Sei sulla pagina 1di 209

AFF Encryption

1ACS

--xt backdoors now


Backdoors now FISA
Soghoian et al 15 (Christopher Soghoian, researcher at Harvard and Yale, Kevin Bankston, Policy Director of New Americas Open Technology
Institute, Fred Cate, C. Ben Dutton Professor of Law at Indiana University Maurer School of Law, Chris Hoofnagle, Co-Director, Berkeley Center for Law &
Technology, Marcia Hofmann, senior staff attorney at the Electronic Frontier Foundation, Rob Faris, Research Director of the Berkman Center for Internet and
Society at Harvard University, Albert Gidari, partner of Perkins Coie in Privacy & Security, Jennifer Granick, Director of Civil Liberties for the Center for Internet
and Society at Stanford Law School, Orin Kerr, professor of law at the George Washington University , Susan Landau, Professor of Social Science and Policy
Studies at Worcester Polytechnic Institute, Paul Ohm, Professor of Law at the Georgetown University Law Center, Nicole Azer, Technology & Civil Liberties Policy
Director in ACLU California, John Palfrey, previous executive director of Harvard's Berkman Center for Internet & Society, Marc Rotenberg, President and
Executive Director of the Electronic Privacy Information Center, Adam Schostack, expert in security, Ryan Singel, journalist of technology at WIRED, Adam
Thierer, senior research fellow with the Technology Policy Program at the Mercatus Center at George Mason University, Jonathan Zittrain, professor of Internet
law and the George Bemis Professor of International Law at Harvard Law School, Privacy And Law Enforcement: Caught In The Cloud: Privacy, Encryption, And
Government Back Doors In The Web 2.0 Era, 12/16/13,
http://www.researchgate.net/publication/228365094_Privacy_And_Law_Enforcement_Caught_In_The_Cloud_Privacy_Encryption_And_Government_Back_Door
s_In_The_Web_2.0_Era, page 416)//EM
While both the Wiretap Act and the All Writs Act seem to be the legal tools of choice for law enforcement agencies, there is at least one other

legal avenue
through which the government can force service providers to insert backdoors into their own products . The 2008 FISA
Amendments Act194 amended the Foreign Intelligence Surveillance Act195 to state that: (1) . . . [T]he Attorney General and the
Director of National Intelligence may direct, in writing, an electronic communication service provider to (A) immediately provide the
Government with all information, facilities, or assistance necessary to accomplish the acquisition in a manner that will protect the
secrecy of the acquisition and produce a minimum of interference with the services that such electronic communication service
provider is providing to the target of the acquisition . . . . (2) . . . The Government shall compensate, at the prevailing rate, an electronic
communication service provider for providing information, facilities, or assistance in accordance with a directive issued pursuant to paragraph (1).196 Details on
the governments interpretation and use of this law are understandably impossible to find. However, some commentators have argued that the law gives the

government wide powers to order communication service providers such as cell phone companies and ISPs to make their
networks available to government eavesdroppers.197

Backdoors now
Soghoian et al 15 (Christopher Soghoian, researcher at Harvard and Yale, Kevin Bankston, Policy Director of New Americas Open Technology
Institute, Fred Cate, C. Ben Dutton Professor of Law at Indiana University Maurer School of Law, Chris Hoofnagle, Co-Director, Berkeley Center for Law &
Technology, Marcia Hofmann, senior staff attorney at the Electronic Frontier Foundation, Rob Faris, Research Director of the Berkman Center for Internet and
Society at Harvard University, Albert Gidari, partner of Perkins Coie in Privacy & Security, Jennifer Granick, Director of Civil Liberties for the Center for Internet
and Society at Stanford Law School, Orin Kerr, professor of law at the George Washington University , Susan Landau, Professor of Social Science and Policy
Studies at Worcester Polytechnic Institute, Paul Ohm, Professor of Law at the Georgetown University Law Center, Nicole Azer, Technology & Civil Liberties Policy
Director in ACLU California, John Palfrey, previous executive director of Harvard's Berkman Center for Internet & Society, Marc Rotenberg, President and
Executive Director of the Electronic Privacy Information Center, Adam Schostack, expert in security, Ryan Singel, journalist of technology at WIRED, Adam
Thierer, senior research fellow with the Technology Policy Program at the Mercatus Center at George Mason University, Jonathan Zittrain, professor of Internet
law and the George Bemis Professor of International Law at Harvard Law School, Privacy And Law Enforcement: Caught In The Cloud: Privacy, Encryption, And
Government Back Doors In The Web 2.0 Era, 12/16/13,
http://www.researchgate.net/publication/228365094_Privacy_And_Law_Enforcement_Caught_In_The_Cloud_Privacy_Encryption_And_Government_Back_Door
s_In_The_Web_2.0_Era, page 416-417)//EM
ENCRYPTION CAN BE CIRCUMVENTED Let us now go back to our earlier hypothetical scenario in which all cloud services have switched to data encryption
with a key private to the user. In this situation, the government will not be able to use a subpoena to force the revelation of a users private files, since the service
provider will only possess encrypted data. However, it may be possible for the government to force that company to place a backdoor in its
web-based product in order to steal the users encryption key . As an example, when the user enters her password in to the
encryption enhanced Google Docs web application, instead of keeping the password in local memory on her computer, a copy of it will be
silently recorded and later transmitted to a FBI server. While market forces might be able to neutralize the privacy problems associated with the
third party doctrine by encouraging the use of encryption, there are no readily available market forces or technology that can protect a
company from a lawful order compelling that firm to insert a backdoor into its own products . To make matters worse, the move to cloud
computing increases the amount of private information available at risk of covert government capture, and , as this next section will
explain, also makes it significantly easier for companies to deploy these compelled backdoors.

Intelligence programs set on inserting backdoor into encryption software


Naughton 7/19 (John, Professor of Public Understanding of Technology,7/19/15, Naughton, The Guardian,
http://www.theguardian.com/commentisfree/2015/jul/19/why-appeasing-states-encryption-will-never-work)-SK

The biggest battle has always been about encryption. From the 1980s, public-key cryptography gave the technically savvy the
ability to protect the privacy of their messages using military-grade encryption, which meant the state could no longer monitor all
online communications. The first response was to outlaw dissemination of the technology. When that failed, in 1993 the Clinton
administration tried a new tack the Clipper chip proposal. This involved two things: the installation of a doctored chip in
mobile phones; and (later) mandating that all encryption systems should lodge a copy of decryption keys with a trusted third
party who would turn them over to the cops on production of a warrant (key escrow). The chip idea collapsed under the weight
of its own absurdity, and in 1997 key escrow idea examined and demolished by a group of leading computer security experts and
eventually Clinton quietly buried the idea. Result: Technology 1, Establishment 0. But now its back, with a vengeance. Stung by
the fact that, post-Snowden, Apple, Google and Facebook are implementing strong encryption, governments are starting to
panic. Over in Washington, FBI director, James Comey, is infuriated that applications such as Facebooks WhatsApp and Apples
iMessage are now providing end-to-end encryption, a technology that Comey claims is being exploited by guess who? Isis.
Comey wants companies to be forced to insert a backdoor for law enforcement into encryption software. Over here, David
Cameron has been drinking the same Kool Aid. In our country,he asked in January, do we want to allow a means of
communication between people which we cannot read? My answer to that question is: no we must not. Which either means
either that he wants to ban services such as WhatsApp or iMessage or that he will demand a backdoor into them. Advertisement
Since banning them is a non-starter, weve arrived at Clipper chip v2.0. And, as luck would have it, the same group of experts
who demolished the original proposal have now had a look at the prospects for v2.0. Their report, Keys Under Doormats:
Mandating insecurity by requiring government access to all data and communications, is worth reading in full. It concludes that
proposals for backdoors are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on
security at a time when internet vulnerabilities are causing extreme economic harm. In case youre wondering what could be
wrong with entrusting secret keys to the government for use in exceptional circumstances, just ponder this: a few months ago,
hackers (suspected to be Chinese) stole the personnel records of 21.5 million US federal employees, including the records of
every person given a government background check for the last 15 years.

Backdoors are lowering encryption credibility


Samuels 13
(A member of the editorial board since 1984, Dorothy Samuels writes on a wide array of legal and
social policy issues. Prior to joining The Times, she briefly practiced corporate law with a big Wall Street
firm, leaving there to pursue her interests in public policy and journalism. For four years, Ms. Samuels
served as executive director of the New York Civil Liberties Union, the largest affiliate of the national
A.C.L.U. In 2001, in a change of pace, she published a comic novel, "Filthy Rich." Ms. Samuels is a
graduate of Bryn Mawr College and Northeastern University School of Law.]
http://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html?_r=0 )
In 2006, a federal agency, the National Institute of Standards and
Technology, helped build an international encryption system to help countries and industries fend
off computer hacking and theft. Unbeknown to the many users of the system, a different
government arm, the National Security Agency, secretly inserted a back door into the system
that allowed federal spies to crack open any data that was encoded using its technology. Documents
leaked by Edward Snowden, the former N.S.A. contractor, make clear that the agency has never
met an encryption system that it has not tried to penetrate. And it frequently tries to take the
easy way out. Because modern cryptography can be so hard to break, even using the brute force of
the agencys powerful supercomputers, the agency prefers to collaborate with big software companies
and cipher authors, getting hidden access built right into their systems. The New York Times, The
Guardian and ProPublica recently reported that the agency now has access to the codes that protect
commerce and banking systems, trade secrets and medical records, and everyones e-mail and
Internet chat messages, including virtual private networks. In some cases, the agency pressured
companies to give it access; as The Guardian reported earlier this year, Microsoft provided access to
Hotmail, Outlook.com, SkyDrive and Skype. According to some of the Snowden documents given to Der
Spiegel, the N.S.A. also has access to the encryption protecting data on iPhones, Android and
BlackBerry phones. These back doors and special access routes are a terrible idea, another example
of the intelligence communitys overreach. Companies and individuals are increasingly putting
their most confidential data on cloud storage services, and need to rely on assurances their data will
be secure. Knowing that encryption has been deliberately weakened will undermine confidence
in these systems and interfere with commerce. The back doors also strip away the expectations

of privacy that individuals, businesses and governments have in ordinary communications. If


back doors are built into systems by the N.S.A., who is to say that other countries spy

agencies or hackers, pirates and terrorists wont discover and exploit them? The

government can get a warrant and break into the communications or data of any individual or
company suspected of breaking the law. But crippling everyones ability to use encryption is going too
far, just as the N.S.A. has exceeded its boundaries in collecting everyones phone records
rather than limiting its focus to actual suspects. Representative Rush Holt, Democrat of New
Jersey, has introduced a bill that would, among other provisions, bar the government from requiring
software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In
the meantime, several Internet companies, including Google and Facebook, are building encryption
systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers
that they are not a secret partner with the dark side of their own government.

Intelligence agencies have bypassed encryption using a variety of methods, including backdoors
Zetter 13 (Kim, award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security, NSAs Decade-Long
Plan to Undermine Encryption Includes Backdoors, Stolen Keys, Manipulating Standards, 9/5/13,
http://www.wired.com/2013/09/nsa-backdoored-and-stole-keys/) WZ
Without the ability to actually crack the strongest algorithms that protect data, the intelligence agencies have systematically worked to thwart or bypass
encryption using a variety of underhanded methods, according to revelations published by the New York Times and Guardian newspapers and the journalism
non-profit ProPublica, based on documents leaked by NSA whistleblower Edward Snowden. These methods, part of a highly secret program codenamed Bullrun,
have included pressuring vendors to install backdoors in their products to allow intelligence agencies to access data , and obtaining encryption keys
by pressuring vendors to hand them over or hacking into systems and stealing them. Most surprising, however, is the revelation that the agency has worked to
covertly undermine the encryption standards developers rely upon to build secure products. Undermining standards and installing backdoors dont just allow the
government to spy on data but create fundamental insecurities in systems that would allow others to spy on the data as well. The encryption technologies that
the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records,
financial transactions, and commercial secrets, Christopher Soghoian, principal technologist of the ACLUs Speech, Privacy and Technology Project, said in a
statement about the revelations. Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure
and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSAs efforts to secretly defeat encryption are recklessly shortsighted and
will further erode not only the United States reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest
companies. The revelations are the latest in a trove of documents obtained by Snowden earlier this year that detail extensive spying operations on the part of
the NSA and foreign partners like the Government Communications Headquarters in the UK. Past revelations have disclosed the extensive amount
of data encrypted and unencrypted that the agencies siphon from land and undersea cables. Previous documents have discussed how the NSA
retains encrypted traffic with an eye toward researching methods to crack it. According to todays media reports, the NSA maintains an internal
database, called a Key Provisioning Service, of encryption keys for specific commercial products to automatically decode communications. If the
necessary key is missing from the collection, a request goes out to the so-called Key Recovery Service to obtain it. How keys are acquired is shrouded in
secrecy, but independent cryptographers say many are probably collected by hacking into companies computer servers, where they are stored, the Times
writes. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal
means. Approval to release to non-Sigint agencies, a GCHQ document says, will depend on there being a proven non-Sigint method of acquiring keys. It
should be noted that these methods dont involve cracking the algorithms and the math underlying the encryption, but rather rely upon circumventing and
otherwise undermining encryption. Properly implemented strong crypto systems are one of the few things that you can rely on, Snowden said in an interview
with the Guardian earlier this year. He warned, however, that the NSA often bypassed encryption altogether by targeting the endpoint computers in order to grab
communications before and after they were encrypted. The most shocking revelation involves the NSAs efforts to deliberately weaken international encryption
standards developers use to make their encryption secure, thereby undermining systems that human rights organizers, Third World activists and others depend
upon to protect their communications from corrupt and oppressive regimes and U.S. companies rely upon to keep their trade secrets secret. One of the agencys
stated goals in its 2013 budget was to influence policies, standards and specifications for commercial public key technologies. According to a classified NSA
memo obtained by the Times, a fatal weakness in a 2006 standard, discovered by two Microsoft cryptographers in 2007, appeared to have been engineered by
the NSA. The agency wrote the standard and aggressively pushed it on the international group, the paper writes, privately calling the effort a challenge in
finesse. The NSA managed to became the sole editor on the standard, ensuring that its underhanded efforts paid off. The ten-year Bullrun program began
after the U.S. government failed in its plan to place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on
communications at will. Without the Clipper chip, the government launched a systematic plan using trickery and other methods to circumvent encryption and
achieved an unspecified breakthrough in 2010. In the wake of this, according to one document, vast amounts of encrypted Internet data which have up till now
been discarded are now exploitable. Some of the methods involved the deployment of custom-built, supercomputers to break codes in addition to collaborating
with technology companies at home and abroad to include backdoors in their products. The Snowden documents dont identify the companies that participated.
The program, according to the documents, actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their
commercial products designs to make them exploitable. By this year, the Times reports, the program had found ways inside some of the
encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously
exploiting existing security flaws. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call
and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments, the paper notes. In one case, after the
government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a backdoor into the
product before it was shipped, a source told the Times Basically, the NSA asks companies to subtly change their products in undetectable
ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,
cryptographer Bruce Schneier notes in a story by the Guardian. If the backdoor is discovered, its explained away as a mistake . And as we now
know, the NSA has enjoyed enormous success from this program.

