative
http://dspace.mit.edu/handle/1721.1/97690#files-area
The goal of this report is to similarly analyze
the newly proposed requirement of exceptional
access to communications in todays more complex, global information infrastructure. We find that it
would pose far more grave security risks, imperil innovation, and raise thorny issues
for human rights and international relations. There are three general problems. First, providing
exceptional access to communications would force a U-turn from the best practices
now being deployed to make the Internet more secure . These practices include forward secrecy
where decryption keys are deleted immediately after use, so that stealing the encryption key used by a
communications server would not compromise earlier or later communications. A related technique, authenticated
encryption, uses the same temporary key to guarantee confidentiality and to verify that the message has not been
Second, building in exceptional access would substantially

increase system complexity. Security researchers inside and outside government agree that
complexity is the enemy of security every new feature can interact with others to create
forged or tampered with.
vulnerabilities. To achieve widespread exceptional access, new technology features would have to be deployed and
tested with literally hundreds of thousands of developers all around the world. This is a far more complex
environment than the electronic surveillance now deployed in telecommunications and Internet access services,
which tend to use similar technologies and are more likely to have the resources to manage vulnerabilities that may
arise from new features.
Features to permit law enforcement exceptional access across a
wide range of Internet and mobile computing applications could be particularly

problematic because their typical use would be surreptitious making security
testing difficult and less effective. Third, exceptional access would create
concentrated targets that could attract bad actors. Security credentials that unlock the data
would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party. If
law enforcements keys guaranteed access to everything, an attacker who gained
access to these keys would enjoy the same privilege . Moreover, law enforcements stated need
for rapid access to data would make it impractical to store keys offline or split keys among multiple keyholders, as
Recent attacks on the United

show how much harm can arise when
many organizations rely on a single institution that itself has security vulnerabilities .
In the case of OPM, numerous federal agencies lost sensitive data because OPM had insecure infrastructure. If
service providers implement exceptional access requirements incorrectly, the
security of all of their users will be at risk.
security engineers would normally do with extremely high-value credentials.
States Government Office of Personnel Management ( OPM)
And, the threat to encryption is not hypothetical, the NSA has

already inserted backdoors in software and undermined
commercial encryption standards.
Harris, 2014
Shane, American journalist and author at Foreign Policy magazine. @WAR : the rise
of the military-Internet complex / Houghton Mifflin Harcourt. P.88-93
For the past ten years the NSA has led an effort in conjunction with its British counterpart, the
Government Communications Headquarters, to defeat the widespread use of encryption technology
by inserting hidden vulnerabilities into widely used encryption standards . Encryption is
simply the process of turning a communication - say, an e-mail - into a jumble of meaningless numbers and digits, which can only be
deciphered using a key possessed by the e-mail's recipient. The NSA once fought a public battle to gain access to encryption keys,
The agency then turned its attention

toward weakening the encryption algorithms that are used to encode
communications in the first place. The NSA is home to the world's best code
makers, who are regularly consulted by public organizations , including government agencies, on
how to make encryption algorithms stronger. That's what happened in 2006 - a year after
Alexander arrived - when the NSA helped developed an encryption standard that was
eventually adopted by the National Institute of Standards and Technology, the US government agency that has
so that it could decipher messages at will, but it lost that fight.
the last word on weights and measures used for calibrating all manner of tools, industrial equipment, and scientific instruments.
NIST's endorsement of an encryption standard is a kind of Good Housekeeping Seal

of approval. It encourages companies, advocacy groups, individuals, and government agencies around the world to use the
standard. NIST works through an open, transparent process, which allows experts to review the standard and submit comments.
NIST is so trusted that it must approve any

encryption algorithms that are used in commercial products sold to the US
government. But behind the scenes of this otherwise open process, the NSA was strong-arming the
development of an algorithm called a randomnumber generator, a key component
of all encryption. Classified documents show that the NSA claimed it merely wanted to "finesse" some points in the
algorithm's design, but in reality it became the "sole editor" of it and took over the process in secret . Compromising
the number generator, in a way that only the NSA knew, would undermine the
entire encryption standard. It gave the NSA a backdoor that it could use to
decode information or gain access to sensitive computer systems. The NSA's collaboration on
That's one reason its endorsement carries such weight.
the algorithm was not a secret. Indeed, the agency's involvement lent some credibility to the process. But less than a year after the
standard was adopted, security researchers discovered an apparent weakness in the algorithm and speculated publicly that it could
have been put there by the spy agency. The noted computer security expert Bruce Schneier zeroed in on one of four techniques for
randomly generating numbers that NIST had approved. One of them, he wrote in 2007, "is not like the others:' For starters, it worked
three times more slowly than the others, Schneier observed. It was also "championed by the NSA, which first proposed it years ago
in a related standardization project at the American National Standards Institute. Schneier was alarmed that NIST would encourage
people to use an inferior algorithm that had been enthusiastically embraced by an agency whose mission is to break codes. But
there was no proof that the NSA was up to no good. And the flaw in the number generator didn't render it useless. As Schneier
noted, there was a workaround, though it was unlikely anyone would bother to use it. Still, the flaw set cryptologists on edge. The
NSA was surely aware of their unease, as well as the growing body of work that pointed to its secret intervention, because it leaned
on an international standards body that represents 163 countries to adopt the new algorithm. The NSA wanted it out in the world,
and so widely used that people would find it hard to abandon. Schneier, for one, was confused as to why the NSA would choose as a
backdoor such an obvious and now public flaw. (The weakness had first been pointed out a year earlier by employees at Microsoft.)
that the NSA reportedly struck with one of the world's leading
computer security vendors, RSA, a pioneer in the industry. According to a 2013 report by Reuters,
the company adopted the NSA-built algorithm "even before NIST approved it. The
NSA then cited the early use ... inside the government to argue successfully for NIST
approval:' The algorithm became "the default option for producing random numbers in an RSA security product called the
Part of the answer may lie in a deal
bSafe toolkit, Reuters reported. "No alarms were raised, former employees said, because the deal was handled by business leaders
rather than pure technologists.
For its compliance and willingness to adopt the flawed

algorithm, RSA was paid $10 million, Reuters reported. It didn't matter that the NSA had built an obvious
backdoor. The algorithm was being sold by one of the world's top security companies, and it had been adopted by an international
The NSA's campaign to weaken global security for its own

advantage was working perfectly. When news of the NSA's efforts broke in 2013, in documents released by
standards body as well as NIST.
Edward Snowden, RSA and NIST both distanced themselves from the spy agency- but neither claimed that the backdoor hadn't been
installed. In a statement following the Reuters report, RSA denied that it had entered into a "secret contract" with the NSA, and
asserted that "we have never entered into any contract or engaged in any project with the intention of weakening RS.A's products,
or introducing potential 'backdoors' into our products for anyone's use." But it didn't deny that the backdoor existed, or may have
existed. Indeed, RSA said that years earlier, when it decided to start using the flawed number-generator algorithm, the NSA had a
trusted role in the community-wide effort to strenghten, not weaken, encryption. Not so much anymore. When documents leaked
by Snowden confirmed the NSAs work, RSA encouraged people to stop using the number generator as did the NIST. The standards
body issued its own statement following the Snowden revelations. It was a model of carefully calibrated language. "NIST would not
deliberately weaken a cryptographic standard," the organization said in a public statement, clearly leaving open the possibilitywithout confirming it - that the NSA had secretly installed the vulnerability or done so against NIST's wishes. "NIST has a long history
of extensive collaboration with the world's cryptography experts to support robust encryption. The [NSA] participates in the NIST
cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA.
The standards body was effectively telling the world that it had no way to stop the NSA. Even if it wanted to shut the agency out of
the standards process, by law it couldn't. A senior NSA official later seemed to support that contention. In an interview with the
national security blog Lawfare in December 2013, Anne Neuberger, who manages the NSAs relationships with technology
companies, was asked about reports that the agency had secretly handicapped the algorithm during the development process. She
neither confirmed nor denied the accusation. Neuberger called NIST an incredibly respected close partner on many things But, she
noted, it is not a member of the intelligence community. All the work they do is ... pure white hat Neuberger continued, meaning
not malicious and intended solely to def end encryption and promote security. "Their only responsibility is to set standards" and "to
make them as strong as they can possibly be. That is not the NSAs job. Neuberger seemed to be giving the NIST a get-out-of-jailfree card, exempting it from any responsibility for inserting the flaw.The 2006 effort to weaken the number generator wasn't an
It was part of a broader, longer campaign by the NSA to weaken the

basic standards that people and organizations around the world use to protect their
information. Documents suggest that the NSA has been working with NIST since the
early 1990s to hobble encryption standards before they're adopted . The NSA dominated the
isolated incident.
process of developing the Digital Signature Standard, a method of verifying the identity of the sender of an electronic
communication and the authenticity of the information in it. NIST publicly proposed the [standard] in August 1991 and initially
made no mention of any NSA role in developing the standard, which was intended for use in unclassified, civilian communications
systems according to the Electronic Privacy Infonnation Center, which obtained documents about the development process under
the Freedom of Information Act. Following a lawsuit by a group of computer security experts, NIST conceded that the NSA had
developed the standard, which was widely criticized within the computer industry for its perceived weak security and inferiority to
an existing authentication technology, the privacy center reported "Many observers have speculated that the [existing] technique
was disfavored by NSA because it was, in fact, more secure than the NSA-proposed algorithm. From NSA's perspective, its efforts to
defeat encryption are hardly controversial. It is, after all, a code-breaking agency. This is precisely the kind of work it is authorized,
and expected, to do. If the agency developed flaws in encryption algorithms that only it knew about, what would be the harm? But
the flaws weren't secret. By 2007, the backdoor in the number generator was being written about on prominent websites and by
leading security experts. It would be difficult to exploit the weakness - that is, to figure out the key that opened NSA's backdoor. But
this wasn't impossible. A foreign government could figure out how to break the encryption and then use it to spy on its own citizens,
or on American companies and agencies using the algorithm. Criminals could exploit the weakness to steal personal and financial
information. Anywhere the algorithm was used - including in the products of one of the world's leading security companies it was
vulnerable. The NSA might comfort itself by reasoning that code-breaking agencies in other countries were surely trying to
undermine encryption, including the algorithms the NSA was manipulating. And surely they were. But that didnt answer the
The
NSAs clandestine efforts damaged the credibility of NIST and shredded the NSA's
long-held reputation as a trusted, valued participant in creating some of the most
fundamental technologies on the lnternet, the very devices by which people keep
their data, and by extension themselves, safe . Imagine if the NSA had been in the business of building
question, why knowingly undermine not just an algorithm but the entire process by which encryption standards are created?
door locks, and encouraged every homebuilder in America to install its preferred, and secretly flawed, model. No one would stand
for it. At the very least, consumer groups would file lawsuits and calls would go up for the organization's leaders to resign.
Plan
The United States federal government should fully support and
not undermine encryption standards by making clear that it
will not in any way subvert, undermine, weaken, or make
vulnerable generally available commercial encryption.
Plan - Plus Zero Days

The United States federal government should fully support and
not undermine encryption standards by disclosing zero day
vulnerabilities to software manufacturers and by making clear
that it will not in any way subvert, undermine, weaken, or
make vulnerable generally available commercial encryption.
Advantage ___ Economy

Advantage ___ is the economy
First, vulnerabilities that facilitate domestic surveillance
compromise the security of the entire internet.
Venezia 7-13
Paul Venezia, system and network architect, and senior contributing editor at
InfoWorld, where he writes analysis, reviews and The Deep End blog, Encryption
with backdoors is worse than useless its dangerous, InfoWorld, 7/13/15,
http://www.infoworld.com/article/2946064/encryption/encryption-with-forcedbackdoors-is-worse-than-useless-its-dangerous.html, 7/14/15 AV
On the other side of the pond, U.K. Prime Minister David Cameron has said he wants to either ban strong encryption
or require backdoors to be placed into any encryption code to allow law enforcement to decrypt any data at any
The fact that these officials are even having this discussion is a bald
demonstration that they do not understand encryption or how critical it is for
modern life. They're missing a key point: The moment you force any form of
encryption to contain a backdoor, that form of encryption is rendered useless. If a
backdoor exists, it will be exploited by criminals. This is not a supposition, but a certainty. It's not
time.
an American judge that we're worried about. It's the criminals looking for exploits. We use strong encryption every
single day. We use it on our banking sites, shopping sites, and social media sites. We protect our credit card
information with encryption. We encrypt our databases containing sensitive information (or at least we should ).
Our economy relies on strong encryption to move money around in industries large
and small. Many high-visibility sites, such as Twitter, Google, Reddit, and YouTube, default to SSL/TLS
encryption now. When there were bugs in the libraries that support this type of
encryption, the IT world moved heaven and earth to patch them and eliminate the
vulnerability. Security pros were sweating bullets for the hours, days, and in some
cases weeks between the hour Heartbleed was revealed and the hour they could
finally get their systems patched -- and now politicians with no grasp of the ramifications want to introduce a
fixed vulnerability into these frameworks. They are threatening the very foundations of
not only Internet commerce, but the health and security of the global
economy. Put simply, if backdoors are required in encryption methods, the
Internet would essentially be destroyed, and billions of people would be
put at risk for identity theft, bank and credit card fraud, and any number
of other horrible outcomes. Those of us who know how the security sausage is made are appalled
that this is a point of discussion at any level, much less nationally on two continents. Its abhorrent to consider. The
general idea coming from these camps is that terrorists use encryption to communicate. Thus, if there are
Leaving aside the massive

vulnerabilities that would be introduced on everyone else, its clear that the
terrorists could very easily modify their communications to evade those types of
encryption or set up alternative communication methods. We would be creating
holes in the protection used for trillions of transactions, all for naught . Citizens of a city do
backdoors, then law enforcement can eavesdrop on those communications.
not give the police the keys to their houses. We do not register our bank account passwords with the FBI. We do not
knowingly or specifically allow law enforcement to listen and record our phone calls and Internet communications
We should definitely not crack the foundation of secure

Internet communications with a backdoor that will only be exploited by criminals or
the very terrorists that were supposedly trying to thwart . Remember, if the government can
(though that hasnt seemed to matter).
lose an enormous cache of extraordinarily sensitive, deeply personal information on millions of its own employees,
one can only wonder what horrors would be visited upon us if it somehow succeeded in destroying encryption as
well.
The collapse of the internet undermines the entire global

economy
CCIA 12 (international not-for-profit membership organization dedicated to
innovation and enhancing societys access to information and communications)
(Promoting CrossBorder Data Flows Priorities for the Business Community,
http://www.ccianet.org/wpcontent/uploads/library/PromotingCrossBorderDataFlows.pdf)
The movement of electronic information across borders is critical to businesses
around the world, but the international rules governing flows of digital goods, services, data and
infrastructure are incomplete. The global trading system does not spell out a consistent, transparent framework for
the treatment of cross border flows of digital goods, services or information, leaving businesses and individuals to
deal with a patchwork of national, bilateral and global arrangements covering significant issues such as the storage,
transfer, disclosure, retention and protection of personal, commercial and financial data. Dealing with these issues
is becoming even more important as a new generation of networked technologies enables greater crossborder
collaboration over the Internet, which has the potential to stimulate economic development and job growth. Despite
the widespread benefits of crossborder data flows to innovation and economic growth, and due in large part to
gaps in global rules and inadequate enforcement of existing commitments, digital protectionism is a growing threat
around the world. A number of countries have already enacted or are pursuing restrictive policies governing the
provision of digital commercial and financial services, technology products, or the treatment of information to favor
domestic interests over international competition. Even where policies are designed to support legitimate public
interests such as national security or law enforcement, businesses can suffer when those rules are unclear,
arbitrary, unevenly applied or more traderestrictive than necessary to achieve the underlying objective. Whats
more, multiple governments may assert jurisdiction over the same information, which may leave businesses subject
to inconsistent or conflicting rules. In response, the United States should drive the development and adoption of
transparent and highquality international rules, norms and best practices on crossborder flows of digital data and
technologies while also holding countries to existing international obligations. Such efforts must recognize and
accommodate legitimate differences in regulatory approaches to issues such as privacy and security between
countries as well as across sectors. They should also be grounded in key concepts such as nondiscrimination and
national treatment that have underpinned the trading system for decades. The U.S. Government should seek
international commitments on several key objectives, including: prohibiting measures that restrict legitimate cross
border data flows or link commercial benefit to local investment; addressing emerging legal and policy issues
involving the digital economy; promoting industry driven international standards, dialogues and best practices; and
expanding trade in digital goods, services and infrastructure. U.S. efforts should ensure that trade agreements
cover digital technologies that may be developed in the future. At the same time, the United States should work
with governments around the world to pursue other policies that support crossborder data flows, including those
endorsed in the Communique on Principles for Internet Policymaking related to intellectual property protection and
limiting intermediary liability developed by the Organization for Economic Cooperation and Development (OECD) in
June 2011. U.S. negotiators should pursue these issues in a variety of forums around the world, including the World
Trade Organization (WTO), Asia Pacific Economic Cooperation (APEC) forum, OECD, and regional trade negotiations
such as the TransPacific Partnership as appropriate in each forum. In addition, the U.S. Government should solicit
ideas and begin to develop a plurilateral framework to set a new global gold standard to improve innovation.
Finally, the U.S. Government should identify and seek to resolve through WTO or bilateral consultations or other
processes violations of current international rules concerning digital goods, services and information. Promoting
CrossBorder Data Flows: Priorities for the Business Community 2 The importance of crossborder commercial and
Access to computers, servers, routers and mobile devices, services such

as cloud computing whereby remote data centers host information and run applications over the Internet,
and information is vital to the success of billions of individuals, businesses and
entire economies. In the United States alone, the goods, services and content flowing
through the Internet have been responsible for 15 percent of GDP growth over the
past five years. Open, fair and contestable international markets for information and
communication technologies (ICT) and information are important to electronic
retailers, search engines, social networks, web hosting providers,
registrars and the range of technology infrastructure and service
providers who rely directly on the Internet to create economic value. But they
financial flows
are also critical to the much larger universe of manufacturers, retailers, wholesalers, financial services and logistics
firms, universities, labs, hospitals and other organizations which rely on hardware, software and reliable access to
the Internet to improve their productivity, extend their reach across the globe, and manage international networks
of customers, suppliers, and researchers. For example, financial institutions rely heavily on gathering, processing,
and analyzing customer information and will often process data in regional centers, which requires reliable and
secure access both to networked technologies and crossborder data flows. According to McKinsey, more than
threequarters of the value created by the Internet accrues to traditional industries that would exist without the
The overall impact of the Internet and information technologies on

productivity may surpass the effect of any other technology enabler in history,
including electricity and the combustion engine, according to the OECD. Networked
Internet.
technologies and data flows are particularly important to small businesses, nonprofits and entrepreneurs. Thanks to
the Internet and advances in technology, small companies, NGOs and individuals can customize and rapidly scale
their IT systems at a lower cost and collaborate globally by accessing on line services and platforms. Improved
access to networked technologies also creates new opportunities for entrepreneurs and innovators to design
applications and to extend their reach internationally to the more than two billion people who are now connected to
the Internet. In fact, advances in networked technologies have led to the emergence of entirely new business
platforms. Kiva, a microlending service established in 2005, has used the Internet to assemble a network of nearly
600,000 individuals who have lent over $200 million to entrepreneurs in markets where access to traditional
banking systems is limited. Millions of others use online advertising and platforms such as eBay, Facebook, Google
Docs, Hotmail, Skype and Twitter to reach customers, suppliers and partners around the world. More broadly,
economies that are open to international trade in ICT and information

grow faster and are more productive Limiting network access dramatically
undermines the economic benefits of technology and can slow growth
across entire economies.
Economic decline causes nuclear war

Harris and Burrows 9
(Mathew, PhD European History at Cambridge, counselor in the National Intelligence

Council (NIC) and Jennifer, member of the NICs Long Range Analysis Unit
Revisiting the Future: Geopolitical Effects of the Financial Crisis
http://www.ciaonet.org/journals/twq/v32i2/f_0016178_13952.pdf)
Increased Potential for Global Conflict
Of course, the report encompasses more than economics and indeed believes the future is likely to be the result of
a number of intersecting and interlocking forces. With so many possible permutations of outcomes, each with ample
Revisiting the Future opportunity for unintended consequences, there is a growing sense of insecurity. Even so,
history may be more instructive than ever . While we continue to believe that the Great
Depression is not likely to be repeated, the lessons to be drawn from that period include the harmful
effects on fledgling democracies and multiethnic societies (think Central Europe in 1920s and
1930s) and on the sustainability of multilateral institutions (think League of Nations in the same
period). There is no reason to think that this would not be true in the twenty-first as
much as in the twentieth century. For that reason, the ways in which the potential for greater
conflict could grow would seem to be even more apt in a constantly volatile economic
environment as they would be if change would be steadier. In surveying those risks, the report stressed the
likelihood that terrorism and nonproliferation will remain priorities even as resource issues move up on the
Terrorisms appeal will decline if economic growth continues in the

Middle East and youth unemployment is reduced. For those terrorist groups that remain active in
international agenda.
2025, however, the diffusion of technologies and scientific knowledge will place some of the worlds most
dangerous capabilities within their reach. Terrorist groups in 2025 will likely be a combination of descendants
of long established groups_inheriting organizational structures, command and control processes, and training
procedures necessary to conduct sophisticated attacks_and newly emergent collections of the angry and
become self-radicalized, particularly in the absence of economic

outlets that would become narrower in an economic downturn. The most dangerous
casualty of any economically-induced drawdown of U.S. military presence would
almost certainly be the Middle East. Although Irans acquisition of nuclear weapons is not inevitable,
worries about a nuclear-armed Iran could lead states in the region to develop new security
arrangements with external powers, acquire additional weapons, and consider
pursuing their own nuclear ambitions. It is not clear that the type of stable deterrent relationship that
disenfranchised that
existed between the great powers for most of the Cold War would emerge naturally in the Middle East with a
conflict and terrorism taking place under a nuclear umbrella could lead
to an unintended escalation and broader conflict if clear red lines between those states involved
are not well established. The close proximity of potential nuclear rivals combined with
underdeveloped surveillance capabilities and mobile dual-capable Iranian missile systems also will produce
inherent difficulties in achieving reliable indications and warning of an impending
nuclear attack. The lack of strategic depth in neighboring states like Israel, short warning and missile
flight times, and uncertainty of Iranian intentions may place more focus on preemption
rather than defense, potentially leading to escalating crises. 36 Types of conflict that the world
continues to experience, such as over resources, could reemerge , particularly if protectionism
grows and there is a resort to neo-mercantilist practices. Perceptions of renewed energy
nuclear Iran. Episodes of low intensity
scarcity will drive countries to take actions to assure their future access to energy supplies. In the worst case, this
could result in interstate conflicts if government leaders deem assured access to

energy resources, for example, to be essential for maintaining domestic stability and the survival of
their regime. Even actions short of war, however, will have important geopolitical implications. Maritime
security concerns are providing a rationale for naval buildups and modernization efforts, such as Chinas and Indias
If the fiscal stimulus focus for these countries indeed

turns inward, one of the most obvious funding targets may be military. Buildup of
regional naval capabilities could lead to increased tensions, rivalries, and
counterbalancing moves, but it also will create opportunities for multinational cooperation in protecting
critical sea lanes. With water also becoming scarcer in Asia and the Middle East,
cooperation to manage changing water resources is likely to be increasingly difficult
both within and between states in a more dog-eat-dog world.
development of blue water naval capabilities.
Advantage ___ Innovation

Backdoors stifle innovation because they require centralized
information flows.
Tokmetzi, 2015

Backdoors can stifle innovation. Even
until very recently, communications were a matter for a few big companies, often
state-owned. The architecture of their systems changed slowly, so it was relatively cheap and easy to build a
wiretapping facility into them. Today thousands of start-ups handle communications in one
form or another. And with each new feature these companies provide, the architecture of the systems
changes. It would be a big burden for these companies if they had to ensure that
governments can always intercept and decrypt their traffic. Backdoors require
centralised information flows, but the most exciting innovations are moving in the
opposite direction, i.e. towards decentralised services. More and more web services
are using peer-to-peer technology through which computers talk directly to one
another, without a central point of control. File storage services as well as payment processing and
communications services are now being built in this decentralised fashion. Its extremely difficult to
wiretap these services. And if you were to force companies to make such
wiretapping possible, it would become impossible for these services to continue to
exist. A government that imposes backdoors on its tech companies also risks harming their export opportunities.
Unsound economics The second argument is one of economics.
For instance, Huawei the Chinese manufacturer of phones, routers and other network equipment is unable to
US companies,
especially cloud storage providers, have lost overseas customers due to fears that
the NSA or other agencies could access client data. Unilateral demands for backdoors could put
gain market access in the US because of fears of Chinese backdoors built into its hardware.
companies in a tight spot. Or, as researcher Julian Sanchez of the libertarian Cato Institute says: An iPhone that
Apple cant unlock when American cops come knocking for good reasons is also an iPhone they cant unlock when
the Chinese government comes knocking for bad ones.
And, backdoors undermine the fundamental structure of the

internet this disrupts any future innovation.
Hugo Zylberberg, Master in Public Policy candidate at Harvards Kennedy School
of Government, 3-12-2015, "The Return of the Crypto Wars," Kennedy School
Review, http://harvardkennedyschoolreview.com/the-return-of-the-crypto-wars/
backdoors are a problem for yet another reason. They clash with the end-to-end
argument that is at the very core of the architecture of the internet: the network
should be as simple and agnostic as possible regarding the communications that it
supports. More advanced functionalities should be developed at end nodes (computers, mobiles, wearable
devices). This, argue researchers, allows the network to support new and unanticipated
applications. The end-to-end argument has ignited unprecedented levels of
innovation. The back doors that intelligence agencies are trying to promote would
apply to our communications system as a whole , not only to the end nodes that are the devices
But
This violates the end-to-end argument and undermines

trust in the internet as a communications system. Such backdoors would
undermine the generative internet as we know it, reducing every users
capacity to innovate and disseminate products of innovation to billions of
people in a secure and sustainable way.
with which we send the messages.
Internet innovation minimizes energy inefficiency and is the

only way to solve global warming.
Crowe 14
Tyler, Energy and materials columnist for the MotleyFool 3-2-2014, "Internet of
things can battle climate change," USA TODAY,
http://www.usatoday.com/story/money/personalfinance/2014/03/02/internet-battleclimate-change/5899331/
Machine to machine communication, or the internet of things, is on the precipice of taking the world by storm. At its very core, machine to machine
communication is the ability to connect everything, I mean everything, through a vast network of sensors and devices which can communicate with each
other. The possibilities of this technological evolution span an immensely wide spectrum; ranging from monitoring your health through your smartphone,
The way that the internet of things could

revolutionize our lives can be hard to conceptualize all at once . So today let's focus on one
place where machine to machine communication could have an immense impact:
Energy consumption. Not only could this technology make turning the lights on easier, but it could be the key to us
effectively managing anthropogenic carbon emissions . Regardless of your thoughts and opinions on climate
to your house knowing where you are to adjust lighting and heating.
change and the scope of how much carbon emissions affects the global atmosphere, we all can agree on one thing: Emitting less carbon is a good thing,
For years, the battleground for the climate

change debate has been on the energy generation side, pitting alternative energy
options like wind and solar against fossil fuels. The problem with fixating on this side
of the argument, though, is that even under the most ambitious outlooks for alternative
energy growth, we will never be able to get carbon emissions below the threshold
many think is required to prevent significant temperature changes over the next
century. Does that mean there's no shot at significantly reducing carbon emissions? No -- we're just focusing on the
wrong side of the energy equation, and that is where machine to machine
communications comes into play. Let's look at how the internet of things can mean for carbon emissions, and how investors
especially if it can be done without impeding economic growth.
could make some hefty profits from it. Energy consumption's overdue evolution We humans are a fascinating study in inefficiency. We will sit in traffic on
We oversupply the electricity grid because we

don't know precisely how much demand is needed at any given moment . It's not that we
deliberately try to do things less efficiently; we just don't always have the adequate information to make the most efficient decisio n. When you
add all of these little inefficiencies up, it amounts to massive amounts of
wasted energy and, in turn, unnecessary carbon emissions. In the U.S. alone,
1.9 billion gallons of fuel is consumed every year from drivers sitting in traffic.
That's 186 million tons of unnecessary CO2 emissions each year just in the U.S . Now,
the freeway rather than take the alternative route on "slower" roads.
imagine a world where every automobile was able to communicate with the others, giving instant feedback on traffic conditions and providing alternative
routes to avoid traffic jams. This is the fundamental concept of machine-to-machine communications, and it goes way beyond the scope of just
One of the added benefits of this technology is the impact it

could have on our everyday energy consumption and the ultimate reduction in total
carbon emissions. A recent report by the Carbon War Room estimates that the incorporation of machine-tomachine communication in the energy, transportation , built environment (its fancy term for buildings),
and agriculture sectors could reduce global greenhouse gas emissions by 9.1
gigatons of CO2 equivalent annually. That's 18.2 trillion pounds, or equivalent to
eliminating all of the United States' and India's total greenhouse gas
emissions combined, and more than triple the reductions we can expect with
an extremely ambitious alternative energy conversion program. How is this possible? Increased
automobiles and household conveniences.
communication between everything -- engines, appliances, generators, automobiles -- allows for instant feedback for more efficient travel routes,
optimized fertilizer and water consumption to reduce deforestation, real-time monitoring of electricity consumption and instant feedback to generators,
and fully integrated heating, cooling, and lighting systems that can adjust for human occupancy. There are lots of projections and estimates related to
carbon emissions and climate change, but the one that has emerged as the standard bearer is the amount of carbon emissions it would take to increase
annual anthropological
greenhouse gas emissions would need to decrease by 15% from recent levels to
keep us under the carbon atmospheric levels. Based on current emissions and the 9.1 gigaton estimate from Carbon
War Room's report, it would be enough to reduce global emissions by 18.6%, well
within the range of the UN's projections . The internet of things is still very much in its infancy,
but it's taking off fast. The pending boom in machine-to machine communication helps explain why Google (GOOG) shelled
out more than $3.2 billion for smart-thermostat company Nest Labs. Its ability allows
customers to better manage heating and cooling in households and instantly
provide feedback to utilities in order to better manage energy demand during peak
load hours.
global temperatures by 2 degrees Centigrade. According to the UN's Environment Programme,
Warming causes extinction.

Roberts 13
[David, citing the World Bank Reviews compilation of climate studies, If you arent
alarmed about climate, you arent paying attention http://grist.org/climateenergy/climate-alarmism-the-idea-is-surreal]
We know weve raised global average temperatures around 0.8 degrees C so far. We know that 2 degrees C is where
most scientists predict catastrophic and irreversible impacts . And we know that we
are currently on a trajectory that will push temperatures up 4 degrees or more
by the end of the century. What would 4 degrees look like? A recent World Bank review of the science reminds us.
First, itll get hot: Projections for a 4C world show a dramatic increase in the intensity and
frequency of high-temperature extremes. Recent extreme heat waves such as in Russia in 2010 are likely
to become the new normal summer in a 4C world. Tropical South America, central Africa, and all
tropical islands in the Pacific are likely to regularly experience heat waves of
unprecedented magnitude and duration . In this new high-temperature climate regime, the coolest
months are likely to be substantially warmer than the warmest months at the end of the 20th century. In regions such as the
Mediterranean, North Africa, the Middle East, and the Tibetan plateau, almost all summer months are likely to be warmer than
the most extreme heat waves presently experienced. For example, the warmest July in the Mediterranean region could be 9C
Extreme heat waves in recent years have had severe

impacts, causing heat-related deaths, forest fires, and harvest losses. The impacts of the
extreme heat waves projected for a 4C world have not been evaluated, but they could be expected to vastly
exceed the consequences experienced to date and potentially exceed the adaptive
capacities of many societies and natural systems. [my emphasis] Warming to 4 degrees
would also lead to an increase of about 150 percent in acidity of the ocean ,
leading to levels of acidity unparalleled in Earths history. Thats bad news for, say, coral
warmer than todays warmest July.
reefs: The combination of thermally induced bleaching events, ocean acidification, and sea-level rise threatens large fractions of
coral reefs even at 1.5C global warming. The regional extinction of entire coral reef ecosystems, which could occur well before
4C is reached, would have profound consequences for their dependent species and for the people who depend on them for
food, income, tourism, and shoreline protection. It will also likely lead to a sea-level rise of 0.5 to 1
meter, and possibly more, by 2100, with several meters more to be realized in the coming centuries. That rise wont be spread
evenly, even within regions and countries regions close to the equator will see even higher seas. There are also indications
it would significantly exacerbate existing water scarcity in many regions,

particularly northern and eastern Africa, the Middle East, and South Asia, while additional countries
in Africa would be newly confronted with water scarcity on a national scale due to population growth. Also, more
extreme weather events: Ecosystems will be affected by more frequent extreme
weather events, such as forest loss due to droughts and wildfire exacerbated by land use
that
and agricultural expansion. In Amazonia, forest fires could as much as double by 2050 with warming of approximately 1.5C to
Also loss of
biodiversity and ecosystem services: In a 4C world, climate change seems likely to become
the dominant driver of ecosystem shifts, surpassing habitat destruction as the
greatest threat to biodiversity. Recent research suggests that large-scale loss of
2C above preindustrial levels. Changes would be expected to be even more severe in a 4C world.
biodiversity is likely to occur in a 4C world, with climate change and high CO2
concentration driving a transition of the Earths ecosystems into a state unknown
in human experience. Ecosystem damage would be expected to dramatically reduce the provision of ecosystem
services on which society depends (for example, fisheries and protection of coastline afforded by coral reefs and mangroves.)
research also indicates a rapidly rising risk of crop yield reductions as the
world warms. So food will be tough. All this will add up to large-scale displacement of
populations and have adverse consequences for human security and economic
and trade systems. Given the uncertainties and long-tail risks involved, there is no certainty
that adaptation to a 4C world is possible. Theres a small but non-trivial
chance of advanced civilization breaking down entirely. Now ponder the fact that
New
some scenarios show us going up to 6 degrees by the end of the century, a level of devastation we have not studied and barely
somewhere along the line, though we dont know exactly where,

enough self-reinforcing feedback loops will be running to make climate change
unstoppable and irreversible for centuries to come. That would mean handing our
grandchildren and their grandchildren not only a burned, chaotic, denuded world, but a world that is
inexorably more inhospitable with every passing decade.
know how to conceive. Ponder the fact that
Advantage ___ CyberCrime

Undermining commercial software reduces the ability to
prevent cyber-crime and only facilitates access to networks for
organized criminal networks.
Blaze, 2015
Matt, University Of Pennsylvania Prof of Computer and Information Science Us
House Of Representatives Committee On Government Oversight And Reform
Information Technology Subcommittee Encryption Technology And Possible Us Policy
Responses 29 April 2015 Testimony of Matt Blaze https://oversight.house.gov/wpcontent/uploads/2015/05/4-29-2015-IT-Subcommittee-Hearing-on-EncryptionBlaze.pdf
weigh the risks of making
software less able to resist attack against the benefits of more expedient
surveillance. It effectively reduces our ability to prevent crime (by reducing computer
security) in exchange for the hope of more efficient crime investigation (by making
electronic surveillance easier). Unfortunately, the costs of the FBIs approach will be
very high. It will place our national infrastructure at risk. This is not simply a matter of
An important task for policymakers in evaluating the FBIs proposal is to
weighing our desires for personal privacy and to safeguard against government abuse against the need for
improved law enforcement. That by itself might be a difficult balance for policymakers to strike, and reasonable
the risks here go far beyond that, because

of the realities of how modern software applications are integrated into complete systems. Vulnerabilities in
software of the kind likely to arise from law enforcement access requirements can
often be exploited in ways that go beyond the specific data they process . In particular,
people might disagree on where that balance should lie. But
vulnerabilities often allow an attacker to effectively take control over the system, injecting its own software and
taking control over other parts of the affected system.9 The vulnerabilities introduced by access mandates
discussed in the previous section are likely to include many in this category. They are difficult to defend against or
For
better or worse, ordinary citizens, large and small business, and the government
itself depend on the same software platforms that are used by the targets of
criminal investigations. It is not just the Mafia and local drug dealers whose
software is being weakened, but everyones. The stakes are not merely unauthorized
exposure of relatively inconsequential personal chitchat, but also leaks of personal financial and
health information, disclosure of proprietary corporate data, and compromises of
the platforms that manage and control our critical infrastructure . In summary, the
technical vulnerabilities that would inevitably be introduced by requirements for law
enforcement access will provide rich, attractive targets not only for relatively
petty criminals such as identity thieves, but also for organized crime,
terrorists, and hostile intelligence services. It is not an exaggeration to
understand these risks as a significant threat to our economy and to national
security.
contain, and they current represent perhaps the most serious practical threat to networked computer security.
And, Vulnerabilities in software provide funding mechanisms

for organized crime.
Peha, 2013
Jon M. Peha is a professor at Carnegie Mellon, Dept. of Electrical & Computer
Engineering and the Dept. of Engineering & Public Policy, Served as Chief
Technologist of the Federal Communications Commission, Assistant Director of the
White Houses Office of Science and Technology Policy. "The dangerous policy of
weakening security to facilitate surveillance." Available at SSRN 2350929 (2013).
Weak Security is Dangerous Giving law enforcement and intelligence agencies the ability to conduct electronic
surveillance is part of a strategy to limit threats from criminals, foreign powers, and terrorists, but so is
strengthening the cybersecurity used by all Americans .
Weak cybersecurity creates opportunities

for sophisticated criminal organizations. Well-funded criminal organizations will turn
to cybsercrime for the same reason they turn to illegal drugs; there is money to be
made. This imposes costs on the rest of us. The costs of malicious cyberactivities
take many forms, including direct financial losses (e.g. fraudulent use of credit cards), theft of
intellectual property, theft of sensitive business information, opportunity costs such as the lost productivity
when a computer system is taken down, and the damage to a companys reputation when others
learn its systems have been breached. One recent study says that estimates of these costs
range from $24 billion to $120 billion per year in the U.S.3 Weakened security can
only increase the high cost of cybercrime.
Cybercrime provides substantial financial support for Russian

organized crime.
Grabosky, 2013
Peter. Peter Grabosky is a Professor in the Regulatory Institutions Network,
Australian National University, and a Fellow of the Academy of the Social Sciences in
Australia. "Organised Crime and the Internet: Implications for National Security."
The RUSI Journal 158.5 (2013): 18-25.
The Internet is commonly used as an instrument for attacking other computer
systems. Most cyber-crimes begin when an offender obtains unauthorised access to
another system. Systems are often attacked in order to destroy or damage them and the information that
they contain. This can be an act of vandalism or protest, or activity undertaken in furtherance of other political
objectives. One of the more common forms is the distributed-denial-of-service (DDoS) attack, which entails flooding
a target computer system with a massive volume of information so that the system slows down significantly.
A notorious
example of a botnet-initiated DDoS attack occurred in April 2007, when government
and commercial servers in Estonia were seriously degraded over a number of days.
Botnets are quite useful for such purposes, as are multiple co-ordinated service requests.
Online banking services were intermittently disrupted, and access to government sites and to online news media
The attacks appear to have originated in Russia and are alleged to have
resulted from the collaboration of Russian youth organisations and Russian
organised-crime groups, condoned by the state, although the degree to which the Russian government was
was limited.
complicit in the attacks is unclear.18 Just as state actors or their agents can use the Internet to pursue what they
have insurgent and extremist groups used Internet

technology in various ways to further their causes. These include using the Internet
as an instrument of theft in order to enhance their resource base ; for instance, as a vehicle
perceive to be goals of national security, so
for fraud. Imam Samudra, the architect of the 2002 Bali bombings, reportedly called upon his followers to commit
credit-card fraud in order to finance militant activities.19 Jihadist propaganda and incitement messages also abound
the Internet is not used for illicit purposes solely or even primarily by
political actors. Organised-crime groups use it daily on a global scale, engaging in
activities that range from the illicit acquisition, copying and dissemination of
intellectual property (piracy has allegedly cost the software and entertainment industries billions of
dollars)20 to the plundering of banking and credit-card details , commercial trade secrets and
classified information held by governments. This too may begin with unauthorised access to a
in cyberspace. Yet
computer system: indeed, the theft of personal financial details has provided the
basis for thriving markets in such data, which enable fraud on a significant scale .21
Russian organized crime is the most likely scenario for nuclear

terrorism.
Zaitseva 07Center for International Security and Cooperation (CISAC) Visiting
Fellowfrom the National Nuclear Centre in Semipalatinsk (Lyudmila, 2007, Strategic
Insights, Volume VI, Issue 5, Organized Crime, Terrorism and Nuclear Trafficking,
rmf)
The use of radioactive material for malicious purposes falls within the range of
capabilities of organized criminal structures, at least those in Russia . Such a
malevolent use may be an indirect evidence of the organized crime involvement in
the illicit trafficking of radioactive substances. More than a dozen of malevolent
radiological acts, such as intentional contamination and irradiation of persons, have been reported in
open sources since 1993. One of them, which happened in Guangdong Province of China in 2002resulted
in significant exposure of as many as 74 people working in the same hospital.[55] Two incidentsboth in
Russiahave been linked to organized crime. A widely-publicized murder of a
Moscow businessman with a strong radioactive source implanted in the head-rest of
his office chair in 1993 was one of them. The director of a packaging company died of radiation
sickness after several weeks of exposure. The culprit was never found and it was alleged that mafia might have
been behind the ploy to remove a business competitor.[56] The same source mentioned a similar incident, which
happened in Irkutsk around the same time, when somebody planted radiation sources in office chairs in an attempt
to kill two company directors before the "hot seats" were discovered and removed. No speculations were made
regarding the possible mafia involvement in this murder attempt, although it cannot be excluded.
The less known case with strong indications that shady criminal networks may have plotted it happened more
recently in St. Petersburg. On March 18, 2005, Moskovskiye Novosti published an article, in which the author
discussed several high-profile assassinations and murders in Russia and abroad using various methods of poisoning.
One of such killings was reportedly performed with a highly radioactive substance. In September 2004, Head of
Baltik-Escort security company in St. Petersburg and FSB Colonel, Roman Tsepov, died a sudden and mysterious
death as a result of what was suspected to be poisoning. However, according to a source in St. Petersburg Public
Prosecutors Office, the posthumous examination established that the death had been caused by an unspecified
radioactive element. In the past, Tsepov was reportedly in charge of collecting protection money from casinos and
other commercial enterprises in St. Petersburg on behalf of a high-ranking FSB official.[57] These two incidents
demonstrate that some organized crime structures have the knowledge about the characteristics and effects of
specific radioactive materials, have access to these substances, and do not shy away from using them as weapons
of murder, which are hard to trace to the perpetrators. Terrorist Networks and Nuclear Trafficking Terrorism changes
together with society and in order to preserve itself as a phenomenon it must use what society gives it, including
The risk of terrorists obtaining nuclear fissile

material is small, but real. After the terrorist attack on the school in Beslan in September 2004, the Head
of Russian Federal Agency for Atomic Energy (Rosatom, formerly Minatom) Alexander Rumyantsev said that the
possibility that international terrorist groups may acquire nuclear fissile material,
including HEU and plutonium, as well as nuclear weapons technologies, could no
longer be ruled out.[59] Such a risk is much higher for radiological material, which is omnipresent around the
world and is not subject to nearly the same level of control and protection as nuclear fissile material. Its use as
a weapon in a radiological dispersal device (RDD) would also be achieved with just a
fraction of time, investment, and skills required for making a crude nuclear weapon.
These reasons make the deployment of radiological material the most
probable scenario of nuclear terrorism. Although radioactive substances have already been
the most modern weapons and advanced ideas.[58]
used as a weapon of killing and a threat mechanism, so far, there is no evidence of their successful deployment in
terrorist acts. The only case that comes close to deployment of an RDD, was recorded in Chechnya in 1998, when
the local authorities found a container filled with radioactive substances and emitting strong radiation levels
together with a mine attached to it buried next to a railway line.[60] The local authorities considered the incident as
a foiled act of sabotage. The Chechen fighters are also believed to have made several raids on the Radon
radioactive waste depository, located in the vicinity of Grozny, and stolen several containers with radioactive
substances.[61] In 1996, the director of the Radon facility confirmed that about half of some 900 cubic meters of
waste, with radioactivity levels of 1,500 curies, which had been stored at the Radon facility at the start of the first
Chechen war in November 1994, was missing.[62] The Russian authorities believe the terrorists were planning to
use them in explosions in order to spread contamination. It should be noted that Chechen extremists stand out from
many other terrorist organizations by persistently making threats to use nuclear technologies in their acts of
violence. The notorious burial of a radiation source in the Gorky park of Moscow in 1995 by the now late field
commander Shamil Basayev and the threat by Ahmed Zakayev after the Moscow theater siege in October 2002 that
the next time a nuclear facility would be seized are just two such examples.[63] In January 2003, Colonel-General
Igor Valynkin, the chief of the 12th Main Directorate of the Russian Ministry of Defence, in charge of protecting
Russias nuclear weapons, said operational information indicates that Chechen terrorists intend to seize some
important military facility or nuclear munitions in order to threaten not only the country, but the entire world.[64]
According to an assessment of a Russian expert on nonproliferation, whereas unauthorized access to nuclear
access and theft of nuclear weapons during

transport or disassembly cannot be wholly excluded .[65] Russias top security officials recently
munitions by terrorist groups is extremely improbable,
admitted they have knowledge about the intent and attempts by terrorists to gain access to nuclear material. In
the director of the Russian Federal Security Service Nikolay Patrushev told
at a conference that his agency had information about attempts by terrorist groups
to acquire nuclear, biological and chemical weapons of mass destruction.[ 66] Later that
August 2005,
year, the Minister of Interior, Rashid Nurgaliev, stated that international terrorists intended to seize nuclear
materials and use them to build WMD.[67] If terrorists indeed attempted to gain access to nuclear material in
order use them for the construction of WMD, such attempts have not been revealed to the public. Out of almost
1100 trafficking incidents recorded in the DSTO since 1991, only one has reportedly involved terrorists, other than
Chechen fighters. The incident was recorded in India in August 2001, when Border Security Force (BSF) officials
seized 225 gram of uranium in Balurghat, northern West Bengal along the India-Bangladesh border. Two local men,
described as suspected terrorists, were arrested. Indian intelligence agencies suspect that the uranium was bound
for Muslim fighters in the disputed regions of Jammu and Kashmir and that agents of Pakistan's InterServiceIntelligence (ISI) were involved.[68] Whether the arrested suspects were indeed members of a terrorist organization
Alliances between terrorist

groups and drug cartels and transnational criminal networks are a wellknown fact. Such alliances have successfully operated for years in Latin
America, and in Central-, South-, and South-Eastern Asia. The involvement of
organized criminal groupsalbeit relatively small and unsophisticatedin nuclear
smuggling activities has also been established based on the study of some
400 nuclear trafficking incidents recorded in the DSTO database between
January 2001 and December 2005. Elements of organized crime could be identified in about 10 percent
remains unclear based on the available information. Conclusion
of these incidents. However, no reliable evidence of the marriages of convenience between all threeorganized
crime, terrorists, and nuclear traffickingcould be found.
Nuclear terrorism causes retaliation and nuclear war draws in

Russia and China
Ayson, Professor of Strategic Studies and Director of the Centre for Strategic
Studies: New Zealand at the Victoria University of Wellington, 2010 (After a Terrorist
Robert
Nuclear Attack: Envisaging Catalytic Effects, Studies in Conflict & Terrorism, Volume 33,
Issue 7, July, Available Online to Subscribing Institutions via InformaWorld)
A terrorist nuclear attack, and even the use of nuclear weapons in response by the country attacked in the
first place, would not necessarily represent the worst of the nuclear worlds imaginable. Indeed, there are
reasons to wonder whether nuclear terrorism should ever be regarded as belonging in the category of truly
existential threats. A contrast can be drawn here with the global catastrophe that would come from a massive
nuclear exchange between two or more of the sovereign states that possess these weapons in significant
numbers. Even the worst terrorism that the twenty-first century might bring would fade into insignificance
alongside considerations of what a general nuclear war would have wrought in the Cold War period. And it
major nuclear weapons states have hundreds and

even thousands of nuclear weapons at their disposal , there is always the possibility of a
truly awful nuclear exchange taking place precipitated entirely by state possessors themselves. But these
two nuclear worldsa non-state actor nuclear attack and a catastrophic
interstate nuclear exchangeare not necessarily separable. It is just possible
that some sort of terrorist attack, and especially an act of nuclear terrorism, could
precipitate a chain of events leading to a massive exchange of nuclear weapons
must be admitted that as long as the
between two or more of the states that possess them .
In this context, todays and

tomorrows terrorist groups might assume the place allotted during the early Cold War years to new state
possessors of small nuclear arsenals who were seen as raising the risks of a catalytic nuclear war between the
superpowers started by third parties. These risks were considered in the late 1950s and early 1960s as
concerns grew about nuclear proliferation, the so-called n+1 problem. t may require a considerable amount of
imagination to depict an especially plausible situation where an act of nuclear terrorism could lead to such a
massive inter-state nuclear war. For example, in the event of a terrorist nuclear attack on the United States, it
might well be wondered just how Russia and/or China could plausibly be brought into the picture, not least
because they seem unlikely to be fingered as the most obvious state sponsors or encouragers of terrorist
groups. They would seem far too responsible to be involved in supporting that sort of terrorist behavior that
could just as easily threaten them as well. Some possibilities, however remote, do suggest themselves. For
example, how might the United States react if it was thought or discovered that the fissile material used in the
act of nuclear terrorism had come from Russian stocks,40 and if for some reason Moscow denied any
responsibility for nuclear laxity? The correct attribution of that nuclear material to a particular country might
not be a case of science fiction given the observation by Michael May et al. that while the debris resulting from
a nuclear explosion would be spread over a wide area in tiny fragments, its radioactivity makes it detectable,
identifiable and collectable, and a wealth of information can be obtained from its analysis: the efficiency of the
explosion, the materials used and, most important some indication of where the nuclear material came
from.41 Alternatively,
if the act of nuclear terrorism came as a
complete
surprise, and
American officials refused to believe that a terrorist group was fully responsible (or responsible at all)
suspicion would shift immediately to state possessors . Ruling out Western ally countries
like the United Kingdom and France, and probably Israel and India as well, authorities in Washington would be
consisting of North Korea, perhaps Iran if its program continues, and

possibly Pakistan. But at what stage would Russia and China be definitely ruled out in this high
stakes game of nuclear Cluedo? In particular, if the act of nuclear terrorism occurred against
a backdrop of existing tension in Washingtons relations with Russia and/or
China, and at a time when threats had already been traded between these
major powers, would officials and political leaders not be tempted to assume
the worst? Of course, the chances of this occurring would only seem to increase if the
United States was already involved in some sort of limited armed conflict with
Russia and/or China, or if they were confronting each other from a distance in a
proxy war, as unlikely as these developments may seem at the present time. The reverse might
well apply too: should a nuclear terrorist attack occur in Russia or China during a
period of heightened tension or even limited conflict with the United States, could Moscow and
Beijing resist the pressures that might rise domestically to consider the United
States as a possible perpetrator or encourager of the attack? Washingtons early
response to a terrorist nuclear attack on its own soil might also raise the possibility of an unwanted
(and nuclear aided) confrontation with Russia and/or China . For example, in the noise
and confusion during the immediate aftermath of the terrorist nuclear attack , the
left with a very short list
U.S. president might be expected to place the countrys armed forces, including its nuclear arsenal, on a
higher stage of alert. In such a tense environment, when careful planning runs up against the friction of
it is just possible that Moscow and/or China might mistakenly read this as a
sign of U.S. intentions to use force (and possibly nuclear force) against them. In that
situation, the temptations to preempt such actions might grow , although it must be
reality,
admitted that any preemption would probably still meet with a devastating response.
Advantage ___ Internet Freedom

NSA backdoors and weak security create a hacker race to the
bottom this undermines global security and human rights.
Donahoe, 14,
Eileen Donahoe, director of global affairs at Human Rights Watch. Donahoe

previously served as the first US Ambassador to the United Nations Human Rights
Council, "Human Rights in the Digital Age", Just Security, 12-23-2014,
http://justsecurity.org/18651/human-rights-digital-age/
we need to solidify the international understanding that protection of human
rights and adherence to the rule of law in the digital realm are essential to the
protection of national and global security, rather than antithetical to it. All too often
in the post-Snowden context, national security interests are presented in binary opposition
to freedom and privacy consideration, as though there is only a zero-sum
relationship between human rights and national security. In reality, human rights
protection has been an essential pillar of the global security architecture since the
founding of the United Nations immediately after World War II. Recent failures to adequately protect human
Finally,
rights and adhere to the rule of law in the digital realm has been deeply undermining of some crucial aspects of
One of the most troubling aspects of the mass

surveillance programs disclosed by Edward Snowden was the extent to which digital security
for individual users, for data, and for networks, has been undermined in the name of
protecting of national security. This is both ironic and tragic, given that digital security is now at the
long-term national and global security.
heart of national security whether protecting critical infrastructure, confidential information, or sensitive data.
Practices, such as surreptitiously tapping into networks, requiring back doors to encrypted
services and weakening global encryption standards will directly undermine
national and global security, as well as human rights. Meanwhile targeted
malware and crafted digital attacks on human rights activists have become the
modus operandi of repressive governments motivated to undermine human rights
work. Civil society actors increasingly face an onslaught of persistent computer espionage attacks from
governments and other political actors like cyber militias, just as businesses and governments do. So while our
notions of privacy are evolving along with social media and data-capturing technology, we also need to recognize
that its not just privacy that is affected by the digitization of everything . The exercise of all fundamental
freedoms is undermined when governments utilize new capacities that flow from digitization without regard for
by engaging in tactics that undermine digital security for

individuals, for networks and for data, governments trigger and further inspire
a hackers race to the bottom. Practices that undermine digital security will
be learned and followed by other governments and non-state actors, and
ultimately undermine security for critical infrastructure , as well as
individuals users everywhere . Strengthening digital security for individual users, for data, for networks,
and for critical infrastructure must be seen as the national and global security priority that it is. Conclusion We
are at a critical moment for protection of human rights in the digital context. All
global players whose actions impact the enjoyment of human rights, especially
governments who claim to be champions of human rights, must lead in the
reaffirmation of the international human rights framework as a central pillar for
security, development and freedom in the 21st century digital environment.
human rights. Furthermore,
Support for Encryption is integral to internet freedom and

democracy promotion worldwide.
Kehl, 2015
Danielle Kehl is a senior policy analyst at New America's Open Technology Institute,
BA cum laude Yale 6-17-2015, "Doomed To Repeat History? Lessons From The
Crypto Wars Of The 1990s," New America, https://www.newamerica.org/oti/doomedto-repeat-history-lessons-from-the-crypto-wars-of-the-1990s/
Strong encryption has become an integral tool in the protection of privacy and the
promotion of free expression online The end of the Crypto Wars ushered in an age where the security
and privacy protections afforded by the use of strong encryption also help promote free expression. As the
American Civil Liberties Union recently explained in a submission to the UN Human Rights Council ,
encryption
and anonymity are the modern safeguards for free expression. Without them, online
communications are effectively unprotected as they traverse the Internet,
vulnerable to interception and review in bulk. Encryption makes mass surveillance
significantly more costly.187 The human rights benefits of strong encryption have undoubtedly become
more evident since the end of the Crypto Wars. Support for strong encryption has become an
integral part of American foreign policy related to Internet freedom, and since 2010,
the U.S. government has built up a successful policy and programming agenda
based on promoting an open and free Internet .188 These efforts include providing over $120
million in funding for groups working to advance Internet freedom, much of which specifically funds circumvention
tools that rely on strong encryption which makes Internet censorship significantly harder as part of the
a June 2015 report by David Kaye, the UN Special

Rapporteur for Freedom of Expression and Opinion found that, Encryption and
anonymity provide individuals and groups with a zone of privacy online to hold
opinions and exercise freedom of expression without arbitrary and unlawful
interference or attacks.190 The report goes on to urge all states to protect and promote the use of strong
encryption, and not to restrict it in any way. Over the past fifteen years, a virtuous cycle
between strong encryption, economic growth, and support for free expression online
has evolved. Some experts have dubbed this phenomenon collateral freedom,
which refers to the fact that, When crucial business activity is inseparable from
Internet freedom, the prospects for Internet freedom improve. 191 Free expression
and support for human rights have certainly benefited from the rapid expansion of
encryption in the past two decades .
underlying technology.189 Similarly,
Additionally, Encryption is critical to global human rights.

