Professional Documents
Culture Documents
1AC
Plan
Plan: The United States Federal Government should prohibit
creation of backdoors and use of backdoors from companies in
the United States.
Economy Advantage
Backdoors Crush US Economy 2 Internal Links:
1. Kills legitimacy of US Tech Markets abroad which spills over
to the rest of the economy
Holmes 13 [Allan Holmes is Director of Technology and Telecommunications with Bloomberg Government. He
was editor of Nextgov, a website affiliated with Government Executive covering federal technology policy, and
editor-in-chief of Federal Computer Week. He received his B.A. in journalism from the University of North Carolina at
Chapel Hill and a masters in public policy from Duke University. NSA Spying Seen Risking Billions in U.S.
Technology Sales, http://www.bloomberg.com/news/articles/2013-09-10/nsa-spying-seen-risking-billions-in-u-stechnology-sales, September 10th, 2013//Rahul]
Reports that the National Security Agency persuaded some U.S. technology companies
to build so-called backdoors into security products, networks and devices to allow
easier surveillance are similar to how the House Intelligence Committee described the threat posed by
China through Huawei. Just as the Shenzhen, China-based Huawei lost business after the report urged U.S. companies not to use its equipment, the
NSA disclosures may reduce U.S. technology sales overseas by as much as $180
billion, or 25 percent of information technology services, by 2016, according to Forrester Research
Inc., a research group in Cambridge, Massachusetts. The National Security Agency will kill the U.S. technology industry singlehandedly, Rob Enderle, a
Systems Inc., the worlds biggest networking equipment maker, received 42 percent of its $46.1 billion in fiscal 2012 revenue from outside the U.S.,
according to data compiled by Bloomberg. Symantec Corp., the biggest maker of computer-security software based in Mountain View, California, reported
46 percent of its fiscal 2013 revenue of $6.9 billion from markets other than the U.S., Canada and Latin America. Intel Corp., the worlds largest
semiconductor maker, reported 84 percent of its $53.3 billion in fiscal 2012 revenue came from outside the U.S., according to data compiled by
Forrester, said in an interview. Now this is the exact flipping of that circumstance. Tarnished Reputations An Information Technology and Innovation
Foundation report in August found U.S. providers of cloud services -- which manage the networks, storage, applications and computing power for
companies -- stand to lose as much as $35 billion a year as foreign companies, spooked by the NSAs surveillance, seek non-U.S. offerings.
Customers buy products and services based on a companys reputation, and the
NSA has single-handedly tarnished the reputation of the entire U.S. tech industry , said
Daniel Castro, the reports author and an analyst with the non-partisan research group in Washington, in an e-mail. I suspect many foreign customers are
going to be shopping elsewhere for their hardware and software. Chips, Devices The latest disclosures were based on documents provided by Edward
Snowden, the former NSA contractor accused of espionage by the U.S. whos now in Russia under temporary asylum. While the NSA mentioned no
Spiegel separately reported the NSA cracked encryption codes to listen in on the 1.4 billion smartphones in use worldwide, including Apple Inc.s iPhone.
Google, Facebook Inc. and Yahoo yesterday petitioned the U.S. Foreign Intelligence Surveillance Court, which rules on warrants for domestic data, for
permission to publish the types of requests theyve received from the NSA. The three companies were among 22 that sent a letter in July to President
Barack Obama and congressional leaders urging that the companies be allowed to say more about their dealings with the agency. Companies Defense
Cisco said it doesnt customize equipment to enable surveillance. Ciscos product development practices specifically prohibit any intentional behaviors or
product features which are designed to allow unauthorized device or network access, exposure of sensitive device information, or a bypass of security
features or restrictions, John Earnhardt, spokesman for the San Jose, California-based company, said in a statement. Symantec said in a statement that it
learned of the NSAs encryption cracking in the media. We had no prior knowledge about this program, said Anna Zvagelskaya, of public relations firm
Weber Shandwick, which represents Symantec. We have long held that Intel does not participate in alleged government efforts to decrease security in
technology, Lisa Malloy, an Intel spokeswoman, said in an e-mail. Congress, Huawei While foreign firms may be more suspicious of some U.S.- made
what a nation-state is doing, The market-leading gear is often market-leading because its the best. Weve gone past being able to source everything
within a country. The NSA revelations also may undermine congressional efforts to block U.S. sales of networking equipment made by Huawei and ZTE
Corp., Chinas second-largest phone-equipment maker, also based in Shenzhen. A House Intelligence Committee report released in October 2012 said the
companies close ties to the Chinese government and its ability to build backdoors into U.S. computer networks might allow China to disrupt power grids,
financial networks or other critical infrastructure. That suspicion applies to almost every government and technology company, William Plummer, a Huawei
leave political games behind and pursue real solutions to more secure networks and data.
The need for economic renewal in the United States remains urgent. Years of disappointing
job growth and stagnant incomes for the majority of workers have left the nation
shaken and frustrated. At the same time, astonishing new technologiesranging from advanced robotics and
3-D printing to the digitization of everythingare provoking genuine excitement even as they make it
hard to see where things are going. Hence this paper: At a critical moment, this report asserts the
special importance to Americas future of what the paper calls Americas advanced
industries sector. Characterized by its deep involvement with technology research and development (R&D) and
STEM (science, technology, engineering, and math) workers, the sector encompasses 50 industries ranging from manufacturing industries such as
automaking and aerospace to energy industries such as oil and gas extraction to high-tech services such as computer software and computer system
role in American prosperity, assesses key trends, and maps its metropolitan and global competitive standing before outlining high-level strategies to
advanced industries (see nearby box for selection criteria) employed 12.3 million U.S. workers. That amounts to about 9 percent of total U.S. employment.
engineers; performs 90 percent of private-sector R&D; generates approximately 85 percent of all U.S. patents; and accounts for 60 percent of U.S. exports.
Advanced industries also support unusually extensive supply chains and other forms of ancillary economic activity. On a per worker basis, advanced
This
spending sustains and creates more jobs. In fact, 2.2 jobs are created domestically
for every new advanced industry job0.8 locally and 1.4 outside of the region. This means that in addition to the 12.3
industries purchase $236,000 in goods and services from other businesses annually, compared with $67,000 in purchasing by other industries.
million workers employed by advanced industries, another 27.1 million U.S. workers owe their jobs to economic activity supported by advanced industries.
but its output has soared. From 1980 to 2013 advanced industries expanded at a rate of 5.4 percent annually30 percent faster than the economy as a
whole. Since the Great Recession, moreover, both employment and output have risen dramatically. The sector has added nearly one million jobs since
2010, with employment and output growth rates 1.9 and 2.3 times higher, respectively, than in the rest of the economy. Advanced services led this postrecession surge, and created 65 percent of the new jobs. Computer systems design alone generated 250,000 new jobs. Certain advanced manufacturing
industriesespecially those involved in transportation equipmenthave also added thousands of jobs after decades of losses. Advanced industries also
provide extremely high-quality economic opportunities for workers. Workers in advanced industries are extraordinarily productive and generate some
$210,000 in annual value added per worker compared with $101,000, on average, outside advanced industries. Because of this, advanced industries
compensate their workers handsomely and, in contrast to the rest of the economy, wages are rising sharply. In 2013, the average advanced industries
worker earned $90,000 in total compensation, nearly twice as much as the average worker outside of the sector. Over time, absolute earnings in advanced
industries grew by 63 percent from 1975 to 2013, after adjusting for inflation. This compares with 17 percent gains outside the sector. Even workers with
lower levels of education can earn salaries in advanced industries that far exceed their peers in other industries. In this regard, the sector is in fact
accessible: More than half of the sectors workers possess less than a bachelors degree. 2. The advanced industries sector is highly metropolitan and
varies considerably in its composition and depth across regions. Advanced industries are present in nearly every U.S. region, but the sectors geography is
uneven. Advanced industries tend to cluster in large metropolitan areas. Looking across the country, the 100 largest metro areas contain 70 percent of all
U.S. advanced industries jobs. In terms of the sectors local clustering, San Jose is the nations leading advanced industry hub with 30.0 percent of its
workforce employed in the sector. Seattle follows with 16.0 percent of its local jobs in advanced industries. Wichita (15.5 percent); Detroit (14.8 percent),
and San Francisco (14.0 percent) follow. Overall, advanced industries account for more than one in 10 jobs in nearly one-quarter of the countrys major
metro areas. This clustering occurs in a variety of configurations. Some metropolitan areassuch as Grand Rapids, MI; Portland, OR; and Wichitafocus
heavily on advanced manufacturing pursuits such as automotive, semiconductor, or aerospace manufacturing, respectively, while metros like Bakersfield
and Oklahoma City exhibit strong energy specializations. By contrast, services such as computer systems design, software, and research and development
predominate in metropolitan areas like Boston, San Francisco, and Washington. For their part, San Jose, Detroit, and Seattle exhibit depth and balance
across multiple advanced industry categories. Overall, the number of extremely dense concentrations of advanced industry actually has declined. In 1980,
59 of the countrys 100 largest metropolitan areas had at least 10 percent of their workforce in advanced industries. By 2013, only 23 major metro areas
economy has shrunk. The nations standing on these measures now lags world leaders. Equally worrisome is the balance of trade in the sector. Although
advanced industries export $1.1 trillion worth of goods and services each year and account for roughly 60 percent of total U.S. exports, the United States
ran a $632 billion trade deficit in the sector in 2012, in line with similar yearly balances since 1999. To be sure, a handful of individual advanced industries
such as royalties and other intellectual property and aerospace manufacturing enjoy trade surpluses that exceeded $60 billion and $80 billion in 2012.
However, numerous areas of historical strength such as communications equipment, computer equipment, motor vehicles, and pharmaceuticals now run
However, the United States is losing ground relative to other countries on measures of innovation performance and capacity. For example, the U.S. share
of global R&D and patenting is falling much faster than its share of global GDP and population, meaning that U.S. slippage cannot simply be attributed to
demography or macroeconomic convergence. Likewise, Americas research dominance looks less impressive after adjusting for the size of its working age
population. Turning to the nations critical regional innovation ecosystems, surprisingly few U.S. metropolitan areas rank among the worlds most
innovativeas measured by patent cooperation treaty applications per capita. Among the nations most patent-intensive regions, just twoSan Diego and
the San Jose-San Francisco combined arearank in the global top 20 and just two more (Boston and Rochester) score in the top 50.
[Richard Adhikari, writer and editor for Ecommerce Times which is one of the largest e-business
and technology news publishers in the United States. Our network of business and technology news publications
attracts a targeted audience of buyers and decision-makers who need timely industry news and reliable analysis.
