On Monday, Ben questioned the lack of response from the privacy community following the Chinese government’s cyberattack on the U.S. Office of Personnel Management. The breach enabled China to obtain the most sensitive personal information on millions of Americans, yet there have been few comments from the peanut gallery. Some privacy activists are busy rejoicing over the passage of the USA FREEDOM Act, while others are occupied with condemning current cybersecurity legislation. But don’t blame the Chinese, Ben says. Espionage is a dirty business and it is the responsibility of our government to safeguard sensitive information. Later, Ben posted a video of former NSA and CIA director Michael Hayden echoing this sentiment, stating that if roles had been reversed: "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." He went on to say that the devastating hack is no one’s fault but our own, exclaiming it is "a tremendously big deal, and my deepest emotion is embarrassment."
Susan Landau expressed surprise at Ben’s comments, asserting that privacy groups are right to focus on the intelligence agencies’ overcollection and abuse of intelligence on its own citizens. Past instances of the government’s excessive collection and abuse of intelligence are well documented, including the case against Palestinian men living in America, who organized a fundraiser for Palestinian refugees and were subsequently arrested by the FBI for engaging in the financing of terrorist activities. However, Landau concurs with Ben’s comments on the severity of China’s cyberexploit. Chinese-Americans and others closely associated to people in China will be under the most pressure from the Chinese government, and the U.S. government will give increased scrutiny to those with ties to China, making it more difficult for them to obtain security clearances.
Ben then responded to the harsh reactions he received from privacy advocates on Twitter after his post. He rejects the notion that human rights advocacy work should focus exclusively on one’s own government and its policies, particularly because the recent breach by China is a far bigger threat to the very interests privacy groups work to protect than is any surveillance by the American government.
Jack explained the weak and hesitant response to the OPM breach, calling it a “colossal intelligence disaster.” Financial sanctions would not be beneficial, Jack says, and would likely harm us more—on diplomatic and economic fronts—than they would help. John Bellinger reminded us that three years ago Congress passed legislation that would have put sensitive financial information of 28,000 senior executive officials online for the world to see. He encourages Congress to hold hearings on the extent of and responsibility for the breach, and what it can do to mitigate the damage and prevent incidents of the same nature down the road.
In non-OPM news, Charlie Dunlap offered us his thoughts on the cyber chapter of the recently released U.S. Department of Defense Law of War Manual. It contains no paramount legal propositions, he notes, but it organizes clearly and articulates the already-established views of the DoD and U.S. government.
Bruce Schneier reached the verdict that China and Russia almost certainly have Snowden’s entire trove of NSA documents. He links to his article on Wired in which he maintains that at this point, two years after the Snowden bombshell, the self-proclaimed “whistleblower” cannot be blamed for the current targeting of agents and assets, of which the GCHQ is claiming.
In Episode #71 of the Steptoe Cyberlaw Podcast, Stewart Baker interviewed the UK’s David Anderson and both reaffirm the conclusion that Snowden’s collection of documents are in the hands of far more parties than he claims.