David Kaye, Human Rights Council, 5-22-15, Report of the Special Rapporteur on
the promotion and protection of the right to freedom of opinion and expression,
Encryption, anonymity and the rights to freedom of opinion and expression and
privacy, A/HRC/29/32
14. The human rights legal framework for encryption and anonymity requires , first,
evaluating the scope of the rights at issue and their application to encryption and
anonymity; and, second, assessing whether, and if so to what extent, restrictions may lawfully be placed on the
use of technologies that promote and protect the rights to privacy and freedom of opinion and expression. 15.The
rights to privacy and freedom of opinion and expression have been codified in
universal and regional human rights instruments, interpreted by treaty bodies and regional courts, and
evaluated by special procedures of the Human Rights Council and during universal periodic review. The universal
standards for privacy, opinion and expression are found in the International Covenant on
Civil and Political Rights, to which 168 States are party. Even for those remaining States that are not bound by it ,
the Covenant presents at the very least a standard for achievement and often reflects a
customary legal norm; those that have signed but not ratified the Covenant are bound to respect its object and
purpose under article 18 of the Vienna Convention on the Law of Treaties. National legal systems also protect
privacy, opinion and expression, sometimes with constitutional or basic law or interpretations thereof. Several
global civil society projects have also provided compelling demonstrations of the law that should apply in the
context of the digital age, such as the International Principles on the Application of Human Rights to
Communications Surveillance and the Global Principles on National Security and the Right to Information. Although
a common thread in the law

is that, because the rights to privacy and to freedom of expression are so
foundational to human dignity and democratic governance, limitations must be
narrowly drawn, established by law and applied strictly and only in exceptional circumstances . In a
digital age, protecting such rights demands exceptional vigilance. A. Privacy as
a gateway for freedom of opinion and expression 16. Encryption and anonymity provide individuals and
groups with a zone of privacy online to hold opinions and exercise freedom of
expression without arbitrary and unlawful interference or attacks . The previous mandate
specific standards may vary from right to right, or instrument to instrument,
holder noted that the rights to privacy and freedom of expression are interlinked and found that encryption and
anonymity are protected because of the critical role they can play in securing those rights (A/HRC/23/40 and Corr.1).
Echoing article 12 of the Universal Declaration of Human Rights, article 17 of the International Covenant on Civil
and Political Rights specifically protects the individual against arbitrary or unlawful interference with his or her
privacy, family, home or correspondence and unlawful attacks on his or her honour and reputation, and provides
The General
Assembly, the United Nations High Commissioner for Human Rights and special
procedure mandate holders have recognized that privacy is a gateway to the
enjoyment of other rights, particularly the freedom of opinion and expression (see
General Assembly resolution 68/167, A/HRC/13/37 and Human Rights Council resolution 20/8). 17. Encryption
and anonymity are especially useful for the development and sharing of opinions ,
that everyone has the right to the protection of the law against such interference or attacks.
which often occur through online correspondence such as e-mail, text messaging, and other online interactions.
Encryption provides security so that individuals are able to verify that their
communications are received only by their intended recipients, without interference or
alteration, and that the communications they receive are equally free from intrusion (see A/HRC/23/40 and
Corr.1, para. 23). Given the power of metadata analysis to specify an individuals behaviour, social relationships,
private preferences and identity (see A/HRC/27/37, para. 19), anonymity may play a critical role in securing
correspondence. Besides correspondence, international and regional mechanisms have interpreted privacy to
involve a range of other circumstances as well. 18. Individu als
and civil society are subjected to

interference and attack by State and non-State actors, against which encryption and
anonymity may provide protection. In article 17 (2) of the International Covenant on Civil and Political
Rights, States are obliged to protect privacy against unlawful and arbitrary interference and attacks . Under
such an affirmative obligation, States should ensure the existence of domestic
legislation that prohibits unlawful and arbitrary interference and attacks on privacy ,
whether committed by government or non-governmental actors. Such protection must include the right to a remedy
In order for the right to a remedy to be meaningful , individuals must be

given notice of any compromise of their privacy through, for instance, weakened
encryption or compelled disclosure of user data.
for a violation.
Further, American hypocrisy on internet freedom has created

the conditions that will accelerate the global rise of
authoritarianism.
Chenoweth & Stephan 2015
Erica Chenoweth, political scientist at the University of Denver.& Maria J. Stephan,

Senior Policy Fellow at the U.S. Institute of Peace, Senior Fellow at the Atlantic
Council.7-7-2015, "How Can States and Non-State Actors Respond to Authoritarian
Resurgence?," Political Violence @ a Glance,
http://politicalviolenceataglance.org/2015/07/07/how-can-states-and-non-stateactors-respond-to-authoritarian-resurgence/
Chenoweth: Why is authoritarianism making a comeback? Stephan: Theres obviously no
single answer to this. But part of the answer is that democracy is losing its allure in parts of the
world. When people dont see the economic and governance benefits of democratic transitions, they lose hope.
Then theres the compelling stability first argument. Regimes around the world, including China
and Russia, have readily cited the chaos of the Arab Spring to justify heavyhanded policies and consolidating their grip on power . The color revolutions that toppled
autocratic regimes in Serbia, Georgia, and Ukraine inspired similar dictatorial retrenchment. There is nothing
new about authoritarian regimes adapting to changing circumstances. Their
resilience is reinforced by a combination of violent and non-coercive measures. But
authoritarian paranoia seems to have grown more piqued over the past decade .
Regimes have figured out that people power endangers their grip on power and they are cracking down .
Theres no better evidence of the effectiveness of civil resistance than the measures
that governments take to suppress itsomething you detail in your chapter from my new book.
Finally, and importantly, democracy in this country and elsewhere has taken a hit lately.
Authoritarian regimes mockingly cite images of torture, mass surveillance, and the catering to
the radical fringes happening in the US political system to refute pressures to democratize
themselves. The financial crisis here and in Europe did not inspire much confidence in democracy and we are
seeing political extremism on the rise in places like Greece and Hungary. Here in the US we need to get
our own house in order if we hope to inspire confidence in democracy abroad.
The impact the failure of global democratic consolidation

causes extinction.
Diamond, 1995
Larry, Senior Fellow at the Hoover Institution, Promoting Democracy in the
1990s, December, http://www.wilsoncenter.org/subsites/ccpdc/pubs/di/fr.htm
This hardly exhausts the lists of threats to our security and well-being in the coming years and decades. In the
former Yugoslavia nationalist aggression tears at the stability of Europe and could easily spread. The flow of illegal
drugs intensifies through increasingly powerful international crime syndicates that have made common cause with
Nuclear,
chemical, and biological weapons continue to proliferate. The very source of life on
Earth, the global ecosystem, appears increasingly endangered . Most of these new and
unconventional threats to security are associated with or aggravated by the weakness or
absence of democracy, with its provisions for legality, accountability, popular sovereignty, and openness.
LESSONS OF THE TWENTIETH CENTURY The experience of this century offers important lessons. Countries that
govern themselves in a truly democratic fashion do not go to war with one another.
They do not aggress against their neighbors to aggrandize themselves or glorify their leaders.
Democratic governments do not ethnically "cleanse" their own populations, and
they are much less likely to face ethnic insurgency. Democracies do not sponsor
terrorism against one another. They do not build weapons of mass destruction to use
on or to threaten one another. Democratic countries form more reliable, open, and enduring trading
partnerships. In the long run they offer better and more stable climates for investment. They are more
environmentally responsible because they must answer to their own citizens, who organize to protest the
destruction of their environments. They are better bets to honor international treaties since they value legal
authoritarian regimes and have utterly corrupted the institutions of tenuous, democratic ones.
obligations and because their openness makes it much more difficult to breach agreements in secret. Precisely
because, within their own borders, they respect competition, civil liberties, property rights,
and
the rule of law,
the only reliable foundation on which a new world order of international

prosperity can be built.
democracies are
security and
Advantage ___ Critical Infrastructure (Zero Days)

Zero-day vulnerabilities make critical infrastructure most
vulnerable nuclear power at risk.
Harris, 2014
The targets that are most vulnerable to a devastating zero day attack are the same
ones that the NSA is trying to protect: electrical power plants, nuclear facilities,
natural gas pipelines, and other critical infrastructures, including banks and
financial services companies. Not all of these companies have a system for easily sharing information
about vulnerabilities and exploits that have been discovered and publicly disclosed, often by more defensiveminded hackers who see their job as warning technology manufacturers about problems with their products, rather
than trying to profit from them.
When companies find out about a risk in their system, it's up

to them to apply patches and defensive fixes, and their technological fluency varies .
Some may be prepared to patch systems quickly, others may not even realize they're using a vulnerable piece of
software. They, quite literally, may not have received the memo from the vendor warning that they need to install
an update or change the security settings on a product in order to make it safer. Even if a company is using
software that receives regular updates over the Internet, the company's systems administrators have to
consistently download those fixes, make sure they're applied across the company, and stay on watch for more
By
buying so many zero day exploits, the NSA is helping to prop up a cyber arms
market that puts American businesses and critical facilities at risk. The
chances are good that if another country or a terrorist group knocks out the lights in
a US city, it will use an exploit purchased from a company that also sells them to
the NSA. The sellers of zero day exploits also bear at least some notional responsibility for making the Internet
updates. Some find doing that for hundreds or thousands of computers in a single facility a daunting task.
less safe. But they tend to blame software manufacturers for building programs that can be penetrated in the first
place. "We don't sell weapons, we sell information;' the founders of exploit seller ReVuln told a reporter for Reuters,
when he asked whether the company would be troubled if some of their programs were used in attacks that
destroyed systems or caused people to die. "This question would be worth asking to vendors leaving security holes
in their products. This line of defense is a bit like blaming a locksmith for a burglary. Yes, the locksmith is supposed
to make a product that keeps intruders from getting into someone's home. But if a burglar manages to break in and
steal a television or, worse, attack the homeowners, we don't prosecute the locksmith. Companies such as ReVuln
aren't burglars, but they are selling the equivalent of lock picks. Surely they bear some measure of responsibility, as
well, for crimes that are committed- if not a legal responsibility, then a moral one. And what about the NSA? In the
world of burglary, there's no equivalent for what the agency is doing. No one is out there buying up lock picks. But
the NSA also wants to be a kind of security guard for the Internet. What would
happen if the guard hired to watch over a neighborhood discovered an open window
but didn't tell the owner? More to the point, what if he discovered a design flaw in the brand of window
that everyone in the neighborhood used that allowed an intruder to open the window from the outside ? If the
security guard didn't alert the homeowners, they'd fire him - and probably try to
have him arrested. They wouldn't accept as a defense that the security guard was keeping the windows' flaw
a secret in order to protect the homeowners. And the police surely wouldnt accept that hed kept that information
to himself so that he could go out and rob houses. The analogy isn't perfect .
The NSA isn't a law

enforcement agency, its a military and intelligence organization. It operates by a
different set of laws and with a different mission. But as the agency drums up talk of
cyber war and positions itself as the best equipped to help defend the nation from
intruders and attacks, it should act more like a security guard than a burglar .
Nuclear Reactors are vulnerable to cyber attacks causes

meltdown.
Talitha Dowds, 3-25-2011, "A New Phase of Nuclear Terrorism Cyber Warfare,"
CSIS, http://csis.org/blog/new-phase-nuclear-terrorism-cyber-warfare
An article by Global Security Newswire highlighted how, in light of the unfolding nuclear power plant disaster in
Japan, a nuclear terrorist attack could be carried out. It states that, Nuclear
reactors across the US are

encased in enough concrete to withstand a direct hit from an airliner and can be
shut down remotely in case of a terrorist strike or natural disaster. But that is true in
Japan as well and something entirely different caused the disaster there: the failure
of the cooling systems that prevent nuclear reactors from overheating . The cooling
systems arent encased in concrete, and key components from pumps to water-intake pipes sit outside the
reactor complexes and are far less protected, leaving them vulnerable to a well-planned
terrorist strike or a natural disaster. As the dire situation in Japan shows, disabling or
destroying the cooling equipment regardless of how it happens can trigger a full-scale
nuclear emergency. Charles Faddis, a retired CIA operations officer and former head of the agencys unit on
countering terrorism supported this view. He stated, Even if you shut a reactor down, you still
need to cool it off. Thats just physics. If terrorists have disabled the cooling system,
the reactor heat will eventually lead to a complete meltdown. They wont produce
mushroom clouds, but the results clouds of radioactive materials drifting over vast areas
would be just as horrific. The idea that terrorists will one day strike a US nuclear power plant resulting in a full-
killing tens of thousands of people and rendering nearby cities

uninhabitable for decades, according to the article, has long been the stuff of nightmares for Americas
scale meltdown,
top homeland-security officials. However, it is interesting to note that not all states share this fear. As Scott Sagan
pointed out recently, there is a lack of consensus among non-nuclear states regarding the potential threat of
nuclear terrorism. Many of the non-nuclear states think that the US exaggerates the threat of nuclear terrorism, and
are therefore unwilling to spend money to protect their nuclear assets in the manner in which the US wants. For
obvious reasons, the lack of investment into protecting against nuclear terrorism for non-nuclear states is
understandable when they dont see it as a direct threat to their national security. However, regional attacks
Nuclear terrorism, coupled

with cyber warfare could be the next greatest threat facing states. An article in Foreign
Policy states that the crisis at the Fukushima power plant facility coupled with
the Stuxnet attacks on the Iranian nuclear facility at Natanz, paints a
picture of the before and after of what cyber conflict may look like. The
article highlights that enemies will be able to target critical infrastructure, like nuclear
power plants - as was done by the U.S. and Israeli team targeting the Iranian
program and burrowing into their operating systems which would be akin to
what we are seeing in Japan. It further points out that what makes the cyber threat so unsettling is its
invisibility. Not only are they invisible but it is hard to detect who has launched them. This form of warfare
may be very attractive to terrorists who are unable to physically enter a nuclear
facility but can infiltrate the facilities infrastructure to cause a meltdown.
whether they are carried out by terrorists or states have a worldwide effect.
Nuclear meltdowns cause extinction

Lendman 3/13/11 BA from Harvard University and MBA from Wharton School
at the University of Pennsylvania (Stephen, Nuclear Meltdown in Japan Rense,
http://rense.com/general93/nucmelt.htm)
For years, Helen Caldicott warned it's coming. In her 1978 book, "Nuclear Madness," she said: "As a physician, I
nuclear technology threatens life on our planet with extinction . If

present trends continue, theair we breathe, the food we eat, and the water we drink
will soon becontaminated with enough radioactive pollutants to pose a potential
health hazard far greater than any plague humanity has ever experienced." More below
contend that
on the inevitable dangers from commercial nuclear power proliferation, besides added military ones. On March 11,
New York Times writer Martin Fackler headlined, "Powerful Quake and Tsunami Devastate Northern Japan," saying:
"The 8.9-magnitude earthquake (Japan's strongest ever) set off a devastating tsunami that sent walls of
water (six meters high) washing over coastal cities in the north." According to Japan's Meteorological Survey, it was
9.0. The Sendai port city and other areas experienced heavy damage. "Thousands of homes were destroyed, many
roads were impassable, trains and buses (stopped) running, and power and cellphones remained down. On
Saturday morning, the JR rail company" reported three trains missing. Many passengers are unaccounted for.
Striking at 2:46PM Tokyo time, it caused vast destruction, shook city skyscrapers, buckled
highways, ignited fires, terrified millions, annihilated areas near Sendai, possibly killed thousands,
and caused a nuclear meltdown, its potential catastrophic effects far exceeding
quake and tsunami devastation, almost minor by comparison under a worst case
scenario. On March 12, Times writer Matthew Wald headlined, "Explosion Seen at Damaged Japan Nuclear
Plant," saying: "Japanese officials (ordered evacuations) for people living near two nuclear power plants whose
cooling systems broke down," releasing radioactive material, perhaps in far greater amounts than reported. NHK
television and Jiji said the 40-year old Fukushima plant's outer structure housing the reactor "appeared to have
blown off, which could suggest the containment building had already been breached." Japan's nuclear regulating
agency said radioactive levels inside were 1,000 times above normal. Reuters said the 1995 Kobe quake caused
$100 billion in damage, up to then the most costly ever natural disaster. This time, from quake and tsunami
damage alone, that figure will be dwarfed. Moreover,
under a worst case core meltdown, all bets

are off as the entire region and beyond will be threatened with permanent
contamination, making the most affected areas unsafe to live in . On March 12, Stratfor
Global Intelligence issued a "Red Alert: Nuclear Meltdown at Quake-Damaged Japanese Plant," saying: Fukushima
Daiichi "nuclear power plant in Okuma, Japan, appears to have caused a reactor meltdown." Stratfor downplayed its
seriousness, adding that such an event "does not necessarily mean a nuclear disaster," that already may have
happened - the ultimate nightmare short of nuclear winter. According to Stratfor, "(A)s long as the reactor core,
which is specifically designed to contain high levels of heat, pressure and radiation, remains intact, the melted fuel
can be dealt with. If the (core's) breached but the containment facility built around (it) remains intact, the melted
Chernobyl in 1986. In fact, that disaster killed

nearly one million people worldwide from nuclear radiation exposure. In their book titled,
fuel can be....entombed within specialized concrete" as at
"Chernobyl: Consequences of the Catastrophe for People and the Environment," Alexey Yablokov, Vassily Nesterenko
and Alexey Nesterenko said: "For
the past 23 years, it has been clear that there is a

danger greater than nuclear weapons concealed within nuclear power.
Emissions from this one reactor exceeded a hundred-fold the radioactive
contamination of the bombs dropped on Hiroshima and Nagasaki." "No citizen of any
country can be assured that he or she can be protected from radioactive
contamination. One nuclear reactor can pollute half the globe . Chernobyl fallout
covers the entire Northern Hemisphere." Stratfor explained that if Fukushima's floor cracked, "it is
highly likely that the melting fuel will burn through (its) containment system and enter the ground. This has never
happened before," at least not reported. If now occurring, "containment goes from being merely dangerous, time
consuming and expensive to nearly impossible," making the quake, aftershocks, and tsunamis seem mild by
comparison. Potentially, millions of lives will be jeopardized. Japanese officials said Fukushima's reactor container
wasn't breached. Stratfor and others said it was, making the potential calamity far worse than reported. Japan's
Nuclear and Industrial Safety Agency (NISA) said the explosion at Fukushima's Saiichi No. 1 facility could only have
been caused by a core meltdown. In fact, 3 or more reactors are affected or at risk. Events are fluid and developing,
but remain very serious. The possibility of an extreme catastrophe can't be discounted .
Moreover, independent nuclear safety analyst John Large told Al Jazeera that by venting radioactive steam from the
inner reactor to the outer dome, a reaction may have occurred, causing the explosion. "When I look at the size of
the explosion," he said, "it is my opinion that there could be a very large leak (because) fuel continues to generate
heat." Already, Fukushima way exceeds Three Mile Island that experienced a partial core meltdown in Unit 2. Finally
it was brought under control, but coverup and denial concealed full details until much later. According to antinuclear activist Harvey Wasserman, Japan's quake fallout may cause nuclear disaster, saying: "This is a very serious
If the cooling system fails (apparently it has at two or more plants), the
super-heated radioactive fuel rods will melt, and (if so) you could conceivably
have an explosion," that, in fact, occurred. As a result, massive radiation
releases may follow, impacting the entire region. "It could be, literally, an
apocalyptic event. The reactor could blow." If so, Russia, China, Korea and most parts of Western Asia will
situation.
be affected. Many thousands will die, potentially millions under a worse case scenario, including far outside East
Asia. Moreover, at least five reactors are at risk. Already, a 20-mile wide radius was evacuated. What happened in
Japan can occur anywhere. Yet Obama's proposed budget includes $36 billion for new reactors, a shocking disregard
for global safety. Calling Fukushima an "apocalyptic event," Wasserman said "(t)hese nuclear plants have to be
shut," let alone budget billions for new ones. It's unthinkable, he said. If a similar disaster struck California, nuclear
fallout would affect all America, Canada, Mexico, Central America, and parts of South America. Nuclear Power: A
Technology from Hell Nuclear expert Helen Caldicott agrees, telling this writer by phone that a potential regional
catastrophe is unfolding. Over 30 years ago, she warned of its inevitability. Her 2006 book titled, "Nuclear Power is
Not the Answer" explained that contrary to government and industry propaganda, even during normal operations,
nuclear power generation causes significant discharges of greenhouse gas emissions, as well as hundreds of
thousands of curies of deadly radioactive gases and other radioactive elements into the environment every year.
nuclear plants are atom bomb factories. A 1000 megawatt reactor produces
500 pounds of plutonium annually. Only 10 are needed for a bomb able to devastate
a large city, besides causing permanent radiation contamination .
Moreover,
Independently, Attacks on the civilian power grid cause

retaliation and nuclear war
Tilford 12
Robert, Graduate US Army Airborne School, Ft. Benning, Georgia, Cyber attackers
could shut down the electric grid for the entire east coast 2012,
http://www.examiner.com/article/cyber-attackers-could-easily-shut-down-theelectric-grid-for-the-entire-east-coa
a cyber attack that can take out a civilian power grid, for example
could also cripple the U.S. military. The senator notes that is that the same power grids that supply
To make matters worse
cities and towns, stores and gas stations, cell towers and heart monitors also power every military base in our
backup diesel
generators, within hours, not days, fuel supplies would run out , he said. Which means
military command and control centers could go dark . Radar systems that detect
air threats to our country would shut Down completely. Communication between
commanders and their troops would also go silent. And many weapons systems
would be left without either fuel or electric power, said Senator Grassley. So in a few
short hours or days, the mightiest military in the world would be left scrambling to
maintain base functions, he said. We contacted the Pentagon and officials confirmed the threat of a cyber
country. Although bases would be prepared to weather a short power outage with
attack is something very real. Top national security officialsincluding the Chairman of the Joint Chiefs, the Director
the Secretary of Defense, and the CIA Director have said,

preventing a cyber attack and improving the nations electric grids is among the
most urgent priorities of our country (source: Congressional Record). So how serious is the Pentagon
of the National Security Agency,
taking all this? Enough to start, or end a war over it, for sure (see video: Pentagon declares war on cyber attacks
A cyber attack today against the

US could very well be seen as an Act of War and could be met with a full scale
US military response. That could include the use of nuclear weapons, if authorized by the
http://www.youtube.com/watch?v=_kVQrp_D0kY&feature=relmfu ).
President
Disclosing zero-days solves the NSA drives the market.

Harris, 2014
of the military-Internet complex / Houghton Mifflin Harcourt. P.98
In any market- gray or otherwise - the biggest buyers have an outsized ability to set
terms and conditions. As the reputedly single largest purchaser of zero day vulnerabilities and exploits,
the NSA could turn the market on its head if it bought up zero days for the
express purpose of disclosing them. The agency has billions of dollars to spend
on cyber security. Why not devote some portion of that to alerting the world to the
presence of fixable flaws? What responsibility does the agency have to warn the
owners and operators of vulnerable technology that the capability of an attack

against them exists? That's an ethical dilemma that the agency hasn't had to address. But if there is
ever a cyber attack on the United States that results in significant physical damage,
or causes widespread panic - or deaths - the agency will be called to account for its failure to
prevent that disaster. There's a good chance that some future NSA director, sitting at a witness table
before members of Congress and television cameras, will have to explain having known about the
vulnerability America's enemies had exploited, but deciding to keep quiet, because
the NSA wanted to use it one day.
Advantage ___ Cyber-Vulnerability (criticalish)

Backdoors and zero day vulnerabilities fundamentally
undermine human security.
Dunn Cavelty, 2014
Myriam, Deputy for research and teaching a the Center for Security Studies (CSS)
and Senior Lecturer for Security Politics at ETH Zurich. "Breaking the cyber-security
dilemma: Aligning security needs and removing vulnerabilities." Science and
engineering ethics 20.3 (2014): 701-715.
That said, the security-implications of current actions by state entities go even further.
It has been suspected for a while and is now confirmed that the intelligence services of this world are making
cyberspace more insecure directly; in order to be able to have more access to data, and in order to prepare for
It has been revealed that the NSA has bought and exploited so-called
zero-day vulnerabilities in current operating systems and hardware to inject NSA
malware into numerous strategically opportune points of the Internet infrastructure
(Greenwald and MacAskill 2013). As soon as military and intelligence agencies became
buyers of so-called zero-day vulnerabilities, prizes have skyrocketed (Miller 2007; Perlroth
and Sanger 2013), with several downsides to this: first, exposing these vulnerabilities in order to
patch them, as was the norm not so long ago, is becoming less likely. Second, the competition for
future conflict.
exclusive possession of such vulnerabilities might even give programmers incentives to deliberately create and
then sell them (Schneier 2012b). It is unknown which computer systems have been compromisedbut it is known
that these backdoors or sleeper programs can be used for different purposes
(surveillance, espionage, disruption, etc.) and activated at any time. It also has been
revealed that the US government spends large sums of money to crack existing
encryption standardsand apparently has also actively exploited and contributed to
vulnerabilities in widespread encryption systems (Simonite 2013; Fung 2013; Clarke et al. 2013).
The crux of the matter is that these backdoors reduce the security of the entire systemfor
everyone. The exploitation of vulnerabilities in computer systems by intelligence
agencies and their weakening of encryption standards have the potential to destroy
trust and confidence in cyberspace overall. Also, there is no guarantee that the backdoor-makers
have full control over them and/or can keep them secret in other words, they could be identified and exploited by
state practices not only become a threat for human

security: paradoxically, they also become a threat for themselves.
criminal hackers or even terrorists. Here,
The universe believes in encryption it is critical to counter

dystopian state violence.
Assange, 2012
Julian Assange, an Australian computer programmer, publisher and journalist.

Editor-in-chief of the website WikiLeaks. Jacob Appelbaum, American independent
journalist, computer security researcher and hacker. A core member of the Tor
project; Andy Muller-Maguhn, member of the German hacker association Chaos
Computer Club; Jrmie Zimmermann, French computer science engineer cofounder of the Paris-based La Quadrature du Net, a citizen advocacy group
defending fundamental freedoms online. Cypherpunks: Freedom and the Future of
the Internet. Singapore Books, 2012. P. 3-6
Most of the time we are not even aware of how close to violence we are, because
we all grant concessions to avoid it. Like sailors smelling the breeze, we rarely contemplate
how our surface world is propped up from below by darkness. In the new space of the
internet what would be the mediator of coercive force? Does it even make sense to ask this question? In this
otherworldly space, this seemingly platonic realm of ideas and information flow, could there be a notion of coercive
force? A force that could modify historical records, tap phones, separate people, transform complexity into rubble,
and erect walls, like an occupying army? The platonic nature of the internet, ideas and information flows, is debased
by its physical origins. Its foundations are fiber optic cable lines stretching across the ocean floors, satellites
spinning above our heads, computer servers housed in buildings in cities from New York to Nairobi. Like the soldier
who slew Archimedes with a mere sword, so too could an armed militia take control of the peak development of
The new world of the internet, abstracted from the old world of
longed for independence. But states and their friends moved to control
our new worldby controlling its physical underpinnings. The state, like an army
around an oil well, or a customs agent extracting bribes at the border, would soon learn to
leverage its control of physical space to gain control over our platonic realm . It would
Western civilization, our platonic realm.
brute atoms,
prevent the independence we had dreamed of, and then, squatting on fiber optic lines and around satellite ground
it would go on to mass intercept the information flow of our new worldits

very essence even as every human, economic, and political relationship
embraced it. The state would leech into the veins and arteries of our new societies, gobbling up every
stations,
relationship expressed or communicated, every web page read, every message sent and every thought googled,
and then store this knowledge, billions of interceptions a day, undreamed of power, in vast top secret warehouses,
forever.
It would go on to mine and mine again this treasure, the collective private
intellectual output of humanity, with ever more sophisticated search and pattern
finding algorithms, enriching the treasure and maximizing the power imbalance between interceptors and
the world of interceptees. And then the state would reflect what it had learned back into the physical world, to start
wars, to target drones, to manipulate UN committees and trade deals, and to do favors for its vast connected
network of industries, insiders and cronies.
total domination.
But we discovered something. Our one hope against
A hope that with courage, insight and solidarity we could use to resist. A strange property
The universe believes in encryption. It is easier

to encrypt information than it is to decrypt it. We saw we could use this strange property
of the physical universe that we live in.
to create the laws of a new world. To abstract away our new platonic realm from its base underpinnings of satellites,
undersea cables and their controllers. To fortify our space behind a cryptographic veil. To create new lands barred to
those who control physical reality, because to follow us into them would require infinite resources.
And in this
manner to declare independence.
Scientists in the Manhattan Project discovered that the universe

permitted the construction of a nuclear bomb. This was not an obvious conclusion. Perhaps nuclear weapons were
not within the laws of physics. However, the universe believes in atomic bombs and nuclear reactors. They are a
phenomenon the universe blesses, like salt, sea or stars. Similarly, the universe, our physical universe, has that
property that makes it possible for an individual or a group of individuals to reliably, automatically, even without
knowing, encipher something, so that all the resources and all the political will of the strongest superpower on earth
And the paths of encipherment between people can mesh together

to create regions free from the coercive force of the outer state. Free from mass
interception. Free from state control. In this way, people can oppose their will
to that of a fully mobilized superpower and win. Encryption is an embodiment
of the laws of physics, and it does not listen to the bluster of states, even
transnational surveillance dystopias. It isnt obvious that the world had to work this way. But
somehow the universe smiles on encryption. Cryptography is the ultimate form of nonviolent direct action. While nuclear weapons states can exert unlimited violence
over even millions of individuals, strong cryptography means that a state, even by
exercising unlimited violence, cannot violate the intent of individuals to keep secrets
from them. Strong cryptography can resist an unlimited application of
violence. No amount of coercive force will ever solve a math problem. But could we take this strange fact
may not decipher it.
about the world and build it up to be a basic emancipatory building block for the independence of mankind in the
platonic realm of the internet? And as societies merged with the internet could that liberty then be reflected back
into physical reality to redefine the state? Recall that states are the systems which determine where and how
coercive force is consistently applied. The question of how much coercive force can seep into the platonic realm of
the internet from the physical world is answered by cryptography and the cypherpunks ideals.
As states
merge with the internet and the future of our civilization becomes the future of the
internet, we must redefine force relations. If we do not, the universality of the
internet will merge global humanity into one giant grid of mass surveillance and
mass control. We must raise an alarm. This book is a watchmans shout in the night. On March 20,
2012, while under house arrest in the United Kingdom awaiting extradition, I met with three friends and fellow
watchmen on the principle that perhaps in unison our voices can wake up the town. We must communicate what we
have learned while there is still a chance for you, the reader, to understand and act on what is happening. It is time
Our task is to secure

self-determination where we can, to hold back the coming dystopia where
we cannot, and if all else fails, to accelerate its self-destruction.
to take up the arms of our new world, to fight for ourselves and for those we love.
The state is key only state action can resolve the

fundamental security imbalance in cyber-security.
Dunn Cavelty, 2014
From Problem to Solution: Human-Centric Information Ethics. This article has identified and discussed implications
of cyber(-in)-security for human-security concerns, with a main focus on both the representation of the issue as a
The
problem with the current system is that security is underproduced, both
from a traditional state-focused national security and also from a bottom-up, human
security perspective. The reason, so I have argued, is a multidimensional and multi-faceted security
dilemma, produced by the following interlinked issues: First, cyber-security is increasingly presented
in terms of power-struggles, war- fighting, and military action . This is not an inevitable or
(security) political problem and the practices of (mainly state) actors based on such representations.
natural development; rather, it is a matter of choice, or at least a matter of (complicated) political processes that
has produced this particular outcome. The result is not more security, however, but less: states spend more and
more money on cyber-defense and likely also cyber-offense, which is not leading to more, but less security, as
evident by the flood of official documents lamenting the security-deficit. Second, the type of cybersecurity that is
produced is based on economic maxims, often without consideration for the particular security-needs of the
extending a notion of national security based on border control to

cyberspace will almost inevitably have an impact on civil liberties, especially on the
right to privacy and the freedom of speech. Fourth, cyber-exploitation by intelligence
agencies linked to the manipulation of vulnerabilities is directly making cyber-space
more insecure. What becomes exceedingly clear from the developments and lessons of the last decade is that
we cannot have both: a strategically exploitable cyberspace full of vulnerabilities
and a secure and resilient cyberspace that all the cyber-security policies call for . At
the heart of this challenge is, as so often when human security is implicated, the state (cf.
Kerr 2007). On the one hand, state practices are emerging as a major part of the problem,
constantly creating more insecurity and in fact also hindering the removal of known
insecurities. At the same time, a secure, safe, and open cyberspace is not
possible without involvement of the state. How, then, can this dilemma be
overcome? Because it is a dilemma extending to more than the state, solutions are not to be found solely in the
cooperation between states (cf. Booth and Wheeler 2008). Rather , a focus on a common issue of
interest for all the stakeholders that are interested in more security is
needed. Such a common ground is held by vulnerabilities. If we want a
secure and resilient cyberspace, then a strategically exploitable cyberspace full of
population. Third,
vulnerabilities has to be actively worked against . This is a compromise that some

state actors need to make if they want a type of national security that extends to
cyberspace. If such a compromise is not made, then the quest for more
national security will always mean less cyber-security , which will always mean less
national security because of vulnerabilities in critical infrastructures. The reason why vulnerabilities persist and
the current incentive structures in the market

are skewed (Dynes et al. 2008). This is where states are needed to help improve cybersecurity through additional regulation (and through further encouragement of voluntary arrangement
for the increase of cyber-security in the corporate sector). Furthermore, there is no doubt from a human
security perspective that the zero-day exploit market needs to be regulated
internationally for security reasons (Kuehn 2013). In addition, prime human security concerns like the
freedom of speech and the right to privacy should no longer be seen as antisecurity, but as pro-security if linked to vulnerabilities : reducing the amount of data
that is unencrypted will substantially reduce cybercrime and cyber-espionage, with
benefits for both human-centred and state-centred security . In turn, the ethics that
should guide our future engagement with cyber-security have to take into account
the special and all-embracing characteristics of cyberspace . So far, ethical considerations
even proliferate has already been identified above:
with bearing on cyber-security have mainly been made from a military perspective, following the tradition to
address new forms of warfare and weapons systems under ethical viewpoints (cf. Rowe 2010; Dipert 2010; Barrett
From both a state

and a human security perspective, cyberspace has become more than just a
technological realm in which we sometimes interact for social or economic reasons.
Cyberspace has become a fundamental part of life and is constitutive of new,
complex subjectivities. An ethics that fits such a broad understanding is Information Ethics. It constitutes
2013). Cyber-security, as argued in the very beginning, is far more than this, however:
an expansion of environmental ethics towards a less anthropocentric concept of agent, which includes non-human
(artificial) and non-individual (distributed) entities and advances a less biologically-centred concept of patient,
which includes not only human life or simply life, but any form of existence. This ethics is concerned with the
question of an ethics in the infosphere (Floridi 2001) and beyond that, an ethics of the infosphere (Capurro
2006). In information ethics, the lowest possible common set of attributes which characterises something as
intrinsically valuable and an object of respect is its abstract nature as an informational entity (Floridi 1998). In this
view, all informational objects are in principle worth of ethical consideration. However, to ensure that such an ethics
does not involuntarily place the technical over the social, we must make sure that the protection of these data is
The duty
of a moral agent is evaluated in terms of contribution to the growth and welfare of
the entire infosphere (Floridi 1999: 47), but always related to a bodily being in the world .
Any process, action or event that negatively affects the infosphere with relevance to
human life impoverishes it and is an instance of evil (Floridi and Sanders 1999, 2001).
Vulnerabilities are such an evil.
not founded on the dignity of the digital but on the human dimensions they refer to (Capurro 2006).
The plan is critical to shift the focus from militarization of

cyber policy towards eliminating vulnerabilities.
Kroll 15,
Joshua A.Kroll, Doctoral candidate in computer science at Princeton University,

where he works on computer security and public policy issues at the universitys
Center for Information Technology Policy. 6-3-2015, "The Cyber Conundrum: A
Security Update," American Prospect, http://prospect.org/article/cyber-conundrumsecurity-update
In February President Barack Obama called for international protocols that set some
clear limits and guidelines, understanding that everybody's vulnerable and everybody's better off if we
abide by certain behaviors. This arms-control solution, however, is ill suited to cyber weapons, which can be
constructed quickly and hidden anywhere, making verification of compliance impossible. In U.S. cybersecurity,
according to the president, there is no clear line between offense and defense. Things are going back and forth all
the time. At first glance that statement might seem like an acknowledgement of the cyber conundrum: Actions
that increase the governments capability to undermine adversaries also limit our capability to protect ourselves.
But the president also says that, the same sophistication you need for defenses means that potentially you can
engage in offensein other words, that we can use cyber attacks or their possibility as a deterrent against threats.
Rather than accepting that everybody's vulnerable, however, we should aim

to make all systems more secure, protecting global infrastructure and
relying on the U.S. military's significant offensive capability when it is needed. This
military approach to cybersecurity allows broad industry sectors to be treated as collateral damage. In February
2015, the National Security Agency (NSA) and its United Kingdom counterpart, Government Communications
Headquarters (GCHQ), were reported to have infiltrated several major mobile phone carriers and manufacturers of
the Subscriber Identification Module (SIM) cards used to secure mobile phones. The NSA and GCHQ sought to
capture the encryption keys used by the carriers to encrypt phone conversations and prevent installation of
Experts have long known that phone software can be

modified to cause phones to record and transmit audio or location data even when
they appear to be switched off. Previously leaked documents showed that the NSA
offered this capability to its analysts. Poor policy in the past meant to preserve surveillance
malicious software on phones.
capabilities has resulted in weaknesses even years after that policy was changed. The FREAK and "Logjam"
attacks on secure browsing technology, discovered respectively in March and May of this year, provide clear
examples. Until 1992 (and in some cases even later), the U.S. government tried to maintain surveillance of
foreigners by requiring American companies to register as arms dealers and to obtain export licenses if they wanted
to sell secure web systems abroad. Instead, companies designed systems with highly secure modes for their
domestic clients, but deliberately weaker cryptography for foreign users. This switching between security levels
ultimately became part of the widely adopted standard for secure web browsing, which is still in use today even
though the government has eased export restrictions on strong cryptography. Attackers discovered how to trick
When the
FREAK attack was discovered, nearly two in five web servers on the Internet were
vulnerable to this trick. The broader Logjam attack applied to up to two-thirds of v irtual
private network connections, both foreign and domestic, making them vulnerable to
surveillance by sophisticated attackers. FREAK and Logjam present object lessons in why
government policies encouraging insecure systems can lead to vulnerabilities even
decades after the policy changes . Secure systems are now easier to export. But a rule proposed by the
systems into using the weaker mode, which is now trivial to defeat thanks to advances in technology.
Department of Commerce's Bureau of Industry and Security may broaden the export-licensing regime long applied
to security software using cryptography to cover nearly all computer security technology. Onerous licensing
requirements for cryptographic products have made U.S. companies less globally competitive. In fact, since it can
be easier to import secure products than to get a license to export them, some companies have outsourced the
development of these products to foreign subsidiaries or inverted their headquarters abroad. These controls stem
from the Wasennaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies,
a multilateral organization of 41 countries that aims to promote global security by restricting trade in conventional
arms and dual-use technologies (those with both a military and a civilian application). There certainly are security
products that might reasonably be subject to export control. Today there is a thriving trade in undisclosed software
vulnerabilities and in surveillance-enabling equipment sold to states with unsavory human rights records. But the
proposed rules are written broadly and could apply to products that are purely defensive in nature, such as tools
meant to assist programmers in avoiding common pitfalls by scanning for common patterns of vulnerability, or even
generic tools for writing large software systems, such as source code editors that are not specific to security
Again, the government is viewing cybersecurity policy mostly as a military

problem without considering the interests of ordinary citizens and businesses. The
policy landscape is not, however, without hope. Congress has now passed legislation to
limit the scope of some NSA surveillance programs , a clear signal that it sees little benefit to
software.
open-ended surveillance as a strategy for security, online or otherwise. And in a speech on May 20, Assistant
Attorney General Leslie R. Caldwell spoke at length about the insufficiency and inadvisability of hacking back as a
As revised policy
emerges, it will be important to remember that increasing overall security for
citizens and the private sector can be effectively balanced with national security,
military, and intelligence goals. We're a long way from complete cybersecurity, but we can move toward
defensive tactic for U.S. companies. Current cybersecurity policy isnt achieving its goals.
a system thats significant more effective than the one we have now.
Solvency
The plan solves - strong encryption key to the internet.
Kehl, 2015
Strong encryption has become a bedrock technology that protects the security of
the internet The evolution of the ecosystem for encrypted communications has also enhanced the protection of
individual communications and improved cybersecurity. Today, strong encryption is an essential
ingredient in the overall security of the modern network, and adopting technologies like HTTPS
is increasingly considered an industry best-practice among major technology companies.177 Even the report of the
Presidents Review Group on Intelligence and Communications Technologies, the panel of experts appointed by
President Barack Obama to review the NSAs surveillance activities after the 2013 Snowden leaks, was unequivocal
in its emphasis on the importance of strong encryption to protect data in transit and at rest. The Review Group
Encryption is an essential basis for trust on the Internet; without such trust,
valuable communications would not be possible . For the entire system to work,
encryption software itself must be trustworthy. Users of encryption must be confident, and
wrote that:
justifiably confident, that only those people they designate can decrypt their data. Indeed, in light of the massive
increase in cyber-crime and intellectual property theft on-line, the use of encryption should be greatly expanded to
The report
further recommended that the U.S. government should: Promote security[] by (1)
fully supporting and not undermining efforts to create encryption standards; (2)
making clear that it will not in any way subvert, undermine, weaken, or make
vulnerable generally available commercial encryption; and (3) supporting efforts to
encourage the greater use of encryption technology for data in transit, at rest, in
the cloud, and in storage.179 Moreover, there is now a significant body of evidence that,
as Bob Goodlatte argued back in 1997, Strong encryption prevents crime .180 This has become
protect not only data in transit, but also data at rest on networks, in storage, and in the cloud.178
particularly true as smartphones and other personal devices that store vast amount of user data have risen in
Encryption can stop or mitigate the damage from crimes

like identity theft and fraud targeted at smartphone users .181
popularity over the past decade.
Backdoors and other vulnerabilities should be rejected, only

the plan solves. The consensus of academic computer
scientists agree.
Abadi, et al. 2014
Martn Abadi Professor Emeritus, University of California, Santa Cruz; Hal Abelson Professor, Massachusetts Institute
of Technology; Alessandro Acquisti Associate Professor, Carnegie Mellon University; Boaz Barak Editorial-board
member, Journal of the ACM; Mihir Bellare Professor, University of California, San Diego; Steven Bellovin Professor,
Columbia University; Matt Blaze Associate Professor, University of Pennsylvania; L. Jean Camp Professor, Indiana
University; Ran Canetti Professor, Boston University and Tel Aviv University; Lorrie Faith Cranor Associate Professor,
Carnegie Mellon University; Cynthia Dwork Member, US National Academy of Engineering; Joan Feigenbaum
Professor, Yale University; Edward Felten Professor, Princeton University; Niels Ferguson Author, Cryptography
Engineering: Design Principles and Practical Applications; Michael Fischer Professor, Yale University; Bryan Ford
Assistant Professor, Yale University; Matthew Franklin Professor, University of California, Davis; Juan Garay Program
Committee Co-Chair, CRYPTO2 2014; Matthew Green Assistant Research Professor, Johns Hopkins University; Shai
Halevi Director, International Association for Cryptologic Research; Somesh Jha Professor, University of Wisconsin
Madison; Ari Juels Program Committee Co-Chair, 2013 ACM Cloud-Computing Security Workshop; M. Frans Kaashoek
Professor, Massachusetts Institute of Technology; Hugo Krawczyk Fellow, International Association for Cryptologic
Research; Susan Landau Author, Surveillance or Security? The Risks Posed by New Wiretapping Technologies;
Wenke Lee Professor, Georgia Institute of Technology; Anna Lysyanskaya Professor, Brown University; Tal Malkin
Associate Professor, Columbia University; David Mazires Associate Professor, Stanford University; Kevin McCurley
Fellow, International Association for Cryptologic Research; Patrick McDaniel Professor, The Pennsylvania State
University; Daniele Micciancio Professor, University of California, San Diego; Andrew Myers Professor, Cornell
University; Rafael Pass Associate Professor, Cornell University; Vern Paxson Professor, University of California,
Berkeley; Jon Peha Professor, Carnegie Mellon University; Thomas Ristenpart Assistant Professor, University of
Wisconsin Madison; Ronald Rivest Professor, Massachusetts Institute of Technology; Phillip Rogaway Professor,
University of California, Davis; Greg Rose Officer, International Association for Cryptologic Research; Amit Sahai
Professor, University of California, Los Angeles; Bruce Schneier Fellow, Berkman Center for Internet and Society,
Harvard Law School; Hovav Shacham Associate Professor, University of California, San Diego; Abhi Shelat Associate
Professor, University of Virginia; Thomas Shrimpton Associate Professor, Portland State University; Avi Silberschatz
Professor, Yale University; Adam Smith Associate Professor, The Pennsylvania State University; Dawn Song
Associate Professor, University of California, Berkeley; Gene Tsudik Professor, University of California, Irvine; Salil
Vadhan Professor, Harvard University; Rebecca Wright Professor, Rutgers University; Moti Yung Fellow, Association
"An
open letter from US researchers in cryptography and information security." (2014) .
for Computing Machinery; Nickolai Zeldovich Associate Professor, Massachusetts Institute of Technology;
http://people.csail.mit.edu/rivest/pubs/Ax14.pdf
Media reports since last June have revealed that the US government conducts
domestic and international surveillance on a massive scale, that it engages in deliberate
and covert weakening of Internet security standards, and that it pressures US
technology companies to deploy backdoors and other data-collection features. As
leading members of the US cryptography and information-security research
communities, we deplore these practices and urge that they be changed . Indiscriminate
collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite
These are not hypothetical

problems; they have occurred many times in the past. Inserting backdoors, sabotaging
standards, and tapping commercial data-center links provide bad actors, foreign and
domestic, opportunities to exploit the resulting vulnerabilities. The value of society-wide
surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to
privacy, democracy, and the US technology sector is readily apparent. Because
transparency and public consent are at the core of our democracy, we call upon the US government to
subject all mass-surveillance activities to public scrutiny and to resist the
deployment of mass-surveillance programs in advance of sound technical and social
controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/
provide a good starting point. The choice is not whether to allow the NSA to spy. The choice is between
a communications infrastructure that is vulnerable to attack at its core
and one that, by default, is intrinsically secure for its users. Every country,
including our own, must give intelligence and law-enforcement authorities the means to
pursue terrorists and criminals, but we can do so without fundamentally
undermining the security that enables commerce, entertainment, personal
communication, and other aspects of 21st-century life. We urge the US government to reject
many types of abuse, ranging from mission creep to identity theft.
society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving
technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy
commerce, and technical innovation.
US should take the lead on encryption other countries will

follow.
Ranger, 2015
Steve Ranger, UK editor of TechRepublic, 3-23-2015, "The undercover war on your
internet secrets: How online surveillance cracked our trust in the web,"
TechRepublic, http://www.techrepublic.com/article/the-undercover-war-on-yourinternet-secrets-how-online-surveillance-cracked-our-trust-in-the-web/
Back in the 1990s and 2000s, encryption was a complicated, minority interest. Now
it is becoming easy and mainstream, not just for authenticating transactions but for encrypting data
and communications. Back then, it was also mostly a US debate because that was where
most strong encryption was developed. But that's no longer the case: encryption
software can be written anywhere and by anyone, which means no one country
cannot dictate global policy anymore. Consider this: the right to privacy has long been considered a
qualified rather than an absolute right one that can be infringed, for example, on the grounds of public safety, or
to prevent a crime, or in the interests of national security. Few would agree that criminals or terrorists have the right
What the widespread use of strong, well-implemented

encryption does is promotes privacy to an absolute right . If you have encrypted a
to plot in secret.
hard drive or a smartphone correctly, it cannot be unscrambled (or at least not for a few hundred thousand years).
At a keystroke, it makes absolute privacy a reality, and thus rewrites one of the
fundamental rules by which societies have been organised. No wonder the intelligence
services have been scrambling to tackle our deliberately scrambled communications. And our fear of crime
terrorism in particular has created another issue. We have demanded that the intelligence services and law
enforcement try to reduce the risk of attack, and have accepted that they will gradually chip away at privacy in
order to do that. However, what we haven't managed as a society is to decide what is an acceptable level of risk
that such terrible acts might occur.
Without that understanding of what constitutes an

acceptable level of risk, any reduction in our privacy or civil liberties whether
breaking encryption or mass surveillance becomes palatable. The point is often made
that cars kill people and yet we still drive. We need to have a better discussion about what is an acceptable level of
safety that we as a society require, and what is the impact on our privacy as a result. As the University of Surrey's
Woodward notes: "Some of these things one might have to accept. Unfortunately there might not be any easy way
around it, without the horrible unintended consequences. You make your enemies less safe but you also make your
while the US can

no longer dictate policy on encryption, it could be the one to take a lead
which others can follow. White House cybersecurity coordinator Michael Daniel recently argued that,
as governments and societies are still wrestling with the issue of encryption , the US should come up with
the policies and processes and "the philosophical underpinnings of what we want to
do as a society with this so we can make the argument for that around the planet ...
friends less safe by [attacking] encryption and that is not a sensible thing to do." And
to say, this is how free societies should come at this." But he doesn't underestimate the scale of the problem,
either.
Shift in policy of protecting infrastructure is key to avert solve

the coming clash between security and intelligence.
Joshua A. Kroll 15, doctoral candidate in computer science at Princeton
University, where he works on computer security and public policy issues at the
universitys Center for Information Technology Policy, 6-1-2015, "The Cyber
Conundrum," American Prospect, http://prospect.org/article/cyber-conundrum
Moving to Protect-First Three months after NIST withdrew the DRBG standard, a review initiated by President Barack Obama
called for a shift in policy. Regarding encryption, the Presidents Review Group on Intelligence
and Communications Technologies recommended that the U.S. Government
should: (1) fully support and not undermine efforts to create encryption standards;
(2) not in any way subvert, undermine, weaken, or make vulnerable generally
available commercial software; and (3) increase the use of encryption and urge U.S.
companies to do so. But there were few visible signals that policy had changed. No foreign nation, no hacker, Obama said in his 2015
State of the Union speech, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families. But the
nearly $14 billion requested for cybersecurity in the presidents fiscal year 2016
budget proposal effectively supports and reinforces current undermine-first policy, a
policy that has failed to stop the flood of attacks on American businesses and the government itself by foreign intelligence services, weekend hacktivists,
A protect-first policy of bolstering security technologies would identify

the most critical pieces of security infrastructure, invest in making those defenses
secure, and support their universal deployment . Such a policy would emphasize
support for universal end-to-end encryption tools such as secure web
and common criminals.
browsing.
A website is delivered securely when that sites address starts with httpsthe s stands for secureand your browser puts a lock or
key icon next to the address. Browsers can load and display secure pages, guaranteeing that while the pages are in transit from server to user, the pages
remain confidential and are protected from tampering, and that the users browser verifies that the server is not an impostor. At present, secure browsing
A notorious example is the Heartbleed bug,

disclosed in April of 2014. Heartbleed allowed attackers to reach out across the
Internet and extract the contents of a computers memory , including encryption keys, passwords, and
is underused and underfunded, leading to troubling security lapses.
private information. Two-thirds of the websites on the Internet were vulnerable, along with countless computers embedded in cars, wireless routers, home
appliances, and other equipment. Because exploitation via Heartbleed usually did not leave a record, the full consequences of Heartbleed will almost
All of this was due to a single programming error in a software

package called OpenSSL, which is used by the majority of websites that provide secure pages. By any measure, OpenSSL is a core
certainly never be known.
piece of our cyber infrastructure. Yet it has been maintained by a very small team of developersin the words of one journalist, two guys named Steve
and the foundation supporting it never had a budget reaching even $1 million per year. Despite its central role in web security, OpenSSL had never
undergone a careful security audit. Matthew Green, a cryptographer at Johns Hopkins University and an outspoken critic of OpenSSL, said after Heartbleed
that the OpenSSL Foundation has some very devoted people, it just doesnt have enough of them, and it cant afford enough of them. Since the
Heartbleed attack, a consortium of companies, including some of the biggest names in the Internet business, pledged contributions of a few million dollars
to start the Core Infrastructure Initiative (CII), a grant-making process for security audits of important infrastructure components like OpenSSL. CIIs budget
A more
proactive government policy would provide ample funding for security
audits. By leaving OpenSSL to its own devices, government perpetuates the
status quo and implicitly rejects a protect-first strategy . A similar situation applies to
of a few million dollars is nowhere near the few hundred million now devoted to the NSAs SIGINT Enabling program, but it is a start.
encrypted email, the state of which is well conveyed by a recent ProPublica headline: The Worlds Email Encryption Software Relies on One Guy, Who is
Going Broke. Werner Koch, the author and maintainer of the software Gnu Privacy Guardthe most popular tool for encrypted email and a piece of critical
security infrastructure used to verify the integrity of operating system updates on the most popular operating system for web servershad been getting
by on donations of $25,000 per year since 2001, and a new online fund drive was bringing only modest donations. The ProPublica piece brought attention
to Kochs plight, and a few hundred thousand dollars of donations poured in, enabling Koch to keep maintaining GPG. It was a success, of a sort. But
passing the digital hat for donations is not a sustainable way to fund a critical security infrastructure. The Limitations of Surveillance Meanwhile, although
precise numbers are hard to come by, one estimate is that 0.64 percent of U.S. gross domestic product is lost to cyber crime, an over$400 billion global
growth industry. Despite the fact that a cyberattack can decimate a companys operations and pry loose its secrets, and despite billions of dollars in
annual direct losses to foreign governments and criminals, the most popular systems for secure web page delivery and encrypted email get only crumbs
, the government usually treats cybersecurity

as a military or intelligence problem and therefore tends to look first to the military
and the intelligence community for a solution. The result is massive
surveillance that gathers situational awareness, hoping to connect the dots to find and stop attacks. Some surveillance happens quietly,
from the $14 billion U.S. government cybersecurity budget. Instead
coming into the public eye only through leaks and investigative journalism. Some happens more openly, under the guise of information sharing between
companies and government. Surveillance of adversaries, both overseas and domestically with an appropriate court order, is prudent and necessary to
. Universal domestic surveillance is harder to

justify on the merits. Officials argue that they need all of the data if we want them to connect the dots. But the problem is not a lack of
dots. More often, the problem is that the dots can be connected in too many ways. There is no reliable way to tell in
advance which pattern marks an impending attack and which simply reflects one of
the endless permutations of human social behavior . Surveillance data is more useful in hindsight. In the Sony
prevent attacks and inform diplomatic and military decisions
Pictures hack, intelligence and investigation were critical in connecting the dots after the attack had happened, even though they did very little to prevent
Aggressive surveillance has limited efficacy and

imposes real costs on U.S. companies . Users who are suspicious of the U.S. governmenta group including most foreign
the attack or to discover it in the year or so that it was ongoing.
users and more than a few Americanswant to steer clear of products and companies that might be complicit in surveillance. Foreign companies market
Analysts
estimate that U.S. companies will lose at least tens of billions of dollars of business
due to users surveillance concerns. At the same time, news of U.S. government demands for data emboldens demands for
themselves as more trustworthy because, unlike American companies, they can defy information demands from U.S. authorities.
similar access by other governmentsincluding countries with much weaker civil liberties records. Anything that facilitates U.S. government access will
facilitate access by other governments. Industry worries, too, about direct government attacks on their infrastructures. That is exactly what happened
when the NSA tapped into the private communications lines that Google, Yahoo, and other major Internet companies use to move data internally, enabling
the NSA to capture information on the users of those systems without any request or notification. Consequently, the Internet companies are seen as either
complicit or vulnerableor both. The rift between government and industry was visible at the White House Summit on Cybersecurity and Consumer
Protection, held at Stanford University on February 13. Obama called for new legislation to promote greater information sharing between government and
private sector, including liability protections for companies that share information about cyber threats, and announced that our new Cyber Threat
Intelligence Integration Center [will be] a single entity thats analyzing and integrating and quickly sharing intelligence about cyber threats across
To the
president, cyber defense means collecting more information and using it more
aggressivelya policy of undermining and surveillance.
government so we can act on all those threats even faster. After the speech, he signed an executive order implementing these proposals.
All Aff Cards
SQ CrytpoWars
SQ - Encryption
The NSA weakened encryption and created vulnerabilities in
commercial software compromising the security of the entire
internet.
Harris, 2014
For the past ten years the NSA has led an effort in conjunction with its British counterpart, the Government
Communications Headquarters, to defeat the widespread use of encryption technology by
inserting hidden vulnerabilities into widely used encryption standards . Encryption is simply the
process of turning a communication - say, an e-mail - into a jumble of meaningless numbers and digits, which can only be deciphered using a key
possessed by the e-mail's recipient. The NSA once fought a public battle to gain access to encryption keys, so that it could decipher messages at will, but
The agency then turned its attention toward weakening the encryption
algorithms that are used to encode communications in the first place. The NSA is
home to the world's best code makers, who are regularly consulted by public
organizations, including government agencies, on how to make encryption algorithms stronger.
That's what happened in 2006 - a year after Alexander arrived - when the NSA helped developed an
encryption standard that was eventually adopted by the National Institute of Standards and
Technology, the US government agency that has the last word on weights and measures used for calibrating all manner of tools, industrial equipment,
and scientific instruments. NIST's endorsement of an encryption standard is a kind of Good
Housekeeping Seal of approval. It encourages companies, advocacy groups, individuals, and government agencies around the
it lost that fight.
world to use the standard. NIST works through an open, transparent process, which allows experts to review the standard and submit comments. That's
NIST is so trusted that it must approve any encryption

algorithms that are used in commercial products sold to the US government. But behind
the scenes of this otherwise open process, the NSA was strong-arming the development of an algorithm
called a randomnumber generator, a key component of all encryption . Classified documents
one reason its endorsement carries such weight.
show that the NSA claimed it merely wanted to "finesse" some points in the algorithm's design, but in reality it became the "sole editor" of it and took over
. Compromising the number generator, in a way that only the NSA

knew, would undermine the entire encryption standard. It gave the NSA a
backdoor that it could use to decode information or gain access to sensitive
computer systems. The NSA's collaboration on the algorithm was not a secret. Indeed, the agency's involvement lent some credibility to
the process in secret
the process. But less than a year after the standard was adopted, security researchers discovered an apparent weakness in the algorithm and speculated
publicly that it could have been put there by the spy agency. The noted computer security expert Bruce Schneier zeroed in on one of four techniques for
randomly generating numbers that NIST had approved. One of them, he wrote in 2007, "is not like the others:' For starters, it worked three times more
slowly than the others, Schneier observed. It was also "championed by the NSA, which first proposed it years ago in a related standardization project at
the American National Standards Institute. Schneier was alarmed that NIST would encourage people to use an inferior algorithm that had been
enthusiastically embraced by an agency whose mission is to break codes. But there was no proof that the NSA was up to no good. And the flaw in the
number generator didn't render it useless. As Schneier noted, there was a workaround, though it was unlikely anyone would bother to use it. Still, the flaw
set cryptologists on edge. The NSA was surely aware of their unease, as well as the growing body of work that pointed to its secret intervention, because it
leaned on an international standards body that represents 163 countries to adopt the new algorithm. The NSA wanted it out in the world, and so widely
used that people would find it hard to abandon. Schneier, for one, was confused as to why the NSA would choose as a backdoor such an obvious and now
that the
NSA reportedly struck with one of the world's leading computer security vendors,
RSA, a pioneer in the industry. According to a 2013 report by Reuters, the company adopted the NSAbuilt algorithm "even before NIST approved it. The NSA then cited the early use ...
inside the government to argue successfully for NIST approval :' The algorithm became "the default
public flaw. (The weakness had first been pointed out a year earlier by employees at Microsoft.) Part of the answer may lie in a deal
option for producing random numbers in an RSA security product called the bSafe toolkit, Reuters reported. "No alarms were raised, former employees
. For its compliance and willingness

to adopt the flawed algorithm, RSA was paid $10 million , Reuters reported. It didn't matter that the NSA had
said, because the deal was handled by business leaders rather than pure technologists
built an obvious backdoor. The algorithm was being sold by one of the world's top security companies, and it had been adopted by an international
The NSA's campaign to weaken global security for its own

advantage was working perfectly. When news of the NSA's efforts broke in 2013, in documents released by Edward Snowden,
standards body as well as NIST.
RSA and NIST both distanced themselves from the spy agency- but neither claimed that the backdoor hadn't been installed. In a statement following the
Reuters report, RSA denied that it had entered into a "secret contract" with the NSA, and asserted that "we have never entered into any contract or
engaged in any project with the intention of weakening RS.A's products, or introducing potential 'backdoors' into our products for anyone's use." But it
didn't deny that the backdoor existed, or may have existed. Indeed, RSA said that years earlier, when it decided to start using the flawed numbergenerator algorithm, the NSA had a trusted role in the community-wide effort to strenghten, not weaken, encryption. Not so much anymore. When
documents leaked by Snowden confirmed the NSAs work, RSA encouraged people to stop using the number generator as did the NIST. The standards
body issued its own statement following the Snowden revelations. It was a model of carefully calibrated language. "NIST would not deliberately weaken a
cryptographic standard," the organization said in a public statement, clearly leaving open the possibilitywithout confirming it - that the NSA had secretly
installed the vulnerability or done so against NIST's wishes. "NIST has a long history of extensive collaboration with the world's cryptography experts to
support robust encryption. The [NSA] participates in the NIST cryptography development process because of its recognized expertise. NIST is also required
by statute to consult with the NSA. The standards body was effectively telling the world that it had no way to stop the NSA. Even if it wanted to shut the
agency out of the standards process, by law it couldn't. A senior NSA official later seemed to support that contention. In an interview with the national
security blog Lawfare in December 2013, Anne Neuberger, who manages the NSAs relationships with technology companies, was asked about reports that
the agency had secretly handicapped the algorithm during the development process. She neither confirmed nor denied the accusation. Neuberger called
NIST an incredibly respected close partner on many things But, she noted, it is not a member of the intelligence community. All the work they do is ...
pure white hat Neuberger continued, meaning not malicious and intended solely to def end encryption and promote security. "Their only responsibility is
to set standards" and "to make them as strong as they can possibly be. That is not the NSAs job. Neuberger seemed to be giving the NIST a get-out-of-
It
was part of a broader, longer campaign by the NSA to weaken the basic standards
that people and organizations around the world use to protect their information .
Documents suggest that the NSA has been working with NIST since the early 1990s
to hobble encryption standards before they're adopted . The NSA dominated the process of developing the
jail-free card, exempting it from any responsibility for inserting the flaw.The 2006 effort to weaken the number generator wasn't an isolated incident.
Digital Signature Standard, a method of verifying the identity of the sender of an electronic communication and the authenticity of the information in it.
NIST publicly proposed the [standard] in August 1991 and initially made no mention of any NSA role in developing the standard, which was intended for
use in unclassified, civilian communications systems according to the Electronic Privacy Infonnation Center, which obtained documents about the
development process under the Freedom of Information Act. Following a lawsuit by a group of computer security experts, NIST conceded that the NSA had
developed the standard, which was widely criticized within the computer industry for its perceived weak security and inferiority to an existing
authentication technology, the privacy center reported "Many observers have speculated that the [existing] technique was disfavored by NSA because it
was, in fact, more secure than the NSA-proposed algorithm. From NSA's perspective, its efforts to defeat encryption are hardly controversial. It is, after
all, a code-breaking agency. This is precisely the kind of work it is authorized, and expected, to do. If the agency developed flaws in encryption algorithms
But the flaws weren't secret. By 2007, the backdoor in the number generator was
It would be difficult to exploit the
weakness - that is, to figure out the key that opened NSA's backdoor. But this wasn't
impossible. A foreign government could figure out how to break the encryption and then use it to spy on its own citizens, or on American
companies and agencies using the algorithm. Criminals could exploit the weakness to steal personal and
financial information. Anywhere the algorithm was used - including in the products
of one of the world's leading security companies it was vulnerable . The NSA might comfort itself
that only it knew about, what would be the harm?
being written about on prominent websites and by leading security experts.
by reasoning that code-breaking agencies in other countries were surely trying to undermine encryption, including the algorithms the NSA was
manipulating. And surely they were. But that didnt answer the question, why knowingly undermine not just an algorithm but the entire process by which
The NSAs clandestine efforts damaged the credibility of NIST

and shredded the NSA's long-held reputation as a trusted, valued participant in
creating some of the most fundamental technologies on the lnternet, the very
devices by which people keep their data, and by extension themselves, safe .
Imagine if the NSA had been in the business of building door locks, and encouraged
every homebuilder in America to install its preferred, and secretly flawed, model. No
one would stand for it. At the very least, consumer groups would file lawsuits and
calls would go up for the organization's leaders to resign.
encryption standards are created?
Backdoors FYI
What is a backdoor?
Zetter, 2014
Kim Zetter, ward-winning, senior staff reporter at Wired covering cybercrime,
privacy, and security. 12-11-2014, "Hacker Lexicon: What Is a Backdoor?," WIRED,
http://www.wired.com/2014/12/hacker-lexicon-backdoor/
A backdoor has multiple meanings. It can refer to a legitimate point of access embedded in a system or software
program for remote administration. Generally this kind of backdoor is undocumented and is used for the
Some administrative backdoors are protected

with a hardcoded username and password that cannot be changed ; though some use
credentials that can be altered. Often, the backdoors existence is unknown to the system
owner and is known only to the software maker . Built-in administrative backdoors
create a vulnerability in the software or system that intruders can use to gain
access to a system or data. Attackers also can install their own backdoor on a
targeted system. Doing so allows them to come and go as they please and gives them remote access to the
maintenance and upkeep of software or a system.
system. Malware installed on systems for this purpose is often called a remote access Trojan, or a RAT, and can be
Backdoors of another sort gained notoriety

in 2013 when NSA documents leaked to the media by whistleblower Edward Snowden revealed a
decades-long effort by the spy agency , in partnership with Britains GCHQ, to pressure
companies into installing backdoors in their products . They particularly focused
pressure on the makers of encryption systems. These secret backdoors allow the
intelligence agencies to circumvent or undermine security protections and
surreptitiously access systems and data. One of the most controversial backdoor
cases involved the NSAs reported efforts to intentionally weaken an encryption
algorithm known as the NIST SP800-90 Dual Ec Prng so that any data encrypted
with the algorithm would be susceptible to cracking by the NSA .
used to install other malware on the system or exfiltrate data.
Cryptowar Brink
New Crypto Wars coming now.
Kehl, 2015
Unfortunately,
in the past few years the consensus that strong encryption is good for
security, liberty, and economic growth has come under threat . The June 2013
revelations about the U.S. National Security Agencys pervasive surveillance
programs not to mention the NSAs direct attempts to thwart Internet security to
facilitate its own spying dramatically shifted the national conversation,
highlighting the vulnerabilities in many of the tools and networks on which we now
rely for both everyday and sensitive communications . While ordinary individuals, civil liberties
advocates, and major technology companies have since embraced greater use of encryption as a necessary step to
address a wide range of modern threats from both government and nongovernment actors, intelligence agencies
and law enforcement officials have also become increasingly outspoken against measures to strengthen these
systems through encryption. To make their case, they have revived many of the arguments they made about
encryption in the 1990s, seeming to have forgotten the lessons of the past. In response, encryption proponents
have countered with many of the same arguments that they made in the 1990s, along with a few new ones.195
It
seems like we may once again be on the verge of another war: a Crypto War 2.0.
But it would be far wiser to maintain the peace than to begin a new and
unnecessary conflict. We already had a robust public debate that resolved this
dispute, and nothing has changed since the 1990s that would cast doubt on the
policy conclusions we reached then; indeed , the post-war period has only
reinforced those conclusions. Although there are numerous individual lessons from
the Crypto Wars, the overarching takeaway is that weakening or otherwise
undermining encryption is bad for our economy, our economic security, and our civil
liberties and there is no reason to repeat our previous mistakes.
Crypto Wars coming now.

