Live Blogging the Harvard National Security Symposium

I’m at Harvard Law School today for a symposium, Cybersecurity: Law, Privacy, and Warfare in a Digital World.  I’ll be talking about my e-SOS paper, how international law deals with cyberthreats, and ways it could do a better job.  Anyone who’s interested can watch the proceedings; it’s being live web-cast here. 

I wanted to flag a fascinating debate over the future of the Internet that just occurred between HLS Professor Jonathan Zittrain and Stewart Baker.  Baker, of Volokh fame, is well known for flagging the great potential of cyberthreats to produce systemic or catastrophic effects.  Today, he was on message, emphasizing how the threat of cyberwar and severely intrusive cyberexploitations like Ghostnet require construction of new social norms for the Internet.  And, for Stewart, he’d construct those norms by imposing attribution and punishment on the Internet.  Only by knowing who’s attacking and punishing them does Baker think the Internet can have true social order. 

Zittrain, who’s thought a lot about the Future of the Internet, agreed with Baker that its current state is problematic, and that things like Ghostnet are scary and worthy of real concern.  But, he disagreed that attribution (whether “attribution lite,” meaning more investigative resources, or “full attribution,” meaning a restructuring of the Internet to allow for real-time attribution) was the solution.  For starters, he doubted that total attribution would ever be possible, arguing that Ghostnet’s authors would always be sophisticated enough to circumvent whatever attribution system is devised.  He also suggested there were far more “boring” solutions to many cyberthreats in terms of better authentication and security to persue before restructuring the whole system.  Instead, Zittrain favored working with, rather than overriding, the Internet’s generative capacity and developing voluntary structures of mutual aid among Internet users.  He proposed some technical solutions to do so, most notably his preference that users help other users reciprocally by allowing basic applications to always be mirrored, thereby making it much more difficult to deny services to those applications. 

Both Baker and Zittrain made compelling arguments and did so without fireworks (but quite a bit of humor involving everything from the entire state of Qatar being banned from Wikipedia to Stewart Baker’s time at Brown).  It was great to see two people who have obviously different priors recognizing their common ground and trying to discern ways to deal with such a big (and serious) question as what the future holds for the Internet.  It bodes well for the rest of the day, which will conclude with a Keynote Address by Steven Bradbury, formerly a Principal Deputy in OLC.

[Update:  contrary to Ben’s hope, Steven Bradbury’s talk did not go to detainee issues, but he did make a rather dramatic assertion about the capacity of the United States to engage in cyberoperations, namely that where the law is unclear (which, by my own estimate, covers quite a lot of ground in the cybercontext), the President is free to decide as a matter of policy what cyberoperations to pursue.  In other words, I heard him to suggest that in the absence of a specific rule restricting U.S. activity, it is free to act as a matter of policy.  Not sure how well this matches up with the Martens clause (I’m going to try and ask him about that).]