Government Sponsored Cyber-insecurity Is A Gift For Hackers

The political legitimacy of democratic capitalism, that unlikely political formation that has brought us the end of history and now presents itself as the only bulwark against rightwing extremism, rests on a clear distribution of functions between governments and corporations.

The former take on the role of regulating the latter in order to protect the customers from the occasional harmful effects of the otherwise beneficial business activity.

This system is deemed to be democratic because people elect governments and can always vote them out; it’s capitalist because corporations are constrained by the logic of competition, which prizes efficiency, innovation and infinite expansion.

That logic, with its penchant for creative destruction of all things stale and permanent, can produce toxic results, which is precisely why government action is needed. Such, at any rate, is the social democratic consensus accepted by both centre-left and centre-right parties.

The questions of war and security, and the existential imperatives that they impose on the most democratic of societies, have always posed unresolved challenges to this framework, as can be glimpsed from occasional warnings about the military-industrial complex expressed by many a political insider nearing retirement.

Thus, standard democratic procedures are regularly suspended as governments demand tighter control over the flow of information, classify more of their internal communications and expand surveillance without any requisite checks and balances.

The standard critique of such practices attacks the undemocratic-because-unaccountable activities of the so-called “deep state”. Rooted in campaigns to defend privacy, opponents aim to make the deep state shallower, ideally by means of legal interventions aimed at restoring transparency and accountability. The real problem, they argue, is with the malfunctioning of democracy, we could easily ignore the capitalist part of “democratic capitalism”: we just need more and better legal instruments to tame the intelligence agencies.

Alas, the world in 2017 is not so easy to pigeonhole into the neat compartments of this scheme. Consider just one example: cyber-security. Plenty of rogue states are, indeed, busy hacking the servers of their adversaries in western Europe or North America. Likewise, there’s no denying that non-state hackers, operating for commercial or patriotic motives, have damaged their targets.

None of this punctures the founding myth of democratic capitalism – that governments are here to constrain the toxic activities of businesses; such new dangers actually warrant a greater role for the state.

What does puncture that myth, though, is the growing realisation, boosted by WikiLeaks’ recent disclosure of CIA hacking tools, that it’s democratic governments themselves, via their intelligence agencies, that are responsible for creating vulnerabilities in our communication networks, tinkering with our smart TVs and exploiting loopholes in our operating systems.

They do this for motives that some might view as noble: to identify early signs of terrorist activity, to track down criminals, to disable devices that might be part of sophisticated plots to wreak havoc on our cities. Whatever the motives, we should not lose sight of the larger political effects produced by such actions.

First, the expansion (and even the maintenance) of the surveillance capabilities of democratic governments presupposes a permanent structural insecurity of our communication networks. That insecurity, in turn, gets exploited not just by democratic governments but by anyone else, including all those rogue states and non-state hackers.

However, once insecurity is structural, the right response is not more security, but more insurance. This explains why cyber-insurance has become one of the most promising segments of the insurance market, with even sectors like manufacturing (itself increasingly wired up and interconnected) needing to spend more and more to insure against disruptive cyber-attacks.

In essence, cyber insurance, like any other form of insurance, is a domain of rentiers who are keen to extract a regular premium payment from those needing their services. The truly innovative element here is that the risk that creates this new class of rentiers exists partly, and, one could even say, mostly, because of government activity.

Here, the logic of democratic capitalism is no more: governments are not restraining the toxic activities of companies; rather, they engage in toxic activities of their own, which companies mitigate with activities that are either more or less toxic, depending on one’s views about the parasitic nature of economic activities pursued by rentiers.

The second political effect of the ever-expanding surveillance apparatus is the disadvantage it creates for small companies and non-profits, not to mention individuals. Remember the early utopian vision of a digital world, where we would all be running our own mail servers and, with time, might even master our own version of the connected home?

Well, today we demand more autonomy at our own risk: given the sophistication of cyber-attacks, which both aim to steal data and overwhelm sites with fake traffic, it’s obvious that the only actors capable of defending ordinary users, be they individuals or corporations, are big tech firms such as Google, Apple and Microsoft. This, too, violates the basic premise of democratic capitalism: citizens are encouraged to seek protection from companies, not governments.

When both spam and security threats are assessed using the most advanced forms of artificial intelligence, one can forget about any other, smaller player being able to compete with such firms that use the structural insecurity created by governments to further consolidate their near-monopoly status.

Democratic capitalism is thus always democratic monopoly capitalism, and even more so in its digital version. The idea that the normal imperatives of capitalist competition would exert extra pressure on digital giants seems quaint. There’s no garage big enough to house a startup that can unseat Google, not with its trove of customer data and artificial intelligence.

The third effect of this new post-democratic compromise is that, in presenting cyber-insecurity as a natural rather than human-made problem, it delegitimises the role of law, and politics in general, in mitigating conflicts between citizens and corporations.

Consider how we deal with other types of disasters. It would be imprudent to rely on the power of law and politics to ward off floods and earthquakes; insurance, under these conditions, is not an unreasonable option. But none of this prevents us from requiring stricter building standards so as to minimise the damage when the disaster does strike.

The world of cybersecurity does not follow this logic. Imagine if the government regularly dispatched a group of well-paid and well-educated saboteurs to weaken the anti-flood or anti-earthquake defences of our houses, leaving us no option but to turn to the private sector for security, either in the form of better defences or better insurance. This is the situation we are in right now; the only difference is that cyber-security disasters are almost entirely human-made and thus avoidable.

Rhetorically, the governments might even agree that, in the face of all these dangers, we all need to strengthen our privacy laws. In reality, though, we all know that it would only result in them sending even more saboteurs, with even more powerful tools, to weaken our defences. Who, under these conditions, would retain any faith in law and politics, rather than accept protections promised by the market, however flawed and expensive?

Cyber-security, alas, is just one of the many examples where the legitimacy of democratic capitalism, as well as of the social democratic parties that have traditionally defended it, has expired, even if its talking points are still in circulation. No wonder that social democratic parties are collapsing, as elections in the Netherlands and France have shown: they claim to be defending a system that no longer walks the talk.

Guardian:

You Migh Also Read:

Nation State Hacking Has A Big Commercial Impact:

We Are In A New Era Of Espionage:

 

 

 

« Uber Faces A Criminal Probe In The US
Google Neutralizes Phishing Scam »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

MARS Suite

MARS Suite

MARS Suite is your all-in-one solution for cyber protection & compliance. Cybersecurity and risk management is what we do best. And we’re making it simple and easy.

InQuest

InQuest

InQuest specialize in providing comprehensive network-based security solutions that empower organizations to protect their most critical assets: their people.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.