title: Part way down a
slippery slope
by: Scott Bradner
It has long been rumored that
some governments have sponsored research programs in cyberterrorism with the
aim of being ready to disrupt the networks and network-based services of some,
to be identified in the future, enemy. Now it seems that some governments do
not want to wait and may be ready to use cyberterrorism weapons against some
tiny targets today.
According to Spiegel Online
(http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html) German Minister
of the Interior Otto Schily has floated the idea of using state-sponsored
cyberterrorism against non-German web sites the Germans consider illegal under
German law. Minster Schily seems
to have in mind using various denial of service (DoS) attacks against US-based
Nazi websites.
An aside, not being a reader
of German, I used Google's (www.google.com) language translation service
to be able to read the Spiegel
Online article. I could not find a
simple 'translate this URL' command so I had to fake a URL that invoked the
translation service with the URL that I wanted translated. ( I used the string
"http://translate.google.com/translate?hl=en&sl=de&u="
followed by the URL.) This service
works just well enough. The output
would not have gotten me a good grade in the last German language class I had
but a reader can mostly understand what was being said. The translation does have a few funnies
(Translating "American Constitution" as "American condition"
for example.) but sure does a better job than I could have these many years
after failing the German class at BU.
Schily seems to ignore or dismiss some issues
I would think are relevant. There
is a minor question of violating the sovereignty of another nation as well as
Germany's own anti-cyberterrorism laws.
There is the precedent that would be established -- Germany could
quickly find its own network under attack based on any number of imagined
violations of local laws. Would
this stance justify an attack on the German banking system just because
charging interest is against the law in some countries? How selective would the German tools
be? If an official German DoS attack disrupted a legal, under German law, site would that
just be seen as unavoidable collateral damage? Would a US ISP that protects its infrastructure against a
German DoS attack face charges of aiding an enemy in Germany?
As DoS protection
technologies improve Germany would have to develop better attacks just to keep
even - how could they be sure that their new attack technology would not be
analyzed and used against German targets? The attitude seems sort of like
wanting to use chemical or biological weapons while assuming your own
population can refrain from breathing for a few weeks.
This is a really bad idea and
I trust people in Germany somewhat more in tune with international law and that
can see more than 3 minutes into the future will put a stop to it.
disclaimer: Luckily for every person at Harvard
that has a really bad idea there are more than a few people around to recognize
it for what it is but I've not consulted either on this column.