The Fallout From the NSA's Backdoors Mandate, http://www.ecommercetimes.com/story/81530.html, January 13th,
2015//Rahul]
The United States National Security Agency (NSA) is widely believed to have mandated high-tech
vendors build backdoors into their hardware and software . Reactions from foreign
governments to the news are harming American businesses and, some contend, may result in the
breakup of the Internet. For example, Russia is moving to paper and typewriters in some cases to move certain types of information,
Private.me COO Robert Neivert told the E-Commerce Times. Governments are pushing to enact laws to
force the localization of data -- generally meaning they won't allow data to be
stored outside their borders to protect citizens against NSA-type surveillance -- a
move that's of particular concern to American businesses , according to a Lawfare Research paper. That's
because they deem U.S. firms untrustworthy for having provided the NSA with access to
the data of their users. Revisiting the Tower of Babel? "There's an increased use of networks on
behalf of Europe and other allies that do not pass through U.S. companies or U.S.controlled networks," Neivert said. Some countries are even proposing to break up the Internet. However, "people who say these things
threaten the Internet itself are misunderstanding things," Jonathan Sander, strategy & research officer of Stealthbits Technologies, told the E-Commerce
The Internet produces too much wealth for too many people and organizations
for anyone, including the U.S., to threaten it." The U.S. economy "is one of the best
weapons we have in the technology war ," Sander continued. The U.S. market "is too big for foreign governments to
Times. "
ignore," which is why foreign companies continue doing business with the U.S. Concern has been expressed about invasions of privacy through
surveillance, but this issue is "a matter of policy" and there are differences in how citizens of different countries approach it, Sander pointed out. "In the EU
and, to a lesser extent [Australia and New Zealand], privacy is an issue at the ballot box so there are laws reflecting that." In the U.S., however, privacy
"has yet to seriously break through as an issue, so there has been less motion," Sander remarked. Massive Cost to U.S. Businesses In August of last year,
the German government reportedly warned that Windows 8 could act as a Trojan when combined with version 2.0 of the Trusted Platform Module (TPM), a
specification for a secure cryptoprocessor. The TPM is included in many laptops and tablets, and the concern is that TPM 2.0 makes trusted computing
functions mandatory rather than opt-in as before, meaning it can't be disabled. Further, it can let Microsoft establish a backdoor into the device it's in.
companies like Cisco and IBM have lost nearly one-fifth of their business in emerging markets because of a loss of trust." Foreign companies are using
their non-U.S. status to advertise themselves as more secure or protective of privacy, Greene remarked. The Other Side of the Story On the other hand,
Cisco's share of the service provider router and carrier Ethernet market bounced back strongly after an unusually weak Q2, primarily because of a strong
performance in the Asia-Pacific and the EMEA regions, SRG Research reported. "Cisco is in a league of its own, with a global presence, credibility and
product range that cannot be matched by its competitors," John Dinsdale, managing director and chief analyst at SRG, told the E-Commerce Times. "When
demand increases, there is only a rather short list of vendors who can satisfy it, and Cisco clearly has the strongest story to tell." In addition, the
allegations that U.S. high-tech firms built backdoors into their products are not true, contended Philip Lieberman, president of Lieberman Software. "I have
never seen any cooperation between U.S.-owned software or hardware manufacturers to insert backdoors into their products for the use of the NSA,"
more we will see U.S. tech companies focusing on distinguishing their products and services with heightened security offerings and working to achieve
legislative reforms that would rein in [surveillance practices]. That's the case with the Reform Government Surveillance Coalition and tech industry trade
associations that represent thousands of companies," New America's Open Technology Institute's Greene added.
[Matthias Bauer, Hosuk Lee-Makiyama, Erik van der Marel, Bert Verschelde, all studying
economic effects of data localization for a commission in Europe. THE COSTS OF DATA LOCALISATION: FRIENDLY
FIRE ON ECONOMIC RECOVERY, http://www.ecipe.org/app/uploads/2014/12/OCC32014__1.pdf, November
2014//Rahul]
The scenarios are calculated using several economic shocks caused by data
restrictions. If new regulations restrict businesses and individuals from using data in a reasonable manner prices of any good
or service that uses data in its production would also increase . For example, the input costs for a
logistics company would increase as they can no longer process data on its customers or shipments using their existing IT suppliers or infrastructure, or
lesser extent also goods) that depends on the use of data for delivery. Thirdly, as the competitiveness of the economy changes, investments (both
will have to pay additionally for sourcing domestic data services by first estimating
the general effect of administrative burden s in data processing services on prices and TFP in each sector of the
economy. Data processing services is an important input for production and by using existing indexes from the OECD measuring administrative barriers
in services over time, we evaluate the extent to which these administrative barriers in data services affect other parts of the economy through the use of
the telecommunications sector is very data intensive (with 31% of its inputs being
, data processing is 5 to 7% of the total
inputs used by business/ICT and financial services.3 The index is then raised based on the regulatory barriers as given in Table 1 for
data services For example,
each country. Not all of these measures are equally restrictive, and their relative importance is therefore weighted according to their relative cost impact.4
By benchmarking the resulting index against the estimate prior to the legislation
and data processing intensities for all sectors, we compute the price and TFP
changes for all sectors in each country as a result of data localisation and
administrative barriers. The second methodology computes cost differences between countries as a result of data localisation
requirements in each of the countries. Two types of data are primarily used namely the Data Centre Risk Index,5 and an empiric observation of cost
differences.6 The first source ranks countries according to a number of risk factors that affect the costs of operating a data centre a ranking that closely
follows the general cost structure across countries of setting up a centre as a consequence of data localisation measures. The observations of actual costs
The third shock occurs on investment, which forms a major driver for economic growth for developing countries in particular. However, as the regulatory
environment imposes more 6 market limitations, investments made by both domestic and foreign entities will decrease. In GTAP8 this is introduced as a
change in rate of return on investments (see Annex II). Furthermore, a final shock occurs as an additional effect on the return on investment, which is
derived from research and development. A survey by Xu, Zhu, Gibbs (2004) provides the share of firms in developed and developing countries
respectively that uses online sales, advertising or electronic data interchanges (EDI).7 These numbers are also consistent with industry reports on the
share of firms that uses CRM (customer relationship management) applications for data mining of their customers.8 The relation between R&D
expenditure and return is given by several studies (notably Hall, Foray, Mairesse, 2009; Ortega, Argils, 2009, Rogers, 2009), based on empirical evidence.
[Richard N. Haass, President of the Council on Foreign Relations, previously served as Director of
Policy Planning for the US State Department (2001-2003), and was President George W. Bush's special envoy to
Northern Ireland and Coordinator for the Future of Afghanistan. The World Without Americahttps://www.projectsyndicate.org/commentary/repairing-the-roots-of-american-power-by-richard-n--haass, April 30th, 2013//Rahul]
The most critical threat facing the United States now and for the
foreseeable future is not a rising China, a reckless North Korea, a nuclear Iran, modern terrorism, or
climate change. Although all of these constitute potential or actual threats, the biggest challenges facing the US
are its burgeoning debt, crumbling infrastructure, second-rate primary and secondary schools, outdated immigration system, and slow
economic growth in short, the domestic foundations of American power. Readers in other countries
Let me posit a radical idea:
may be tempted to react to this judgment with a dose of schadenfreude, finding more than a little satisfaction in Americas difficulties. Such a response
The US and those representing it have been guilty of hubris (the US may often
be the indispensable nation, but it would be better if others pointed this out), and examples of inconsistency between
Americas practices and its principles understandably provoke charges of hypocrisy.
should not be surprising.
When America does not adhere to the principles that it preaches to others, it breeds resentment. But, like most temptations, the urge to gloat at Americas
Most of the worlds citizens communicate with mobile devices based on technology developed in Silicon Valley; likewise, the Internet was made in
America. More recently, new technologies developed in the US greatly increase the ability to extract oil and natural gas from underground formations. This
technology is now making its way around the globe, allowing other societies to increase their energy production and decrease both their reliance on costly
imports and their carbon emissions. The US is also an invaluable source of ideas. Its world-class universities educate a significant percentage of future
may ensure the success of free markets, it is powerless in the world of geopolitics. Order requires the visible hand of leadership to formulate and realize
global responses to global challenges. Dont get me wrong: None of this is meant to suggest that the US can deal effectively with the worlds problems on
its own. Unilateralism rarely works. It is not just that the US lacks the means; the very nature of contemporary global problems suggests that only
collective responses stand a good chance of succeeding. But multilateralism is much easier to advocate than to design and implement. Right now there is
conflict. Political science literature has contributed a moderate degree of attention to the impact of economic decline and the
security and defence behaviour of interdependent states. Research in this vein has been considered at systemic, dyadic and
national levels. Several notable contributions follow. First, on the systemic level, Pollins (2008) advances Modelski and Thompson's
(Werner. 1999). Separately, Pollins (1996) also shows that global economic cycles combined with parallel leadership cycles impact
the likelihood of conflict among major, medium and small powers, although he suggests that the causes and connections between
global economic conditions and security conditions remain unknown. Second, on a dyadic level, Copeland's (1996, 2000) theory of
interdependent states are likely to gain pacific benefits from trade so long as they have an optimistic view of future trade relations.
if the expectations of future trade decline, particularly for difficult to replace items such
as energy resources, the likelihood for conflict increases, as states will be inclined to use
force to gain access to those resources. Crises could potentially be the trigger for
decreased trade expectations either on its own or because it triggers protectionist moves by interdependent
states.4 Third, others have considered the link between economic decline and
external armed conflict at a national level. Blomberg and Hess (2002) find a
strong correlation between internal conflict and external conflict, particularly during
However,
periods of economic downturn. They write: The linkages between internal and external conflict and prosperity are
strong and mutually reinforcing. Economic conflict tends to spawn internal conflict, which in turn returns the favour. Moreover, the
economic scholarship positively correlates economic integration with an increase in the frequency of economic crises, whereas
protectionist
policies barring access to foreign services only invite reciprocal protectionism from ones
trading partners, harming consumers and businesses alike in the process by denying them access to the
appeared over the last two decades, allowing the provision of information services across borders. Moreover,
When goods are not allowed to cross borders, soldiers will." --Frederic Bastiat How soon we
forget. For nearly all of recorded history before 1945 , Europe, today a peaceful and prosperous region
linked by high-speed trains and ridiculously low airfares, was riven by nearly continuous major
conflicts. In the Second World War's aftermath, it was crystal clear to military, political, and
diplomatic leaders on both sides of the Atlantic that the trade protectionism of the previous
several decades in no small measure contributed to that catastrophe. The U.S. State
Department said, in effect, "never again" and drew up a blueprint for the new world trade order, Proposals
for the Expansion of World Trade and Employment, which soon gave rise to the GATT and the beginnings
of the EU. The arrangement succeeded beyond its wildest expectations and ushered in an era of
unparalleled global peace and prosperity. By 1945, the link between trade conflict and armed
conflict had become blindingly obvious. This was nothing new, of course. The Peloponnesian War
saw its genesis in Athens' dependence on the grain from what is now the Ukraine, which necessitated
control of the narrow passages between the Aegean and Black Seas by the Athenian Empire. In the early
seventeenth century Holland and Portugal fought a remarkable world-wide conflict over the trade in
slaves, spices, and sugar. Later in the seventeenth and eighteenth centuries, Britain and Holland fought
no less than four wars, sparked largely by British protectionist legislation--the Navigation Acts. Southern
anger over northern protectionism contributed to the outbreak of the Civil War nearly as much as did
slavery. Those who doubt this would do well to consider that just thirty years before, the two sides nearly
went to war over the Nullification Crisis of 1833, which was itself directly precipitated by the tariff acts of
1828 and 1832. Mr. Fletcher tries his best to ignore this historical inevitability of retaliation to tariff
increases; he asserts that since our trading partners, particularly those in Asia, run persistently high trade
surpluses vis-a-vis the U.S., they would not dare retaliate. There are at least three things wrong with this
argument. First, in the past, it hasn't worked. During the 1930s, for example, all nations, including those
running trade surpluses, pushed up their tariff rates. Second, it ignores one of the prime lessons of human
history: winners often do not remember, while losers never forget. Centuries of humiliation by the
West have scarred the national psyches of both China and India, and serious
misunderstandings can easily ensue. Who controls the Strait of Malacca, through which flows
China's oil supply and European trade? The U.S. Navy. Last, Mr. Fletcher believes that our politicians can
fairly dispense protection broadly across the economy by means of a "flat tariff." Good luck with that :
U.S. trade preferences always have, and always will, go disproportionately to the
prosperous and well connected. Exhibit A: the obscene sugar subsidies and trade preferences meted
out for decades to the wealthy and powerful Fanjul brothers. Do not be misled by those whose naive belief
in the rational self-interest of others will prevent any significant protectionist actions by the United States.