Tokmetzi 2015

We thought that the Crypto Wars of the nineties were over , but renewed fighting has erupted since
the Snowden revelations. On one side, law enforcement and intelligence agencies are afraid that broader use of encryption on the
Internet will make their work harder or even impossible. On the other, security experts and activists argue that installing backdoors
will make everyone unsafe. Is it possible to find some middle ground between these two positions? This is the story of how a
Its also a story of encryption backdoors, and why they

never quite work out the way you want them to. So began the blog post on the FREAK attack, one of the
handful of cryptographers hacked the NSA.
most ironic hacks of recent years. Matthew Green, assistant professor at John Hopkins university, and a couple of international
colleagues exploited a nasty bug on the servers that host the NSA website. By forcing the servers to use an old, almost forgotten
and weak type of encryption which they were able to crack within a few hours, they managed to gain access to the backend of the
NSA website, making it possible for them to alter its content. Worse still, the cryptographers found that the same weak encryption
was used on a third of the 14 million other websites they scanned. For instance, if they had wanted to, they could have gained
this
weak encryption was deliberately designed for software products exported from the
access to whitehouse.gov or tips.fbi.gov. Many smartphone apps turned out to be vulnerable as well. The irony is this:
US in the nineties. The NSA wanted to snoop on foreign governments and

companies if necessary and pushed for a weakening of encryption . This weakened encryption
somehow found its way back onto the servers of US companies and government agencies. Since the NSA was the organization that
demanded export-grade crypto, its only fitting that they should be the first site affected by this vulnerability, Green gleefully wrote.
Ever since Edward

Snowden released the NSA files in June 2013, a new battle has been raging between
computer security experts and civil liberties activists on one side and law
enforcement and intelligence agencies on the other. There was one set of revelations that particularly
The FREAK attack wasnt only a show of technological prowess, but also a political statement.
enraged the security community. In September 2013 the New York Times, ProPublica and the Guardian published a story on the
In a
prolonged, multi-billion operation dubbed BULLRUN, the intelligence agencies used
supercomputers to crack encryption, asked, persuaded or cajoled telecom and web
companies to build backdoors into their equipment and software, used their
influence to plant weaknesses in cryptographic standards and simply stole
encryption keys from individuals and companies. A war is looming But security specialists
argue that by attacking the encryption infrastructure of the Internet, the intelligence
agencies have made us all less safe. Terrorists and paedophiles may use encryption to protect themselves
when planning and committing terrible crimes, but the Internet as a whole cannot function without
proper encryption. Governments cannot provide digital services to their citizens if they cannot use safe networks. Banks
thorough and persistent efforts of the NSA and its British counterpart GCHQ to decrypt Internet traffic and databases.
and financial institutions must be able to communicate data over secure channels. Online shops need to be able to process
Without
strong encryption, trust cannot exist online. Cryptographers have vowed
to fight back. Major web companies like Google and Yahoo! promised their clients strong end-to-end encryption for email
payments safely. And all companies and institutions have to keep criminals and hackers out of their systems.
and vowed to improve the security of their networks and databases. Apple developed a new operating system that encrypted all
content on the new iPhone by default. And hackers started developing web applications and hardware with strong, more userfriendly encryption. In the past few years we have seen the launch of encrypted social media (Twister), smartphones (Blackphone),
chat software (Cryptocat), cloud storage (Boxcryptor), file sharing tools (Peerio) and secure phone and SMS apps (TextSecure and
Signal). This worries governments. In the wake of the attack on Charlie Hebdo in Paris, UK Prime Minister David Cameron implied
that encryption on certain types of communication services should be banned. In the US, FBI director James Comey recently warned
that the intelligence agencies are going dark because of the emergence of default encryption settings on devices and in web
In Europe, the US and elsewhere politicians are proposing that mandatory

backdoors be incorporated in hardware and software. Some even want governments
to hold golden keys that can decrypt all Internet traffic. The obvious question is how we can meet
applications.
the needs of all concerned? One the one hand, how can we ensure that intelligence and law enforcement agencies have access to
communications and data when they have a legal mandate to do so? Their needs are often legitimate. One the other, how can we
ensure strong data protection for all, not only a techsavvy few? As we shall see, this crypto conflict isnt new, nor is the obvious
question the right question to ask at this moment.
Tokmetzi 2015
Up until the seventies, the use of cryptography was limited to
governments, big corporations and some math enthusiasts. With the rise of
electronic networks like the Internet, the demand for encryption grew. Academics started
Crypto to the people
to develop new cryptography methods, but were warned by intelligence agencies to refrain from publishing about
them, according to Bart Preneel, a long-time professor of cryptography at the Belgian University of Leuven. The first
encryption products were built into hardware and exporting them was prohibited by most countries. These export
controls were outdated the moment encryption became available in software products in the late eighties, Preneel
says. Phil Zimmermann developed his encryption product Pretty Good Privacy (PGP) that made it fairly simple to
encrypt email traffic. Once uploaded onto the Internet, there was no stopping it, according to Preneel. The US
authorities tried to stop Zimmermann from exporting his code, but PGP had already found its way onto the nascent
network. Zimmermann also published the raw code in a book, making the export of his work a free speech issue.
The Clinton administration still tried to force a backdoor to be incorporated in

USmanufactured hardware, but this Clipper Chip proved to be unsafe and too
contentious. Export controls were subsequently relaxed. The same happened on the other side of the Atlantic.
In 1995 the Wassenaar Arrangement was signed, restricting the export of cryptography and many other products. In
2000 these restrictions were lifted. Strong democratised encryption was unstoppable. Preneel said: We thought we
the proponents of
strong encryption had probably lost the war . However, the war is certainly not over as far as FBI
had won the war. We turned out to be wrong. The Crypto War was lost If anything,
director James Comey is concerned. In a speech at the Brooking Institution in October 2014 he told the audience
that perhaps its time to suggest that the post-Snowden pendulum has swung too far in one directionin a
direction of fear and mistrust. Comey thinks that tech companies overreacted to the Snowden revelations.
Encryption isnt just a technical feature; its a marketing pitch. He objected to the term backdoor. We want to
use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely
comfortable with court orders and legal process front doors that provide the evidence and information we need to
investigate crimes and prevent terrorists attacks. These comments by the FBI Director sound legitimate and
certainly seem reasonable. But there are at least three objections to installing decryption technology in
Making everyone less secure The first objection is: who gets to
decide who uses a backdoor? The famous cryptographer Bruce Schneier has often warned
that modern computer technology is fundamentally democratising. Today's NSA
secret techniques are tomorrow's PhD theses and the following day's cybercrime
attack tools. In other words, if you install a backdoor, you can never be sure whether or
not someone else will find it and use it for nefarious purposes . A strong case in point is the
infrastructure and software.
so-called Vodafone hack that was discovered in Athens, Greece in late 2005. A lawful wiretapping device, used by
the countrys law enforcement agencies, was compromised and more than a hundred people were spied on,
possibly for two years prior to the discovery. The culprits remain unknown until this day. The targets were
journalists, Arab individuals, senior government and secret service officials and an American embassy worker.
Similar major security breaches were discovered in other countries too. Theoretically it might be feasible, as current
NSA director Michael Rogers argues, to build a backdoor that only his agency can use. The NSA actually came close
to building a very secure backdoor with DUAL_EC_DRBG, the Dual Elliptic Curve Deterministic Random Bit
The
Snowden files showed that in the early 2000s the NSA exploited a weakness in the
code, through which only they could guess the outcome of the generator, and with
that knowledge were able to break the widely-used encryption keys. The only
problem is that even years before Snowden blew the whistle, cryptographers knew
that there was something wrong with the code, but couldnt find definite proof. And
the leak shows that even the single most advanced intelligence agency
cannot keep its secrets. The real world keeps disproving the theory.
Generator. This piece of software is one of the few international standards used to generate encryption keys.
Exception Access Bad

Too many risks.
Weitzner et al, 2015
Daniel J. Weitzner is Principal Research Scientist at the MIT Computer Science and
Artificial Intelligence Lab and Founding Director, MIT Cybersecurity and Internet
Policy Research Initiative. From 20112012, he was United States Deputy Chief
Technology Officer in the White House Abelson, Harold; Anderson, Ross; Bellovin,
Steven M.; Benaloh, Josh; Blaze, Matt; Diffie, Whitfield; Gilmore, John; Green,
Matthew; Landau, Susan; Neumann, Peter G.; Rivest, Ronald L.; Schiller, Jeffrey I.;
Schneier, Bruce; Specter, Michael; Weitzner, Daniel J. Keys Under Doormats:
Mandating insecurity by requiring government access to all data and
communications 2015-07-06 http://hdl.handle.net/1721.1/97690
the question of whether to support law
enforcement demands for guaranteed access to private information has a special
urgency, and must be evaluated with clarity. From a public policy perspective, there is an argument
With peoples lives and liberties increasingly online,
for giving law enforcement the best possible tools to investigate crime, subject to due process and the rule of law.
But a careful scientific analysis of the likely impact of such demands must distinguish what might be desirable from
a proposal to regulate encryption and guarantee law

enforcement access centrally feels rather like a proposal to require that all airplanes
can be controlled from the ground. While this might be desirable in the case of a
hijacking or a suicidal pilot, a clear-eyed assessment of how one could design such a
capability reveals enormous technical and operational complexity, international
scope, large costs, and massive risks so much so that such proposals, though occasionally made,
what is technically possible. In this regard,
are not really taken seriously. We have shown that current law enforcement demands for exceptional access would
If policy-makers
believe it is still necessary to consider exceptional access mandates, there are
technical, operational, and legal questions that must be answered in detail before
legislation is drafted. From our analysis of the two scenarios and general law
enforcement access requirements presented earlier in the paper, we offer this set of
questions.
likely entail very substantial security risks, engineering costs, and collateral damage.
Fed insecure
Feds shouldnt hold our data, they get hacked all the time.
Andrea Castillo, 5-20-2015, "Americas schizophrenic anti-encryption
cybersecurity strategy," Medium, https://readplaintext.com/america-sschizophrenic-anti-encryption-cybersecurity-strategy-2d10375a982
The back doors for which encryption antagonists pine are more the stuff of dream
than reality. Even the mightiest microchip Merlin will be hard-pressed to bend the rules of mathematics to suit
the G mens whimsies. But the move to weaken encryption does not just fail technically, it
would fail strategically. Bad guys could use back doors, too . The federal
government would perhaps be one of the worst entities to secure the keys
to our digital kingdom. Over the past 9 years, the rate of reported federal
information security failures increased by 1,169%. Federal employees routinely
download malware onto network computers , lose track of office equipment and computers, and
expose critical information to outside groups for months at a time without notice. Even agencies
ostensibly dedicated to cybersecurity preparedness, like DHS and DOD, report thousands of such failures each year.
It is entirely possible that skilled hackers could wrest a golden key from federal
agents sleepy grasp and earn a golden ticket into all encrypted US data.
Encryption Good
NSA Backdoors Now

NSA is putting back doors in systems- Kaspersky proves
Fishman and Marquis-Boire 6-22 (Andrew Fishman and Morgan

Marquis-Boire, POPULAR SECURITY SOFTWARE CAME UNDER RELENTLESS NSA AND
GCHQ ATTACKS, The Intercept, 6/22/15, Andrew Fishman is a journalist and
researcher. Before joining The Intercept, he was a freelance journalist and
multimedia producer. His work has appeared on NPR, Al Jazeera English, Bloomberg
TV, and other outlets. Morgan Marquis-Boire is a journalist and researcher. In
addition to being a contributing writer to The Intercept, he acts as the director of
security for First Look Media. He is also a senior researcher and technical advisor at
the Citizen Lab at the University of Torontos Munk School of Global Affairs.
Additionally, he serves as a Special Advisor to the Electronic Frontier Foundation and
as a member of the Free Press Foundations security advisory board. His research on
surveillance, censorship, and the targeting of activists and journalists has been
featured in numerous print and online publications.
https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/, 7/14/15
AV)
The National Security Agency and its British counterpart, Government
Communications Headquarters, have worked to subvert anti-virus and other
security software in order to track users and infiltrate networks , according to documents
from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software
products, sometimes under questionable legal authority, and monitored web and
email traffic in order to discreetly thwart anti-virus software and obtain intelligence
from companies about security software and users of such software. One security software
maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in
the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its
British spies aimed to thwart Kaspersky software in part through a technique

known as software reverse engineering, or SRE , according to a top-secret warrant renewal
request. The NSA has also studied Kaspersky Labs software for weaknesses, obtaining
sensitive customer information by monitoring communications between the
software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency
also appears to have examined emails inbound to security software companies
flagging new viruses and vulnerabilities. The efforts to compromise security
software were of particular importance because such software is relied upon to
defend against an array of digital threats and is typically more trusted by the
operating system than other applications, running with elevated privileges that
allow more vectors for surveillance and attack. Spy agencies seem to be engaged in
a digital game of cat and mouse with anti-virus software companies; the U.S. and
U.K. have aggressively probed for weaknesses in software deployed by the
companies, which have themselves exposed sophisticated state-sponsored
malware. Anti-virus software is an ideal target for a would-be attacker , according to
products.
Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy. If you write an exploit
for an anti-virus product youre likely going to get the highest privileges (root, system or even kernel) with just one
shot, Koret told The Intercept in an email. Anti-virus
products, with only a few exceptions, are

years behind security-conscious client-side applications like browsers or document
readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of
the anti-virus products out there. Reverse engineering Kaspersky software According to a top-secret GCHQ warrant
the British spy agency viewed

Kaspersky software as an obstruction to its hacking operations and needed to
renewal request written in 2008 and published today by The Intercept,
reverse engineer it to find ways to neutralize the problem. Doing so required obtaining a
warrant. Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge
to GCHQs CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such
software and to prevent detection of our activities, the warrant renewal request said. Examination of Kaspersky
and other such products continues. The warrant renewal request also states that GCHQ reverse engineers antivirus programs to assess their fitness for use by government agencies. The requested warrant, provided under
Section 5 of the U.K.s 1994 Intelligence Services Act, must be renewed by a government minister every six months.
The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The
request seeks authorization for GCHQ activities that involve modifying commercially available software to enable
interception, decryption and other related tasks, or reverse engineering software. Software reverse engineering,
or reversing, is a collection of techniques for deciphering and analyzing how a program operates. The process can
be as simple as observing the flow of data into and out of the program, or as complex as analyzing the machine
code 1s and 0s to look into the softwares inner workings, including portions of the code that are not explained
in the manual or other program documentation. Put simply, it often means taking thousands of commands that
instruct the computer exactly what to do and working backwards to translate them into a format thats more
intelligible to a human being. Reversing is a common, often benign practice among software developers that can be
used to enable software from different companies to interoperate or to identify security vulnerabilities before they
can be exploited by third parties. Software makers, fearing piracy, hacking and intellectual property theft, often
forbid the practice in licensing agreements and sometimes protect the most sensitive inner workings of their
software with encryption. Governments have passed laws, with digital media in mind, that strictly circumscribe
tampering with this encryption. Software companies have also sued to block reverse engineering as copyright
infringement, arguing that it is illegal to make a copy of a program in violation of their restrictions on such copying.
GCHQ felt it needed legal cover to conduct reverse engineering, writing in the warrant renewal application that the
practice could otherwise be unlawful and amount to a copyright infringement or breach of contract. As we
explore in a related story today, the warrant is legally questionable on several grounds, in that it applies ISA section
5 to intellectual property for the first time, and GCHQ may be applying ISA section 5 to certain categories of
It is unclear what GCHQ accomplished in its analysis of Kaspersky

software, but GCHQ has repeatedly reverse engineered software to discover
vulnerabilities. Rather than report the vulnerabilities to the companies, spy agencies
have quietly stockpiled numerous exploits for a wide range of commercial hardware
and software, using them to hack adversaries. Collecting leaky data The NSA, like GCHQ,
has studied Kaspersky Labs software for weaknesses. In 2008, an NSA research
team discovered that Kaspersky software was transmitting sensitive user
information back to the companys servers, which could easily be intercepted and
employed to track users, according to a draft of a top-secret report. The information was embedded in
domestic policing.
User-Agent strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are
typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
According to the draft report, NSA researchers found that the strings could be used to uniquely identify the
computing devices belonging to Kaspersky customers. They determined that Kaspersky User-Agent strings contain
encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine
identifier. They also noted that the User-Agent strings may contain information about services contracted for or
Such data could be used to passively track a computer to determine if a

target is running Kaspersky software and thus potentially susceptible to a particular
attack without risking detection. In a statement emailed to The Intercept, Kaspersky Lab denied that its
configurations.
User-Agent strings could be used against its customers. The information is depersonalized and cannot be
attributed to a specific user or company, the statement read. We take all possible measures to protect this data
from being compromised, for example through strong encryption. But Kasperskys measures sometimes appear to
fall short. In 2012, Twitter user @cryptoOCDrob posted a screenshot of Kaspersky software leaking unencrypted
data while checking website reputation. Two years later, another Twitter user, Christopher Lowson, claimed that his
email address, license key and other details were being sent by Kaspersky without encryption. Testing performed by
The Intercept last month on a trial copy of Kaspersky Small Business Security 4 determined that, while some
traffic was indeed encrypted, a detailed report of the hosts hardware configuration and installed software was
relayed back to Kaspersky entirely unencrypted. By the time of publication, Kaspersky told The Intercept via email,
Another way the NSA targets foreign

anti-virus companies appears to be to monitor their email traffic for reports of new
vulnerabilities and malware. A 2010 presentation on Project CAMBERDADA shows the content of an
it was unable to reproduce these results. Email surveillance
email flagging a malware file, which was sent to various anti-virus companies by Franois Picard of the Montrealbased consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is
reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was
unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new
viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen
such outfits. He also said he never sends such notifications to government agencies. It is strange the NSA would
show an email like mine in a presentation, he added. The NSA presentation goes on to state that its signals
intelligence yields about 10 new potentially malicious files per day for malware triage. This is a tiny fraction of the
hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal
GCHQ document indicates that its own system collect[s] around 100,000,000 malware events per day. After
NSA analysts [c]heck Kaspersky AV to see if they continue to let

any of these virus files through their Anti-Virus product. The NSAs Tailored Access
Operations unit can repurpose the malware, presumably before the anti-virus
software has been updated to defend against the threat. The Project CAMBERDADA
obtaining the files, the
presentation lists 23 additional AV companies from all over the world under More Targets! Those companies
include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S.
ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
There is a certain logic to monitoring reports flowing into anti-virus companies. Such reports include new malware,
which can potentially be re-purposed, and intelligence about hostile actors. Whats more, information about security
vulnerabilities in the AV software itself can be harvested. Anti-virus companies commonly, though not always,
respond slowly to such reports, leaving a window in which spy agencies can potentially exploit these flaws. A 2012
report from Google security engineer Tavis Ormandy documented how, after alerting Sophos to multiple security
vulnerabilities in its anti-virus software, the firm estimated it would require six months to patch all of the bugs. That
estimate was later revised down 60 days for the entire set of fixes, according to Ormandy. Its not clear exactly how
many reports like Ormandys have been piling up at anti-virus companies. But Koret, the security researcher,
suggests that most AV companies have serious problems in this area. During a period of ~1 year I researched
more or less 17 AV engines, he wrote in an email. I found vulnerabilities in 14 AV engines. Anti-virus firms vs.
As government spies have sought to evade anti-virus software, the

anti-virus firms themselves have exposed malware created by government spies.
Among them, Kaspersky appears to be the sharpest thorn in the side of government
hackers. In the past few years, the company has proven to be a prolific hunter of
state-sponsored malware, playing a role in the discovery and/or analysis of various
pieces of malware reportedly linked to government hackers, including the
superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012;
Stuxnet, discovered by another company in 2010; and Regin, revealed by
Symantec. In February, the Russian firm announced its biggest find yet: the
Equation Group, an organization that has deployed espionage tools widely
believed to have been created by the NSA and hidden on hard drives from leading
brands, according to Kaspersky. In a report, the company called it the most
advanced threat actor we have seen and probably one of the most sophisticated
cyber attack groups in the world. Hacks deployed by the Equation Group operated undetected for as
intelligence agencies
long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world,
according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets
and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the
Equation Group could have implants in tens of thousands of computers, but documents published last year by The
Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with
malware. Kasperskys adversarial relationship with Western intelligence services is sometimes framed in more
sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That
accusation is partly due to the companys apparent success in uncovering NSA malware, and partly due to the fact
that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the
Russian military. Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post,
responding to a Bloomberg article, he complained that his company was being subjected to sensationalist
conspiracy theories, sarcastically noting that for some reason they forgot our reports on an array of malware that
trace back to Russian developers. He continued, Its very hard for a company with Russian roots to become
successful in the U.S., European and other markets. Nobody trusts us by default. Kaspersky Lab openly
cooperates with multiple international law enforcement agencies on cybercrime cases, but no inappropriate links to
the FSB have ever been proven. Meanwhile, cozy relationships with intelligence agencies are not uncommon among
Western technology companies. The CIA-backed venture capital firm In-Q-Tel has helped build over 200 tech startups, including cybersecurity firms FireEye and ReversingLabs and big data intelligence firms Palantir and Recorded
Future. Previous reporting from the Snowden archive has shown that Microsoft, Google, Yahoo, Facebook, Apple, AOL
No stranger to targeted
cyberattacks, Kaspersky Lab announced earlier this month that it had been the
victim of a sophisticated intrusion. In an email, Kaspersky Lab told The Intercept,It
is extremely worrying that government organizations would be targeting us instead
of focusing resources against legitimate adversaries, and working to subvert
security software that is designed to keep us all safe. However, this doesnt come as
a surprise. We have worked hard to protect our end users from all types of
and PalTalk all actively participated in the NSAs PRISM surveillance program.
adversaries. This includes both common cyber-criminals or nation state-sponsored

cyber-espionage operations. When asked for comment, the NSA and GCHQ declined to respond on the
record to the specifics of this story.
Security Weak Now

Cyberattacks cause devastating damage to infrastructure:
Only Congress can solve
Weekly Analysis, 7-15-2015, "Official: Greatest cyber risks to national security
involve handful of sectors," Inside Cybersecurity,
http://insidecybersecurity.com/Cyber-General/Cyber-Public-Content/official-greatestcyber-risks-to-national-security-involve-handful-of-sectors/menu-id-1089.html
The greatest cyber risks to U.S. national security involve about a third of the
country's 16 critical infrastructure sectors, according to an FBI official. The bureau's cybersecurity
outreach program for critical infrastructure is focused on six sectors banking and finance,
energy, transportation, information technology, communications and public health
the program's leader, Stacy Stevens, said during a June 9 public meeting of cybersecurity professionals organized
by the Department of Homeland Security in Cambridge, MA. The FBI official's comments, as well as documents
obtained by Inside Cybersecurity under the Freedom of Information Act, shed new light on how U.S. authorities view
cyber risks in industry, a subject shrouded in secrecy that some argue is excessive. An Obama administration
adviser, Richard Danzig, last year urged greater disclosure of cyber risks facing various sectors in the interest of
enabling better policymaking. Stevens told Inside Cybersecurity that the FBI and DHS have a shared understanding
of which sectors are associated with the greatest cyber-related national security risks. This hierarchy enables the
FBI cybersecurity outreach unit to prioritize its resources. The unit has focused on banking and finance, energy,
transportation, information technology and communications since it was established in 2013 and added public
health to the list more recently, she said. President Obama has repeatedly urged improvements in cybersecurity for
critical infrastructure, including in an executive order issued in 2013. Obama's speech at the White House
cybersecurity summit in February mentioned most of the sectors cited by Stevens. " Much
of our critical
infrastructure -- our financial systems, our power grid, health systems -- run on networks connected
to the Internet, which is hugely empowering but also dangerous, and creates new
points of vulnerability that we didn't have before ," Obama said. "Foreign governments
and criminals are probing these systems every single day. We only have to think of
real-life examples -- an air traffic control system going down and disrupting flights,
or blackouts that plunge cities into darkness -- to imagine what a set of systematic
cyber attacks might do." But DHS has been tight-lipped about which infrastructure sectors and assets face
the most significant cyber risks. In response to Obama's 2013 executive order, the agency produced an unclassified
"for official use only" report in July 2013 to identify critical infrastructure where a cybersecurity incident could cause
"catastrophic" regional or national damage to public health or safety, economic security or national security. Inside
Cybersecurity obtained a redacted version of the report through the Freedom of Information Act. It omits the names
a DHS working group

identified "61 entities in five critical infrastructure sectors where a cybersecurity
incident could reasonably result in catastrophic regional or national effects on public
health or safety, economic security, or national security." The DHS study also identified "13
of the specific sectors and infrastructure deemed most vulnerable, but reveals that
sectors, subsectors, or modes, where a cybersecurity incident on a single entity would not be expected to result in
catastrophic regional or national effects." "A cybersecurity incident is possible in all sectors ," DHS
wrote in its 2013 report, "but not all cybersecurity incidents would generate the catastrophic consequences
required for consideration under [Obama's February 2013 executive order]." "As technology and business practices
change, greater cyber dependence will likely increase the impact of potential consequences of cybersecurity
incidents," the report states, noting the agency would annually re-evaluate the list of infrastructure at greatest risk
from a cybersecurity incident. Non-catastrophic risks can still be significant. The electrical grid, finance sector,
water supply, and telecommunications systems are the "big four targets" of cyber attacks intended to have a
distinct and immediate impact, Richard Bejtlich, chief security strategist for FireEye, recently testified before
Congress. But the water sector was not on the catastrophic list in the 2013 report, according to the Environmental
Protection Agency. Increased frankness about cyber risks could enable better policymaking, according to Danzig, an
adviser to the White House and a former Navy secretary from the Clinton administration. Last year, he urged DHS to
publicly release more details from the July 2013 assessment of catastrophic cyber risks. "Because industries greatly
vary in their incentives and disincentives, degrees of concentration, resiliency, cyber budgets and cyber
sophistication, action plans need to vary industry by industry," he wrote in a report published by the Center for a
New American Security. "They also need to be accepted, indeed championed, by relevant oversight agencies, and
this oversight needs to be supported by Congress .
Encryption good - Cybersecurity

Encryption is critical to cybersecurity.
Swire and Ahmad 2012
Peter C. Swire William ONeill Professor of Law at the Moritz College of Law of the
Ohio State University. and Ahmad, Kenesa, J.D. from the Moritz College of Law of the
Ohio State University, editor of the Ohio State Law Journal, LL.M. from Northwestern
University Law School, Legal and Policy Fellow with the Future of Privacy Forum.
Encryption and Globalization Columbia Science and Technology Law Review, Vol. 23,
2012; Ohio State Public Law Working Paper No. 157. Available at SSRN:
http://ssrn.com/abstract=1960602 or http://dx.doi.org/10.2139/ssrn.1960602
The crypto wars of the 1990s led to widespread awareness of the importance of
encryption to computing and communications, especially for an insecure channel
such as the Internet. This Part examines how the passage of time and the continued
process of globalization further strengthen the case for strong encryption for two
main reasons. First, encryption plays a central role in cybersecurity today.
Encryption is now integral to the routine functioning of modern computing, far more
so than when U.S. policy shifted in 1999. In cybersecurity today, attackers possess
major advantages over defenders. Encryption is quite possibly the single most
important tool for defenders, and it is thus vital to cybersecurity. Second is
what we call the least trusted country problem. If there are backdoors or limits on
effective encryption, then the security of the global system is only as strong as the
security in the least trusted country. Use of strong encryption is a uniquely effective
mechanism for addressing this lack of trust.
Backdoors Bad Cybersecurity

Backdoors bad create insecurity
Schneier 15
Bruce Schneier is an internationally renowned security technologist, called a
"security guru" by The Economist. He has testified before Congress, is a frequent
guest on television and radio, has served on several government committees, and is
regularly quoted in the press. Schneier is a fellow at the Berkman Center for
Internet and Society at Harvard Law School, a program fellow at the New America
Foundation's Open Technology Institute, a board member of the Electronic Frontier
Foundation, an Advisory Board Member of the Electronic Privacy Information Center,
and the Chief Technology Officer at Resilient Systems, Inc., 3/2/15, Data and Goliath:
The Hidden Battles to Collect Your Data and Control Your World.
Inserting backdoors into widely used computer hardware and software products .
Backdoors aren't new. The security industry has long worried about backdoors left in software by hackers, and has
But now we know that the US government is

deliberately inserting them into hardware and software products. One of the NSA
documents disclosed by Snowden describes the "SIGINT Enabling Project," one tactic of which is to "insert
vulnerabilities into commercial encryption systems, IT systems, networks, and
endpoint communications devices used by targets." We don't know much about this project: how much
spent considerable effort trying to find and fix them.
of it is done with the knowledge and consent of the manufacturers involved, and how much is done surreptitiously
by either employees secretly working for the government or clandestine manipulation of the company's master
source code files. We also don't know how well it has succeededthe documents don't give us a lot of detailsbut
we know it was funded at $250 million per year. We also don't know which other countries do the same things to
systems designed by companies under their political control. We know of a few examples. In Chapter 6, I talked
The NSA also pressured Microsoft to put a

backdoor in its BitLocker hard drive encryption software, although the company
seems to have resisted. Presumably there have been other efforts involving other products; I've heard
about several unsuccessful attempts privately. Deliberately created vulnerabilities are very risky,
because there is no way to implement backdoor access to any system that will
ensure that only the government can take advantage of it . Government-mandated
access forces companies to make their products and services less secure for
everyone. For example, between June 2004 and March 2005 someone wiretapped more than 100 cell phones
about Microsoft weakening Skype for the NSA.
belonging to members of the Greek governmentthe prime minister and the ministers of defense, foreign affairs,
and justiceand other prominent Greek citizens. Swedish telecommunications provider Ericsson built this
wiretapping capability into Vodafone products, but enabled it only for governments that requested it. Greece wasn't
one of those governments, but some still-unknown partya rival political group? organized crime?figured out how
to surreptitiously turn the feature on. This wasn't an isolated incident. Something similar occurred in Italy in 2006. In
2010, Chinese hackers exploited an intercept system Google had put into Gmail to comply with US government
surveillance requests. And in 2012, we learned that every phone switch sold to the Department of Defense had
security vulnerabilities in its surveillance system; we don't know whether they were inadvertent or deliberately
The NSA regularly exploits backdoors built into systems by other countries
for other purposes. For example, it used the wiretap capabilities built in to the Bermuda phone system to
inserted.
secretly intercept all the countrys phone calls. Why does it believe the same thing won't be done to us?
Maintain insecure internet.

Schneier 15
Bruce Schneier is an internationally renowned security technologist, called a

"security guru" by The Economist. He has testified before Congress, is a frequent
guest on television and radio, has served on several government committees, and is
regularly quoted in the press. Schneier is a fellow at the Berkman Center for
Internet and Society at Harvard Law School, a program fellow at the New America
Foundation's Open Technology Institute, a board member of the Electronic Frontier
Foundation, an Advisory Board Member of the Electronic Privacy Information Center,
and the Chief Technology Officer at Resilient Systems, Inc., 3/2/15, Data and Goliath:
The Hidden Battles to Collect Your Data and Control Your World.
Aside from
directly breaking into computers and networking equipment, the NSA masquerades
as Facebook and Linkedln (and presumably other websites as well) to infiltrate target
computers and redirect Internet traffic to its own dummy sites for eavesdropping
purposes. The UK's GCHQ can find your private photos on Facebook, artificially increase traffic to a website,
disrupt video from a website, delete computer accounts, hack online polls, and much more. In addition to the
extreme distrust that all these tactics engender amongst Internet users, they
require the NSA to ensure that surveillance takes precedence over security . Instead
of improving the security of the Internet for everyone's benefit, the NSA is
ensuring that the Internet remains insecure for the agency s own
convenience. This hurts us all, because the NSA isn't the only actor out there that
thrives on insecurity. Other governments and criminals benefit from the subversion
of security. And a surprising number of the secret surveillance technologies revealed by Snowden aren't
Hacking the Internet. In Chapter 5, I talked about the NSA's TAO group and its hacking mission.
exclusive to the NSA, or even to other national intelligence organizations. They're just better-funded hacker tools.
Academics have discussed ways to recreate much of the NSA's collection and analysis tools with open-source and
commercial systems. For example, when I was working with the Guardian on the Snowden documents, the one topsecret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is
called packet injectionbasically, a technology that allows the agency to hack into computers. Turns out, though,
that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack
computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government
willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. All of
these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the
Internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.
Even when technologies are developed inside the NSA, they don't remain exclusive
for long. Todays top-secret programs become tomorrow's PhD theses and the next
day's hacker tools. Techniques first developed for the military cyberweapon Stuxnet have ended up in
criminal malware. The same password-cracking software that Elcomsoft sells to governments was used by hackers
to hack celebrity photos from iCloud accounts. And once-secret techniques to monitor people's cell phones are now
The US government's desire for unfettered surveillance has already

affected how the Internet works. When surveillance becomes multinational and
cooperative, those needs will increasingly take precedence over others. And the
architecture choices network engineers make to comply with government
surveillance demands are likely to be around for decades, simply because it's easier to keep
doing the same things than to change. By putting surveillance ahead of security, the
NSA ensures the insecurity of us all.
in common use.
Proposed Backdoors promise devastated impacts for

Cybersecurity
Jai Vijayan, 7-9-2015, "3 Reasons Why Giving Government A Backdoor Is A Bad
Idea," Dark Reading, http://www.darkreading.com/endpoint/3-reasons-why-givinggovernment-a-backdoor-is-a-bad-idea/d/d-id/1321248
Exceptional access of the kind being demanded by the FBI and others is unworkable
and impractical, security researchers say. Any attempt by government to weaken
encryption technology so as to enable easier law enforcement access to
cryptographically protected content would seriously weaken Internet security , a group
of noted cryptographers and security researchers warned in a new report this week. The report, from the
Massachusetts Institute of Technologys Computer Science and Artificial Intelligence Lab, incorporates the views of
more than a dozen top security researchers, including noted cryptologists like Bruce Schneier, Whitfield Diffie, and
Ronald Rivest. It expresses alarm over growing efforts by the FBI and other U.S. law enforcement agencies to get
data and communication services companies to engineer backdoors in their systems so law enforcement can have
access to encrypted data when needed. Government officials have claimed they need such access in order to be
able to pursue criminals conducting transactions online under the cover of encryption and anonymizing services like
Tor. In testimony before Congress only earlier this week, FBI director James Comey warned about the ongoing and
significant impact that such technologies were having on the governments ability to track, pursue, and prosecute
criminals. But according to the researcher, enabling exceptional access to systems of the sort being demanded by
the government will have devastating security consequences for the rest of the Internet. These
proposals
are unworkable in practice, raise enormous legal and ethical questions, and would
undo progress on security at a time when Internet vulnerabilities are causing
extreme economic harm. Here, according to the security researchers are three reasons why:
The first reason is that providing exceptional access means abandoning many of the best
practices that have been deployed or are being deployed to make the Internet safer .
As one example, the researchers pointed to technologies like perfect forward secrecy, a practice
where decryption keys are destroyed immediately upon use, so as not to
compromise the integrity of data that was encrypted earlier or later. A related technique,
authenticated encryption, uses the same temporary key to guarantee confidentiality and to verify that the message
In order to enable the kind of backdoor access the

government is seeking, it would require industry to abandon such best practices , the
group said. Implementing an exceptional access requirement would also greatly
increase system complexity, the report noted. New technology would need to be
developed, deployed, and tested with potentially hundreds of thousands of
developers around the world. Because the typical use of such technologies would be surreptitious in
has not been forged or tampered with.
nature, security testing would become far more difficult and less effective as well. This is a far more complex
environment than the electronic surveillance now deployed in telecommunications and Internet access services,
Exceptional access would also require platform providers, law

enforcement agencies, or some other trusted third party to hold the credentials
needed to unlock encrypted data. Because law enforcement would need rapid
access to data it would be impractical to split the keys or store them offline as best
practices would typically dictate. They pointed to the recent breach at the U.S. Office of Personnel
the researchers said.
Management as one example of what can happen when a single organization is entrusted with a lot of data.
Enabling exceptional access would create a similar set of concentrated targets for bad actors to go after, the
security researchers said. If law enforcements keys guaranteed access to everything, an attacker who gained
access to these keys would enjoy the same privilege. Richard Blech, CEO of Secure Channels, said the government
finds itself between a rock and a hard place on the encryption issue. You
cannot have a backdoor that

only the 'good guys' can use; it will be exploited by the bad guys , he said in an email
statement. Unfortunately, sensitive data is vulnerable if the agencies are left a backdoor. As a result, due process
may continue to be the only way forward, he said. If there are concerns, go to court and get a warrant.
Encryption US Leadership
US should take the lead on encryption.
Ranger, 2015
Steve Ranger, UK editor of TechRepublic, 3-23-2015, "The undercover war on your
internet secrets: How online surveillance cracked our trust in the web,"
Back in the 1990s and 2000s, encryption was a complicated, minority interest. Now
it is becoming easy and mainstream, not just for authenticating transactions but for encrypting data
and communications. Back then, it was also mostly a US debate because that was where
most strong encryption was developed. But that's no longer the case: encryption
software can be written anywhere and by anyone, which means no one country
cannot dictate global policy anymore. Consider this: the right to privacy has long been considered a
qualified rather than an absolute right one that can be infringed, for example, on the grounds of public safety, or
to prevent a crime, or in the interests of national security. Few would agree that criminals or terrorists have the right
What the widespread use of strong, well-implemented

encryption does is promotes privacy to an absolute right . If you have encrypted a
to plot in secret.
hard drive or a smartphone correctly, it cannot be unscrambled (or at least not for a few hundred thousand years).
At a keystroke, it makes absolute privacy a reality, and thus rewrites one of the
fundamental rules by which societies have been organised. No wonder the intelligence
services have been scrambling to tackle our deliberately scrambled communications. And our fear of crime
terrorism in particular has created another issue. We have demanded that the intelligence services and law
enforcement try to reduce the risk of attack, and have accepted that they will gradually chip away at privacy in
order to do that. However, what we haven't managed as a society is to decide what is an acceptable level of risk
that such terrible acts might occur.
Without that understanding of what constitutes an

acceptable level of risk, any reduction in our privacy or civil liberties whether
breaking encryption or mass surveillance becomes palatable. The point is often made
that cars kill people and yet we still drive. We need to have a better discussion about what is an acceptable level of
safety that we as a society require, and what is the impact on our privacy as a result. As the University of Surrey's
Woodward notes: "Some of these things one might have to accept. Unfortunately there might not be any easy way
around it, without the horrible unintended consequences. You make your enemies less safe but you also make your
while the US can

no longer dictate policy on encryption, it could be the one to take a lead
which others can follow. White House cybersecurity coordinator Michael Daniel recently argued that,
as governments and societies are still wrestling with the issue of encryption , the US should come up with
the policies and processes and "the philosophical underpinnings of what we want to
do as a society with this so we can make the argument for that around the planet ...
friends less safe by [attacking] encryption and that is not a sensible thing to do." And
to say, this is how free societies should come at this." But he doesn't underestimate the scale of the problem,
either. Speaking at an event organised by the Information Technology and Innovation Foundation, he said: "Working
at the White House, we don't get easy problems, easy problems get solved someplace else, they don't come to us.
This is one of the hardest problems I know about, certainly that's anywhere close to my job. And I think it's clearly
those civil war

codenames, Bullrun and Edgehill, which may serve as an inadvertent, gloomy
prophecy about the future effectiveness of the intelligence agencies , unless we have
a better discussion about how security and privacy can work together online. If not, it's
not one that's going to be resolved easily, simply or quickly." Which brings us back to
worth remembering the Cavaliers and the Confederates both won the first battles of the English and American civil
Perhaps, after a few early

victories in the new crypto war, the intelligence agencies may face a similar defeat,
outpaced by encryption in the long term. It may be that in a few decades, the spies
look back at the tribulations of the first and second crypto wars with something
approaching nostalgia.
wars, just as both would finally lose their bloody and divisive civil war.
US Standards Key
The USFG has a history of cryptographic expertise, it
understands the importance of creating new encryption
standards.
Davis et al 2014 (Risking it All: Unlocking the Backdoor to the Nation's
Cybersecurity Terry Davis is with MicroSystems Automation Group. Jon M. Peha is a
professor at Carnegie Mellon University. Eric Burger is a professor at Georgetown
University. L. Jean Camp is a professor at Indiana University Bloomington - School of
Informatics and Computing. Dan Lubar is with RelayServices. Social Science
Electronic Publishing, Inc, (http://papers.ssrn.com/sol3/papers.cfm?
abstract_id=2468604)
An indirect way to undermine the security of products and services is to influence national or international
standards bodies since many developers build systems that comply with the resulting standards, even when the
The core of the Internet is not wires or machines ; it is standards.

Standards make the Internet work globally across media types (wired, wireless, satellite, etc.),
standards are voluntary.
languages, and nations. Standards are required for hardware and software to communicate with other hardware and
American standards compete with global

standards. Americas standards-making leadership is a critical advantage, even as
more research and production moves offshore. The United States has a history of
improving standards and of being global leaders in cryptographic expertise.
Consider DES, the standard that allowed electronic funds transfer, the SWIFT
network, and first generation data exchanges in the seventies. When the United
States strengthened that standard, the standard became resilient to attacks that
had not been published and were not widely known. However, entities within the United States
software across domestic and global Internet systems.
could use the precedent of U.S. leadership to deliberately weaken standards. The impact of weakening a standard
may be even greater than weakening a specific product or service because that one standard may be used in so
many different products and services.
Economy/Innovation
Cybersecurity - Economy
Undermining the security of the digital economy will unravel
the global economy.
Bankston, 2015
Hearing on Encryption Technology and Possible U.S. Policy Responses Statement

of Kevin S. Bankston Policy Director of New Americas Open Technology Institute &
Co-Director of New Americas Cybersecurity Initiative Before the U.S. House of
Representatives Subcommittee on Information Technology of the Committee on
Oversight and Government Reform April 29, 2015
https://static.newamerica.org/attachments/2982-at-crypto-hearing-best-argumentsagainst-backdoor-mandates-come-from-members-of-congressthemselves/Bankston_Written_Testimony.5876d326c5fc4e0cbd17b59e8d53384f.pdf
3.
It would cost the American economy untold billions of dollars. Experts estimated
during the original Crypto Wars that building and operating the kind of key escrow
infrastructure desired by the government would have cost the government and
industry many billions of dollars.21 Since then, the number of computer and Internet
users, and computer and Internet devices, has grown exponentially; so too has the
complexity and cost of such a scheme to give the government the universal decryption capability it apparently
Thats not even counting the many more billions of dollars that would be
lost as consumers worldwide lost confidence in the security of American computing
products and online services. American technology companies, which currently
dominate the global market, have already been wrestling with diminished consumer
trust in the wake of revelations about the scope of the N ational Security Agencys
programs, a loss of trust already predicted to cost our economy billions of dollars .23
Any new requirement that those companies guarantee that the U.S. government
have the technical capability to decrypt their users data would give foreign users
including major institutional clients such as foreign corporations and governments that especially rely
on the security of those products and serviceseven more incentive to avoid American products
and turn to foreign competitors. It would also likely diminish trust in the security of
digital technology and the Internet overall, which would slow future growth of the Internet
and Internet-enabled commerce and threaten the primary economic engine of the 21st
century. To put it bluntly, foreign customers will not want to buy or use online services, hardware products,
desires.22
software products or any other information systems that have been explicitly designed to facilitate backdoor access
for the FBI or the NSA.24 Nor will many American users, for that matter. Instead, they will turn to more secure
products that are available for purchase or for free download from sources outside of the United States, which is a
major reason why
Weak cybersecurity crushes the economy.

Peha, 2013
Weak Security is Dangerous Giving law enforcement and intelligence agencies the ability to conduct electronic
surveillance is part of a strategy to limit threats from criminals, foreign powers, and terrorists, but so is
strengthening the cybersecurity used by all Americans .
Weak cybersecurity creates opportunities
for sophisticated criminal organizations. Well-funded criminal organizations will turn

to cybsercrime for the same reason they turn to illegal drugs; there is money to be
made. This imposes costs on the rest of us. The costs of malicious cyberactivities
take many forms, including direct financial losses (e.g. fraudulent use of credit cards), theft of
intellectual property, theft of sensitive business information, opportunity costs such as the lost productivity when a
computer system is taken down, and the damage to a companys reputation when others learn its systems have
One recent study says that estimates of these costs range from $24
billion to $120 billion per year in the U.S.3 Weakened security can only increase
the high cost of cybercrime. Of course, some technically sophisticated organizations are challenging
been breached.
the security of American computer and communications systems for reasons other than mere financial gain. Finding
and exploiting security vulnerabilities is part of how international espionage is conducted in the 21st century, as is
clearly demonstrated by recent revelations about the activities of the Chinese government. In addition to economic
advantage, foreign governments that compromise the security of contractors to the U.S. Defense Department may
use what they learn to improve their offensive and defensive military capabilities. Moreover, as we saw from
cyberattacks in Estonia and Georgia, cyberattacks on civilian systems can be highly disruptive to nations, and
possibly a force multiplier for military action. The more foreign powers can learn about security vulnerabilities in
critical systems in the U.S., the more vulnerable we are. Worse yet, this is no longer just the domain of nation
states. Terrorist organizations could also launch cyberattacks against critical systems. Perhaps they will time a
cyberattack with a bombing to maximize the damage and the panic. Weakened security can only increase the risk
If weakened security in commercial products

and services is the result of a national policy (as opposed to other causes such as human error),
and that national policy is known or suspected, this does additional harm to the
nation. Customers will naturally prefer products and services from companies that
they believe are immune from such a policy . Thus, such a policy in the U.S. could
have a significant impact on the competitiveness of all of the U.S.
companies in the information technology sector, which combined account
for a significant portion of the U.S. economy, and many high-paying jobs.
of cyberespionage, cyberattack, and cyberterrorism.
Cyberattacks damage both the economy and infrastructure

Informationweek, 5-31-2007, "The Impact Of Cyberwarfare,"
InformationWeek, http://www.informationweek.com/the-impact-of-cyberwarfare/d/did/1055702?
Cyberwarfare: What will it look like, how will we defend against it? Those questions have taken on new urgency, as
the possibility becomes more real. Recently, the Baltic nation of Estonia suffered several weeks of distributed
denial-of-service attacks against both government and private-sector Web sites. And late last month, a report from
the Department of Defense said the People's Liberation Army of China is building up its cyberwarfare capabilities,
even creating malware that could be used against enemy computer systems in first-strike attacks. To date, there
cyberwarfare is
treated among most nations with much the same reverence as Cold
War players treated the idea of nuclear winter, mainly because of the potential large-scale
economic disruption that would follow, says Howard Schmidt, a former White House cybersecurity
adviser and former chief security officer at eBay and Microsoft. This would include shortages of
supplies that could affect both citizens and the military , he says. The cyberattacks
against Estonia primarily targeted the government, banking, media, and police sites, and they
have been no proven, documented cases of one nation attacking another via cyberspace. Yet
a chilling prospect that's
"affected the functioning of the rest of the network infrastructure in Estonia," the European Network and
Information Security Agency, or ENISA, reported on its Web site. As a result, targeted sites were inaccessible
outside of Estonia for extended periods in order to ride out the attacks and to try and maintain services within the
country. Distributed denial-of-service attacks are particularly difficult to prevent and require a lot of coordination to
contain the damage when multiple sites are hit. In order to weather the 128 strikes launched against its
cyberinfrastructure, Estonia sought help from not only its Computer Emergency Readiness Team, established late
last year, but also the Trans-European Research and Education Networking Association and Computer Emergency
A major hurdle that

nations face in defending their critical infrastructures is working with the entities
that control telecommunications networks, electrical grids, and transportation
Readiness Teams in other countries, including Finland and Germany, according to ENISA.
systems. This is a significant issue in the United States, given that the private sector
owns more than 85% of the critical infrastructure . Communication and cooperation between
government officials and private-sector critical infrastructure owners is essential because the military is more
knowledgeable and better prepared to respond to a cyberattack. "When it comes to information warfare,
corporations in general are no match for a trained intelligence officer," says David Drab, a 27-year veteran of the
FBI who retired in 2002 and is now principal for information content security with Xerox Global Services. These
officers have an objective, they have resources, and often they have the element of surprise on their side, he says.
Businesses are ill-prepared to handle these types of attacks.
Destabilize the Internet

NSA destabalizing the entire internet.
Samantha Bradshaw, Research Associate, Global Security & Politics, 6-3-2015,
"Destabilizing the Internet ," Centre for International Governance Innovation,
https://www.cigionline.org/blogs/reimagining-internet/destabilizing-internet
state actors are increasingly attempting to
create or exploit existing vulnerabilities in Internet architecture in order to conduct
surveillance, censor information, or achieve other economic or political goals. Systems of Internet
administration are increasingly recognized as sites of power, and are being altered
for purposes beyond their original design. The trend is worrying . Technological
interventions can have a number of destabilizing consequences for the
resiliency, integrity, security and freedom of the Internet. In 2013 and 2014, the
focus on technological interventions was largely on the US governments push
forcing tech companies to hand over encryption keys or build backdoors into their
products. New leaked National Security Agency (NSA) documents provide more evidence in
support of this trend towards destabilization: the US government and its allies planned to hijack the
Google and Samsung mobile app stores to infect user devices with malware. The pilot project
codenamed IRRITANT HORN would identify smartphone traffic and inject malware
into downloads, which could then be used to collect users data without knowledge
or consent. These types of hijacking techniques are not new. They are a somewhat common alteration used
A new trend in Internet governance is emerging:
by businesses to deliver advertisements, cyber criminals to steal personal information, or oppressive states to
censor and control access to information. Hijacking techniques work by exploiting security vulnerabilities within the
Internets Domain Name System (DNS) and resolution process. The DNS is a fundamental technology for Internet
operation, yet because of its technological complexity and associated jargon, many people do not understand its
importance. To simplify, the DNS can be thought of as the Internets address book because it contains Internet
names (www.google.com) and associated IP addresses (8.8.8.8 for Google Public DNS) for everything online. It
functions by matching the names that people use to the numbers that computers use, so that a users device can
find the information they wish to access on the network. Hijacking occurs when a third party intercepts the DNS
look-up function and injects fake information into the process. What are appropriate government interventions in
Internet technology for achieving economic or political goals? Malicious hackers will often use these techniques to
redirect users to fake websites such as a fake bank login page to collect personal or financial information from
A growing number of governments are also hijacking DNS look-ups to collect

data and conduct censorship. The Great Firewall of China is the most cited offender, where hijacking
victims.
techniques are one of the many censorship tools built in to the system to control access to content that is uploaded
and shared online. Hijacking is a highly effective technique and can be extremely difficult to detect. When users
access most websites, the DNS will tell a computer where to go and the computer will automatically connect to the
address without verifying the information. The original design of the DNS predated the global expansion and growth
of the Internet, and verification was not an issue because the DNS was created in an environment where there was
a certain degree of trust among parties using the technology. This has created a number of security challenges for
the modern-day reality of the Internet. The NSAs IRRITANT HORN pilot project really strikes an important chord:
what are appropriate government interventions in Internet technology for achieving economic or political goals?
If
governments are intentionally creating a less secure Internet or are exploiting

vulnerabilities within the technology, what implications will these actions have on
the ongoing security and stability of the Internet? The answer: nothing positive. There
are numerous examples of how these kinds of governmental interventions in technology can have unintended
consequences. The hijacking techniques used to block content as part of the Great Firewall of China accidentally
leaked to the rest of the world in 2010; numerous US residents were temporarily blocked from accessing popular
social media websites and other content that was blocked by the Chinese government. A similar incident occurred
in 2008 when the Pakistani government ordered a local telecom to block YouTube by redirecting local traffic away
from the site. However, the new routing information was not contained within the country and eventually everyone
who tried to access YouTube was directed to the Pakistan network block. At the same time, NSA disclosures and
technological interventions are precipitating nation-specific policies geared toward circumventing surveillance or
achieving other objectives. Russia has called for an alternative DNS; countries are pursuing policies around data
localization; and others have discussed routing around the US by building their own Internet submarine cables.
These interventions are politicizing technical design choices rather than reflecting fundamental qualities of the
Instead of weakening or exploiting

vulnerabilities within the technology, governments should encourage the Internets
technical community and businesses to incorporate privacy and security enhancing
solutions in the Internets standards and protocols. It is in the interest of everyone
that the Internet remains a trusted, open and safe medium so that it can continue
to foster economic growth, access to knowledge, and innovation .
Internet, such as interoperability, efficiency and openness.
Causes the internet to crumble.

