On the 29th of March, President Obama said that his administration would "pursue a new comprehensive approach to securing America's digital infrastructure."
In fact, the President promised that the "digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage."
Furthermore, the President said, "Let me also be clear about what we will not do. Our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans."
Noble promise, but as a story on the new Pentagon's cyber command over the weekend in the New York Times notes, the reality may be much different.
The Times story says that "There is simply no way, the [defense] officials say, to effectively conduct computer operations without entering networks inside the United States, where the military is prohibited from operating, or traveling electronic paths through countries that are not themselves American targets."
Therefore, the story states that, "Some administration officials have begun to discuss whether laws or regulations must be changed to allow law enforcement, the military or intelligence agencies greater access to networks or Internet providers when significant evidence of a national security threat was found."
Of course, what "significant evidence" means remains open to interpretation. Too often in the past, the government's claims of significant evidence of a threat has been similar in veracity as reports of crop circles.
The upshot, the Times says, is that Americans' privacy and civil liberties may have to be compromised in order to protect the US digital infrastructure.
This should not really be a surprise to anyone, however.
As we noted here in November of 2007, the then Principal Deputy Director of National Intelligence, Dr. Donald Kerr, was telling anyone willing to listen that American's long held expectations of privacy had to change, and that in essence, privacy was whatever the government declared it to be:
"We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment...Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured."
Given the Times story, sounds like more and more we all should be prepared to do an Esan Elahi.
Don't say you weren't warned.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.