„Cyberwar“ is all the fashion these days. Everyone knows about it, everyone has capabilities, everyone has a military doctrine to deal with it. Sceptics make fun of it, politicians use it for election campaigns, security researchers wonder what’s new about it, „experts“ use it to beef up their CV, cybercrime yawns, journalists invent new words, most others are confused or don’t care (probably both). This is why DeepSec 2012 features four talks about this topic, including the keynote by Felix ‘FX’ Lindner. FX explains what you can expect from his presentation:
“The issues we are facing concerning the militarization and beginning arms race in the so-called “cyber domain” are not what you might think they are. I would like to highlight two aspects of how we, the civilian hackers, in my opinion handle things wrong.
The first is the question of international law and how different States perceive their rights and responsibilities in the Internet (what they call “cyberspace”). A recent speech by Harold Hongju Koh, Legal Advisor U.S. Department of State, has received much attention, because it was reported that the speech included or even centered on the use of kinetic armed response as an act of self-defense in the case that the United States consider themselves victim of a “cyber-attack”. What the speech was actually about is how the United States applies the body of international law to the questions arising from the global use of the Internet as a platform to do pretty much anything, from commerce to social interaction to intelligence and military activities. You may or may not agree with the United States’ international policy and interpretation of rights and responsibilities, but the application of international law outlined in this speech is actually very reasonable. This is the old difference between being right and having a legal right, and in the international context is a question of policy. The argument Mr. Koh makes is that existing international law is very much applicable to the online domain. In this respect, I agree with Mr. Koh that throwing away established laws and demanding a new legal framework for the online world is not the right thing to do. We often forget that international rules, ignoring for a moment how closely they are followed in reality by different States, have evolved over a very long time and had to be adjusted and re-interpreted because of new technological developments before. This is not something new or unique to the Internet. States have used proxies and irregular troops before the Internet. States have spent more or less thought on collateral damage a military action would cause to civilians or their infrastructure before. This is all not new. What’s new is that we discover these rules now and wonder why they seem to be not followed in the conflicts we hear about in the news.
This brings me to the second aspect I would like to mention here. We hackers usually pride ourselves with knowledge that we obtained first hand. If we want to know how it works, we read the code. If we want to know how secure it is, we hack the shit out of it. But when it comes to questions of “cyber” and its military use, we rely on journalists and online publication, sometimes even on someone’s blog or Twitter feed for information. If you ever had a journalist write about a hack you did, you should have a pretty good idea of the amount of information loss and distortion between what you told him and what you then had to read in his final article. So why should this be any different when the same people report about international policy, diplomacy and law? There are certainly at least as many nuances, background stories and details to be found here that were not or incorrectly understood by the person who had 20 minutes to write the entire news posting. If you care about those issues, remember your principles and go back to the original source, discuss with the people actually involved and form your own opinion. That’s what makes us educated participants in the debates to come, a retweet does not.”
We believe that this talk will be the perfect opportunity to put the sense back into the senseless discussion about „cyber warfare“, and we hope that you will contribute to the discussion following FX’ talk. Let’s have a chat about „cyberwar“ at DeepSec 2012!