Government Sponsored Cyber-insecurity Is A Gift For Hackers

The political legitimacy of democratic capitalism, that unlikely political formation that has brought us the end of history and now presents itself as the only bulwark against rightwing extremism, rests on a clear distribution of functions between governments and corporations.

The former take on the role of regulating the latter in order to protect the customers from the occasional harmful effects of the otherwise beneficial business activity.

This system is deemed to be democratic because people elect governments and can always vote them out; it’s capitalist because corporations are constrained by the logic of competition, which prizes efficiency, innovation and infinite expansion.

That logic, with its penchant for creative destruction of all things stale and permanent, can produce toxic results, which is precisely why government action is needed. Such, at any rate, is the social democratic consensus accepted by both centre-left and centre-right parties.

The questions of war and security, and the existential imperatives that they impose on the most democratic of societies, have always posed unresolved challenges to this framework, as can be glimpsed from occasional warnings about the military-industrial complex expressed by many a political insider nearing retirement.

Thus, standard democratic procedures are regularly suspended as governments demand tighter control over the flow of information, classify more of their internal communications and expand surveillance without any requisite checks and balances.

The standard critique of such practices attacks the undemocratic-because-unaccountable activities of the so-called “deep state”. Rooted in campaigns to defend privacy, opponents aim to make the deep state shallower, ideally by means of legal interventions aimed at restoring transparency and accountability. The real problem, they argue, is with the malfunctioning of democracy, we could easily ignore the capitalist part of “democratic capitalism”: we just need more and better legal instruments to tame the intelligence agencies.

Alas, the world in 2017 is not so easy to pigeonhole into the neat compartments of this scheme. Consider just one example: cyber-security. Plenty of rogue states are, indeed, busy hacking the servers of their adversaries in western Europe or North America. Likewise, there’s no denying that non-state hackers, operating for commercial or patriotic motives, have damaged their targets.

None of this punctures the founding myth of democratic capitalism – that governments are here to constrain the toxic activities of businesses; such new dangers actually warrant a greater role for the state.

What does puncture that myth, though, is the growing realisation, boosted by WikiLeaks’ recent disclosure of CIA hacking tools, that it’s democratic governments themselves, via their intelligence agencies, that are responsible for creating vulnerabilities in our communication networks, tinkering with our smart TVs and exploiting loopholes in our operating systems.

They do this for motives that some might view as noble: to identify early signs of terrorist activity, to track down criminals, to disable devices that might be part of sophisticated plots to wreak havoc on our cities. Whatever the motives, we should not lose sight of the larger political effects produced by such actions.

First, the expansion (and even the maintenance) of the surveillance capabilities of democratic governments presupposes a permanent structural insecurity of our communication networks. That insecurity, in turn, gets exploited not just by democratic governments but by anyone else, including all those rogue states and non-state hackers.

However, once insecurity is structural, the right response is not more security, but more insurance. This explains why cyber-insurance has become one of the most promising segments of the insurance market, with even sectors like manufacturing (itself increasingly wired up and interconnected) needing to spend more and more to insure against disruptive cyber-attacks.

In essence, cyber insurance, like any other form of insurance, is a domain of rentiers who are keen to extract a regular premium payment from those needing their services. The truly innovative element here is that the risk that creates this new class of rentiers exists partly, and, one could even say, mostly, because of government activity.

Here, the logic of democratic capitalism is no more: governments are not restraining the toxic activities of companies; rather, they engage in toxic activities of their own, which companies mitigate with activities that are either more or less toxic, depending on one’s views about the parasitic nature of economic activities pursued by rentiers.

The second political effect of the ever-expanding surveillance apparatus is the disadvantage it creates for small companies and non-profits, not to mention individuals. Remember the early utopian vision of a digital world, where we would all be running our own mail servers and, with time, might even master our own version of the connected home?

Well, today we demand more autonomy at our own risk: given the sophistication of cyber-attacks, which both aim to steal data and overwhelm sites with fake traffic, it’s obvious that the only actors capable of defending ordinary users, be they individuals or corporations, are big tech firms such as Google, Apple and Microsoft. This, too, violates the basic premise of democratic capitalism: citizens are encouraged to seek protection from companies, not governments.

When both spam and security threats are assessed using the most advanced forms of artificial intelligence, one can forget about any other, smaller player being able to compete with such firms that use the structural insecurity created by governments to further consolidate their near-monopoly status.

Democratic capitalism is thus always democratic monopoly capitalism, and even more so in its digital version. The idea that the normal imperatives of capitalist competition would exert extra pressure on digital giants seems quaint. There’s no garage big enough to house a startup that can unseat Google, not with its trove of customer data and artificial intelligence.

The third effect of this new post-democratic compromise is that, in presenting cyber-insecurity as a natural rather than human-made problem, it delegitimises the role of law, and politics in general, in mitigating conflicts between citizens and corporations.

Consider how we deal with other types of disasters. It would be imprudent to rely on the power of law and politics to ward off floods and earthquakes; insurance, under these conditions, is not an unreasonable option. But none of this prevents us from requiring stricter building standards so as to minimise the damage when the disaster does strike.

The world of cybersecurity does not follow this logic. Imagine if the government regularly dispatched a group of well-paid and well-educated saboteurs to weaken the anti-flood or anti-earthquake defences of our houses, leaving us no option but to turn to the private sector for security, either in the form of better defences or better insurance. This is the situation we are in right now; the only difference is that cyber-security disasters are almost entirely human-made and thus avoidable.

Rhetorically, the governments might even agree that, in the face of all these dangers, we all need to strengthen our privacy laws. In reality, though, we all know that it would only result in them sending even more saboteurs, with even more powerful tools, to weaken our defences. Who, under these conditions, would retain any faith in law and politics, rather than accept protections promised by the market, however flawed and expensive?

Cyber-security, alas, is just one of the many examples where the legitimacy of democratic capitalism, as well as of the social democratic parties that have traditionally defended it, has expired, even if its talking points are still in circulation. No wonder that social democratic parties are collapsing, as elections in the Netherlands and France have shown: they claim to be defending a system that no longer walks the talk.

Guardian:

You Migh Also Read:

Nation State Hacking Has A Big Commercial Impact:

We Are In A New Era Of Espionage:

 

 

 

« Uber Faces A Criminal Probe In The US
Google Neutralizes Phishing Scam »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO CCDCOE's mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Matta

Matta

Matta is a cyber security consulting company providing information security services and solutions including vulnerability assessments, penetration testing and emergency response.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Twingate

Twingate

Twingate help organizations secure and manage access to their technology resources in a world where people work from anywhere.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Relyance AI

Relyance AI

Relyance AI - One unified platform for privacy, security, & governance.

Security Mind

Security Mind

Security Mind is an innovative Cyber Security Awareness program that aims to increase the awareness of each member of the organization and develop the ability to recognize potential cyber threats.