Broeders 2015
Dennis Broeders is a senior research fellow and project coordinator at the

Netherlands Scientific Council for Government Policy and professor of Technology
and Society at the department of Sociology of the Erasmus University Rotterdam.
The public core of the internet: an international agenda for internet governance
4/10/15, WRR Research Paper http://www.wrr.nl/en/publicaties/publicatie/article/thepublic-core-of-the-internet-an-international-agenda-for-internet-governance-2/
Increasingly, governments view the
backbone infrastructure and main protocols of the internet itself as a legitimate
means to achieve their policy ends . Whereas internet governance used to mean governance of the
From governance of the internet to governance using the internet
internet, today it also means governance using the architecture of the internet. In that second notion the internet
becomes a policy instrument to achieve other (national) policy goals. Such interventions may have huge
implications for the backbone of internet infrastructures and protocols and in turn, for the digital lives that we have
internet. If the
internet ceases to operate, many processes and routines, from the trivial our Facebook
status to the essential payment transactions will grind to a halt. If the backbone
protocols of the internet are corrupted, the internet becomes unreliable. Who would
risk online banking in that case? If we cannot be sure that data will be sent and
arrive at its intended destination, that will influence the kinds of economic and
social processes that we do or do not entrust to the internet. Would we let the internet
handle our private and work-related communications in that case? If we know that security gaps
are deliberately being built into internet standards, protocols, and
hardware and software to guarantee foreign intelligence and security
services access, then our confidence in the internet will gradually crumble .
If more and more countries withdraw behind digital borders, the internet will no
longer operate as an international infrastructure as it has done so far. And in the
worst-case scenario, the exploitation of vulnerabilities in the backbone
protocols and infrastructures could lead to serious breakdowns in society
and economy.
built on top of it. Such interventions can undermine the integrity and the functionality of the
Backdoors bad Innovation

Backdoors undermine the fundamental structure of the
internet killing innovation.
But backdoors are a problem for yet another reason. They clash with the end-to-end
supports. More advanced functionalities should be developed at end nodes
(computers, mobiles, wearable devices). This, argue researchers, allows the network
to support new and unanticipated applications. The end-to-end argument has
ignited unprecedented levels of innovation. The back doors that intelligence
agencies are trying to promote would apply to our communications system as a
whole, not only to the end nodes that are the devices with which we send the
messages. This violates the end-to-end argument and undermines trust in the
internet as a communications system. Such backdoors would undermine the
generative internet as we know it, reducing every users capacity to
innovate and disseminate products of innovation to billions of people in a
secure and sustainable way.
Stifle Innovation
Tokmetzi, 2015
Backdoors can stifle innovation. Even
until very recently, communications were a matter for a few big companies, often
state-owned. The architecture of their systems changed slowly, so it was relatively cheap and easy to build a
wiretapping facility into them. Today thousands of start-ups handle communications in one
form or another. And with each new feature these companies provide, the architecture of the systems
changes. It would be a big burden for these companies if they had to ensure that
governments can always intercept and decrypt their traffic. Backdoors require
centralised information flows, but the most exciting innovations are moving in the
opposite direction, i.e. towards decentralised services. More and more web services
are using peer-to-peer technology through which computers talk directly to one
another, without a central point of control. File storage services as well as payment processing and
communications services are now being built in this decentralised fashion. Its extremely difficult to
wiretap these services. And if you were to force companies to make such
wiretapping possible, it would become impossible for these services to continue to
exist. A government that imposes backdoors on its tech companies also risks harming their export opportunities.
Unsound economics The second argument is one of economics.
For instance, Huawei the Chinese manufacturer of phones, routers and other network equipment is unable to
US companies,
especially cloud storage providers, have lost overseas customers due to fears that
the NSA or other agencies could access client data. Unilateral demands for backdoors could put
gain market access in the US because of fears of Chinese backdoors built into its hardware.
companies in a tight spot. Or, as researcher Julian Sanchez of the libertarian Cato Institute says: An iPhone that
Apple cant unlock when American cops come knocking for good reasons is also an iPhone they cant unlock when
the Chinese government comes knocking for bad ones.
Bdoor Bad Innovation

But backdoors are a problem for yet another reason. They clash with the end-to-end
supports. More advanced functionalities should be developed at end nodes
(computers, mobiles, wearable devices). This, argue researchers, allows the network
to support new and unanticipated applications. The end-to-end argument has
ignited unprecedented levels of innovation. The back doors that intelligence
agencies are trying to promote would apply to our communications system as a
whole, not only to the end nodes that are the devices with which we send the
messages. This violates the end-to-end argument and undermines trust in the
internet as a communications system. Such backdoors would undermine the
generative internet as we know it, reducing every users capacity to innovate and
disseminate products of innovation to billions of people in a secure and sustainable
way.
Stifle innovation
Tokmetzi 2015

When the balance between security and privacy is viewed from an economic
perspective, there seems to be a trade-off. Yes, backdoors are possible, but the
price could be higher than we bargained for. Technically it might be feasible to
install backdoors that only law enforcement and intelligence agencies can exploit,
but the real world of organisations and software implementation might mess up
this carefully scripted scenario. Such a scenario would also only play out if
governments were to force all communications providers to give them centralised
access, something that could severely stifle innovation. And it may transpire that
building backdoors requires a crackdown on academic research: you dont want
your backdoor to be exposed by nosy professors.
Innovation
Julian Sanchez, 9-23-2014, "Old Technopanic in New iBottles," Cato Institute,
http://www.cato.org/blog/old-technopanic-new-ibottles
Thirdleast obviously, but perhaps most importantlyany
backdoor or retention mandate both

must effectively encourage centralized over
decentralized computing and communications architectures. When Kerr contemplates
implicitly assumes and, if it is to be effective ,
requiring cellular phone manufacturers to enable police access to their devices, he tacitly presupposes that the
manufacturer is in control of the software running on the device. That may describe Apples notoriously tightly
Most, of course, come

preinstalled with an operating system and some default software packages chosen
by the manufacturer, but if the user wants to install new software or a different
operating system, she is free to do so . That software may be released by a huge corporation like
integrated ecosystembut it is hardly the norm for computing devices.
Apple or Google, with teams of lawyers on retainer to comply with lawful orders and subpoenas, by a tiny startup,
by a lone developer working from his basement, or by a dispersed global community of open source coders. As
writer Cory Doctorow explains in his insightful essay Lockdown: The Coming War on General-Purpose Computing,
the only real way to make mandates of the kind Kerr discusses effective is to prohibit computers (and smartphones,
of course, are just small computers with embedded cellular radios) that are truly controlled by their lawful owners:
We dont know how to build a general-purpose computer that is capable of running any program except for some
program that we dont like, is prohibited by law, or which loses us money. The closest approximation that we have
to this is a computer with spyware: a computer on which remote parties set policies without the computer users
knowledge, or over the objection of the computers owner. Digital rights management always converges on
If you saddle Apple, or any other device manufacturer, with a legal

obligation to help police unlock a device, you necessarily encourage them to
centralize control over the software running on that device . Apple, again, is already pretty
malware.
centralized, but theres not much point in requiring Google to release an insecure version of Android if any user can
just install a patch that removes the vulnerability .
You can require Apple to store iMessage chats

for the convenience of police, but if users can simply install an open-source, peer-topeer chat application that isnt designed to spy on them , all that does is drive privacyconscious users (including, of course, criminalsbut by no means criminals alone) away from iMessage . In the
long run, the options are an ineffective mandate that punishes companies that
choose centralized models, or a somewhat more effective mandate that will still be circumvented by
sophisticated criminals but only at the cost of destroying or marginalizing the open
computing architectures that have given us decades of spectacular innovation.
Even if we ignore very serious concerns about privacy and security, these are both
terrible options.
No facebook.
Rodriguez, 2015
Katitza Rodriguez, EFF International Rights Director Anonymity and Encryption

Comments submitted to the United Nations Special Rapporteur on the Promotion
and Protection of the Right to Freedom of Opinion and Expression February 10, 2015
http://www.ohchr.org/Documents/Issues/Opinion/Communications/EFF.pdf
In addition, in order to ensure that no "untappable" technology exists, what Prime Minister Cameron appears to
The implications of
this for innovation are dire. Could Mark Zuckerberg have built Facebook in his dorm
room if he'd had to build in surveillance capabilities before launch in order to avoid
government fines? Would the original Skype have ever happened if it had been
forced to include an artificial bottleneck to allow government easy access to all of
your peertopeer communications? This has especially serious implications for the
open source community and small innovators . Some open source developers have already taken a
propose would amount to a technology mandate and a draconian regulatory framework.
And any additional mandates on service

providers would require them to spend a vast amount of money making their
technologies compliant with the new rules. Of course, there can be no real question about who will
stand against building back doors into software.
foot the bill: the providers will pass those costs onto their customers.
Innovation key to Sustainable Growth

Internet Innovation key to sustainable future
John Domingue, The Future Internet, Knowledge Media Institute, The Open
University, STI International,
0.pdf?,
http://download.springer.com/static/pdf/416/bok%253A978-3-642-20898-
2011
The Internet will be a catalyst for much of our innovation and prosperity in the
future. It has enormous potential to underpin the smart, sustainable and inclusive
growth objectives of the EU2020 policy framework and is the linchpin of the Digital Agenda for Europe. A
competitive Europe will require Internet connectivity and services beyond the capabilities offered by current
technologies. Future Internet research is therefore a must. Since the signing of the Bled declaration
in 2008, European research projects are developing new technologies that can be used for the Internet of the
Future. At the moment around 128 ongoing projects are being conducted in the field of networks, trustworthy ICT,
Future Internet research and experimentation, services and cloud computing, networked media and Internet of
things. In total they represent an investment in research of almost 870 million euro, of which the European
Commission funds 570 million euro. This large-scale research undertaking involves around 690 different
organizations from all over Europe, with a well-balanced blend of 50% private industries (SMEs and big companies
with equal share), and 50% academic partners or research institutes. It is worth noting that it is a well-coordinated
initiative, as these projects meet twice a year during the Future Internet Assembly, where they discuss research
issues covering several of the domains mentioned above, in order to get a multidisciplinary viewpoint on proposed
solutions. Apart from the Future Internet Assembly, the European Commission has also launched a Public Private
Partnership program on the Future Internet. This 300- million-euro program is focused on short- to middle-term
The core of this program will be a platform that implements

and integrates new generic but fundamental capabilities of the Future Internet, such
as interactions with the real world through sensor/actuator networks, network
virtualization and cloud computing, enhanced privacy and security features and
advanced multimedia capabilities. This core platform will be based on integration of already existing
research and runs from 2011 to 2014.
research results developed over the past few years, and will be tested on large-scale use cases. The use cases that
are part of the Public Private Partnership all have the potential to optimize large-scale business processes, using the
properties of the core Future Internet platform .
Examples of these use cases are a smarter

electricity grid, a more efficient international logistics chain, a more intelligent food
value chain, smart mobility, safer and smarter cities and a smarter content creation
system for professional and non-professional users. Future Internet research is an important
cornerstone for a competitive Europe. We believe that all these efforts will help European organizations to be in the
driving seat of many developments of the Future Internet.
Innovation key Transportation

Internet Innovation will revolutionize transportation
Barry Einsig, Technology Innovation: The Key to Solving Some of Our Most
Pressing Transportation Challenges, http://blogs.cisco.com/ioe/technologyinnovation-the-key-to-solving-some-of-our-most-pressing-transportation-challenges,
Global Transportation Executive, Internet of Everything- Vertical Solutions Group,
September 18, 2014
Planes, trains and automobiles getting from point A to point B has never been quicker or
easier. However, there are a few key global trends driving the need to invest further in
transportation technology. With the growing wave of urbanization, the aging of the population, and the
resulting global demands on supply chains in developed and developing nations, current transportation
systems will have a difficult time keeping up with demand. These trends are
converging to create a remarkable challenge for our transportation infrastructure,
but also a remarkable opportunity. In the developing nations and cities around the world,
governments and private companies are looking to grow their economies and compete on
the global stage. In order to do that effectively, investments in transportation
infrastructure are critical. But with limited budgets and a desire to show the world they can compete,
developing countries have the opportunity to make technology investments that can put them on even footing of
Their challenge is avoiding the pitfalls that developed nations, cities

and companies now face: how to circumvent sinking large amounts of capital into a
single purpose, proprietary network that can not scale or support the diverse needs or
requirements of a fully integrated multimodal transportation network. Legacy systems have
the rest of the world.
burdened many major cities, countries, and companies with the increasing total cost of ownership of maintaining
single purpose networks, built with proprietary technologies with limited performance. These challenging networks
suppress innovation and lack the ability to unlock the economic value of the data generated by their systems.
countries have the opportunity to utilize new transportation technologies to

their full potential by opening up the data to create new applications, and allowing
the system to work across various agencies or companies to create new business
models. Increasing safety and security risks, along with a disparity of systems and lack of interoperability
between regions has created a difficult reality for legacy systems. Lastly, the necessity to deliver these
services in an increasingly sustainable way puts added pressure on operators . These
Developing
challenges are faced regardless of the mode of transportation, whether rail, roadway, aviation, maritime, freight
and logistics, connected vehicle or mass transit. This weeks Connected Rail Solution announcement demonstrates
how Ciscos expertise in connecting the unconnected can be used to tackle the issues facing one mode of
transportation. Rail systems, regardless of whether they are freight, passenger or mix mode, deal with many
technical challenges such as varying speeds, through put requirements, redundancies and applications. But today,
thanks to the increasing capability and capacity of IP networks and the economic
leverage of the Internet of Everything, we can now see the opportunity for a
technology revolution in railroading not seen in more than a generation. Some early
adopter railways have already begun to implement a strategy based on the Internet of Everything. These early
adopters are transforming their organizations and providing new experiences for their customers and passengers.
Whether freight railroads looking to gain a competitive advantage by delivering new insights for freight and logistics
customers, or passenger rail systems looking to provide new and differentiated services to their customers to
the Internet of Everything allows operators to

examine their current network and explore new business models. The next industrial
revolution in railroading is just beginning and, like any technology transformation, some will
prosper by educating themselves about what is causing the change. The Internet of
Everything can positively impact any organization, and it is those who embrace it
fully that will see the greatest benefit. Rail operators are facing increased challenges: now is the
increase ridership and traveler satisfaction,
time to learn what the Internet of Everything can do to transform organizations and
meet these challenges head on.
Innovation key to Economy

Data innovation is key to economic growth throughout the
entire economy includes small business. Curtailing
surveillance is also key to rebuild public trust in this sector
Victoria Espinel, President and CEO, BSA | The Software Alliance, 12-10- 2014, "Executive Survey Shows
the Benefits of Data Innovation Across the Whole Economy," Huffington Post,
http://www.huffingtonpost.com/victoria-espinel/executive-survey-shows-th_b_6299086.html
There are pervasive myths and misconceptions about how data innovation is transforming the global economy,
from the idea that it's all about so-called "Big Data" (in fact, analyzing even small data sets can produce useful
insights) to the false notion that all data is personal information (when discoveries are being made from data
sources such as wind turbines, jet engines, financial markets, crop harvests, traffic patterns and energy
consumption). Today we released a new survey that sets right another such myth -- that big tech companies and
data tools are

catalysts for innovation and growth across the whole economy, and the benefits of
that innovation and growth accrue to society as a whole . We commissioned Ipsos Public
Silicon Valley start-ups are the main beneficiaries of data innovation. The reality is that
Affairs to poll 1,500 senior executives and business decision-makes across the United States and Europe about the
data
analytics are important to companies of all types and sizes -- including an
overwhelming majority (60 percent) of small businesses with 50 or fewer employees .
Second, data analytics can contribute to job growth. Sixty-one percent of senior
executives in the US and 58 percent in Europe say data analytics are important to
their companies' plans to hire more employees. Third, eight out of 10 respondents
overall say data analytics are important to their companies' plans to better serve
their customers' needs. It's clear that data innovation will be increasingly important to
how companies across the economy do business. The question is: how do we ensure
we are maximizing the opportunities? Data is inherently borderless, making the
digital economy a global economy. That is why it is critical that we have global trade rules that
role of data analytics in their companies. We found a number of things that were surprising: First,
promote data innovation. But currently there are no global standards in place to ensure that data can move freely
across borders. Chief negotiators from 12 countries are converging this week in Washington to continue
hammering out the terms of the Trans-Pacific Partnership (TPP). That agreement -- and the ongoing US-EU
Transatlantic Trade and Investment Partnership (TTIP) -- present important opportunities to establish 21st century
trade standards that enable data to flow across borders. That's why BSA is urging trade negotiators to seize the
moment and create the beginnings of a global framework to promote open markets and prevent protectionist
measures such as server-location requirements that could undermine the architecture of the Internet and stifle data
important is the need to build public trust in the underpinnings of the

digital economy. That trust has been shaken in the aftermath of the Snowden/NSA
disclosures. We must strike the right balance between essential privacy protections
and governments' need to access data for legitimate national security and law
enforcement purposes. These are difficult issues, but our survey shows that getting them right will have an
innovation. Equally
enormous payoff.
Encryption key to the Economy

Surveillance Backdoors will lead to severe economic losses
John M. Peha et al, 7-20-2014, "Risking it All: Unlocking the Backdoor to the
Nations Cybersecurity" http://papers.ssrn.com/sol3/papers.cfm?
abstract_id=2468604
The United States benefited greatly from its role as a trusted provider of information
and communications technology across the globe. This role cannot be taken for
granted. Intelligence and law enforcement agencies that are considering methods of
weakening the security of commercial products and services must consider the full
range of implications. Similarly, companies that benefit from user data as part of
their marketing revenue strategies should consider how their tactics could be
abused. Weakened security in standards and mass-market technology can facilitate
the authorized surveillance of criminals and terrorists. However, these weaknesses
also introduce risk to innocent people, organizations and government agencies, as
they become more vulnerable to attack from organized crime, terrorists and foreign
powers. If policies to weaken products from the United States are discovered, or
even merely suspected, U.S. products and services will suffer significant losses
in reputation and business where trust is critical. Both supporters and critics of
policies to introduce backdoors have presupposed that the alleged activities have
reduced privacy to improve security. With that premise, they then argue about
whether the nation wins or loses from such a trade. While the debate over how we
should value both privacy and security is important, it misses a critical point: The
United States might have compromised both security and privacy in a failed
attempt to improve security. A thorough, technically informed, and documented
process of risk assessment with balanced stakeholders from all sides is needed
to ensure the resilience and security of Americas cyberinfrastructure, including the
Internet and cyberphysical systems.
Data Insecurity causes huge economic losses

Sara Sorcher, 7-7-2015, "The battle between Washington and Silicon Valley over
encryption," http://www.csmonitor.com/World/Passcode/2015/0707/The-battlebetween-Washington-and-Silicon-Valley-over-encryption#
After the Snowden leaks began in June 2013, American businesses learned that
perceptions of insecurity can hurt their sales. After the Snowden leaks, major
companies such as Apple and IBM spent billions of dollars building data centers
overseas to combat the impression the US government would have unfettered
access to foreign customers data. Many countries in Europe and elsewhere pushed
for laws requiring their citizens data to be stored locally as international trust in US
products and services dipped. Overseas competitors in some cases using what
they claimed was NSA-proof technology as a marketing scheme swooped up
suspicious customers, according to a New America think tank paper last year on the
global business impacts of the surveillance revelations. It also detailed some lost
opportunities, such as when Brazil, for instance, awarded a major contract for
fighter jets to Swedish company Saab over Boeing, the American company that had
previously been the frontrunner. In the cloud computing space, Forrester Research
had estimated US businesses could lose as much as $180 billion by 2016.
Encryption regulations drive companies from the US

The American business community worries such a policy, if enacted, would threaten
the competitiveness of their businesses. They are concerned it would unnecessarily
put their customers personal security and privacy at risk as criminal hackers grow
increasingly sophisticated and governments seek to eavesdrop. At the same time,
many companies are already trying to estimate the high cost of dealing with any
regulation that would mandate access to encryption including potential losses in
revenue and the tougher-to-measure consumer trust. As such, some are already
contemplating how to find loopholes and other ways around any new US rules to
build back doors, including by taking business overseas.
Backdoors Bad Economy

Backdoor exploitation leads to Internet destabilization and
data localization
Bradshaw 15 (Samantha Bradshaw, 6-3-2015, "Destabilizing The Internet," Joint
Honours B.A. Degree in Political Science and Legal Studies from the University of
Waterloo, and an M.A. degree in Global Governance from the Balsillie School of
International Affairs, https://www.cigionline.org/blogs/reimagininginternet/destabilizing-internet)
A new trend in Internet governance is emerging: state actors are increasingly
attempting to create or exploit existing vulnerabilities in Internet architecture in
order to conduct surveillance, censor information, or achieve other economic or political goals. Systems
of Internet administration are increasingly recognized as sites of power, and are being altered for purposes beyond
The trend is worrying. Technological interventions can have a

number of destabilizing consequences for the resiliency, integrity, security and
freedom of the Internet. In 2013 and 2014, the focus on technological interventions was
largely on the US governments push forcing tech companies to hand over
encryption keys or build backdoors into their products. New leaked National Security
Agency (NSA) documents provide more evidence in support of this trend towards
destabilization: the US government and its allies planned to hijack the Google and Samsung mobile app stores
their original design.
to infect user devices with malware. The pilot project codenamed IRRITANT HORN would identify smartphone
traffic and inject malware into downloads, which could then be used to collect users data without knowledge or
consent. These types of hijacking techniques are not new. They are a somewhat common alteration used by
businesses to deliver advertisements, cyber criminals to steal personal information, or oppressive states to censor
and control access to information. Hijacking techniques work by exploiting security vulnerabilities within the
Internets Domain Name System (DNS) and resolution process. The DNS is a fundamental technology for Internet
operation, yet because of its technological complexity and associated jargon, many people do not understand its
importance. To simplify, the DNS can be thought of as the Internets address book because it contains Internet
names (www.google.com) and associated IP addresses (8.8.8.8 for Google Public DNS) for everything online. It
functions by matching the names that people use to the numbers that computers use, so that a users device can
find the information they wish to access on the network. Hijacking occurs when a third party intercepts the DNS
look-up function and injects fake information into the process. What are appropriate government interventions in
Malicious hackers will often use these

techniques to redirect users to fake websites such as a fake bank login page to
collect personal or financial information from victims. A growing number of
governments are also hijacking DNS look-ups to collect data and conduct
censorship. The Great Firewall of China is the most cited offender, where hijacking techniques are one of the
Internet technology for achieving economic or political goals?
many censorship tools built in to the system to control access to content that is uploaded and shared online.
Hijacking is a highly effective technique and can be extremely difficult to detect. When users access most websites,
the DNS will tell a computer where to go and the computer will automatically connect to the address without
verifying the information. The original design of the DNS predated the global expansion and growth of the Internet,
and verification was not an issue because the DNS was created in an environment where there was a certain degree
of trust among parties using the technology. This has created a number of security challenges for the modern-day
The NSAs IRRITANT HORN pilot project really strikes an important

chord: what are appropriate government interventions in Internet technology for
achieving economic or political goals? If governments are intentionally creating a
less secure Internet or are exploiting vulnerabilities within the technology, what
implications will these actions have on the ongoing security and stability of the
Internet? The answer: nothing positive. There are numerous examples of how these
kinds of governmental interventions in technology can have unintended
consequences. The hijacking techniques used to block content as part of the Great Firewall of China
reality of the Internet.
accidentally leaked to the rest of the world in 2010; numerous US residents were temporarily blocked from
accessing popular social media websites and other content that was blocked by the Chinese government. A similar
incident occurred in 2008 when the Pakistani government ordered a local telecom to block YouTube by redirecting
local traffic away from the site. However, the new routing information was not contained within the country and
eventually everyone who tried to access YouTube was directed to the Pakistan network block .
At the same
time, NSA disclosures and technological interventions are precipitating nationspecific policies geared toward circumventing surveillance or achieving other
objectives. Russia has called for an alternative DNS; countries are pursuing policies
around data localization; and others have discussed routing around the US by
building their own Internet submarine cables. These interventions are politicizing technical design
choices rather than reflecting fundamental qualities of the Internet, such as interoperability, efficiency and
Instead of weakening or exploiting vulnerabilities within the technology,

governments should encourage the Internets technical community and businesses
to incorporate privacy and security enhancing solutions in the Internets standards
and protocols. It is in the interest of everyone that the Internet remains a trusted, open and safe medium so
openness.
that it can continue to foster economic growth, access to knowledge, and innovation.
Surveillance Backdoors will lead to severe economic losses

John M. Peha et al, 7-20-2014, "Risking it All: Unlocking the Backdoor to the
Nations Cybersecurity" http://papers.ssrn.com/sol3/papers.cfm?
abstract_id=2468604
The United States benefited greatly from its role as a trusted provider of information and communications
agencies
that are considering methods of weakening the security of commercial products and
services must consider the full range of implications . Similarly, companies that benefit from user
data as part of their marketing revenue strategies should consider how their tactics could be abused. Weakened
security in standards and mass-market technology can facilitate the authorized
surveillance of criminals and terrorists. However, these weaknesses also introduce
risk to innocent people, organizations and government agencies, as they become
more vulnerable to attack from organized crime, terrorists and foreign powers. If
policies to weaken products from the United States are discovered, or even merely
suspected, U.S. products and services will suffer significant losses in reputation
and business where trust is critical. Both supporters and critics of policies to introduce backdoors
technology across the globe. This role cannot be taken for granted. Intelligence and law enforcement
have presupposed that the alleged activities have reduced privacy to improve security. With that premise, they then
argue about whether the nation wins or loses from such a trade. While the debate over how we should value both
privacy and security is important, it misses a critical point: The United States might have compromised both
security and privacy in a failed attempt to improve security. A thorough, technically informed, and documented
process of risk assessment with balanced stakeholders from all sides is needed to ensure the resilience and
security of Americas cyberinfrastructure, including the Internet and cyberphysical systems.
Data Insecurity causes huge economic losses

After the Snowden leaks began in June 2013, American businesses learned that perceptions
of insecurity can hurt their sales. After the Snowden leaks, major companies such as Apple
and IBM spent billions of dollars building data centers overseas to combat the
impression the US government would have unfettered access to foreign customers
data. Many countries in Europe and elsewhere pushed for laws requiring their citizens data to be stored locally as
international trust in US products and services dipped. Overseas competitors in some cases using what
they claimed was NSA-proof technology as a marketing scheme swooped up suspicious customers,
according to a New America think tank paper last year on the global business impacts of the surveillance
revelations. It also detailed some lost opportunities, such as when Brazil, for instance, awarded a major contract for
fighter jets to Swedish company Saab over Boeing, the American company that had previously been the
In the cloud computing space, Forrester Research had estimated US businesses

could lose as much as $180 billion by 2016.
frontrunner.
Encryption regulations drive companies from the US

The American business community worries such a policy, if enacted, would threaten the competitiveness of their
businesses. They are concerned it would unnecessarily put their customers personal security and privacy at risk as
many
companies are already trying to estimate the high cost of dealing with any
regulation that would mandate access to encryption including potential losses in
revenue and the tougher-to-measure consumer trust. As such, some are already
contemplating how to find loopholes and other ways around any new US rules to build back doors, including by
taking business overseas.
criminal hackers grow increasingly sophisticated and governments seek to eavesdrop. At the same time,
Encryption backdoors will collapse the economy due hacking
Venezia 7-13 (Paul Venezia, Encryption with backdoors is worse than useless
its dangerous, InfoWorld, 7/13/15, Paul Venezia is a veteran *nix system and
network architect, and senior contributing editor at InfoWorld, where he writes
analysis, reviews and The Deep End blog,
http://www.infoworld.com/article/2946064/encryption/encryption-with-forcedbackdoors-is-worse-than-useless-its-dangerous.html, 7/14/15 AV)
On the other side of the pond, U.K. Prime Minister David Cameron has said he wants to either ban strong encryption
or require backdoors to be placed into any encryption code to allow law enforcement to decrypt any data at any
The fact that these officials are even having this discussion is a bald
demonstration that they do not understand encryption or how critical it is for
modern life. They're missing a key point: The moment you force any form of
encryption to contain a backdoor, that form of encryption is rendered useless. If a
backdoor exists, it will be exploited by criminals. This is not a supposition, but a certainty. It's not
time.
an American judge that we're worried about. It's the criminals looking for exploits. We use strong encryption every
single day. We use it on our banking sites, shopping sites, and social media sites. We protect our credit card
information with encryption. We encrypt our databases containing sensitive information (or at least we should ).
Our economy relies on strong encryption to move money around in industries large
and small. Many high-visibility sites, such as Twitter, Google, Reddit, and YouTube, default to SSL/TLS
encryption now. When there were bugs in the libraries that support this type of
encryption, the IT world moved heaven and earth to patch them and eliminate the
vulnerability. Security pros were sweating bullets for the hours, days, and in some
cases weeks between the hour Heartbleed was revealed and the hour they could
finally get their systems patched -- and now politicians with no grasp of the ramifications want to introduce a
fixed vulnerability into these frameworks. They are threatening the very foundations of
not only Internet commerce, but the health and security of the global
economy. Put simply, if backdoors are required in encryption methods, the
Internet would essentially be destroyed, and billions of people would be
put at risk for identity theft, bank and credit card fraud, and any number
of other horrible outcomes. Those of us who know how the security sausage is made are appalled
that this is a point of discussion at any level, much less nationally on two continents. Its abhorrent to consider. The
general idea coming from these camps is that terrorists use encryption to communicate. Thus, if there are
Leaving aside the massive

vulnerabilities that would be introduced on everyone else, its clear that the
terrorists could very easily modify their communications to evade those types of
encryption or set up alternative communication methods. We would be creating
holes in the protection used for trillions of transactions, all for naught . Citizens of a city do
backdoors, then law enforcement can eavesdrop on those communications.
not give the police the keys to their houses. We do not register our bank account passwords with the FBI. We do not
knowingly or specifically allow law enforcement to listen and record our phone calls and Internet communications
We should definitely not crack the foundation of secure

Internet communications with a backdoor that will only be exploited by criminals or
the very terrorists that were supposedly trying to thwart . Remember, if the government can
(though that hasnt seemed to matter).
lose an enormous cache of extraordinarily sensitive, deeply personal information on millions of its own employees,
one can only wonder what horrors would be visited upon us if it somehow succeeded in destroying encryption as
well.
Cyber Impact Competitiveness

Weak cybersecurity undermines competitiveness.
Peha, 2013
Of course, some technically sophisticated organizations are challenging the security of American computer and
communications systems for reasons other than mere financial gain. Finding and exploiting security vulnerabilities
is part of how international espionage is conducted in the 21st century, as is clearly demonstrated by recent
revelations about the activities of the Chinese government. In addition to economic advantage, foreign
governments that compromise the security of contractors to the U.S. Defense Department may use what they learn
to improve their offensive and defensive military capabilities. Moreover, as we saw from cyberattacks in Estonia and
Georgia, cyberattacks on civilian systems can be highly disruptive to nations, and possibly a force multiplier for
military action. The more foreign powers can learn about security vulnerabilities in critical systems in the U.S., the
more vulnerable we are. Worse yet, this is no longer just the domain of nation states. Terrorist organizations could
also launch cyberattacks against critical systems. Perhaps they will time a cyberattack with a bombing to maximize
the damage and the panic. Weakened security can only increase the risk of cyberespionage, cyberattack, and
If weakened security in commercial products and services is the result of

a national policy (as opposed to other causes such as human error), and that national policy is
known or suspected, this does additional harm to the nation. Customers will
naturally prefer products and services from companies that they believe are
immune from such a policy. Thus, such a policy in the U.S. could have a
significant impact on the competitiveness of all of the U.S. companies in
the information technology sector, which combined account for a
significant portion of the U.S. economy, and many high-paying jobs.
cyberterrorism.
Cyber Crime
Organized Crime Internal Link

Vulnerabilities in software strengthen organized crime.
Blaze, 2015
Matt, University Of Pennsylvania Prof of Computer and Information Science Us
House Of Representatives Committee On Government Oversight And Reform
Information Technology Subcommittee Encryption Technology And Possible Us Policy
Responses 29 April 2015 Testimony of Matt Blaze https://oversight.house.gov/wpcontent/uploads/2015/05/4-29-2015-IT-Subcommittee-Hearing-on-EncryptionBlaze.pdf
weigh the risks of making
software less able to resist attack against the benefits of more expedient
surveillance. It effectively reduces our ability to prevent crime (by reducing computer
security) in exchange for the hope of more efficient crime investigation (by making
electronic surveillance easier). Unfortunately, the costs of the FBIs approach will be
very high. It will place our national infrastructure at risk. This is not simply a matter of
An important task for policymakers in evaluating the FBIs proposal is to
weighing our desires for personal privacy and to safeguard against government abuse against the need for
improved law enforcement. That by itself might be a difficult balance for policymakers to strike, and reasonable
the risks here go far beyond that, because

Vulnerabilities in
software of the kind likely to arise from law enforcement access requirements can
often be exploited in ways that go beyond the specific data they process . In particular,
people might disagree on where that balance should lie. But
of the realities of how modern software applications are integrated into complete systems.
vulnerabilities often allow an attacker to effectively take control over the system, injecting its own software and
taking control over other parts of the affected system.9 The vulnerabilities introduced by access mandates
discussed in the previous section are likely to include many in this category. They are difficult to defend against or
contain, and they current represent perhaps the most serious practical threat to networked computer security.
For
better or worse, ordinary citizens, large and small business, and the government
itself depend on the same software platforms that are used by the targets of
criminal investigations. It is not just the Mafia and local drug dealers whose
software is being weakened, but everyones. The stakes are not merely unauthorized
exposure of relatively inconsequential personal chitchat, but also leaks of personal financial and
health information, disclosure of proprietary corporate data, and compromises of
the platforms that manage and control our critical infrastructure . In summary, the
technical vulnerabilities that would inevitably be introduced by requirements for law
enforcement access will provide rich, attractive targets not only for relatively
petty criminals such as identity thieves, but also for organized crime,
terrorists, and hostile intelligence services. It is not an exaggeration to
understand these risks as a significant threat to our economy and to national
security.
Organized Crime Economy

The impact is intellectual property theft from state-sponsored
hackers, causes hundreds of millions of dollars in damages
each year.
Risen 14
Tom Risen, 8-11-2014, Tom Risen is a technology and business reporter for U.S.
News & World Report "The New Mafia: Battling Hackers Like Organized Crime," US
News and World Report, http://www.usnews.com/news/articles/2014/08/11/the-newmafia-battling-hackers-like-organized-crime
Hackers can be tough opponents because the best of them share ideas online about new ways to attack networks
Gangs in nations like Russia or China can be

particularly resourceful and dangerous especially since governments there are
secretly sponsoring hackers' efforts and protecting them from international law
enforcement, a former top FBI official tells U.S. News. Both Russia and China are sponsoring
hackers that collect information on behalf of the nation state , says Shawn Henry, the former
executive assistant director in charge of the FBI's Criminal, Cyber, Response and Services Branch. Intellectual
property is being funneled to benefit companies in their home countries .
Submarines, airplanes and medical devices are among the products made by China
using intellectual property stolen from networks of U.S. companies, says Henry, who
retired from the FBI in 2012 and is now president of the cybersecurity firm CrowdStrike. Along with
threatening U.S. national security, theft of intellectual property is among the top
reasons hackers cost consumers and companies between $375 and $575 billion
each year, according a report from the Center for Strategic and International Studies funded by cybersecurity
firm McAfee. Cooperation with Russia and China on prosecuting hackers would make a huge
difference, but that's unlikely in the near future because the countries benefit from
co-opting hacker theft and because of political divisions between the U.S. and those nations, Henry says.
and how to hide from law enforcement.
Russian Cyber Organized Crime Internal

Russian Black Hat hackers fuel cyberattacks
Atmani 14 (Mehdi Atmani, Where The Web Thugs Are: Inside Russias Cyber
Underworld, World Crunch, 8/22/14, Medhi Atmani is a journalist for the World
Crunch news source, http://www.worldcrunch.com/tech-science/where-the-webthugs-are-inside-russia-039-s-cyber-underworld/cybercrime-hacking-confidentialdata-russia-it-services/c4s16787/#.VbFM3vlVgoI, 7/23/15 AV)
MOSCOW Whether an organized crime expert or a solitary con man, an intelligence
services agent or the Kremlin's cyber soldier, Russian hackers are often at the heart
of Internet fantasies. An ambiguous and protean figure, the hacker has as many faces as Russia itself. The
country, from which many of these nefarious crimes originate and where Edward
Snowden remains in asylum, is both a nation of cyber censors and IT experts.
Welcome to Russia's Internet underworld. The 28-year-old hacker I'm interviewing establishes the
rules of the game. He won't give his name only his pseudonym, "X311" and won't answer all of my questions.
A strong code of silence prevails in the

Russian hacking world. It took me recommendations from about 10 mutual acquaintances for "X311" to
"If I reveal too much, it could go badly for me," he says.
finally agree to speak to me. After a long and perilous hunt, his conditions are finally mine. Our interview takes
place online, in the middle of the night in Moscow, and on an Internet Relay Chat one of many online
communications protocols. Our exchanges are protected by the cryptography protocol Off-the-Record Messaging
(OTR). This is the essential prerequisite to our conversation, and the token of his trust. "X311" writes in unusual but
decent French. The hacker found refuge in France when his "personal situation became way too dangerous" for him
to stay one more week in Russia, he says. He agrees to unveil some aspects of his country's cybernetic underworld,
only because he's now joined "the white side of the force." In the hacker community, people are clearly divided in
five different color groups. The deep web's golden era First off, there are the "black hats" hackers driven by profit
and the desire to wrong the market's actors. These are criminals who are either isolated or organized in mafia. On
the opposite end are the "white hats," the cyberspace avengers who track down pirates and those threatening their
interests "the grey hats." Then come the "blue hats," who specialize in Windows hacking, and the "red hats,"
experts in the UNIX operating system. None of them ever says what color group they identify with. "A real hacker
never discloses he's one," X311 says. Our man did, out of choice and necessity. The Moscovite was a 15-year-old
high school student when he first entered the "black hat" Russian underworld. He studied programming in Moscow
and developed secured software during his spare time. "Back then, you had to find mentors to learn and practice,"
he says. X311 found these code masters with questionable ethics on IRC chats. These are all solitary and
experienced souls, navigating the deep web. Up to 90% of online content slips through the pages of classic search
engines. This is what we call "the deep web," the submerged part of the digital iceberg where the "black hats" hide
and thrive. These hackers buy, sell and trade sensitive data debit cards, confidential information, hacking
programs. They do so via the Tor network (an acronym for The Onion Router), which provides them with secured
protection of information. Quickly, X311 built a solid reputation, earning respect among other hackers. "I was young,
experienced, I was a good worker," he says via chat. Trading data and sensitive information with another "black hat"
just for the love of risk, he quickly became an expert in "cracking" and "phreaking." These practices consist of
breaking into security safeguards to hack debit cards, or phones. "Back then, it was heaven," the hacker says.
"There wasn't as much security on debit cards or on logins." He could easily hack into news websites or user
accounts of large hosting service providers. Apart from the "American and European banks," things were easy for
young hackers like him. "When I saw a growing interest for the competition of this data, I started selling it," he
acknowledges. But he won't say for how much. "A
hacker has power through the data he owns,

not for the money he earns." So, how do they work? The notion of Russian hackers is that
they are unattainable feared, admired and hunted . An immersion into the deep web dispels
these cliches. Let's start by talking about how young these hackers are. Hackers younger than 25 gravitate to Saint
Petersburg and its universities. The area is the most dense "black hat" community in the country. "They tend to be
pushed toward the city because of a shortage of legal job opportunities," says Sergueyv Vishnyakov, a 24-year-old
information security researcher at a Russian bank. He is an expert of the "black hats." He is featured as an
"hacktivist" on a website that hosts the largest database of IT flaws and weaknesses to date. In Moscow, these
cowboys of the web are lured by money. The majority of them earn more than 17,000 rubles a month about
$550. "The best hackers earn 10 times more," adds Vishnyakov, "but they only represent about 1% of the Russian
"black hats." And the game is definitely worth it:
Russian laws aren't deterrent enough to scare
these hackers. To find out how they operate, we head to the Moscow area headquarters of security company
Kaspersky. The firm competes with U.S. companies such as Symantec and McAfee fighting cyber crime. Inside the
headquarters, elite teams relentlessly battle new IT attacks. More than 315,000 are registered every day, coming
from and targeting Russia. Russia has the dubious distinction of ranking No. 3 globally in generating cyber attacks,
after China and Brazil. Aleks Goltsev, a 37-year-old Ukrainian, heads the company's security unit, and with the help
of international police forces, he investigates the Russian "black hat" underworld and tracks down its members.
Each country, he says, has its own specialty. "The Chinese hack online gaming platforms," he says. Brazilians take
The Russians, on the other hand, are the

pioneers. They develop most of the hacking technologies then sell to other
countries," he adds. Cybercrime in Russia is built around small groups, themselves made up of about 10 hackers
care of online banking websites," Goltsev explains.
whose tasks are clearly defined. Two developers design the spy software, and then try to sell it on IRC forums. The
market runs on two economic models. "They either sell the entire program for $10,000, or rent it weekly," Goltsev
With
the conflict in eastern Ukraine, Goltsev has become even busier. Russia and Ukraine
are engaged in an intense data cyber war. The security expert is convinced that
denial-of-service (DOS) attacks, which aim at taking down Internet servers, come
from "Russian and Ukrainian patriots." They could also originate from the Russian
government. Back in 2007 and 2008, Estonia and Georgia, then in conflict with the Kremlin, were given the
says. Some clients are Russian, but most of them are foreign Chinese and Thai. Russia's ambivalent stance
same treatment from Moscow as Ukraine is today. This is what makes Moscow so ambiguous about cyber defense
and security matters. The country, known for training the best IT experts, granted asylum to Edward Snowden, a
former computer engineer who disclosed revelations about the U.S. spying program. At the same time, Russia
stands among the most Internet-censoring countries around the world. The Kremlin recruits its Internet soldiers in
the Siberian city of Novosibirsk. Not far from there, authorities established a scientific city named the "Silicon Taiga"
in 1957. Russia has an impressive and feared cyber army. The GRU, the Main Intelligence
Directorate, is the largest supplier of cybersoldiers. Highly trained, they develop new protection systems and
manage Russia's listening stations across the globe. At the government level are the Russian Federation Federal
Security Service (FSB) and its 76,000 contributors. The organization, the main successor of the KGB, has an entire
center devoted to fighting cyber crimes. There is also a special unit in charge of protecting the government's
Internet. The NSA has nothing on the FSB. The Russian service created one of the most powerful
systems in communications interception, the one used during the Sochi Olympic Games in February. Russia can also
count on its Foreign Intelligence Service (SVR), a 15,000-person organization that is particularly active in economic,
industrial and technological spying. Back in the Moscow night, behind the screen of our encrypted chat, X311
declines to elaborate on what led him to flee Russia for France. "At some point, you need to think about settling
down," he says. "I was going on a bad path." He won't say if he was arrested. "Sorry, but I wont answer any
question. What do you think?" The 28-year-old Russian now works for a French IT security company. Maybe a former
victim of his hacking? He replies with a smiley emoticom and suddenly leaves the chat
Russian Organized Crime Nuclear Terrorism

Russian organized crime makes terrorist nuclear weapons
likely.
Kenneth Rapoza, Contributor for Forbes Magazine, 2011, Russian Organized
Crime Strategic Threat to US NSC

http://www.forbes.com/sites/kenrapoza/2011/07/25/russian-organized-crimestrategic-threat-to-us-nsc/
A National Security Council report on transnational criminal organized released Monday,
named Russian organized crime as a strategic threat to Americans and US
interests abroad. Russian and Eurasian organized crime networks represent a significant threat to economic growth and democratic institutions, the report stated. Russian organized crime syndicates and criminally
linked oligarchs may attempt to collude with state or state-allied actors to undermine competition in strategic
markets like natural gas, oil, aluminum, and precious metals, the National Security Council attests .
At the
same time, transnational criminal networks in Russia are establishing new
ties to global drug trafficking networks to raise quick capital. Nuclear
material trafficking is an especially prominent concern in the former
Soviet Union, the report stated, adding that the US would continue to cooperate with Moscow and
the nations of the region to combat illicit drugs and organized crime. The report singled out the Russian mob
run by Semion Mogilevich. He is wanted by the US for fraud, racketeering, and money laundering
and was recently added to the FBIs Ten Most Wanted list. Mogilevich and
several members of his organization were charged in 2003 in the Eastern District of
Pennsylvania in a 45-count racketeering indictment with involvement in a sophisticated securities fraud and money-
used a Pennsylvania company, YBM Magnex, to defraud

investors of more than $150 million. Even after that indictmentand being placed on the FBIs
laundering scheme, in which they allegedly
Ten Most Wanted listMogilevich has continued to expand his operations. Mogilevich was arrested by Russian police
on tax charges in January 2008 and was released pending trial in July 2009. Other members of his organization
remain at large. Mogilevichs criminal empire currently operates in Europe (including Italy, Chech Republic,
Switzerland and Russia) the United States, the Ukraine, Israel and the United Kingdom. He also allegedly has ties
Mogilevich is considered one of the

smartest and most powerful gangsters in the world. The Berlin-based nonwith organized crime in South America, Pakistan and Japan.
governmental anti-corruption organization Transparency International has persistently rated Russia as one of the
most corrupt nations on earth, and the worst among the BRIC nations Brazil, Russia, India and China. In the 2010
Corruption Perception Index, Russia was ranked ahead of all three big emerging markets, on par with Libya and
Pakistan.
Russian organized crime is complicit in nuclear trafficking that

allows terrorists to obtain nuclear weapons more easily.
Zaitseva 07Center for International Security and Cooperation (CISAC) Visiting
Fellowfrom the National Nuclear Centre in Semipalatinsk (Lyudmila, 2007, Strategic

Insights, Volume VI, Issue 5, Organized Crime, Terrorism and Nuclear Trafficking,
rmf)
The use of radioactive material for malicious purposes falls within the range of
capabilities of organized criminal structures, at least those in Russia . Such a
malevolent use may be an indirect evidence of the organized crime involvement in
the illicit trafficking of radioactive substances. More than a dozen of malevolent
radiological acts, such as intentional contamination and irradiation of persons, have been reported in
open sources since 1993. One of them, which happened in Guangdong Province of China in 2002resulted
in significant exposure of as many as 74 people working in the same hospital.[55] Two incidentsboth in
Russiahave been linked to organized crime. A widely-publicized murder of a

Moscow businessman with a strong radioactive source implanted in the head-rest of
his office chair in 1993 was one of them. The director of a packaging company died of radiation
sickness after several weeks of exposure. The culprit was never found and it was alleged that mafia might have
been behind the ploy to remove a business competitor.[56] The same source mentioned a similar incident, which
happened in Irkutsk around the same time, when somebody planted radiation sources in office chairs in an attempt
to kill two company directors before the "hot seats" were discovered and removed. No speculations were made
regarding the possible mafia involvement in this murder attempt, although it cannot be excluded.
The less known case with strong indications that shady criminal networks may have plotted it happened more
recently in St. Petersburg. On March 18, 2005, Moskovskiye Novosti published an article, in which the author
discussed several high-profile assassinations and murders in Russia and abroad using various methods of poisoning.
One of such killings was reportedly performed with a highly radioactive substance. In September 2004, Head of
Baltik-Escort security company in St. Petersburg and FSB Colonel, Roman Tsepov, died a sudden and mysterious
death as a result of what was suspected to be poisoning. However, according to a source in St. Petersburg Public
Prosecutors Office, the posthumous examination established that the death had been caused by an unspecified
radioactive element. In the past, Tsepov was reportedly in charge of collecting protection money from casinos and
other commercial enterprises in St. Petersburg on behalf of a high-ranking FSB official.[57] These two incidents
demonstrate that some organized crime structures have the knowledge about the characteristics and effects of
specific radioactive materials, have access to these substances, and do not shy away from using them as weapons
of murder, which are hard to trace to the perpetrators. Terrorist Networks and Nuclear Trafficking Terrorism changes
together with society and in order to preserve itself as a phenomenon it must use what society gives it, including
The risk of terrorists obtaining nuclear fissile

material is small, but real. After the terrorist attack on the school in Beslan in September 2004, the Head
of Russian Federal Agency for Atomic Energy (Rosatom, formerly Minatom) Alexander Rumyantsev said that the
possibility that international terrorist groups may acquire nuclear fissile material,
including HEU and plutonium, as well as nuclear weapons technologies, could no
longer be ruled out.[59] Such a risk is much higher for radiological material, which is omnipresent around the
world and is not subject to nearly the same level of control and protection as nuclear fissile material. Its use as
a weapon in a radiological dispersal device (RDD) would also be achieved with just a
fraction of time, investment, and skills required for making a crude nuclear weapon.
These reasons make the deployment of radiological material the most
probable scenario of nuclear terrorism. Although radioactive substances have already been
the most modern weapons and advanced ideas.[58]
used as a weapon of killing and a threat mechanism, so far, there is no evidence of their successful deployment in
terrorist acts. The only case that comes close to deployment of an RDD, was recorded in Chechnya in 1998, when
the local authorities found a container filled with radioactive substances and emitting strong radiation levels
together with a mine attached to it buried next to a railway line.[60] The local authorities considered the incident as
a foiled act of sabotage. The Chechen fighters are also believed to have made several raids on the Radon
radioactive waste depository, located in the vicinity of Grozny, and stolen several containers with radioactive
substances.[61] In 1996, the director of the Radon facility confirmed that about half of some 900 cubic meters of
waste, with radioactivity levels of 1,500 curies, which had been stored at the Radon facility at the start of the first
Chechen war in November 1994, was missing.[62] The Russian authorities believe the terrorists were planning to
use them in explosions in order to spread contamination. It should be noted that Chechen extremists stand out from
many other terrorist organizations by persistently making threats to use nuclear technologies in their acts of
violence. The notorious burial of a radiation source in the Gorky park of Moscow in 1995 by the now late field
commander Shamil Basayev and the threat by Ahmed Zakayev after the Moscow theater siege in October 2002 that
the next time a nuclear facility would be seized are just two such examples.[63] In January 2003, Colonel-General
Igor Valynkin, the chief of the 12th Main Directorate of the Russian Ministry of Defence, in charge of protecting
Russias nuclear weapons, said operational information indicates that Chechen terrorists intend to seize some
important military facility or nuclear munitions in order to threaten not only the country, but the entire world.[64]
According to an assessment of a Russian expert on nonproliferation, whereas unauthorized access to nuclear
access and theft of nuclear weapons during

transport or disassembly cannot be wholly excluded .[65] Russias top security officials recently
munitions by terrorist groups is extremely improbable,
admitted they have knowledge about the intent and attempts by terrorists to gain access to nuclear material. In
the director of the Russian Federal Security Service Nikolay Patrushev told
at a conference that his agency had information about attempts by terrorist groups
to acquire nuclear, biological and chemical weapons of mass destruction.[ 66] Later that
August 2005,
year, the Minister of Interior, Rashid Nurgaliev, stated that international terrorists intended to seize nuclear
materials and use them to build WMD.[67] If terrorists indeed attempted to gain access to nuclear material in
order use them for the construction of WMD, such attempts have not been revealed to the public. Out of almost
1100 trafficking incidents recorded in the DSTO since 1991, only one has reportedly involved terrorists, other than
Chechen fighters. The incident was recorded in India in August 2001, when Border Security Force (BSF) officials
seized 225 gram of uranium in Balurghat, northern West Bengal along the India-Bangladesh border. Two local men,
described as suspected terrorists, were arrested. Indian intelligence agencies suspect that the uranium was bound
for Muslim fighters in the disputed regions of Jammu and Kashmir and that agents of Pakistan's InterServiceIntelligence (ISI) were involved.[68] Whether the arrested suspects were indeed members of a terrorist organization
Alliances between terrorist

groups and drug cartels and transnational criminal networks are a wellknown fact. Such alliances have successfully operated for years in Latin
America, and in Central-, South-, and South-Eastern Asia. The involvement of
organized criminal groupsalbeit relatively small and unsophisticatedin nuclear
smuggling activities has also been established based on the study of some
400 nuclear trafficking incidents recorded in the DSTO database between
January 2001 and December 2005. Elements of organized crime could be identified in about 10 percent
remains unclear based on the available information. Conclusion
of these incidents. However, no reliable evidence of the marriages of convenience between all threeorganized
crime, terrorists, and nuclear traffickingcould be found.
Russian Organized Crime Money Laundering

Russian organized crime causes large-scale money laundering
James O. Finckenauer, Ph.D, RUSSIAN ORGANIZED CRIME IN THE UNITED
STATES, International Center National Institute of Justice,
https://www.ncjrs.gov/pdffiles1/nij/218560.pdf, 12/5/2007
A characteristic even more defining of Russian organized crime in the United States
than its violence is the predominant nature of its criminal activity. With the principal
exceptions of extortion and money laundering, ROC has had relatively little or no involvement in
some of the more traditional crimes of organized crime, such as drug trafficking,
gambling, loan sharking, etc. On the other hand, these varied criminal groups are extensively engaged in
a broad array of frauds and scams, including health care fraud, insurance scams, stock frauds, antiquities swindles,
forgery and gasoline tax evasion schemes. Russians have recently become the principal purveyors of credit card
Russian organized crime is very adept at

changing criminal activities and diversifying into new criminal markets . For example,
fraud in the U.S., supplanting the West Africans.
financial markets and banks have become new targets of criminal opportunity for ROC, as witness two recent
prosecutions:
U.S. v. Alexander Lushtak alleges a multi-million dollar investment fraud

scheme and the subsequent laundering of nearly two million dollars of proceeds of
that scheme by depositing monies involved in the fraud in an account at the Bank of
New York, and, U.S. v. Dominick Dionisio, et al., charges two persons alleged to be associated with the LCN and
an alleged member of the "Bor" Russian organized crime group with operating a multi-million dollar investment
As criminals from the former Soviet Union

become more assimilated into American society, they are moving into legitimate
businesses such as the textile industry and the movie business. But in many cases these
fraud and laundering the proceeds of the scheme.
businesses are used for money laundering. Money laundering is also at the heart of one of the best known and most
U. S. government indictment
last year of four individuals and two companies in connection with the laundering of
more than $7 billion (some estimates range up to $10 billion) through the Bank of
New York (BONY). The case exemplifies a number of economic resource issues. First,
the monies laundered represent a mix of income from criminal activity in Russia and
money being hidden to avoid regulation by the Russian government . How much is of each
recent cases of ROC activity in the United States. That case involves the
kind has not been established. Russian organized crime uses financial institutions such as the BONY to launder
criminal money, and also assists Russian businesses and individuals to move their own assets out of Russia so as to
the BONY case illustrates the

diversification and, even more importantly, the blend of legal and illegal activities.
This blend increases enormously the difficulty faced by U. S. law enforcement in
dealing with money laundering by Russian organized crime. Third, there is clearly a capacity
evade Russian law enforcement and tax officials. Second,
to tap professional know-how in the financial schemes of ROC. And, as this case, and the stock fraud cases
illustrate, some of those associated with ROC work primarily in the legitimate sector of the economy.
Russian Organized Crime Russia Stability

Russian organized crime perforates the international order,
especially growing involvement in the nuclear black market.
Webster 15, 7-23-2015, "Russian Organized Crime,", center for strategic and
international studies, http://csis.org/programs/transnational-threats-project/pasttask-forces/russian-organized-crime

Russian organized crime undermines Russian support for economic liberalization and
political reform by co-opting and corrupting institutions within government and the
commercial sector. The breadth and depth of Russian organized crime already runs
so wide and deep, that Russia is on the verge of becoming a criminal syndicalist
state, dominated by a lethal mix of gangsters, corrupt officials, and dubious
businessmen. The situation was punctuated by a warning to Congress from former
CIA Director Woolsey, who argued "there is a real threat that the surge in crime will
sour the Russian people to Yeltsin's reform program and drive them into the arms of
Russia's hardline political forces." The current economic crisis cannot be separated from the crisis of
crime and corruption, which has also been the greatest impediment to attracting foreign direct investment. Russia
has been forced into the unpalatable position of depending on foreign aid and investment given massive capital
An overarching national
security concern is the involvement of Russian organized crime in the nuclear black
market. Russian organized crime groups pose a unique law enforcement challenge,
jeopardizing public safety throughout the world through their transnational criminal
enterprises. Worldwide money laundering activity from Cyprus to the Cayman
Islands and from Vanuatu in the Pacific to Venezuela; the assassination of American
businessman Paul Tatum in Moscow; financial scams in New York; car theft rings in
Europe; narcotics trafficking and money laundering alliances with Colombian and
Nigerian druglords and the Italian mafia represent but a few of the tentacles
extended by Russian organized crime networks throughout the world . Currently 200 large
flight and the wholesale plundering of its natural resources by its oligarchs.
Eurasian criminal organizations operate worldwide and have formed alliances with their criminal counterparts in 50
countries (including 26 U.S. cities).
Russian Organized Crime exploits governmental apparatus

James O. Finckenauer and Yuri A.Voronin, The Threat of Russian Organized
Crime, U.S. Department of Justice Office of Justice Programs, June 2001
The privatization of state property that began in Russia in 1992when public property began to be sold to private
investorsboth expanded and solidified the complex relationship that had developed between the state and
organized crime. Because of its connections to officialdom and to the shadow economy, organized crime took part
assets controlled by
organized crime give it enormous economic power, and hence political power as well.
These assets enable criminal organizations (in various guises) to deal directly with
the stateon behalf of their own economic interestsfrom a position of parity.
in what has become the enormously lucrative scheme of privatization. As a result, the
Organized crime has also attempted to assume certain governmental functions, such as dividing territories among
It seeks to control business-market

entry, to impose taxes (protection fees), to set up tariffs, andas is characteristic of
organized crime in the United Statesto enforce all this through direct violence or
other forms of coercion. It is the latter activities that have laid the groundwork for direct
conflict with the state, because only the state can legitimately use violence . This series of
competing economic actors and regulating business markets.
developments is as much political and economic as it is criminological, and it is unlike anything we have ever seen
Organized crime in Russia uses legal businesses as fronts for illegal

activities and for setting up illegal product lines. It creates political clans to exercise political
in the United States.
power and seeks to create and regulate markets to exercise economic power. The following are some specific
Russian criminals make extensive

use of the state governmental apparatus to protect and promote their criminal
activities. For example, most businesses in Russialegal, quasi-legal, and illegalmust operate with the
protection of a krysha (roof). The protection is often provided by police or security officials
employed outside their official capacities for this purpose . In other cases, officials are
characteristics of Russian organized crime in the post-Soviet era:
silent partners in criminal enterprises that they, in turn, protect. The criminalization of the privatization process
Valuable properties are

purchased through insider deals for much less than their true value and then resold
for lucrative profits. Criminals have been able to directly influence the states
domestic and foreign policy to promote the interests of organized crime, either by
attaining public office themselves or by buying public officials.
has resulted in the massive use of state funds and property for criminal gain.
Russian Organized Crime Human Trafficking

Organized crime by Chinese and Russian organizations cause
significant amounts of human trafficking from their countries
to the United States that often turns to forms of prostitution
and sweatshop labor.
Dena Weiss, professor of criminal justice at American Military University, 7-242014, "Organized CrimeS Involvement In Sex Crimes And Human Trafficking,"
American Military University, http://inpublicsafety.com/2014/07/organized-crimesinvolvement-in-sex-crimes-and-human-trafficking/
Organized crime plays a significant role in human trafficking in countries worldwide.
Often beginning as a voluntary action, human trafficking quickly turns into the
recruitment, transport, and control of an individual . The criminal act not only involves trafficking
an individual, but also the demand for exorbitant fees to transport a person and create fraudulent passport
Once an individual has arrived in a new country, the organized crime

members remain in control and usually force the immigrant into prostitution or
forms of slavery such as working in a sweatshop. Human smuggling is considered
the recruitment, transport, and harboring of illegal immigrants, however, it does not
involve misrepresentation of illegal immigration fees or extortion. Immigrants involved in
documents.
smuggling transactions pay fees upfront and the business transaction and contact with the recruiter ends at the
border (Grubb, 2009). Immigrants rarely have any additional interaction with the group that assisted them and are
not obligated to the organization financially. They are expected to find their own work and accommodations once
they have arrived at their destination. Transnational human trafficking is believed to have become one of the least
Organized crime has easily

adapted to the technology changes mandated for travel abroad. Unlike the 19th century
dangerous and most profitable enterprises for organized crime groups.
when distinct ethnic groups dominated during different time periods, organized crime has no prejudice at present.
Many different criminal groups all over the world work together and often share
profits, which makes controlling human trafficking next to impossible for law
enforcement. Asian Gangs and Human Trafficking China has experienced economic growth
within urban areas of southeastern provinces; however, the rural areas have
suffered with little agricultural progression. Most available jobs are reserved for
those who are well educated and living in the city . Migrant workers who live a transient life
quickly fill factory jobs that pay low wages and require long hours. The United States is seen as the ultimate escape
where there are no limits on family size and citizens have endless opportunities for employment. Due to poor
economic conditions in China, the business of trafficking Chinese citizens into the United States has become a
lucrative business for organized crime. One specific Asian crime organization is referred to as the Triads. The
group has been very successful in the United States creating cells in New York, Miami, San Francisco, Los Angeles,
Human trafficking has become the crime of

choice not only because it is safer than offenses such as drug trafficking, but
because there is low overhead. Century old cargo carriers are used for travel and occupancy is triple
Chicago, Boston, and Houston (Abadinsky, 2010).
what it should be resulting in rancid conditions onboard vessels. Traffickers may charge as much as $35,000 per
Once the person arrives in the