The events of August 1914 demonstrated just how seriously awry the "rational self-interest" of nations can
go, and the Cold War taught us the impossibility of containing even the smallest of
nuclear exchanges. So too has history repeatedly shown that even small tariff increases often
lead to trade wars, and that trade wars can end in Armageddon
the US Director of
National Intelligence has ranked cybercrime as the top national security threat,
higher than that of terrorism, espionage, and weapons of mass destruction .1
strategic assets and information. It is a threat that is nothing short of formidable. In fact,
Underscoring the threat, the FBI last year notified 3,000 US companiesranging from small banks, major defense
hackers engineered a new round of distributed denial of service (DDoS) attacks that can generate traffic rated at a
staggering 400 gigabits per second, the most powerful DDoS assaults to date.
writer for the 2012 edition of the Almanac of American Politics, The NSA Isn't Just
Spying on Us, It's Also Undermining Internet Security, April 29 2014,
http://www.nationaljournal.com/daily/the-nsa-isn-t-just-spying-on-us-it-s-alsoundermining-internet-security-20140429)
Bolstering the nations defenses against hackers has been one of the Obama
administrations top goals. Officials have warned for years that a sophisticated
cyberattack could cripple (destroy) critical infrastructure or allow thieves to make
off with the financial information of millions of Americans. President Obama pushed Congress
to enact cybersecurity legislation, and when it didnt, he issued his own executive order in 2013. The cyber
threat to our nation is one of the most serious economic and national security
challenges we face, Obama wrote in a 2012 op-ed in The Wall Street Journal. But critics argue that the
National Security Agency has actually undermined cybersecurity and made
the United States more vulnerable to hackers. At its core, the problem is the
NSAs dual mission. On one hand, the agency is tasked with securing U.S. networks
and information. On the other hand, the agency must gather intelligence on foreign
threats to national security. Collecting intelligence often means hacking encrypted
communications. Thats nothing new for the NSA; the agency traces its roots back to code-breakers
deciphering Nazi messages during World War II. So in many ways, strong Internet security
actually makes the NSAs job harder. This is an administration that is a vigorous defender of
surveillance, said Christopher Soghoian, the head technologist for the American Civil Liberties Union.
Surveillance at the scale they want requires insecurity. The leaks from
Edward Snowden have revealed a variety of efforts by the NSA to weaken cybersecurity
and hack into networks. Critics say those programs, while helping NSA spying, have
made U.S. networks less secure. According to the leaked documents, the NSA
inserted a so-called back door into at least one encryption standard that
was developed by the National Institute of Standards and Technology. The
NSA could use that back door to spy on suspected terrorists, but the vulnerability
was also available to any other hacker who discovered it. NIST, a Commerce
Department agency, sets scientific and technical standards that are widely
used by both the government and the private sector. The agency has said it would
never deliberately weaken a cryptographic standard, but it remains unclear whether the agency was aware of the
back door or whether the NSA tricked NIST into adopting the compromised standard. NIST is required by law to
Israeli officials have also been tied to Flame, a virus that impersonated a Microsoft update to spy on Iranian
computers. Vanee Vines, an NSA spokeswoman, said the U.S. government is as concerned as the public is with the
security of these products. The United States pursues its intelligence mission with care to ensure that innocent
systems and data, she said. The activity of NSA in setting standards has made the Internet a far safer place to
communicate and do business.
vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our
government weighs a variety of factors, such as the risk of leaving the vulnerability un-patched, the likelihood that
technical consultant who has worked with tech companies and helped The Washington Post with its coverage of the
actions have also made it difficult for the U.S. to set international norms
for cyberconflict. For several years, the U.S. has tried to pressure China to scale
back its cyberspying operations, which allegedly steal trade secrets from U.S.
businesses. Jason Healey, the director of the Cyber Statecraft Initiative at the
Atlantic Council, said the U.S. has militarized cyber policy. The United States
has been saying that the world needs to operate according to certain
norms, he said. It is difficult to get the norms that we want because it
appears to the rest of the world that we only want to follow the norms
that we think are important. Vines, the NSA spokeswoman, emphasized that the NSA would never
hack into foreign networks to give domestic companies a competitive edge (as China is accused of doing). We do
not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf ofor give
intelligence we collect toU.S. companies to enhance their international competitiveness or increase their bottom
line, she said. Jim Lewis, a senior fellow with the Center for Strategic and International Studies, agreed that NSA
spying to stop terrorist attacks is fundamentally different from China stealing business secrets to boost its own
economy. He also said there is widespread misunderstanding of how the NSA works, but he acknowledged that
we write to comment on current discussions with respect to weakening standards, or altering commercial products
and services for intelligence, or law enforcement. Any policy that seeks to weaken technology sold on the
commercial market has many serious downsides, even if it temporarily advances the intelligence and law
we define and
address the risks of installing backdoors in commercial products, introducing
malware and spyware into products, and weaken ing standards. We illustrate that
these are practices that harm Americas cybersecurity posture and put the
resilience of American cyberinfrastructure at risk. We write as a technical society to
enforcement missions of facilitating legal and authorized government surveillance. Specifically,
clarify the potential harm should these strategies be adopted. Whether or not these strategies ever have been used
have the benefit that it becomes easier for U.S. intelligence agencies to conduct
surveillance on targets that use the weakened technology, and more information is available for law
enforcement purposes. On the surface, it would appear these motivations would be reasonable. However, such
strategies also inevitably make it easier for foreign powers, criminals and
terrorists to infiltrate these systems for their own purposes . Moreover,
everyone who uses backdoor technologies may be vulnerable , and not just the handful of
surveillance targets for U.S. intelligence agencies. It is the opinion of IEEE-USAs Committee on Communications
Policy that no entity should act to reduce the security of a product or service sold on the commercial market without
first conducting a careful and methodical risk assessment. A complete risk assessment would consider the interests
A
methodical risk assessment would give proper weight to the asymmetric nature of
cyberthreats, given that technology is equally advanced and ubiquitous in the United States, and the locales of
many of our adversaries. Vulnerable products should be corrected , as needed, based on this
of the large swath of users of the technology who are not the intended targets of government surveillance.
assessment. The next section briefly describes some of the government policies and technical strategies that might
have the undesired side effect of reducing security. The following section discusses why the effect of these practices
may be a decrease, not an increase, in security.
security of commercial products, either positively or negatively. There are a number of methods by
which a government might affect security negatively as a means of facilitating legal government surveillance. One
inexpensive method is to exploit pre-existing weaknesses that are already present in commercial software, while
keeping these weaknesses a secret. Another method is to motivate the designer of a computer or communications
system to make those systems easier for government agencies to access. Motivation may come from direct
mandate or financial incentives. There are many ways that a designer can facilitate government access once so
Two scenarios:
First is retaliation
Cyber-attacks wipe-out the US military---causes nuclear war
Robert Tilford 12, Graduate US Army Airborne School, Ft. Benning, Georgia,
Cyber attackers could shut down the electric grid for the entire east coast 2012,
http://www.examiner.com/article/cyber-attackers-could-easily-shut-down-theelectric-grid-for-the-entire-east-coa
**we reject ableist and offensive language
a cyber attack that can take out a civilian power grid, for example could
also cripple (destroy) the U.S. military. The senator notes that is that the same power grids
that supply cities and towns, stores and gas stations, cell towers and heart monitors also power
every military base in our country. Although bases would be prepared to weather a
short power outage with backup diesel generators, within hours, not days, fuel supplies would run out,
he said. Which means military command and control centers could go dark. Radar
systems that detect air threats to our country would shut Down completely. Communication
between commanders and their troops would also go silent. And many weapons systems
would be left without either fuel or electric power, said Senator Grassley. So in a few
short hours or days, the mightiest military in the world would be left scrambling to
maintain base functions, he said. We contacted the Pentagon and officials confirmed
the threat of a cyber attack is something very real. Top national security officials
To make matters worse
including the Chairman of the Joint Chiefs, the Director of the National Security Agency, the Secretary of Defense, and the CIA
have said, preventing a cyber attack and improving the nations electric grids is among the
most urgent priorities of our country (source: Congressional Record). So how serious is the Pentagon taking all this?
Enough to start, or end a war over it, for sure. A cyber attack today against the US could very well be
seen as an Act of War and could be met with a full scale US military
response. That could include the use of nuclear weapons, if authorized by the President.
Director
Such a dire possibility should well have gotten a wider prominent play in the media.
Yet Admiral Rogers underscored that software detected in China could seriously
damage our nations economic future by interfering with the electric utility power
companies that the citizens of New York, Dallas, Chicago, Detroit and other urban
centers require as the basic life blood of survival. This possibility is a great deal
more dangerous than stealing 76 million names from JP Morgan Chase.
This not a Sci-Fi fantasy being perpetrated as a hoax on the American public. The
NSA head flatly predicted that it is only a matter of the when, not the if, that we
are going to see something traumatic. He admitted NSA was watching multiple
nations invest in this dangerous capability. He called the danger a coming trend,
where our vulnerability will be equivalent to a hole in our software systems that are
unseen by the multinational company, the public utility, the telecom giant, the
defense manufacturer, the Department of Defense.
NATO took the threat seriously enough to organize mock cyber-wargame trials in
Estonia several days ago that indicated the western nations are aware of the need
to fight on a new battlefield where the enemy cannot be seen physically. It was the
largest digital warfare exercise ever attempted, a trial run to test dealing with a new
non-military threat to global security.
Consider the financial damage to our nation from an attack that could shut down
the power systems of major cities. As Forbes pointed out a decade ago, there was a
very great need to spend the money building firewalls around our infrastructures
internet communications network. We are in worse shape today, since NSA chief
Rogers plainly told the congressional intelligence committee last week the Chinese
intelligence services that conduct these attacks have little to fear because we have
no practical deterrents to that threat.
The cyber threat is real. America had better wake up to the need to defend the
cogwheels of our economy from the electronic reconnaissance attacking our
industrial control systems. Public opinion needs to be aroused by the media and
security officials into a threat that no one can see as it is invisible. It is not Soviet
missiles we fear, but inroads by nation states and criminal elements fronting for
them. Our cyber command capabilities are as crucial as our Special Forces in
beating back ISIS and other Islamic terrorists.
were suddenly left in the dark when their electric power failed. More than 500 generating units at 265 power plants shut downa
quiet collapse cascading across the landscape. Most homes and businesses regained power within a day (though some plants took
two weeks to regain full capacity), a quick restoration that was possible primarily because no significant equipment was damaged.
Still, critical national security systems failed. U.S. border check systems were not fully operational, causing a severe backup of truck
traffic on our northern boundary. There were related effects from the outage as well. Water and sewage plants shut down. Gas
stations stopped working, and rail service was curtailed. Many cellular phone providers, radio stations, and television stations lost
servicetheir backup power systems were insufficient. The blackout is estimated to have caused economic losses of $7 to $10
billion [55]. The trigger for this massive blackout was tragically simple: An Ohio utility had failed to properly trim trees near a power
line. American utilities have experience responding to interruptions caused by extreme weather. Even after severe ice storms and
in recent years: In one instance outside the U.S., a power outage was triggered that affected multiple cities; in other instances,
hackers have extorted hundreds of millions of dollars out of their victims [57, 58]. Foreign cyber spies are also a serious concern:
U.S. Homeland Security and Intelligence officials revealed that Chinese and Russian spies have penetrated the U.S. electrical grid
and left behind dormant but malicious software [59]. In 2007, the discovery of what is now known as the Aurora threat revealed
the possibility that sophisticated hackers could seriously dam age the grid by destroying mechanisms downstream from the initial
point of attack. Aurora involves opening and quickly closing a high voltage circuit breaker, which can result in an out-of-synchronism
At military installations
across the country, a myriad of critical systems must be operational 24 hours
a day, 365 days a year. They receive and analyze data to keep us safe from threats,
they provide direction and support to combat troops, and stay ready to provide relief
and recovery services when natural disasters strike or when someone attempts to
attack our homeland. These installations are almost completely dependent on
commercial electrical power delivered through the national electrical grid. When the DSB studied
the 2003 blackout and the condition of the grid, they concluded it is fragile and vulnerable... placing
critical military and homeland defense missions at unacceptable risk of extended
outage. As the resiliency of the grid continues to decline, it increases the potential for an expanded and/ or longer duration
condition that can physically damage rotating equipment connected to the power grid [60-63].
outage from natural events as well as deliberate attack. The DSB noted that the militarys backup power is inadequately sized for its
missions and military bases cannot easily store sufficient fuel supplies to cope with a lengthy or widespread outage. An
military challenge for the United States is not to espouse a specific theory of Americas
role in the world or a certain political philosophy . Such an assessment flows directly from the basic
bipartisan view of American foreign policy makers since World War II that overseas threats must be countered before they can
directly threaten this countrys shores, that the basic stability of the international system is essential to American peace and
And as bad as things are in Iraq today, they could get worse. What would happen if the key Shiite figure, Ali al Sistani, were to die? If
another major attack on the scale of the Golden Mosque bombing hit either side (or, perhaps, both sides at the same time)? Such
deterioration might convince many Americans that the war there truly was lostbut the costs of reaching such a conclusion would
be enormous. Afghanistan is somewhat more stable for the moment, although a major Taliban offensive appears to be in the offing.
re-learning the lost art of counterinsurgency, this is first and foremost a question of finding the resources to field a large-enough
standing Army and Marine Corps to handle personnel intensive missions such as the ones now under way in Iraq and Afghanistan.
