WASHINGTON – As the U.S. military prepares its cyber rules of engagement, Congress wants to help identify computer-borne threats by making it legal for companies to share personal data that they collect with the government.
Cyber intrusions are distinct from cyber warfare, which has the larger purpose of crippling key physical or technological infrastructure. Cyber attacks waged as acts of aggression or war could infiltrate computer systems or technological infrastructure, crippling government entities or economies by attacking energy sources or transportation systems.
Cyber warfare could take on different forms. In a Wall Street Journal piece in April, two officials at the Foundation for Defense of Democracies in Washington D.C, wrote about how an “electronic curtain” in Iran allows the government to engage in electronic repression by controlling what kinds of information the public can send and receive over the Internet. This is just one example of how cyber warfare tactics have the potential to impact hundreds of thousands of citizens, succinctly and swiftly, without inflicting more traditional forms of violent aggression.
Congress has to balance protecting the nation’s infrastructure and citizens with the potential for violating personal rights and privacy in the proposed Cybersecurity Act of 2012. Congress’s aim is to help the U.S government investigate cyber threats and ensure the security of networks against attacks.
Meanwhile, the military is expected to release its rules of engagement for wars fought via the Internet. The rules will outline how the U.S. will define a cyber attack as an act of war or aggression against the state, and the appropriate response.
In addressing what a military response to cyber warfare could look like, the military is navigating uncharted territory. The rules will also define when the military can engage in defensive activities against online adversaries. Can U.S. forces “shoot’’ back with weapons when an attacker sends a massive computer virus or can troops only respond with a similar use of force? What if you can’t definitively identify the enemy? These are some of the complications of identifying and defending against vague threats online.
The potential outcomes and impacts of cyber warfare could look different than those seen in traditional warfare. Most citizens, save for the extraordinarily security conscious, leave a data footprint of their lives that, under the proposal, might be made available to the government for the purposes of identifying, preparing for and containing threats.
Citizen Watchdog organizations including the American Civil Liberties Union and The American Association of Practicing Psychiatrists said in a recent letter that the act would allow too much sharing of individual data, and the groups have proposed amendments to the bill that they say would help to protect civil liberties—things like giving customers effective legal recourse for violations of what little privacy protections the bill offers.
It seems inevitable that American citizens will lose some personal freedoms relating to rights to their e-information, the question is how much personal information does the government need to protect the nation from online warfare.