United States they are obligated to pay the remainder of their debt or become
enslaved by the Triads either in sweatshops or prostitution houses. Gang members
threaten death or violence against them or their families if they attempt escape . The
immigrant but only require a $100 deposit (Logan, Walker, & Hunt, 2009).
home base for the Triad organized crime group is believed to be in Hong Kong; however, they have heavy control of
Taiwan where billions in profit flow through legitimate businesses. In Spain, the Triad gangs have infiltrated a small
Chinese community and have corrupted both law enforcement and government agencies. When someone dies in
this town, the Triad gangs simply give the person a new identity by recycling their legal citizenship documents.
Nobody ever questions why the population is skewed and there are no deaths year after year. Triad groups are
masters in exploiting foreign government and often pay large sums to agencies masked as donations to the military
or economic development when the money is actually bribe money for access to ports and facilities needed for their
operations. Although there are many hierarchical groups within Asian organized crime it is decentralized making it
difficult to obtain information regarding international connections when an arrest is made (Logan et.al. 2009).
Russian Mafia and Human Trafficking Human trafficking mainly for the purpose of
prostitution has also become the preferred crime for the Russian mafia due to the
high profit margin. The majority of women who fall victim to trafficking are from
poor economic countries such as the Ukraine and Romania who do not offer many job opportunities for
young women even if they are educated (Zalisko, 2000). Women are recruited using appealing
advertisements in newspapers and magazines. The advertisements promise big money and
free housing for employment as a nanny, go-go dancer, or waitress in the United
States. Many victims are assured they will meet rich men in the big city eager for
marriage (Walker-Rodriguez & Hill, 2011). Victims are provided transportation and travel
papers but are quickly stripped of identification once they arrive at their destination.
Once the women realize they have been tricked into what some call modern-day slavery, they
often fight or attempt to escape. Mafia thugs subdue the women with violence and
isolation. Narcotics such as heroin and methamphetamine are given to the women
routinely to get them hooked and dependent on the gang members to feed their habit. In
typical mafia fashion, the mob photographs the sex slaves with clients and
threatens to send the photographs to their family members if they step out of line
(Abadinksy, 2010).
Chinese Organized Crime Central Asia

Chinese crime drives Chinese and central Asian instability
Swanstrm 3/18 (Dr. Niklas Swanstrm, Director of the Institute for Security &
Development Policy, testimony before the United States Congressional Commission
on U.S.-China Economic and Security Review on 3/18/15, The Security Dimension
of the China-Central Asia Relationship: Chinas Military Engagement with Central
Asian Countries, http://www.uscc.gov/sites/default/files/Swanstrom
%20Testimony_3.18.15.pdf)
CA- Central Asia
When discussing Chinese military capability, it is necessary to point out that despite significant increases, albeit
arguably not sufficient, in the Chinese military budget, not much is directed towards Greater Central Asia. Rather
the focus of Chinese military development has been on bolstering the navy and developing anti-ship cruise missiles,
This is in contrast to the kind of forces,

resources, and equipment required in Chinas western regions. Indeed, the
challenges emanating from CA are rather asymmetric in nature involving mainly
nontraditional security threats that require a different response. A more detailed
discussion of the Chinese military capability in CA is included in the references as it is not a direct
question for this hearing.29 The greatest security challenge for China over time will be the
weakness of the states in CA and the radicalization of the societies, 30 not least if
the security situation in Afghanistan continues to deteriorate which would result in
that Central Asia would increasingly be a transit hub for organized crime and radical
groups. As a result, instability will increase in the region and there will be a growing threat of the aforementioned
three evils spilling over into China. Indeed, in the context of increased instability and
criminalization, the trafficking of drugs and other illegal commodities has already
increased with a concomitant drop in the price of heroin in the border region of
western Chinathe latter a site of growing drug abuse and rampant corruption as a
result. The official view from the Chinese government is that this is primarily a
domestic issue for the CA states. But the tide is turning and among scholars there is
a great deal of fear that the weak economies and lack of political legitimacy could
further destabilize the region and Chinas borders as criminalization and
radicalization tend to merge in the CA region.31 In spite of yearly military exercises with the Central
counter-space weapons, and long-range missiles.28
Asian states, Beijing has failed to establish more effective security cooperation.
Central Asian Instability leads to extremism and terror

International Crisis Group 13 (an independent, non-profit, NGO committed
to preventing and resolving deadly conflict, 2/27/13, Chinas Central Asia Problem,
http://www.crisisgroup.org/~/media/files/asia/north-east-asia/244-chinas-centralasia-problem.pdf)
Chinas economic investments in Central Asia and the future stability of its Xinjiang
Autonomous Region are interwoven with the regions security landscape. Its
investments in the region are exposed not only to potential security crises but also
to political whims and grassroots violence . The Central Asian states have much to gain from their
neighbour. Its funds and technical expertise could re-invigorate stalled sectors of the Kyrgyz and Tajik economies
Chinese
economic expansionism if it fails to deliver benefits to the working population and
enriches only certain political families could become a liability. Charges of
corruption, elitism and colonialism would cause Chinas international reputation to
suffer as well. Central Asias socio-economic and political problems make it prone to
and build infrastructure that connects the landlocked region to world markets. But, equally,
turmoil and vulnerable to extremist organisations , both foreign and domestically generated.
Beijings cautious engagement on security matters will likely have to become more robust. China is reluctant to act
unilaterally, but the SCO provides it with a multilateral option for both Central Asia and Afghanistan. However, the
Central Asias international partners,

including Russia and China, must be wary of attempts by the regions leaders to
push their populations to the brink, be it through political repression, divisive
nationalism or economic deprivation. To address these threats through the SCO, it will be necessary
organisation has been limp on these matters to date.
for Beijing and Moscow to view each other with less suspicion.
Central Asia is key to Sino-Ruso relations

Swanstrm 3/18 (Dr. Niklas Swanstrm, Director of the Institute for Security &
Development Policy, testimony before the United States Congressional Commission
on U.S.-China Economic and Security Review on 3/18/15, The Security Dimension
of the China-Central Asia Relationship: Chinas Military Engagement with Central
Asian Countries, http://www.uscc.gov/sites/default/files/Swanstrom
%20Testimony_3.18.15.pdf)
Russias attempt to regain the military, economic, and political clout in what Russian
foreign minister Andrey Kozyrev termed its near abroad ( ) in the early
1990s has been partially successful, especially in the energy sector. To accomplish this, Russia has been
trying to regain control of much of the crucial transport infrastructure both in terms
of trade and oil/gas infrastructure. Moreover, military cooperation between Russia and the Central
Asian states continues to be high; no other country approaches the level of security cooperation that Russia has
In other areas, such as trade in general, Russias position remains

secondary to that of China, much to Russias chagrin .33 9 The military field is the single area in
had with the region.
which Russia retains significant control compared to China and the United States. Despite some inroads from
Washington (military bases) and Beijing (weapon sales and exercises), Russia maintains close military links with
These regional influences have proven strongest in

terms of weapons sales and the security leverage, particularly after the expected
withdrawal of foreign troops from Afghanistan . The committee for Military and Economic
Kazakhstan, Tajikistan, and Kyrgyzstan.
Cooperation (ICMEC) forms part of the strategy for closer integration of the military-industrial complexes in the
ICMEC was created in 2005 to systematize

cooperation in military technology and make military integration more effective by
controlling both purchases and development of new technology, something that has
not been fully realized due to the suspicion the Central Asian states have shown
towards Russia. Yet, such connections have given Russia sizable leverage. Even if there is a decline in trade
region, a process highly subsidized by Russia.
figures and military control, it has been hard and will continue to be difficult for Central Asia to escape the Russian
grip. Notwithstanding,
the current trend has been a limitation of Russias influence in the

military arena due to Chinese sales to the region and the increased military cooperation with
other states such as China through bilateral attempts as well as SCO and the United States through the Partnership
would appear unrealistic for Russia to return to its former

preeminent position of strength in the military sphere. Central Asia could be
regarded as a weathervane for Sino-Russian relations and the long-term prospects
do not look good. The reasons for closer cooperation and continued friendship are to a large extent based on
the perception of the external threat and exclusion. Trade is decreasing and Russia is arguably
degrading into a more aggressive and closed society as China is increasingly
becoming more open (albeit not politically) society. The concept of security and even the functionality of
SCO differs between the two states: China is focusing more on building long-term security
through institution building and strengthening of national governments, while Russia
is utilizing weak governments and failed institutions to exert control . Even if both are nonfor Peace initiative. Accordingly, it
democratic systems, Chinas is based on a meritocracy and strong institutions (even with high levels of corruption)
but Russias is increasingly succumbing to kleptocracy and institutional decay. The separation between Russia and
China will increase as the differences in society and governments increases exponentially
Chinese Organized Crime Trafficking

Assimilated Chinese Organized Crime behind human trafficking
James O. Finckenauer, Ph.D., CHINESE TRANSNATIONAL ORGANIZED CRIME: THE
FUK CHING, https://www.ncjrs.gov/pdffiles1/nij/218463.pdf?q=ching, International Center National
Institute of Justice, 12/6/2007
Understanding alien smuggling to be the illegal movement of migrants across
national borders, and human trafficking to be migrant smuggling that includes
coercion and exploitation, the Fuk Ching are extensively involved in both types of
activities. Indeed, these criminal activities, along with kidnapping, are the main transnational crimes of the Fuk
Ching. Their dominance is related to Fujian Province being the principal source of
Chinese being smuggled and trafficked into North America. On the domestic scene, their
main criminal activities in New York Citys Chinatown are extortion and gambling. Each Chinese gang dominates
these crimes in theirparticular Chinatown neighborhoods. This includes the Fuk Ching. The professionalism and
sophistication of the Fuk Ching are quite low, again as compared to more mature forms of organized crime. The
same is true of other Chinese criminal gangs operating in the United States. This may be due to their being
their criminal
activities are not particularly sophisticated, although the Fuk Ching may be becoming more complex
in their organizational structure as they become more heavily engaged in human trafficking.
In his research, Chin (1996) found that Chinese gangs were quite active in
legitimate businesses in New York Citys Chinatown. For example, they owned or operated
restaurants, retail stores, vegetable stands, car services, ice cream parlors, fish markets, and video stores. On a
higher, more professional level, they also owned or operated wholesale supply
firms, factories, banks, and employment agencies. In addition, on the West Coast Chinese gangs
generally much younger than, for example, LCN or Russian organized crime figures. Also,
are believed to have penetrated the entertainment industry.
Internet Freedom
1AC Key to Human Rights

This creates a hacker race to the bottom, undermine global
security, human rights.
Donahoe, 14,
Eileen Donahoe, director of global affairs at Human Rights Watch. Donahoe

previously served as the first US Ambassador to the United Nations Human Rights
Council, "Human Rights in the Digital Age", Just Security, 12-23-2014,
http://justsecurity.org/18651/human-rights-digital-age/
Finally, we need to solidify the international understanding that protection of human
rights and adherence to the rule of law in the digital realm are essential to the
protection of national and global security, rather than antithetical to it. All too
often in the post-Snowden context, national security interests are presented in
binary opposition to freedom and privacy consideration, as though there is only a
zero-sum relationship between human rights and national security. In reality, human
rights protection has been an essential pillar of the global security architecture
since the founding of the United Nations immediately after World War II. Recent
failures to adequately protect human rights and adhere to the rule of law in the
digital realm has been deeply undermining of some crucial aspects of long-term
national and global security. One of the most troubling aspects of the mass
surveillance programs disclosed by Edward Snowden was the extent to which digital
security for individual users, for data, and for networks, has been undermined in the
name of protecting of national security. This is both ironic and tragic, given that
digital security is now at the heart of national security whether protecting critical
infrastructure, confidential information, or sensitive data. Practices, such as
surreptitiously tapping into networks, requiring back doors to encrypted services
and weakening global encryption standards will directly undermine national
and global security, as well as human rights. Meanwhile targeted malware and
crafted digital attacks on human rights activists have become the modus operandi
of repressive governments motivated to undermine human rights work. Civil society
actors increasingly face an onslaught of persistent computer espionage attacks
from governments and other political actors like cyber militias, just as businesses
and governments do. So while our notions of privacy are evolving along with social
media and data-capturing technology, we also need to recognize that its not just
privacy that is affected by the digitization of everything. The exercise of all
fundamental freedoms is undermined when governments utilize new capacities that
flow from digitization without regard for human rights. Furthermore, by engaging in
tactics that undermine digital security for individuals, for networks and for data,
governments trigger and further inspire a hackers race to the bottom.
Practices that undermine digital security will be learned and followed by
other governments and non-state actors, and ultimately undermine
security for critical infrastructure, as well as individuals users everywhere.
Strengthening digital security for individual users, for data, for networks, and for
critical infrastructure must be seen as the national and global security priority that it
is. Conclusion We are at a critical moment for protection of human rights in the
digital context. All global players whose actions impact the enjoyment of human
rights, especially governments who claim to be champions of human rights,
must lead in the reaffirmation of the international human rights framework as a
central pillar for security, development and freedom in the 21st century digital
environment.
Internet Good - Key to Global Democracy

Key to liberal democracy worldwide.
Sprigman and Granick, 13,
CHRISTOPHER JON SPRIGMAN is a law professor, and the co-director of the
Engelberg Center on Innovation Law and Policy, at New York University JENNIFER
GRANICK is the director for civil liberties at the Stanford Center for Internet and
Society., "U.S Government Surveillance: Bad for Silicon Valley, Bad for Democracy
Around the World", Atlantic, 6-28-2013,
http://www.theatlantic.com/technology/archive/2013/06/us-governmentsurveillance-bad-for-silicon-valley-bad-for-democracy-around-the-world/277335/,
a shift away from U.S.-based Internet services is a blow to free expression
around the world. We expect U.S.-based Internet companies to resist authoritarian
governments that ask for help squelching political dissent . That resistance is
good for global democracy, and good for the United States . Of course, U.S.
Even worse,
technology companies' response to such demands have not always been exemplary. Rebecca Mackinnon's 2012
Yet, without
question, the role of Internet firms, especially those based in America, is a net plus
for democracy abroad. Having Twitter in the U.S. helped when the U.S. State Department asked it in 2009
book details corporate complicity with repressive regimes' censorship and surveillance.
to delay its regularly scheduled maintenance to ensure activists can communicate during the Iranian elections. It is
much harder to say no to a foreign government when a business has employees and data in that country. In this
way, the EU push for local data storage plays right into what some have called the "cyber sovereignty movement,"
an effort by many nations for more national control over the Internet within their own borders. But unlike current
discussions in Europe, those demands are not motivated by a desire to protect civil liberties. To the contrary,
authoritarian countries want to censor, spy on, and control Internet access within
their own borders. These nations -- Russia, China, the United Arab Emirates, Sudan,
Saudi Arabia, and others -- unsuccessfully pushed for changes to the Internet's
infrastructure at the International Telecommunications Union meeting last December in
Dubai. The growth of cyber-sovereignty would be a serious blow to the
spread of liberal democracy worldwide. The U.S. government's fervor for
Internet surveillance has now provided advocates for such cyber-sovereignty with
new privacy-motivated allies and a great set of talking points. President Obama recently
chided Americans concerned with NSA surveillance for our navete, saying "you can't have 100 percent security and
also then have 100 percent privacy." But this administration's rhetoric is short-sighted and depressing when, in fact,
Given the Internet's role in empowering

democracy activists the world over, the State Department now ranks support for an
open and uncensored Internet as one of it fundamental missions . We think this is
unquestionably correct. But, we can't have secret warrantless mass surveillance -- of
Americans or of foreigners -- and also enjoy Internet-fueled economic, democratic, and
political empowerment. It is time to demand both security and privacy, for everyone
-- Americans and foreigners alike -- before it's too late.
rampant surveillance harms our long-term security.
Human Rights UN Report

Encryption enables freedom of expression
David Kaye, Human Rights Council, 5-22-15, Report of the Special Rapporteur on
Encryption, anonymity and the rights to freedom of opinion and expression and
privacy, A/HRC/29/32
14. The human rights legal framework for encryption and anonymity requires , first,
evaluating the scope of the rights at issue and their application to encryption and
anonymity; and, second, assessing whether, and if so to what extent, restrictions may lawfully be
placed on the use of technologies that promote and protect the rights to privacy
and freedom of opinion and expression. 15.
The rights to privacy and freedom of
opinion and expression have been codified in universal and regional human rights
instruments, interpreted by treaty bodies and regional courts, and evaluated by special
procedures of the Human Rights Council and during universal periodic review. The universal standards for
privacy, opinion and expression are found in the International Covenant on Civil and
Political Rights, to which 168 States are party. Even for those remaining States that are not bound by it, the Covenant presents at the very
least a standard for achievement and often reflects a customary legal norm; those that have signed but not ratified the Covenant are bound to respect its
National legal systems also protect

privacy, opinion and expression , sometimes with constitutional or basic law or
interpretations thereof. Several global civil society projects have also provided compelling
demonstrations of the law that should apply in the context of the digital age, such as the
International Principles on the Application of Human Rights to Communications
Surveillance and the Global Principles on National Security and the Right to
Information. Although specific standards may vary from right to right, or instrument to instrument, a common thread in the
law is that, because the rights to privacy and to freedom of expression are so
foundational to human dignity and democratic governance , limitations must be
narrowly drawn, established by law and applied strictly and only in exceptional circumstances. In a digital age,
protecting such rights demands exceptional vigilance.
object and purpose under article 18 of the Vienna Convention on the Law of Treaties.
Encryption and Anonymity protect opinionsgovernments

digital interference hurts human rights
(David Kaye, Human Rights Council, 5-22-15, Report of the Special Rapporteur on
Right to hold opinions without interference, A/HRC/29/32B.)
19. The first article of the Universal Declaration of Human Rights recognizes that
everyone is endowed with reason and conscience, a principle developed further in
human rights law to include, among other things, the protection of opinion, expression,
belief, and thought. Article 19 (1) of the International Covenant on Civil and Political Rights, also echoing the
Universal Declaration, provides that everyone shall have the right to hold opinions without
interference. Opinion and expression are closely related to one another, as restrictions
on the right to receive information and ideas may interfere with the ability to hold
opinions, and interference with the holding of opinions necessarily restricts the
expression of them. However, human rights law has drawn a conceptual distinction
between the two. During the negotiations on the drafting of the Covenant, the freedom to form an
opinion and to develop this by way of reasoning was held to be absolute and, in
contrast to freedom of expression, not allowed to be restricted by law or other
power. The ability to hold an opinion freely was seen to be a fundamental element of
human dignity and democratic self-governance , a guarantee so critical that the
Covenant would allow no interference, limitation or restriction. Consequently, the permissible

limitations in article 19 (3) expressly apply only to the right to freedom of expression in article 19 (2). Interference
with the right to hold opinions is, by contrast, per se in violation of article 19 (1).
20. Commentators and courts have devoted much less attention to the right to hold opinions than to expression.
Greater attention is warranted, however, as the mechanics of holding opinions have

evolved in the digital age and exposed individuals to significant vulnerabilities.
Individuals regularly hold opinions digitally, saving their views and their search and
browse histories, for instance, on hard drives, in the cloud, and in e-mail archives,
which private and public authorities often retain for lengthy if not indefinite periods .
Civil society organizations likewise prepare and store digitally memoranda, papers and
publications, all of which involve the creation and holding of opinions. In other
words, holding opinions in the digital age is not an abstract concept limited to what
may be in ones mind. And yet, today, holding opinions in digital space is under attack .
Offline, interference with the right to hold an opinion may involve physical harassment, detention
or subtler efforts to punish individuals for their opinion (see CCPR/C/78/D/878/1999, annex, paras. 2.5, 7.2 and 7.3).
include such efforts as targeted surveillance, distributed denial of

service attacks, and online and offline intimidation, criminalization and harassment .
Targeted digital interference harasses individuals and civil society organizations for
the opinions they hold in many formats. Encryption and anonymity enable individuals to
avoid or mitigate such harassment.
Interference may also
The right to hold opinions without interference also includes the right to form
opinions. Surveillance systems, both targeted and mass, may undermine the right to
form an opinion, as the fear of unwilling disclosure of online activity , such as search and
browsing, likely deters individuals from accessing information , particularly where such
surveillance leads to repressive outcomes . For all these reasons, restrictions on encryption
and anonymity must be assessed to determine whether they would amount to an
impermissible interference with the right to hold opinions.
21.
Intentional weakening of encryptionOthers may access

backdoor, lowering security
(David Kaye, Human Rights Council, 5-22-15, Report of the Special Rapporteur on
Intentional weakening of encryption, A/HRC/29/32B.)
42. Some States have implemented or proposed implementing so-called back-door access in
commercially available products, forcing developers to install weaknesses that allow
government authorities access to encrypted communications. Some Governments
have developed or purchased tools to allow such access for domestic surveillance purposes.
Senior officials in the United Kingdom and the United States appear to advocate requiring
back-door access. States supporting such measures often claim that a legal framework
for back-door access is necessary to intercept the content of encrypted communications.
Governments proposing back-door access , however, have not demonstrated that
criminal or terrorist use of encryption serves as an insuperable barrier to law
enforcement objectives. Moreover, based on existing technology, intentional flaws
invariably undermine the security of all users online , since a backdoor, even if intended
solely for government access , can be accessed by unauthorized entities, including other States
or non-State actors. Given its widespread and indiscriminate impact, back-door access would affect, disproportionately, all online
this issue highlights a critical point : requiring encryption back-door

access, even if for legitimate purposes, threatens the privacy necessary to the unencumbered
exercise of the right to freedom of expression . Back-door access has practical
limitations; the exploitation of intentional weaknesses could render encrypted content
users. 43. The debate on
susceptible to attack, even if access is provided with the sole intention of allowing
government or judicial control. Governments certainly face a dilemma when their
obligation to protect freedom of expression is in conflict with their obligations to
prevent violations of the right to life or bodily integrity , which are put at risk by
terrorism and other criminal behaviour. But other recourses are available to States to
request the disclosure of encrypted information, such as through judicial warrants. In such
situations, States must demonstrate that general limitations on the security provided by
encryption would be necessary and proportionate. States must show, publicly and transparently, that other
less intrusive means are unavailable or have failed and that only broadly intrusive measures, such as backdoors, would achieve the
legitimate aim. Regardless, measures that impose generally applicable restrictions on massive numbers of persons, without a caseby-case assessment, would almost certainly fail to satisfy proportionality.
The Internet is essential to the right to expression

Kehl et al 15 (Danielle Kehl, Senior Policy Analyst, Open Technology Institute,
Andi Wilson, Program Associate, Open Technology Institute, Kevin Bankston,
Director, Open Technology Institute, DOOMED TO REPEAT HISTORY? LESSONS FROM
THE CRYPTO WARS OF THE 1990S, June 2015,
https://www.newamerica.org/oti/doomed-to-repeat-history-lessons-from-the-cryptowars-of-the-1990s/)
The end of the Crypto Wars ushered in an age where the security and privacy protections afforded by the use of
strong encryption also help promote free expression .
As the American Civil Liberties Union

recently explained in a submission to the UN Human Rights Council, encryption and
anonymity are the modern safeguards for free expression. Without them, online
communications are effectively unprotected as they traverse the Internet,
vulnerable to interception and review in bulk. Encryption makes mass surveillance
significantly more costly. The human rights benefits of strong encryption have undoubtedly become more
evident since the end of the Crypto Wars. Support for strong encryption has become an integral
part of American foreign policy related to Internet freedom, and since 2010, the U.S.
government has built up a successful policy and programming agenda based on
promoting an open and free Internet .188 These efforts include providing over $120 million in funding
for groups working to advance Internet freedom, much of which specifically funds circumvention tools that rely on
strong encryption which makes Internet censorship significantly harder as part of the underlying
Similarly, a June 2015 report by David Kaye, the UN Special Rapporteur

for Freedom of Expression and Opinion found that, Encryption and anonymity
provide individuals and groups with a zone of privacy online to hold opinions and
exercise freedom of expression without arbitrary and unlawful interference or
attacks.190 The report goes on to urge all states to protect and promote the use of
strong encryption, and not to restrict it in any to engage in a coordinated effort of
public education and targeted lobbying. They also worked closely with members of Congress,
technology.189
building support across the political spectrum through organizations like the non- profit Internet Caucus Advisory
Committee192 and the Americans for Computer Privacy.193 The success of this campaign during the Crypto Wars
has informed a number of subsequent advocacy campaigns, including the Internet blackout and coordinated
protests that stopped the 2012 Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) as well as the monthslong push to get the Federal Communications Commission to adopt strong net neutrality rules after the 2014
Verizon v. FCC court decision. Organizers of both the SOPA/PIPA and net neutrality campaigns employed a number
of similar tactics to convince policymakers to heed their advice, bringing together broad coalitions of stakeholders
from both the public interest and the private sector and emphasizing the technical, legal, and economic impacts of
history has not only validated the substance of the crypto

warriors arguments, but also confirmed the wisdom of their strategy one that
may need to be implemented again as new threats to encryption are on the rise.
Over the past fifteen years, a virtuous cycle between strong encryption, economic
growth, and support for free expression online has evolved . Some experts have dubbed this
the decisions at hand.194 Thus,
phenomenon collateral freedom, which refers to the fact that, When crucial business activity is inseparable from
Internet freedom, the prospects for Internet freedom improve.191
Free expression and support for
human rights have certainly benefited from the rapid expansion of encryption in the
past two decades.
Backdoors Bad Human Rights

Backdoors violate human rights
Peters 5-28 (Sara Peters, UN Report Warns Encryption Backdoors Violate
Human Rights, Dark Reading, 5/28/15, Sara Peters is Senior Editor at Dark Reading
and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior
editor for the Computer Security Institute, writing and speaking about virtualization,
identity management, cybersecurity law, and a myriad of other topics. She authored
the 2009 CSI Computer Crime and Security Survey and founded the CSI Working
Group on Web Security Research Law -- a collaborative project that investigated the
dichotomy between laws regulating software vulnerability disclosure and those
regulating Web vulnerability disclosure,
http://www.darkreading.com/endpoint/privacy/un-report-warns-encryptionbackdoors-violate-human-rights/d/d-id/1320611, 7/23/15 AV)
Encryption is essential to protecting a variety of human rights, and nation-states
should avoid all measures to weaken it, according to a report released today by the
United Nations Human Rights Council. The document, written by UN Special Rapporteur David Kaye,
was based upon questionnaire responses submitted by 16 States, opinions submitted by 30 non-government
According to the report,

encryption and anonymity tools (like VPNs, proxies, and onion routing) are both
necessary to ensuring individuals' privacy, freedom of opinion, freedom of
expression, and freedom to seek, receive, and impart information and ideas. All of
these rights are protected under and described by the UN's International Covenant
on Civil and Political Rights, to which 168 states are party, and the UN Universal
Declaration on Human Rights. Yet, law enforcement and intelligence agencies in a variety of countries,
stakeholders, and statements made at a meeting of experts in Geneva in March.
including the United States, are trying to institute restrictions on encryption, arguing that it jeopardizes their efforts
to protect national security and bring criminals to justice. [Although law enforcement is asking for "indulgence on
the subject of encryption," cloud providers, mobile device manufacturers, and lawmakers aren't ready to oblige. See
According to the UN's report, "States should

avoid all measures that weaken the security that individuals may enjoy online, such
as backdoors, weak encryption standards and key escrows." It even goes so far as to suggest
"Law Enforcement Finding Few Allies on Encryption."]
"States should promote strong encryption and anonymity" [emphasis added]. Some of the reasons it's so important:
The report points out that while freedom of expression gets plenty of attention,
greater attention must be paid to freedom of ideas, because "the mechanics of
holding opinions have evolved in the digital age and exposed individuals to
significant vulnerabilities." Whereas ideas might once have just been stored in one's mind or jotted down
in a bedside diary or private letters, now ideas are scattered around places like browser
histories, e-mail archives, and mandatory surveys on web registration pages. Ideas
thus become concrete, instead of abstract, which changes the scope of surveillance,
criminalization, harassment, and defamation that can happen in relation to opinions.
Encryption and anonymity technology could help individuals protect their rights;
and by proxy, help the nations that are obligated to help them protect those rights.
The International Covenant on Civil and Political Rights not only protects individuals against "arbitrary or unlawful
interference with his or her privacy ... or correspondence" and "unlawful attacks on his or her honour and
reputation," it also states that everyone has the right to the protection of the law against such interference or
attacks. "Such protection must include the right to a remedy for a violation," the report states. "In order for the
right to a remedy to be meaningful, individuals must be given notice of any compromise of their privacy through,
for instance, weakened encryption or compelled disclosure of user data." The report also points out that some
countries base their censorship efforts on keyword searches, and that encryption enables individuals to avoid that
kind of filtering. "The trend lines regarding security and privacy online are deeply worrying," the report says. "States
often fail to provide public justification to support restrictions. Encrypted and anonymous communications may
frustrate law enforcement and counter-terrorism officials, and they complicate surveillance, but State authorities
have not generally identified situations even in general terms, given the potential need for confidentiality
where a restriction has been necessary to achieve a legitimate goal. States downplay the value of traditional nondigital tools in law enforcement and counter-terrorism efforts, including transnational cooperation ... "Efforts to
restrict encryption and anonymity also tend to be quick reactions to terrorism, even when the attackers themselves
are not alleged to have used encryption or anonymity to plan or carry out an attack." The UN Human Rights Council,
in the report, advises against any restrictions on encryption and anonymity technologies, but acknowledges that if
restrictions must happen, they meet several requirements: Any restriction must be "precise, public, transparent and
avoid providing State authorities with unbounded discretion to apply the limitation." Limitations must only be
justified to protect specified interests. States must prove any restriction is "necessary" to achieve and legitimate
objective, and release that restriction as soon as that objective is complete. By "necessary," the report means that
the restriction must be the least intrusive measure available and proportional to the severity of the objective.
Encryption good - Activism

Encryption is key to human rights activism- US backdoors
would make that impossible
Wong 15 (Cynthia M. Wong 15, Wong is a senior Internet researcher at Human
Rights Watch, 7-8-2015, "Why encryption back doors threaten human rights,"
TheHill, http://thehill.com/blogs/congress-blog/technology/247145-why-encryptionback-doors-threaten-human-rights)
In recent years, pro-democracy and pro-human rights protesters from Egypt and Tunisia to Thailand and Hong Kong
have used social media and mobile phones to organize and broadcast their message to fellow citizens and the
Fear of heavy
monitoring and the reprisals that can follow has led human rights activists to adopt
services that support encryption. To them, encryption is a critical security tool to
avoid being identified, arrested, harassed, or worsemerely for criticizing
government policy. The U.S. government supports Internet freedom abroad as a pillar of its human rights
world. But governments are ratcheting up their surveillance capabilities in response.
foreign policy. In recognition of the link between encryption and human rights, Congress has appropriated over $125
million to the State Department and US AID since 2008 to promote Internet freedom, including through programs
But the FBI has embarked on an

aggressive campaign to convince the public that encryption built into our digital
tools should be weakened in the name of countering terrorism. Yet it has failed to
recognize the broad, though unintended, harm such an approach would bring to
human rights activists worldwide. On June 3, Michael Steinbach, assistant director of the FBIs
that develop encryption tools and train activists on how to use them.
counterterrorism division, testified before the House Committee on Homeland Security that technology companies
like Apple and Google should prevent encryption above all else because terrorists are increasingly using the
companies secured tools to shield communications and access to their activity is going dark. Privacy, above all
other things, including safety and freedom from terrorism, is not where we want to go, Steinbach said. FBI Director
James Comey is likely to make the same argument before two hearings at the Senate Judiciary and Intelligence
Governments have a human rights obligation to investigate and

prosecute crime and thwart terrorist attacks. But while strong encryption may limit
some existing surveillance capabilities, these limitations are greatly offset by the
explosion of new kinds of investigatory material enabled by the digital world , including
location information and vast stores of metadata. It is also unlikely that limiting strong encryption in
U.S. products would prevent bad actors from using it. Terrorists could merely shift to foreign
alternatives. Most jarring for human rights groups, however, is that the FBIs going
dark narrative simply ignores the cost of undermining encryption to human rights
activists around the world. For activists, this debate is just as much about their
safety and freedom as about privacy. All Internet users, including those most
vulnerable, rely on the security practices of U.S. tech companies to protect them
from abusive surveillance and cybercriminals. In December 2010, in the midst of the Tunisian
Committees on Wednesday.
uprisings, Facebook, a crucial platform for the activists, began receiving reports that Tunisian Facebook accounts
had been compromised or deleted. Facebook soon discovered that the government had launched a large-scale
attack to steal social media passwords of activists and journalists and access their private communications and
contacts. So Facebook turned to encryption, enabling HTTPS, a secure communication protocol, automatically to
thwart the attack in Tunisia. Facebook now deploys HTTPS automatically for its 1.4 billion users. In 2014, Apple and
Google announced they would go further and begin encrypting data stored on mobile devices used by activists
worldwide, with even the companies unable to decrypt locally stored data. WhatsApp, a group chat application, is
also rolling out end-to-end encryption for its 800 million users. These measures can help protect the safety of
protest organizers in places like Hong Kong, Thailand, and the Middle East, along with millions of other, even if they
The FBI insists that they dont want a back door into secured
services, but rather a requirement that companies design their services so they can
still decrypt data with a lawful court order. But whatever label you use, the nearly
universal view within the digital security community is that there is no technical
solution that would allow the FBI to decrypt all communications, but wouldnt leave
may not realize it.
internet users exposed to actors (government and non-government) that would try
to uncover that vulnerability for malicious purposes. Repressive regimes will exploit
back doors to identify troublemakers and throw them in jail. And if the FBI forces
tech companies to weaken their security, then why wouldnt every other
government demand the same, including those that equate dissent with terrorism .
How comfortable would we be if Russia, China, and Saudi Arabia had back door access to Apple and Google
devices? Indeed, China has already started down this road in a counter-terrorism bill introduced earlier this year
The US government would

lack credibility to criticize these demands on behalf of US industry or on human
rights grounds. Strong encryption is a cornerstone of security in the digital age. It
helps protect vulnerable human rights activists everywhere. Internet back doors
make us all less safe. The FBI and Congress should not ignore these inconvenient
facts, even in the name of fighting terror.
that would require firms to install back doors and disclose encryption keys.
Backdoors create economic and human rights issues
Greene 7-8 (Tim Greene, Mandating backdoors for encrypted communications

is a bad idea, Network World, 7/8/15, Tim Greene is an author for Network World
who keeps an eye on Microsoft. Like a hawk. Screech.
http://www.networkworld.com/article/2945374/security0/mandating-backdoors-forencrypted-communications-is-a-bad-idea.html, 7/14/15 AV)
For a variety of reasons, though, mandating backdoors into encrypted communications is a
bad idea. Its bad for the security of encryption, its bad for businesses and
individuals that legitimately rely on encryption, and its bad for businesses that sell
encryption products. I talked with Paul Kocher, president and chief scientist of Cryptography Research,
about a report issued yesterday by panel of other distinguished cryptographers and privacy experts. The report and
Kochers commentary make good arguments for caution before granting backdoor powers to law enforcement
Backdoors can be called many things, but they

represent a weakness in cryptography. Despite being intentional and meant only for
certain good uses, they are still weaknesses, and weaknesses in security get
exploited by someone eventually. The consequences for businesses are enormous.
Encrypted messages that detail ongoing commerce or transmit intellectual property
would be at greater risk of theft. Stolen trade secrets can mean financial disaster for
victims. If the U.S. were the only country to require backdoors, U.S. manufacturers would be put at a
because the consequences could be devastating.
disadvantage selling anywhere outside the U.S., Kocher says, and asks whether a potential corporate customer in
A law requiring
backdoors for products used in the U.S. and authorizing use of those backdoors
would likely inspire similar laws in other countries , he says. Potential decryption of
private-message content would quickly broaden . Given the international nature of product
Germany want to buy encryption technology that the FBI could defeat. Probably not.
manufacture, distribution, use and movement after sale, a simple email could fall subject to multiple jurisdictions.
Kochers example: A Gmail sent to Japan from France by a laptop bought in Canada and made in China could be
subject to decryption by law enforcement in five different countries. Technical challenges to create products that
meet requirements of multiple laws would be daunting. Legal decryption of communications would force bad actors
to avoid using the technology. They would build their own, backdoor-free technology readily available how-to
resources, Kocher says. That would violate proposed laws, but theyre already engaged in criminal activity so whats
Beyond technical, legal and economic challenges, privacy and human

rights issues also come into play. Just as backdoors are a threat to security itself,
they endanger privacy because those backdoors can be abused. Nations that
disregard human rights could use decryption capabilities to intercept confidential
communications to abuse their citizens. Even in countries with good human rights
records rogues in positions of authority could abuse the right to decrypt.
one more thing?
Encryption debate central to global internet rights and US

security
At a macro level, companies are concerned about the global implications if other
countries seek their own channels to access customers data using the US policy as
a precedent. How the most powerful government in the world decides to proceed on
encryption will have a profound effect not just on development of consumer
technologies but the rights of Internet users in the future, they say. And the
encryption debate comes at a time when the US government and the American tech
sector need each other more than ever as advanced computing and digital security
become increasingly key for the countrys economy and national defense. The
squabble over encryption, however, may end up standing in the way and the
principles each side decides to fight for could set the tone for the future of the
Surveillance Age.
Internet Freedom I/L

Encryption policies undermines US leadership on
Andrea Castillo, 5-20-2015, "Americas schizophrenic anti-encryption
cybersecurity strategy," Medium, https://readplaintext.com/america-sschizophrenic-anti-encryption-cybersecurity-strategy-2d10375a982
Meddling with encryption can also introduce security risks unforeseen by the
wizards that conjured them. The recently-discovered FREAK vulnerability that left millions of users that
browsed supposedly secure websites vulnerable to hacking for over a decade was the fault of a US ban on strong
Tinkering with the actual mechanics of encryption

processes itself will only increase the risks that catatrophic exploitable
vulnerabilities will sneak in undetected. Geopolitically, compelling back doors for US
government access undermines President Obamas tough stance against Chinese
and Russian aspirations for the same powers . Commercially, technology firms still
shaking off the stink of cooperating with NSA surveillance reflexively reject recent
public admonishments to blatantly build direct access to government spies into
their consumer products.
encryption exports in the 1990's.
Encryption key rights - UN

Internet privacy key to freedom of opinion.
David Kaye 15 UN Special Rapporteur on the promotion and protection of the
right to freedom of opinion and expression, clinical professor of law at the University
of California, Irvine, 5-22-15, Report of the Special Rapporteur on the promotion
and protection of the right to freedom of opinion and expression UN Human Rights
Council, Twenty-ninth session https://www.scribd.com/doc/266938105/A-HRC-29-32AEV
11. The Internet has profound value for freedom of opinion and expression, as it
magnifies the voice and multiplies the information within reach of everyone who
has access to it. Within a brief period, it has become the central global public forum. As such, an open
and secure Internet should be counted among the leading prerequisites for the
enjoyment of the freedom of expression today. But it is constantly under threat, a
space not unlike the physical world in which criminal enterprise, targeted repression
and mass data collection also exist. It is thus critical that individuals find ways to
secure themselves online, that Governments provide such safety in law and policy and that corporate
actors design, develop and market secure-by-default products and services. None of these imperatives is new. Early
in the digital age, Governments recognized the essential role played by encryption in securing the global economy,
using or encouraging its use to secure Government-issued identity numbers, credit card and banking information,
Encryption and
anonymity, separately or together, create a zone of privacy to protect opinion and belief .
For instance, they enable private communications and can shield an opinion from
outside scrutiny, particularly important in hostile political, social, religious and legal environments. Where
States impose unlawful censorship through filtering and other technologies, the use of encryption and
anonymity may empower individuals to circumvent barriers and access information
and ideas without the intrusion of authorities. Journalists, researchers, lawyers and civil society rely
business proprietary documents and investigations into online crime itself.4 12.
on encryption and anonymity to shield themselves (and their sources, clients and partners) from surveillance and
The ability to search the web, develop ideas and communicate securely
may be the only way in which many can explore basic aspects of identity, such as
ones gender, religion, ethnicity, national origin or sexuality. Artists rely on encryption and
anonymity to safeguard and protect their right to expression, especially in situations where it is not
only the State creating limitations but also society that does not tolerate
unconventional opinions or expression.
harassment.
Privacy is a gateway for freedom of opinion and expression

worldwide.
David Kaye 15 UN Special Rapporteur on the promotion and protection of the
right to freedom of opinion and expression, clinical professor of law at the University
of California, Irvine, 5-22-15, Report of the Special Rapporteur on the promotion
and protection of the right to freedom of opinion and expression UN Human Rights
Council, Twenty-ninth session https://www.scribd.com/doc/266938105/A-HRC-29-32AEV
A. Privacy as a gateway for freedom of opinion and expression
16. Encryption and anonymity provide individuals and groups with a zone of privacy
online to hold opinions and exercise freedom of expression without arbitrary and
unlawful interference or attacks. The previous mandate holder noted that the rights
to privacy and freedom of expression are interlinked and found that encryption
and anonymity are protected because of the critical role they can play in securing
those rights (A/HRC/23/40 and Corr.1). Echoing article 12 of the Universal
Declaration of Human Rights, article 17 of the International Covenant on Civil and
Political Rights specifically protects the individual against arbitrary or unlawful
interference with his or her privacy, family, home or correspondence and unlawful
attacks on his or her honour and reputation, and provides that everyone has the
right to the protection of the law against such interference or attacks. The General
Assembly, the United Nations High Commissioner for Human Rights and special
procedure mandate holders have recognized that privacy is a gateway to the
enjoyment of other rights, particularly the freedom of opinion and expression (see
General Assembly resolution 68/167, A/HRC/13/37 and Human Rights Council
resolution 20/8).
17. Encryption and anonymity are especially useful for the development and sharing
of opinions, which often occur through online correspondence such as e-mail, text
messaging, and other online interactions. Encryption provides security so that
individuals are able to verify that their communications are received only by their
intended recipients, without interference or alteration, and that the communications
they receive are equally free from intrusion (see A/HRC/23/40 and Corr.1, para. 23).
Given the power of metadata analysis to specify an individuals behaviour, social
relationships, private preferences and identity (see A/HRC/27/37, para. 19),
anonymity may play a critical role in securing correspondence. Besides
correspondence, international and regional mechanisms have interpreted privacy to
involve a range of other circumstances as well.8
18. Individuals and civil society are subjected to interference and attack by State
and non-State actors, against which encryption and anonymity may provide
protection. In article 17 (2) of the International Covenant on Civil and Political
Rights, States are obliged to protect privacy against unlawful and arbitrary
interference and attacks. Under such an affirmative obligation, States should ensure
the existence of domestic legislation that prohibits unlawful and arbitrary
interference and attacks on privacy, whether committed by government or nongovernmental actors. Such protection must include the right to a remedy for a
violation.9 In order for the right to a remedy to be meaningful, individuals must be
given notice of any compromise of their privacy through, for instance, weakened
encryption or compelled disclosure of user data.
Democracy Promotion
Cybersurveillance hurts promotion of democracy.
NaM, 2015
MoiseS , distinguished fellow at the Carnegie Endowment for International Peace,
chief international columnist for El Pas, Spains largest newspaper, 9-11-2001, "Why
Cyber War Is Dangerous for Democracies," Carnegie Endowment for International
Peace, http://carnegieendowment.org/2015/06/25/why-cyber-war-is-dangerous-fordemocracies/ib20
Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But
frankly,
I am far more concerned about the cyber threats to my privacy posed by

Russia, China, and other authoritarian regimes than the surveillance threats from
Washington. You should be too. Around the time that Snowden published his article, hackers broke into the
computer systems of the U.S. Office of Personnel Management and stole information on at least 4 million (and
perhaps far more) federal employees. The files stolen include personal and professional data that government
employees are required to give the agency in order to get security clearances. The main suspect in this and similar
attacks is China, though what affiliation, if any, the hackers had with the Chinese government remains unclear.
According to the Washington Post, China is building massive databases of Americans personal information by
hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal
of espionage: recruiting spies or gaining more information on an adversary. But these attacks are not limited to
Many independent hackers make a

living off their criminal activities on the Internet; extortion, thefts of commercial
secrets and peoples identities, breaches of databases belonging to retailers and
other companies, and the sabotage of critical infrastructure are all proliferating. To
espionage, and there is not always a government behind them.
cite just four recent examples: Hackers have stolen personal information from 83 million JPMorgan Chase accounts,
56 million Home Depot payment cards, 110 million Target customer records, and 80 million accounts belonging to
Anthem, one of Americas largest health-insurance companies. Our information systems are attacked multiple
times a day, every day, the president of one of the worlds largest electricity companies told me. Nowadays, he
added, We spend 10 times more protecting ourselves from cyber attacks than we did three years ago. And despite
Numerous reports indicate that the

frequency of and damage inflicted by cyber attacks is steadily increasing. According to a
that we feel we are always a step behind our attackers.
recent Verizon report on data breaches in the United States, the main victims are the government and the financialservices and information and technology industries, with the healthcare sector, and especially hospitals and health-
And the threat isnt only coming from China

experts emphasize that attacks from Russia are as aggressive, frequent, and
sophisticated. And thanks to Snowden and others, we know that several U.S. government
agencies are also actively engaged in cyber espionage, cyber sabotage, and cyber
attacks. Still, in this respect, the United States and other technologically advanced democracies cant
be placed in the same category as Russia, China, or North Korea . In the U.S. political
system, despite all its imperfections, there is still a strong separation of powers, functioning
checks and balances, an active and independent media, and a legal system designed to ensure
that government officials who break the law are held accountable and dont enjoy the impunity
their colleagues in Moscow and Beijing do. U.S.-based criminal networks dont operate internationally
knowing that they can rely on the protection of friends and accomplices at the highest levels
of government. In other words, while it is important that democracies not spy on
their citizens, it is as important that democracies have ways to defend
themselves and their citizens from the dangerous cyber world that is
emerging. This new world is significantly imbalanced in favor of nondemocratic nationsnot because authoritarian states are more technologically
sophisticated than their democratic counterparts, but because they are more
institutionally flexible, opaque, unaccountable, and often corrupt. Last May, for
insurance companies, also frequent targets.
example, the U.S. Justice Department indicted five Chinese military hackers for computer hacking, economic
espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products
industries. The U.S. military is also active in cyberspace and surely trying to breach the cyber defenses of other
governments. But in contrast to their rivals in China or Russia, U.S. companies cannot rely on their nations spy
agencies to steal the commercial secrets of foreign competitors. The 9/11 attacks popularized a concept that until
then was mostly found in reports by war planners or in academic texts on geopolitics: asymmetric warfare. Its the
kind of conflict in which one side has far less power and resources than the other, but still manages to score
important victories and may even win the war. Al-Qaeda was far weaker than the United States, but by using
disruptive tactics and unconventional tools (suicide bombers, box cutters, and jetliners) succeeded in inflicting
The increasingly fierce barrage of cyber attacks

originating from non-democracies against the governments of democratic nations
and their private firms, scientific centers, foundations, and civil-society organizations is a
new form of asymmetry for which democratic countries lack effective
answers. Its yet another sign of this imbalance that Russia and China do not have their own Snowden.
great damage on its enemy.
Free Expression
Backdoors undermine freedom of expression the plan solves.
Bankston,2015
It would threaten First Amendment rights here and free expression around the
world. Repeated court challenges to export controls on encryption during the Crypto Wars illustrate how any
7.
attempt by the government to limit the distribution of encryption software code, which is itself speech, would raise
serious First Amendment concerns. As one federal district court held when considering a First Amendment challenge
to 90s-era encryption export controls, This court can find no meaningful difference between computer language
and German or French. All participate in a complex system of understood meanings within specific communities {in
this case, that of programmers and mathematicians}.... Contrary to defendants' suggestion, the functionality of
language does not make it any less like speech.... Instructions, do-it-yourself manuals, recipes, even technical
information about hydrogen bomb construction, are often purely functional; they are also speech.57 The Ninth
Circuit Court of Appeals agreed, holding that the challenged encryption export regulations constituted a prior
restraint on speech that offends the First Amendment. 58 Therefore ,
not only would attempting to

police the distribution of strong encryption code inside the United States require an
endless and ineffective game of Internet whack-a-mole as old and new encryption code
proliferated across cyberspace, but the extensive censorship that would be necessary to
fight that losing battle would also likely violate the freedom of speech. Similarly, a legal
regime that forced individuals to cede their private encryption keys to the government or to their communications
providers for law enforcement purposes would also raise novel issues of compelled speech under the First
the free speech impact of a mandate against unbreakable

encryption and in favor of backdoors for government would reach far beyond just
the communication of encryption code, and chill a wide variety of online expression.
When individuals believe that they may be under surveillance, there is a chilling
effect that can curb free speech and the free flow of information online .59 If individuals
Amendment. However,
must assume that their online communications are not secure but may instead be acquired by the U.S. government
or by anyone else who might exploit an encryption backdoor, they will be much less willing to communicate freely.
encouraging the availability of strong encryption free of surveillance

backdoors can enable free expression both in the United States and around the
world, 60 including by stymieing the censorship and surveillance efforts of
governments with less respect for human rights than our own.
By contrast,
Ecryption key to Internet Freedom

Bankston,2015
https://static.newamerica.org/attachments/2982-at-crypto-hearing-best-arguments-
against-backdoor-mandates-come-from-members-of-congressthemselves/Bankston_Written_Testimony.5876d326c5fc4e0cbd17b59e8d53384f.pdf
It would encourage countries with poor human rights records to demand backdoor
access of their own. The governments of countries like China, India, and the United
Arab Emirates have proposed a variety of measures that would require companies to
implement key escrow systems or other forms of backdoors or stop doing business in those
countries, proposals that the United States government has criticized . Yet how can
the United States credibly criticize, for example, the Chinese government for proposing
an anti-terrorism bill that would require U.S. companies to hand over their
encryption keys, if we impose a similar requirement here at home? And how are U.S.
8.
companies to argue that they cannot implement such requirements and hand over the keys to foreign governments
even those with a history of human rights abusesif they have already had to do so for the U.S. government? As
multinational
companies will not be able to refuse foreign governments that demand [the same]
access. Governments could threaten financial sanctions, asset seizures, imprisonment of employees and
Marc Zwillinger has pointed out, if the U.S. mandates backdoor access to encrypted data,
prohibition against a companys services in their countries. Consider China, where U.S. companies must comply
with government demands in order to do business.
Such a result would be particularly ironic

considering the U.S.s foreign policy goal of promoting Internet Freedom worldwide
and in China especially, including the promotion of encryptionbased tools to protect
privacy and evade censorship. Internet Freedom begins at home, and a failure
by the United States to protect Americans ability to encrypt their data
will undermine the right to encrypt and therefore human rights around the
world. The U.S. government supports the use of strong encryption abroad as part of
our foreign policy objectives, and it should support the same for Americans here in
the United States. This is especially true considering that
Totalitarianism
Totalitarianism
Assange, 2012
the Internet. Singapore Books, 2012.
JULIAN: But it just happens to be a fact about reality, such as that you can build atomic bombs, that there are math
problems that you can create that even the strongest state cannot break. I think that was tremendously appealing
to Californian libertarians and others who believed in this sort of democracy locked and loaded idea, because here
was a very intellectual way of doing itof a couple of individuals with cryptography standing up to the full might of
So there is a property of the universe that is on the side of

privacy, because some encryption algorithms are impossible for any government to
break, ever. There are others that we know are extremely hard for even the NSA to
break. We know that because they recommend those algorithms be used by US military contractors for the
the strongest power in the world.
protection of top secret US military communications, and if there was some kind of back-door in them soon enough
the Russians or the Chinese would find it, with severe consequences for whoever made the decision to recommend
an insecure cipher. So the ciphers are fairly good now, were pretty confident in them. Unfortunately you cant be
But that doesnt lead to

bulk interception; it leads to the targeting of particular peoples computers. Unless
confident at all in the machine that youre running them on, so thats a problem.
youre a security expert its very hard to actually secure a computer. But cryptography can solve the bulk
interception problem, and its the bulk interception problem which is a threat to global civilization. Individual
targeting is not the threat. Nevertheless, I have a view that we are dealing with really tremendously big economic
and the likely outcome is that the natural efficiencies of

surveillance technologies compared to the number of human beings will mean that
slowly we will end up in a global totalitarian surveillance societyby totalitarian I
mean a total surveillanceand that perhaps there will just be the last free living
people, those who understand how to use this cryptography to defend against this
complete, total surveillance, and some people who are completely off-grid , neo-Luddites
and political forces, as Jeremie said,
that have gone into the cave, or traditional tribes-people who have none of the efficiencies of a modern economy
so their ability to act is very small. Of course anyone can stay off the internet,
but then its hard for them to have any influence . They select themselves out of being influential
by doing that. Its the same with mobile phones; you can choose not to have a mobile
phone but you reduce your influence. Its not a way forward.
and
Hacktivism good
Invasion of internet freedoms impairs hacktivist groups which
are key to tackling oppressive regimes.
Jornod 14
Rodhlann Jornod is now focusing on studying practical philosophy. He is a PhD

candidate at the Institute of Criminology in Paris, and is currently writing his
dissertation, addressing the structures of morality related to the phenomenon of
criminal justice. His interest for new technologies also led him to study the impact of
sciences on notions of practical philosophy, such as moral and politics., 1-16-2014,
"From Hacking to Freedom Fighting," My Science Work,
https://www.mysciencework.com/news/11082/from-hacking-to-freedom-fighting
Hackers distrust of power probably originates in the culture that has fired up their imagination. The cyberpunk
movement described a near reality where technology and its social implications reduced the future to a dystopia. In
this artistic genre, which influenced the hacker culture, there was the intuition that technological knowledge held a
fundamental place in the control of political power. The one who knows becomes a threat to the established
omens of governmental
behavior oscillating between incapacity to react and brutal repression, take shape in
the Hacktivismo Declaration. This group is an offshoot of the organization Cult of the Dead Cow,
which bases its hacktivism on the observation of a governmental attitude that is
hostile toward freedom on the web. The group states that it defends rights
mentioned in the Universal Declaration of Human Rights and applied to the internet,
like the right to information and to freedom of opinion and expression. This will to
act forces states to face their own commitments and their relative incapacity to
respect them. The values defended by hacktivist movements are actually more or less the same from one
group to another. The defense of personal freedom characterizes these individuals motivation. As they realize
the potential of their knowledge, they refuse to remain idle before the inertia of the
State. The Germans from the Chaos Computer Club promote freedom of
information, transparency in governments, and communication as a human right.
Telecomix distinguished itself by protecting freedom of expression throughout the
Arab Spring. In particular, it made it possible to preserve the digital imprint of these
revolutions. The Internet can no longer be considered , in an oversimplified way, as just
another place, as an emerging heterotopia, isolated from the rest of the world. It should be
perceived as a continuation of reality, where all extend their identity and have the
right to the same protection of their freedom. The hacktivists computer knowledge
enables them to control the network of a whole country (as with the hijacking of the
entire Syrian network by Telecomix in September 2011, in order to show the Syrians
how to bypass censorship). This knowledge applied to defending common values gives them a
new potentiality of political action. Voices are raised in unity against censorship and
oppression, ready to defy any kind of tyranny and fight for the freedom of each and
every person. The Internet, a potential place of repression, becomes a battlefield for the
defenders of freedom. This possible threat gives power to the crypto-anarchist
movement. Beyond rejecting the governmental entity, it calls for the use of
cryptography to make individuals knowledge inaccessible and stop feeding the power of a
minority. Crypto-anarchism calls for even stronger anonymity on the web, in order to
protect private life. Beyond the questionable promotion of an almost complete anonymity on the internet
network if the latter is considered as a continuation of reality the tools developed and used by the
movement (like GNU privacy guard, which ensures the confidentiality of communications) were
particularly relevant in the conflicts of the Arab Spring. The use of cryptography
allows some revolutionaries to escape the heavy-handed repression of their
authorities, who attempt to control or even crush the hackers free thought. These
governments and to share with the world the abuses suffered. The relevance of these
coded communications made it possible to mobilize international opinion and
organize resistance, like in Egypt or Syria, where the governments, no longer aware of their
citizens activities, could not accurately target their actions anymore and stop them from
happening. The promotion of cryptography and anonymity has a very particular application in the Anonymous
movement*. The political action of Anonymous takes a different form , as it is no longer possible to
discern with accuracy a groups way of thinking or outer limit. Anonymous is everyone, and everyone
is Anonymous. The authorities, flustered by this structure or lack thereof uselessly attempt to
annihilate a so-called destabilizing and threatening group . Bewildered governments flail about
in vain, as the contemptuous lulz of Anonymous rain down upon them. Anonymous is no hacktivist
group. Anonymous is a hacktivist consciousness. Across ideologies and frontiers,
Anonymous echoes the nebulous fury of individuals who refuse to be told what to do
by a self-interested elite, to acknowledge the impunity of the state or to suffer
infringements of their liberty, and who claim: We know, therefore we can. We can,
therefore we know. Fear us! Foucaults hypothesis of the panopticon (see our previous
article on hacktivism) seems to have been reversed.
Internet Key Human Rights

Internet innovation is key to human rights
Center for Democracy and Technology, 2011
Jumpstarting a Human Rights Jurisprudence for the Internet, JUNE 03, 2011,
https://cdt.org/blog/jumpstarting-a-human-rights-jurisprudence-for-the-internet/
Today, the UN Special Rapporteur on freedom of opinion and expression Frank La Rue presented his
report on freedom of expression and the Internet to the Human Rights Council in
Geneva (see CDTs official statement on the report). The report declares that the Internet is one
of the most powerful instruments of the 21st century for increasing transparency in
the conduct of the powerful, access to information and for facilitating active citizen
participation in building democratic societies, in part due to its unique architectural
characteristics. The report also reaffirms the full applicability of Article 19 of the Universal Declaration of Human
Rights and the ICCPR to the Internet, a technology that has become increasingly essential to many aspects of daily
significant contribution towards the development

of a progressive human rights jurisprudence for the Internet . In preparation for his report, the
life. We welcome the Rapporteurs report as a
Rapporteur held five regional consultations with Internet experts, human rights defenders, and new media
journalists to better understand their experiences and priorities in different countries. I had the pleasure and
privilege of attending these consultations and hearing firsthand the challenges faced by Internet activists and
Old-fashioned techniques of
violence and intimidation of Internet writers, expanded criminalization of expression
(often aggravated by the Internets borderless nature), and increasing Internet
filtering continue to present barriers to expression . But participants also expressed how
intermediary liability laws, cyberattacks, unreasonable surveillance, and inadequate
data privacy protections both in law and in practice among online service
providers create very real chilling effects on expression and association. Participants
human rights defenders using networked technologies in their daily work:
also wanted to know whether and how companies who provide the platforms for their activism will respond to
government demands to censor expression or violate individual privacy. And of course ,
meaningful access
to ICTs remains a serious barrier to billions. But many open questions remain about how to apply
and interpret existing human rights norms in light of these new challenges. The Rapporteurs report documents
these trends, situates them within existing human rights jurisprudence, and makes a number of recommendations
calls for greater transparency around

governmental filtering practices to ensure such measures are truly necessary and
proportional for achieving a legitimate governmental aim; calls for the
decriminalization of defamation; warns against delegating enforcement of laws to
Internet intermediaries; underscores that ICT companies themselves have a
responsibility to respect human rights; calls on states to repeal IP enforcement laws
that permit disconnection of users Internet access; notes that states have a
positive obligation to protect individuals against interference with the right to
freedom of expression by third parties, such as through cyberattack; underscores
states obligations to adopt effective data protection laws and to ensure any state
restriction on privacy (as with surveillance) respect the principles of necessity and
proportionality; and calls on states to ensure anonymous expression and refrain
from adopting real-name registration requirements. As an American abroad at these
to states and the private sector. For example, the Rapporteur:
consultations, I was also the focus of many questions at the consultations about how western democratic nations
are beginning to regulate the Internet. Will the US enforce meaningful rules to promote Internet neutrality? Will the
US expand CALEA-like technology mandates to enable surveillance of new kinds of online communications tools?
And will other countries follow Frances lead in enacting graduated response laws that could lead to disconnection
of Internet access for copyright violations? Even in regions where Internet penetration rates are at their lowest,
advocates were worried about what kind of Internet they would have access to once the infrastructure was in place,
Governments, civil society, and industry all

have a role to play in building on the Special Rapporteurs work moving forward.
given regulatory precedents set in the democratic west.
The Rapporteurs observations and recommendations provide a source of norms for

use in national and international advocacy, strengthened by the global outreach and
broad input that fed into the report itself . The report is also a source of interpretive guidance for
states seeking to cure legitimate social ills and address complex policy challenges in ways that are consistent with
their human rights obligations. And Internet rights advocates based in the democratic west have a critical role to
play in ensuring that Internet freedom begins at home as our own governments debate key issues of Internet policy.
The Special Rapporteurs report is merely a starting point for a larger conversation, and a welcome one. As the
Rapporteur affirms, [b]y acting as a catalyst for individuals to exercise their right to freedom of opinion and
To ensure the
broadest extension of human rights protections, stakeholders must continue to put
forth progressive interpretations of human rights norms for the digital age.
expression, the Internet also facilitates the realization of a range of other human rights.
Human Rights = Risk Multiplier

Human rights are a risk multiplier.
Thoms and Ron 07 (Oskar N.T. Thoms, M.A. in Sociology at McGill University
and Research Associate in McGill Universitys Research Group in Conflict and Human
Rights, James Ron, Associate Professor at Carleton Universitys Norman Paterson
School of International Affairs, published in HUMAN RIGHTS QUARTERLY in 2007,
https://www.princeton.edu/~othoms/files/HRQ2007.pdf)
Violent conflict is a complex phenomenon caused by multiple context-specific
political factors. Human rights analysis does not reveal all conflict risk factors, but
some human rights violations are contributing factors. This articles review of the literature
suggests that while human rights violations are associated with internal conflict , their precise
causal links are unclear. Importantly, violations of civil and political rights are more obviously
linked to conflict than abuses of economic and social rights. Discrimination and violations of
social and economic rights function as underlying causes, creating the grievances
and group identities that may, in some circumstances, contribute to violence.
Violations of civil and political rights, by contrast, are more clearly identifiable as
direct conflict triggers. When populations are unsettled by long-standing inequalities
in access to basic needs and political participation, government repression may
push some opposition groups over the brink . In examining the role of economic and social rights
violations, this article distinguishes between absolute and relative poverty, otherwise known as inequality. These
are different phenomena, and it is the latter that appears to present the greater conflict risk. Low GDP per capita,
which confounds the two poverty types, is associated with conflict, but this is not an adequate measure of respect
for human rights. The causal mechanism linking national poverty to conflict, moreover, is unclear. Poverty is a
human rights violation when it undermines subsistence and well-being, but it does not, in and of itself,
demonstrably lead to conflict. It is usually not the poorest of the poor who organize armed opposition. This finding is
qualified by noting that research on violations of economic and social rights is underdeveloped, and that the link to
Inequality is only a human rights violation when

caused or reinforced by state discrimination, and it seems to be somehow
associated with conflict emergence. The precise causal relationship and relevant inequality types
internal conflict is still poorly understood.
remain unclear, however, in part because the available inequality and discrimination data are insufficient for
reliable cross-national analysis. Abuses of personal integrity rights are closely associated with conflict escalation.
The causal link between repression and conflict seems strong, although other political
factors are crucial. Denial of political participation rights is a conflict risk factor insofar
that established democracies experience less conflict , but it is unclear whether the causal link
between intermediate regimes and conflict is repression, or instability, or something else. The association between
democracy and domestic peace does not mean, however, that democratization necessarily reduces conflict, since
regime transition is also a major risk factor. Indeed, stable autocracies experience less political violence on average
than democratizing countries. Possible remedies for these risk factors are complicated, since some remedial
discrimination and group rights can, under certain circumstances, avert conflict. Democratization, moreover, may
do more harm than good. Even efforts to restrain the states appetite for repression can backfire and contribute to
conflict, by creating intermediately repressive regimes that are too harsh to accommodate dissent, but insufficiently
Nonetheless, rights-based approaches to conflict reduction

and prevention would be well advised to consider nuanced, context-specific efforts
to reduce discrimination, and to be careful not to contribute to existing inequalities ; improve access
to political participation; and weaken the states appetite for repression through
well-designed security sector reform, effective national human rights commissions,
and other violence-monitoring efforts. More broadly, external actors should pursue democracybrutal to stamp out all opposition.
building efforts cautiously and in conjunction with efforts to reduce the political uncertainties associated with
regime transition. Finally, it is clear that more research and data development is needed to answer the questions
posed in this article. Review of the literature suggests that systematic research is required on the conflict
implications of inequality, discrimination, and violations of economic and social rights. Importantly, researchers
urgently need better comparative indicators of economic and social rights, and state discrimination. More research
is needed on the human rights and conflict implications of regime transition, state-building, and governance reform.
Human Rights Violations Conflict

Human Rights Violations causes intractable conflict
Maiese 3 (Michelle Maiese, Human Rights Violations Human Rights Violations
and Intractable Conflict, Beyond Intractability, July 2003, Michelle Maiese is a
graduate student of Philosophy at the University of Colorado, Boulder and is a part
of the research staff at the Conflict Research Consortium,
http://www.beyondintractability.org/essay/human-rights-violations, 7/23/15 AV)
Many have noted the strong interdependence between human rights violations and
intractable conflict. Abuse of human rights often leads to conflict, and conflict
typically results in human rights violations. It is not surprising, then, that human
rights abuses are often at the center of wars and that protection of human rights is
central to conflict resolution.[20] Violations of political and economic rights are the root causes of many
crises. When rights to adequate food, housing, employment, and cultural life are denied, and large groups of people
are excluded from the society's decision-making processes, there is likely to be great social unrest. Such
conditions often give rise to justice conflicts, in which parties demand that their
basic needs be met. Indeed, many conflicts are sparked or spread by violations of human rights. For
example, massacres or torture may inflame hatred and strengthen an adversary's determination to continue
Violations may also lead to further violence from the other side and can
contribute to a conflicts spiraling out of control. On the flip side, armed conflict often
leads to the breakdown of infrastructure and civic institutions, which in turn
undermines a broad range of rights. When hospitals and schools are closed, rights to adequate health
fighting.
and education are threatened. The collapse of economic infrastructure often results in pollution, food shortages,
various forms of economic breakdown and oppression violate

rights to self-determination and often contribute to further human tragedy in the
form of sickness, starvation, and lack of basic shelter. The breakdown of government
and overall poverty.[21] These
institutions results in denials of civil rights, including the rights to privacy, fair trial, and freedom of movement. In
many cases, the government is increasingly militarized, and police and judicial systems are corrupted. Abductions,
In cases
where extreme violations of human rights have occurred, reconciliation and
peacebuilding become much more difficult. Unresolved human rights issues can
serve as obstacles to peace negotiations.[ 22] This is because it is difficult for parties to move
arbitrary arrests, detentions without trial, political executions, assassinations, and torture often follow.
toward conflict transformation and forgiveness when memories of severe violence and atrocity are still primary in
their minds.
Internet Freedom Iran Scenario

Lack of secure encryption undermines human rights activists in
Iran.
Patrick Tucker, technology editor for Defense One, 7-9-2015, "The Best Way To
Stick It To Dictators, Help Dissidents, and Boost Privacy," Defense One,
http://www.defenseone.com/technology/2015/07/best-way-to-stick-it-to-dictatorshelp-dissidents-boost-privacy/117418/
End-to-end user encryption makes it much harder for the FBI or the NSA to intercept
users communications as they pass through the communication provider or device manufacturer,
forcing would-be eavesdroppers to bug individual devices of targeted users. Other
encryption tools, such as TOR, mask individual IP addresses, helping users to communicate anonymously on the
If Comey is able to convince lawmakers to force Google and Apple to give the
FBI backdoors into their encryption tools, people working against governments in
places like Iran could face arrest or worse. FBI backdoor in encryption used in many
essential online services available to Iranians, such as Gmail, could provide reason
to censor such services in favor of Iranian alternatives, which would offer far less
protection of user privacy and security, Fereidoon Bashar, an Iranian expatriate and
Web.
one of the directors of the site ASL19 told Defense One in an email. ASL19 is a technology lab that provides
Ali Bangi, another co-director of

ASL19, put it this way: Iranian human rights workers and critics of the nondemocratic
regime depend on secure communications tools ones that havent been
compromised by backdoors to communicate with their allies in the West.
Ordinary Iranian internet users, activists, and human rights advocates will not trust
encryption that is compromised by the FBI, Bangi told Defense One via email.
Government surveillance or backdoor access will lead to self-censorship and also
puts people at risk of arrest and detention.
technical support to Iranians looking to get around government censorship.
Internet Freedom is key to protect Human Rights in Iran.

Takeyh 14 ( Ray Takeyh, Senior Fellow for Middle Eastern Studies, Council on
Foreign Relations, February 2014, How to Promote Human Rights in Iran,

http://www.cfr.org/iran/promote-human-rights-iran/p32371)
The Islamic Republic arbitrarily bars candidates from participating in both
parliamentary and presidential elections. In the recent presidential race, the
Guardian Council screened 680 candidates, barring all but eight. The government
continues to arrest civil rights activists, journalists, members of labor unions and
student organizations, and lawyers defending dissidents. Iran ranks second only to
China in number of executions and it leads the world in the execution of minors.
Gender discrimination continues to deny women educational and professional
opportunities while public events such as sports matches remain segregated. The
Islamic Republic also denies freedom of worship to important religious minorities,
particularly the Baha'is, who are the largest non-Muslim population in Iran. Iranians
of Baha'i faith are discriminated against in the job market, often have their
businesses shuttered, and are prevented from joining critical professions such as
the armed forces. Beyond religious persecution, Iran censors information by closing
down newspapers, jamming satellite transmissions, and blocking Internet traffic.
Iranian authorities recently announced their determination to launch their own

Internet service that would "protect citizens from subversive messages."
Iran Internet Freedom Good

Lack of secure encryption undermines human rights activists in
Iran.
Patrick Tucker, technology editor for Defense One, 7-9-2015, "The Best Way To
Stick It To Dictators, Help Dissidents, and Boost Privacy," Defense One,
http://www.defenseone.com/technology/2015/07/best-way-to-stick-it-to-dictatorshelp-dissidents-boost-privacy/117418/
End-to-end user encryption makes it much harder for the FBI or the NSA to intercept
users communications as they pass through the communication provider or device manufacturer,
forcing would-be eavesdroppers to bug individual devices of targeted users. Other
encryption tools, such as TOR, mask individual IP addresses, helping users to communicate anonymously on the
If Comey is able to convince lawmakers to force Google and Apple to give the
FBI backdoors into their encryption tools, people working against governments in
places like Iran could face arrest or worse. FBI backdoor in encryption used in many
essential online services available to Iranians, such as Gmail, could provide reason
to censor such services in favor of Iranian alternatives, which would offer far less
protection of user privacy and security, Fereidoon Bashar, an Iranian expatriate and
Web.
one of the directors of the site ASL19 told Defense One in an email. ASL19 is a technology lab that provides
Ali Bangi, another co-director of

ASL19, put it this way: Iranian human rights workers and critics of the nondemocratic
regime depend on secure communications tools ones that havent been
compromised by backdoors to communicate with their allies in the West.
Ordinary Iranian internet users, activists, and human rights advocates will not trust
encryption that is compromised by the FBI, Bangi told Defense One via email.
Government surveillance or backdoor access will lead to self-censorship and also
puts people at risk of arrest and detention.
technical support to Iranians looking to get around government censorship.
The internet is key to fighting hardliners in Iran.

International Campaign for Human Rights in Iran, 2014
International Campaign for Human Rights in Iran is an independent, nonpartisan,

nonproft organization dedicated to the protection and promotion of human rights in
Iran. Internet in Chains The Frontline of State Repression in Iran November 2014
http://www.iranhumanrights.org/wp-content/uploads/Internet_report-En.pdf
The Internet in Iran has increasingly become one of the central battlegrounds in the
struggle between the state and its continued ability to control information and expression inside the
country, and the citizenry, who desire free expression and engagement with the modern world. The
stakes are high. For the government, or, more accurately, the hardliners who control key
centers of power in the country such as the judicial, intelligence, and security services, restricting
the population to its own world view is seen as an existential issue ; loss of control
over the narrative risks loss of their political power. For the citizenry, who resoundingly
demonstrated their desire for greater rights and freedom with their election of the centrist president Hassan
unrestricted access to the Internet is a requirement for modern

literacy and relevance. Each side in this struggle is strong. Iran is one of the most censored
countries in the world. The government already controls all print and broadcast media, and, given the
Rouhani in June 2013,
centrality of digital communication, has increasingly focused its attention on controlling online content as well. It
blocks millions of websites, monitors and hacks into private citizens online communications, is intensifying its
development of the countrys National Intranet and other tools that will give the authorities control over Internet
access inside Iran, criminalizes the use of social media, and targets IT and social media professionals for
It is considered second only to China in the sophistication of its Internet

fltering and monitoring technologies. It is also ruthless in the persecution of those it
feels have crossed red lines; it routinely arrests and detains individuals for online
activities, and the murder, under torture by cyber police interrogators , of the blogger
prosecution.
Sattar Beheshti within a few days of his detainment in November 2012, refects the perceived stakes in this
battle.21
Iran human rights violations now

Fixing Iranian human rights violations vital
Middle East Eye 2015, UN report details Iran human rights violations,
http://www.middleeasteye.net/news/un-report-details-iran-human-rights-violations371912292#sthash.eals0hxY.dpuf, Wednesday 4 March 2015
The United Nations is "deeply troubled" by the continuing large number of
executions in Iran, including of political prisoners and juveniles, according to the
annual report of the international body on Tehran's human rights record. At least
500 people were executed in Iran between January and November 2014 , according to the
report from the office of Secretary-General Ban Ki-moon to the UN Human Rights Council. Some suspects were
allegedly tortured and had no access to lawyers as they faced the death penalty for crimes such as "corruption on
The report also noted "high incidence" of public executions,

the majority of which were "reportedly attended by a large crowd, including
minors." Iran was reminded of its obligation under international human rights law, which prohibits the execution
earth" and "enmity against God".
of juvenile offenders. "At least 160 juvenile offenders were reportedly on death row as at December 2014," while
eight individuals "below the age of 18 at the time of their offence were reportedly executed in 2014." The UN report
noted that "in the majority of cases that involve capital punishment, due process guarantees were often violated in
proceedings that fell short of international fair trial standards," while expressing concern "about a number of death
child marriage "remains prevalent"

in the country, where the "legal age of marriage for girls is only 13, and some as
young as nine years of age may be married with the permission of the court ." "In 2011,
penalty cases with a political dimension." According to the report,
about 48,580 girls between the age of 10 and 14 were married; and in 2012, there were at least 1,537 girls under
the age of 10 who were reportedly married." The report also drew attention to the plight of women in Iran, where
66 per cent of whom "had reportedly experienced domestic violence. " "According to
article 1117 of the Civil Code, a husband may prevent his wife from occupations or technical work deemed
incompatible with family interests or his own dignity or that of his wife. The law may even prevent women from
Iran was also criticised for its gender-discriminatory nationality

laws, where "Iranian women who marry men from Iraq or Afghanistan are unable to
pass on their Iranian nationality to their children, who thereby risk becoming
stateless." The report also noted that women who appear without hijab risk arrest and imprisonment of between
pursuing artistic activities."
10 days and two months, or a fine. "Approximately 30,000 women were reportedly arrested between 2003 and
2013, with many others subjected to expulsion from university or banned from entering public spaces, such as
The UN report decried Tehran's blocking of

some five million websites, amid "ongoing monitoring, filtering and blocking of
websites that carry political news and analysis raise great concern." "Individuals
who have expressed their views on social media or appeared in videos have been
targeted and prosecuted," amid the "continued crackdown on media professionals,
the pervasive restrictions on freedom of opinion and expression, including the
closure of newspapers and magazines." Iranian security forces were criticised for reportedly beating
parks, cinemas, sport facilities, airports and beaches."
protestors who had gathered in front of parliament on October 2014 to denounce recent acid attacks against
women for allegedly wearing improper hijab. "Journalists and activists were detained, including members of the Iran
Human rights
campaigners were also reportedly being targeted by the Iranian authorities, as the
report noted a "shrinking space for human rights defenders, who continue to risk
harassment, intimidation, arrest and prosecution for defending rights and speaking
up against violations and abuse." Some of them were sentenced to prison terms ranging from six
Student News Agency, who were reportedly interviewing victims and photographing the protest."
months to more than 20 years, while "one individual was sentenced to 50 lashes, and another to death. Many of the
trials had been marred by procedural irregularities, including deprivation of legal representation and exclusion from
attending ones own sentencing." The UN expressed concern at reports about the situation of religious and ethnic
minorities in Iran. "Members
of ethnic and religious minority groups continue to face

persecution, including arrest and imprisonment, the denial of economic
opportunities, expulsion from educational institutions, deprivation of the right to

work, and closure of businesses and the destruction of religious sites, such as
cemeteries and prayer centres. Individuals seeking greater recognition for their
cultural and linguistic rights risk facing harsh penalties, including capital
punishment."
Internet Freedom Good Syria

Internet Freedom key to Syrian activist movement
ZACK WHITTAKER, 2013 Syrian Rebels Fight with Weapons and Words,
http://www.cbsnews.com/news/syrias-rebels-fight-with-weapons-and-words/, CBS
NEWS December 13, 2013, 8:00 AM
The Syrian civil war is being fought not just on the countrys streets, where any
square block can become a battlefield, but also on websites and social networks
where the opposing sides are waging a war of words. As the bullets and mortars fly, this parallel
battle seeks to harness the sometimes-decisive power of propaganda. For many opposition groups in
Syria, getting their side of the story out to the wider world has been a key objective
in their mission to oust the oppressive regime of President Bashar al Assad. And while
Western nations have refused to put boots on the ground, and been extremely reluctant to provide assistance to the
Western technology is playing a vital role in helping Syrian fighters and

activists on the ground share news and intelligence inside the country and abroad.
rebels,
The technology has also been used -- by both sides in the war -- as a modern means of disseminating old-fashioned
The message, often in the form of video, can be manipulated to elicit

support from foreign, sympathetic viewers. Social networks like Facebook, Twitter
and YouTube have been vital tools for those in Syria who want to communicate
beyond their borders. Without many of the apps and services that Westerners often
take for granted, from social networking to video-sharing sites, the opposition would
have struggled even more in its fight against the regime. This technology has
enabled Syrians to bring worldwide attention to atrocities that occur with disturbing
regularity. But Internet connectivity in Syria is often stymied by government-controlled blocks and filters,
propaganda.
problems further compounded by power cuts and poor infrastructure.
CyberWar
Cyber War
Cyberwar goes global.
Gerwitz 2015
David Gerwitz CBS Interactives Distinguished Lecturer, U.S. policy advisor, and
computer scientist Instructional faculty at the University of California, Berkeley , 622-2015, "Why the next World War will be a cyberwar first, and a shooting war
second," ZDNet, http://www.zdnet.com/article/the-next-world-war-will-be-acyberwar-first-and-a-shooting-war-a-distant-second/?
utm_content=buffer1ac68&utm_medium=social&utm_source=twitter.com
&utm_campaign=buffer
Everything we do revolves around the Internet. Older technologies are finding themselves
eclipsed by their Internet-based substitute solutions. Even technologies historically unrelated to networking (like
medical instruments) are finding themselves part of the Internet, whether as a way to simply update firmware, or
using the network to keep track of telemetry and develop advanced analytics. Whether we're talking about social
networking, financial systems, communications systems, journalism, data storage, industrial control, or even
That makes the world a very, very dangerous

place. Historically, wars are fought over territory or ideology, treasure or tradition, access or
government security -- it is all part of the Internet.
anger. When a war begins, the initial aggressor wants something, whether to own a critical path to the sea or
strategic oil fields, or "merely" to cause damage and build support among certain constituencies. At first, the
defender defends, protecting whatever has been attacked. Over time, however, the defender also seeks strategic
benefit, to not only cause damage in return, but to gain footholds that will lead to an end to hostilities, a point of
leverage for negotiation, or outright conquest. Shooting wars are very expensive and very risky .
Tremendous amounts of material must be produced and transported, soldiers and sailors must be put into harm's
way, and incredible logistics and supply chain operations must be set up and managed on a nationwide (or multi-
Cyberwar is cheap. The weapons are often co-opted computers run by

the victims being targeted. Startup costs are minimal. Individual personnel risk is minimal. It's even
national level).
possible to conduct a cyberwar without the victims knowing (or at least being able to prove) who their attackers
are. Cyberwar can be brutal, anonymous -- and profitable. One of the big reasons the U.S. won
the Cold War (and scored highly in many of its other conflicts) is because it had the economic power to produce
goods for war, whether capital ships or food for troops. A economically strong nation can invest in weapons R&D,
creating a technological generation gap in terms of leverage and per-capita effectiveness compared to weaker
the more technologically powerful a

nation is, the more technologically dependent that nation becomes. Cyberwar can level
nations. But cyberwar can lay economic waste to a nation. Worse,
the playing field, forcing highly connected nations to thrash, to jump at every digital shadow while attackers can coopt the very resources of the defending nation to force-multiply their attacks. Sony is still cleaning up after the hack
that exposed many confidential aspects of its relationship with stars and producers. Target and Home Depot lost
millions of credit cards. The Snowden theft, while not the result of an outside hack, shows the economic cost of a
national security breach: nearly $47 billion. Cyberwar can also cause damage to physical systems, ranging from
electric power stations to smart automobiles. And when a breach can steal deeply confidential information of a
government's most trusted employees, nothing remains safe or secret. The U.S. Office of Personnel Management
was unwittingly funneling America's personnel data to its hackers for more than a year. Can you imagine? We think
China was responsible for the OPM hack. Despite the gargantuan nation's equally gargantuan investments in
America (or, perhaps, because of them), China has been accused of many of the most effective and persistent
penetrations perpetrated by any nation. Providing additional reason to worry, Russia and China have recently inked
an agreement where they agreed to not launch cyberattacks against each other. They have also agreed to share
cyberwarfare and cyberdefense technology, creating an Asian axis of power that can split the world in half.
On
the other side of the geopolitical spectrum are the American NSA and British GCHQ, two
organizations who share signals intelligence and -- if the screaming is to be believed -- spy as much upon
their own citizens as enemies of the state . It is important to note that the destabilization of Allied
intelligence can be traced to Edward Snowden, who ran to and is currently living in Russia after stealing a vast trove
of American state secrets. Ask yourself who gained from the Snowden affair. Was it America? No. Was it Snowden?
Not really. Was it Russia? You betcha. China, of course, supplies us with most of our computer gear. Every iPhone
and every Android phone, nearly all our servers, laptop computers, routers -- heck, the entire technological core of
American communications -- has come from China. The same China that has been actively involved in breaching
American interests at all levels. Russia and China. Again and again and again. In the center of all this is the main
body of Europe, where the last two incendiary world wars were fostered and fought. Nations fall when they are
economically unstable. Greece is seeing the writing on the wall right now. It is but one of many weak European
Union members. Other EU members are former Soviet states who look eastward towards Putin's Russia with a
mixture of fear and inevitability. This time, Germany isn't the instigator of unrest, but instead finds itself caught in
the middle -- subject to spying by and active in spying on its allies -- the only nearly-super power of the EU.
Here's how the coming world cyberwar will play out
An enemy (or even a supposed "friendly"

nation) decides it needs the strategic upper hand. After years of breaches, it has deep access to nearly every
powerful government and business figure in the United States. Blackmail provides access into command and control
Financial systems are hit and we suffer a recession worse than the
Great Recession of 2008-2009. Our budget for just about everything (as well as our will) craters.
Industrial systems (especially those that might post a physical or economic threat to our attacker) are hit
next. They are shut down or damaged in the way Stuxnet took out centrifuges in Iran. Every step America takes to
and financial systems.
respond is anticipated by the enemy -- because the enemy has a direct pipeline to every important piece of
communication America produces, and that's because the enemy has stolen enough information to corrupt an army
of Snowdens. While this is all going on, the American public is blissfully in the dark. Citizens just get angrier and
angrier at the leadership for allowing a recession to take hold, and for allowing more and more foreigners to take
Europe, which has always relied on America to keep it propped-up in the worst of times, will be
on its own. Russia will press in from the north east. ISIS will continue to explode in
the Middle East. China will keep up its careful dance as it grows into the world's leading economic power.
India, second in size only to China and a technological hotbed itself, remains a wild card, physically
surrounded by Europe, the Middle East, China, and Russia. India continues to live in
conflict with Pakistan, and with Pakistan both unstable and nuclear-tipped, Indo-Pak,
too, is on the precipice. A world war is about huge nations spanning huge
geographic territories fighting to rewrite the map of world power . Russia,
China, ISIS (which calls itself the Islamic State), India, Pakistan, the US, the UK, and all of the
strong and weak members of the EU: we certainly have the cast of characters for
another global conflict. I could keep going (and, heck, one day I might game the full scenario). But you can
see how this works. If enemy nations can diminish our economic power, can spy on our
strategic discussions, and can turn some of our key workers, they can take us out of
the battle -- without firing a single shot.
American jobs.
Cyberattacks are a national security issue

Rosenzweig 13 (Paul Rosenzweig, 2013 Cyber warfare: how conflicts in
cyberspace are challenging America and changing the world, pgs 28-29)
One important caveat to the foregoing discussion of the lack of data is in order: We should understand that this
data (and the attendant conclusions) are only relevant to the extent that the analysis is generally limited to
assessing the economic impacts of cybercrime and cyber espionage. No fair estimate can be made about the
To cite one incident, consider the

recently analyzed Gh0stNet malware. That malware imported a Trojan horse
program onto infected computers, which allowed a remote user to, effectively,
control the computer. The remote user could activate a keystroke logger, turn on the computer's video
camera or microphone, and, of course, copy and steal any data stored on the computer. First observed on
computers operated by the Dalai Lama, the malware was found in dozens of other
computers including some located in the embassies of India, Malaysia, and
Indonesia, ministries of foreign affairs, and even NATO headquarters (albeit on an
unclassified system). Extended analysis eventually tracked the malware to a set of
Internet Protocol addresses and a server on Hainan Island, off the coast of China, an
island that, perhaps coincidentally, is home to the headquarters of China's signals
intelligence agency. Or, consider the cyber war waged by Russian hacktivists
against first Estonia and then Georgia . In August 2008, for example, when Russian troops conducted a
land war against Georgia, Russian cyber patriots waged a cyber campaign against Georgia. The campaign
was powered by the botnet world and involved mostly denial of service attacks against Georgian
impact on national security of a singular or significant cyber event.
websites (like the website for Georgia's Ministry of Foreign Affairs) as well as website defacement. According to the
U.S. Cyber-Consequences Unit (a study group set up Ito access cyber events), the attacks were the work of civilians
who, though not directed by the Russian military, had advance knowledge of the attack so that they were able to
pre-plan and organize the cyber effort. The civilian hacktivists used social media to organize their efforts. It is
It is even more difficult to conduct a

realistic assessment of the risks of further espionage activity, much less the risks
that are associated with infiltrations into networks that might have physical effects,
such as Stuxnet. Considerations of policy in regard to these sorts of national
security vulnerabilities turn, not on a review of data about ongoing criminal
intrusions, but rather on a reasonable risk assessment of the likelihood of such an event,
difficult to assess how significant such incidents might have been.
measuring aspects of threat, vulnerability, and consequence. The little data we have addresses, inferentially, the
We may also
collect some data about consequence, especially when the effect on the
infrastructure can be measured, but that data is difficult to quantify. What, for
example, were the consequences to society of the Anonymous attack on PayPal,
Mastercard, and Amazon? And, in the end, no solid data on the threat exists; we measure only
capabilities, and then only by educated guesswork. We have no clear sense of true intent. As a result, we lack a
solid quantifiable risk assessment of the cyber threat to national security and this
leaves policymakers only with a speculative guess as to the extent of our risk from a
cyber attack by a willful cyber opponent.
vulnerability aspect of that question; from intrusions, we can learn where the loopholes are.
Were entering the opening stages of a new Cyber Cold War

Bruce Schneier, 3-11-2013, "Essays: Danger Lurks in Growing New Internet
Nationalism," No Publication,
https://www.schneier.com/essays/archives/2013/03/danger_lurks_in_grow.html
For technology that was supposed to ignore borders, bring the world closer together, and sidestep the influence of
national governments, the Internet is fostering an awful lot of nationalism right now. We've started to see increased
concern about the country of origin of IT products and services; U.S. companies are worried about hardware from
China; European companies are worried about cloud services in the U.S; no one is sure whether to trust hardware
and software from Israel; Russia and China might each be building their own operating systems out of concern
The
major nations of the world are in the early years of a cyberwar arms race, and we're all being
hurt by the collateral damage. Our nationalist worries have recently been fueled by a media
frenzy surrounding attacks from China. These attacks aren't new -- cyber-security experts have been writing
about using foreign ones. I see this as an effect of all the cyberwar saber-rattling that's going on right now.
about them for at least a decade, and the popular media reported about similar attacks in 2009 and again in 2010 -and the current allegations aren't even very different than what came before. This isn't to say that the Chinese
attacks aren't serious. The country's espionage campaign is sophisticated, and ongoing.
And because they're in the news, people are understandably worried about them. But it's not just China.
International espionage works in both directions, and I'm sure we are giving just as good as we're getting. China is
certainly worried about the U.S. Cyber Command's recent announcement that it was expanding from 900 people to
almost 5,000, and the NSA's massive new data center in Utah. The U.S. even admits that it can spy on non-U.S.
governments and militaries have discovered the Internet;

everyone is spying on everyone else, and countries are ratcheting up offensive
actions against other countries. At the same time, many nations are demanding
more control over the Internet within their own borders. They reserve the right to
spy and censor, and to limit the ability of others to do the same. This idea is now being
citizens freely. The fact is that
called the "cyber sovereignty movement," and gained traction at the International Telecommunications Union
meeting last December in Dubai. One analyst called that meeting the "Internet Yalta," where the Internet split
between liberal-democratic and authoritarian countries. I don't think he's exaggerating. Not that this is new, either.
Remember 2010, when the governments of the UAE, Saudi Arabia, and India demanded that RIM give them the
ability to spy on BlackBerry PDAs within their borders? Or last year, when Syria used the Internet to surveil its
Information technology is a surprisingly powerful tool for oppression: not just

surveillance, but censorship and propaganda as well. And countries are getting better at using
that tool. But remember: none of this is cyberwar. It's all espionage , something that's been
dissidents?
going on between countries ever since countries were invented. What moves public opinion is less the facts and
more the rhetoric, and the rhetoric of war is what we're hearing.
The result of all this saber-rattling is
a severe loss of trust, not just amongst nation-states but between people and
nation-states. We know we're nothing more than pawns in this game, and we figure we'll be better off sticking
with our own country. Unfortunately, both the reality and the rhetoric play right into the
hands of the military and corporate interests that are behind the cyberwar arms
race in the first place. There is an enormous amount of power at stake here: not only power within
governments and militaries, but power and profit amongst the corporations that supply the tools and infrastructure
The more we believe we are "at war" and believe the

jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and
control over how the Internet is run.
for cyber-attack and cyber-defense.
Cyber insecurity will lead to violent response
Wallace 14 (Ian Wallace, The Risks of Cyber Insecurity, The Fletcher Forum of
World Affairs, 8/17/14, Ian Wallace is a visiting fellow in cyber security with the
Center for 21st Century Security and Intelligence in the Foreign Policy program at
Brookings. He was previously a senior official at the British Ministry of Defence
where he helped develop U.K. cyber strategy as well as the U.K.s cyber relationship
with the United States. His research is focused on the international dimensions of
cyber security policy, including the implications of cyber for military forces and the
appropriate roles of the public and private sectors. Ian Wallace has written one
article for the Fletcher Forum. http://www.fletcherforum.org/2014/08/17/wallace/,
7/14/15 AV)
Around the world governments are experiencing a growing sense of cyber
insecurity. The threat is real, and few nations are adequately prepared . Progress is being
made. But the overall sense of insecurity still seems to be growing, not helped by the
light shone by Edward Snowden on to what is possible through this domain . Wherever
you stand on Snowden or any of the other vexed questions of international cybersecurity, it is hard to deny
the sense of vulnerability felt by many governments. And the trouble with
governments that feel scared, confused, and helpless is that, just like people, they
are prone to do foolish things. Three trends serve to illustrate this point: The first trend relates to a
tendency to over-militarize responses to overseas cyber threats. There is
undoubtedly an in extremis cyber defense role for the military, to prevent attacks
aimed at causing physical damage and loss of life. In fact, however, the worlds
most troublesome cyber operatorslike the groups responsible for the attacks to
the U.S. financial systemseem adept at calibrating their attacks in a way that falls
in the grey area above traditional law enforcement and below the justification for a
military response. By looking to militaries to defend this space though, governments risk missing the true
national security challenge of the information age: working out how the government can best support cyber
defenders working in the private sector. A second trend, which parallels the tendency to over-militarize
the tendency to apply an offensive

mindset. This is best characterized by statements such as, a good offense is the best defense. That may well
not be the case. Given the advantages in favor of cyber attackersthe low cost of
developing such offensive capabilities and the extent of our vulnerabilities
providing potential adversaries with both the ideas and the moral license to attack
you back is a questionable long-term strategy. More work needs to be done on the
dynamics of deterrence in the cyber context, and it might well be that an implied
willingness to deploy conventional military capability could be the best way to deter
a very serious cyber attack. Nevertheless, given the general state of cyber defense,
most governments are well advised to strongly resist calls to hack-back against
cyber intruders in all but the most egregious circumstances. A third trend is the rise of
cyber-nationalism based on the idea of technical border defenses. This is
governments bureaucratic responses to cyber threats, is
perhaps the biggest threat to the international order, because it threatens a

fragmentation of the Internet. Until recently, people concerned about fragmentation have focused on
authoritarian regimesthat see the Internet as subversive and want to constrain itand developing nationsthat
More recently, post-Snowden, even more liberal

regimes, especially in Europe, have discussed restricting the flow of data (at least
ostensibly) as a better way to protect their citizens rights. While many of these
measures reflect a poor understanding of the actual issues and of the way the
global Internet operates, the risk to the international economy and, by extension,
global stability is real. Of course, the common thread that connects these responses is the implicit
simply fear being overwhelmed by cyber threats.
assumption that the security solutions of the last century will work for this century. True, cyber activity is at root a
there are real people behind those threats, timeless truths

about the nature of conflict and strategy can be applied. There is no reason to think that we
have to start with a blank sheet of paper. As the authors of the Tallinn Manual have shown, for example, in many
cases international laws can be applied perfectly well to the cyber context.
Nevertheless, we are long past the era where we can be reassured that a strong,
offensively-minded military will be sufficient to defend us against all foreign foes. So
new thinking will be required. And part of that new thinking, at least until many more governments feel
human activity. Since ultimately
comfortable with the new technologies, will be to adopt policies that help prevent or mitigate the fear and confusion
they engender. Some nations will seek to exploit that fear and confusion, and that will need to be managed too.
But that just makes it more important for countries that appreciate the
economic and social value of a free and open Internet to consciously seek
to ensure favorable conditions for it. No doubt for some, especially in national security
establishments of countries like the United States who see the threats more clearly than most, that will require
tough trade-offs. But it is a transition that must be made. The alternative may be worse.
Tension among countries with cyber ability may cause a

digital WWIII
Sorcher 6-24 (Sara Sorcher, Peter Singer: How a future World War III could be
a cyberconflict, Yahoo News, 6/24/15, http://news.yahoo.com/peter-singer-futureworld-war-iii-could-cyberconflict-125549759.html, 7/14/15 AV)
What could World War III look like? If the growing spate nation-state hacks is any
indication, it'll be waged by computers and over networks. In his forthcoming technothriller
"Ghost Fleet," Peter Singer explores how global conflicts might play out in the 2020s. Mr. Singer, a strategist at the
New America think tank in Washington, is also a consultant for the Pentagon and FBI, spoke with Passcode about his
novel, due out later this month. He also cohosts "The Cybersecurity Podcast" with Passcode. Listen below to hear
the latest episode featuring science fiction author and Boing Boing coeditor Cory Doctorow about how science
fiction can help predict the future. Passcode: Your new novel, "Ghost Fleet," looks at what a global war in the 2020s
Wars reflect the worlds and

technology around them, so a war in the 2020s heck, a war today would see the
digital side of conflict. There might be changed coverage of it, whereby a witness
with a smartphone might post online news of an attack before the president even
knows the nation is at war. We may see true cyberweapons such as Stuxnet used in
a battle scenario, not just espionage. And there may be hardware hacks, where the
attack is on the very microchips that power our weapons and takes place months
before its effect is ever felt. The irony, though, is that all the digital warfare may
have the end result of taking parts of the fight back to a pre-digital age. You may
have cyberstrikes and drones, but because of the two sides also going after things
like communications and GPS, you may also see their fleets fighting like its 1944
again, struggling first to even find each other. It's noteworthy that this year the
Naval Academy launched both a cybersecurity major but also is having all the
midshipmen learn celestial navigation. Weve spent the last decade of war wrestling
with a flood of data, and the problem could be the opposite: What to do when the
might look like. How do digital attacks, and defenses, fit into this? Singer:
spigot gets cut off.
Passcode: In your assessment, who are the main countries and/or players in a future
global conflict and what do their digital capabilities have to do with their chances at "winning" such a war? Are
There are over 100

nations that have created some kind of military unit to fight conflicts in cyberspace ,
these countries you mention on track to achieving these kinds of capabilities? Singer:
a la the United States' Cyber Command. But just as there are over 100 Air Forces and only few able to carry out an
the number of countries able to fight a sustained cyber war is much more
limited. Youre talking less than 10, with the focus of the book being on the two big powers that have lined up
air war
against each other and are engaged in an arms race right now in both physical weapons like warships and now
cybercapabilities: The US and China. But it is not just the official states that matter. It could be Chinas massive
cyber militia tied into its universities. Or private companies that can play an active role in 21st century conflicts,
including in cyberspace, which means you might see new versions of Cyber Blackwaters." Or hacktivist collectives
such as Anonymous. In any case, they represent a very different kind of power than we saw the last time the great
powers went to war, and one that could be the key to winning or losing. Passcode: What does winning or losing,
for that matter look like in a future cyberconflict? Singer: Its a lot like any other conflict, using the tool to achieve
your aims and preventing your foe from reaching their goals. What is interesting, and scary, about cyberconflict is
how it allows certain trusted strengths to be turned into weaknesses, and how success or failure in this realm can
decide winning or losing in other realms. Passcode: People warn all the time about the potential of a "Cyber Pearl
Harbor." But countries have so far showed real restraint in the use of destructive or potentially fatal
cyberoperations. Science fiction aside, what do you think are the realistic chances we'll see a cyberattack of this
scale in the future? What kind of scenarios would you predict have to happen for the cyberespionage and hacks
we're seeing today to escalate to that level? Singer: Cows killed more Americans last year than ISIS. And the
hackers linked to the OPM breach only stole digital information rather than caused physical damage. But that
doesnt, however, mean that ISIS is not a real security risk in way that cows are not nor that there will never be
The reason there is no cyber war right is that there is no

actual wars right now between states with cybercapacities. The reason we have
seen this restraint in cyber operations between say the US and China, or the US and
Iran, is the very same reason they arent dropping actual bombs on each other:
Because the two sides are not at war. But if they did go to war, which could happen
for any number of reasons, accidental or by choice, of course you would see
cyberoperations against each other that would be of a different kind of scale and
impact than weve seen so far. The first Cyber Pearl Harbor might happen from a a decision to reorder
damaging cyberattacks. It's simple:
the global politics in the 2020s, or it could happen just because two warships accidentally scrape paint over some
reef in the South China Sea no one can find on a map.
Middle East Cyberwar

The Middle East is a volatile area for cybercrimes Stuxnet
proves
Siboni et al 4-29 (Gabi Siboni, Daniel Cohen and Aviv Rotbart, THE IMPACT
OF CYBERSPACE ON ASYMMETRIC CONFLICT IN THE MIDDLE EAST Georgetown
Journal of International Affairs, 4/29/15, Dr. IDF-Colonel (Res.) Gabi Siboni is Senior
Research Fellow, Director of Military and Strategic Affairs Program, and Director of
the Cyber-Security Program at the Institute for National Security Studies (INSS) at
Tel Aviv University. He is also the editor of the Military and Strategic Affairs Journal
at the INSS. Dr. Siboni is the CEO of G. Bina Ltd., a consulting firm for cybersecurity
and operational and ICT risk management. http://journal.georgetown.edu/theimpact-of-cyberspace-on-asymmetric-conflict-in-the-middle-east/ , 7/14/15 AV)
The source of instability in the Middle East has changed. Non-state organizations are at
the fore of this change, as they grow significantly in potency and create enhanced security challenges previously
seen only among state actors. Hezbollah, for example, continues to grow stronger while building a powerful rocket
and missile arsenal. Its collaboration with Syria and Iran further augments instability by polarizing geopolitical
factions in the region. Hamas in 2014 found itself isolated but determined to continue military buildup in order to
maintain the struggle against Israel, particularly in the wake of Operation Protective Edge. Egypt under El-Sisi is
working to suppress the Muslim Brotherhood and Hamas, while jihadi and salafi organizations such as the Anssar
Bayt al-Maqdis cause the Egyptian army heavy losses on the Sinai Peninsula. Qatar, until recently a loyal Hamas
supporter, now turns its back on the group and has reportedly increased ties with Iran. Finally, Sunni jihadi
organizations led by the Islamic State (IS), have entered the governmental vacuum in Iraq and Syria and work to
establish a radical Islamic caliphate. As conflicts between states and non-state organizations become more
Asymmetrical warfare
has caused significant and detrimental impact to the stability of the Middle
East within the past few decades. A threat previously emanating from state
armies now includes non-state and terrorist organizations operating against
states, which diversify and complicate the regions threat matrix. The
increasing use of cyber weapons by non-state organizations also adds
complexity to the issue by obscuring attribution while attacking state
infrastructure. However, while the role of cyberspace is increasing in frequency and strength, it will
pervasive, the strategy of asymmetrical warfare has also increased in prevalence.
nevertheless continue to be a complementary field of operations in the asymmetric conflict in the Middle East, with
physical space occupying the main field of action. The concept of asymmetry between adversaries typically attests
to disparities in military power among forces. Small guerrilla forces attempt to damage, wear down, and disrupt the
activity of the regular army in the area without confronting it head-on due to relative military inferiority. In terms of
military tactics, state armies generally fight in an orderly framework while non-state organizations use guerrilla and
terror methods due to these disparities in overt power. Terrorist organizations attempt to decrease asymmetry in a
conflict by operating outside the constraints of international law. They use high-trajectory fire and commit war
crimes by indiscriminately firing on concentrations of civilians, causing high civilian damage. National armies, in
contrast, have a greater incentive to operate within international legal limitations due to the positive benefits
As the rise of
non-state actors and utilization of terrorist methods alter the nature of
conflict in the Middle East, cyberspace has similarly impacted asymmetrical
warfare. Cyberspace provides a broad platform for terrorist and non-state
organizations to act, and it particularly enables them to obscure the source
of an asymmetric attack. This is the result of a number of basic
characteristics unique to cyberspace. First, states are more exposed to
attacks in cyberspace than are non-state organizations. States generally
have a broader technological infrastructure than terrorist and non-state
organizations, and are thus affected via cyberattacks to a greater degree
than non-state organizations. Second, cyber capabilities are becoming more
afforded by abiding by treaties and diplomatic agreements that non-state actors do not share.
prevalent and accessible for use by non-state actors. Israel faces a number of terrorist
organizations that have developed significant cyber capabilities. During Operation Protective Edge, Israel
confronted Hamas cyberattacks that were allegedly backed by Iran. According to a senior Israel Defense Forces
(IDF) J6-C4I Corps officer, during the operation, there was an attack that was unprecedented in its scope and in the
quality of its targets. The attack was carried out against civilian Internet infrastructures in Israel and against the IDF
spokesmans Twitter account and the Home Front Commands web site. Some of the attacks were apparently
carried out by the Syrian Electronic Army (SEA), which is ostensibly believed to be an Iranian proxy for all intents
and purposes. Cyberattacks by Hamas are not new. They were carried out in previous rounds of fighting in the Gaza
Strip during the last seven years. Although the complexity and severity of these attacks has increased, they all had
a minimal impact. The lack of symmetry is also expressed in the difficulty for states, regardless of technological
expertise, to attack non-state organizations via cyberattack in a way that can produce anything but a marginal
effect in the overall battle outcome. It often seems that the lack of symmetry between states and organizations in
the resources allocated to military and security force-building creates an incentive for non-state organizations to
seek ways of operating in cyberspace where the cost-benefit ratio and price of entry are significantly lower.
However, we are unlikely to see the development of significant cyber capabilities by non-state organizations,
particularly those lacking support from states. [i] As we examine this issue, three significant capabilities become
requisite to carry out significant action in cyberspace. Intelligence capabilities. For a pinpoint action that can
create a significant effect, high-quality intelligence must be collected about the target. In order to introduce
malicious code without going through the Internet, human intelligence is needed and those who work for the
organization or any other authorized personnel will need to install the malware. Likewise via an internet-based
infiltration, intelligence-gathering and social engineering operations must be conducted to make computer
infiltration possible. High-level technological capability. Recent years show a proliferation in cyberattack capabilities, particularly in the
deep net where there is an illegal trade in services and tools for cyber-crime and cyber-fraud. However, developing technological tools for
attacking state infrastructures nonetheless requires an especially high level of technological capabilities that are based on the state technological
infrastructure and human resource development. Operational capabilities. Planning and commanding an operations that is aimed for significant
results requires a deep operational and organizational infrastructure such as: experienced operation officers, command and control capabilities
and covert and complex operation capabilities. Thus, it appears that it will take more time until independent terrorist organizations can produce a
significant operation in cyberspace. Nevertheless, we should remember that many countries direct, assist, and run terrorist and non-state
organizations as proxies in cyberspace. State-sponsored activity allows terrorist organizations to reduce the disparities in
these basic capabilities. In recent decades, the Middle East has been a global laboratory for examining asymmetric
conflicts. The area is full of non-state actors and various terrorist organizations fighting Israel. There are also Sunni
jihadist organizations, first and foremost Islamic State, which operates against the West and the other infidels.
The development of capabilities in cyberspace has not fundamentally changed the nature of the violent struggle,
which continues to be primarily a struggle that relies on physical and kinetic tools and methods. While cyberspace
gives these organizations further room to maneuver, its impact is not yet substantial, and currently we have not
seen significant results of a cyberattack. For example, none of the cyber operations by states and terrorist
organizations have created an effect that is even similar to that of a physical terrorist attack such as the September
The Stuxnet attack demonstrated the capabilities of

creating significant physical damage; however, it did not have a global impact and was merely a
11 attacks on the United States.
proof of concept. Therefore, everything must be kept in proper proportion. While non-state actors use cyberspace as
a tool to balance asymmetrical conflict, their ability to launch an impactful cyberattack rests in the hands of statesponsorship. Until then, non-state organizations will have to rely on kinetic methods to upset the imbalance of
asymmetrical warfare.
Cyberterrorism Likely
Cyber insurgency is likely
cyberspace are challenging America and changing the world, pg 49)
The same cannot, unfortunately, be said of cyber intrusions by nonstate actors. Unconstrained
by the limits of sovereignty, devoid of any territory to protect, and practically
immune from retaliation, these groups pose a significant danger to stability . We might
think of them as cyber terrorists, but perhaps a better conception is that of a cyber insurgent . A good way to
look at this is through the prism of the challenge to social and governmental
authority by WikiLeaks and its founder, Julian Assange, and its support by the hacktivist group Anonymous. Their
story is one of both enhanced information transparency and, more significantly for our purposes, the ability to
wage combat in cyberspace.
Cyberterror is likely- anonymity and growing capabilities

This description of the correlation of forces in cyberspace is, in many ways, congruent with similar analyses of the
physical world. Terrorists enabled by asymmetric power (IEDs and box cutters) have likewise challenged traditional
just as Americans must learn to deal with these kinetic insurgent

challenges, so too must they respond to cyber insurgency . Current capabilities of
nonstate actors are weak but improving. The current capabilities of organized nonstate actors in
cyberspace are relatively modest. While DDoS attacks can be a significant annoyance, they
are not an existential threat. This state of affairs is unlikely to hold for long. As the
Stuxnet computer virus demonstrates, significant real-world effects can already be
achieved by sophisticated cyber actors. It is only a matter of time until less sophisticated nonstate
actors achieve the same capability. Attribution is always a challenge. Determining the origin
of an attack can be problematic. Sending a message from a digital device to a provider is akin to
state authorities. And,
mailing a letter. The service provider acts as an electronic carrier that sends the message through routers and
The attacking computers may have

been hijacked and be under the control of a server in another country . An attacker may
servers which deliver the message to the targeted computer.
disguise its locations by circuitous routing or by masking the message's source identification, similar to fudging a
A cyber insurgent may strike several countries, multiple

Internet service providers, and various telecommunications linkages, all subject to
varying legal requirements and reporting standards, which makes tracing the source
extremely difficult. Overcoming these difficulties by technical means alone is a vexing problem and an
letter's return address and postmark.
unnecessary one. As the scope of conflicts in cyberspace develops, governments around the world will use all
techniques in their arsenal to exploit the weaknesses of the nonstate actors who are part of the threat.
Cyberterrorism Nuclear
Cyberterrorists could break into computers and launch an
attack on a nuclear statetriggers global nuclear war
Fritz 09
(Jason, May 2009, International Commission on Nuclear Non-Proliferation and

Disarmament, Hacking Nuclear Command and Control, Jason is a defense
researcher, served as a cavalry officer in the US Army for 6 years, masters in IR @
Bond University, icnnd.org/documents/jason_fritz_hacking_nc2.doc, 7/15/15, SM)
In order to see how cyber terrorists could detonate a nuclear weapon it is important to identify
the structures which they would be attempting to penetrate. Nuclear command and control (NC2), sometimes
referred to as nuclear command and control and communications (NC3) includes the personnel, equipment,
communications, facilities, organisation, procedures, and chain of command involved with maintaining a nuclear
weapon capability. A Command and Control Centre is typically a secure room, bunker, or building in a government
or military facility that operates as the agency's dispatch centre, surveillance monitoring centre, coordination office
and alarm monitoring centre all in one. A state may have multiple command and control centres within the
government and military branches which can act independently or, more commonly, be used in the event a higher
node is incapable of performing its function. A minimum of eight states possess a nuclear arsenal, providing eight
varying nuclear command and control structures for cyber terrorist to target. The eight states which possess
nuclear weapons are, in order of acquisition, the US, Russia (former Soviet Union), the UK, France, China, India,
Pakistan, and North Korea. South Africa formerly possessed nuclear weapons, but has since dismantled its arsenal.
Israel is also widely believed to have nuclear weapons, but has not officially confirmed their status as a nuclear
There are approximately 20,000 active nuclear weapons in the world. The vast
majority of these belong to the US and Russia, stemming from the Cold War.
Nuclear command and control has inherent weaknesses in relation to cyber warfare.
The concept of mutually assured destruction means a state must have the capability to launch
nuclear weapons in the event of a decapitating strike. This requires having nuclear weapons spread out
in multiple locations (mobility and redundancy), so an enemy could not destroy all of their
capabilities. Examples of this include land based mobile launch platforms and submarine-launched ballistic
state.
missiles (SLBM). This provides terrorists with multiple locations for attaining access to these weapons. Further,
under NATO nuclear weapons sharing, the US has supplied nuclear weapons to Belgium, Germany, Italy, the
This further increases the number

of access points for terrorists, allowing them to assess not only
installations and procedures, but also which borders and state specific
laws may be easier to circumvent. The weapons themselves may all be under the complete
Netherlands, and Turkey for storage and possible deployment.
control of the US, but the operational plans of terrorists may include items such as reconnaissance, social
engineering, and crossing borders which remain unique between states. The potential collapse of a state also
presents a challenge. Following the collapse of the Soviet Union, Belarus, Kazakhstan, and Ukraine were in
possession of nuclear weapons. These have since been transferred to Russia, but there was, and still is,
considerable concern over the security and integrity of those weapons, especially in the face of a destabilized
Mutually assured destruction also promotes a hair trigger

launch posture and the need for launch orders to be decided on quickly. The advent of
government and civilian hardship.
SLBMs increased this high pressure tension, as the ability of a submarine to sneak up close to a states border
These short decision times make it easier for

terrorists to provoke a launch as little time, and little discussion, is given to assess a
situation in full. The desire to reduce the time it takes to disseminate plans to nuclear forces may expand the
before launch significantly reduced response time.
use of computers in nuclear command and control, or lead to the introduction of fail-deadly and autonomous
systems. This chapter is by no means comprehensive, However it sheds some light on the operations of nuclear
command and control and the difficulties in defending those systems from cyber terrorism. Many of the details of
nuclear command and control are classified, so the information provided below may be outdated. However it points
towards a pattern, and there is no certainty these systems and procedures have been updated since entering open
source knowledge. Further, terrorists do not have to restrict themselves to unclassified data, and therefore may be
able to obtain up to date information. The United States The US employs a nuclear deterrence triad consisted of
nuclear-capable long range bombers, SLBMs, and land based intercontinental ballistic missiles (ICBMs), as well as
an arsenal of nonstrategic (tactical) nuclear weapons. US nuclear command and control covers a geographically
dispersed force with the US President, as Commander in Chief, being the highest authority in the decision to make a
nuclear launch. There is a hierarchy of succession in the event the President cannot perform this duty, such as if the
President were killed in an attack. Additionally, once the order to launch is given, it travels down a chain of
command; the President does not press the button, so to speak, nor is the President physically present at the
launch location. These locations would be targets in a nuclear war, so it is imperative that the leader not be there.
Additionally, multiple independent launch locations make this impossible (except for cases in which multiple
missiles are tied together in a Single Integrated Operational Plan). So it is theoretically possible to subvert this
control by falsifying the order at any number of locations down that chain of command. The infrastructure that
supports the President in his decision to launch nuclear weapons is the Nuclear Command and Control System
(NCCS). The NCCS must support situation monitoring, tactical warning and attack assessment of missile launches,
senior leader decision making, dissemination of Presidential force-direction orders, and management of
geographically dispersed forces (Critchlow 2006). Key US nuclear command centres include fixed locations, such
as the National Military Command Center (NMCC) and the Raven Rock Mountain Complex (Site R), and mobile
platforms, such as the E-4B National Airborne Operations Center (NAOC) and the Mobile Consolidated Command
Center (MCCC). The US seeks to integrate its nuclear forces into its vision of command, control, computers,
communications, intelligence, surveillance, and reconnaissance (C4ISR) hinting towards a greater reliance on
computer technology in maintaining and upgrading its nuclear force, not only to combat against Cold War style
nuclear war, but also against perceived emerging threats from China, Iran and North Korea. In particular the US
recognises these states potential to use nuclear weapons detonated at high altitude to create an electromagnetic
pulse (EMP). The threat of EMP was known during the Cold War, and a considerable amount of attention has been
paid to hardening nuclear systems (Critchlow 2006). The Minimum Essential Emergency Communications Network
(MEECN) links to the ICBMs, bombers, and submarine forces. Information widely available on the internet shows the
US is seeking to upgrade the MEECNs satellite communications capability through Advanced Extremely High
Frequency and the Transformational Communications Satellite programs. Cyber terrorists may use this knowledge to
research these new forms, or to expose weaknesses in the old system before upgrades are completed. Early
warning systems and communications are essential to assessing whether a nuclear launch has been made and
communicating the orders to launch a retaliatory strike. Falsifying the data provided by either of these systems
would be of prime interest to terrorists. Commands emanating from the NAOC for example, include Extremely High
Frequency and Very Low Frequency/Low Frequency links, and its activation during a traditional terrorist attack, as
happened on 9/11, could provide additional clues as to its vulnerabilities. Blogging communities have also revealed
that the 9/11 terrorist attacks revealed insights into the US continuity of operations plan as high level officials were
noted heading to specific installations (Critchlow 2006). One tool designed by the US for initiating a nuclear launch
is the nuclear football. It is a specially outfitted briefcase which can be used by the President to authorize a
nuclear strike when away from fixed command centres. The President is accompanied by an aide carrying the
nuclear football at all times. This aide, who is armed and possibly physically attached to the football, is part of a
rotating crew of Presidential aides (one from each of the five service branches). The football contains a secure
satellite communication link and any other material the President may need to refer to in the event of its use,
sometimes referred to as the playbook. The attack options provided in the football include single ICBM launches
and large scale pre-determined scenarios as part of the Single Integrated Operational Plan. Before initiating a
launch the President must be positively identified using a special code on a plastic card, sometimes referred to as
the gold codes or the biscuit. The order must also be approved by a second member of the government as per
the two-man rule (Pike 2006). In terms of detecting and analysing a potential attack, that is, distinguishing a
missile attack from the launch of a satellite or a computer glitch, the US employs dual phenomenology. This means
two different systems must be used to confirm an attack, such as radar and satellite. Terrorists trying to engage a
launch by falsifying this data would need to determine which two systems were being used in coordination at the
target location and spoof both systems. Attempting to falsify commands from the President would also be difficult.
Even if the chain of command is identified, there are multiple checks and balances. For example, doctrine
recommends that the President confer with senior commanders. The Chairman of the Joint Chiefs of Staff is the
primary military advisor to the President. However, the President may choose to consult other advisors as well.
Trying to identify who would be consulted in this system is difficult, and falsification may be exposed at any number
of steps. The 2006 Quadrennial Defense Review emphasizes that new systems of command and control must be
survivable in the event of cyber warfare attacks. On the one hand, this shows that the US is aware of the potential
danger posed by computer network operations and are taking action to prevent it. On the other hand, this shows
that they themselves see computer network operations as a weakness in their system. And the US continues to
research new ways to integrate computer systems into their nuclear command and control, such as IP-based
communications, which they admit, has not yet been proven to provide the high degree of assurance of rapid
The US nuclear
arsenal remains designed for the Cold War. This means its paramount feature is to
survive a decapitating strike. In order to do so it must maintain hair-trigger posture
on early warning and decision-making for approximately one-third of its 10,000
nuclear weapons. According to Bruce G. Blair, President of the Center for Defense Information, and a former
Minuteman launch officer: Warning crews in Cheyenne Mountain, Colo., are allowed only three
minutes to judge whether initial attack indications from satellite and ground sensors
are valid or false. Judgments of this sort are rendered daily, as a result of events as diverse as missiles being
message transmission needed for nuclear command and control (Critchlow 2006).
tested, or fired for example, Russias firing of Scud missiles into Chechnya peaceful satellites being lofted into
space, or wildfires and solar reflections off oceans and clouds. If an incoming missile strike is anticipated, the
president and his top nuclear advisors would quickly convene an emergency telephone conference to hear urgent
briefings. For example, the war room commander in Omaha would brief the president on his retaliatory options and
their consequences, a briefing that is limited to 30 seconds. All of the large-scale responses comprising that briefing
are designed for destroying Russian targets by the thousands, and the president would have only a few minutes to
pick one if he wished to ensure its effective implementation. The order would then be sent immediately to the
underground and undersea launch crews, whose own mindless firing drill would last only a few minutes (Blair 2003).
These rapid response times dont leave room for error. Cyber terrorists would not
need deception that could stand up over time; they would only need to be
believable for the first 15 minutes or so. The amount of firepower that could be
unleashed in these 15 minutes, combined with the equally swift Russian response,
would be equivalent to approximately 100,000 Hiroshima bombs (Blair 2008).
Cybersecurity Impact - Heg/Terrorism

Cyberterrorists can access military infrastructure.
Peha, 2013
technically sophisticated organizations are challenging the security of
American computer and communications systems for reasons other than mere
financial gain. Finding and exploiting security vulnerabilities is part of how international espionage is
Of course, some
conducted in the 21st century, as is clearly demonstrated by recent revelations about the activities of the Chinese
In addition to economic advantage, foreign governments that compromise

the security of contractors to the U.S. Defense Department may use what they learn
to improve their offensive and defensive military capabilities . Moreover, as we saw from
cyberattacks in Estonia and Georgia, cyberattacks on civilian systems can be highly disruptive
to nations, and possibly a force multiplier for military action. The more foreign
powers can learn about security vulnerabilities in critical systems in the U.S., the
more vulnerable we are. Worse yet, this is no longer just the domain of nation states. Terrorist
organizations could also launch cyberattacks against critical systems. Perhaps they
will time a cyberattack with a bombing to maximize the damage and the panic.
Weakened security can only increase the risk of cyberespionage, cyberattack, and
cyberterrorism.
government.
Cybersecurity China
Chinas already attacking US systems- its only a matter of
time