Ground
stations are an extremely critical piece of a satellites continued operation. However,
many satellite tracking and control stations are lightly guarded and many satellite
communications, launch, data reception, and control facilities are described in
numerous open-source materials making the ground segment extremely vulnerable
to cyber attack. 88 An attack on a fixed ground facility can stop data transmission,
render launch facilities unusable, and prevent control of satellites. 89 Thus, rendering
segment includes telemetry, tracking, and commanding of space assets and space-launch functions.
affected orbiting satellites inoperative from the communication disruption and creating a risk to other active
A single incident
significantly impact space systems for years .90
could
Solvency
Prohibiting the use and mandate of backdoors by the US solves
security for the government and privacy for individuals
Wyden 15 [Ron Wyden, the senior United States Senator for Oregon, serving since 1996, and a member of
the Democratic Party. He previously served in the United States House of Representatives from 1981 to 1996. Stop
FBI Backdoors for Tech Products, http://readersupportednews.org/opinion2/277-75/27858-stop-fbi-backdoors-fortech-products, January 3rd, 2015//Rahul]
Hardly a week goes by without a new report of some massive data theft that has put
financial information, trade secrets or government records into the hands of computer hackers. The best
defense against these attacks is clear: strong data encryption and more secure
technology systems. The leaders of U.S. intelligence agencies hold a different view. Most
prominently, James Comey, the FBI director, is lobbying Congress to require that electronics
manufacturers create intentional security holes so-called back doors that would
enable the government to access data on every American's cellphone and computer, even if it is protected by
encryption. Unfortunately, there are no magic keys that can be used only by good guys for legitimate reasons.
There is only strong security or weak security . Americans are demanding strong security for their
personal data. Comey and others are suggesting that security features shouldn't be too strong, because this could
you going invest in locks and barbed wire? What these officials are proposing would be bad for personal data
security and bad for business and must be opposed by Congress. In Silicon Valley several weeks ago I convened a
roundtable of executives from America's most innovative tech companies. They made it clear that widespread
availability of data encryption technology is what consumers are demanding. Unfortunately, there are no magic
keys that can be used only by good guys for legitimate reasons. There is only strong security or weak security. It is
also good public policy. For years, officials of intelligence agencies like the NSA, as well as the Department of
Justice, made misleading and outright inaccurate statements to Congress about data surveillance programs not
once, but repeatedly for over a decade. These agencies spied on huge numbers of law-abiding Americans, and their
dragnet surveillance of Americans' data did not make our country safer. Most Americans accept that there are times
their government needs to rely on clandestine methods of intelligence gathering to protect national security and
ensure public safety. But they also expect government agencies and officials to operate within the boundaries of the
law, and they now know how egregiously intelligence agencies abused their trust.
also hurting U.S. technology companies' bottom line, particularly when trying to sell services and
devices in foreign markets. The president's own surveillance review group noted that
concern about U.S. surveillance policies can directly reduce the market share of
U.S. companies. One industry estimate suggests that lost market share will cost just the U.S. cloud
computing sector $21 billion to $35 billion over the next three years. Tech firms are now investing heavily in new
systems, including encryption, to protect consumers from cyber attacks and rebuild the trust of their customers. As
one participant at my roundtable put it, I'd be shocked if anyone in the industry takes the foot off the pedal in
terms of building security and encryption into their products. Was Apple's FairPlay worse for the record labels than
vulnerability. A report last year by a leading cyber security company identified more than 100 intrusions in U.S.
networks from a single cyber espionage unit in Shanghai. As another tech company leader told me, Why
would
we leave a back door lying around? Why indeed. The U.S. House of Representatives
accomplish the same goal, and will again at the start of the next session. Technology is a tool that can be put to
legitimate or illegitimate use. And advances in technology always pose a new challenge to law enforcement
agencies.
Wydens introduction of the the Secure Data Act, which would prohibit the government from
mandating that U.S. companies build backdoors in their products for the purpose of
surveillance. This legislation responds directly to recent comments by U.S. officials, most notably the Federal
Bureau of Investigation (FBI) Director James Comey, chastising Apple and Google for creating encrypted devices to
which law enforcement cannot gain access. Comey and others have argued that U.S. tech companies should design
a way for law enforcement officials to access consumer data stored on those devices. In this environment, the
Secure Data Act is a homerun for security and privacy and is a good step towards reasserting U.S. competitiveness
in building secure systems for a global market. By adopting its position on the issue the FBI is working against its
own goal of preventing cybercrime as well as broader government efforts to improve cybersecurity. Just a few years
Creating
backdoor access for law enforcement fundamentally weakens IT systems because it
creates a new pathway for malicious hackers, foreign governments, and other
unauthorized parties to gain illicit access. Requiring backdoors is a step backwards for companies
ago, the Bureau was counseling people to better encrypt their data to safeguard it from hackers.
actively working to eliminate security vulnerabilities in their products. In this way, security is a lot like a ship at sea,
The better
solution is to patch up all the holes in the system and work to prevent any new
ones. Rather than decreasing security to suit its appetite for surveillance, the FBI should recognize that better
the more holes you put in the systemgovernment mandated or notthe faster it will sink.
security is needed to bolster U.S. defenses against online threats. The Secure Data Act is an important step in that
because it will stop U.S. law enforcement agencies from requiring companies to
introduce vulnerabilities in their products. If this bill is enacted, law enforcement will be forced
to use other means to solve crimes, such as by using metadata from cellular providers, call records,
text messages, and even old-fashioned detective work. This will also allow U.S. tech companies, with
the help of law enforcement, to continue to strengthen their systems, better detect
intrusions, and identify emerging threats . Law enforcement, such as the recently announced U.S.
direction
Department of Justice Cybersecurity Unita unit designed solely to deter, investigate, and prosecute cyber
A change of
course is also necessary to restore the ability of U.S. tech companies to compete
globally, where mistrust has run rampant following the revelations of mass government surveillance. With the
criminals, should work in cooperation with the private sector to create a safer environment online.
113th Congress at an end, Wyden has promised to reintroduce the Data Secure Act again in the next Congress.
Congress should move expediently to advance Senator Wydens bill to promote security and privacy in U.S. devices
and software. Furthermore, as Congress marks up the legislation and considers amendments, it should restrict not
just government access to devices, but also government control of those devices. These efforts will move the efforts
of our law enforcement agencies away from creating cyber vulnerabilities and allow electronics manufacturers to
produce the most secure devices imaginable.
[Danielle Kehl, Senior Policy Analyst at New Americas Open Technology Institute. Kevin Bankston is a
Policy Director at OTI, Robyn Greene is a Policy Counsel at OTI, Robert Morgus is a Research Associate at OTI,
Surveillance Costs: The NSAs Impact on the Economy, Internet Freedom & Cybersecurity, July 2014, pg 40-1]
The U.S. government should not require or request that new surveillance
capabilities or security vulnerabilities be built into communications technologies and
services, even if these are intended only to facilitate lawful surveillance. There is a great deal of
evidence that backdoors fundamentally weaken the security of hardware and
software, regardless of whether only the NSA purportedly knows about said vulnerabilities, as some of the
documents suggest. A policy state- ment from the Internet Engineering Task Force in 2000 emphasized that
adding
Lofgren (D-CA) and Rush Holt (D-NJ) would have prohibited inserting these kinds of vulnerabilities outright. 360
The Lofgren-Holt proposal aimed to prevent the funding of any intelligence agency,
intelligence program, or intelligence related activity that mandates or requests that a
device manufacturer, software developer, or standards organization build in a backdoor to circumvent
the encryption or privacy protections of its products , unless there is statutory authority to make
such a mandate or request. 361 Although that measure was not adopted as part of the NDAA, a similar
amendment sponsored by Lofgren along with Representatives Jim Sensenbrenner (D-WI) and Thomas Massie (R-KY),
did make it into the House-approved version of the NDAAwith the support of Internet companies and privacy organizations 362 passing on an overwhelming vote of 293 to 123. 363 Like Representative Graysons amendment on
NSAs consultations with NIST around encryption, it remains to be seen whether this amendment will end up in the
security flaws that may be exploited by a variety of bad actors. A clear policy
against such vulnerability mandates is necessary to restore international trust in
U.S. companies and technologies.
2ac Add-ons
US-China Relations
2ac
Stopping backdoors key to stop Chinese hackers
Protalinski 12 [Emil Protalinski is a freelance journalist writing for CNET and ZDNet. Over the years, he has
covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot. Former Pentagon
analyst: China has backdoors to 80% of telecoms, http://www.zdnet.com/article/former-pentagon-analyst-chinahas-backdoors-to-80-of-telecoms/, July 14th, 2012//Rahul]
As a consequence,
sources say that any information traversing "any" Huawei equipped network isn't
safe unless it has military encryption. One source warned, "even then, there is no doubt that the
outside China, but by 2009 it had grown to be one of the largest, second only to Ericsson.
Chinese are working very hard to decipher anything encrypted that they intercept." Sources add that most
corporate telecommunications networks use "pretty light encryption" on their virtual private networks, or VPNs. I
found about Maloof's report via this week's edition of The CyberJungle podcast. Here's my rough transcription of
install in about 145 countries around in the world, and in 45 of the top 50 telecom centers around the world, the
potential for backdooring into data. Proprietary information could be not only spied upon but also could be altered
and in some cases could be sabotaged. That's coming from technical experts who know Huawei, they know the
company and they know the Chinese. Since that story came out I've done a subsequent one in which sources tell
me that it's giving Chinese access to approximately 80 percent of the world telecoms and it's working on the other
Even if you manage to avoid Chinese products (good luck!), your firm
still isn't safe. That's because the electronic intrusions are supposedly done
remotely through the use of the commercial networks set up by Huawei and ZTE that they have
20 percent now.
established in numerous countries. For example, companies communicating using VPNs with partner companies in
countries where Huawei and ZTE have installed network equipment are potentially compromised, according to
Maloof's sources. Not only do Huawei and ZTE power telecom infrastructure all around the world, but they're still
growing. The two firms are the main beneficiaries for vtelecommunication projects taking place in Malaysia with
DiGi, Globe in the Philippines, Megafon in Russia, Etisalat in the United Arab Emirates, America Movil in a number of
countries, Tele Norte in Brazil, and Reliance in India. These deals are being struck because the equipment produced
by Huawei and ZTE Corporation is reportedly subsidized by the Chinese government. State-backed Chinese banks
supply national telecommunications infrastructure and don't seek payment on any of the equipment for years,
U.S. allegations that six Chinese citizens stole trade secrets threatens to deal a fresh
knock to relations between the worlds two largest economies, as the charges point to growing
American scrutiny of suspected economic espionage from China. Experts say the case,
announced by the Justice Department this week, signals Washingtons stiffer stance over an issue
that has already frayed ties with Beijing. It marks the latest instance that the U.S. has accused
Chinese nationals with ties to the government of stealing corporate secrets. U.S. prosecutors say the defendants,
who include three professors at Chinas state-controlled Tianjin University, stole sensitive wireless technology to
benefit their commercial joint venture with the school. A Tianjin University spokeswoman said the school is looking
Jing, an expert on U.S.-China relations at the Lee Kuan Yew School of Public Policy in Singapore. If such theft is
found to be state-sponsored, it would do serious damage to the bilateral relationship. A spokesman for Chinas
Foreign Ministry said Wednesday that Beijing opposed theft of intellectual property, reiterating the governments
longstanding position, but declined to say whether
indictment.
China is severely concerned over this case, spokesman Hong Lei said at a daily briefing. The
Chinese government will make sure the rights and interests of Chinese citizens are guaranteed during their
interactions with American personnel. The six defendants couldnt be reached to comment. One year ago, the U.S.
Justice Department brought charges against five Chinese military employees on suspicion of hacking into U.S.
companies to steal trade secrets. It was the first time Washington had publicly charged employees of a foreign
in a U.S.-China working group on cybersecurity. The latest charges come amid a heightened Justice Department
focus on economic espionage, following a 2013 report by a U.S. commission on intellectual-property theft that
accused China of being responsible for as much as 80% of the intellectual-property theft against U.S. companies.
Last year the U.S. won convictions of two engineers who allegedly stole secrets to manufacturing a white pigment
from DuPont Co. and sold them to a Chinese state-owned company. Lawyers say most violations of intellectualproperty rights appear to be the work of individuals sniffing a quick buck. Many opportunistic people see China as
the place to make things happen, and theyre willing to risk potential criminal liability, said Benjamin Bai, a partner
at Allen & Overy in Shanghai who specializes in intellectual property rights and trade-secret protection cases.
There are tons of money floating around in China seeking technology ventures. Among the six defendants named
this week, three had studied at the University of Southern California, where they received graduate degrees in
electrical engineering in 2006, before going on to work for U.S. technology firms, including Avago Technologies and
Skyworks Solutions Inc. (Avago and Skyworks didnt respond to requests for comment.) Two of the men later took up
professorships at Tianjin Universitys Precision Instrument Engineering Department. They and their alleged coconspirators also filed patents in the U.S. and China that prosecutors say were based on stolen technology and used
to benefit ROFS Microsystem, a joint venture they founded with the university. One of the professors, Zhang Hao,
was arrested by U.S. authorities on May 16 after arriving in Los Angeles from China. The other five defendants were
believed to be in China. ROFS, based in the northeastern city of Tianjin, was founded in 2011, has 86 million yuan
(about $13 million) in registered capital and has 27,000 square meters of research and production space, according
to its corporate records and website. Phone calls to the company went unanswered. ROFS had applied for four
patents with Chinas State Intellectual Property Office, a search of the agencys patent database showed. One of the
patents was related to film bulk-wave-resonator technology, though it wasnt clear whether it contained any of the
technology covered by the indictment. Avago and Skyworks supply components based on the technology to Apple
Inc. for its iPhone, among other devices. In the latest business climate survey by the American Chamber of
Commerce in China, nearly 80% of the 447 respondents described Beijings enforcement of intellectual-property
rights laws as ineffective or very ineffective, although 86% of respondents felt that enforcement efforts have
improved over the past five years. China needs to establish a strong legal system in this regard, said Mr. Huang,
of the Lee Kuan Yew School. What the U.S. government is doing canin the long runhelp to protect Chinese
interests, which can only suffer if intellectual property rights arent respected. The case, meanwhile, has divided
opinion among Chinese social-media users. Some lamented Chinas reputation for intellectual-property theft, while
characterization of the Obama administrations relative rebalancing of focus toward Asia as a pivot a word never
used by the president with military connotations. In fact, the new effort was only meant to be a constructive
reaffirmation of the unchanged reality that the US is both a Pacific and Atlantic power. Taking all these factors into
the real threat to a stable US-China relationship does not currently arise from
any hostile intentions on the part of either country, but from the disturbing
possibility that a revitalized Asia may slide into the kind of nationalistic fervor that
precipitated conflicts in 20th-century Europe over resources, territory, or power. There are
plenty of potential flash points: North Korea vs. South Korea, China vs. Japan, China vs. India,
or India vs. Pakistan. The danger is that if governments incite or allow nationalistic fervor as a kind of safety
valve it can spin out of control. In such a potentially explosive context, US political and economic
involvement in Asia can be a crucially needed stabilizing factor. Indeed, Americas current
account,
role in Asia should be analogous to Great Britains role in 19th-century Europe as a constructive off-shore
balancing influence with no entanglements in the regions rivalries and no attempt to attain domination over the
region. To be effective, constructive and strategically sensitive engagement in Asia by the US must not be based
solely on its existing alliances with democratic Japan and South Korea which is in
Chinas interests
because of its stabilizing impact. Engagement must also mean institutionalizing American and Chinese
cooperation. Accordingly, America and China should very deliberatively not let their economic competition turn into
the US. History can avoid repeating the calamitous conflicts of the 20th century if America is present in Asia as
stabilizer not a would-be policeman and if China becomes the preeminent, but not domineering, power in the
region. In January 2011, President Obama and now-departing Chinese President Hu Jintao met and issued a
[F. Michael Maloof, contributing writer for national security affairs for WND and G2Bulletin, is a
former senior security policy analyst, CHINA TECH COMPANY BRAGS: WE HACKED U.S. TELECOMS,
http://www.wnd.com/2012/06/china-tech-company-admits-hacking-u-s-telecoms/, June 14th, 2012//Rahul]
degradation of the signal. The challenge really is dealing with the volume of traffic in high speed links but, with
advanced software, folks managing DPI appliances in networks have the capability of using advanced techniques
such as protocol identification to strip out the stuff they want, the source added. When I say strip out, in the
Chinese sense, I mean intercept and copy. Huaweis DPI presentation also referred to detecting and controlling
illegal applications and referred to VPNs as an example. VPNs are a traditional way that users can bypass
content security measures and provide secure access to corporate and government networks. The Huawei DPI
presentation also referred to identifying and restricting URLs, or uniform resource locators, in which it can see and
control everything that a computer user looks at online. While the DPI brief referred to porn, illegal, violent (sic)
and gambling as URLs that Huawei can block, the source said the company was very clearly using that capability
for its own activities and, once the technology is deployed, these applications can be remotely accessed. So, a
network that (Huawei) monitors potentially without the carriers knowledge in South America, Malaysia, Indonesia,
Saudi Arabia, Botswana or even Virginia can be remotely and surreptitiously monitored and potentially controlled,
Huawei also referred to the mundane term traffic mirroring, which the
source said is plain and simple data interception. Because Huawei is involved in mirroring
intercepting data the source added if the Chinese company can routinely do such mirroring
remotely, then any network that contains Huawei equipment by extension would be
capable of this activity. In this regard, the source said he and his company were tasked with doing a major
the source said.
network assessment for a countrys telecommunications system. During that assessment, the source said, there
was inadvertently discovered undocumented administrator accounts in all of the Huawei core network routers.
When equipment is shipped, the source said, it comes with default passwords and these are usually changed to
unique company standards. As part of sources assessment procedure, the source checked and ran a nonstandard routine to identify all of the user accounts and that was how we inadvertently discovered the second and
suspected remotely, as nothing was showing in the router logs to indicate how it happened or that they ever
existed in the first place. He said that Huawei has special teams of Chinese engineers who fly in, often in chartered
jets, when a network experiences certain technical problems but the network equipment never is allowed to be
examined or fixed locally. The source said that such technology also could be used to intercept communications in
intercontinental undersea cables deployed at 3,000 meters (9,843 feet) under the sea. He said that Huawei Marine,
which is rolling out thousands of miles of intercontinental communications cable beneath the seas, complete with
deep-sea fiber optic boosters every 50 miles, can very easily conduct covert, DPI surveillance, entirely undetected.
Embedding these capabilities in any network means(that) they can then intercept and control those networks in
any way they like, the source said. I am so worried about Chinese cyber warfare threats, their abilities to monitor
and remotely shut down international communications networks, including critical infrastructure networks in
Western countries. Forget just looking for malicious code, he said. They
Successful
penetration of a supply chain such as that for the telecommunications industry has
the potential to cause the catastrophic failure of systems and networks supporting
critical infrastructure for national security or public safety, the report said. Potential effects include
of supply chains for electronics supporting US. military, government and civilian industry.
providing an adversary with capabilities to gain covert access and monitoring of sensitive systems, to degrade a
systems mission effectiveness, or to insert false information or instructions that could cause premature failure or
complete remote control or destruction of the targeted system. The report, titled Occupying the Information High
Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, said that many of the
findings actually came from Chinese source materials including authoritative PLA publications. The report
the Chinese
government could use to enter remotely into telecommunications systems and
computers linked to them to gain undetected access to sensitive data . Chinese
specifically had singled out Huawei and ZTE Corp. as examples of high technology companies
capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military
operations in the event of a conflict, the congressional report said. PLA analysts consistently identify logistics and
C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly
attempt to target these systems with both electronic countermeasure weapons and network attack and exploitation
tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict. The C4ISR
infrastructure referred to in the congressional report is command, control, communications, intelligence,
surveillance and reconnaissance. Sources report that the giant telecommunications companies Huawei and ZTE
would give the PLA such access. The problem for the U.S. is that the effects of preemptive penetrations may not be
which definitive attribution is lacking. Beijing, understanding this, may seek to exploit this gray area in U.S.
policymaking and legal frameworks to create delays in U.S. command decision making. The report also detailed
the potential risks to the U.S. telecommunications supply chain in which hardware is exposed to innumerable points
of possible tampering and must rely on rigorous and often expensive testing to ensure that the semiconductors
being delivered are trustworthy and will perform properly. Such components obtained from China through U.S.
defense contractors, however, often are untested, raising the high prospect of compromising U.S. systems and
1ar-Backdoors Solve
Backdoors key to resolve security concerns over hacking
Connor-Simons 15 (Adam Connor-Simons, Communications Coordinator at
Massachusetts Institute of Technology (MIT), CSAIL report: Giving government
special access to data poses major security risks, July 7 2015,
http://newsoffice.mit.edu/2015/csail-report-government-access-data-major-securityrisks-0707)
That was the impetus for a report titled Keys under doormats: Mandating
insecurity by requiring government access to all data and communications
published today by security experts from MITs Computer Science and Artificial
Intelligence Lab (CSAIL), alongside other leading researchers from the U.S. and the
U.K.
The report argues that such mechanisms pose far more grave security risks,
imperil innovation on which the worlds economies depend, and raise more thorny
policy issues than we could have imagined when the Internet was in its infancy.
The team warns that rushing to create a legislative proposal is dangerous until
security specialists are able to evaluate a comprehensive technical solution that has
been carefully analyzed for vulnerabilities.
CSAIL contributors to the report include professors Hal Abelson and Ron Rivest, PhD
student Michael Specter, Information Services and Technology network manager Jeff
Schiller, and principal research scientist Daniel Weitzner, who spearheaded the work
as director of MITs Cybersecurity and Internet Policy Research Initiative, an
interdisciplinary program funded by a $15 million grant from the Hewlett
Foundation.
The group also includes cryptography expert Bruce Schneier and researchers from
Stanford University, Columbia University, Cambridge University, Johns Hopkins
University, Microsoft Research, SRI International, and Worcester Polytechnic
Institute.
Not-so-exceptional access
In October, FBI Director James Comey called for what is often described as
exceptional access namely, that computer systems should be able to provide
access to the plaintext of encrypted information, in transit or stored on a device, at
the request of authorized law enforcement agencies.
The research team outlines three reasons why this approach would worsen the
already-shaky current state of cybersecurity.
First, it would require preserving private keys that could be compromised not only
by law enforcement, but by anyone who is able to hack into them. This represents a
180-degree reversal from state-of-the-art security practices like forward secrecy,
in which decryption keys are deleted immediately after use.
