Monday, April 27, 2015

The hollow rhetoric of nation-state threats

The government is using the threat of nation-state hackers to declare a state-of-emergency and pass draconian laws in congress. However, as the GitHub DDoS shows, the government has little interest in actually defending us.

It took 25 days to blame North Korea for the Sony hack, between the moment "Hacked by the #GOP" appeared on Sony computers and when President Obama promised retaliation in a news conference -- based on flimsy evidence of North Korea's involvement. In contrast, it's been more than 25 days since we've had conclusive proof the Chinese government was DDoSing GitHub, and our government has remained silent. China stopped the attacks after two weeks on their own volition, because GitHub defended itself, not because of anything the United States government did.

The reason for the inattention is that GitHub has no lobbyists. Sony spends several million dollars every year in lobbying, as well as hundreds of thousands in campaign contributions. When Sony gets hacked, politicians listen. In contrast, GitHub spends zero on either lobbying or contributions.

It's not that GitHub isn't important -- it's actually key infrastructure to the Internet. All computer nerds know the site. It's the largest repository of source-code on the net. It's so important that China couldn't simply block the IP address, because China needs the site, too. That's why China had to use a convoluted attack in order to pressure GitHub to censor content.

Despite GitHub's importance, few in Washington D.C. have heard of it. If you don't spend money on lobbying and donors, you just don't exist. Even if the government heard of GitHub, they still wouldn't respond. We have over half a trillion dollars of trade with China every year, not to mention a ton of diplomatic disputes. Our government won't risk upsetting any of those issues, which do have tons of lobbying dollars behind them, in order to defend GitHub. At most, GitHub will become a bargaining chip, such as encouraging China to stop subsidizing tire exports in order to satisfy the steel workers union.

The point of this post isn't to bang the drums of cyberwar, to claim that our government should retaliate against China for their nation-state attack. Quite the opposite. I'm trying to point out the hollow rhetoric of "nation-state threats". You can't use "nation-state defense" to justify sanctions on North Korea while ignoring the nation-state attack on GitHub.

The next time somebody uses "nation-state threats" in order to justify government policy that increases the police-state and military-industrial complex, the first question we should ask is to have them explain government's inaction in the nation-state attack against GitHub.

No comments: