Moral Doctrines of Cyberinsurgency

Is Cyberinsurgency Justified?

When attacked, it is always moral to defend oneself.

Insurgency is always a response to sufficiently provocative political activity: if someone is hurting you, one of the best ways to get them to stop is to show them that you can hurt them back.

Insurgency tactics – 4th Generation Warfare – rely on adjusting the enemy’s cost/benefit equation, by making it unexpectedly expensive to accomplish their goals. The insurgent takes advantage of the inherent asymmetry in irregular warfare: larger powers have larger attack surfaces, so small attacks against logistics or transport are disproportionately effective. You can have a dominant force that is unbeatable on the battlefield, but their trucks still need fuel, they need water to drink, and safe places to sleep. The insurgent’s ability is to make existing on the battlefield or occupied territory unbearably expensive in terms of manpower and technology. The cyberinsurgent’s strength is to make their opponents’ computers cost/benefit go suddenly negative: your expensive surveillance system is now generating a huge number of false alarms, the intelligence data you collected is suddenly revealed to be unreliable, your logistical automation system has been hacked and is delaying critical supplies, your surveillance methods are being disclosed and tools for bypassing them are published. The cyberinsurgent is not like the (mostly mythical) cyberwarrior, who is going on the attack to try to bring down a target’s systems in order to weaken them for political purposes – the cyberinsurgent’s efforts are oriented toward evaporating the efficiencies of automation and making cyberspace an unusually complicated and expensive area of operations.

Take, as an example, one of the most important operations of cyberinsurgency to date: Edward Snowden’s disclosure of many of the US National Security Agency’s techniques. From a perspective of public relations and civil politics, it had a great effect. But imagine the unseen cost to the NSA. Imagine the huge amount of time they had to spend in damage-control, in “walking back the cat” to figure out what was taken, in wondering and worrying about what comes next. Now, NSA will have to be thinking “can we outsource our system administration to a contractor?” The damage to the NSA, from a public relations standpoint, was huge – but the staffing, effort, and response cost was completely disproportional to the effort it took Snowden himself to do the damage. Imagine how expensive the NSA’s surveillance systems would become if they had to build them to resist a hundred Snowdens? This is one of the crucial lessons for the cyberinsurgent: sometimes you do not even need to badly hurt your enemy, if you can trigger them overreacting they will hurt themselves badly enough.

I’m Afraid of Big Brother so I Want Him to be Stupid and Incompetent

Corporations, governments, and other organizations are moving into cyberspace, and they do not have your best interests at heart. In fact, we would argue that virtually none of them do. The least bad of them mostly want to monetize your online activity by feeding your eyeballs endless annoying banner ads. The worst of them want to strip-mine your life and your information, sell your details to data brokers and governments, and cross-check you with criminal databases, then violate your existence if there’s a real (or accidental) connection. If the computer systems that we are all using are going to become the battleground for a new war – a war of government and corporate partners to take over cyberspace – we may as well make it unusually expensive for them to do so.

George Orwell was wrong about 1984, so far. But Big Brother is real. If we’re going to have a surveillance state inflicted upon us from above, it is in everyone’s interest to have it bloated, stupid, over budget, badly coded, mis-configured, and hackable. The identities of Big Brother’s servants should be published and their privacy rights are forfeit because they chose to side with the forces of oppression. The watchers must be watched. If you are worried about them, they should be afraid of you.

In the 1970’s, a group of US Senators saw the potential that a large-scale and well-coordinated state surveillance system had.  In their report, they concluded:

“In the need to develop a capacity to know what potential enemies are doing, the United States government has perfected a technological capability that enables us to monitor the messages that go through the air. (…) Now, that is necessary and important to the United States as we look abroad at enemies or potential enemies. We must know, at the same time, that capability at any time could be turned around on the American people, and no American would have any privacy left such is the capability to monitor everything—telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.” [Church Committee]

Most nations on Earth have now acquired some semblance of these surveillance technologies, with even the most-technologically-challenged ones purchasing advanced surveillance technologies from cyber mercenaries.  If the country on Earth with the most-strict privacy guarantees is having the state surveillance crisis it is today, imagine the surveillance systems and processes which are in full effect in countries without any privacy guarantees.

If we believe any rights to be self-evident today, we should protect our right to our digital personas, our data, our digital activities.  We must all understand the scale and scope of the surveillance state and its corporate partners.  Armed with that information, we can then decide at which level we will engage in cyberinsurgency.  Whether by simple means of obfuscating our online identities or hiding our communications subtly within other communications streams, or actively increasing the operational costs of the surveillance state and reducing the profits of its corporate partners.

I Can Adjust Your Cost/Benefit Equation

Everything that is going on in cyberspace is being done based on some kind of cost/benefit analysis for someone. The cyberinsurgent has a moral right to disagree with that cost/benefit analysis if it involves them. If some monster website is selling your data, and making money by selling your eyeballs, you have every right to shut your eyes. But, beyond that, you have a right to make it expensive for them to build you into their cost/benefit analysis. If you are angered at some organization that “monetizes” you to the tune of $29.00, then the way to adjust their cost/benefit analysis is to cost them $290.00. Ideally, the cyberinsurgent will figure out a way of communicating that moral choice to their oppressor. I.e.: “I know you sold my marketing data to spammers, because I am now getting spam. I have chosen to cost you $300 – thereby removing the profits you thought you made off of me – and if we have to have this conversation again it will cost you $3,000.”

Nation-states allow themselves, under international law, an option known as “retorsion.”[1] “an act perpetrated by one nation upon another in retaliation for a similar act perpetrated by the other nation” it is the fundamental concept in operation during trade-wars or tariff disputes. If one country does something that another particularly dislikes, they can adjust the other’s cost/benefit equation to help them see the error of their ways. The cyberinsurgent bypasses the thoroughly discredited 20th century concept of “nation states” and treats cyberspace as their domain, their nation, and engages in activities intended to punitively adjust the cost/benefit equation of invaders.

But It’s Offense!

Resisting oppression or economic coercion is not an offensive act. It is a moral right. Some might even say it’s a duty.

They will call cyberinsurgents “cyberterrorists” because states and corporations only acknowledge the rights and interests of other states and organizations, never of individuals. But they are wrong – cyberinsurgents are not going on the offensive, any more than the people of an occupied nation pursue the occupation army when it finally breaks and packs up and leaves. Cyberinsurgents are fighting scorched-earth warfare on their own land, which is cyberspace. If the governments and corporations stop intruding and go away, the cyberinsurgent will stand down, and wait – and watch.

As scorched-earth warriors, cyberinsurgents acknowledge that – to a certain degree – they are hurting themselves. They are wasting their own tax money by mooting the systems that they were extorted to pay for. This is all true; the question is whether you want a Big Brother that is inept and stupid, or one that is lean, mean, and efficient? To even ask the question is to answer it.

Governments and corporate powers have acted unilaterally, often in secret, to increase their ability to surveil and control.

We can act unilaterally, in secret, too. In fact, we must.