1ar-Impact-Japan War
China and Japan war draws in US goes nuclear
John Blaxland 13, Senior Fellow at the Strategic and Defence Studies Centre, the
Australian National University, and Rikki Kersten, Professor of modern Japanese
political history in the School of International, Political and Strategic Studies at the
College of Asia and the Pacific, the Australian National University, 2/13/13,
Escalating territorial tension in East Asia echoes Europes descent into world war,
http://www.eastasiaforum.org/2013/02/13/escalating-territorial-tension-in-east-asiaechoes-europes-descent-into-world-war/
activation of Chinese weapons radars aimed at Japanese military platforms
around the Senkaku/Diaoyu Islands is the latest in a series of incidents in which China has
asserted its power and authority at the expense of its neighbours. The radars cue supersonic missile systems
and give those on the receiving end only a split second to respond . With Japanese law
empowering local military commanders with increased discretion to respond (thanks to North Koreas
earlier provocations), such incidents could easily escalate . In an era of well-established UN-related
The recent
adjudication bodies like the International Court of Justice (ICJ), how has it come to this? These incidents
handled locally or successfully defused by diplomats from countries with alliances that appeared to guarantee the
peace. After all, never before had the world been so interconnected thanks to advanced communications
Germanys dissatisfaction with the constraints under which it operated arguably was a principal cause of war in
1914. Similarly, Japans dissatisfaction helped trigger massive conflict a generation later. A century on, many of
the same observations can be made in East Asia. Chinas rise is coupled with a disturbing surge in
jingoism across East and Southeast Asia. China resents the territorial resolution of World War II, in which the United
States handed responsibility for the Senkaku/Diaoyu islands to Japan while large chunks of the South China Sea
were claimed and occupied by countries that emerged in Southeast Asias post-colonial order. Oil and gas reserves
are attractive reasons for China to assert itself, but challenging the US place in East Asian waters is the main
objective. China resents American re-balancing as an attempt at containment, even though US dependence on
Chinese trade and finance makes that notion implausible. China is pushing the boundaries of the accepted postSecond World War order championed by the United States and embodied by the UN. Chinas rapid rise and long-
Chinas
assertiveness is driving regional states closer into the arms of the United States.
Intimidation and assertive maritime acts have been carried out , ostensibly by elements not
held grievances mean its powerbrokers are reluctant to use institutions like the ICJ. But
linked to Chinas armed forces. Chinas white-painted Chinese Maritime Services and Fisheries Law Enforcement
Command vessels operating in the South China Sea and around the Senkaku/Diaoyu islands have evoked strong
Japans recent allegation that China used active radars is a significant escalation.
could trigger a stronger reaction from Japan . China looks
increasingly as if it is not prepared to abide by UN-related conventions . International law has
reactions. But
been established mostly by powers China sees as having exploited it during its century of humiliation. Yet
arguably, it is in the defence of these international institutions that the peaceful rise of China is most likely to be
Chinas refusal to submit to such mechanisms as the ICJ increases the prospect of
conflict. For the moment, Japans conservative prime minister will need to exercise great skill
and restraint in managing domestic fear and resentment over Chinas assertiveness and the militarys hairtrigger defence powers. A near-term escalation cannot be ruled out . After all, Japan recognises that
China is not yet ready to inflict a major military defeat on Japan without resorting to
nuclear weapons and without triggering a damaging response from the U nited S tates.
assured.
And Japan does not want to enter into such a conflict without strong US support, at least akin to the discreet
support given to Britain in the Falklands War in 1982. Consequently, Japan may see an escalation sooner rather
Chinas domestic
environment has nurtured jingoism. The Chinese state has built up the publics appetite for vengeance
than later as being in its interests, particularly if China appears the aggressor.
against Japan by manipulating films and history textbooks. On the other hand, Chinese authorities recognise that
it is
prudent to exercise some restraint to avoid an overwhelming and catastrophic
response . If the 191418 war taught us anything, it is that the outcome of wars is rarely as
proponents conceived at the outset .
the peaceful rise advocated by Deng Xiaoping is not yet complete (militarily at least). In the meantime
1ar-Impact-Korean War
Korean war goes nuclear miscalc
Steven Metz 13, Chairman of the Regional Strategy and Planning Department and
Research Professor of National Security Affairs at the Strategic Studies Institute,
3/13/13, Strategic Horizons: Thinking the Unthinkable on a Second Korean War,
http://www.worldpoliticsreview.com/articles/12786/strategic-horizons-thinking-theunthinkable-on-a-second-korean-war
North Korea is the most dangerous country on earth and the greatest threat to
U.S. security. For years, the bizarre regime in Pyongyang has issued an unending stream of claims that a U.S. and South
Today,
Korean invasion is imminent, while declaring that it will defeat this offensive just as -- according to official propaganda -- it overcame
against Pyongyang. Even China, North Korea's long-standing benefactor and protector, went along. Convulsed by anger,
Pyongyang then threatened a pre-emptive nuclear strike against the U nited States and
South Korea, abrogated the 1953 armistice that ended the Korean War and cut off the North-South hotline
installed in 1971 to help avoid an escalation of tensions between the two neighbors. A spokesman for the North Korean Foreign
Ministry asserted that a second Korean War is unavoidable. He might be right; for the first time, an official statement from the North
reasonable, or it could be some sort of internal power struggle within the North Korean regime invisible to the outside world.
While we cannot know whether the recent round of threats from Pyongyang is serious or simply
more of the same old lathering, it would be prudent to think the unthinkable and reason
through what a war instigated by a fearful and delusional North Korean regime might mean for U.S. security. The second
Korean War could begin with missile strikes against South Korean, Japanese or U.S.
targets, or with a combination of missile strikes and a major conventional invasion of the South -- something North Korea has
prepared for many decades. Early attacks might include nuclear weapons , but even if they didn't, the
United States would probably move quickly to destroy any existing North Korean nuclear weapons and ballistic missiles. The
war itself would be extremely costly and probably long. North Korea is the most militarized society on
earth. Its armed forces are backward but huge. It's hard to tell whether the North Korean people, having been fed a steady diet of
propaganda based on adulation of the Kim regime, would resist U.S. and South Korean forces that entered the North or be thankful
for relief from their brutally parasitic rulers. As the conflict in Iraq showed, the United States and its allies should prepare for
widespread, protracted resistance even while hoping it doesn't occur. Extended guerrilla operations and insurgency could potentially
last for years following the defeat of North Korea's conventional military. North Korea would need massive relief, as would South
Korea and Japan if Pyongyang used nuclear weapons. Stabilizing North Korea and developing an effective and peaceful regime would
The second
Korean War would force military mobilization in the United States. This would initially involve the
military's existing reserve component, but it would probably ultimately require a major expansion of the
U.S. military and hence a draft . The military's training infrastructure and the defense industrial base would have to
grow. This would be a body blow to efforts to cut government spending in the United States
require a lengthy occupation, whether U.S.-dominated or with the United States as a major contributor.
and postpone serious deficit reduction for some time , even if Washington increased
taxes to help fund the war. Moreover, a second Korean conflict would shock the global
economy and potentially have destabilizing effects outside Northeast Asia . Eventually, though,
the United States and its allies would defeat the North Korean military. At that point it would be impossible for the United States to
simply re-establish the status quo ante bellum as it did after the first Korean War. The Kim regime is too unpredictable, desperate
and dangerous to tolerate. Hence regime change and a permanent ending to the threat from North Korea would have to be
America's strategic objective. China would pose the most pressing and serious challenge to such a transformation of North Korea.
After all, Beijing's intervention saved North Korean dictator Kim Il Sung after he invaded South Korea in the 1950s, and Chinese
assistance has kept the subsequent members of the Kim family dictatorship in power. Since the second Korean War would invariably
begin like the first one -- with North Korean aggression -- hopefully China has matured enough as a great power to allow the world to
remove its dangerous allies this time. If the war began with out-of-the-blue North Korean missile strikes, China could conceivably
even contribute to a multinational operation to remove the Kim regime. Still, China would vehemently oppose a long-term U.S.
military presence in North Korea or a unified Korea allied with the United States. One way around this might be a grand bargain
leaving a unified but neutral Korea. However appealing this might be, Korea might hesitate to adopt neutrality as it sits just across
the Yalu River from a China that tends to claim all territory that it controlled at any point in its history. If the aftermath of the
Germany was heavily involved in the Russian economy and had extensive trade and financial ties with France and Great Britain. It is
not inconceivable then, that after the second Korean War, U.S.-China relations would be antagonistic and hostile at the same time
that the two continued mutual trade and investment. Stranger things have happened in statecraft.
Case
Cyberattack Adv.
Everywhere I go I see the same issues, so this is not so much a company-bycompany issue as it is an industry culture issue, says Mustard, an ISA99 Security
Standards Committee member and an important contributor to the development of
the ISA99/IEC 62443 industrial cybersecurity standards. So much work has been
done in the IT world on security that many believe they have mitigated the risks.
For example, most security experts at the NIST (National Institute of Standards and
Technology) meetings on the US Cybersecurity Framework could not understand
why we were still discussing the most basic security controls, but yet a visit to
almost any critical infrastructure facility will reveal that while there may be
established policies and procedures in place, they are not properly embedded into
training and the operational culture. Too many owner/operators I meet believe that
because they have not seen a cybersecurity-based incident themselves that it will
never happen. This sort of complacency is why there will be a major incident.
Mustard points to the steady flow of cyberattacks on industrial automation control
systems (IACS) and supervisory control and data acquisition (SCADA) networks
being tracked by the Repository of Industrial Security Incidents (RISI).
There have been many incidents in the past 10-15 years that can be traced back to
insufficient cybersecurity measures, he says. There are many every year, most of
which escape public notice. In fact, its widely believed that there are many more
that are never reported, he discloses. The RISI analysis shows time and again that
these incidents are generally the result of the same basic cybersecurity control
failures. It is often only the presence of external failsafe and protection mechanisms
that these incidents do not lead to more catastrophic consequences. Many use
these protection mechanisms to argue that the concern over the consequences of
cyberattack is exaggerated, and yet incidents such as Deepwater Horizon should
teach us that these protection mechanisms can and do fail.
Though some plants are able to detect and correct the intrusion, and most of the
infected plants have protective hardware making the intended attack method
unviable, as many as 70 plants in the eastern U.S. are infected in the scenario.
The report then describes the havoc that the attackers would be able to unleash
during a peak summer demand period.
The hackers covertly and systematically disable safety systems which would
usually protect the generators from desynchronisation events. They send control
signals which open and close the generators rotating circuit breakers in quick
succession, using the inertia of the generator itself to force the phase angle
between supply and load out of sync. The impacted generators begin to catch fire
and pour smoke; some are partially destroyed as the engine blows apart. One gas
turbine facility is completely destroyed in an explosion resulting from the generator
fire.
Long-Term Damage
The result would be a blackout affecting 93 million people in 15 northeastern states
and the District of Colombia. Though power could be partially restored in a few
days, many areas, such as New York City, would suffer intermittent blackouts for
weeks afterward, resulting in widespread social unrest and disruptions. Economic
costs could reach as high as $223 billion, with the overall damage to the U.S.
economy as much as $1 trillion in the worst-case scenario.
Though the likelihood of such a disaster is remote, the report notes that the attack
is within the capabilities of a number of nation-states such as North Korea, which
has been blamed for the December 2014 hacking of computer systems at Korea
Hydro and Nuclear Power Co., the operator of South Koreas 23 commercial nuclear
reactors. Other attacks on power system infrastructure have been blamed on
hackers operating out of China and Russia.
Andrew Coburn, director of the advisory board of the Cambridge Centre for Risk
Studies, cautioned against panic despite the dire scenario in the report. Although
academic literature suggests that a variety of cyber-physical attacks against electric
grids are possible, it would be very difficult to carry them out at scale because of
the enormous amount of time and skills involved to overcome the defences that are
already in place.
Still, other observers note that the power sectors biggest cybersecurity challenge is
overcoming complacency. Cybersecurity expert Steve Mustard with the
International Society of Automation remarked on this problem at a presentation last
year.
Too many owner/operators I meet believe that because they have not seen a
cybersecurity-based incident themselves that it will never happen, Mustard said.
