Skip to main content

FIC 2014: US Navy professor defends PRISM, calls Internet "a lawless frontier"

In a heated panel discussion at the International Forum of Cybersecurity (opens in new tab) (IFC) in Lille, France, four varied panellists attempted to answer the question, "what is a national cyberspace?"

George Lucas, a professor of ethics and public policy at the US Naval Academy, defended a country's right to its sovereign digital territory - and all data that passes through out. Here's what he had to say.

Can a country exercise control over cyberspace?

Descriptions and our choice of metaphors makes an enormous difference to how we conceptualise the question of jurisdiction and territory in the cyber domain. Once we start using the word "territory," we have already prejudiced our thinking with the idea of a territory or domain upon which a nation can act.

We've identified cyber as a fifth domain - the other four being land, air, sea and even space - in which countries have struggled to define territory and rights to resources.

Even on the sea, we've had immense trouble since even the Seventeenth Century in defining exactly what territory means on the sea. In the air it's even more difficult, and in space of course we've had enormous problems.

But how can we talk about control over photons or electrons that don't occupy physical space, and can move from territorial, controlled hardware to software that could be distributed anywhere?

What are our options?

Either we can do it like the Chinese or the Russians, where we completely delineate all communications boundaries at our international orders. This makes communication difficult and acts as a form of political oppression.

Or, as the Chinese are starting to do, we define a digital "commons", a space where everyone can meet and share. But this can create a lawless territory where laws are flaunted. We've struggled with lawless frontiers before, on the land and certainly in the sea. But I don't think national boundaries online are desirable.

Any attempt to delineate a national boundary on digital data would be as problematic as the Chinese are currently finding it to delineate a zone of maritime territory in the South China sea.

What about data being held - for instance WikiLeaks cables (opens in new tab) or NSA revelations (opens in new tab) - that the US wants to be taken down? Can it exercise control over that?

Pressures have been exerted. Attempts have been made to persuade and cajole French authorities, among others, to use their legal and technological means to remove data put up on the Internet. I'm sure my government has the capability to attack that website and take it down, but as of today that hasn't happened. Whenever security operatives operate outside their sovereign territory, they are subject to the legal requirements of that country.

We have generated enough ire with the revelations of what our spy agencies have been doing to act with arrogance and impunity any further. I think people have seen China doing the same with the Ryukyu islands and the South China sea. China has dealt with a great deal of trouble in enforcing their authority in this way - we've had a similar problem exerting authority over the Internet.

We might claim, not wholly unreasonably, that the Internet is ours. That we designed it, we built it, and that our government might feel responsibility more than anything, to keep it a space free of crime.

Could PRISM have been carried out in an acceptable way?

The single most important lesson from PRISM fiasco is that it would have been extremely wise for government officials, rather than cloak themselves in secrecy, to explain some of the general details of the programme worked - not the details or the names of programmes like XKeyscore, Bullrun, Treasure Map and so on.

I think that would have done a lot to build the trust that was lost by the revelations.

Let's be clear - PRISM isn't a collection progamme. PRISM is the database involved in collecting data that enter the US from outside. Once those data cross our borders, they are collected and can be shared among intelligence services. It's a firewall, if you like.

The issue arises because probable cause has been eroded. Law enforcement officers have been able to share data without proving a chain of requirement and cause.

Could we change the Internet to make government surveillance harder?

The problem is that due to an accident of history, just about everything on the Internet at one point will pass through the continental United States. It would be extremely hard to rewire the infrastructure to change that, and we probably wouldn't like it. Of course, we don't like the current situation either.

In the end, it was only the citizens that didn't know - and I think that's reprehensible. People need to educate themselves.

On the other hand, we're not running a Stazi East German surveillance state on the Internet right now. What we're doing is what air traffic control are doing in the air - we're monitoring, checking where you are and keeping you safe.

Right now cyberspace is a lawless frontier where anarchists and terrorists and paedophiles and human traffickers are doing whatever they want in cyberspace.

More: Cécile Doutriaux, a prominent lawyer on the subject of cyber security, argued at FIC 2014 that when it comes to the cloud, the legal definition of cyber territory is a troubled concept (opens in new tab). Can nations ever really control the cloud?

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.