The NSA breaks and undermines encryption with backdoors


Crawford no date (Douglas, NSA breaks and undermines many kinds of encryption what does this mean for VPN?,
https://www.bestvpn.com/blog/7521/nsa-breaks-undermines-many-kinds-encryption-mean-vpn/) WZ
For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies Cryptanalytic
capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable. 2010
GHCQ memo describing a briefing to employees about NSA accomplishments. Many peoples more paranoid fears were confirmed yesterday when The
Guardian, in partnership with The New York Times and ProPublica, published top secret documents obtained from whistleblower Edward Snowden that expose
the lengths to which the NSA and GHCQ have gone in their efforts to decrypt and undermine encryption. Essentially, it seems that since the Bill Clinton
administrations public attempt to require all encryption technologies have a back door built into them that would be made available to US security services failed
in the 1990s, billions of dollars and untold man-hours have been poured into achieving this aim through stealth and secrecy. These efforts appear to have taken a
number of approaches: A full frontal code-breaking assault on common encryption methods such as SSL. It now seems safe to assume that the NSA can
readily access any SSL (https://) encrypted communication of the kind used almost universally by internet banking and ecommerce institutions
across the world Using a variety of sneaky and covert measures (including coercion) to deliberately compromise a range of encryption technologies, most
notably by coopting security companies into building backdoors, or otherwise deliberately introducing security weaknesses into their products
(CryptoAG and Lotus Notes being the most notable examples, although there is also evidence of a backdoor in Windows) Exploiting bad cryptography and weak
passwords. Most people are aware of the danger of weak passwords (even if they do nothing about it), but the prevalence of bad cryptography is less well
known. For example, the PPTP VPN protocol based on MS-CHAP key exchange remains the most commonly used VPN protocol used by business, despite
even Microsoft (who was part of the consortium who developed the protocol) advising against its use A highly funded specialist group within the NSA Tailored
Access Operations (TAO) targets end-point computers using a variety of means, including introducing viruses, subverting CA certificate authentication, and
hacking computers for long term keys. Basically, if the NSA targets your computer they will get into it , with the only good news being that doing so is
resource-heavy, and so is only done against high-value targets.

The NSA goes to great lengths to undermine encryption


Harris 1/2 (Shane, American journalist and author at Foreign Policy magazine, specialist in coverage of America's intelligence
agencies, author of The Watchers: The Rise of America's Surveillance State. It's in NSA's code to keep breaking encryption,
come what may, Cape Argus E1 Edition, 1/4/14)
The US's National Security Agency has gone to extraordinary lengths to foil encryption used in commercial tech nology. A new report in Der
Spiegel has revealed that the agency's elite hacker group, known as Tailored Access Operations, infiltrated networks of European
telecommunications companies and accessed and read e-mails that "were believed to be securely encrypted". From the NSA's
perspective, counter-encryption efforts have led to important intelligence breakthroughs. That's why of the 46 recommendations offered by a presidential review
panel on government surveillance activities, the one that suggests the NSA ramp down its efforts against encryption may be met with a mixture of outrage and
laughter in the halls of the agency. "The US government should take additional steps to promote security, by... fully supporting and not undermining efforts to
create encryption standards," the report's authors recommend. Undermining encryption, of course, is precisely what the NSA does. It's a codebreaking organisation. It develops methods and techniques to "subvert, undermine, weaken or make vulnerable" - to borrow from the list of things
the panel said the agency should stop doing - the codes that governments, terrorist networks, criminal organisations, businesses and everyday people use to
shield their communications from prying eyes. "Encryption is an essential basis for trust on the internet; without such trust, valuable communications would not be
possible," the review panel writes. "For the entire system to work, encryption software itself must be trustworthy." That may be. But the NSA doesn't want
the entire system to work - at least not all the time. Part of its mission is to capture, read and analyse information. A trustworthy, reliable encryption system
can be an obstacle to global surveillance. The NSA has tried to obscure the lengths to which it goes to undermine encryption standards , a
good indication that it won't abandon that work without a fight. In September, when The New York Times and ProPublica were preparing to report on the NSA's
counter-encryption efforts, the Obama administration tried to persuade the news organisations not to publish their articles, arguing that the revelations might
prompt NSA's targets to switch to new methods of encryption that would be harder to crack. Surely, officials have and will continue to make the same argument
to President Barack Obama, who has already disregarded one of the panel's recommendations that the director of the NSA no longer be "dual-

hatted" as the commander of US Cyber Command, which oversees computer warfare operations. Those operations, by the way,
rely on breaking encryption. In some respects, the NSA is torn between two competing missions. It breaks codes. But it also makes them, mostly for the
purpose of protecting the government's information. In a recent interview with the national security blog Lawfare, Anne Neuberger, the senior official who
manages the NSA's relationships with technology companies, was asked about news reports that the agency had secretly included a vulnerability
into an encryption standard that was developed by the N ational Institute of Standards and Technology and then adopted by more than
160 countries. Neuberger called NIST an "incredibly respected close partner on many things", including setting encryption standards, some of which the
agency itself uses. But, she added, NIST "is not a member of the intelligence community". "All work that they do is... pure white hat," Neuberger said, meaning
not malicious and oriented solely on defending encryption. "Their only responsibility is to set standards" and "to make them as strong as they possibly can be".
That left out the work that NSA does to defeat those standards, which has included buying privileged access into encryption products sold commercially. Last
week, Reuters reported that the agency paid RSA, a major computer security vendor, $10 million to promulgate an encryption weakness the NSA had developed.
- Foreign Policy

The NSA has mandated high-tech vendors to build backdoors into their hardware
Adhikari 15 (Richard, The Fallout From the NSA's Backdoors Mandate, 1/13/15,
http://www.ecommercetimes.com/story/81530.html) WZ

NSA) is widely believed to have mandated high-tech vendors build backdoors into their hardware and software .
Reactions from foreign governments to the news are harming American businesses and, some contend, may result in the breakup of the Internet. For example,
Russia is moving to paper and typewriters in some cases to move certain types of information, Private.me COO Robert Neivert told the E-Commerce Times. Governments are pushing to enact
laws to force the localization of data -- generally meaning they won't allow data to be stored outside their borders to protect citizens against NSA-type surveillance -- a move that's of particular
The United States National Security Agency (

concern to American businesses, according to a Lawfare Research paper. That's because they deem U.S. firms untrustworthy for having provided the NSA with access to the data of their users. Revisiting the Tower
of Babel? "There's an increased use of networks on behalf of Europe and other allies that do not pass through U.S. companies or U.S.-controlled networks," Neivert said. Some countries are even proposing to break
up the Internet. However, "people who say these things threaten the Internet itself are misunderstanding things," Jonathan Sander, strategy & research officer of Stealthbits Technologies, told the E-Commerce Times.
"The Internet produces too much wealth for too many people and organizations for anyone, including the U.S., to threaten it." The U.S. economy "is one of the best weapons we have in the technology war," Sander
continued. The U.S. market "is too big for foreign governments to ignore," which is why foreign companies continue doing business with the U.S. Concern has been expressed about invasions of privacy through
surveillance, but this issue is "a matter of policy" and there are differences in how citizens of different countries approach it, Sander pointed out. "In the EU and, to a lesser extent [Australia and New Zealand], privacy
is an issue at the ballot box so there are laws reflecting that." In the U.S., however, privacy "has yet to seriously break through as an issue, so there has been less motion," Sander remarked. Massive Cost to U.S.
Businesses In August of last year, the German government reportedly warned that Windows 8 could act as a Trojan when combined with version 2.0 of the Trusted Platform Module (TPM), a specification for a secure
cryptoprocessor. The TPM is included in many laptops and tablets, and the concern is that TPM 2.0 makes trusted computing functions mandatory rather than opt-in as before, meaning it can't be disabled. Further, it

The German government will end its contract


with Verizon; Brazil has decided to replace its fighter jets with ones made by Sweden's Saab instead of Boeing; and Web hosting firm Servint Corp. reported
a 30 percent decline in overseas business since the NSA leaks first made news in June 2013. "There is both diplomatic and economic backlash against these tactics," Robyn Greene,
can let Microsoft establish a backdoor into the device it's in. Microsoft's response was that OEMs can turn off the TPM in x86 computers.

policy counsel at New America's Open Technology Institute, told the E-Commerce Times. It's difficult to establish an exact dollar amount, but "experts have estimated that losses to the U.S. cloud industry alone could
reach (US)$180 billion over the next three years," Greene said. "Additionally, major U.S. tech companies like Cisco and IBM have lost nearly one-fifth of their business in emerging markets because of a loss of trust."
Foreign companies are using their non-U.S. status to advertise themselves as more secure or protective of privacy, Greene remarked. The Other Side of the Story On the other hand, Cisco's share of the service
provider router and carrier Ethernet market bounced back strongly after an unusually weak Q2, primarily because of a strong performance in the Asia-Pacific and the EMEA regions, SRG Research reported. "Cisco is
in a league of its own, with a global presence, credibility and product range that cannot be matched by its competitors," John Dinsdale, managing director and chief analyst at SRG, told the E-Commerce Times.
"When demand increases, there is only a rather short list of vendors who can satisfy it, and Cisco clearly has the strongest story to tell." In addition, the allegations that U.S. high-tech firms built backdoors into their

I have never seen any cooperation between U.S.-owned software or


hardware manufacturers to insert backdoors into their products for the use of the NSA ," Lieberman told the E-Commerce Times. "The damage that
such an inclusion would cause to the company that did so would be catastrophic and probably unrecoverable ." Rebuilding Faith and Trust With
products are not true, contended Philip Lieberman, president of Lieberman Software. "

its backdoors, the NSA "broke the foundational element of trust, and that's something very difficult to recover from. [It has] in effect destroyed the trusted and secure reputation of U.S. companies," said Neivert. "More
and more we will see U.S. tech companies focusing on distinguishing their products and services with heightened security offerings and working to achieve legislative reforms that would rein in [surveillance
practices]. That's the case with the Reform Government Surveillance Coalition and tech industry trade associations that represent thousands of companies," New America's Open Technology Institute's Greene
added.

Companies are being pressured into building backdoors into their products
Guiliani 15 (Neema Singh, legislative counsel with the American Civil Liberties Union Washington Legislative Office, focusing
on surveillance, privacy, and national security issues, Chief of Staffs Office at DHS, concentrating on national security and civil
rights issues, adjudicator in the Office of the Assistant Secretary for Civil Rights in the Department of Agriculture, graduate of
Brown University where she earned a BA in International Relations with a focus on global security and received her JD from
Harvard Law School in 2008, 7/9/15, https://www.aclu.org/blog/washington-markup/should-companies-be-forced-enablesurveillance-and-compromise-security) WZ
At a congressional hearing yesterday, the Department of Justice urged Congress to pressure companies to weaken encryption by creating a socalled backdoor into products. Thats in response to the increasing use of strong encryption in commercial technology that makes your information
inaccessible even to the companies whose tools you use. While the DOJ said they are not pursuing a mandatory backdoor for now they left the door open to this type of proposal in
the future.

US intelligence agencies are using backdoors to bypass encryptions


Greenwald et al 13 (Glenn, former columnist on civil liberties and US national security issues for the Guardian, exconstitutional lawyer, author of How Would a Patriot Act? (May 2006); A Tragic Legacy (June, 2007); and With Liberty and Justice
For Some: How the Law Is Used to Destroy Equality and Protect the Powerful. James Ball, special projects editor of the
Guardian. Julian Borger, the Guardian's diplomatic editor, previous correspondent in the US, the Middle East, eastern Europe
and the Balkans, author of The Butcher's Trail. Revealed: how US and UK spy agencies defeat internet privacy and security,
9/6/13, http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security) WZ
US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of
people to protect the privacy of their personal data , online transactions and emails, according to top-secret documents revealed by former contractor
Edward Snowden. The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet
companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or
governments. The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see
as one of the biggest threats to their ability to access huge swathes of internet traffic "the use of ubiquitous encryption across the internet". Those methods
include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute
force", and the most closely guarded secret of all collaboration with technology companies and internet service providers themselves. Through these covert
partnerships, the agencies have inserted secret vulnerabilities known as backdoors or trapdoors into commercial encryption software. The files,
from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica.
They reveal: A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through
internet cable taps newly "exploitable". The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly
influence" their product designs. The secrecy of their capabilities against encryption is closely guarded, with analysts warned: "Do not ask about or speculate on
sources or methods." The NSA describes strong decryption programs as the "price of admission for the US to maintain unrestricted access to and use of
cyberspace". A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and
Facebook. The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering. But

security experts accused them of attacking the internet itself and the privacy of all users. "Cryptography forms the basis for trust online," said Bruce Schneier, an
encryption specialist and fellow at Harvard's Berkman Center for Internet and Society. "By deliberately undermining online security in a short-sighted effort to
eavesdrop, the NSA is undermining the very fabric of the internet." Classified briefings between the agencies celebrate their success at "defeating network
security and privacy". "For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption
technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable." An internal
agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!" The breakthrough,
which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's
fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government. The key
component of the NSA's battle against encryption, its collaboration with technology companies, is detailed in the US intelligence community's top-secret 2013
budget request under the heading "Sigint [signals intelligence] enabling". Funding for the program $254.9m for this year dwarfs that of the Prism program,
which operates at a cost of $20m a year, according to previous NSA documents. Since 2011, the total spending on Sigint enabling has topped $800m. The
program "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs", the document states.
None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification. Among other things, the
program is designed to "insert vulnerabilities into commercial encryption systems ". These would be known to the NSA, but to no one else,
including ordinary customers, who are tellingly referred to in the document as "adversaries".

Back door surveillance enforced by courts- Lavabit proves


Jennifer Granick 10/17/13--- Director of Civil Liberties at the Stanford Center for Internet and Society. Previously, she was the Civil
Liberties Director at the Electronic Frontier Foundation. She earned her law degree from University of California, Hastings College of the Law
and her undergraduate degree from the New College of the University of South Florida. (Granick, We All Go Down Together: NSA Programs
Overseas Violate Americans Privacy, Yet Escape FISC, Congressional Oversight, Just Security. http://justsecurity.org/2125/together-nsaprograms-overseas-violate-americans-privacy-escape-fisc-congressional-oversight/)//ET
These practices by themselves they do not fit the FISA definition of electronic surveillance, though the acquisition of content or installation of surveillance devices
enabled by these techniques may. Theres no sign that Congress or the FISA court approved the NSAs NIST caper or its successful negotiations to ensure or
install backdoors in commercial products. No law that requires Internet companies to grant such access or empowers the government to
demand it. In 1994, Congress adopted the Communications Assistance for Law Enforcement Act (CALEA). CALEA was intended to preserve but not expand
law enforcement wiretapping capabilities by requiring telephone companies to design their networks to ensure a certain basic level of government access. The
Federal Bureau of Investigation pushed its powers under CALEA, however, and the law was expanded in 2005 by the Federal Communications Commission to
include broadband Internet access and interconnected VoIP services which rout calls over the traditional telephone network. Pure Internet services, however,
are not subject to CALEA. The FBI will seek to change that, but for now, nothing in CALEA prohibits these companies from building robustly secure products that
will protect their customers data from attacks. Yet, the Guardian reported that some companies have built or maintained backdoors allowing government access
to their services, and specifically identified Microsoft and its VoIP service, Skype. To the extent Skypes VoIP service operates peer-to-peer independent of the
traditional phone network, it is not subject to CALEA obligations. Yet, Microsoft said, in response to the Guardian report, when we upgrade or update
products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law
enforcement or national security request. Its unclear what those legal obligations might be, though some have pointed to the general

obligation of electronic communications service providers to provide the Government with all information, facilities, or assistance
necessary to accomplish the acquisition under section 702 of the FISA Amendments Act. Is the government is using that rather generic
provision of law to force creation or maintenance of technological vulnerabilities in communications networks? If so, Congress ought to know, and so should the
public which relies on these facilities for secure communications. The Lavabit case gives the public some idea of how the government has relied on
similar assistance provisions in the criminal pen register statute to force disclosure of master encryption keys , despite the absence
of any explicit obligation to do so. There, the FBI wanted secure email provider Lavabit to install a pen register to identify Internet traffic
addresses for one of the companys users. The system was engineered so that that information was encrypted and could not be obtained via pen
register. The government then asked Lavabit for its SSL key. However, disclosing the key would give the government access to
communications of all other Lavabit customers, as well as the targeted user. Lavabits owner, Lavar Levison, offered to collect the data for
the government, a compromise that would get the FBI the information it wanted without impacting the security of its other customers. Unappeased, the
government obtained a court order commanding Levison to travel from Texas to personally appear in a district court in Virginia to explain
his refusal to produce the key. It further secured a grand jury subpoena, which explicitly commanded Levison to appear before the
grand jury and bring with him Lavabits private keys. While Levison was traveling to appear pro se in district court, the government obtained a third
order, this time a search warrant, which again commanded Lavabit to hand over its private keys and also gagged Levison and the company
from telling anyone that the government had done so. The District Court ruled against Levison and gave him 24 hours to comply. At that point,
Levison closed down Lavabits services. Lavabit has now retained appellate attorneys and challenged the Court orders in the Fourth Circuit. Thanks to Levisons
decision to shut his doors rather than comply, we may one day get a public hearing on the legitimacy of this underground government practice. It appears there
was no secret review in the FISC or in Congress.