Finally, and perhaps most chillingly, the security firm RSA (manufacturer of the security
tokens that many companies use to control access to secure systems) was
penetrated by an intrusion that compromised the companys SecureID system . This
SecureID system was at the time, the single most common piece of security hardware; it was a little token that
periodically generated user identification and passwords to authenticate an attempt to, say, login to a companys
Though details remain very unclear now, the intruders

apparently compromised the random number generation algorithm so that they
would be better able to infiltrate the companies that used the RSA SecureID token.
Just a few weeks later, Lockheed Martin was attacked by someone using the stolen
RSA data who attempted remote access to their system. The attack is said to have been
thwarted, but the focus on a defense contractor, rather than on a bank, seems a
clear indication that the RSA hack was done by a sovereign peer-competitor, not
cybercriminals who would have used the data to break into bank accounts instead.
Other companies compromised using the same command and control infrastructure
that hacked into RSA include: Abbott Labs, the Alabama Supercomputer Network,
Charles Schwab & Co., Cisco Systems, eBay, the European Space Agency, Facebook,
Freddie Mac, Google, the General Services Administration, the Inter-American
Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), the
Massachusetts Institute of Technology, Motorola Inc., Northrop Grumman, Novell,
Perot Systems, PriceWaterhouseCooper LLP, Research in Motion (RIM) Ltd., Seagate
Technology, Thomson financial, Unisys Cor., USAA, Verisign, VMWare, Wachvoia
Corp., and Wells Fargo and Co. Again, China denied any responsibility for the attack but, as Richard
Clarke said this attack [has] all the hallmarks of Chinese government operations .
computer servers from a remote site.
Indeed, recently, RSA completed its own analysis of the intrusion. At a conference in London in October 2011, their
Chairman said: There were two individual groups from one nation state, one supporting the other. One was very
Weve not attributed it to a particular nation state although were

very confident that with the skill sophistication and resources involved it could it
could only have been a nation state. And, of the 334 commands and control,
servers used by the malware 299 were located in China.
visible and one less so.
The Chinese are preparing for a cyber war


It appears, as well, that China is preparing for a conflict in cyberspace And, China sees the
United States as its principal cyber-competitor. A recent report in the Chinese-language, Liberation
Army Daily (an unofficial but well vetted source), put it this way: "The U.S. military is hastening to seize the
commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak. ... Their
actions remind us that to protect the nation's Internet security, we must accelerate Internet defense development
and accelerate steps to make a strong Internet army .... Although our country has developed into an Internet great
power, our Internet security defenses are still very weak. So we must accelerate development of Internet battle
it is not surprising that, in late May 2011, China

announced the formation of a cyber Blue Army, with two stated purposes: defending
the nation against cyber attacks and leading cyber offensives, in case of war. A
recent report to Congress gives a flavor of Chinese military activity: the military has
begun testing attack capabilities during exercise s, most recently during an exercise in October
technology and armament." And so,
2011 involving "joint information offensive and defensive operations:' According to the report ,
the People's
Liberation Army (PLA) is likely to focus its cyber targeting in a tactical way rather
than a strategic one. Thus, they estimate that an initial focus would be on
transportation and logistics networks or command-and-control systems just before an
actual conflict to try to delay or disrupt the United States' ability to fight. The capabilities being developed are
significant. in short, as the report concludes: "Chinese
capabilities in computer network

operations have advanced sufficiently to pose genuine risk to U.S. military
operations in the event of a conflict. " Though a full cyber war has yet to be fought, the Chinese
appear to be preparing to use cyber weapons as a part of any future conflict.
India
India is unprepared for cyberattacks
Das 14 (Purba Das, India Unprepared For Cyber Warfare, Business Insider India,
10/16/14, Purba Das is a senior correspondent for Business Insider India,
http://www.businessinsider.in/India-Unprepared-For-CyberWarfare/articleshow/44834375.cms, 7/16/15 AV)
At a time when the world is preparing for possible cyber warfare, India is not fully prepared for cyber
attacks in defense and security. According to studies done by various research organizations, cyber attacks on
Indian government organizations rose by an alarming rate of 136% last year. "India is way behind the
international standards of defence against cyber attacks practiced across the world ,"
said Ashish Soni, founder and CEO of Orkash Services Pvt Ltd, a high technology, market intelligence and
operational risk management services company, at the 10 th Indo-US Economic Summit organized by Indo America
Chamber of Commerce (IACC). On the other hand, market reports suggested that the cyber attacks on financial
services organizations surged by 126% last year. "According to reports, sophisticated cyber assaults like
ransomware and spear-phishing has cost Indian individuals and companies some $4 billion," said Asoke K Laha,
National President of IACC. He added that the most common form of cyber threats includes malware and Internet
attacks among others. "Last year brought a marked increase in the frequency of cyber attacks on Indian assets,
However, it should be noted

that currently India has four agencies to deal with cyber threats and provide
security in the Internet space. CERT-In, a national nodal agency for responding to computer security
with government and private infrastructure equally affected", noted Laha.
systems was set up in 2004. It is primarily responsible for collection, analysis and alert of cyber security among
other. Another such agency is NCIIPC whose primary function is to protect critical information infrastructure against
cyber terrorism, warfare and other threats. "National Technical Research Organisation (NTRO) is a technical
intelligence agency which falls under National Security Adviser in the Prime Minister's Office while National Cyber
Coordination Centre is supposed to scan through the entire cyber traffic and alert government organization against
plausible cyber threats and attacks," stated Laha. Interestingly, India and the US have collaborated to cyber
terrorism and had set up India US Cyber Security Forum in 2001. In 2010, a new India-US Counter Terrorism
Cooperation Initiative was signed between the two countries to provide cyber security and critical infrastructural
protection.
Airplanes
Airplanes are susceptible to cyberattack
Pasztor 6-29 (Andy Pasztor, U.S. Panel Aims to Shield Planes From
Cyberattack, The Wall Street Journal, 6/29/15, http://www.wsj.com/articles/u-spanel-aims-to-shield-planes-from-cyberattack-1435537440?
mod=pls_whats_news_us_business_f, 7/16/15 AV)
U.S. aviation regulators and industry officials have begun developing
comprehensive cybersecurity protections for aircraft, seeking to cover everything
from the largest commercial jetliners to small private planes. A high-level advisory
committee set up by the U.S. Federal Aviation Administrationincluding representatives of plane makers, pilots and
parts suppliers from around the globewas scheduled to meet for the first time this month amid rising concern
over potential industry vulnerability to computer hackers. The panels meetings are private. On
June 21, operations were disrupted at Warsaw Chopin Airport by what LOT Polish Airlines said was a cyberattack on
flight-planning computers. Ten LOT flights were canceled and some 15 others were grounded for several hours,
affecting roughly 1,400 passengers. Though airline officials said safety was never affected, LOTs chief executive
was quoted saying that such a cyberattack can happen to anyone, anytime. The goal of the FAA initiative,
according to Jens Hennig, the panels co-chairman, is to identify the seven or eight most important risk areas and
then try to reach consensus on international design and testing standards to guard against possible cyberattacks.
The industry needs a set of graduated requirements, he said in an interview, based on the types of software and
The overall level of concern is reflected in Boeing Co.s decision to

pay outside experts dubbed red hat testersessentially authorized hackersto
see if built-in protections for onboard software can be defeated. Mike Sinnett, vice president
various aircraft models.
of product development for Boeings commercial-airplane unit, said certification of the flagship 787 Dreamliner
required Boeing to purposely allow such teams inside the first layer of protection to demonstrate resilience. When it
comes to protecting flight-critical software from hackers, Mr. Sinnett said, the systems can accept only specific bits
of information at specific preordained times, and it is all preprogrammed. As a result, he added, theres no way for
the flight-control system to pull in something from an unauthorized source. Such software and cockpit interfaces
aboard commercial jets are tested extensively and have such a wide array of embedded safeguards that they are
considered virtually impregnable to direct attack by industry outsiders, according to these experts. Yet that hardly
The biggest current risks, experts believe, stem

from aircraft links to ancillary ground networks that routinely upload and download
data when planes arent flyingincluding information used for maintenance,
sending various software updates and generating flight plans before takeoff like
those that affected LOT earlier this month. Where we are weak, says Patrick Ky, executive director
means airliners are beyond the reach of hackers.
of the European Aviation Safety Agency, is in ensuring that a maintenance or air-traffic control system cant be
hacked and used as a conduit to get at aircraft. What is not being done today, he said, is to have a view of
aircraft operations in their entirety, recognizing all the potential outside hazards. Airbus Group SE and most of its
suppliers continue to rely on a secure computer platform to protect their manufacturing operations, with some
European experts advocating more aggressive efforts to expand the network to additional companies. Every
time you introduce another connection in the form of a new supplier, its another
way to potentially attack the aircraft itself, says Alain Robic, a partner in Deloitte Consultings
French unit who works with industry clients on data security. Mr. Robic says that ideally all of the different levels of
security among suppliers to Airbus and Boeing would conform to an information-system policy self-regulated by
industry leaders. Neither LOT nor Polish authorities have identified the source of this months disruption.
Prosecutors may also be looking at internal-software failures or other explanations for the problem, which was
resolved after roughly five hours. Whatever the exact cause, the incident points to the kind of computer problem
that security experts worry about most in aviation and consider among the hardest to prevent: Attacks on
maintenance or air-traffic control systems, which routinely interface with aircraft, as opposed to direct intrusions by
Ground-based computer networks, including those

between traffic-control operations, are considered less secure against hacking than
those installed on aircraft, largely because onboard flight-critical systems have more
internal protections and multiple redundancies to filter out intrusions. Hardware used for
outsiders on computers aboard planes.
passenger Wi-Fi connections and entertainment options, for example, is physically separated from onboard-safetysystem servers, and even electrical conduits are designed so that information doesnt bleed between the two. In
interviews at the Paris International Airshow days before the Warsaw incident, more than a dozen international
cyber experts and industry officials stressed that despite various high-profile and public allegations, they werent
aware of a single verified instance of hackers breaching flight-control or engine-control systems on any modern
jetliner while it was in the air. The current system is working pretty well and aviation software generally has been
pretty difficult to infiltrate, Mr. Hennig, vice president of operations for the General Aviation Manufacturers
Association, said. But most cyberprotection systems for planes are certified using case-by-case risk assessments
requiring regulators to expend a lot of resources, rather than the industrywide technical standards the FAA and Mr.
Hennig foresee. European regulators are expected to eventually create a similar advisory board to coordinate future
Still, with cybersecurity issues gaining more prominence throughout

aviation, various initiatives are already under way. Michael Huerta, who heads the FAA, is
standards.
stressing the importance of sharing details about cyber events the same way specifics of safety incidents are now
distributed and analyzed world-wide. One of the things that is absolutely critical is to have very robust
mechanisms for information sharing among regions, including threats, potential incidents and mitigations, Mr.
Huerta said in an interview. The specifics of the cyber threat require us to be sharing on a broader scale than we
have done in the past. Industry officials at all levels are increasingly vigilant about chasing down any suspicions or
allegations of unauthorized attempts to penetrate computer systems. Today, people try to get in your cellphone ...
they like to test the security of all kinds of electrical devices, according to Carl Esposito, a senior aerospace official
at Honeywell International Inc., who emphasized that aviation designs understand that trend. A major question is
whether the global industry, which relies on software development cycles that sometimes stretch into years, can
remain nimble enough to stay ahead of hackers who can shift quickly from region to region and work on much
shorter timelines. I see a lot of sharing [of data security threats], maybe not between countries but at least within
countries, said Marc Darmon, head of the cybersecurity unit for Frances Thales SA, which helps safeguard banking
and a huge chunk of the worlds credit-card transactions. In the past, he said, aircraft makers and airlines believed
it was enough to ensure that safety systems were isolated from accidental intrusions, but now almost every
industry has adopted identification and responses to cyberattacks as major design criteria. That was not the case
10 years ago, he said. It has to be the case today.
Privacy
Crypto War Impact Privacy

New cryptowar destroys privacy.
Meinrath & Vitka 2014
Sascha Meinrath is Director of X-Lab, Sean Vitka is Federal Policy Manager of the
Sunlight Foundation, Crypto War II Critical Studies in Media Communication Vol.
31, Iss. 2, 2014
However politically dire the current situation is, we can take heart that the key success from the first Crypto War has, in fact,
withstood the test of time. Individuals everywhere can and do use tools like Pretty Good Privacy to encrypt their e-mail and other
communications whenever and wherever they are. If one wishes to secure a laptop, phone, or other communication device,
The nearly 20 years

that strong encryption has been publicly available has not led the world into
disarray, nor have terrorists and criminals taken over. In fact, strong encryption has
been singularly important for a variety of critical economic and political endeavors
(Stecklow, Sonne, & Bradley, 2011). The online world as we know it simply would not exist
without strong encryptioneverything from credit card purchases to securing the
passwords on our favorite social media website requires it. Crypto War I was a long-fought affair,
encryption like PGP can make it exceedingly difficult to undermine the integrity of communications.
and eventually the forces of free speech won. But Crypto War II will be a far more grueling slog pitting privacy and free speech
Losing Crypto War II would be disastrous

creating unprecedented collateral damage, dangerous precedents, and potentially
game-changing implications that would fundamentally undermine participatory
democracyin particular, the free speech on which it dependson a global scale .
aficionados against both governmental and corporate interests.
There are, however, several concrete actions that we can take to prevent us from heading down this trajectory. Three key tactics are
discussed below. First, ensure that the locus of control over communications is in the hands of end users and within edge devices.
Today's mass surveillance is predicated upon centralized mechanisms for collecting

data that are located in the core of our communications networks . But so long as we can use
strong encryption and anonymizing technologies, we can still be fairly certain that our communications are secure . While
we've won the right to use strong encryption, the next battles will be over who
controls our edge devicesand losing now would undermine everything we won in the first Crypto War. Second, we
must enshrine Internet Freedom and open internet rules and ensure that
discriminatory practices do not become the new norm . End users are perfectly capable of deciding
when they want to prioritize streaming video or an outgoing upload. Today, a legal battle is raging inside the Beltway about how the
Federal Communications Commission will oversee the internetand it is up to the FCC to disrupt the data obfuscation arms race
that is certain to occur if ISPs begin to prioritize and degrade services. Third, reiterate that the right to privacy is sacrosanct and
includes the right to use strong encryption, steganographic communications, and anonymizing technologies. Anonymity has been a
foundational part of U.S. culture, from Publius, the pseudonym used by some Founding Fathers when publishing the Federalist
these
reforms would change a trajectory that is rapidly hurling us toward Crypto War II
and help ensure that Democracy in the 21st century remains true to the inalienable
rights it is predicated upon. To accomplish this peace, we need to overcome both entrenched business interests as
well as the ever-prevalent fear of the unknown. Our privacy and free speech rights will not survive if
we lose these coming battlesand with this corporate-government alignment
against encryption, the fight will be harder than ever before .
Papers, to anonymous comments in online forums. It is essential to free speech and a free society. Taken together,
Encryption good Privacy Rights

Encyrption is critical to privacy.
Jonathan Zdziarski, 9-25-2014, iOS security expert "The Politics Behind iPhone
Encryption and the FBI," http://www.zdziarski.com/blog/?p=3894
demanding back doors for law enforcement
is selfish. Its selfish in that they want a backdoor to serve their own interests. Non law-enforcement
types, such as Orin Kerr, a reporter who wrote a piece in the Washington Post supporting FBI backdoors (and then
later changed his mind), are being selfish by demanding that others give up their privacy
to make them feel safer. This is the absolute opposite of a society where law
enforcement serves the public interest. What Kerr, and anyone supporting law enforcement back
While perhaps a heartfelt utopian ideal, the fact is that
doors, really wants, is a society that caters to their fears at the expense of others privacy. While we individually
choose to trust the law enforcement we come in contact with, government only works if we inherently and
collectively distrust it on a public level. Our public policies and standards should distrust those we have put in a
Freedom only works when the power is balanced toward the

citizens; providing the government with the ability to choose to invade our 1st, 4th
and 5th Amendment rights is only an invitation to lose control of our own freedom .
Deep inside this argument is not one of public safety, but a massive power grab away from the
peoples right to privacy. Whether everyone involved realizes that, it is privacy itself that is
at stake. Our founding fathers were aware that distrusting government was essential to freedom, and thats
position to watch over us.
why they used encryption. In fact, because of their own example in concealing correspondence, one can make an
even stronger case supporting encryption as an instrument of free speech. The constitution is the highest law of the
land its above all other laws. Historically, our founding fathers guarded all instruments available that protect our
freedom as beyond the laws reach: The Press, Firearms, Assembly. These things provided information, teeth, and
Modern encryption is just as essential to our freedom as a country

as firearms, and are the teeth that guarantees our freedom of speech and
freedom from fear to speak and communicate. Encryption today still just as
vital to free speech as it was in the 1700s, and to freedom itself. Whats at stake
here is so much bigger than solving a crime. The excuse of making us safer has
been beaten to death as a means to take away freedoms for hundreds of years.
Dont be so naive to think that this time, its any different.
consensus.
Zero Days
Zero Days Creates Insecurity

NSA surveillance via vulnerabilities makes the internet
insecure. US is uniquely vulnerable.
Schneier 15 Bruce Schneier is an internationally renowned security technologist,
called a "security guru" by The Economist. He has testified before Congress, is a

frequent guest on television and radio, has served on several government
committees, and is regularly quoted in the press. Schneier is a fellow at the
Berkman Center for Internet and Society at Harvard Law School, a program fellow at
the New America Foundation's Open Technology Institute, a board member of the
Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy
Information Center, and the Chief Technology Officer at Resilient Systems, Inc.,
3/2/15, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your
World.
MAINTAINING AN INSECURE INTERNET
In Chapter 6, I discussed how the NSA uses both existing and specially created
vulnerabilities to hack into systems. Its actions put surveillance ahead of
security, and end up making us all less secure. Here's how the NSA and GCHQ think,
according to a Guardian article on some of the Snowden documents: "Classified briefings between the agencies
celebrate their success at 'defeating network security and privacy. Just how do governments go about defeating
security and privacy? We know the NSA uses the following four main practices. Assume that the Russians, Chinese,
and various other countries are using similar methods. And cybercriminals aren't far behind. Stockpiling
vulnerabilities in commercial software that we use every day, rather than making sure those security flaws get
fixed.
When the NSA discovers (or buys) a vulnerability, it can either alert the vendor
and get a still-secret vulnerability fixed, or it can hold on to it and use it to
eavesdrop on target computer systems. Both tactics support important US policy
goals, but the NSA has to choose which one to pursue in each case. Right now, the
USboth at the NSA and at US Cyber Commandstockpiles zero-day vulnerabilities .
How many it has is unclear. In 2014, the White House tried to clarify the countrys policy on this in a blog post, but
didn't really explain it. We know that a single cyberweapon, Stuxnet, used four zero-days. Using up that many for a
In congressional testimony,
former NSA director Michael Hayden introduced the agency jargon NOBUS, "nobody
but us"that is, a vulnerability that nobody but us is likely to find or use. The NSA has a
single cyberattack implies that the government's stockpile is in the hundreds.
classified process to determine what it should do about vulnerabilities. The agency claims that it discloses and
closes most of the vulnerabilities it finds, but holds back some we don't know how manythat it believes are
This approach seems to be the appropriate general framework, but it's

impossible to apply in practice. Many of us in the security field don't know how to make NOBUS
decisions, and we worry that the government can't, either. This stockpiling puts everyone at
risk. Unpatched vulnerabilities make us all less safe, because anyone can
independently discover them and use them to attack us . They're inherently
destabilizing, especially because they are only effective for a limited time . Even worse,
NOBUSes.
each use runs the risk that others will learn about the vulnerability and use it for themselves. And they come in
families; keeping one secret might mean that an entire class of vulnerabilities remains undiscovered and
The US and other Western countries are highly vulnerable to zerodays, because of our critical electronic infrastructure, intellectual
property, and personal wealth. Countries like China and Russia are less
vulnerableNorth Korea much lessso they have considerably less incentive to get
vulnerabilities fixed.
unpatched.
Zero Days Critical Infrastructure

Zero-day vulnerabilities make critical infrastructure most
vulnerable nuclear power at risk.
Harris, 2014
The targets that are most vulnerable to a devastating zero day attack are the same
ones that the NSA is trying to protect: electrical power plants, nuclear facilities,
natural gas pipelines, and other critical infrastructures, including banks and
financial services companies. Not all of these companies have a system for easily sharing information
about vulnerabilities and exploits that have been discovered and publicly disclosed, often by more defensiveminded hackers who see their job as warning technology manufacturers about problems with their products, rather
than trying to profit from them.
When companies find out about a risk in their system, it's up

to them to apply patches and defensive fixes, and their technological fluency varies .
Some may be prepared to patch systems quickly, others may not even realize they're using a vulnerable piece of
software. They, quite literally, may not have received the memo from the vendor warning that they need to install
an update or change the security settings on a product in order to make it safer. Even if a company is using
software that receives regular updates over the Internet, the company's systems administrators have to
consistently download those fixes, make sure they're applied across the company, and stay on watch for more
By
buying so many zero day exploits, the NSA is helping to prop up a cyber arms
market that puts American businesses and critical facilities at risk. The
chances are good that if another country or a terrorist group knocks out the lights in
a US city, it will use an exploit purchased from a company that also sells them to
the NSA. The sellers of zero day exploits also bear at least some notional responsibility for making the Internet
updates. Some find doing that for hundreds or thousands of computers in a single facility a daunting task.
less safe. But they tend to blame software manufacturers for building programs that can be penetrated in the first
place. "We don't sell weapons, we sell information;' the founders of exploit seller ReVuln told a reporter for Reuters,
when he asked whether the company would be troubled if some of their programs were used in attacks that
destroyed systems or caused people to die. "This question would be worth asking to vendors leaving security holes
in their products. This line of defense is a bit like blaming a locksmith for a burglary. Yes, the locksmith is supposed
to make a product that keeps intruders from getting into someone's home. But if a burglar manages to break in and
steal a television or, worse, attack the homeowners, we don't prosecute the locksmith. Companies such as ReVuln
aren't burglars, but they are selling the equivalent of lock picks. Surely they bear some measure of responsibility, as
well, for crimes that are committed- if not a legal responsibility, then a moral one. And what about the NSA? In the
world of burglary, there's no equivalent for what the agency is doing. No one is out there buying up lock picks. But
the NSA also wants to be a kind of security guard for the Internet. What would
happen if the guard hired to watch over a neighborhood discovered an open window
but didn't tell the owner? More to the point, what if he discovered a design flaw in the brand of window
that everyone in the neighborhood used that allowed an intruder to open the window from the outside ? If the
security guard didn't alert the homeowners, they'd fire him - and probably try to
have him arrested. They wouldn't accept as a defense that the security guard was keeping the windows' flaw
a secret in order to protect the homeowners. And the police surely wouldnt accept that hed kept that information
to himself so that he could go out and rob houses. The analogy isn't perfect .
The NSA isn't a law

enforcement agency, its a military and intelligence organization. It operates by a
different set of laws and with a different mission. But as the agency drums up talk of
cyber war and positions itself as the best equipped to help defend the nation from
intruders and attacks, it should act more like a security guard than a burglar .
America's critical infrastructure is vulnerable to Cyberattacks

Michael Assante, 11-11-2014, "America's Critical Infrastructure Is Vulnerable To
Cyber Attacks," Forbes, http://www.forbes.com/sites/realspin/2014/11/11/americascritical-infrastructure-is-vulnerable-to-cyber-attacks/2/

Americas critical infrastructurethe utilities, refineries, military defense systems,
water treatment plants and other facilities on which we depend every dayhas
become its soft underbelly, the place where we are now most vulnerable to attack. Over
the past 25 years, hundreds of thousands of analog controls in these facilities have been
replaced with digital systems. Digital controls provide facility operators and
managers with remote visibility and control over every aspect of their operations,
including the flows and pressures in refineries, the generation and transmission of
power in the electrical grid, and the temperatures in nuclear cooling towers. In doing
so, they have made industrial facilities more efficient and more productive . But the
same connectivity that managers use to collect data and control devices allows
cyber attackers to get into control system networks to steal sensitive information,
disrupt processes, and cause damage to equipment. Hackers, including those in
China, Russia and the Middle East, have taken notice. While early control system breaches were
random, accidental infections, industrial control systems today have become the object of
targeted attacks by skilled and persistent adversaries . The recently discovered Industrial
Control System modules of the HAVEX trojan are one example. The malware infiltrated an indeterminate number of
critical facilities by attaching itself to software updates distributed by control system manufacturers. When facilities
downloaded the updates to their network, HAVEX used open communication standards to collect information from
control devices and send that information to the attackers for analysis. This type of attack represents a significant
threat to confidential production data and corporate intellectual property and may also be an early indicator of an
advanced targeted attack on an organizations production control systems. Other hacks represent a direct threat to
the safety of U.S. citizens. Earlier this year, the FBI released information on Ugly Gorilla, a Chinese attacker who
invaded the control systems of utilities in the United States. While the FBI suspects this was a scouting mission,
Ugly Gorilla gained the cyber keys necessary for access to systems that regulate the flow of natural gas.
cyber attackers are numerous and persistentfor every one you see
there are a hundred you dontthose developments should sound alarms among executives at
Considering that
companies using industrial controls and with the people responsible for protecting American citizens from attacks.
To their credit, both businesses and the U.S. government have begun to take action; however, neither is adequately
addressing the core of the issue. Businesses continue to believe that cybersecurity issues can be addressed solely
through technology. The problem was created by technology so the solution must be more technology, they reason,
ignoring the spirit of Einsteins observation that no problem can be solved from the same level of consciousness
that created it. Technology is static and the threat is not. Hackers will always find a way to beat technology-based
solutions. Thats why we have to do more than create barriers to keep out intruders. We have to man our digital
borders with people who have the same skill and determination as the attackers. Similar to the use of technology,
the ability to regulate a solution is inherently limited. Regulation creates a compliance mentality in which policies
and investments are based on achieving and maintaining compliance. Compliance is predictable, which makes it
the hackers best friend. Legislation (HR 3696) has been introduced in the U.S. Congress that would increase the
sharing of information related to control system breaches to better arm security professionals to prevent future
breaches. That is a worthwhile goal; unfortunately, there is a dire lack of security professionals with an
understanding of both digital security and control system technology to benefit from this information sharing. Filling
this gap is where the lions share of the cybersecurity effort must go. It is estimated in the latest Project SHINE
the United States has more than half a billion control system devices
connected to the Internet. The SANS Institute, the largest cybersecurity training organization in the world,
report that
estimates that in the U.S. power industry alone thousands of new or existing control systems security professionals
must be deployed or further developed in the next five years to adequately address the challenge of control system
security within the electric sector.
Zero Days Economy

Zero Day vulnerabilities are used to breach financial
institutions
Adam Greenberg,, 8-28-2014, "Reported breaches involving zeroday bug at
JPMorgan Chase, other banks," SC Magazine, http://www.scmagazine.com/reportedbreaches-involving-zero-day-bug-at-jpmorgan-chase-other-banks/article/368690/1/

Citing an unnamed U.S. government official and other anonymous sources briefed by U.S. law enforcement,
JPMorgan Chase, as well as at least four other financial

institutions, have been hacked. [The FBI is] working with the United States Secret Service to determine
Bloomberg reported on Wednesday that
the scope of recently reported cyber attacks against several American financial institutions, Joshua Campbell,
The attackers who are

exploited a zero-day vulnerability in at least
one bank's website, and then weaved through layers of complex security in order to
gain access to sensitive information, the report indicates. Most probably, [the zero-day
vulnerability was in] a common web application or a web server service, as this
[zero]-day was also known to be used against other financial institutions, Aviv Raff, CTO
supervisory special agent with the FBI, told SCMagazine.com in a Thursday statement.
said to be Russian and state-sponsored may have
of Seculert, told SCMagazine.com in a Thursday email correspondence. Lucas Zaichkowsky, enterprise defense
architect with AccessData, told SCMagazine.com in a Thursday email correspondence that Eastern European
attackers are well-known for exploiting web application security flaws to gain initial
access into corporate environments. That's because web applications tend to be
riddled with these types of vulnerabilities unless a Security Development Lifecycle (SDL) is strictly
followed and the developers are highly skilled in secure coding practices, Zaichkowsky said . Gigabytes of
sensitive data were stolen in the attacks, including information from employee
computers and information that could be used to drain funds from accounts , according
to the report, which adds that there have been no signs of money being moved from accounts or other fraud. The
motivations for the attacks are unclear in a Thursday email correspondence, Armond Caglar, senior threat
specialist with TSC Advantage, told SCMagazine.com that checking and savings account information could have
been the reason these financial institutions were targeted, and Zaichkowsky agreed.
Zero-Days Stockpile Bad

Zero day stockpile cyber equivalent of a nuclear arsenal.
Harris, 2014
Of all the NSA's dark arts, perhaps none has put the security of the Internet and the
people using it more at risk than its secretive quest to build cyber weapons . For the
past two decades, NSA analysts have been scouring the world's software, hardware, and
networking equipment looking for vulnerabilities for which it can craft computer
attack methods known as zero day exploits , so called because they take advantage of previously
unknown flaws for which no defense has been built. (The target has had "zero days" to prepare for the attack.) A
zero day is the most effective cyber weapon. It provides the element of surprise,
which is the ultimate advantage in battle . The zero day exploit is bespoke, tailor-made to use
against a specific vulnerability. And because that defenseless point in a system is likely to be patched as soon as
Zero day attacks are

especially hard to design because unknown vulnerabilities are hard to find. But the
NSA has been stockpiling them for years. In 1997, according to a recently declassified NSA
the target realizes he's been hit with a zero day, it may be used only once.
newsletter, at least eighteen organizations in the agency were secretly collecting vulnerability data on technology
the NSA is widely believed by

security experts and government officials to be the single largest procurer of
zero day exploits, many of which it buys in a shadowy online bazaar of freelance
hackers and corporate middlemen. This gray market is not precisely illegal, but it operates on the
fringes of the Internet. It works like this: security researchers - another term for hackers - find
vulnerabilities. (Many of these researchers are based in Europe, where local and national laws against
computer hacking are weaker than in the United States.) The researchers then design exploits, or
methods for attacking the vulnerability, that only they know about at this point. Next, they sell the
used by people, businesses, and governments around the world. Today,
exploits to middlemen, which are mostly large defense contractors. Raytheon and Harris Corporation are two major
players in the zero day market. They also design traditional weapons systems for the military and are two of the
bestestablished and largest Pentagon contractors. Their ties to the military and to the NSA are deep and longstanding. Also collecting and selling zero days are smaller boutique firms, a number of which are run by former
military officers or intelligence officials. Once the middlemen have the zero days, they sell them to their customer the NSA. But the supply chain begins with the hacker. To be a good zero day hunter, a hacker has to put himself in
the original programmer's shoes and find the flaws in his design. Automated technology can help. "Fuzzing, for
instance, is a technique that throws unexpected or random data into the inputs of a computer program, hoping to
make it crash. Then the hacker looks for the flaw in the system that caused it to fail. But to find the deepest cracks,
a hacker has to devise novel and more clever techniques that force the computer to show him where ifs weak. For
instance, in 2005 a PhD student at UCLA discovered that by measuring the "smaII, microscopic deviations,, in the
internal docks of computers, he could uniquely identify one computer out of a network of thousands. The technique
would be especially useful, he later wrote in a research paper, to "adversaries thousands of miles,, away from the
targeted machine who wanted to overcome software meant to hide the machine's physical location - software such
as Tor, the anonymizing router system that the NSA was so keen to disrupt. A year after the paper was published, a
researcher at Cambridge University discovered that one could, in fact, find which server in a network was actually
running Tor's anonymizing software, thus def eating its all-important feature. He did this by sending an anonymous
Tor server an especially intensive request for information that literally forced the machine to heat up because it was
working so hard. The heat changed the rate at which electrons in the computer moved, which in turn affected the
accuracy of the clock. He still didn't know where the anonymous server was located, but he took the unique "dock
skew,, and queried computers on the public Internet to see if he could find a match. He did. The clock skew gave
away the location of the supposedly hidden Tor server. The classified NSA document, "Tor Stinks;' which shows how
the NSA tried to defeat the network, indicates that the agency studied both these clock-skew techniques in an
attempt to find routers on a network. The ingenious ability to suss out such an obscure, barely discernible flaw is
what separates good hackers from great ones and leads to the discovery of zero days.
Hackers charge a
high price for zero day exploits. If they come in "weaponized form, that is, ready to use against a
system, exploits start at around $50,000 and run to more than $100,000 apiece ,
according to experts. But some exploits command a higher price because their targets are
more valuable or harder to penetrate. The going rate on an exploit for Apple's iOS
operating system, used on the iPhone and the company's other mobile devices , is half a million dollars,
says one expert. And more complicated exploits such as those that rely on flaws in the internal mechanics of a
piece of hardware, can cost millions. Those exploits are so expensive because they target the engineering of the
The only
organizations with the means and the motive to buy such a weapon are
organized criminal groups and governments. Serious buyers of zero days,
such as the NSA, don't procure them in one-off fashion. They make stockpiles to use
in future attacks. The NSA has stored more than two thousand zero day exploits for
machine itself, which cannot be patched in the way software can, with new lines of code.
potential use against Chinese systems alone, according to a former highranking government official who was told
about the cache in a classified meeting with NSA officials.
That is an astonishingly large
number of exploits. The Stuxnet computer worm, which the United States built in conjunction with Israel
to disable the Iranian nuclear facility, contained four zero day exploits, which is itself a lot for one attack. A
collection of two thousand zero day exploits is the cyber equivalent of a
nuclear arsenal. It also puts people around the world at risk. If the NSA is hoarding
those vulnerabilities, rather than telling the makers of technology products that they
have found flaws in their hardware and software, then the agency is arguably covering up
valuable information that could be used to defend against malicious hackers . To be
sure, the NSA does use knowledge of zero day exploits to plug holes in technology that it's using or that might be
But it doesn't warn the wider world - that

would render the zero day exploit less effective, possibly even useless . One of the
deployed within the military or intelligence community.
agency's eventual targets in China or Iran might be tipped off if the NSA alerted technology companies to flaws in
their technology.
Zero-day Market US Key

The USfg is the largest buyer in the backdoors market- it
causes people to stop developing cyber-defense
Menn 13 (JOSEPH MENN, investigative reporter on technology issues, especially
cybersecurity and privacy, for Reuters, SPECIAL REPORT - U.S. cyberwar strategy
stokes fear of blowback, May 10, 2013,
http://in.reuters.com/article/2013/05/10/usa-cyberweaponsidINDEE9490AX20130510?type=economicNews)
Even as the U.S. government confronts rival powers over widespread Internet
espionage, it has become the biggest buyer in a burgeoning gray market where
hackers and security firms sell tools for breaking into computers. The strategy is spurring
concern in the technology industry and intelligence community that Washington is in effect
encouraging hacking and failing to disclose to software companies and customers
the vulnerabilities exploited by the purchased hacks. That's because U.S. intelligence and
military agencies aren't buying the tools primarily to fend off attacks. Rather, they are using the tools to infiltrate
computer networks overseas, leaving behind spy programs and cyber-weapons that can disrupt data or damage
core problem: Spy tools and cyber-weapons rely on vulnerabilities in

existing software programs, and these hacks would be much less useful to the
government if the flaws were exposed through public warnings. So the more the
government spends on offensive techniques, the greater its interest in making sure
that security holes in widely used software remain unrepaired. Moreover, the money
going for offense lures some talented researchers away from work on defense, while
tax dollars may end up flowing to skilled hackers simultaneously supplying criminal
groups. "The only people paying are on the offensive side," said Charlie Miller, a security researcher at Twitter
systems. The
who previously worked for the National Security Agency. A spokesman for the NSA agreed that the proliferation of
hacking tools was a major concern but declined to comment on the agency's own role in purchasing them, citing
the "sensitivity" of the topic. America's offensive cyber-warfare strategy - including even the broad outlines and the
total spending levels - is classified information. Officials have never publicly acknowledged engaging in offensive
cyber-warfare, though the one case that has been most widely reported - the use of a virus known as Stuxnet to
disrupt Iran's nuclear-research program - was lauded in Washington. Officials confirmed to Reuters previously that
the U.S. government drove Stuxnet's development, and the Pentagon is expanding its offensive capability through
Computer
researchers in the public and private sectors say the U.S. government, acting
mainly through defense contractors, has become the dominant player in fostering
the shadowy but large-scale commercial market for tools known as exploits , which
the nascent Cyber Command. Stuxnet, while unusually powerful, is hardly an isolated case.
burrow into hidden computer vulnerabilities. In their most common use, exploits are critical but interchangeable
components inside bigger programs. Those programs can steal financial account passwords, turn an iPhone into a
listening device, or, in the case of Stuxnet, sabotage a nuclear facility. Think of a big building with a lot of hidden
doors, each with a different key. Any door will do to get in, once you find the right key. The pursuit of those keys has
The Department of Defense and U.S. intelligence agencies, especially the

NSA, are spending so heavily for information on holes in commercial computer
systems, and on exploits taking advantage of them, that they are turning the world
of security research on its head, according to longtime researchers and former top
government officials. Many talented hackers who once alerted companies such as
Microsoft Corp (MSFT.O) to security flaws in their products are now selling the
information and the exploits to the highest bidder , sometimes through brokers who never meet
the final buyers. Defense contractors and agencies spend at least tens of millions of
dollars a year just on exploits, which are the one essential ingredient in a broader
cyber-weapons industry generating hundreds of millions annually, industry executives said
intensified.
privately.
The US government is the main buyer of zero-days finding

another customer is difficult
Paganini 13 (Pierluigi Paganini, Zero-day market, the governments are the main
buyers, Security Affairs, 3/21/13, Pierluigi Paganini is Chief Information Security
Officer at Bit4Id, firm leader in identity management, member of the ENISA
(European Union Agency for Network and Information Security) Threat Landscape
Stakeholder Group, he is also a Security Evangelist, Security Analyst and Freelance
Writer. Editor-in-Chief at "Cyber Defense Magazine",
http://securityaffairs.co/wordpress/14561/malware/zero-day-market-governmentsmain-buyers.html, 7/14/15 AV)
Governments, and in particular US one, are principal buyers of zero-day
vulnerabilities according a report published by Reuters. Zero-days exploits are considered a
primary ingredient for success of a cyber attack, the knowledge of zero-day flaw
gives to the attacker guarantee of success, state-sponsored hackers and cyber
criminals consider zero-day exploits a precious resources around which is grown a
booming market. Zero-day exploits could be used to as an essential component for the design of a cyber
weapon or could be exploited for cyber espionage purposes, in both cases governments appear the most interested
entities for the use of these malicious code. Recent cyber attacks conducted by Chinese hackers might lead us to
think Chinese Government is primary buyer/developer for zero-day vulnerabilities, but a report recently published
the US government is the biggest buyer in a burgeoning gray market

where hackers and security firms sell tools for breaking into computers. Reuters
revealed that the US Government, in particular its intelligence agency and the DoD are
spending so heavily for information on holes in commercial computer systems, and
on exploits taking advantage of them, that they are turning the world of security
research on its head., its a news way to compete with adversary in cyberspace. Recent tension
between China and US gave security experts the opportunity to discuss about the
development of the two countries of efficient cyber strategy that improve both
offensive and defensive cyber capabilities. Both countries are largely invested in the creation of
by Reuters claimed
new cyber units, but according intelligence sources, offensive approach seems to be most stimulated by the need to
preserve the security in the cyberspace. NSA chief General Keith Alexander told Congress that the US Government
is spending billions of dollars every year on cyberdefense and constructing increasingly sophisticated
cyberweapons this led to the birth of more than a dozen offensive cyber units, designed to mount attacks, when
necessary, at foreign computer networks. Popular hacker Charlie Miller, security researcher at Twitter, with a past
collaboration with NSA confirmed the offensive approach to cyber security: The only people paying are on the
The emerging zero-day market is fueled by intense activities of talented

hackers who sell information on flaws in large use products. According Reuters defense
contractors and intelligence agencies spend at least tens of millions of dollars a
year just on exploits. The zero-day market is very complex due high perishability of the goods, following
some key figures of a so complex business Difficulty finding buyers and sellers Its a closed
market not openly accessible. Find a buyer or identify a possible seller is a critical
phase. Checking the buyer reliability The reduced number of reliable brokers able to locate a buyer pushes the
offensive side,
researcher to try to tell many individuals about the discovery in an attempt to find a buyer with obvious risks. Value
cannot be demonstrated without loss One of the most fascinating problems a researcher attempting to sell
vulnerability information or a 0-day exploit may face is proving the validity of the information without disclosing the
information itself. The only way to prove the validity of the information is to either reveal it or demonstrate it in
some fashion. Obviously, revealing the information before the sale is undesirable as it leaves the researcher
exposed to losing the intellectual property of the information without compensation. Exclusivity of rights The final
hurdle involves the idea of the exclusive rights of the information. In order to receive the largest payoffs, the
researcher must be willing to sell all rights to the information to the buyer. However, the buyer has no way to
protect themselves from the researcher selling the information to numerous parties, or even disclosing the
information publicly, after the sale. Current approaches to zero-day vulnerabilities are to be bought up exploits
avoiding that they could be acquired by governments opponents such as dictators or organized criminals, many
security firms sell subscriptions for exploits, guaranteeing a certain number per year. The trend to exploit zero-day
for offensive purposes has been followed by intelligence agencies and also private companies, both actors have
started to code their own zero-day exploits. Private companies have also sprung up that hire programmers to do
the grunt work of identifying vulnerabilities and then writing exploit code. The starting rate for a zero-day is around
$50,000, some buyers said, with the price depending on such factors as how widely installed the targeted software
is and how long the zero-day is expected to remain exclusive. The Reuters report also revealed the participation of
government representatives to the Secret Snoop Conference for Government and law enforcement spying, clearly
with the intent to acquire new technologies to conduct cyber espionage through malware based attacks able to
compromise target networks. The choice of a government to acquire a zero-day exploit to use it against a foreign
governments hide serious risks for its country, cyber terrorist, cyber criminals or state-sponsored hackers could
reverse engineer the source code to compose new malicious agent to use against the same authors. The most
popular example is the case of Duqu malware, a powerful spyware designed to steal industrial-facility designs from
Iran. which code was adopted by cybercrime industry to be the active components in popular Blackhole and Cool
exploit kits. In many cases the efficiency of these zero-day exploits has a long life due the presence of not updated
target systems, typical zero-day attack has an average duration of 312 days and once publicly disclosed it is
observable an increases of 5 orders of magnitude of the volume of attacks. Zero day Analysis Reuters reported to
have reviewed a product catalogue from one large contractor, it contained various applications for cyber espionage
purposes. The article refer of a product to turn any iPhone into a room-wide eavesdropping device and another
one was a system for installing spyware on a printer or other device and moving that malware to a nearby
computer via radio waves, even when the machines arent connected to anything. The product portfolio is very
wide including tools for getting access to computers or phones and tools for grabbing different categories of data,
its clear that majority of these products exploits zero-day vulnerabilities on various application and OSs . most of
the programs cost more than $100,000. Based from my experience the cost of a zero day-day depends on a
multitude of factors such as the product target, its diffusion level and of course the scope of use, a zero-day sold to
a government could have a price up to 100 times an exploit kit sold to private industry. Which are the principal
mediators for zero-day sale? The Grugq is the famous one but also small firms like Vupen and Netragard and other
defense contractors such as Northrop Grumman operate this growing market. Netragards founder Adriel Desautels
says hes been in the exploit-selling game for a decade, and describes how the market has exploded in just the
last year. He says there are now more buyers, deeper pockets, that the time for a purchase has accelerated from
months to weeks, and hes being approached by sellers with around 12 to 14 zero-day exploits every month
the explosion in demand for zeroday leaves little doubt about the true intentions of governments and the impact is
certainly not confined to just cyberspace.
compared to just four to six a few years ago. Prepare for the worst,
The US driven zero days market which allows exploitation by

foreign powers
FIDLER 6/3 (MAILYN FIDLER 6/3, Marshall Scholar, Department of Politics and
International Relations, University of Oxford, REGULATINGTHEZERODAY
VULNERABILITYTRADE:APRELIMINARYANALYSIS6/3/15,
http://moritzlaw.osu.edu/students/groups/is/files/2015/06/FidlerSecondReviewChangesMade.pdf)
The gray market for zero-days causes concern beyond its size and global reach. The gray market also raises
national and international security worries.
The zero-day issue, particularly U.S. government

participation in the trade and its policies towards disclosure, is an instance where
national security and broader cybersecurity needs may conflict. According to the Obama
administration, if the U.S. government discovers a zero-day vulnerability, it has a bias towards disclosure.21 What
bias means is unclear. U.S. policy makes exceptions to this bias, providing opportunities for the government to
Keeping vulnerabilities secret means

other governments or cyber criminals may independently discover and use the
vulnerability to the detriment of general cybersecurity .23 These concerns were evident with
keep vulnerabilities without notifying software vendors.22
Heartbleed: computer users would have been at risk if the U.S. government had known about the vulnerability and
chosen to keep it secret for exploitation. U.S. non-disclosure of zero-days also leaves global users at risk, because
Government participation
helps catalyze gray-market expansion, which has potentially harmful ramifications.
Vulnerability sellers may offer information to multiple sources. The U.S.
governments willingness to purchase vulnerabilities has spurred growth of
vulnerability-selling firms, encouraging gray-market expansion and increasing
availability and mobility of gray-market products, which actors unfriendly to the U.S.
may be able to access. Soghoian, a cybersecurity expert at the American Civil Liberties Union (ACLU),
states that, as soon as one of these weaponized zero-days sold to governments is
obtained by a bad guy and used to attack U.S. infrastructure bad things will
happen; gray-market sellers will drag the entire security industry into a world of
pain.24 Even without duplicitous vulnerability sellers, the very nature of zero-days means they
undisclosed vulnerabilities affect anyone using globally disseminated software.
could independently find their way into the hands of both the U.S. government and
bad actors. Howard Schmidt, former White House cybersecurity coordinator, explained that, its pretty nave to
believe that with a newly discovered zero-day, you are the only one ... thats discovered it.25 Government
participation in the gray market could affect the black market. U.S. involvement in
the gray market bankroll[s] dangerous R&D and build[s] the black market, a U.S.
militaryintelligence official stated. 26 Michael Hayden, former Central Intelligence Agency (CIA) and NSA Director,
tax dollars used to purchase vulnerabilities on the gray market may benefit
the black market for instance, if spent with a company that also supplies bad
actors.27 Or, a buyer participates in the gray market using a front company, but is
actually a criminal organization. This crossover effect exists in the traditional arms trade, where
legitimate arms transfers end up with renegade groups.28 A robust gray market expands access to
advanced cyber tools to states that would otherwise not be able to independently
develop them. Before the gray market, the ability to discover zero-days in-house
was largely a boutique capability, the privilege of a few capable governments or
those with access to skilled hackers.29 Colonel John Adams, head of the Marine Corps Intelligence
Integration Division, states that gray-market sellers provide cyber-power to hostile
governments that would otherwise lack the expertise to attack an advanced
countrys computer systems.30 Easier access to zero-days by non-state actors is also a security
argues that
concern. Eric Rosenbach, Deputy Assistant Secretary of Defense for Cyber Policy, said that the prospect of non-state
actors accessing zerodays on the market keeps me awake at night. 31
In acquiring zero-days, the

United States may inadvertently enable a market that also allows less cyber-capable
nations and non-state actors unfriendly to U.S. interests to improve their cyber
capabilities. Concerns that zero-days can contribute to human rights abuses have also emerged. As established,
the gray market may enable bad actors, including oppressive governments, to acquire cyber capabilities they can
use to violate human rights. For instance, since September 2013, a vulnerability in Adobe Flash, publicly disclosed
in April 2014, was used to target Syrians who visited a government complaints website.32 This bug appears to
have been professionally planned and executed.33 This situation demonstrates that concerns about connections
between human rights abuses and zero-days are real. European Union politician Marietje Schaake has advocated
regulating trade in such cyber technologies that could be used to abuse human rights.34
The companies cant and wont compete to buy zero days

Former White House cybersecurity advisors Howard Schmidt and Richard Clarke
said in interviews that the government in this way has been putting too much
emphasis on offensive capabilities that by their very nature depend on leaving U.S.
business and consumers at risk. "If the U.S. government knows of a vulnerability that can be exploited,
under normal circumstances, its first obligation is to tell U.S. users," Clarke said. " There is supposed to be
some mechanism for deciding how they use the information, for offense or defense.
But there isn't." Acknowledging the strategic trade-offs, former NSA director Michael Hayden said: "There has
been a traditional calculus between protecting your offensive capability and strengthening your defense. It might be
time now to readdress that at an important policy level, given how much we are suffering." The issue is sensitive in
the wake of new disclosures about the breadth and scale of hacking attacks that U.S. intelligence officials attribute
Top U.S.
officials told Congress this year that poor Internet security has surpassed terrorism
to become the single greatest threat to the country and that better information-sharing on risks
is crucial. Yet neither of the two major U.S. initiatives under way - sweeping
cybersecurity legislation being weighed by Congress and President Barack Obama's
February executive order on the subject - asks defense and intelligence agencies to
spread what they know about vulnerabilities to help the private sector defend itself. Most
to the Chinese government. Chinese officials deny the allegations and say they too are hacking victims.
companies, including Microsoft, Apple Inc (AAPL.O) and Adobe Systems Inc
(ADBE.O), on principle won't pay researchers who report flaws, saying they don't
want to encourage hackers. Those that do offer "bounties", including Google Inc
(GOOG.O) and Facebook Inc (FB.O), say they are hard-pressed to compete
financially with defense-industry spending . Some national-security officials and security executives
say the U.S. strategy is perfectly logical: It's better for the U.S. government to be buying up exploits so that they
don't fall into the hands of dictators or organized criminals.
Zero days are sold to both sides in the status quo

Zero-day exploits will work even when the targeted software is up to date, and experts say the use of even a single
zero-day in a program signals that a perpetrator is serious. A well-publicized hacking campaign against Google and
scores of other companies in early 2010, attributed by U.S. officials and private experts to Chinese government
Many zero-day exploits appear to have been produced by

intelligence agencies. But private companies have also sprung up that hire
programmers to do the grunt work of identifying vulnerabilities and then writing
exploit code. The starting rate for a zero-day is around $50,000, some buyers said, with the price depending on
hackers, used one zero-day.
such factors as how widely installed the targeted software is and how long the zero-day is expected to remain
It's a global market that operates under the radar, often facilitated by other
companies that act as brokers. On the buy side are U.S. government agencies and
the defense contractors that fold the exploits into cyber-weapons. With little or no
regulation, it is impossible to say who else might be purchasing zero-days and to what
exclusive.
end, but the customers are known to include organized crime groups and repressive governments spying on their
citizens. Even one of the four exploits used by Stuxnet may have been purchased. Swedish Defense Research
Agency expert David Lindahl said the same trick employed by the exploit in question was used in a piece of Russian
The same person may have sold the exploit

to both the United States and to Russian criminals. However, Lindahl and other experts said
simultaneous invention can't be ruled out. The issue of rival countries or gangs using a flaw that
U.S. officials have known about but decided to keep secret is a big concern. The
National Security Agency declined to say whether or how often that happens, but
researchers said simultaneous security discoveries occur often. "It's pretty nave to believe
crime software called Zlob prior to Stuxnet's discovery.
that with a newly discovered zero-day, you are the only one in the world that's discovered it," said Schmidt, who
retired last year as the White House cybersecurity coordinator. " Whether
it's another government, a

researcher or someone else who sells exploits, you may have it by yourself for a few
hours or for a few days, but you sure are not going to have it alone for long." China is
thought to do a lot of its work on exploits in-house, relying on its own programmers, though Reuters has reviewed
email from self-declared Chinese buyers offering large sums. "i really need some 0days,if you have some remote
exploit 0days of windows system, i think i can buy it. you know, money is not the problem," one hopeful wrote in
2006.
Zero Day Solvency

Congress should mandate diclosure of zero days.
Nojen, 2015
Gregory T. Nojeim, Senior Counsel and Director of the Freedom, Security and
Technology Project at the Center For Democracy And Technology, Statement Before
the Senate Homeland Security and Government Affairs Committee, On Protecting
America from Cyber Attacks: the Importance of Information Sharing, January 28,
2015 https://d1ovv0c9tw0h0c.cloudfront.net/files/2015/01/HSGAC-Cybersec-tes-128-15-final-TEH.pdf
Congress should also consider the impact on Americans cybersecurity of NSA
stockpiling of vulnerabilities to support offensive cybersecurity operations. Any
vulnerability that is left undisclosed and unpatched could also be discovered and
used by a bad actor, as shown by recent reports that the Sony hack employed a zero-day vulnerability.37 In
order to promote better cybersecurity and reduce attacks against the United States,
the Review Group on Intelligence and Communication Technologies recommended
that the government avoid stockpiling zero-days, and instead disclose
vulnerabilities to the parties that can patch them .38 Congress should embrace this
recommendation.
Solvency Disclose Zero Days

Disclosing zero-days solves the NSA drives the market.
Harris, 2014
of the military-Internet complex / Houghton Mifflin Harcourt. P.98
In any market- gray or otherwise - the biggest buyers have an outsized ability to set
terms and conditions. As the reputedly single largest purchaser of zero day vulnerabilities and exploits,
the NSA could turn the market on its head if it bought up zero days for the
express purpose of disclosing them. The agency has billions of dollars to spend
on cyber security. Why not devote some portion of that to alerting the world to the
presence of fixable flaws? What responsibility does the agency have to warn the
owners and operators of vulnerable technology that the capability of an attack
against them exists? That's an ethical dilemma that the agency hasn't had to address. But if there is
ever a cyber attack on the United States that results in significant physical damage,
or causes widespread panic - or deaths - the agency will be called to account for its failure to
prevent that disaster. There's a good chance that some future NSA director, sitting at a witness table
before members of Congress and television cameras, will have to explain having known about the
vulnerability America's enemies had exploited, but deciding to keep quiet, because
the NSA wanted to use it one day.
Aff Report Solves + A2 XO CP

Vulnerabilities should be reported by default. Legislation
better.
Bellovin, 2014,
Steven M. Bellovin is a professor of computer science at Columbia University., et al.

"Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet."
Northwestern Journal of Technology and Intellectual Property. 12 (2014).
We advocate that vulnerabilities law enforcement seeks to exploit be reported by
default. There are a number of ways to implement and enforce such a policy. 175 The
simplest way to implement a default reporting policy would be guidelines that mandate reporting under certain
a guidelinesonly approach has inherent weaknesses. First, the guidelines would be formulated,
implemented, and enforced by the very department with the most interest in
creating exceptions to the rule, and that most pays the cost when the tools it develops and uses are
neutralized. Such conflicts of interest rarely end up with the strongest possible
protections for the public. 176 Therefore, a legislative approach may be more
appropriate. Perhaps as part of the appropriations bill that funds the exploit discovery effort, Congress
could mandate that any vulnerabilities the unit discovers be reported; alternatively,
a reporting mandate could be added to the wiretap statute. This second approach
has the advantage that it is more permanent; however, amending the Wiretap Act has
proven to be a long and contentious process. Regardless, and as noted above, such legislation would need
to be carefully drafted to capture a range of different circumstances.
circumstances promulgated by the administration, likely the Department of Justice.256 However,
Solvency US Leadership
US leadership solves international cooperation on zero-days.
Fidler 2014
Mailyn Fidler, Marshall Scholar, Department of Politics and International Relations
May 2014 Anarchy or Regulation: Controlling the Global Trade In Zero-Day
Vulnerabilities A Thesis Submitted To The Interschool Honors Program in
International Security Studies, Center for International Security and Cooperation,
Freeman Spogli Institute for International Studies, Stanford University
https://decryptedmatrix.com/wp-content/uploads/2014/06/Fidler-Zero-DayVulnerability-Thesis.pdf
International cooperation is needed on the zero-day issue, but U.S. leadership is
required to catalyze such cooperation. Snowdens disclosures have caused significant problems for
the United States, reducing receptivity to cooperation with the United States on cyber issues. This problem is
exacerbated by the need to have the United States, as a major cyber player,
involved in international negotiations . Existing confusion and controversy over
national U.S. policies towards zero-day vulnerabilities create further obstacles to
addressing these issues at an international level. The United States needs to
establish policy clarity at a national level to set the stage for collective action,
signaling to other nations its seriousness about the problem and the nature of
American interests towards it. Richard Clarke and Peter Swire agree: we create a more secure and
useful global Internet if other nations, including China and Russia, adopt and implement similar policies to what the
but because they [other

nations] are unlikely to do so any time soon, the Obama administration should also
step up its efforts and create the basis for an international norm of behavior . 669
Obama administration recently announced about U.S. zero-day policy,
This thesis argues that the U.S. government must do more to strengthen its own zero-day policies as a necessary
element of addressing the need for collective action.
Solvency All Advantages
Plan Solves Cryptowar

The plan solves the cryptowar.
Joshua A. Kroll 15, doctoral candidate in computer science at Princeton
University, where he works on computer security and public policy issues at the
universitys Center for Information Technology Policy, 6-1-2015, "The Cyber
Conundrum," American Prospect, http://prospect.org/article/cyber-conundrum
An Alternative Strategy Apple CEO Tim Cook, who spoke before the president at Stanford, called for a different approach, emphasizing the goal of
strengthening systems against snooping. People have entrusted us with their most personal and precious information. History has shown us that
sacrificing our right to privacy can have dire consequences. If those of us in positions of responsibility fail to do everything in our power to protect the
right of privacy, we risk something far more valuable than money. We risk our way of life. Fortunately, technology gives us the tools to avoid these risks,
and it is my sincere hope that by using them, and by working together, we will. The CEOs of other companies such as Google and Yahoo turned down
To much of the U.S.

technology industry, the best policy is to build stronger walls around users data.
invitations to the public event, reportedly due to frustration with White House policy, opting instead to send deputies.
Obama, in an interview with Re/codes Kara Swisher after the Stanford event, recognized this tension, saying, I lean probably further in the direction of
strong encryption than some do inside of law enforcement. But I am sympathetic to law enforcement because I know the kind of pressure theyre under to
keep us safe. Now, in fairness, I think the folks who are in favor of airtight encryption also want to be protected from terrorists. It would be a great
achievement if we could somehow provide strong encryption against every adversary, except for a loophole only usable with a valid warrant. The same
hope has been expressed by FBI Director James Comey, by British Prime Minister David Cameron, and by The Washington Posts editorial board, which
famously asked for a secure golden key for law enforcement. But if there is a virtual access port that can be opened by a technology vendor on seeing a
warrantas Comey has called forthe same port can be opened by the same vendor without a warrant. The technology cannot tell whether the employee
requesting access has been compelled by a lawful court order, or by a blackmailer, or by an extortionist, or by a foreign government. As far as the
technology is concerned, access under a court order is the same as access to data by an insider. And misbehaving insiders often have privileged access
that makes their attacks devastating. Consider Snowdens attack on the NSA or the electronic thefts revealed in February in which thieves impersonating
insiders took hundreds of millions of dollars from banks around the world. If we want to lock out insiders, we will also have to lock out those with warrants.
We cannot avoid the choice between access and security. The largest Internet companies have been moving to adopt encryption for several years. Google
switched its website over to secure access by default in 2010 and 2011. Microsofts outlook.com email service followed suit in 2012, Facebook in 2013,
and Yahoo Mail in 2014. Many of these products later went further, requiring secure access and disabling insecure access. The pace picked up after the
Snowden revelations. Apple and Google beefed up encryption of data stored on iPhones and Android devices in 2014. In August 2014, Google announced
that it would boost the position of secure pages in search results, treating encryption as an indicator that a site is serious about security. Meanwhile,
citizens who went to Whitehouse.gov to read the text of the presidents Cybersecurity Summit speech could not do so on a secure page because the White
House website did not offer even the option of secure browsing. Visitors to https://whitehouse.gov received a sternly worded security warning from their
browsers and had to go to another site such as Googles YouTube if they wanted to experience the presidents speech on a secure site. Closing the Gap
The intelligence community,

which dominates cybersecurity policy in government, wants a strategy that favors
intelligence gathering, which means undermining and surveillance . The technical community,
The divide between government and industry runs deep, and it is cultural as much as political.
which dominates in industry, wants to strengthen systems, using tools such as encryption to protect privacy. The two communities come down on different
Ideally, both communities would be represented in government

and would be at the table when important cyber policy decisions were being made.
But the parts of government that run cybersecurity policy, other than the
intelligence agencies, have little technical expertise . Under these conditions, the cyber
conundrum generates tense meetings and competing speeches, but no solutions. Is
sides of the cyber conundrum.
there any escape from the cyber conundrum? The way out, if we can find it, will strive to bolster security of common technical infrastructure, while finding
Strengthening security for

everyone will make it harder to exploit adversaries systems, but the intelligence
community has developed some impressive tools for local exploitation . Thus far
government has not been willing to make major investments in strengthening
security infrastructure, for fear that this would make broad surveillance more
difficult. Until our leaders recognize the full costs of their current strategy, that is
unlikely to change. And the attacks will continue.
a way to target exploitation of identified adversaries. It will protect globally, and exploit locally.
Solvency- Strong Encryption

The plans solves.
Edgar, 2015
Timothy H. Edgar is a visiting scholar at the Brown Universitys Watson Institute for
International Studies. He was the first-ever director of privacy and civil liberties for
the White House National Security Staff. Under George W. Bush, he was the first
deputy for civil liberties for the director of national intelligence, from 2006 to 2009.
He was the national security counsel for the American Civil Liberties Union from
2001 to 2006. He is a graduate of Harvard Law School and Dartmouth College, 4-132015, "The Good News About Spying," Foreign Affairs,
https://www.foreignaffairs.com/articles/united-states/2015-04-13/good-news-aboutspying
the United States should promote, not undermine, strong encryption . As industry
offers new solutions for communications security in the face of cybersecurity problems and surveillance fears, FBI
Director James Comey has argued for a new legal requirement to ensure that
government will always be able to intercept communications . This is a bad idea.
Computer scientists have warned that mandating any backdoor for surveillance
makes a cryptosystem weaker for everyone. This is a matter of science, not politics .
Finally,
In 2013, Obamas own review group urged the government to put its weight behind a secure Internet, even at the
Obama needs to listen to the experts: He should reject any

proposal to mandate backdoors in secure communications systems, and order
national security agencies not to pressure companies to do so.
expense of surveillance.
Solvency Secure Data Act

Congress should pass legislation.
Daniel Castro and Alan Mcquinn June 2015
Daniel Castro is the Vice President of the Information Technology and Innovation
Foundation and Director of the Center for Data Innovation; Alan McQuinn is a
Research Assistant with The Information Technology and Innovation Foundation.
Prior to joining ITIF, he was a telecommunications fellow for Congresswoman Anna
Eshoo, an Honorary Co-Chair of ITIF, 6/9/15, Beyond the USA Freedom Act: How
U.S. Surveillance Still Subverts U.S. Competitiveness Information Technology &
Innovation Foundation http://www.itif.org/publications/2015/06/09/beyond-usafreedom-act-how-us-surveillance-still-subverts-us-competitiveness
The free and open Internet that powers the globally networked economy is
dependent on the ability of individuals and companies to engage in commerce
without geographic restrictions. To turn back the tide of technology protectionism, U.S. trade negotiators
will need a stronger hand to play. They cannot go to other nations and tell them to not discriminate against U.S.
tech firms if the U.S. intelligence system continues to follow policies that threaten their citizens and businesses .
As
a result, it is incumbent on the Congress and the Obama administration to take the
lead in showing the world the best standards for transparency, cooperation, and
accountability. First, the U.S. government should be forthcoming and transparent about its surveillance
practices and clearly inform the public about the data it collects domestically and abroad. The U.S. government
should set the gold standard for international transparency requirements, so that it is clear what information both
U.S. and non-U.S. companies are disclosing to governments at home and abroad. The U.S. government should then
work with its allies to create an international transparency requirement that illuminates when countries conduct
the U.S. government should draw

a clear line in the sand and declare that the policy of the U.S. government is to
strengthen not weaken information security. The U.S. Congress should pass
legislation, such as the Secure Data Act introduced by Sen. Wyden (D-OR), banning any government
efforts to introduce backdoors in software or weaken encryption. 43 In the short term,
surveillance that accesses foreign companies information. Second,
President Obama, or his successor, should sign an executive order formalizing this policy as well. In addition, when
U.S. government agencies discover vulnerabilities in software or hardware products, they should responsibly notify
The best way to protect

U.S. citizens from digital threats is to promote strong cybersecurity practices in the
private sector.
these companies in a timely manner so that the companies can fix these flaws.
Solvency Kehl
The plan solves - strong encryption key to the internet.
Kehl, 2015
Strong encryption has become a bedrock technology that protects the security of
the internet The evolution of the ecosystem for encrypted communications has also enhanced the protection of
individual communications and improved cybersecurity. Today, strong encryption is an essential
ingredient in the overall security of the modern network, and adopting technologies like HTTPS
is increasingly considered an industry best-practice among major technology companies.177 Even the report of the
Presidents Review Group on Intelligence and Communications Technologies, the panel of experts appointed by
President Barack Obama to review the NSAs surveillance activities after the 2013 Snowden leaks, was unequivocal
in its emphasis on the importance of strong encryption to protect data in transit and at rest. The Review Group
Encryption is an essential basis for trust on the Internet; without such trust,
valuable communications would not be possible . For the entire system to work,
encryption software itself must be trustworthy. Users of encryption must be confident, and
wrote that:
justifiably confident, that only those people they designate can decrypt their data. Indeed, in light of the massive
increase in cyber-crime and intellectual property theft on-line, the use of encryption should be greatly expanded to
The report
further recommended that the U.S. government should: Promote security[] by (1)
fully supporting and not undermining efforts to create encryption standards; (2)
making clear that it will not in any way subvert, undermine, weaken, or make
vulnerable generally available commercial encryption; and (3) supporting efforts to
encourage the greater use of encryption technology for data in transit, at rest, in
the cloud, and in storage.179 Moreover, there is now a significant body of evidence that,
as Bob Goodlatte argued back in 1997, Strong encryption prevents crime .180 This has become
protect not only data in transit, but also data at rest on networks, in storage, and in the cloud.178
particularly true as smartphones and other personal devices that store vast amount of user data have risen in
Encryption can stop or mitigate the damage from crimes

like identity theft and fraud targeted at smartphone users .181
popularity over the past decade.
Solvency Commercial Encryption key

Weakening commercial software for surveillance is a bad idea
and should end.
Peha, 2013
The American people have an acute and growing need for better cybersecurity
protection from numerous threats ranging from identity theft to industrial
espionage. The American people also need government law enforcement and intelligence agencies that can
conduct effective surveillance against individuals who are involved with crimes or terrorism. Most of the time, these
If the
balance is wrong, a well-intentioned government agency can severely undermine
security rather than strengthen it, and endanger the very American citizens that the
agency hopes to protect. Based on recent press reports regarding the alleged activities of the National
Security Agency (NSA), it is time for a reevaluation of this balance. Individual computer users, large
corporations, and government agencies all depend on the security features built
into information technology products and services that they buy on the open
market. If the security features of these widely available products and services are
weak, everyone is in greater danger. There have recently been allegations that U.S. government
agencies have engaged in a number activities deliberately intended to weaken this widely available technology .
Weakening commercial products and services does have the benefit that it becomes
easier for U.S. intelligence agencies to conduct surveillance on targets who use the
weakened technology, and if it is occurring, this is probably the motivation. However,
this strategy also inevitably makes it easier for criminals, terrorists, and foreign
powers to infiltrate these systems for their own purposes . Moreover, everyone who
uses this technology is vulnerable, and not just the handful who may be surveillance
targets for U.S. intelligence agencies. No government agency should act to reduce
the security of a product or service sold on the open market without first conducting
a careful risk assessment.1 If the recent allegations in the press are correct, and no such risk assessment
occurred, the White House should make sure that a thorough review is conducted now,
and that policies are changed as needed based on this assessment.
two needs are entirely compatible, but there are occasionally issues on which a balance must be struck.
Solvency - Open Letter

Now is key. Networks should not be surveillance ready.
Joseph Lorenzo Hall, 5-20-2015, "Strong Encryption has a Posse," Center for
Democracy & Technology, https://cdt.org/blog/strong-encryption-has-a-posse/
Perhaps the largest and most diverse coalition ever of tech companies, digital rights
advocates, and security experts yesterday asked the Obama administration to
support strong encryption and resist calls to weaken security mechanisms by
requiring backdoor access or escrow of encryption keys. This issue is dear to CDTs heart; CDT
coordinated the original expert report in 1997, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party
The
consistent message from the technical community has been clear: backdoors
reduce security, they are trivially engineered around, they dont work, and there will
always be methods to easily create or obtain software without backdoors. We gladly
Encryption, and an expert report in 2013 entitled CALEA II: Risks of Wiretap Modifications to Endpoints.
signed on to this effort to support strong encryption and to reject mandates that would weaken security. The letter
organized by The Open Technology Institute at New America points out that officials in President Obamas
administration have been arguing tech companies should weaken security and encryption controls in recent
The coalition argues that the White House should

reject any policy that might compromise technical security mechanisms: We urge
you to reject any proposal that U.S. companies deliberately weaken the security of
their products. We request that the White House instead focus on developing
policies that will promote rather than undermine the wide adoption of strong
encryption technology. Such policies will in turn help to promote and protect
cybersecurity, economic growth, and human rights, both here and abroad. The power
of this statement is amplified by the list of those signed on to it . I cant think of a similar area of
technology policy where there was such a broad and deep showing of stakeholders,
including major technology companies and technology advocacy organizations with
58 of the top experts in the law and technology of computer and network security.
months, most recently by NSA Director Rogers.
Im especially heartened to see such a strong showing of top security experts including two of the inventors of
modern public key cryptography (Diffie and Rivest). At CDT we believe strongly that domain experts should be
involved in policy conversations, and we helped coordinate expert sign-on to this letter by cryptographers,
computer scientists, and computer and network security experts. There should be no mistaking the statements
we are at a critical juncture where the Administration must chose between

shoring up technical security in the future or weakening what trust we do have in
our growing computer and network infrastructure by requiring systems be
surveillance-ready.
conclusion:
K Stuff
Internal Link NSA vulnerability

Backdoors and zero day vulnerabilities fundamentally
undermine human security.
Dunn Cavelty, 2014
That said, the security-implications of current actions by state entities go even further.
It has been suspected for a while and is now confirmed that the intelligence services of this world are making
cyberspace more insecure directly; in order to be able to have more access to data, and in order to prepare for
It has been revealed that the NSA has bought and exploited so-called
zero-day vulnerabilities in current operating systems and hardware to inject NSA
malware into numerous strategically opportune points of the Internet infrastructure
(Greenwald and MacAskill 2013). As soon as military and intelligence agencies became
buyers of so-called zero-day vulnerabilities, prizes have skyrocketed (Miller 2007; Perlroth
and Sanger 2013), with several downsides to this: first, exposing these vulnerabilities in order to
patch them, as was the norm not so long ago, is becoming less likely. Second, the competition for
future conflict.
exclusive possession of such vulnerabilities might even give programmers incentives to deliberately create and
then sell them (Schneier 2012b). It is unknown which computer systems have been compromisedbut it is known
that these backdoors or sleeper programs can be used for different purposes
(surveillance, espionage, disruption, etc.) and activated at any time. It also has been
revealed that the US government spends large sums of money to crack existing
encryption standardsand apparently has also actively exploited and contributed to
vulnerabilities in widespread encryption systems (Simonite 2013; Fung 2013; Clarke et al. 2013).
The crux of the matter is that these backdoors reduce the security of the entire systemfor
everyone. The exploitation of vulnerabilities in computer systems by intelligence
agencies and their weakening of encryption standards have the potential to destroy
trust and confidence in cyberspace overall. Also, there is no guarantee that the backdoor-makers
have full control over them and/or can keep them secret in other words, they could be identified and exploited by
state practices not only become a threat for human

security: paradoxically, they also become a threat for themselves.
criminal hackers or even terrorists. Here,
**State key ** Ethics

The state is key only state action can resolve the
fundamental security imbalance in cyber-security.
Dunn Cavelty, 2014
From Problem to Solution: Human-Centric Information Ethics. This article has identified and discussed implications
of cyber(-in)-security for human-security concerns, with a main focus on both the representation of the issue as a
The
problem with the current system is that security is underproduced, both
from a traditional state-focused national security and also from a bottom-up, human
security perspective. The reason, so I have argued, is a multidimensional and multi-faceted security
dilemma, produced by the following interlinked issues: First, cyber-security is increasingly presented
in terms of power-struggles, war- fighting, and military action . This is not an inevitable or
(security) political problem and the practices of (mainly state) actors based on such representations.
natural development; rather, it is a matter of choice, or at least a matter of (complicated) political processes that
has produced this particular outcome. The result is not more security, however, but less: states spend more and
more money on cyber-defense and likely also cyber-offense, which is not leading to more, but less security, as
evident by the flood of official documents lamenting the security-deficit. Second, the type of cybersecurity that is
produced is based on economic maxims, often without consideration for the particular security-needs of the
extending a notion of national security based on border control to

cyberspace will almost inevitably have an impact on civil liberties, especially on the
right to privacy and the freedom of speech. Fourth, cyber-exploitation by intelligence
agencies linked to the manipulation of vulnerabilities is directly making cyber-space
more insecure. What becomes exceedingly clear from the developments and lessons of the last decade is that
we cannot have both: a strategically exploitable cyberspace full of vulnerabilities
and a secure and resilient cyberspace that all the cyber-security policies call for . At
the heart of this challenge is, as so often when human security is implicated, the state (cf.
Kerr 2007). On the one hand, state practices are emerging as a major part of the problem,
constantly creating more insecurity and in fact also hindering the removal of known
insecurities. At the same time, a secure, safe, and open cyberspace is not
possible without involvement of the state. How, then, can this dilemma be
overcome? Because it is a dilemma extending to more than the state, solutions are not to be found solely in the
cooperation between states (cf. Booth and Wheeler 2008). Rather , a focus on a common issue of
interest for all the stakeholders that are interested in more security is
needed. Such a common ground is held by vulnerabilities. If we want a
secure and resilient cyberspace, then a strategically exploitable cyberspace full of
vulnerabilities has to be actively worked against . This is a compromise that some
state actors need to make if they want a type of national security that extends to
cyberspace. If such a compromise is not made, then the quest for more
national security will always mean less cyber-security , which will always mean less
population. Third,
national security because of vulnerabilities in critical infrastructures. The reason why vulnerabilities persist and
the current incentive structures in the market

are skewed (Dynes et al. 2008). This is where states are needed to help improve cybersecurity through additional regulation (and through further encouragement of voluntary arrangement
for the increase of cyber-security in the corporate sector). Furthermore, there is no doubt from a human
security perspective that the zero-day exploit market needs to be regulated
even proliferate has already been identified above:
prime human security concerns like the

freedom of speech and the right to privacy should no longer be seen as antisecurity, but as pro-security if linked to vulnerabilities : reducing the amount of data
that is unencrypted will substantially reduce cybercrime and cyber-espionage, with
benefits for both human-centred and state-centred security . In turn, the ethics that
should guide our future engagement with cyber-security have to take into account
the special and all-embracing characteristics of cyberspace . So far, ethical considerations
internationally for security reasons (Kuehn 2013). In addition,
with bearing on cyber-security have mainly been made from a military perspective, following the tradition to
address new forms of warfare and weapons systems under ethical viewpoints (cf. Rowe 2010; Dipert 2010; Barrett
From both a state

and a human security perspective, cyberspace has become more than just a
technological realm in which we sometimes interact for social or economic reasons.
Cyberspace has become a fundamental part of life and is constitutive of new,
complex subjectivities. An ethics that fits such a broad understanding is Information Ethics. It constitutes
2013). Cyber-security, as argued in the very beginning, is far more than this, however:
an expansion of environmental ethics towards a less anthropocentric concept of agent, which includes non-human
(artificial) and non-individual (distributed) entities and advances a less biologically-centred concept of patient,
which includes not only human life or simply life, but any form of existence. This ethics is concerned with the
question of an ethics in the infosphere (Floridi 2001) and beyond that, an ethics of the infosphere (Capurro
2006). In information ethics, the lowest possible common set of attributes which characterises something as
intrinsically valuable and an object of respect is its abstract nature as an informational entity (Floridi 1998). In this
view, all informational objects are in principle worth of ethical consideration. However, to ensure that such an ethics
does not involuntarily place the technical over the social, we must make sure that the protection of these data is
The duty
of a moral agent is evaluated in terms of contribution to the growth and welfare of
the entire infosphere (Floridi 1999: 47), but always related to a bodily being in the world .
Any process, action or event that negatively affects the infosphere with relevance to
human life impoverishes it and is an instance of evil (Floridi and Sanders 1999, 2001).
Vulnerabilities are such an evil.
not founded on the dignity of the digital but on the human dimensions they refer to (Capurro 2006).
Perm
Encryption perm hospitality to the other.
Seemann, 2015,
Michael Seemann studied Applied Cultural Studies in Lnebur, Now he blogs at
mspr0.de and writes for various media like Rolling Stone, TIME online, SPEX, Spiegel
Online, ct and the DU magazine Digital Tailspin Ten Rules for the Internet After
Snowden The Network Notebooks series March 2015 http://networkcultures.org/wpcontent/uploads/2015/03/NN09_Digital_Tailspin_SP.pdf
ENCRYPTION AS HOSPITALITY
Encrypted communication also obeys end-to-end principles . Asymmetric encryption generally
means that the message you want to send will be encrypted while still on your computer (or mobile phone), and will
End-to-end encrypted data is impossible to

decrypt along the way, e.g. while on your service providers email servers . This
distinguishes it from so-called transport encryption, where a message is encrypted
only on its way from the source to the server, and then again between the server and the recipient
on the email server itself, the message will briefly be accessible in unencrypted form. In such a
case, authorities can make server operators divulge this unencrypted data with a
corresponding court order. End-to-end encryption will usually employ the public key
method. A pair of keys is generated using sophisticated mathematical algorithms. You keep the private
key to yourself and make the other one public. When you write someone an
encrypted email, their approved public key is used to encrypt it. But the recipient
will need their own private key to decrypt the message. So you need to provide
your public key before someone can send you encrypted messages. A
pattern is recognizable here: providing a public key is an act of hospitality
towards the Other.
be decrypted only once it has reached its recipient.
State Violence
The universe believes in encryption it is critical to counter
dystopian state violence.
Assange, 2012

Most of the time we are not even aware of how close to violence we are, because
we all grant concessions to avoid it. Like sailors smelling the breeze, we rarely contemplate
how our surface world is propped up from below by darkness. In the new space of the
internet what would be the mediator of coercive force? Does it even make sense to ask this question? In this
otherworldly space, this seemingly platonic realm of ideas and information flow, could there be a notion of coercive
force? A force that could modify historical records, tap phones, separate people, transform complexity into rubble,
and erect walls, like an occupying army? The platonic nature of the internet, ideas and information flows, is debased
by its physical origins. Its foundations are fiber optic cable lines stretching across the ocean floors, satellites
spinning above our heads, computer servers housed in buildings in cities from New York to Nairobi. Like the soldier
who slew Archimedes with a mere sword, so too could an armed militia take control of the peak development of
The new world of the internet, abstracted from the old world of
longed for independence. But states and their friends moved to control
our new worldby controlling its physical underpinnings. The state, like an army
around an oil well, or a customs agent extracting bribes at the border, would soon learn to
leverage its control of physical space to gain control over our platonic realm . It would
Western civilization, our platonic realm.
brute atoms,
prevent the independence we had dreamed of, and then, squatting on fiber optic lines and around satellite ground
it would go on to mass intercept the information flow of our new worldits

very essence even as every human, economic, and political relationship
embraced it. The state would leech into the veins and arteries of our new societies, gobbling up every
stations,
relationship expressed or communicated, every web page read, every message sent and every thought googled,
and then store this knowledge, billions of interceptions a day, undreamed of power, in vast top secret warehouses,
forever.
It would go on to mine and mine again this treasure, the collective private
intellectual output of humanity, with ever more sophisticated search and pattern
finding algorithms, enriching the treasure and maximizing the power imbalance between interceptors and
the world of interceptees. And then the state would reflect what it had learned back into the physical world, to start
wars, to target drones, to manipulate UN committees and trade deals, and to do favors for its vast connected
network of industries, insiders and cronies.
total domination.
But we discovered something. Our one hope against
A hope that with courage, insight and solidarity we could use to resist. A strange property
The universe believes in encryption. It is easier

to encrypt information than it is to decrypt it. We saw we could use this strange property
of the physical universe that we live in.
to create the laws of a new world. To abstract away our new platonic realm from its base underpinnings of satellites,
undersea cables and their controllers. To fortify our space behind a cryptographic veil. To create new lands barred to
those who control physical reality, because to follow us into them would require infinite resources.
And in this
manner to declare independence.
Scientists in the Manhattan Project discovered that the universe

permitted the construction of a nuclear bomb. This was not an obvious conclusion. Perhaps nuclear weapons were
not within the laws of physics. However, the universe believes in atomic bombs and nuclear reactors. They are a
phenomenon the universe blesses, like salt, sea or stars. Similarly, the universe, our physical universe, has that
property that makes it possible for an individual or a group of individuals to reliably, automatically, even without
knowing, encipher something, so that all the resources and all the political will of the strongest superpower on earth
may not decipher it.
And the paths of encipherment between people can mesh together
to create regions free from the coercive force of the outer state. Free from mass
interception. Free from state control. In this way, people can oppose their will
to that of a fully mobilized superpower and win. Encryption is an embodiment
of the laws of physics, and it does not listen to the bluster of states, even
transnational surveillance dystopias. It isnt obvious that the world had to work this way. But
somehow the universe smiles on encryption. Cryptography is the ultimate form of nonviolent direct action. While nuclear weapons states can exert unlimited violence
over even millions of individuals, strong cryptography means that a state, even by
exercising unlimited violence, cannot violate the intent of individuals to keep secrets
from them. Strong cryptography can resist an unlimited application of
violence. No amount of coercive force will ever solve a math problem. But could we take this strange fact
about the world and build it up to be a basic emancipatory building block for the independence of mankind in the
platonic realm of the internet? And as societies merged with the internet could that liberty then be reflected back
into physical reality to redefine the state? Recall that states are the systems which determine where and how
coercive force is consistently applied. The question of how much coercive force can seep into the platonic realm of
As states
merge with the internet and the future of our civilization becomes the future of the
internet, we must redefine force relations. If we do not, the universality of the
internet will merge global humanity into one giant grid of mass surveillance and
mass control. We must raise an alarm. This book is a watchmans shout in the night. On March 20,
the internet from the physical world is answered by cryptography and the cypherpunks ideals.
2012, while under house arrest in the United Kingdom awaiting extradition, I met with three friends and fellow
watchmen on the principle that perhaps in unison our voices can wake up the town. We must communicate what we
have learned while there is still a chance for you, the reader, to understand and act on what is happening. It is time
Our task is to secure

self-determination where we can, to hold back the coming dystopia where
we cannot, and if all else fails, to accelerate its self-destruction.
to take up the arms of our new world, to fight for ourselves and for those we love.
A2
2AC - Terrorists encrypt inevitable

Encryption is essential security, criminals terrorists will
inevitably be able to access encryption, the only question is
whether consumers will have access.
Jake Laperruque and Joseph Lorenzo Hall, 7-9-2015, "FBIs New Crypto Plan:
Ditch Legislation, Build Thors Magic Hammer," No Publication,
https://cdt.org/blog/fbis-new-crypto-plan-build-thors-magic-hammer/
Throughout the hearing,
FBI Director Comey stressed that ISIL recruiters reach out to

potential domestic supporters on social media, then attempt to coordinate with
certain individuals by asking them to move to an encrypted platform . But as Director
Comey himself acknowledged at the SSCI hearing, these nefarious actors and any criminals
who want to hide their activities can simply use an encrypted
communications service developed outside the United States, no matter
what the US policy on encryption is. The true impact of pushing companies to
add backdoors or store extra keys wont be on criminals, but rather on average
Internet users who have profoundly benefitted from encryption technology.
Consumer encryption is what allows us to protect financial, medical, other
sensitive records that are now connected electronically, and drilling a hole
in such common security protections risks cyber attacks on a mass scale .
And the risks become even greater when considering how important encryption
technology is becoming to critical infrastructure and institutions. As always
technology poses obstacles and questions, but on this issue we shouldnt be
discouraged that a magic answer has not emerged, because encryption is not a
security problem its a solution.
AT Terror DA
Encryption does not make the government go dark. It must be
protected to ensure public safety.
Crockford 2015
Kade Crockford, Director, Technology for Liberty Project, ACLU Massachusets, 7-82015, "The FBI's attack on encryption and the misleading phrase "lawful
interception", http://privacysos.org/node/1767
Transparency reports from major communications providers routinely show that law
enforcement uses the lowest possible standard of demandthe subpoena, often
never even seen by a judge, let alone approved by one when it asks these corporations for
our information. Then there are the court orders Tom Cotton referenced today at the senate hearing
on the FBIs plot to destroy internet security. Court orders are not the same as warrants. The
most commonly used court order, called a (d) order, does not require the
government show probable cause that the information obtained in the search will be evidence of a
crime. Probable cause is the gold standard of American justice spelled out in the
Fourth Amendment's warrant requirement. Agencies from the FBI all the way down to local police
have been obtaining not just our purchasing and communications records but the actual content of our
The standard is so easy to meet,

and the system of transparent reporting around (d) orders so broken, that a
magistrate judge has said "it's reasonable to infer that far more law-abiding citizens
than criminals have been tracked" under the authorizing statute, the Electronic Communications
communications, and our location information, using these (d) orders.
Privacy Act (ECPA) of 1986. And then theres the highly secretive, accountability-free, so-called foreign intelligence
surveillance regime, which feeds programs like PRISM and the NSAs Google, X-KEYSCORE. So when Jim Comey or
pro-FBI congressmen tell you not to worry about expanded FBI surveillance powers because the FBI only conducts
lawful interception, pursuant to lawful orders, remember that the legal regime in place to govern those
On the criminal domestic side, its

woefully obsolete and needs a major makeover. And when it comes to anything FISA
or terrorism related, its very likely unconstitutional . As I wrote yesterday, the truth is that
the FBI has all the power in the world to target dangerous people, even if those
dangerous people use encryption. Encryption doesn't endanger public safety; it
enhances it. The real threat encryption poses to insatiable government entities like the FBI is
that it makes dragnet surveillance of entire populations much more difficult and
expensive. That's part of what makes encryption so greatand it's why we must
aggressively defend robust security tools when they come under spook attack as is happening now.
After all, encryption is one of the only ways we can protect ourselves from
unwarranted government spyingwhether it's "lawful" or not .
surveillance demands is one of two very disheartening things.
No chance of DA- theyve never needed backdoors before

CDT 14 (Center for Democracy and Technology, Issue Brief: A Backdoor to
Encryption for Government Surveillance, 11/10/14, https://cdt.org/insight/issue-briefa-backdoor-to-encryption-for-government-surveillance/)
Government is not going dark: There is no doubt that some communications are more difficult to intercept than
that the FBI has a legitimate concern that criminals and terrorists will
gravitate to communications technologies that are more difficult to surveil.
However, taken as a whole, the digital revolution has made more data about us
available than ever before, and the government has more tools to obtain and
analyze that data than ever before. The volume of government surveillance increases almost every
year. The claim that companies increasing adoption of strong encryption by default
will suddenly lead to government going dark and unable to access critical
others, and
information is speculative. Encryption is not new: Products and software with strong
encryption have been freely available to the public including criminals for many
years, and have not rendered law enforcement helpless to investigate crimes. By recently choosing to encrypt
popular smartphones by default, companies are making this security feature easier to use
and more accessible to regular smartphone users who do not seek out increased
security protection. This change will reduce overall crime by protecting all
smartphone users, rather than just those who are already security-conscious . No cases
where backdoors have been necessary: The government has not yet produced an actual case in
which decrypting a device was essential to attaining a conviction . In his recent speech,
Director Comey cited several terrible crimes where cell phone evidence came into play, but in every one of
these cases the evidence on the phone was not critical to the conviction and the
government had other ways of obtaining the data it sought . When a reporter asked
Director Comey for a real-life instance when ability to access data on a phone was
critical to rescuing an individual, he responded, I havent found one yet despite
canvassing state and local law enforcement for examples . Government has multiple options:
If information is encrypted in one place, it is often available from another source . For
example, emails or text messages on an encrypted phone can be retrieved from the email service provider or the
phone company. Many smartphones are backed up to the cloud, where the data can be obtained from the service
law enforcement may be able to compel a suspect

to decrypt information or devices with a search warrant. The government must
generally obtain a warrant prior to searching a smartphone.
provider through legal process. In addition,
A2 Terror DA
Bad police work.
if the intelligence agencies have it their way and win the Second Crypto Wars,
we are headed towards a post-Golden Age of Surveillance, with unprecedented
levels of eavesdropping (your TV, seriously?) and governments keeping records on everyone just in case.
Now
In addition to the scary resemblance that such a situation would have with Orwells 1984 or Huxleys Brave New
such easy access to our data records would prevent the police forces from
developing the investigative skills that they used to have. As Jonathan Zdziarski bluntly
puts it, Im all for getting some of the fat [cops] whove spent too much time
behind a desk back on the treadmill and out in the field . Indeed, we want the police
to have investigation skills so that they are able to catch the bad guys, even if they
dont use any wired stuff.
World,
Targeted still possible.

Tokmetzi 2015

But, more importantly, the choice between privacy and security is a false one. The real
choice is between mass surveillance and targeted surveillance. It is true that
encrypting a great deal of data by default would make legitimate efforts to intercept
and decrypt communications a lot harder . But this would mostly be the case for surveillance on a
large scale. Targeted surveillance would remain possible. And when it comes to
targeted surveillance, there are a number of viable policy options. The first is the
decryption order. With a court order, suspects could be forced to decrypt their
information. If they refused to comply, they could be sent to jail. Several countries, like
France, the UK and the US are already using this mechanism. Others, like the Netherlands, are considering it.
Another option is remotely hacking devices. The end points of the Internet, for instance our devices, are the
weakest. Recently The Intercept revealed that the NSA stole the encryption keys of Gemalto, a multinational
company that produces SIM cards for many phone operators. Law enforcement agencies could use malware to gain
access to devices and intercept data before they are encrypted. With robust legal safeguards in place, government
hacking could be a viable option. At this stage no one knows how to prevent abuse of malware: once an agency has
malware, it is very easy to produce different versions of it and very difficult to control its spread. The final option is
increased data retention for all companies and institutions, so that agencies can access historical metadata. But as
last years annulment of the data retention directive by the European Court of Justice showed, mandated storage of
Whatever the outcome of this

new Crypto War may be, its clear that a ceasefire needs to involve all parties and
address all legitimate interests. In the end the overriding interest is the same for
everybody: a secure and robust Internet. And we need secure and robust
cryptography to get there.
data has to be enshrined within a very robust data protection framework.
A2 Terror DA
Obfuscation arms race
31, Iss. 2, 2014
These surveillance efforts have inspired a dramatic increase in the array of services
and applications that are encrypted end-to-end (Hern, 2013). This response from
privacy oriented constituencies is a response to both data discrimination and
government surveillanceand also indicates that we are entering a new online era
epitomized by a growing data-obfuscation arms race. Left unchecked, the relevant
surveillance mechanisms will shift from network-based to device-based. That is, one
can imagine a CALEA II that creates mandates that devices themselves integrate
mechanisms that enable surveillance. In essence, the hardware and software
integrated into our smart cars and homesand even our bodies themselveswill be
legally required to be insecure, to the financial benefit of parties seeking to control
our communications.
A2 Terror Link Plenty of Data

Steve Ranger, UK editor of TechRepublic, 3-23-2015, "The undercover war on
your internet secrets: How online surveillance cracked our trust in the web,"
Police and intelligence agencies still have plenty of other data sources the metadata
on communications, including who you have called, when, and for how long, CCTV, and more. " Law
enforcement agencies have access to more data now than they have had in the
history of time. Pre-Facebook, how hard would it be for any law enforcement agency on the planet to find out
all your known associates? They'd have to question dozens of people to find out who it is you know. They are
able to get access to vast amounts of information just by asking," said Privacy
International's Hosein. "They complain that they're not getting enough information
but they've had more than they've ever had before," he added. Edinburgh Napier
University's Buchanan echoes the sentiment: "There are now so many ways that investigators
can actually investigate someone who is suspected of committing a crime there
isn't really a problem. This isn't going to shut the door." Good old-fashioned policing
and follow-the-money are still the most effective ways of catching the bad guys.
A2 Terror DA
Encryption is inevitable. Bad actors will have access inevitably.
Bankston,2015
4. It would not succeed at keeping bad actors from using unbreakable encryption .
Encryption technology and the ability to create it was already becoming widespread during the original Crypto
Wars,25 and at this point is nearly ubiquitous. And, as was true then ,
much of that technology is free

and open source. For example, there are the open source versions of PGP encryption software that are still
the most popular end-to-end email encryption solution, the OpenSSL software library that has long been used to
encrypt vast amounts of every-day web traffic, open source disk encryption programs like TrueCrypt, the open
source Off-The-Record instant messaging encryption protocol used by a wide variety of IM clients, and the TOR
onion routing software originally developed by the Naval Research Laboratory that is now widely used to circumvent
A government
mandate prohibiting U.S. companies from offering products or services with
unbreakable encryption is of little use when foreign companies can and will offer
more secure products and services, and when an independent coder anywhere on
the planet has the resources to create and distribute free tools for encrypting your
communications or the data stored on your mobile devices. As former Homeland Security
Secretary Michael Chertoff recently put it, [T]hat genie is not going back in the bott le.27
oppressive governments censorship regimes and allow for anonymous online browsing.26
AT: Cyber crime

Theres ways to catch cybercriminals that dont include spying
on everyone
Doctorow 14 (Cory Doctorow, Crypto wars redux: why the FBI's desire to
unlock your private life must be resisted, The Guardian, 10/9/14, Cory Doctorow is
an activist, science fiction author and co-editor of the blog Boing Boing,
http://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-thefbis-desire-to-unlock-your-private-life-must-be-resisted, 7/14/15 AV)
Eric Holder, the outgoing US attorney general, has joined the FBI and other law
enforcement agencies in calling for the security of all computer systems to be
fatally weakened. This isnt a new project the idea has been around since the early 1990s, when the NSA
classed all strong cryptography as a munition and regulated civilian use of it to ensure that they had the keys to
the Electronic Frontier

Foundation won a landmark case establishing that code was a form of protected
expression under the First Amendment to the US constitution, and since then, the
whole world has enjoyed relatively unfettered access to strong crypto. How strong is
strong crypto? Really, really strong. When properly implemented and secured by
relatively long keys, cryptographic algorithms can protect your data so thoroughly
that all the computers now in existence, along with all the computers likely to ever
be created, could labour until the sun went nova without uncovering the keys by
brute force ie trying every possible permutation of password. The crypto wars
of the early 1990s were fuelled by this realisation that computers were changing
the global realpolitik in an historically unprecedented way. Computational crypto
made keeping secrets exponentially easier than breaking secrets, meaning that, for
the first time in human history, the ability for people without social or political
power to keep their private lives truly private from governments, police, and
corporations was in our grasp. The arguments then are the arguments now.
Governments invoke the Four Horsemen of the Infocalypse (software pirates, organised crime,
child pornographers, and terrorists) and say that unless they can decrypt bad guys hard
drives and listen in on their conversations, law and order is a dead letter. On the other
side, virtually every security and cryptography expert tries patiently to explain that
theres no such thing as a back door that only the good guys can walk through (hat
tip to Bruce Schneier). Designing a computer that bad guys cant break into is impossible
to reconcile with designing a computer that good guys can break into. If you give
the cops a secret key that opens the locks on your computerised storage and on
your conversations, then one day, people who arent cops will get hold of that key,
too. The same forces that led to bent cops selling out the publics personal information to Glen Mulcaire and the
unlock any technological countermeasures you put around your data. In 1995,
tabloid press will cause those cops successors to sell out access to the worlds computer systems, too, only the
numbers of people who are interested in these keys to the (United) Kingdom will be much larger, and theyll have
Oh, we can talk

about whether the danger is as grave as the law enforcement people say it is, point
out that only a tiny number of criminal investigations run up against cryptography,
and when they do, these investigations always find another way to proceed. We can
talk about the fact that a ban in the US or UK wouldnt stop the bad guys from
getting perfect crypto from one of the nations that would be able to profit (while US
and UK business suffered) by selling these useful tools to all comers. But thats missing
the point: even if every crook was using crypto with perfect operational security, the
proposal to back-door everything would still be madness. Because your phone isnt just a tool
more money, and theyll be able to do more damage. Thats really the argument in a nutshell.
for having the odd conversation with your friends nor is it merely a tool for plotting crime though it does duty in
Your phone, and all the other computers in your life, they are your digital
nervous system. They know everything about you. They have cameras,
microphones, location sensors. You articulate your social graph to them, telling
them about all the people you know and how you know them. They are privy to
every conversation you have. They hold your logins and passwords for your bank
and your solicitors website; theyre used to chat to your therapist and the STI clinic
and your rabbi, priest or imam. That device tracker, confessor, memoir and ledger
should be designed so that it is as hard as possible to gain unauthorised access to.
both cases.
Because plumbing leaks at the seams, and houses leak at the doorframes, and lie-lows lose air through their valves.
Making something airtight is much easier if it doesnt have to also allow the air to all
leak out under the right circumstances. There is no such thing as a vulnerability in
technology that can only be used by nice people doing the right thing in accord with
the rule of law. The existing back doors in network switches, mandated under US
laws such as CALEA, have become the go-to weak-spot for cyberwar and industrial
espionage. It was Googles lawful interception backdoor that let the Chinese
government raid the Gmail account of dissidents. It was the lawful interception
backdoor in Greeces national telephone switches that let someone identity still unknown
listen in on the Greek Parliament and prime minister during a sensitive part of the
2005 Olympic bid (someone did the same thing the next year in Italy). The most shocking
Snowden revelation wasnt the mass spying (we already knew about that, thanks to whistleblowers
like Mark Klein, who spilled the beans in 2005). It was the fact that the UK and US spy agencies
were dumping $250,000,000/year into sabotaging operating systems, hardware,
and standards, to ensure that they could always get inside them if they wanted to.
The reason this was so shocking was that these spies were notionally doing this in
the name of national security but they were dooming everyone in the nation (and
in every other nation) to using products that had been deliberately left vulnerable to
attack by anyone who independently discovered the sabotage. There is only one
way to make the citizens of the digital age secure, and that is to give them systems
designed to lock out everyone except their owners. The police have never had the power to
listen in on every conversation, to spy upon every interaction. No system that can only sustain itself by arrogating
these powers can possibly be called just.
A2 T Surveillance
31, Iss. 2, 2014
In a world where surveillance capabilities are increasingly baked into the fabric of
the internet's architecture, end-to-end encryption is a last line of defense . The
knowledge that everyone's data is susceptible to sweeping government surveillance is pushing more people,
companies, and organizations to use additional measures to secure their information (Robinson, 2013). But these
measures may soon become the casualty of bad policymaking and over-exuberant law enforcement mandates.
Internet service providers are increasingly focused on prioritizing certain internet traffic and degrading specific
services and applications (Brodkin, 2014). Previously, open internet rules stopped providers from degrading peer-topeer traffic, but those rules were thrown out in 2014 when the D.C. Circuit Court of Appeals ruled against the
Federal Communications Commission (FCC) (Zajac & Shields, 2014). The court found that the FCC had failed to
promulgate net neutrality regulations under the proper legal framework. Without net neutrality, network
Encrypting data (and obfuscating what

makes discrimination far more difficult, but such
practice also draws the ire of surveillance agencies and their defenders . Such groups
monitoring and discriminatory behavior by ISPs is certain to increase.
type of application or service is being used),
treat personal encryption as a target and sometimes go so far as to depict opponents of surveillance as anti-social
agitators (Brooks, 2013).
In the first Crypto War, the government wanted to prevent the

widespread use of strong encryptionfor all intents and purposes, classifying math
as a munition and clamping down on the export of cryptographic software. When outright bans failed, the
government attempted to mandate that back doors be implemented in cryptographic products (the Clipper Chip
The
argument was familiar: law enforcement felt it needed to be able to access
communications to ensure public safety and national security. Even today, the NSA
views the use of encryption as a targetable offense (Goodin, 2013). While the
government eventually lost Crypto War I, the Snowden files document a massive,
secret conspiracy to undermine strong encryption by introducing back doors into
numerous hardware and software products that has persisted since that defeat
battle) and, finally, that a third party keep backdoor keys in escrow in case the government needed them.
(Simonite, 2013).
A2 Circumvention
Assange, 2012

Cryptography is going to be everywhere. It is being deployed by major
organizations everywhere, edging towards networked city states. If you think about
communication paths on the internetfast transnational money flows, transnational organizations,
JULIAN:
inter-connections between sub-parts of organizationsall those communication flows go over untrusted

communications channels. It is like an organism with no skin. You have organizations and states blurring into each
othereach network of world influence competing for advantageand their communications flows are exposed to
opportunists, state competitors and so on.
So new networks are being built up on top of the

internet, virtual private networks, and their privacy comes from cryptography. That
is an industrial power base that is stopping cryptography from being banned . If you
look at the Blackberry phone for example, it has a built-in encryption system for use within the Blackberry network.
Research In Motion, the Canadian company that runs it, can decrypt the traffic of regular users and it has data
centers in Canada and the UK, at least, and so the Anglo-American intelligence sharing alliance can get at the
Western
governments were fine with this until it spread beyond corporations and to
individuals, and then we saw exactly the same hostile political reactions as we saw in Mubaraks Egypt.65 I
think that the only effective defense against the coming surveillance
dystopia is one where you take steps yourself to safeguard your privacy,
because theres no incentive for self-restraint by the people that have the
capacity to intercept everything. A historical analogy could be how people
learned that they should wash their hands. That required the germ theory of disease
to be established and then popularized, and for paranoia to be instilled about the
spread of disease via invisible stuff on your hands that you cant see, just as you
cant see mass interception. Once there was enough understanding, soap
manufacturers produced products that people consumed to relieve their fear. Its
necessary to install fear in to people so they understand the problem before they
will create enough demand to solve the problem.
worlds Blackberry to Blackberry communications. But big companies are using it in more secure ways.
Plan Popular
The plan is popular, backdoors are a non-starter in Congress.
Geller, 2015
Eric Geller, Deputy Morning Editor, The Daily Dot, 7-10-2015, "The rise of the new
Crypto War," Daily Dot, http://www.dailydot.com/politics/encryption-crypto-warjames-comey-fbi-privacy/
Still, there might be other ways to mandate backdoors in practice without writing a law that did so explicitly, though
security experts werent sure what such a mandate would look like. They noted that the
FBI has been careful to avoid suggesting it wants such a mandate; instead , it has suggested that it
hopes the tech industry will come around of its own volition . Given the rhetoric from
companies like Appleand the peer pressure that the loudest voices implicitly exert on the quieter ones
voluntary industry cooperation seems unlikely. It is also unclear whether there is an
appetite in Congress for taking any action on this issue. The offices of Senate Majority Leader
Mitch McConnell (R-Ky.) and Minority Leader Harry Reid (D-Nev.) did not respond to requests for
comment about the tech companies May 19 anti-backdoors letter. Theres no
official proposal or request or anything in front of Congress, Rep. Hurd said. I think
anybody whos even entertaining this idea recognizes that this is a non-starter.
A2 XO CP
The executive does not solve perceptually less trusted.
Fidler 2014
Mailyn Fidler, Marshall Scholar, Department of Politics and International Relations
May 2014 Anarchy or Regulation: Controlling the Global Trade In Zero-Day
Vulnerabilities A Thesis Submitted To The Interschool Honors Program in
International Security Studies, Center for International Security and Cooperation,
Freeman Spogli Institute for International Studies, Stanford University
https://decryptedmatrix.com/wp-content/uploads/2014/06/Fidler-Zero-DayVulnerability-Thesis.pdf
executive branch oversight can be opaque, and it may not increase public
trust in how zero-days are handled. Oversight of U.S. government use and
procurement of zero-days also has no international reach . It cannot address actions of graymarket buyers and sellers beyond U.S. borders. The zero-day market is manifestly a global
problem, and the United States would have no guarantee that allies or foes would
follow U.S. restraint.441 The next chapter will address this weakness of domestic mechanisms, investigating
However,
the prospects for international strategies to control the zero-day vulnerability trade.
Neg
Neg Vulnerabilities = foreign

Bellovin, 2014,
Steven M. Bellovin is a professor of computer science at Columbia University., et al.

"Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet."
Northwestern Journal of Technology and Intellectual Property. 12 (2014).
The question of when to report vulnerabilities that are being exploited is not new for
the U.S government. In particular, the National Security Agency (NSA) has faced this issue several times in
its history, as we discuss below. 153 The NSA performs two missions for the U.S. government:
the well-known mission of signals intelligence, or SIGINT, which involves reading
other peoples mail,231 and the lesser-known mission of communications security,
COMSEC, which involves protecting U.S. military and diplomatic communications .232
In principle, it is extremely useful to house the U.S. signals intelligence mission in the same agency as the U.S.
communications security mission because each is in a position to learn from the other. SIGINTs ability to penetrate
certain communication channels could inform COMSECs knowledge of potential weaknesses in our own and
COMSECs awareness of security problems in certain communications channels might inform SIGINTs knowledge of
a targets potential weakness.
154 Reality is in fact very different. COMSECs awareness of the need to secure certain communications channels
has often been thwarted by SIGINTs desire that patching be delayed so that it can continue to exploit traffic using
How this contradictory situation is handled depends primarily

on where the vulnerable communications system is operating. If the insecure
communications system is being used largely in the U.S. and in smaller nations that
are unlikely to harm the U.S., then patching would not hurt the SIGINT mission. In
that situation, COMSEC is allowed to inform the vendor of the vulnerability . In most
other instances, informing the vendor is delayed so that SIGINT can continue harvesting
product. Although this was never a publicly stated NSA policy, this modus operandi
was a fairly open secret.233
the vulnerability in question.
Neg A2 data localization

Neg A2 data localization.
Lewis, 2014
James A. Lewis Senior fellow and program director at the Center for Strategic and
International Studies (CSIS). Before joining CSIS, he worked at the Departments of
State and Commerce. He was the Rapporteur for the 2010 and the 201213 United
Nations Group of Governmental Experts on Information Securit(2014) Heartbleed
and the State of Cybersecurity, American Foreign Policy Interests: The Journal of the
National Committee on American Foreign Policy, 36:5, 294-299
Far from disappearing, nation-states are adopting and adjusting as they have done beforeto a
new technological environment. Part of that process has been the gradual extension of sovereign
control into what was formerly perceived as a borderless domaincyberspace. This extension of sovereignty has
major implications for international security, affecting strategies for both offense and defense, and for negotiations
on norms, transparency, and obligations. The perception that sovereignty did not apply to cyberspace disguised a
set of thorny issues on state responsibilities, the role of neutral parties in cyberspace, and the nature of defense
The implications of sovereignty and territorialization, leading to the creation of

some kind of multipolar Internet, will become central issues for international
security as governments extend sovereign control over cyberspace and develop the
today.
technologies and policies to implement that control. The 1990s view of cyberspace as a global commons 2
foreclosed some policy options for cybersecurity.
options come back into play.
As the belief in a commons is discarded, these
Nation-states are defining their borders in cyberspace and will now move to
the extension of sovereignty over the Internet and

the growing role of the state in cyberspace both provide new opportunities for
better cybersecurity. Countries did not abandon their rights and duties when they adopted the Internet,
assert their control over them. Conversely,
they simply did not exercise them. In the last few years, nations have discovered that they can, in fact, extend their
sovereign control into cyberspace. The reason: cyberspace is a physical, man-made creation, not a natural domain.
It is created by an assembly of interconnected computers. The speed at which these computers connect gave the
The physical underpinnings of cyberspacethe

computers, fiber-optic cables, and other devices are all located within national
territory and thus subject to national laws . The few satellites or undersea cables not located in
illusion that there were no borders.
national territory are still subject to the jurisdiction of some nation. Cyberspace has borders within which nations
This is not the balkanization of the Internet.

Balkanization is a pejorative term applied by defenders of the status quo (e.g., those
can assert their rights and responsibilities.
supportive of a largely unregulated space dominated by the private interests and the political and cultural norms of
a few countries). The Internet will be no more balkanized than any physical terrain is now. We are unaccustomed to
the exercise of sovereign control in cyberspace; once such control is in place, clearly the Internet and its users will
adjust. What nations do within their own territories and on the networks and infrastructures located within those
territories is their own business, subject to their international commitments on interstate relations and human
The first is that the existing set of

rules and institutions that manage cyberspace are too weak and too limited for
what has become a global infrastructure. The many failings of cybersecurity and of privacy highlight
rights. Two factors are driving the extension of sovereign control.
this weakness, and governments are seeking to exercise their responsibilities for public safety and national security
purposes. The second is the discomfort with the implicit extension of American norms and values across
cyberspace. Cyberspace was shaped and governed by American beliefs, particularly on the freedom of speech (and
Many countriesand not just authoritarian states

find this undesirable.3 Asserting sovereignty is a means to push back against
being subsumed politically and commercially by the superpower. Had a situation where
by implication, unrestricted access to content).
governments were largely absent and where private actors exercised control been able to deliver security, the
but as nations perceived growing risk in

cyberspace because of their growing economic dependence and military (and, for
some, political) vulnerability in cyberspace, their initial reaction was (and continues
to be) to assert control.
status quo might possibly have remained unchallenged,
Terror DA Link Zero days

Unilateral disarmament.
Lewis, 2014
James A. Lewis Senior fellow and program director at the Center for Strategic and
International Studies (CSIS). Before joining CSIS, he worked at the Departments of
State and Commerce. He was the Rapporteur for the 2010 and the 201213 United
Nations Group of Governmental Experts on Information Securit(2014) Heartbleed
and the State of Cybersecurity, American Foreign Policy Interests: The Journal of the
National Committee on American Foreign Policy, 36:5, 294-299
The torrent of leaks about how the NSA evaded private defenses points to the limitation of any technical solution for
There is no silver bullet. When the United States decontrolled encryption

in 1999, the technology community celebrated a victory in the crypto wars. 5 It
was, in fact, an intelligence coup: the public and potential opponents thought they had
won and were safe when they were actually incredibly vulnerable. Major
cybersecurity.
intelligence agencies are formidable opponents, employing thousands of people and spending hundreds of millions
of dollars to penetrate online defenses. They have decades of experience and have access to sophisticated
technologiesnot just supercomputers unavailable to the private sector. They are also not bound by the laws of
their foreign targets.
The NSA is not alone in thisRussias Federal Security Service (FSB)

is as good if not better. A thriving global black market in software vulnerabilities has
emerged, allowing hackers to sell unknown vulnerabilities to companies and
intelligence agencies. Some have called for the United States to refrain from
buying from the black market, but this would be a form of unilateral
disarmament most likely resulting in a less-effective NSA . It would also save
our opponents some money by lowering the price of black market exploits (since
demand would lessen somewhat). In any case, most software products contain so many flaws that hackers and
That the
United States faces intractable opponents has serious implications for policy . This
situation was not anticipated by the American designers of the Internet and poses
unanticipated problems for security and for governance . The political foundation of cyberspace
spies do not need a black market to find flaws or use supply chain attacks to build in backdoors.
reflects the thinking of the 1990s about the future of international relations: the end of inter-state conflict and
borders, a globalized economy based on shared political values, the decline of the Westphalian state, and the belief
They did not expect

serious international competition or hostility to reemerge nor did they expect the
explosion of threats from violent non-state actors. Thus they designed an open system with weak
governance and security. The NSA (and some of its European counterparts) also took advantage of
this, but to reinforce rather than undermine the security of the United States and its
alliesa point that is often overlooked.
that civil society could manage some key public functions better than governments.
Politics Link
Congress is more likely to support law enforcement.
31, Iss. 2, 2014
Such battles are likely to migrate to one of the most powerful, and least prepared,
venues for technological debate on the planetthe U.S. Congress. Within this arena,
law enforcements influence is more powerful. The consistent argument is that
encryption and anonymity endanger society (Clapper, 2013). With this new
corporate interest, industry lobbyists will simultaneously argue that encryption is
undermining their intellectual property and other business interests, and that users
freely accept surveillance via the purchase of their products and use of their
applications. Their narrative regarding consumer discontent is that unhappy users
could always vote with their feet and switch providers.
XO CP
Geller, 2015
Eric Geller, Deputy Morning Editor, The Daily Dot, 7-10-2015, "The rise of the new
Crypto War," Daily Dot, http://www.dailydot.com/politics/encryption-crypto-warjames-comey-fbi-privacy/
As Comey, Rogers, and other national-security officials campaign for backdoors, one
important voice has been largely absent from the debate. I lean probably further in the
direction of strong encryption than some do inside of law enforcement, President Barack Obama told Recodes Kara
Swisher on Feb. 15, shortly after Obama spoke at the White House summit on cybersecurity and consumer
Obamas interview with Swisher marked a rare entrance for the

president into the backdoor debate, which has pitted his law-enforcement professionals against the
protection in Silicon Valley.
civil libertarians who were encouraged by his historic 2008 election and disappointed by his subsequent embrace of
If the president felt strongly enough about strong

encryption, he could swat down FBI and NSA backdoor requests any time
he wanted. White House advisers and outside experts have offered him plenty of policy cover for doing so.
The Presidents Review Group on Intelligence and Communications Technologies,
which Obama convened in the wake of the Snowden disclosures, explicitly
discouraged backdoors in its final report . The review group recommended fully supporting
and not undermining efforts to create encryption standards, ... making clear
that [the government] will not in any way subvert, undermine, weaken, or make
vulnerable generally available commercial encryption, and supporting efforts to encourage
the surveillance status quo.
the greater use of encryption technology for data in transit, at rest, in the cloud, and in storage. The report also
warned of serious economic repercussions for American businesses resulting from a growing distrust of their
capacity to guarantee the privacy of their international users. It was a general warning about the use of electronic
surveillance, but it nevertheless applies to the potential fallout from a backdoor mandate. The White Houses own
reports on cybersecurity and consumer privacy suggest that the president generally supports the use of encryption.
To the extent that youve heard anything from the White House and from the president, its in favor of making sure
that we have strong encryption and that were building secure, trustworthy systems, said Weitzner, who advised
Obama as U.S. deputy chief technology officer for Internet policy from 2011 to 2012. Weitzner pointed out that the
president had subtly quashed a push for backdoors by the previous FBI director, Robert Mueller. Mueller hoped that
the administration would end up supporting a very substantial [Internet-focused] expansion of CALEA, Weitzner
said. That didnt happen, and despite the fact that you had the FBI director come out very strongly saying
[criminals] were going dark, the administration never took a position as a whole in support of that kind of statutory
Obamas reluctance to directly confront his FBI chief

reflects the bureaus long history of autonomy in debates over law-enforcement
powers, said a former Obama administration official. Its pretty well understood that the FBI has a certain
change. You can read between the lines.
amount of independence when theyre out in the public-policy debate advocating for whatever they think is
The White House is reviewing "the technical, geopolitical,

legal, and economic implications" of various encryption proposals, including the
possibility of legislation, administration officials told the Washington Post this week .
important, the former official said.
Weitzner said that Obama may also be waiting until the latest round of the Crypto Wars has progressed further.
The White House tends to get involved in debates once theyve matured , he said. If
you jump in on everything right up front, the volume can become unmanageable. I know that theres a lot of
The presidents noncommittal

stance has earned him criticism from pro-encryption lawmakers who say that their
fight would be much easier if the commander-in-chief weighed in. The best way
to put all this to bed, Hurd said, would be for the president to be very clear
saying that he is not interested in pursuing backdoors to encryption and
believes that this is the wrong path to go, in order to squash the debate
once and for all. If Obama ever formally came out against backdoors, it would
represent a significant shift away from decades of anti-encryption government
attention being paid, and I think thats the right thing to do at this point.
policies, including undermining industry-standard security tools and attacking tech

companies through public bullying and private hacking.

Crypto Affirmative - DDI 2015 ST

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Crypto Affirmative - DDI 2015 ST

Transféré par

Droits d'auteur :

Formats disponibles

1AC

Dimitri, Data Journalist at the Correspondent (Netherlands) Think piece: How to

Ever since Edward Snowden released the

In Europe, the US and elsewhere

And, if intelligence agencies win the cryptowar the result

the newly proposed requirement of exceptional

Second, building in exceptional access would substantially

Features to permit law enforcement exceptional access across a

wide range of Internet and mobile computing applications could be particularly

Recent attacks on the United

And, the threat to encryption is not hypothetical, the NSA has

The agency then turned its attention

NIST's endorsement of an encryption standard is a kind of Good Housekeeping Seal

NIST is so trusted that it must approve any

For its compliance and willingness to adopt the flawed

The NSA's campaign to weaken global security for its own

It was part of a broader, longer campaign by the NSA to weaken the

Plan - Plus Zero Days

Advantage ___ Economy

Leaving aside the massive

We should definitely not crack the foundation of secure

The collapse of the internet undermines the entire global

Access to computers, servers, routers and mobile devices, services such

The overall impact of the Internet and information technologies on

economies that are open to international trade in ICT and information

Economic decline causes nuclear war

(Mathew, PhD European History at Cambridge, counselor in the National Intelligence

Terrorisms appeal will decline if economic growth continues in the

become self-radicalized, particularly in the absence of economic

could result in interstate conflicts if government leaders deem assured access to

If the fiscal stimulus focus for these countries indeed

Advantage ___ Innovation

Dimitri, Data Journalist at the Correspondent (Netherlands) Think piece: How to

And, backdoors undermine the fundamental structure of the

This violates the end-to-end argument and undermines

Internet innovation minimizes energy inefficiency and is the

The way that the internet of things could

For years, the battleground for the climate

We oversupply the electricity grid because we

One of the added benefits of this technology is the impact it

Warming causes extinction.

Extreme heat waves in recent years have had severe

it would significantly exacerbate existing water scarcity in many regions,

somewhere along the line, though we dont know exactly where,

Advantage ___ CyberCrime

the risks here go far beyond that, because

And, Vulnerabilities in software provide funding mechanisms

Weak cybersecurity creates opportunities

Cybercrime provides substantial financial support for Russian

have insurgent and extremist groups used Internet

Russian organized crime is the most likely scenario for nuclear

The risk of terrorists obtaining nuclear fissile

access and theft of nuclear weapons during

Alliances between terrorist

Nuclear terrorism causes retaliation and nuclear war draws in

major nuclear weapons states have hundreds and

between two or more of the states that possess them .

In this context, todays and

if the act of nuclear terrorism came as a

consisting of North Korea, perhaps Iran if its program continues, and

Advantage ___ Internet Freedom

Eileen Donahoe, director of global affairs at Human Rights Watch. Donahoe

One of the most troubling aspects of the mass

by engaging in tactics that undermine digital security for