This sort of complacency is why there will be a major incident.
tirelessly to make their way in and around massive computer systems that house
billions of personal details and financial data. It is just a matter of time that a group
of them will launch something bigger than we have ever seen and we are just not
ready for that. As Lee writes in The Gauardian, But dont count on companies or
the Feds to prevent the Big One. Because they are just as lost as we are.
A whopping 57% of chief executives have not been trained on what to do after a
data breach, according to a report by HP. And more than 70% of executives think
their companies only partially understand the risks. Buying antivirus software is one
thing; deploying an effective strategy is quite another. However, companies dont
even want to admit they were hacked in the first place.
Both private sector business and the United States government need to sit down
and take this situation more seriously, otherwise, we could have a fallout that could
bring financial ruin to many.
short-term glitch in United Airlines computer system grounded 4,900 flights and
delayed travel across the country.
At the same time, an update gone wrong shut down the New York Stock Exchange
for four hours and brought trading to a standstill. And you can believe that hackers
are busy trying to replicate that kind of situation.
The FBI recently caught three Russian spies trying to trigger a Flash Crash in the
stock market like the one in 2010. That happened when computers trading at
millisecond speeds over-corrected and dropped the Dow Jones 1,000 points in
minutes.
And even if hackers dont attack Wall Street directly, weve seen in the past that
incorrect information posted on Twitter can cause major panic. In 2013, the Syrian
Electronic Army hacked the Associated Press Twitter account and tweeted that there
had been an explosion at the White House and President Obama was injured. This
caused panic trading that created a temporary loss of around $136.5 billion in the
S&P.
Speaking of the White House, hackers have been poking around its unclassified
networks for years. I dont doubt theyll get into the classified section one of these
days. Who knows what information theyll find that helps them launch an attack.
I think Ive proved my point about the various ways hackers could launch a
cyberattack that causes major disruption. However, there are two more surprising
avenues that you might not have considered.
Back in 2014, hackers knocked a radio station in Louisiana off the air, which is
worrying since radio is one of the fallback ways to get information when everything
else goes down. The radio station in question was running unsecure Windows XP
computers, so it made the hackers job easier. However, its still evidence that
hackers can get to just about anything.
If hackers cant attack electronically, they might stoop to something a bit cruder.
Theres been a rash of instances where hackers have cut Internet cables manually.
San Francisco had an Internet outage recently after vandals broke into a secure
vault and cut a major Internet backbone cable.
Cyber now
Tett 7/9 (Jillian, British author and award-winning journalist at the Financial Times,
where she is a markets and finance columnist and U.S. Managing Editor, Prepare
for more cyber attacks on US, July 9 2015, http://www.ft.com/cms/s/0/7c2384de2569-11e5-bd83-71cb60e8f08c.html)
Another week, another wave of cyber alarm in America. On Wednesday both the
New York Stock Exchange and United Airlines suspended activity for several hours
due to mysterious computing problems, while the Wall Street Journals website
briefly went down. All three insisted that the outages reflected technical hitches, not
malicious attack. But many are anxious after past assaults on mighty American
companies and agencies.
In February Anthem, an insurance company, revealed that cyber hackers had stolen
information on 80m customers. The Washington-based Office of Personnel
Management said cyber hackers had taken data on millions of federal employees.
Companies ranging from retailers to banks have been attacked, too.
On Wednesday just as the NYSE was frozen Cambridge university and Lloyds
insurance group released a report suggesting that if a cyber assault breached
Americas electrical grid, this could create $1tn dollars of damage. A few minutes
later, James Comey, the FBI director, told Congress that it is struggling to crack
encryption tools used by jihadis. In May, Mr Comey said Islamic terrorists were
waking up to the idea of using malware to attack critical infrastructure. It is scary
stuff.
The key issue that investors, politicians and voters need to ponder is not simply who
might be the next target, but whether Washington has the right system in place to
handle these attacks. The answer is almost certainly No.
On paper, there is no shortage of resources; earlier this year, for example, President
Barack Obama earmarked $14bn for the cyber fight. But the key problem now is not
so much a lack of cash but co-ordination: as fear spreads, a bewildering alphabet
soup of different agencies and task forces is leaping into cyber battle, often with
little collaboration. The institution that is supposed to be in charge of security
threats is the Department of Homeland Security. But its skills are viewed with
scepticism by military officials. The Pentagon has its own cyber warriors, as do
Americas intelligence agencies.
The White House has tried to force these bodies to work together. Separately,
civilian agencies such as Nuclear Regulatory Commission started holding discreet
meetings with each other last autumn on cyber issues too. But collaboration across
sectors is patchy. The level of readiness in different agencies varies enormously,
admits a senior Washington figure at the centre of these efforts. Add in private
sector bodies and the picture is even worse: not only is the Pentagon wary of
sharing data with, say, the Chamber of Commerce, but companies are often terrified
of revealing attacks to each other.
widely publicized incident in Greece, intruders gained access to the interception capabilities designed for use by law
enforcement. The phone calls of the Prime Minister and over one hundred other high-ranking government officials
were illegally wiretapped, and the perpetrators were never caught.27 The risks of using backdoors are a main
theme of cryptography expert Susan Landaus recent book entitled, Surveillance or Security? The Risks Posed by
New Wiretapping Technologies. 28 As Landau documents, backdoors intended to facilitate government surveillance
can pose security problems that exceed the benefits received from the information collected.
consider the Wikileaks disclosures in 2011. The leak of hundreds of thousands of U.S. government classified
messages, allegedly from an insider, exemplifies the difficulty of keeping secrets in the Inter- net age.130 In
assessing the likelihood of backdoors in the globally standard encryption systems, it is highly significant that no
backdoors have been discovered in globally used encryption standards since the 1999 shift in U.S. encryption
policy.131 In our modern Wikileaks world, with so many potential attackers, this lack of discovered backdoors is
severe civil and criminal penalties across the world, in addition to irreparable
damage to its brand name, loss of consumer trust, and drop in market value . The
companies incentives thus provide important security for users of the commercial cryptosystem. This analysis
illustrates the difficulty of maintaining a secret backdoor in encryption systems and
other widely used software that is subject to public scrutiny . Because modern
cryptosystems are subject to repeated attacks by a wide range of sophisticated
attackers, the likelihood of a backdoor remaining secret over time is low .133
by an earthquake or tornado
In Japan, it was a one-two punch: first the earthquake, then the tsunami. Tokyo Electric Power Co., the operator of the crippled plant, found other ways to cool the reactor core and so far avert a full-
scale meltdown without electricity. "Clearly the coping duration is an issue on the table now," said Biff Bradley, director of risk assessment for the Nuclear Energy Institute. "The industry and the Nuclear Regulatory Commission will
have to go back in light of what we just observed and rethink station blackout duration." David Lochbaum, a former plant engineer and nuclear safety director at the advocacy group Union of Concerned Scientists, put it another way:
"
Japan shows what happens when you play beat-the-clock and lose
A complete loss
of electrical power, generally speaking, poses a major problem for a nuclear power
plant because the reactor core must be kept cool, and back-up cooling systems
mostly pumps that replenish the core with water_ require massive amounts of
power to work. Without the electrical grid, or diesel generators, batteries can be
used for a time, but they will not last long with the power demands. And when the
batteries die, the systems that control and monitor the plant can also go dark,
making it difficult to ascertain water levels and the condition of the core . One
variable not considered in the NRC risk assessments of severe blackouts was cooling
water in spent fuel pools, where rods once used in the reactor are placed. With
limited resources, the commission decided to focus its analysis on the reactor fuel,
which has the potential to release more radiation
press lawmakers and the nuclear power industry to do more when it comes to coping with prolonged blackouts, such as having temporary generators on site that can recharge batteries.
. An analysis of individual plant risks released in 2003 by the NRC shows that for 39 of the 104
nuclear reactors, the risk of core damage from a blackout was greater than 1 in 100,000. At 45 other plants the risk is greater than 1 in 1 million, the threshold NRC is using to determine which severe accidents should be evaluated in
its latest analysis. The Beaver Valley Power Station, Unit 1, in Pennsylvania had the greatest risk of core melt 6.5 in 100,000, according to the analysis. But that risk may have been reduced in subsequent years as NRC regulations
required plants to do more to cope with blackouts. Todd Schneider, a spokesman for FirstEnergy Nuclear Operating Co., which runs Beaver Creek, told the AP that batteries on site would last less than a week. In 1988, eight years
after labeling blackouts "an unresolved safety issue," the NRC required nuclear power plants to improve the reliability of their diesel generators, have more backup generators on site, and better train personnel to restore power.
These steps would allow them to keep the core cool for four to eight hours if they lost all electrical power. By contrast, the newest generation of nuclear power plant, which is still awaiting approval, can last 72 hours without taking
any action, and a minimum of seven days if water is supplied by other means to cooling pools. Despite the added safety measures, a 1997 report found that blackouts the loss of on-site and off-site electrical power remained "a
dominant contributor to the risk of core melt at some plants." The events of Sept. 11, 2001, further solidified that nuclear reactors might have to keep the core cool for a longer period without power. After 9/11, the commission issued
regulations requiring that plants have portable power supplies for relief valves and be able to manually operate an emergency reactor cooling system when batteries go out. The NRC says these steps, and others, have reduced the
risk of core melt from station blackouts from the current fleet of nuclear plants. For instance, preliminary results of the latest analysis of the risks to the Peach Bottom plant show that any release caused by a blackout there would be
far less rapid and would release less radiation than previously thought, even without any actions being taken. With more time, people can be evacuated. The NRC says improved computer models, coupled with up-to-date information
about the plant, resulted in the rosier outlook. "When you simplify, you always err towards the worst possible circumstance," Scott Burnell, a spokesman for the Nuclear Regulatory Commission, said of the earlier studies. The latest
work shows that "even in situations where everything is broken and you can't do anything else, these events take a long time to play out," he said. "Even when you get to releasing into environment, much less of it is released than
actually thought." Exelon Corp., the operator of the Peach Bottom plant, referred all detailed questions about its preparedness and the risk analysis back to the NRC. In a news release issued earlier this month, the company, which
all Exelon nuclear plants are able to safely shut down and keep the
fuel cooled even without electricity from the grid
a core melt at Peach Bottom could begin in one hour if electrical
power on- and off-site were lost, the diesel generators the main back-up source of
power for the pumps that keep the core cool with water failed to work and other
mitigating steps weren't taken. "It is not a question that those things are definitely
effective in this kind of scenario,"
operates 10 nuclear power plants, said "
." Other people, looking at the crisis unfolding in Japan, aren't so sure. In the worst-case scenario,
said Richard Denning, a professor of nuclear engineering at Ohio State University, referring to the steps NRC has taken to prevent incidents.
Denning had done work as a contractor on severe accident analyses for the NRC since 1975. He retired from Battelle Memorial Institute in 1995. "They certainly could have made all the difference in this particular case," he said,
referring to Japan. "That's assuming you have stored these things in a place that would not have been swept away by tsunami."
we breathe, the food we eat, and the water we drink will soon becontaminated with
enough radioactive pollutants to pose a potential health hazard far greater than any
plague humanity has ever experienced." More below on the inevitable dangers from commercial nuclear power proliferation, besides
added military ones. On March 11, New York Times writer Martin Fackler headlined, "Powerful Quake and Tsunami Devastate Northern Japan," saying: " The 8.9magnitude earthquake (Japan's strongest ever) set off a devastating tsunami that sent walls of water (six meters high) washing over coastal cities in the
north." According to Japan's Meteorological Survey, it was 9.0. The Sendai port city and other areas experienced heavy damage. "Thousands of homes were destroyed, many roads were
impassable, trains and buses (stopped) running, and power and cellphones remained down. On Saturday morning, the JR rail company" reported three trains missing. Many passengers
Striking at 2:46PM Tokyo time, it caused vast destruction, shook city skyscrapers,
buckled highways, ignited fires, terrified millions, annihilated areas near Sendai, possibly killed thousands, and
caused a nuclear meltdown, its potential catastrophic effects far exceeding quake
and tsunami devastation, almost minor by comparison under a worst case scenario.
are unaccounted for.
