Dropsafe

by Alec Muffett

Discussion with @runasand: “One Nation’s Cybermercinaries are another’s Ethical Hackers”, per the @UN

https://twitter.com/runasand/status/1457736218809094144

Runa: Good point from @UN human rights experts on the use of mercenaries in cyberspace: “The use of private actors poses a particular challenge to accountability for abuses that occur through cyberspace, in particular across different jurisdictions.”

https://www.ohchr.org/SP/NewsEvents/Pages/DisplayNews.aspx?NewsID=27729&LangID=E

Alec: White Hat Hackers: “Do they mean [me]?”

R: No.

A: Hard disagree. The fallacy of cyber is that states are the only people who hack other systems in any interesting way. is a nonsense; cyber mercenaries doubly so; the attached propagates the “tail wags the dog” approach to “cyber”, harming public understanding overall.

R: So, I agree with your points here and I also think the quote from the UN is a good one.

A: Help me understand the “good” that you see?

R: I think it’s fair to say (and so a good point to make) that states haven’t figured out “what to do” about stuff that happens in cyberspace, be it by another state or a private actor. Lots of options, inc. sanctions and such, but not much informed debate so far. So, yes, it does pose a particular challenge and the solution to it must also address the point you raised.

A: Not to put too fine a point on it, this is exemplified in something like the “Snow Crash” dystopia, or in “sovereign identity” people (however rabid) who do at least have 1 point:

That point is: in a domain of speech like the Internet, shorn of physical military objectives like “high ground to hold & defend”, the “sovereignty” of nation states is matched by those of corporations or of sufficiently capable individuals.

Nation states don’t even hold a cybermonopoly on “kinetic” consequences (in the cyber terms of e.g. “switching off water supplies”) which breaks the traditional “monopoly on force” model of Government.

As such: any frame that still holds states as “special” except amongst themselves, is in severe need of exceptional justification.

One nation’s Cybermercinaries are another’s Ethical Hackers.

R: I completely agree.

A: And lo, somehow we started [towards this argument]

R: Yep, hence my comment later saying there hasn’t been much informed debate and your point is very valid. Do they mean you? Maybe. Should they? No.

off-thread, see also: Marcus Ranum

Comments

One response to “Discussion with @runasand: “One Nation’s Cybermercinaries are another’s Ethical Hackers”, per the @UN”

  1. Jonathan Katz

    The way to look at this is through the old adage, one man’s terrorist is another man’s freedom fighter.

    We already have “mercenaries” operating on-line in different guises; some as government contractors (generally in the west) and then unofficial government contractors (organised crime groups, private intelligence groups) among some MENA, Eastern Europe, and Asian countries (think of most of the groups that are connected to APTs that are not officially government groups.)

    With everything, especially on-line, there is always plausible deniability when it comes to attribution. Unless you have a good “guess” or some excellent intelligence work (think Bellingcat) the random DoS against an activist website that seems to come from Vietnam may really be executed by North Korea or the CIA or Belarus or private groups sympathetic to a competing cause and you can’t really tell.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts