On January 2, Dr. Emanuel Pastreich, director of the Asia Institute, sat down with Peter Singer, director of the Center for 21st Century Security and Intelligence and a senior fellow in the Foreign Policy program of the Brookings Institute. Singer’s research focuses on three core issues: current US defense needs and future priorities, the future of war and the future of the US defense system. Singer lectures frequently to US military audiences and is the author of several books and articles, including his most recent book, Cyber Security and Cyber War (www.cybersecuritybook.com). This is the fourth in a six-part series.
Emanuel Pastreich: “Maybe you can say a few words about our response. There are at least two problems in terms of security. If one wants to have security in a situation in which a single individual or small group can do an enormous amount of damage, it requires by nature a repressive system. The system has to be capable of being focused and responding very effectively. So, it inherently creates problems. Any response is going to be problematic.
“The second issue concerns the rate of technological change. If technology keeps changing, evolving exponentially, you might make up some treaty on cyber security in 2014 that will be meaningless by 2020 because the nature of cyberspace would have changed so profoundly.
“What are your thoughts on these two questions? First, how do you maintain security without it becoming a repressive system? And how do you maintain standards and the rules in a constantly-changing environment?”
Peter W. Singer: “The first question, in many ways, again echoes back across the ages before the Internet was ever conceived. The debate over the trade-off of rights versus security is not new. We can see that debate in the writings of ancient philosophers. The way they came down on the issue back then is the way we should come down on it today. Yes, you can live in a system that has no terrorism, where criminals are immediately caught. But, in reality we call those totalitarian regimes. However, you could also live in absolute anarchy, but that is an equally insecure world that does not allow one to exercise the most basic rights as a result. The key is finding that balance. We should not assume we can eliminate all threats. Rather we should accept the reality that threats exist and seek to manage them.
“It is all about building structures and incentives that will allow you to manage the world better. In the book we present fifteen things we can and should do to respond to cyberspace, everything from building appropriate institutions in government and global institutions to local community activities. We see the effort to establish better security as both a public and private problem. We must establish the right incentives, build better information sharing systems, and increase transparency. We need to set up clear norms for accountability and reliability. There are many cyber-people problems for which we need to train experts at all levels to respond. There is so much that we can and should do.
“But we also should not let fear steer us solely. The book opens with a description of how each of us remembers as young boys or girls the first time we saw a computer. I was seven years old when I first saw a computer. I am now thirty-eight. My dad took me to a science museum and there I took a class to learn how to program computers to do an amazing thing: print out a smiley face. That is the beginning of the book. We circle back to that same moment at the end of the book. Imagine if my dad had told me at the age of seven, ‘This thing, the computer, it is going to allow people to steal your identity. It is going to allow militaries to carry out all new kinds of war. It may even allow terrorists to turn off the power grid or steal everyone’s money.’ My little seven year-old self would have said, ‘Oh my God, Dad, we must stop this computer, do not turn it on.’
“Of course, looking back at that, we accept these risks because of all the great things that we can do with computers. I can track down the answer to almost any question on line. I am friends with people around the world I have never met. To me, what has played out over the last thirty years is exactly the same thing that we will witness in the future. We have to accept and manage the risks because of all the great things we can do with this technology.
“That is where we have to be mindful of the people who are trying to steer us in the wrong direction, whether it is the people who are trying to make cyberspace too insecure a space, or the people who are trying to make it too secure but do away with the freedom and great features in it by just militarizing this space.
“Regarding your second question concerning whether technological change could lead to outdated treaties or laws practically the very next day, you have hit it exactly right. Cyberspace is a constantly-evolving medium, and indeed the Internet that we know and love today will be quite different five years from now. Everything from the users, to the language of the Internet, to the mentality of online freedom, will change.
“Also, many parts of the Internet are going mobile. And in the future the Internet will be woven into things. Cisco estimates that over the next few decades we will go from having a couple billion devices online, essentially each person behind a device, to seventy-five billion devices online. That means that it will not be just people behind those devices carrying on conversations—it will be things talking to each other.
“One cannot legislate a too-defined law that will not remain relevant. That would not be a good strategy. It also ignores the ‘reality’ of today. You are not going to find the United States, Russia, South Korea, North Korea, China, or Brazil all agreeing on the exact language of some treaty right now. That does not mean that you do not need a building of new laws, norms, and codes for conduct and behavior. In the United States, our Congress has not passed new major cyber security legislation since 2002. What we are pushing for globally and nationally is not to rewrite all law, but, rather to graft new law to previous legal precedents. Rather than plant an entire new tree, instead we should graft new legal developments for cyberspace onto an old, healthy tree. That is, determine what works, affirm the common values that we all hold, and then build off of that. That is the pathway to success.”
Pastreich: “Yes, right. When I wrote an article some time ago entitled ‘Constitution of Information,’ the first point I stressed was one could not write such a constitution unless the writer actually had stakeholders involved in the discussion. It would just be an academic exercise to talk about an ideal world. The real process requires actually getting the people who can make decisions that represent active organizations involved.”