On March 12, Times writer Matthew Wald headlined, "Explosion Seen at Damaged Japan Nuclear Plant," saying: "Japanese officials (ordered evacuations) for people living near two
nuclear power plants whose cooling systems broke down," releasing radioactive material, perhaps in far greater amounts than reported. NHK television and Jiji said the 40-year old
Fukushima plant's outer structure housing the reactor "appeared to have blown off, which could suggest the containment building had already been breached." Japan's nuclear regulating
agency said radioactive levels inside were 1,000 times above normal. Reuters said the 1995 Kobe quake caused $100 billion in damage, up to then the most costly ever natural disaster.
issued a "Red Alert: Nuclear Meltdown at Quake-Damaged Japanese Plant," saying: Fukushima Daiichi "nuclear power plant in Okuma, Japan, appears to have caused a reactor
meltdown." Stratfor downplayed its seriousness, adding that such an event "does not necessarily mean a nuclear disaster," that already may have happened - the ultimate nightmare
short of nuclear winter. According to Stratfor, "(A)s long as the reactor core, which is specifically designed to contain high levels of heat, pressure and radiation, remains intact, the
melted fuel can be dealt with. If the (core's) breached but the containment facility built around (it) remains intact, the melted fuel can be....entombed within specialized concrete" as at
Chernobyl in 1986. In fact, that disaster killed nearly one million people worldwide from nuclear
radiation exposure. In their book titled, "Chernobyl: Consequences of the Catastrophe for People and the Environment," Alexey Yablokov, Vassily Nesterenko and
Alexey Nesterenko said: "For the past 23 years, it has been clear that there is a danger greater
than nuclear weapons concealed within nuclear power. Emissions from this
one reactor exceeded a hundred-fold the radioactive contamination of the bombs
dropped on Hiroshima and Nagasaki." "No citizen of any country can be assured that
he or she can be protected from radioactive contamination. One nuclear reactor can
pollute half the globe. Chernobyl fallout covers the entire Northern Hemisphere ." Stratfor
explained that if Fukushima's floor cracked, "it is highly likely that the melting fuel will burn through (its) containment system and enter the ground. This has never happened before," at
least not reported. If now occurring, "containment goes from being merely dangerous, time consuming and expensive to nearly impossible," making the quake, aftershocks, and
tsunamis seem mild by comparison. Potentially, millions of lives will be jeopardized. Japanese officials said Fukushima's reactor container wasn't breached. Stratfor and others said it was,
making the potential calamity far worse than reported. Japan's Nuclear and Industrial Safety Agency (NISA) said the explosion at Fukushima's Saiichi No. 1 facility could only have been
caused by a core meltdown. In fact, 3 or more reactors are affected or at risk. Events are fluid and developing, but remain very serious.
The possibility of an
Moreover, independent nuclear safety analyst John Large told Al Jazeera that by venting
radioactive steam from the inner reactor to the outer dome, a reaction may have occurred, causing the explosion. "When I look at the size of the explosion," he said, "it is my opinion
that there could be a very large leak (because) fuel continues to generate heat." Already, Fukushima way exceeds Three Mile Island that experienced a partial core meltdown in Unit 2.
Finally it was brought under control, but coverup and denial concealed full details until much later. According to anti-nuclear activist Harvey Wasserman, Japan's quake fallout may cause
thousands will die, potentially millions under a worse case scenario, including far outside East Asia. Moreover, at least five reactors are at risk. Already, a 20-mile wide radius was
evacuated. What happened in Japan can occur anywhere. Yet Obama's proposed budget includes $36 billion for new reactors, a shocking disregard for global safety. Calling Fukushima an
"apocalyptic event," Wasserman said "(t)hese nuclear plants have to be shut," let alone budget billions for new ones. It's unthinkable, he said. If a similar disaster struck California,
nuclear fallout would affect all America, Canada, Mexico, Central America, and parts of South America. Nuclear Power: A Technology from Hell Nuclear expert Helen Caldicott agrees,
telling this writer by phone that a potential regional catastrophe is unfolding. Over 30 years ago, she warned of its inevitability. Her 2006 book titled, "Nuclear Power is Not the Answer"
explained that contrary to government and industry propaganda, even during normal operations, nuclear power generation causes significant discharges of greenhouse gas emissions,
nuclear plants
are atom bomb factories. A 1000 megawatt reactor produces 500 pounds of
plutonium annually. Only 10 are needed for a bomb able to devastate a large city,
besides causing permanent radiation contamination .
as well as hundreds of thousands of curies of deadly radioactive gases and other radioactive elements into the environment every year. Moreover,
Solvency
AT: HTTPS
Companies switching to HTTPS doesnt stop backdoors.
Rubstein and Hoboken 14 (September 2014, Ira Rubinstein and Joris Van
Hoboken, Professor of Law at NYU specializing in privacy law and Senior Fellow at
the Information Law Institute, and researcher in the Information Law Institute at
New York University; Privacy and Security in the Cloud: Some Realism About
Technical Solutions to Transnational Surveillance in the Post-Snowden Era, Public
Law & Legal Theory Research Paper Series, Working Paper No. 14-46,
file:///Users/adamyoung/Downloads/SSRN-id2443604.pdf//AGY)
In terms of securing web-based communications, however, the HTTPS system is no
panacea against government surveillance. First, the protocol must be properly
implemented.147 Second, there are known attacks on the use of encrypted web
communications through SSL.148 Third, intelligence agencies may work around the
protections and attempt to secretly install software on the computers of targeted
users, thereby allowing them to capture their communications before they are
transmitted across an encrypted connection.149 Finally, and most importantly,
HTTPS is not designed to protect data at rest. Even if a cloud provider properly
implements this protocol, this does nothing to prevent a government agency from
obtaining the data it seeks by means of a compulsory order requiring the service
provider to furnish this data. Indeed, as Professor Peter Swire argues, the trend
towards encrypting data in transit between users and cloud services may well result
in governments shifting their attention from attacking the communication
infrastructure to demanding that cloud service providers hand over stored data after
it has been securely transmitted.150 The Snowden revelations already provide
some evidence of this shift and the measures detailed in this Section could
accelerate this trend. To counter this trend, governments confronted with encrypted
communication channels could try to compel cloud providers to hand over their
encryption keys, enabling the continued effective interception over
telecommunications infrastructure (an option discussed further in Part IV).
AT: PETs
Companies dont use major encryption software like PETs in
the SQ- cost too much, programs are not developed enough.
Rubstein and Hoboken 14 (September 2014, Ira Rubinstein and Joris Van
Hoboken, Professor of Law at NYU specializing in privacy law and Senior Fellow at
the Information Law Institute, and researcher in the Information Law Institute at
New York University; Privacy and Security in the Cloud: Some Realism About
Technical Solutions to Transnational Surveillance in the Post-Snowden Era, Public
Law & Legal Theory Research Paper Series, Working Paper No. 14-46,
file:///Users/adamyoung/Downloads/SSRN-id2443604.pdf//AGY)
It is important to emphasize that adoption of the solutions discussed remains low
even though some of them are ready for use. There are a number of reasons for
this. First, some of these solutions, such as FHE, are at the very early stages of
development.188 If service provision is limited to the mere storage of data in the
cloud, it may be technically feasible for the service provider to anticipate and
organize for encryption under the control of cloud users. However, if the cloud
provider also has to perform processing operations on the encrypted data stored by
its customers, the implementation of privacy-preserving PETs in the cloud context is
far more challenging and may even be impossible for complex operations.189
Second, many cloud providers lack the incentive to adopt and further develop PETs
based on advanced cryptographic solutions that would prevent them from having
access to user data. The reasons are obvious: many business models in the cloud
industry depend on generating revenue based on access to customers data (e.g.,
profiling users for purposes of serving them targeted ads).190 Thus, for many cloud
service providers, the costs of implementing these PETs (loss of profits) outweigh
the potential benefits (improved security and privacy guarantees for their
customers).191 Arguably, the new emphasis on security and privacy in the cloud in
response to the Snowden revelations might incentivize industry to consider
developing and adopting similar measures. Notwithstanding the current lack of
adoption, the point this Article seeks to emphasize is that if service providers were
to deploy such measures, it would interfere with lawful access requests to cloud
providers in some obvious ways. For example, a provider might simply be unable to
share unencrypted customer data with law enforcement or intelligence agencies
notwithstanding a lawful request for such access.192
DA Blocks
Terrorism DA
attacks in Mumbai, and it is the unfortunate pattern we have also seen in several
other significant terrorism cases.
PTX Link
Wyden
Wyden and Udall want to close backdoors.
Wyden, 7-29-2014, (Ron Wyden, Democratic Senator from Oregon; "Wyden,
Udall Will Work to Strengthen Newly Unveiled Surveillance Reform Legislation,"
http://www.wyden.senate.gov/news/press-releases/wyden-udall-will-work-tostrengthen-newly-unveiled-surveillance-reform-legislation//AGY)
U.S. Senators Ron Wyden and Mark Udall, who have led efforts to confront violations
of Americans' privacy rights, commended U.S. Senate Judiciary Committee
Chairman Patrick Leahy for his work on legislation unveiled today to rein in overly
broad NSA surveillance, end the bulk collection of Americans' phone records and
strengthen other privacy protections. Udall and Wyden, who serve on the U.S.
Senate Select Committee on Intelligence, also pledged to work to further strengthen
the bill's privacy protections and to close the backdoor search loophole in current
law that allows the NSA and other intelligence agencies to search Americans'
private electronic communications without a warrant. "Congress must take
aggressive steps to rein in excessive surveillance and end the bulk collection of lawabiding Americans' phone records. Senator Leahy's bill is a vast improvement over
the U.S. House of Representatives' 'reform' bill and includes strong language aimed
at ending the bulk collection of Americans' records," Wyden and Udall said. "The bill
would also strengthen transparency and make important reforms to the secret
Foreign Intelligence Surveillance Court. "While this progress is encouraging, this
legislation unfortunately lacks important provisions that reformers have proposed to
end the backdoor and warrantless searches of Americans' personal electronic
communications under Section 702 of the Foreign Intelligence Surveillance Act.
Congress clearly intended this authority to be used to collect the communications of
foreigners not Americans yet the Director of National Intelligence recently
confirmed that the NSA, CIA and FBI conduct warrantless searches of
communications of Americans that are swept up under this authority. "Congress
needs to close this loophole, and we look forward to working with Chairman Leahy
and our colleagues to address this issue when the bill comes before the full U.S.
Senate."
agencies are searching through communications collected under Section 702 of the Foreign Intelligence
Surveillance Act an authority that Congress intended to be used to target foreigners and are deliberately
conducting warrantless searches for the communications of individual Americans. The Office of the Director of
National Intelligence has now responded to my longstanding question regarding warrantless searches for
Americans emails and other communications, and I appreciate the candid and straightforward nature of their reply.
When the FBI says it conducts a substantial number of searches and it has no idea
of what the number is, it shows how flawed this system is and the consequences of
inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications
systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is
exercising any internal controls over the use of backdoor searches including who and how many government
Section 702, the Foreign Intelligence Surveillance Court has noted that the NSA acquires more than two hundred
and fifty million Internet communications every year using Section 702, so even if US communications make up a
to probable cause warrants, particularly given the exceptions that are included in the bipartisan bicameral
legislation that I and others have proposed. I and other reformers in Congress have argued that
intelligence agencies should absolutely be permitted to search for communications pertaining to counterterrorism
and other foreign threats, but if intelligence officials are deliberately searching for and reading the communications
of specific Americans, the Constitution requires a warrant . The bipartisan, bicameral legislation that I
and other reformers have supported would permit the government to conduct these searches pursuant to a
probable cause warrant or emergency authorization, and it would include an exception for searches for individuals
who are believed to be in danger. Last week the House of Representatives voted 293-123 to require a warrant for
these searches, and Ill be urging my colleagues in the Senate to follow suit. Reformers believe that it is possible to
protect Americans security and American liberty at the same time, and the American public expects nothing less.