The NSA paid the RSA $10 million for backdoor access
Glaser 14 (April, writer and activist who works on a wide range of digital rights issues, After NSA Backdoors, Security Experts
Leave RSA for a Conference They Can Trust, 1/30/14, https://www.eff.org/deeplinks/2014/01/after-nsa-backdoors-securityexperts-leave-rsa-conference-they-can-trust) WZ
We thought we won the Crypto Wars, the fight to make strong encryption accessible to all, in the 1990s.1 We were wrong. Last month, Reuters broke news about
a deal struck between the popular computer security firm RSA and the National Security Agency. RSA reportedly accepted $10 million from

NSA to make Dual_EC_DRBGan intentionally weakened random number generatorthe default in its widely used BSAFE
encryption toolkit. RSA encryption tools are an industry standard used by large tech companies and individuals alike, to protect hundreds
of millions of people by encrypting our daily online interactions . We trust RSAs encryption every time we rely on the security of our
communications, including our email, financial and e-commerce transactions, medical and legal records, web searches, airplane traffic communications, text
messages, and phone calls. Without trustworthy encryption, safe business transactions are impossible and speech is chilled . The
allegation of the $10 million RSA/NSA deal compounded with leaks earlier in the year about NSAs efforts to sabotage global cryptography has lead some
speakers to withdraw from the 2014 RSA Conference in San Francisco, which attracts some 25,000 attendees each year. Nine speakers have canceled their
coveted slots and many have chosen to speak instead at TrustyCon, an alternative conference started this year to provide a platform for speakers who protest
RSA and NSA's long-standing collaboration. At the same time and around the corner from the RSA Conference in San Francisco, TrustyCon is a Trustworthy
Technology Conference organized by DEF CON, EFF, and iSEC Partners. All proceeds from TrustyCon will be donated to the Electronic Frontier Foundation to
support our work against illegal and unethical government surveillance all over the world.

Government coercion for backdoors is the biggest threat bypasses encryption


Christopher Soghoian Ph.D 06 (Principal Technologist with the Speech, Privacy, and Technology Project at the American
Civil Liberties Union. He is also a Visiting Fellow at Yale Law School's Information Society Project. Caught in the Cloud: Privacy,
Encryption, and Government Back Doors in the Web 2.0 Era Privacy and Law Enforcement pg. 423
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1421553)CK
Government agencies can now leverage economies of scale, and take advantage of the fact that the user no longer needs to be
consulted or notified before her data is seized. In many cases, due simply to the reality that a single company is responsible for
storing private data for millions of users, the government can obtain data on an additional individual at almost no cost. That is,
the cost of adding one more person to the subpoena is free. While the ease of government access made possible by the third
party doctrine is certainly troubling, the use of data encryption and strict adherence to no-logging policies can act as a significant
balance against this power. Were the third party doctrine to be done away with, the threats of hackers breaking into a companys
servers and insiders peeking at a users files would still remainencryption is a technique that provides protection against all of
these threats. As I have documented at length, the real threat to end-user privacy is the ease with which the government can
force an application provider to insert a backdoor or flaw in its own products. While this is certainly a risk that existed pre-cloud
computing, it has been made more effective, and more difficult to discover through the shift to cloud-delivered software. The
government can order a change, and the next day, every user of a service specified in the governments order will be running
code with that backdooran efficiency of adoption that was never possible before. This is not an easy problem to solve, and the
solutions I have proposed are by no means comprehensive. Until these or other solutions have been implemented and deployed,
consumers should exercise significant caution when using cloud-based tools to edit files that they wish to keep private. In the
cloud, the government is just one subpoena away.

Data encryption can be bypassed through backdoors Government coerces companies for key
Christopher Soghoian Ph.D 06 (Principal Technologist with the Speech, Privacy, and Technology Project at the American
Civil Liberties Union. He is also a Visiting Fellow at Yale Law School's Information Society Project. Caught in the Cloud: Privacy,
Encryption, and Government Back Doors in the Web 2.0 Era Privacy and Law Enforcement pg. 417
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1421553)CK
Let us now go back to our earlier hypothetical scenario in which all cloud services have switched to data encryption with a key
private to the user. In this situation, the government will not be able to use a subpoena to force the revelation of a users private
files, since the service provider will only possess encrypted data. However, it may be possible for the government to force that
company to place a backdoor in its web-based product in order to steal the users encryption key. As an example, when the user
enters her password in to the encryption enhanced Google Docs web application, instead of keeping the password in local
memory on her computer, a copy of it will be silendy recorded and later transmitted to a FBI server. While market forces might be
able to neutralize the privacy problems associated with the third party doctrine by encouraging the use of encryption, there are
no readily available market forces or technology that can protect a company from a lawful order compelling that firm to insert a
backdoor into its own products. To make matters worse, the move to cloud computing increases the amount of private
information available at risk of covert government capture, and, as this next section will explain, also makes it significantly easier
for companies to deploy these compelled backdoors.

Cloud computing allows encryption to be bypassed new software updates enable backdoor installation
Christopher Soghoian Ph.D 06 (Principal Technologist with the Speech, Privacy, and Technology Project at the American
Civil Liberties Union. He is also a Visiting Fellow at Yale Law School's Information Society Project. Caught in the Cloud: Privacy,

Encryption, and Government Back Doors in the Web 2.0 Era Privacy and Law Enforcement pg. 420
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1421553)CK
Finally, most cloud providers know a significant amount more about their customers than traditional software companies. Unless
a customer has given a false name, email providers and social networking companies know who their customers are as well as
the names and contact information for their friends. As a result, if law enforcement agencies serve a subpoena in order to obtain
the files for a specific customer, most cloud computing providers know exactly which account to target. This shift in the
effectiveness of software updates and the ease of customer identification significantly weakens the ability of cloud providers to
protect their customers privacy with encryption. While Google could add encryption to its Docs application, the company could
just as easily be forced to add a back door in to the browser code which would steal the users key. As I have just explained, this
would be automatically downloaded and executed the next time that the user logged in, with no way for her to avoid the update,
or even know that it was applied. Furthermore, because of the fact that Google typically knows which particular user account an
individual is using, it can issue the backdoor-laced update to only that user. Essentially, cloud computing makes it far easier for
companies to force out covert backdoors with surgical precision to only those persons who the government has targeted.

Encryption alone cannot solveGovernment can coerce companies to give it keys


Christopher Soghoian Ph.D 06 (Principal Technologist with the Speech, Privacy, and Technology Project at the American
Civil Liberties Union. He is also a Visiting Fellow at Yale Law School's Information Society Project. Caught in the Cloud: Privacy,
Encryption, and Government Back Doors in the Web 2.0 Era Privacy and Law Enforcement pg. 384
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1421553)CK
The second part of this article will be arranged as follows: It will first explore the changing market dynamics which have made
large-scale surveillance of electronic communications both easy and cheap for the government. As a result, the marginal cost of
watching one more person has now dropped to essentially nothing. It will then briefly explore the third party doctrine, which is the
primary legal doctrine which the Government relies on to force the disclosure of user information held by third parties,
neutralizing the traditional Fourth Amendment protection offered to peoples personal documents and papers. The solution to the
privacy problems posed by the third-party doctrine is actually rather simple-the mass deployment of encryption by software
manufacturers and service providers. However, encryption alone is not the answer. This is due to government's lawful powers of
coercion, through which it can compel service providers to insert back doors in their own products, circumventing the encryption
that would otherwise protect their customers' data. The core of this article will focus on this issue, and the way that this power to
force the insertion of back doors can be applied to the providers of cloud computing services.

--xt mandate coming


Mandate coming Obama will follow the FBIs lead
Jaycox and Scheon 13
Mark Jaycoz (is a Legislative Analyst for EFF. His issues include user privacy, civil liberties, surveillance
law, and "cybersecurity." When not reading legal or legislative documents, Mark can be found reading
non-legal and legislative documents, exploring the Bay Area, and riding his bike. He was educated at
Reed College, spent a year abroad at the University of Oxford (Wadham College), and concentrated in
Political History. The intersection of his concentration with advancing technologies and the law was
prevalent throughout his education, and Mark's excited to apply these passions to EFF. Previous to
joining EFF, Mark was a Contributor to ArsTechnica, and a Legislative Research Assistant for LexisNexis.
[Seth Schoen has worked at EFF over a decade, creating the Staff Technologist position and helping
other technologists understand the civil liberties implications of their work, EFF staff better understand
technology related to EFF's legal work, and the public understand what products they use really do. He
helped create the LNX-BBC live CD and has researched phenomena including laser printer forensic
tracking codes, ISP packet spoofing, and key recovery from computer RAM after a computer has been
turned off. He has testified before the U.S. Copyright Office, U.S. Sentencing Commission, and in
several courts.] https://www.eff.org/about/staff/seth-schoen)
According to the New York Times, President Obama is "on the verge of backing" a proposal by the FBI to introduce
legislation dramatically expanding the reach of the Communications Assistance for Law Enforcement Act , or CALEA.
CALEA forces telephone companies to provide backdoors to the government so that it can spy on users
after obtaining court approval, and was expanded in 2006 to reach Internet technologies like VoIP. The

new proposal reportedly allows the FBI to listen in on any conversation online, regardless of the technology used, by mandating
engineers build "backdoors" into communications software. We urge EFF supporters to tell the administration now to stop this
proposal, provisionally called CALEA II. The rumored proposal is a tremendous blow to security and privacy and is based on
the FBI's complaint that it is "Going Dark," or unable to listen in on Internet users' communications. But
the FBI has offered few concrete examples and no significant numbers of situations where it has been stymied by communications technology
like encryption. To the contrary, with the growth of digital communications, the FBI has an unprecedented
level of access to our communications and personal data; access which it regularly uses. In an age
where the government claims to want to beef up Internet security, any backdoors into our
communications makes our infrastructure weaker.

The FBI is urging Congress to pass a backdoor mandate


Timm 14 (Trevor, Guardian US columnist and executive director of the Freedom of the Press Foundation, The government
wants tech companies to give them a backdoor to your electronic life , 10/17/14,
http://www.theguardian.com/commentisfree/2014/oct/17/government-internet-backdoor-surveillance-fbi) WZ
FBI director James Comey wants a US government-mandated backdoor into your iPhone and your Google account. But Comey doesnt want to call his
proposed privacy invasion a backdoor. He doesnt understand how it would work. And he expects everyone who has been horrified by the NSAs mass
surveillance to just sit back, weaken their personal security and trust that the government will never abuse it. Comey is currently on a media blitz, decrying Apple
and Googles long overdue decision that enables encryption by default on updated iPhone and Android devices. Apple and Google have made it so that
everyones phone is encrypted by the passcode each user sets up, so that when someone steals your phone (or the cops seize it), no one will be able to open
the contents besides you. Not even Apple or Google will have the key or, in other words, a backdoor to access information youve encrypted. We know theres
no real need to worry about Apple and Androids move: law enforcement has a half-dozen other ways to get at all the data out of your phone if it needs to solve
actual crimes. This is just a basic security protection that, if implemented by Facebook, Gmail, text messaging apps and others, could go a long way to solving
Americas cybersecurity problem. And it would leave everyone living in countries with authoritarian governments like those in Egypt, Saudi Arabia, China or
Russia from having to worry about being spied on. But Jim Comey, like the NSA, sees encryption for the masses as the enemy not the type of tool that keeps
your medical and bank records safe. He was on 60 Minutes this week calling Apple and Googles decision a threat to national security, and, on Thursday, he
gave his first major speech as FBI director, which focused entirely on the dangers of people controlling their own security. Right now, the current US law
governing this subject specifically says that what Apple and Google are doing is perfectly legal. If their encryption systems are designed so that only the user has
the key, the law says, then the companies have no obligation to hand over data to the police. But Comey wants Congress to pass a new law
mandating that all tech companies build backdoors or lawful intercept capabilities, as the government likes to call it into all their systems,
so there will always be a technical hole in the system that the FBI can exploit to read your emails if they hand the company a court
order.

FBI is calling for companies to build back doors


Insider Surveillance 14 (most widely read source of information on surveillance technologies for law enforcement,
government agencies, military intelligence, communications companies and technology leaders who together safeguard national

security and protect the public from criminals and terrorists, followed by members in over 130 nations, Will Apple iOS 8
Encryption Spur Demand for Lawful Intercept? 10/17/14, http://insidersurveillance.com/will-apple-ios8-encryption-spur-demandlawful-intercept/) WZ
When FBI Director James Comey took the podium in a recent public forum on going dark, all in attendance agreed that Apple iOS 8 encryption and other
measures designed to render mobile devices impenetrable will make it far more difficult for law enforcement to gather evidence essential to prosecuting
criminals. But the one point no one, including Comey, thought to address: how the near impossibility of cracking mobile devices may drive police to rely more
heavily on the tried and true alternative: more frequent recourse to court orders for lawful intercept under the Communications Assistance for Law Enforcement
Act (CALEA). Comeys appearance in a special event held Oct. 16, 2014 at the Brookings Institution in Washington, D.C. was triggered by the recent moves of
Apple and Google to add stronger encryption to operating systems for iOS and Android mobile devices. The companies decision, widely interpreted in many
quarters as the latest tech sector reaction against surveillance in the post-Snowden era, has for weeks fueled protests from the FBI and other law enforcement
agencies. Comey led the chorus Thursday, citing examples of how the ability to comb data from phones seized during arrests has led to the successful
prosecution of murderers, drug lords, pedophiles, kidnappers and other bad actors. Apples and Googles new strong encryption padlocks on iPhones and
Androids, he added, will essentially eliminate the possibility of conducting forensics on mobile devices, taking LEAs from dark to black in the struggle to keep
pace with criminals that leverage technology to stay one step ahead of the police. However, as a solution, Comey called for a change in CALEA that will most
assuredly be a non-starter with the tech industry, consumers and lawmakers alike: a new statute requiring equipment manufacturers to provide
front doors in mobile devices, allowing law enforcement agents to unlock encrypted iPhones, iPads and Android devices, when needed, to find evidence.
Comey further suggested that the encryption keys for each device sold be stored by mobile operators. There are inherent back doors, tech jargon for a builtin weakness, in both arguments. Confusion over Smart Device Encryption During his presentation, Comey repeatedly made reference to the front door concept
before conceding that he didnt care whether theyre called front doors or back doors he simply wanted lawful intercept capability built-in to all
mobile devices. That cleared the air a bit, but also exposed the basic flaw in his line of reasoning. To wit, there is no distinction between a front
and back door. They are one and the same: the ability to install a deliberate weakness in a system that can be readily hacked or accessed.

The FBI is requesting backdoor mandates and for an update to CALEA


Macri 14 (Giuseppe, tech editor for The Daily Caller, FBI Asks Congress For Backdoor Access To All Cellphones For
Surveillance, 10/20/14, http://dailycaller.com/2014/10/20/fbi-asks-congress-for-backdoor-access-to-all-cellphones-forsurveillance/) WZ
FBI Director James Comey is asking Congress to force smartphone developers into building backdoors into all devices for law
enforcement surveillance a response to new customer data encryption standards adopted by Apple and Google. The FBI has a
sworn duty to keep every American safe from crime and terrorism, and technology has become the tool of choice for some very
dangerous people, Comey said while speaking at the Brookings Institution last Thursday, Homeland Security News Wire reports.
Unfortunately, the law hasnt kept pace with technology, and this disconnect has created a significant public-safety problem.
Law enforcement heads at all levels across the country, including Attorney General Eric Holder, have criticized Google and Apple
since the companies announced new encryption standards for smartphone users, which law enforcement reps argue will make it
easier for criminals especially pedophiles trading in child pornography to evade arrest. Now Comey is asking Congress to
update the 1994 Communications Assistance for Law Enforcement Act (CALEA) which mandates that telephone companies
build wiretap access into their traditional networks to include digital and Internet communications, and provide direct access to
authorities.

FBI wants backdoors now


McLaughlin, reporter on surveillance and national security, 15 (Jenna McLaughlin, reporter on surveillance and
national security, The Intercept, FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption Dilemma,
7/8/15, https://firstlook.org/theintercept/2015/07/08/fbi-director-comey-proposes-imaginary-solution-encryption/)//EM
Testifying before two Senate committees on Wednesday about the threat he says strong encryption presents to law enforcement,
FBI Director James Comey didnt so much propose a solution as wish for one. Comey said he needs some way to read and listen to any
communication for which hes gotten a court order. Modern end-to-end encryption increasingly common following the revelations of mass surveillance
by NSA whistleblower Edward Snowden doesnt allow for that. Only the parties on either end can do the decoding . Comeys problem is the
nearly universal agreement among cryptographers, technologists and security experts that there is no way to give the government
access to encrypted communications without poking an exploitable hole that would put confidential data, as well as entities
like banks and power grids, at risk . But while speaking at Senate Judiciary and Senate Intelligence Committee hearings on Wednesday, Comey
repeatedly refused to accept that as reality . A whole lot of good people have said its too hard maybe thats so, he said to the Intelligence
Committee. But my reaction to that is: Im not sure theyve really tried. In a comment worthy of climate denialists, Comey told one senator: Maybe the scientists
are right. Ennnh, Im not willing to give up on that yet. He described his inability to make a realistic proposal as the act of a humble public servant. Were trying
to show humility to say we dont know what would be best. Comey said American technologists are so brilliant that they surely could come up with a solution if
properly incentivized. Julian Sanchez, a senior fellow at the Cato Institute, was incredulous about Comeys insistence that experts are wrong: How does his
head not explode from cognitive dissonance when he repeats he has no tech expertise, then insists everyone who does is wrong? he tweeted during the
hearing. Prior to the committee hearings, a group of the worlds foremost cryptographers and scientists wrote a paper including complex
technical analysis concluding that mandated backdoor keys for the government would only be dangerous for national security .
This is the first time the group has gotten back together since 1997, the previous instance in which the FBI asked for a technical backdoor into communications.

But no experts were invited to testify, a fact that several intelligence committee members brought up, demanding a second hearing to hear from them.
Comey got little pushback from the panel, despite his lack of any formal plan and his denial of science. Sen. Martin Heinrich, D-N.M., thanked him for his display
of humility in not presenting a solution, while Committee Chairman Richard Burr, R-N.C., said I think you deserve a lot of credit for your restraint. Comey at
one point briefly considered the possibility of a world not like the one he imagined, then concluded: If thats the case, then I think were stuck.

The FBI is pushing for backdoors


Ackerman 15 (Spencer, national security editor for Guardian US, former senior writer for Wired, 2012 National Magazine
Award for Digital Reporting, FBI chief wants 'backdoor access' to encrypted communications to fight Isis; Experts warn that
'magical thinking' of a security flaw only the US government could exploit could easily be utilized by hackers, foreign spies and
terrorists, 7/8/15, http://www.theguardian.com/technology/2015/jul/08/fbi-chief-backdoor-access-encryption-isis) WZ
In a twin pair of appearances before the Senate's judiciary and intelligence committees on Wednesday, James Comey testified that Isis's use of end-toend encryption, whereby the messaging service being used to send information does not have access to the decryption keys of those who receive it, helped
the group place a "devil" on the shoulders of potential recruits "saying kill, kill, kill, kill". Comey said that while the FBI is thus far disrupting Isis
plots, "I cannot see me stopping these indefinitely". He added: "I am not trying to scare folks." Since October, following Apple's decision to bolster its mobiledevice security, Comey has called for a "debate" about inserting "back doors " - or "front doors", as he prefers to call them - into encryption
software, warning that " encryption threatens to lead us all to a very, very dark place ". But Comey and deputy attorney general Sally Quillian Yates testified
that they do not at the moment envision proposing legislation to mandate surreptitious or backdoor access to law enforcement. Both said they did not wish the
government to itself hold user encryption keys and preferred to "engage" communications providers for access, though technicians have stated that what Comey
and Yates seek is fundamentally incompatible with end-to-end encryption. Comey, who is not a software engineer, said his response to that was: "Really?" He
framed himself as an advocate of commercial encryption to protect personal data who believed that the finest minds of Silicon Valley can invent new modes of
encryption that can work for US law enforcement and intelligence agencies without inevitably introducing security flaws. While the FBI director did not specifically
cite which encrypted messaging apps Isis uses, the Guardian reported in December that its grand mufti used WhatsApp to communicate with his former mentor.
WhatsApp adopted end-to-end encryption last year. "I think we need to provide a court-ordered process for obtaining that data," said Dianne
Feinstein, the California Democrat and former intelligence committee chair who represents Silicon Valley . But Comey's campaign against
encryption has run into a wall of opposition from digital security experts and engineers. Their response is that there is no technical way to insert a back door into
security systems for governments that does not leave the door ajar for anyone - hackers, criminals, foreign intelligence services - to exploit and gain access to
enormous treasure troves of user data, including medical records, financial information and much more. The cybersecurity expert Susan Landau, writing on the
prominent blog Lawfare, called Comey's vision of a security flaw only the US government could exploit " magical thinking ". Comey is aided in his fight against
encryption by two allies, one natural and the other accidental. The natural ally is the National Security Agency director, Michael Rogers, who in February sparred
with Yahoo's chief of information security when the Yahoo official likened the anti-crypto push to " drilling a hole in the windshield ", saying: "I just believe that this
is achievable. We'll have to work our way through it." The Guardian, thanks to Edward Snowden's disclosures, revealed in September 2013 that the NSA
already undermines encryption. The less obvious ally is China, whom the FBI blamed last month for stealing a massive hoard of federal personnel data. In
May, China unveiled a national security law calling for " secure and controllable " technologies, something US and foreign companies fear is a prelude to a
demand for backdoor entry into companies' encryption software or outright provision of encryption keys. Without ever mentioning his own FBI director's and NSA
director's similar demands, Barack Obama castigated China's anti-encryption push in March. Obama has also declined to criticize efforts in the UK, the US's
premier foreign ally, to undermine encryption. Prime minister David Cameron is proposing to introduce legislation in the autumn to force companies such as
Apple, Google and Microsoft to provide access to encrypted data. Under questioning from some skeptical senators, Comey made a number of concessions.
When Ron Wyden, an Oregon Democrat, asked if foreign countries would attempt to mandate similar access, Comey replied, "I think they might." The director
acknowledged that foreign companies, exempt from any hypothetical US mandate, would be free to market encryption software. In advance of Comey's
testimony, several of the world's leading cryptographers, alarmed by the return of a battle they thought won during the 1990s "Crypto Wars", rejected the effort as
pernicious from a security perspective and technologically illiterate. A paper they released on Tuesday, called "Keys Under Doormats", said the transatlantic effort
to insert backdoors into encryption was "unworkable in practice, raise[s] enormous legal and ethical questions, and would undo progress on security at a
time when internet vulnerabilities are causing extreme economic harm".

The FBI is severely opposing encryption


Hern 15 (Alex, technology reporter for the Guardian, FBI anti-terror official calls on tech firms to 'prevent encryption above all
else', 6/5/15, http://www.theguardian.com/technology/2015/jun/05/fbi-anti-terror-tech-firms-encryption)
The FBI has again waded into the debate around encryption, with the bureau's assistant director of counterterrorism telling the US
congress that tech companies should "prevent encryption above all else". Michael Steinbach, speaking at a hearing before the House
Homeland Security Committee, explained how the the FBI uses technology to track and intercept supporters of Isis in the Middle East and elsewhere. When Isis
supporters communicate using social media, it's easy for law enforcement to intercept: in one recent incident, the USAF boasted of "a post on social media to
bombs on target in less than 24 hours". But when the communication is done through encrypted channels, rather than in public, the FBI and others have a
much harder time intercepting it. That led Steinbach to appeal to the companies building encryption products. "There are 200-plus social media companies.
Some of these companies build their business model around end-to-end encryption," Steinbach said. "When a company, a communications company or a ISP
or social media company elects to build in its software encryption, end-to-end encryption, and leaves no ability for even the company to access that, we don't
have the means by which to see the content", he added. "When we intercept it, we intercept encrypted communications. So that's the challenge: working
with those companies to build technological solutions to prevent encryption above all else . "We are striving to ensure appropriate, lawful
collection remains available." Steinbach insisted that he wasn't asking for a "back door" to be built into encryption products, telling legislators that "we're not
looking at going through a back door or being nefarious." But security experts have long argued that the nature of encryption is such that there can
be no middle ground between encryption which is unbreakable to all , including law enforcement, or encryption which contains some
sort of flaw that can be used by anyone who knows of its existence , whether or not they are law enforcement. An increasing number of

communications products have "end-to-end" encryption, meaning even the company that produces the software can't break the encryption on messages sent
between its customers. Apple's iMessage network and Facebook's WhatsApp both use end-to-end encryption, for instance, while Google's competing Hangouts
product does not. Steinbach's comments echo those of his boss, FBI director James Comey, who in March asked Congress to pass a law that would force tech
firms to create a backdoor in any tool that uses encryption. "Tech execs say privacy should be the paramount virtue," Comey said then, "When I hear that I close
my eyes and say try to image what the world looks like where paedophiles can't be seen, kidnapper can't be seen, drug dealers can't be seen." "To have a zone
of privacy that's outside the reach of law is very concerning," Comey added. In May, Apple, Google and other tech firms wrote an open letter to the Obama
administration urging it to preserve strong encryption against pressure from agencies like the FBI. The letter argued that " strong encryption is the
cornerstone of the modern information economy's security," and that the government should "fully support and not undermine efforts to create
encryption standards [nor] in any way subvert, undermine, weaken or make vulnerable" commercial software.

SOLVENCY SECURE DATA ACT

FYI Bill Text


Here is the relevant text of the bill
US Senate 15 (The Senate of the United States, 114th Congress S. 135 Secure Data Act of 2015, read on 1/8/15,
https://www.congress.gov/bill/114th-congress/senate-bill/135/text)ML
no agency may mandate that a manufacturer, developer, or seller of covered
products design or alter the security functions in its product or service to allow the surveillance of any user of such
product or service, or to allow the physical search of such product, by any agency.

(a) In General.Except as provided in subsection (b),

SDA solves
The Secure Data Act is key to both cybersecurity and tech industry growth
McQuinn 14 (Alan, Research Assistant with the Information Technology and Innovation Foundation. His research areas
include a variety of issues related to information technology and Internet policy, such as cybersecurity, privacy, virtual currencies,
e-government, Internet governance, and commercial drones. The Secure Data Act could help law enforcement protect against
cybercrime, 12/19/2014, http://thehill.com/blogs/congress-blog/technology/227594-the-secure-data-act-could-help-lawenforcement-protect-against)ML
Last Sunday, Sen. Ron Wyden (D-Ore.) wrote an op-ed describing the role that U.S. law enforcement should play in fostering stronger data encryption to make
information technology (IT) systems more secure. This op-ed explains Wydens introduction of the the Secure Data Act, which would prohibit the
government from mandating that U.S. companies build backdoors in their products for the purpose of surveillance. This legislation
responds directly to recent comments by U.S. officials, most notably the Federal Bureau of Investigation (FBI) Director James Comey, chastising Apple and
Google for creating encrypted devices to which law enforcement cannot gain access. Comey and others have argued that U.S. tech companies should design a
way for law enforcement officials to access consumer data stored on those devices. In this environment, the Secure Data Act is a homerun for
security and privacy and is a good step towards reasserting U.S. competitiveness in building secure systems for a global market .
By adopting its position on the issue the FBI is working against its own goal of preventing cybercrime as well as broader government efforts to improve
cybersecurity. Just a few years ago, the Bureau was counseling people to better encrypt their data to safeguard it from hackers. Creating backdoor access

for law enforcement fundamentally weakens IT systems because it creates a new pathway for malicious hackers, foreign
governments, and other unauthorized parties to gain illicit access . Requiring backdoors is a step backwards for companies
actively working to eliminate security vulnerabilities in their products . In this way, security is a lot like a ship at sea, the more holes
you put in the systemgovernment mandated or notthe faster it will sink. The better solution is to patch up all the holes in the system
and work to prevent any new ones. Rather than decreasing security to suit its appetite for surveillance, the FBI should recognize
that better security is needed to bolster U.S. defenses against online threats . The Secure Data Act is an important step in that
direction because it will stop U.S. law enforcement agencies from requiring companies to introduce vulnerabilities in their products. If this bill is enacted, law
enforcement will be forced to use other means to solve crimes, such as by using metadata from cellular providers, call records, text messages, and even oldfashioned detective work. This will also allow U.S. tech companies, with the help of law enforcement, to continue to strengthen their systems,
better detect intrusions, and identify emerging threats. Law enforcement, such as the recently announced U.S. Department of Justice
Cybersecurity Unita unit designed solely to deter, investigate, and prosecute cyber criminals, should work in cooperation with the private
sector to create a safer environment online. A change of course is also necessary to restore the ability of U.S. tech companies to
compete globally, where mistrust has run rampant following the revelations of mass government surveillance . With the 113th
Congress at an end, Wyden has promised to reintroduce the Data Secure Act again in the next Congress. Congress should move expediently to
advance Senator Wydens bill to promote security and privacy in U.S. devices and software. Furthermore, as Congress marks up the
legislation and considers amendments, it should restrict not just government access to devices, but also government control of those
devices. These efforts will move the efforts of our law enforcement agencies away from creating cyber vulnerabilities and allow electronics manufacturers to
produce the most secure devices imaginable.

SDA solves cybersecurity


The Secure Data Act is the best way to keep data safe
Wyden 14 (Ron, Senior Senator of Oregon, Member of the Congressional Internet Caucus and United States Senate Select
Committee on Intelligence, from a press conference, Wyden Introduces Bill To Ban Government-Mandated Backdoors Into
Americans Cellphones and Computers, 12/4/14 http://www.wyden.senate.gov/news/press-releases/wyden-introduces-bill-toban-government-mandated-backdoors-into-americans-cellphones-and-computers)ML
Washington, D.C. U.S. Senator Ron Wyden, D-Ore., today introduced the Secure Data Act to protect Americans privacy and data security.
The bill prohibits government mandates to build backdoors or security vulnerabilities into U.S. software and electronics. U.S.
government officials have recently proposed to compel companies to build backdoors in the security features of their products.
These proposals threaten to undermine the development and deployment of strong data security technologies and the
overwhelming economic and national security interest in better data security. Strong encryption and sound computer
security is the best way to keep Americans data safe from hackers and foreign threats. It is the best way to protect our
constitutional rights at a time when a persons whole life can often be found on his or her smartphone. And strong computer
security can rebuild consumer trust that has been shaken by years of misstatements by intelligence agencies about mass surveillance of Americans,
Wyden said. This bill sends a message to leaders of those agencies to stop recklessly pushing for new ways to vacuum up
Americans private information, and instead put that effort into rebuilding public trust . Government-driven technology
mandates to weaken data security for the purpose of aiding government investigations would compromise national
security, economic security and personal privacy: Cyber vulnerabilities weaken cybersecurity. Once a backdoor is built in a security
system, the security of the system is inherently compromised. For example, in 2005 it was revealed that an unknown entity had exploited a lawful
intercept capability built into Greek cellphone systems and had used it to listen to users phone calls, including those of dozens of senior government officials.
Technology mandates thwart innovation. Companies have less incentive to invest in the development and deployment of strong new

data security technologies if they are required to compromise them from the outset. Mandating weak security would further erode
trust in American products and services. Information technology companies are working to regain the trust of consumers upset by
revelations of government intrusions into their personal communications. A mandate requiring companies to facilitate additional
government surveillance would undermine those efforts. Senator Wydens legislation builds on a bipartisan effort in the U.S. House of
Representatives, which approved an amendment by Reps. Thomas Massie, R-Ky., and Zoe Lofgren, D-Calif., to prohibit electronic vulnerability mandates on a
293-123 vote in June 2014.

SDA solves economy


SDA solves for US jobs by rebuilding international trust
Sensenbrenner 15 ( James, Representative for Wisconsin, Chairman of the Crime, Terrorism, Homeland Security and
Oversight Subcommittee, Sensenbrenner, Massie & Lofgren Introduce Secure Data Act, news release, 2/4/2015,
http://search.proquest.com.proxy.lib.umich.edu/pqrl/docview/1651527976/BFCE0D85596F4F28PQ/3?accountid=14667)ML
"Congress has allowed the Administration's surveillance authorities to go unchecked by failing to enact adequate reform. Last Congress, the
Massie-Sensenbrenner-Lofgren amendment garnered support from an overwhelming bi-partisan majority in the House as a provision to the Defense
Appropriations bill, but unfortunately, was not included in the Cromnibus. With threats to our homeland ever prevalent, we should not tie the hands of the
intelligence community. But unwarranted, backdoor surveillance is indefensible . The Secure Data Act is an important step in rebuilding
public trust in our intelligence agencies and striking the appropriate balance between national security and civil liberty ." It has been
widely reported that US intelligence and law enforcement agencies have requested or required individuals and organizations build a
"backdoor" into their product or service to assist in unwarranted electronic surveillance. However, on more than one occurrence,

major security flaws have been found in these "backdoors" that put the data security of every person and business using the
internet at risk. For example, a software testing firm found serious backdoor vulnerabilities in wiretapping software for law enforcement made by Israeli
software firm NICE Systems in 2013 that allowed hackers to completely compromise their system and listen to intercepted phone calls. If a backdoor is
created for law enforcement and intelligence surveillance, past experience has shown it's only a matter of time before hackers
exploit it too. These "backdoors" can also be detrimental to American jobs. Other countries buy less American hardware and
software and favor their domestic suppliers in order to avoid compromised American products. The Secure Data Act fixes this by
prohibiting any agency from requesting or compelling backdoors in services and products to assist with electronic surveillance.

SDA signaling alone solves trust


Wyden 14 (Ron, Senior Senator of Oregon, Member of the Congressional Internet Caucus and United States Senate Select
Committee on Intelligence, from a press conference, Wyden Introduces Bill To Ban Government-Mandated Backdoors Into
Americans Cellphones and Computers, 12/4/14 http://www.wyden.senate.gov/news/press-releases/wyden-introduces-bill-toban-government-mandated-backdoors-into-americans-cellphones-and-computers)ML
"Strong computer security can rebuild consumer trust that has been shaken by years of misstatements by intelligence agencies
about mass surveillance of Americans," Wyden said in a statement. "This bill sends a message to leaders of those agencies to stop
recklessly pushing for new ways to vacuum up Americans' private information, and instead put that effort into rebuilding public
trust." Files leaked by former NSA contractor Edward Snowden show the US government's widespread ability to access company networks and devices to
collect information. Several technology companies have said that they were either unaware of the access the government had or did not allow for it unless
otherwise required by law or warrant. Apple and Google, among others, have gone so far as to say that they will encrypt their products so no one -- including the
government or the companies themselves -- will be able to access data.

SDA solves security and economic risks from backdoors


Eggerton 15 (John, Washington Bureau Chief at Reed Business Info, 2/4/15, Bill Would Prevent Surveillance Back Doors,
http://www.broadcastingcable.com/news/washington/bill-would-prevent-surveillance-back-doors/137722)ML
A trio of lawmakers representing both sides of the aisle has introduced the Secure Data Act, which would prohibit agencies from requiring that
products and services contain surveillance "back doors." Those are built-in ways for government to bypass data security protections in order to
collect information, but the legislators are concerned others could exploit that back door. A similar bill passed in the House last year but did not make it
into law. The bill is co-sponsored by Jim Sensenbrenner (R- Wis.), Thomas Massie (R- Ky.) and Zoe Lofgren (D-Calif.), who said of the legislation: "Last
Congress, the Massie-Sensenbrenner-Lofgren amendment garnered support from an overwhelming bi-partisan majority in the House as a provision to the
Defense Appropriations bill, but unfortunately, was not included in the CRomnibus. With threats to our homeland ever prevalent, we should not tie

the hands of the intelligence community. But unwarranted, backdoor surveillance is indefensible. The Secure Data Act is an
important step in rebuilding public trust in our intelligence agencies and striking the appropriate balance between national
security and civil liberty. They also point out that such backdoors could hurt the economy, saying that other countries would buy
less hardware and software to avoid the back door-compromised products.

SDA solves public trust


The Secure Data Act would prohibit government agencies from requiring backdoors
Hammond 15 (Brian, "Secure Data Act would bar government from requiring surveillance 'backdoors'." Cybersecurity Policy
Report 9, 2/9/15, http://go.galegroup.com.proxy.lib.umich.edu/ps/i.do?p=ITOF&u=lom_umichanna&id=GALE|
A402050594&v=2.1&it=r&userGroup=lom_umichanna&authCount=1) WZ
New legislation introduced in the House would prohibit government agencies from requiring or compelling the inclusion of surveillance
"backdoors" in products and services. The Secure Data Act of 2015 was introduced Feb. 4 by Reps. Jim Sensenbrenner (R., Wis.), Thomas Massie (R.,
Ky.), and Zoe Lofgren (D., Calif.) and is similar to an amendment to the Department of Defense Appropriations Act that passed the House last year on a 293-123 vote. The amendment, however, was not included in
the omnibus continuing resolution that was eventually passed. In a statement, the bill's sponsors said, "Congress has allowed the administration's surveillance authorities to go unchecked by failing to enact adequate

The Secure Data


Act is an important step in rebuilding public trust in our intelligence agencies and striking the appropriate balance between
national security and civil liberty." The lawmakers said major security flaws had been found in some government-compelled backdoors, which put the "data security of every person and business
reform.... With threats to our homeland ever prevalent, we should not tie the hands of the intelligence community." "But unwarranted, backdoor surveillance is indefensible," they said. "

using the Internet at risk." If a backdoor is created for law enforcement and intelligence surveillance purposes, "past experience has shown it's only a matter of time before hackers exploit it too," they said. They also
said the backdoors can be detrimental to American jobs, by prompting other countries to buy less American hardware and software in order to "avoid compromised American products."

The Secure Data Act is an important step to rebuilding trust prevents backdoor mandates
Whippy 15 (Peter, Communications Director for the House of Representatives, Sensenbrenner, Massie & Lofgren Introduce
Secure Data Act, 2/4/15, https://lofgren.house.gov/news/documentsingle.aspx?DocumentID=397873) WZ
Bipartisan lawmakers today reintroduced the Secure Data Act to protect Americans privacy
and data security by prohibiting surveillance agencies from requiring or compelling
surveillance backdoors in products and services. A similar amendment to the Department
of Defense Appropriations Act last year passed the House of Representatives by an
overwhelming 293-123 vote. This amendment was not included in the CRomnibus. U.S.
Reps. Jim Sensenbrenner (R- Wis.), Thomas Massie (R- Ky.), and Zoe Lofgren (D-Calif.),
sponsors of the Secure Data Act of 2015, issued the following statement: Congress has
allowed the Administrations surveillance authorities to go unchecked by failing to enact
adequate reform. Last Congress, the Massie-Sensenbrenner-Lofgren amendment garnered
support from an overwhelming bi-partisan majority in the House as a provision to the
Defense Appropriations bill, but unfortunately, was not included in the CRomnibus. With
threats to our homeland ever prevalent, we should not tie the hands of the intelligence
community. But unwarranted, backdoor surveillance is indefensible. The Secure Data Act is an
important step in rebuilding public trust in our intelligence agencies and striking the appropriate balance
between national security and civil liberty. It has been widely reported that US intelligence
and law enforcement agencies have requested or required individuals and organizations
build a backdoor into their product or service to assist in unwarranted electronic
surveillance. However, on more than one occurrence, major security flaws have been found
in these backdoors that put the data security of every person and business using the
internet at risk. For example, a software testing firm found serious backdoor vulnerabilities
in wiretapping software for law enforcement made by Israeli software firm NICE Systems in
2013 that allowed hackers to completely compromise their system and listen to intercepted
phone calls. If a backdoor is created for law enforcement and intelligence surveillance, past
experience has shown its only a matter of time before hackers exploit it too. These
"backdoors" can also be detrimental to American jobs. Other countries buy less American
hardware and software and favor their domestic suppliers in order to avoid compromised
American products. The Secure Data Act fixes this by prohibiting any agency from requesting or compelling
backdoors in services and products to assist with electronic surveillance.

SOLVENCY WARRANT REQUIREMENT

Warrant requirements solve


Warrant requirement solves
Geoffrey R. Stone 14 (Geoffrey Stone is the Edward H. Levi Distinguished Service Professor at the University of Chicago. Stone joined the faculty in
1973 after serving as a law clerk to Supreme Court Justice William J. Brennan, Jr. He later served as Dean of the Law School from 1987 to 1994 and Provost of
the University of Chicago from 1994 to 2002. Stone is the author of many books on constitutional law, including Speaking Out: Reflections of Law, Liberty and
Justice (2010); Top Secret: When Our Government Keeps Us in the Dark (2007); War and Liberty: An American Dilemma (2007); Perilous Times: Free Speech in
Wartime (2004); and Eternally Vigilant: Free Speech in the Modern Era (Chicago 2002). Stone is currently chief editor of a 20-volume series, Inalienable Rights,
which is being published by the Oxford University Press. Stone recently served on the Presidents Review Group on Intelligence and Communications
Technologies. He is a Fellow of the American Academy of Arts and Sciences, a member of the America Law Institute, the National Advisory Council of the
American Civil Liberties Union, and a member of the American Philosophical Society. In recent years, he has served as Chair of the Board of the American
Constitution Society. The Daily Beast, 3/7/14, http://www.thedailybeast.com/articles/2014/07/03/it-s-time-to-shut-the-nsa-s-backdoor-

used-to-spy-on-americans.html)CK
Last fall, I served on a five-member Review Group that was charged by the president with making recommendations about reforming
the nation's foreign intelligence programs. [Our report is here: (PDF)] After reviewing this issue, we recommended that the law should
be changed as follows: "The government may not search the contents of communications acquired under section 702... in an
effort to identify communications of particular United States persons, except... when the government obtains a warrant based on
probable cause to believe that the United States person is planning or is engaged in acts of international terrorism ." In effect, the
Review Group recommended that backdoor searches for communications involving American citizens should be prohibited
unless the government has probable cause and a warrant . This is essentially what the recently enacted House amendment
endorsed. The Review Group concluded that the situation under section 702 is distinguishable from the situation when the government lawfully intercepts a
communication when it has probable cause and a warrant. This is so because, in the section 702 situation, the government is not required to have either
probable cause or a warrant to intercept the communication. Because section 702 was not intended to enable the government to intercept the communications of
American citizens, because our recommended reform would leave the government free to use section 702 to obtain the types of information it was designed and
intended to acquire--the communications of non-U.S. citizens, and because the recommended reform would substantially reduce the temptation the government
might otherwise have to use section 702 impermissibly in an effort intentionally to intercept the communications of American citizens, we concluded that this
reform was both wise and essential. Now that the House of Representatives has agreed, it is time for the Senate and the president to

move forward to make this recommendation a reality. This change would be an important step forward in our nation's effort to
strike the right balance between liberty and security in a changing world.

Warrants solve disads but avoid the risks of backdoors


Christopher Soghoian Ph.D 06 (Principal Technologist with the Speech, Privacy, and Technology Project at the American
Civil Liberties Union. He is also a Visiting Fellow at Yale Law School's Information Society Project. Caught in the Cloud: Privacy,
Encryption, and Government Back Doors in the Web 2.0 Era Privacy and Law Enforcement pg. 399
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1421553)CK
A move to encrypted cloud-based services will likely lead to a significant reduction in the ease with which law enforcement
agents can obtain the private files of suspects. I consider this to be a feature, not a bug. Simply put, cloud computing and the online storage of data
by third parties has made law enforcement far too cheap. It is time for a market adjustment. Nevertheless, the law enforcement and intelligence communities will
likely argue that without the ability to force service providers to reveal their customers communications, government agents will be unable to catch pedophiles
and terrorists.114 While I certainly wish to roll back the effectiveness, scale and extreme low cost at which the government can currently engage in surveillance, I
also recognize that there is a legitimate need to investigate suspects. Luckily, even with the widespread use of encryption, there is still a way for
government agents to get access to data: the black bag job, a search method already in widespread use.1,5 As noted earlier in this article, in the

days before easy wiretaps at the phone company, law enforcement agencies had to send an agent out to tap the line at the
suspects home, or perhaps scale a nearby telephone pole. The widespread use of encryption brings us back to a form of
surveillance dependent upon manual labor. The Scarfo case provides a fantastic example of this, in which a suspccts use of disk encryption was
defeated by the FBI. A team of agents snuck into Scarfos home, planted microphones and other recording devices in his computer, which then captured a copy
of his password as he typed it on the keyboard.116 No matter how strong the encryption, the human is always the weakest link, and the black bag job exploits
this. What this article proposes is not the end to the lawful acquisition of investigative data, merely that law enforcement no longer be able to deputize

service providers into quietly disclosing their customers data. If a suspect is important enough, let the police dedicate the
significant manpower to break into her home in order to install bugs. Given the finite limit to the financial and human resources
available to law enforcement agencies, such a change in the balance of power, by raising the effective cost of such surveillance,
would force investigators to prioritize their targets, and shy away from fishing expeditions.117 Furthermore, such a dependence
on black bag jobs would also bring a further (and significant) benefit long sought by privacy activists: The return of the Fourth
Amendment. If police need to break into a suspects home in order to try and install a password-stealing bug, they must first
obtain a search warrant, and thus find themselves firmly back in the familiar domain of the Fourth Amendment. This would lead

to at least some judicial oversight of investigations, something that is almost entirely absent under the current subpoena
standard.

SOLVENCY FISC / FAA EXCLUSIVITY

FISC oversight solves


NSA back-door surveillance bad-- not subject to FISC review plan key
Jennifer Granick 10/17/13--- Director of Civil Liberties at the Stanford Center for Internet and Society. Previously, she was the Civil
Liberties Director at the Electronic Frontier Foundation. She earned her law degree from University of California, Hastings College of the Law
and her undergraduate degree from the New College of the University of South Florida. (Granick, We All Go Down Together: NSA Programs
Overseas Violate Americans Privacy, Yet Escape FISC, Congressional Oversight, Just Security. http://justsecurity.org/2125/together-nsaprograms-overseas-violate-americans-privacy-escape-fisc-congressional-oversight/)//ET
Ongoing revelations show that significant NSA surveillance activities take place outside of either Foreign Intelligence Surveillance Court (FISC) or
congressional oversight, even though these policies directly impact Americans privacy. These activities should, at the very least, be subject to congressional
review, since American interests are being adversely impacted by them. ] This past Sunday, the Washington Post reported that the National Security Agency
gathers hundreds of millions of address books and contact lists from people around the world, including some Americans. The collection occurs in foreign
countries, such as when Americans; data crosses international borders. FISA does not regulate this activity, and neither the Foreign Intelligence Surveillance
Court (FISC) nor Congress oversees this program. Also, in early September, The Guardian, New York Times, and ProPublica reported that the NSA has
found ways to circumvent encryption protocols, which protect sensitive data like trade secrets, banking information and medical records as
they travel over the Internet. These efforts include having secretly and successfully subverted the National Institute of Technology Standards
(NIST) process to ensure adoption of a weakened encryption standard. NIST is is the federal technology agency that works with industry to
develop and apply technology, measurements, and standards. NIST standards are implemented by commercial entities the world over. A flawed NIST
standard leaves products vulnerable to infiltration from both the NSA and from bad actors who also discover the problem. The FISC does
not approve or authorize NSAs efforts to circumvent encryption. Nor does it appear that Congress exercises oversight of these programs. The legal
reasons for evading FISC and Congressional oversight for each of these practices varies, though the consequence is the same: the
NSA is unaccountable to any authority outside the Executive Branch for these and certainly other practices. The NSA appears
to collect address books and contact lists at overseas locations under Executive Order 12333, which the President issues under his Article II powers, and not
under FISA. The WaPos sources give two related but distinct reasons to conclude that the program is not restricted by FISA and is outside of the FISC oversight.
The first is that the collection takes place overseas. The second is that when collection takes place overseas, the assumption is youre not a U.S. person, i.e. an
American or green card holder. FISAs definitions of electronic surveillance depend on the type of information acquired and whether acquisition occurs in the
U.S. or targets/collects information on U.S. persons or any persons located in the U.S. According to the slides published by the Post, the contact list collection
takes place at various communications nodes outside the U.S. According to the statute, if the information is not content and collection takes
place abroad, FISA doesnt apply. 50 USC 1801(f)(4). If all you care about is U.S. persons privacy, then Congress decision in 1978 to limit this definition
of electronic surveillance to in-country collection might have once made sense. But today, it does not. Because of the nature of the global internet, data crosses
international boundaries even when its American owners stay at home. Large technology companies like Google and Facebook maintain data centers around the
world to balance loads on their servers and work around outages. That means that vast amounts of Americans data will travel abroad and be collected there. Nor
are there legal disincentives for such collection. The statute would even allow the NSA to intentionally target Americans for this kind of collection, so long as it
happens overseas. However, address books and contact lists are probably content under FISA, and therefore different rules apply here. The term is specifically
defined under FISA: Contents, when used with respect to a communication, includes any information concerning the identity of the parties to such
communication or the existence, substance, purport, or meaning of that communication. Its worth comparing this definition to that of content in the criminal
context under the Electronic Communications Privacy Act (ECPA): Contents, when used with respect to any wire, oral, or electronic communication, includes
any information concerning the substance, purport, or meaning of that communication. The FISA definition is broader than ECPA in that it includes (1) any
information concerning the identity of the parties to such communication and (2) any information concerning the existence of that communication. Address books
regularly identify their owner, either explicitly or through deduction. For example, my Apple Contacts list indicates which card belongs to me. Additionally, the
Posts examples of the ways the NSA is using the contact list information show it at least sometimes knows the owner of the lists. If this is correct, then the NSA

must comply with FISA if the information is sent by or intended to be received by a particular, known U.S. person who is
intentionally targeted. This is why the WaPos sources second comment is important. Overseas collection may result in massive amounts of surveillance on
Americans, but the NSA could believe that these common and voluminous mistakes are neither known nor intentional and therefore not
seek to comply with FISA. Another NSA argument might be that the contact lists are collected via vacuum cleaner surveillance, and no person is
targeted. Since no one is targeted, even if Americans information is routinely sucked in, the collection falls outside the scope of electronic surveillance as FISA
defines it. Again, if all you care about is U.S. persons privacy, then Congress decision to limit regulation of electronic surveillance to situations Americans are
targeted might make sense if NSA collection consisted solely of traditional particularized surveillance. But once you shift to wholesale acquisition, nothing is
targeted, and that limitation stops protecting Americans and instead serves no purpose. I dont mean to suggest that, in 1978, Congress intended to leave foreign
collection unregulated. FISAs legislative history suggests Congress believed such surveillance affects the privacy interests of Americans and deserved to be
limited, but that Congress did not want to hold up the passage of FISA to resolve those more difficult issues. For a variety of reasons, Congress never really got
back to the problem. Initially, the price to be paid in American privacy may not have been high, but that has changed, and the bill for neglecting foreign
intelligence collection is now coming due. Our current information regarding other NSA bulk collection practices suggests that broad collection techniques will
inevitably incidentally acquire Americans information, that the information will not be limited to information in address books and buddy lists, and that at least
some of this data, everyone will agree is content. The NSAs view appears to be that even pervasive unintentional collection that would otherwise be regulated or
prohibited does not affect the legality of its programs. For example, under Section 702, NSA official guidelines say that if the agency collects an Americans
records while targeting a foreigner, even if the accidental collection is pervasive, it does not constitute a ... violation and does not have to be reported to the
NSA inspector general for inclusion in quarterly reports to Congress. NSA conducts this contact list surveillance outside of the FISA regime and without FISC
oversight. The American people deserve to know more about this collection program, how many Americans are affected, and why the NSA believes it is legal.
Congressional oversight of these kinds of programs is even more anemic than usual, and may be non-existent. The President amends E.O. 12333 without input
from Congress. The NSA was not reporting to the Intelligence Committees abuses that take place under E.O. 12333 authorized programs. For example, in the
October 2, 2013 FISA oversight hearing chaired by Sen. Patrick Leahy (D-VT), Director of National Intelligence James Clapper told Senator Amy Klobuchar that

the Administrations false assurances there had been no abuses of the Section 215 phone records collection were not false because the abuses identified in an
internal audit had occurred under E.O. 12333 and need not be reported. (after 1:25, hat tip to Marcy Wheeler). In late September, Intel Committee Chair
Feinstein acknowledged that, E.O. 12333 programs receive far less congressional oversight, and less protections for U.S. person privacy. The Senator ordered
that the NSA report further on its intelligence collection outside of FISA. Specifically regarding the contact list collection, the Washington Post quotes a senior
Intelligence Committee staffer: In general, the committee is far less aware of operations conducted under 12333, said a senior committee staff member,
referring to Executive Order 12333, which defines the basic powers and responsibilities of the intelligence agencies. I believe the NSA would answer questions if
we asked them, and if we knew to ask them, but it would not routinely report these things, and in general they would not fall within the focus of the committee.
One major revelation of the Washington Post piece is that there isnt even Intel Committee oversight of 12333 overseas activities, even though Americans data is
collected via that authority, and our privacy substantially effected. We have also learned that the NSA subverts encryption standards, collaborates
with technology companies in the United States and abroad to build backdoors into their products, and coerces businesses into handing
over their master encryption keys. These practices impact the privacy of average people by making the systems we rely on for the transmission and
storage of sensitive data less secure. Both the NSA and thieves can defeat weak encryption standards and find hidden backdoors. Turning over encryption keys

practices by themselves they do not fit the FISA


definition of electronic surveillance, though the acquisition of content or installation of surveillance devices enabled by these
techniques may. Theres no sign that Congress or the FISA court approved the NSAs NIST caper or its successful negotiations to
ensure or install backdoors in commercial products. No law that requires Internet companies to grant such access or empowers the
gives the NSA technical access to all the services customers communications. These

government to demand it. In 1994, Congress adopted the Communications Assistance for Law Enforcement Act (CALEA). CALEA was intended to preserve but
not expand law enforcement wiretapping capabilities by requiring telephone companies to design their networks to ensure a certain basic level of government
access. The Federal Bureau of Investigation pushed its powers under CALEA, however, and the law was expanded in 2005 by the Federal Communications
Commission to include broadband Internet access and interconnected VoIP services which rout calls over the traditional telephone network. Pure Internet
services, however, are not subject to CALEA. The FBI will seek to change that, but for now, nothing in CALEA prohibits these companies from building robustly
secure products that will protect their customers data from attacks. Yet, the Guardian reported that some companies have built or maintained backdoors allowing
government access to their services, and specifically identified Microsoft and its VoIP service, Skype. To the extent Skypes VoIP service operates peer-to-peer
independent of the traditional phone network, it is not subject to CALEA obligations. Yet, Microsoft said, in response to the Guardian report, when we
upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information
in response to a law enforcement or national security request. Its unclear what those legal obligations might be, though some have
pointed to the general obligation of electronic communications service providers to provide the Government with all information,
facilities, or assistance necessary to accomplish the acquisition under section 702 of the FISA Amendments Act. Is the government is
using that rather generic provision of law to force creation or maintenance of technological vulnerabilities in communications networks? If so, Congress ought to
know, and so should the public which relies on these facilities for secure communications. The Lavabit case gives the public some idea of how the government
has relied on similar assistance provisions in the criminal pen register statute to force disclosure of master encryption keys, despite the absence of any explicit
obligation to do so. There, the FBI wanted secure email provider Lavabit to install a pen register to identify Internet traffic addresses for one of the companys
users. The system was engineered so that that information was encrypted and could not be obtained via pen register. The government then asked Lavabit for its
SSL key. However, disclosing the key would give the government access to communications of all other Lavabit customers, as well as the targeted user. Lavabits
owner, Lavar Levison, offered to collect the data for the government, a compromise that would get the FBI the information it wanted without impacting the security
of its other customers. Unappeased, the government obtained a court order commanding Levison to travel from Texas to personally appear in a district court in
Virginia to explain his refusal to produce the key. It further secured a grand jury subpoena, which explicitly commanded Levison to appear before the grand jury
and bring with him Lavabits private keys. While Levison was traveling to appear pro se in district court, the government obtained a third order, this time a search
warrant, which again commanded Lavabit to hand over its private keys and also gagged Levison and the company from telling anyone that the government had
done so. The District Court ruled against Levison and gave him 24 hours to comply. At that point, Levison closed down Lavabits services. Lavabit has now
retained appellate attorneys and challenged the Court orders in the Fourth Circuit. Thanks to Levisons decision to shut his doors rather than comply, we may one
day get a public hearing on the legitimacy of this underground government practice. It appears there was no secret review in the FISC or in Congress. NSA

activities, either those overseas which target foreigners or those which tamper with encryption or commercial security, arguably fall outside of
FISC review because of FISAs parsed definitions of electronic surveillance and may elude Congressional oversight because they are
mistakenly considered to impact only foreigners. Now we know this is a mistake. The NSA is acquiring information about Americans from
overseas collection. Additionally, American disregard for the privacy of innocent foreigners has a direct impact on American companies, which depend upon
global trust to operate. Senator Feinstein is right; its time for Congress to find out exactly what the NSA is doing under which legal authorities, and why. Given
what we now know, its time to rein the NSAs practices in by expanding the categories of collection, surveillance, and other activities for which the NSA needs to
seek judicial and Congressional approval, since E.O. 12333 activities are causing collateral damage to American interests, civil liberties, and human rights.
Addressing the problem of NSA surveillance occurring outside of FISA and Congressional oversight will be complicated by arguments that the president would
have independent authority under Article II, even if FISA specifies that it is the exclusive means for conducting surveillance. Its time to have those arguments.

FAA exclusivity goodsolves foreign privacy perceptions


Mieke Eoyang 11/24/14---Mieke Eoyang is the director of the National Security Program at Third Waya center left think tank.
She previously served on the staff of the House Intelligence and Armed Services Committees. served as Defense Policy Advisor
to Senator Edward M. Kennedy, and a subcommittee staff director on the House Permanent Select Committee on Intelligence.
Has written for Lawfare which is published by the lawfare institute in collaboration with Brookings. (Eoyang, A Modest Proposal:
FAA Exclusivity for Collection Involving U.S. Technology Companies, Lawfare. http://www.lawfareblog.com/modest-proposal-faaexclusivity-collection-involving-us-technology-companies)//ET
Beyond 215 and FAA, media reports have suggested that there have been collection programs that occur outside of the companies knowledge.
American technology companies have been outraged about media stories of US government intrusions onto their networks overseas, and the spoofing of

their web pages or products, all unbeknownst to the companies. These stories suggest that the government is creating and sneaking through a
back door to take the data. As one tech employee said to me, the back door makes a mockery of the front door. As a result of these allegations,
companies are moving to encrypt their data against their own government; they are limiting their cooperation with NSA; and they are pushing for
reform. Negative international reactions to media reports of certain kinds of intelligence collection abroad have resulted in a backlash
against American technology companies, spurring data localization requirements, rejection or cancellation of American contracts, and
raising the specter of major losses in the cloud computing industry. These allegations could dim one of the few bright spots in the
American economic recovery: tech. Without commenting on the accuracy of these media reports, the perception is still a problem even if the
media reports of these government collection programs are not true---or are only partly true. The tech industry believes them to be true, and more
importantly, their customers at home and abroad believe them to be true, and that means they have huge impact on American business and huge impact as well
on the relationship between these businesses and an intelligence community that depends on their cooperation. So, how should we think about reforms in
response to this series of allegations the Executive Branch cant, or wont, address? How about making the FAA the exclusive means for conducting
electronic surveillance when the information being collected is in the custody of an American company ? This could clarify that the
executive branch could not play authority shell-games and claim that Executive Order 12333 allows it to obtain information on overseas non-US
person targets that is in the custody of American companies, unbeknownst to those companies. As a policy matter, it seems to me that if the
information to be acquired is in the custody of an American company, the intelligence community should ask for it, rather than take it
without asking. American companies should be entitled to a higher degree of forthrightness from their government than foreign companies, even when they are
acting overseas. Under the FAA, we have a statutory regime that creates judicial oversight and accountability to conduct electronic
surveillance outside the US for specific purposes: foreign intelligence (or traditional espionage), counter-terrorism, and prevention of WMD proliferation. It
addresses protections for both non-US and US persons. It creates a front-door, though compelled, relationship under which the intelligence
community can receive communications contents without individual warrants but with programmatic judicial oversight. FAA exclusivity would say to the
rest of the world that when the US conducts bulk electronic surveillance overseas, we are doing so for a particular, national security
purpose. The FAA structure with FISC review provides an independent check that the statutory purposes are met. Through
transparency agreements with the government, the American companies are able to provide their customers with some sense of how many
requests are made. This would not change the 12333 authorities with respect to non-US companies. It would also not change 12333 authorities when the
Executive Branch seeks to obtain the information in some other way than through the US company (i.e. breaking into the targets laptop, parking a surveillance
van outside their house, sending a spy, etc.). Some have asked me what would happen if foreign companies tried to set up shop here in the US to seek these
protections. I need to refine this part further, but would look to other statutory regimes that need to define the nationality of companies, like the Foreign Corrupt
Practices Act, or the CFIUS process. Executive Order 12333 itself offers a partial answer, defining a US person to include a corporation incorporated in the
United States, except for a corporation directed and controlled by a foreign government or governments. Others may argue that FAA provides inadequate civil
liberties protections. This proposal says nothing about the adequacy of that statute. What it says is that for data held by an American company about a target that
is not a US person, the checks within FAA are stronger than those under 12333 acting alone. Im also not suggesting that this reform will shut down all
surveillance activities something Id personally oppose---nor will it address the full range of civil liberties concerns. Its not intended to. It simply aims to
restore the belief that when American companies are acting overseas, they bring with them American values, including those of privacy

protections.

ADV CYBERSECURITY

--xt plan k/t cybersecurity


Current encryption policies allow vulnerabilities, posing a threat to national security makes the
US turn away from best solutions, increases system complexity, and makes it easier for attackers
Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
The technological hopes of law enforcement were expressed in House testimony this April by Amy Hess, Executive Assistant Director of the Science and
Technology Branch of the FBI. She said: To be clear, we in the FBI support and encourage the use of secure networks and sophisticated
encryption to prevent cyber threats to our critical national infrastructure, our intellectual property, and our data. We have been on the
front lines of the fight against cyber crime and economic espionage and we recognize that absolute security does not exist in either the physical

or digital world. Any lawful intercept or access solution should not lower the overall security . (emphasis supplied)19 The heart of the
problem is this: the Review Group and the vast majority of technical experts do not think the FBIs hopes are possible to
achieve , for the sorts of access suggested in CALEA II proposals. Even if they assist law enforcement in some respects, the proposed
lawful intercept and access solutions lower overall security . Repeated blue-ribbon panels of technical experts have come to the same
conclusion. In the 1990s, Representative Bob Goodlatte summed up the lessons that Congress was learning: Strong encryption prevents crime. Just
as dead-bolt locks and alarm systems help people protect their homes against intruders, thereby assisting law enforcement in
preventing crime, strong encryption allows people to protect their digital communications and computer systems against criminal
hackers and computer thieves. The blueribbon National Research Council said it best, concluding that strong encryption supports both law
enforcement efforts and our national security, while protecting the proprietary information of U.S. businesses. 20 An influential group
of encryption experts issued a 1997 report on The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption.21 Among the key findings of this
technical group: The deployment of key-recovery-based encryption infrastructures to meet stated specifications will result in substantial sacrifices in security and
greatly increased costs to end users. The report made numerous, telling criticisms of key recovery approaches. From my participation in the policy debates of
the era, there was no effective technical response by supporters of government key recovery approaches. In May, 2013, just prior to the first Snowden
revelations, the Center for Democracy and Technology gathered a different group of technical experts to write CALEA II: Risks of Wiretap Modifications to
Endpoints.22 The conclusions about the harms of mandated vulnerabilities were clear: The U.S. government is proposing to
expand wiretap design laws broadly to Internet services, including voice over Internet protocol (VoIP) services and other peer- to-peer tools that
allow communications in real-time directly between individuals. This report explains how mandating wiretap capabilities in endpoints poses serious
security risks. Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious
consequences for the economic well-being and national security of the United States . An impressive new technical study by a group of
experts was released on July 7, just before this hearing, entitled Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and
Communications.23 It states: We have found that the damage that could be caused by law enforcement exceptional requirements would be even greater today
than it would have been twenty years ago. In the wake of the growing economic and social cost of the fundamental insecurity of todays
Internet environment, any proposals that alter the security dynamics online should be approached with caution . Exceptional access
would force Internet system developers to reverse forward secrecy design practices that seek to minimize the impact on user privacy when systems are
breached. The complexity of todays Internet environment, with millions of apps and globally-connected services, means that new law enforcement requirements

providing mandated access


would force a U-turn from the best practices now being deployed to make the Internet more secure. For instance, best

are likely to introduce unanticipated, hard to detect security flaws. The new study highlights three general problems. First,

practices now incorporate forward secrecy, where decryption keys are deleted immediately after use, so that stealing the encryption key used by a
communications server would not compromise earlier or later communications. If law enforcement requires

key retention , then that directly


undermines the protection against later attacks . Second, building in exceptional access would substantially increase system
complexity : Security researchers inside and outside government agree that complexity is the enemy of security every new feature can
interact with others to create vulnerabilities. To achieve widespread exceptional access, new technology features would have to be deployed and
tested with literally hundreds of thousands of developers all around the world. This is a far more complex environment than the electronic surveillance now
deployed in telecommunications and Internet access services Features to permit law-enforcement exceptional access across a wide range

of Internet and mobile computing applications could be particularly problematic because their typical use would be surreptitious
making security testing difficult and less effective . Third, exceptional access would create concentrated targets for bad
actors to target : Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other
trusted third party. If law enforcements keys have guaranteed access to everything, an attacker who gained access to these keys
would enjoy the same privilege. Moreover, law enforcements stated need for rapid access to data would make it impractical to store keys offline or split
keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials. Recent attacks on the United States
Government Office of Personnel Management show how much harm can arise when many organizations rely on a single
institution that itself has security vulnerabilities. In the case of OPM, numerous federal agencies lost sensitive data because OPM had insecure

infrastructure. If service providers implement exceptional access requirements incorrectly, the security of all of their users will be at risk. At a practical level, there
are thousands of police departments spread across the United States. Providing online access to these police departments, while having iron-clad assurances
that no hackers can get in, ignores the lessons of the recent OPM breach and the numerous other data breaches in the public and private sectors. Let me add
my personal observations on these studies about the technical obstacles to safe key recovery by law enforcement. I have engaged with a wide range of technical
encryption experts for two decades, both inside and outside of government, often as the only person with legal training at a conference. I have an appointment in
the College of Computing at Georgia Tech, and teach cybersecurity there, with a majority of the class in graduate studies in information security. Based on this
engagement with technical experts, they say the same things in private as are written in the blue-ribbon reports. The passion that the most eminent technical
experts show here is due to their conviction based on hard-fought experience, and not as a lobbying ploy. Quite simply, the technical experts I trust believe that
the FBI is asking for the impossible. CALEA II-style proposals hurt security.

1.

Encryption backdoors undermine cybersecurity


Bankston 4/29/15 - Kevin S. Bankston: Policy Director of New Americas Open Technology Institute & CoDirector of New Americas Cybersecurity Initiative. Kevin was a Senior Counsel and the Director of the Free Expression Project at
the Center for Democracy & Technology. He is the Director of New Americas Open Technology Institute. Masters from the
University of Southern California Law School (Before the U.S. House of Representatives Subcommittee on Information Technology
of the Committee on Oversight and Government Reform: Hearing on Encryption Technology and Possible U.S. Policy Responses.,
Kevin S. Bankston, Oral Testimony, April 29, 2015, https://static.newamerica.org/attachments/2982-at-crypto-hearing-bestarguments-against-backdoor-mandates-come-from-members-of-congressthemselves/Bankston_Oral_Testimony.ffdedda50c6149309d6d6da935795ed7.pdf)//chiragjain

It would seriously undermine our nations cybersecurity, at a time when that security is already in crisis as
demonstrated by the endless string of high profile data breaches in the past year.11 Every technical expert that
has spoken publicly on this controversy since it began last Septemberboth experts from the generation that fought in the original
Crypto Wars,12 as well as experts from the next generation13has concluded that it

is impossible to devise a system


that provides government access to data on encrypted devices, or to end-to-end encrypted
communications, while also ensuring that it remains secure against other attackers, be they computer
criminals, industrial spies, Chinese intelligence, or anyone else. 14 Whether you want to call it a front door or a back
door, mandating guaranteed government access to encrypted data would open us up to a variety of new
cyber-threats . In fact, it would be an open invitation for attackers to focus on hacking into U.S. products
and services because they would be easier targets than products and services that are not subject to
such mandated vulnerabilities. As the Chief Information Security Officer of Yahoo put it when debating the issue with the
Director of the NSA at New Americas cybersecurity conference in February, all of the best public cryptographers in the
world would agree that you cant really build [secure] backdoors in crypto That its like drilling
a hole in the windshield.15 Indeed, when the White House cybersecurity coordinator was asked last week if he could name a
single respected technical expert who believed it was possible, he had no answer.16 Even one of the governments own top experts,
the chief cybersecurity adviser to the Commerce Departments National Institute of Standards and Technologies, has publicly
concluded that when it comes to designing a secure key escrow system where the government has access to a master decryption key
that cant be subverted by other attackers, [t]heres no way to do this where you dont have unintentional vulnerabilities.17 Put
another way, there is no way to build a secure golden key that can only be used by the government, like that which was suggested
in a recent Washington Post editorial that was immediately and roundly criticized by the Internet community.18 This fact was
conclusively demonstrated in the 90s,19 and it is equally true today.20 However, even assuming such a golden key system were
feasible

Encryption backdoors destroy national cybersecurity


Timm, activist at the Electronic Frontier Foundation and researcher of national security, 6/19/15
(Trevor Timm, The Guardian, http://www.theguardian.com/commentisfree/2015/jun/09/fbi-facebook-backdoor-apple-encryptionless-safe-privacy)RL
Fresh off news of yet another massive government data breach, the FBI is yet again trying to scare Americans into
believing encryption is dangerous rather than what it actually is: one of the best ways to better protect our private information
from criminal hackers. Last week, FBI official Michael B. Steinbach ignorantly told Congress that tech companies like
Apple and Google should "prevent encryption above all else" since terrorists are using encrypted communications
tools. (So are hundreds of millions of ordinary citizens.) Then on Monday, US officials relayed breathless assertion s
to the Los Angeles Times, claiming members of ISIS were now using encrypted text messaging apps to
communicate, insinuating there's an even more urgent imperative to make them illegal. "Privacy, above all other
things, including safety and freedom from terrorism, is not where we want to go ," Steinbach said last week. What the FBI
doesn't seem to get - or more likely, what its officials are purposefully ignoring - is that encryption isn't primarily about

privacy. It's about security. Encryption is something we should be encouraging all citizens, companies and our own government
to be using to mitigate against everything from criminals stealing your iPhone to the many massive data breaches
conducted by faceless foreign criminal operations that have made national headlines in the past year. The
government knows this even if not admitting it; a classified document in the Snowden archive details how encryption is

vital to security. Yet the agency is in the midst of a push to force tech companies to install backdoors in encryption, the fastest
way to weaken America's cybersecurity. FBI director Jim Comey first started making the push last year, and it has been
widely ridiculed by technical experts, but the chorus inside government seems to have only gotten louder even as
officials claim cyberattacks are the number one threat the nation faces . The idea that terrorists will stop using end-to-end
encryption - where a message is unintelligible from when it leaves the sender until it reaches its recipient - if the US
bans companies from using it is preposterous. As Johns Hopkins cryptography professor Matthew Green tweeted,
"You could strangle the whole U.S. tech industry, and ISIS would *still* be able to communicate with their followers using
encryption." There are plenty of open-source encryption programs that have been around for 20 years and are too
prevalent to rein in, plus the code itself is protected by the First Amendment. Forcing big companies to backdoor their

products will just hurt the millions of ordinary people worldwide who depend on encryption for protection from snoopers, criminals
and foreign governments. That includes tech companies' Chinese users, who can use encryption to protect themselves
from their own authoritarian government. Just weeks after the FBI unveiled its anti-encryption plans last year, China
announced it too wants to pass a "counter-terrorism" law that would force companies like Apple and Google to hand over
encryption keys. Without a hint of irony, the Obama administration condemned the move. Here's how Reuters
reported it in March : In an interview with Reuters, Obama said he was concerned about Beijing's plans for a farreaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that
help protect data, and install security "backdoors" in their systems to give Chinese authorities surveillance access.
"This is something that I've raised directly with President Xi," Obama said. "We have made it very clear to them that
this is something they are going to have to change if they are to do business with the United States." Read that
opening paragraph again and try to explain how it's any different than what the US is proposing. Yes, China will
almost certainly use its "counter-terrorism" powers for all sorts of things beyond terrorism . But we'd be kidding ourselves if we
didn't think the US will use its own "backdoor" powers to do the exact same thing, as they've done over and over again with the
Patriot Act in the last decade. The FBI is going to have to decide which is more important: strong cybersecurity, or the ability
to read every message that's sent all of the time . Because attempting to force backdoors into encryption compromises the
safety of its own citizens and gives authoritarian powers like China and Russia an excuse to force Apple and Google and
whomever to hand them the keys to the encrypted communications too . Apple CEO Tim Cook has commendably been
speaking out in public on this issue, forcefully defending the use of encryption on iPhones as essential in the 21st
Century. It's time for the other tech company CEOs to step up and ask the FBI why it's saying cyberattacks are the greatest

threat we face on one hand, and then saying they want to make us all even more vulnerable to attacks on the other.

Encryption is key to trust and safeguarding data


Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
Encryption is an essential basis for trust on the Internet; without such trust , valuable communications would not be possible.
For the entire system to work, encryption software itself must be trustworthy. Users of encryption must be confident, and justifiably
confident, that only those people they designate can decrypt their data . The use of reliable encryption software to safeguard data is
critical to many sectors and organizations, including financial services, medicine and health care, research and development, and other critical
infrastructures in the United States and around the world. Encryption allows users of information technology systems to trust that their data,
including their financial transactions, will not be altered or stolen . Encryption-related software, including pervasive examples such as Secure
Sockets Layer (SSL) and Public Key Infrastructure (PKI), is essential to online commerce and user authentication. It is part of the underpinning of current
communications networks. Indeed, in light of the massive increase in cyber-crime and intellectual property theft on-line, the use of encryption should be greatly
expanded to protect not only data in transit, but also data at rest on networks, in storage, and in the cloud.

Encryption is crucial to prevent identity theft and protect against cyber attacks
Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
Although encryption issues have become the subject of greater public debate since the beginning of the Snowden revelations, there has been an ongoing
trend to deploy effective encryption for consumer and business applications . The central importance of encryption to cybersecurity was a
major theme in the Review Group report, as discussed above. Strong encryption is essentially the broadest-spectrum antibiotic against cyberinfections. In our era of pervasive cyber-attacks, encryption is crucial to preventing identity theft, reducing the harmful
effects of data breaches, and providing myriad other protections against attacks. The necessary and pervasive spread of encryption
was the topic of my 2012 article why encryption drives the government to seek access to the cloud, cited above. That article gave a 2012 list of examples of
widespread encryption: Corporate and government users have widely adopted Virtual Private Networks (VPNs) for remote users. VPNs are strongly encrypted,
thus protecting the organizations emails and other communications. Electronic commerce, including credit card numbers, is overwhelmingly conducted today
using SSL (Secure Sockets Layer). Facebook now supports SSL. If it enables SSL by default [which is true in 2015], then its social networking communications

would not be readable at the ISP level. Research in Motions Blackberry products use strong encryption, and RIM itself does not have the keys for corporations
who manage keys themselves. Major web locker services, such as Dropbox, use SSL by default. Skype, the leading VoIP provider, encrypts end-to-end. Many
international calls are made using Skype. VoIP enables voice communications to be encrypted at scale. Many Internet games and other services use encryption,
often with accompanying voice and chat channels.17 This trend has continued since 2012, including for the device encryption of smartphones that the FBI has
criticized.18 Although it might seem that the widespread use of encryption is a reason to mandate vulnerabilities in software to enable law enforcement access,

The growing and pervasive use of encryption is recognition of its centrality to defending against cyberattacks the ongoing debates about cybersecurity legislation in Congress show a consensus that customers need this
protection, and companies need to supply it. In addition, CALEA II-style mandates run up against the pervasive use of encryption. Such mandates
my view is different.

would be a regulatory nightmare, affecting so many applications and implementations as to be unmanageable and enormously costly.

Backdoors causes theft to major data leading cryptographers agree


Perlroth, top cybersecurity journalist by SANS Institute, 15 (Nicole Perlroth, Winner of the Society of American
Business Editors and Writers award and voted top cybersecurity journalist by SANS Institute, Security Experts Oppose
Government Access to Encrypted Communication, 7/7/15, http://www.nytimes.com/2015/07/08/technology/code-specialistsoppose-us-and-british-government-access-to-encrypted-communication.html?_r=0)//EM
SAN FRANCISCO An elite group of security technologists has concluded that the American and British governments cannot demand
special access to encrypted communications without putting the worlds most confidential data and critical infrastructure in
danger. A new paper from the group, made up of 14 of the worlds pre eminent cryptographers and computer scientists, is a
formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After
Edward J. Snowdens revelations with security breaches and awareness of nationstate surveillance at a record high and data moving online at breakneck
speeds encryption has emerged as a major issue in the debate over privacy rights. That has put Silicon Valley at the center of a tug of war.
Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer
data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers. Yet

law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and
other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers,
the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but
to divide the key into pieces and secure it so that no one person or government agency could use it alone. The encryption debate has
left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of
the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate
Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their
jobs. The new paper is the first indepth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a
pioneer of public key cryptography, and Ronald L. Rivest, the R in the widely used RSA public cryptography algorithm. In the report, the group said any

effort to give the government exceptional access to encrypted communications was technically unfeasible and would leave
confidential data and critical infrastructure like banks and the power grid at risk . Handing governments a key to encrypted
communications would also require an extraordinary degree of trust. With government agency breaches now the norm most recently at the United
States Office of Personnel Management, the State Department and the White House the security specialists said authorities could not be
trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to
communications, China and other governments in foreign markets would be spurred to do the same. Such access will open doors through
which criminals and malicious nationstates can attack the very individuals law enforcement seeks to defend , the report said. The costs
would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the
developed countries soft power and to our moral authority would also be considerable. A spokesman for the F.B.I. declined to comment
ahead of Mr. Comeys appearance before the Senate Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, Our job is to find needles in a
nationwide haystack, needles that are increasingly invisible to us because of endtoend encryption. A Justice Department official, who spoke on the condition of
anonymity before the hearing, said that the agency supported strong encryption, but that certain uses of the technology notably endtoend encryption that
forces law enforcement to go directly to the target rather than to technology companies for passwords and communications interfered with the governments
wiretap authority and created public safety risks. Paul Kocher, the president of the Rambus Cryptography Research Division, who did not write the paper, said it
shifted the debate over encryption from how much power intelligence agencies should have to the technological underpinnings of gaining special access to
encrypted communications. The paper details multiple technological reasons why mandatory government back doors are technically unworkable, and how
encryption regulations would be disastrous for computer security, Mr. Kocher said. This report ought to put to rest any technical questions about Would this
work? The group behind the report has previously fought proposals for encryption access. In 1997, it analyzed the technical risks and shortcomings of a
proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers
to include a small hardware chip in their products that would have ensured that the government would always be able to unlock scrambled communications. The
government abandoned the effort after an analysis by the group showed it would have been technically unworkable. The final blow was the discovery by Matt
Blaze, then a 32yearold computer scientist at AT&T Bell Laboratories and one of the authors of the new paper, of a flaw in the system that would have allowed
anyone with technical expertise to encode Clipperencrypted communications so that even the government could not crack it. Now the group has convened again
for the first time since 1997. The decisions for policy makers are going to shape the future of the global Internet and we want to make sure
they get the technology analysis right, said Daniel J. Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative and a former deputy chief
technology officer at the White House, who coordinated the latest report. In the paper, the authors emphasized that the stakes involved in encryption are
much higher now than in their 1997 analysis. In the 1990s, the Internet era was just beginning the 1997 report is littered with references to electronic

mail and facsimile communications, which are now quaint communications methods. Today, the governments plans could affect the technology

used to lock data from financial and medical institutions, and poke a hole in mobile devices and countless other critical systems
that are moving rapidly online, including pipelines, nuclear facilities and the power grid. The problems now are much worse than they were
in 1997, said Peter G. Neumann, a coauthor of both the 1997 report and the new paper, who is a computer security pioneer at SRI International, the Silicon
Valley research laboratory. There are more vulnerabilities than ever, more ways to exploit them than ever, and now the government wants to dumb everything
down further. Other authors of the new paper include Steven M. Bellovin, a computer science professor at Columbia University; Harold Abelson, a computer
science professor at MIT; Josh Benaloh, a leading cryptographer at Microsoft; Susan Landau, a professor of cybersecurity at Worcester Polytechnic Institute and
formerly a senior privacy analyst at Google; and Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School and a widely
read security author. The governments proposals for exceptional access are wrong in principle and unworkable in practice, said Ross Anderson, a professor of
security engineering at the University of Cambridge and the papers sole author in Britain. That is the message we are going to be hammering home again and
again over the next few months as we oppose these proposals in your country and in ours. Correction: July 14, 2015 An article on Wednesday about a warning
from leading security technologists that granting American and British governments special access to encrypted communications would put the worlds most
confidential data and critical infrastructure in danger described incorrectly a technical flaw in an ef ort by the Clinton administration to read encrypted
communications. The flaw would have allowed anyone with technical expertise to encode the encrypted communications so that even the government could not
read it, not allow anyone with technical expertise access to the encrypted communications.

Technology insecure now encryption key


Blaze, Ph. D in computer science, 15 (Matthew Blaze, Ph. D in computer science and associate professor at UPenn,
ENCRYPTION TECHNOLOGY POLICY ISSUES, 4/29/15,
HTTP://congressional.proquest.com.proxy.lib.umich.edu/congressional/docview/t39.d40.04292903.d94?accountid=14667)//EM
I. ROBUST DIGITAL SECURITY TECHNOLOGIES ARE VITAL TO PROTECTING OUR NATIONAL AND CRITICAL INFRASTRUCTURE It is difficult to overstate
the importance of robust and reliable computing and communications to our personal, commercial, and national security today. Virtually every aspect of our
lives, from our health records to the critical infrastructure that keeps our society and economy running , is reflected in or supported in
some way by increasingly connected digital technology. The influx of new communications and computing devices and software over the last few decades
has yielded enormous benefit to our economy as well as to our ability to connect with one another. This trend toward digital systems, and the
benefits we reap from them, will only accelerate as technology continues to improve. Preventing attacks against our digital infrastructure
by criminals and other malicious actors is thus now an essential part of protecting our society itself . Unfortunately, modern computing and
communications technologies, for all their benefits, are also notoriously vulnerable to attack by criminals and hostile state actor s. And
just as the benefits of increased connectivity and more pervasive computing will continue to increase as technology advances, so too will the costs and risks we
bear when this technology is maliciously compromised. It is a regrettable (and yet time-tested) paradox that our digital systems have largely become
more vulnerable over time, even as almost every other aspect of the technology has (often wildly) improved. New and more efficient communication
technologies often have less intrinsic security than the systems they replaced, just as the latest computers and other devices regularly suffer from unexpected
vulnerabilities that are exploited remotely by malicious attackers. Largescale data breaches and similar security failures have so become
commonplace that they now only make the news when their consequences are particularly dramatic. Serious security failures are literally a daily
occurrence, and it is not an exaggeration to characterize this situation as an emerging national crisis. Modern digital systems are so vulnerable for a simple
reason: computer science does not yet know how to build complex, large- scale software that has reliably correct behavior. This problem has been known, and
has been a central focus of computing research, since the dawn of programmable computing. As new technology allows us to build larger and more

complex systems (and to connect them together over the Internet), the problem of software correctness becomes exponentially more
difficult . As this insecure technology becomes more integrated into the systems and relationships upon which society depends, the consequences become
increasingly dire. While a general solution to the problem of software reliability and correctness has eluded us (and will continue to do so absent some
remarkable, unexpected breakthrough), there are two tried- and-true techniques that can, to some extent, ameliorate the inherent vulnerability of software-based
systems. One is the use of encryption to protect data stored on or transmitted over insecure media . The other is to design systems to be
as simple as possible, with only those features needed to support the application. The aim is to minimize the ``attack surface`` that any software vulnerabilities
would expose. Neither the use of encryption nor designing systems to be small and simple are perfect solutions to the software security problem. Even carefully
designed, single-purpose software that encrypts data whenever possible can still harbor hidden, exploitable vulnerabilities, especially when it is connected to the
Internet. For this reason, software systems must be exposed to continual (and resource intensive) scrutiny throughout their lifecycle to discover and fix flaws
before attackers find and exploit them. But these approaches, imperfect and fragile as they might be, represent essentially the only proven defenses that we
have.

Experts flow aff- three warrants


Abelson et al 15 (Harold, Professor of Electrical Engineering and Computer Science at MIT, a fellow
of the IEEE, and a founding director of both Creative Commons and the Free Software Foundation;
Ross John Anderson, FRS, FREng is a researcher, writer, and industry consultant in security engineering. He is Professor of security engineering at the Computer Laboratory,
University of Cambridge; Steven Bellovin, Professor of Computer Science, Columbia University; Josh Benolah, cryptographer at Microsoft Research; Associate Professor of

Computer and Information Science at the University of Pennsylvania Whitfield Diffie, American cryptographer; one of the founders of the Electronic Frontier Foundation, the
Cypherpunks mailing list, and Cygnus Solutions; Assistant Research Professor of Computer Science at Johns Hopkins University; a computer-science researcher who has
worked on the Multics operating system in the 1960s. He edits the RISKS Digest columns for ACM Software Engineering Notes and Communications of the ACM; American
mathematician and engineer, and Professor of Social Science and Policy Studies at Worcester Polytechnic Institute; Vannevar Bush Professor at MIT's Department of Electrical
Engineering and Computer Science and a member of MIT's Computer Science and Artificial Intelligence Laboratory; Enterprise Architect at Massachusetts Institute of
Technology (MIT); American cryptographer, computer security and privacy specialist, and writer; Michael Specter, staff writer at the at the New Yorker; Director of the MIT

Keys Under Doormats: Mandating insecurity by requiring government access


to all data and communications, MIT Computer Science and Artificial Intelligence Laboratory Technical
Report)//MP
As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to
account for the risks inherent in exceptional access systems. Based on our considerable expertise in real-world applications,
we know that such risks lurk in the technical details. In this report we examine whether it is technically and operationally feasible to
CSAIL Decentralized Information Group,

meet law enforcements call for exceptional access without causing large-scale security vulnerabilities. We take no issue here with law enforcements
desire to execute lawful surveillance orders when they meet the requirements of human rights and the rule of law. Our strong recommendation is that
anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical
weaknesses and for hidden costs. Many of us worked together in 1997 in response to a similar but narrower and better defined proposal called the
Clipper Chip [1]. The Clipper proposal sought to have all strong encryption systems retain a copy of keys necessary to decrypt information with a
trusted third party who would turn over keys to law enforcement upon proper legal authorization. We found at that time that it was beyond the
technical state of the art to build key escrow systems at scale. Governments kept pressing for key escrow, but Internet firms successfully resisted on the
grounds of the enormous expense, the governance issues, and the risk. The Clipper Chip was eventually abandoned. A much more narrow set of law
enforcement access requirements have been imposed, but only on regulated telecommunications systems. Still, in a small but troubling number of
cases, weakness related to these requirements have emerged and been exploited by state actors and others. Those problems would have been worse had
key escrow been widely deployed. And if all information applications had had to be designed and certified for exceptional access, it is doubtful that
companies like Facebook and Twitter would even exist. Another important lesson from the 1990s is that the decline in surveillance capacity predicted
by law enforcement 20 years ago did not happen. Indeed, in 1992, the FBIs Advanced Telephony Unit warned that within three years Title III wiretaps
would be useless: no more than 40% would be intelligible and that in the worst case all might be rendered useless [2]. The world did not go dark. On
the contrary, law enforcement has much better and more effective surveillance capabilities now than it did then. The goal of this report is to similarly
analyze the newly proposed requirement of exceptional access to communications in todays more complex, global information infrastructure. We find

that it would pose far more grave security risks, imperil innovation, and raise thorny issues for human
rights and international relations. There are three general problems. First, providing exceptional access to
communications would force a U-turn from the best practices now being deployed to make the Internet
more secure. These practices include forward secrecy where decryption keys are deleted immediately after use, so that
stealing the encryption key used by a communications server would not compromise earlier or later
communications. A related technique, authenticated encryption, uses the same temporary key to guarantee confidentiality and to verify that the
message has not been forged or tampered with. Second, building in exceptional access would substantially increase
system complexity. Security researchers inside and outside government agree that complexity is the enemy of
security every new feature can interact with others to create vulnerabilities. To achieve widespread exceptional access, new
technology features would have to be deployed and tested with literally hundreds of thousands of developers
all around the world. This is a far more complex environment than the electronic surveillance now deployed in telecommunications and Internet
access services, which tend to use similar technologies and are more likely to have the resources to manage vulnerabilities that may arise from new
features. Features to permit law enforcement exceptional access across a wide range of Internet and mobile computing applications could be

Third,
exceptional access would create concentrated targets that could attract bad actors. Security credentials that unlock the data
would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party. If law enforcements keys
guaranteed access to everything, an attacker who gained access to these keys would enjoy the same
privilege. Moreover, law enforcements stated need for rapid access to data would make it impractical to store keys offline or split keys among
particularly problematic because their typical use would be surreptitious making security testing difficult and less effective.

multiple keyholders, as security engineers would normally do with extremely high-value credentials. Recent attacks on the United States Government
Office of Personnel Management (OPM) show how much harm can arise when many organizations rely on a single institution that itself has security
vulnerabilities. In the case of OPM, numerous federal agencies lost sensitive data because OPM had insecure infrastructure. If service providers
implement exceptional access requirements incorrectly, the security of all of their users will be at risk.

Opinion of top experts and empirics flow aff encryption backdoors deck cybersecurity
Yegulalp 7/7/15 <Serdar Yegulalp, senior editor at InfoWorld, cites study written by top encryption experts, Encryption
backdoors: A bad idea then, a bad idea now, InfoWorld, http://www.infoworld.com/article/2945033/encryption/encryptionbackdoors-bad-idea-then-bad-idea-now-say-scientists.html>//wx
Should governments be allowed to keep the keys to encryption backdoors? The short answer, according to a group of computer
scientists who helped created modern encryption, is not only no, but resoundingly no, no, a thousand times no . Providing
encryption backdoors in any form weakens encryption across the board for everyone -- including the good guys, argue the authors of a new
research paper released today. Keys under doormats In "Keys Under Doormats: Mandating insecurity by requiring government access to all data and
communications," 14 computer scientists and encryption experts fiercely rebut the latest attempts to make encrypted information more
accessible to law enforcement. Among the paper's authors are pivotal names in their respective fields: MIT computer science professor
Harold Abelson; security researcher Bruce Schneier; computer scientist Peter G. Neumann; Ronald Rivest, co-creator of the RSA encryption algorithm; and
Whitfield Diffie, one of the co-creators of public-key cryptography. So-called key escrow schemes "force a U-turn from the best practices now
being deployed to make the Internet more secure;" make encryption systems more difficult to build and debug; and would create known weaknesses
in encryption that would simply attract concentrated efforts to break them, according to the paper. "If law enforcement's keys guaranteed access to
everything, an attacker who gained access to these keys would enjoy the same privilege ," the paper argues. Blasts from the past
Government's previous efforts to weaken encryption -- both above- and below-board -- ended badly. The Clipper chip, a key escrow system for voice
communications created in the 1990s, met with strong resistance from both privacy advocates and cryptograph ers, with the latter

demonstrating that the chip was demonstrably insecure on its own terms. In 2013, word surfaced that the NSA had subtly weakened NIST-supported encryption
standards to make them more amenable to automated attack -- a strategy that would only serve the NSA as long as no one else knew of the weakness. Today's
renewed calls for law-enforcement access to encryption keys proffer the same arguments as earlier efforts -- mainly, that encryption enables criminals to evade
law enforcement. However, the crucial question to ask about key escrow scheme s, the authors argue, is whether granting such access
creates problems at least as large as the ones they claim to solve. The stakes involved in weakening encryption today are far
higher than they were in the 1990s, the paper insists. Far more real-world infrastructure depends on encryption than ever before, and switching
those systems over to key-escrow encryption makes them more vulnerable to attackers. "Lawmakers should not risk the real economic,
geopolitical, and strategic benefits of an open and secure Internet for law enforcement gains that are at best minor and tactical ,"
the paper's authors write.

Backdoors deck US cybersecurity most qualified authors agree


Ableson et al 7/6/15 <Harold, Professor of Electrical Engineering and Computer Science at MIT, a fellow of the IEEE, and a
founding director of both Creative Commons and the Free Software Foundation, 7/16/15, Computer Science and Artificial
Intelligence Laboratory Technical Report, MIT, p. 6-7, http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR2015-026.pdf?sequence=8>//wx
We begin by reviewing the findings on the risks of key recovery/key escrow systems from a paper that many of us wrote almost
20 years ago[1]. Many of us came together then to 6 examine the security risks of ensuring law enforcement access to encrypted
information. We found that any key escrow system had basic requirements that placed substantial costs on end users, and that
these costs would have been too difficult and expensive to implement. For law enforcement to have quick and reliable access to
plaintext, every key escrow system required the existence of highly sensitive yet perennially available secret keys. This
requirement alone inevitably leads to an increased risk of exposure, inflated software complexity, and high economic costs. The
first downside is increased risk of a security incident. An organization that holds an escrow key could have a malicious insider
that abuses its power or leaks that organizations key. Even assuming an honest agency, there is an issue of competence:
cyberattacks on keyholders could easily result in catastrophic loss . The additional complexity of a key escrow system
compounds these risks. At the time, all openly proposed key escrow solutions had major flaws that could be exploited; even
normal encryption was difficult to implement well, and key escrow made things much harder. Another source of complexity was
the scale of a universal key recovery system the number of agents, products, and users involved would be immense, requiring
an escrow system well beyond the technology of the time. Further, key escrow threatened to increase operational complexity: a
very large number of institutions would have to securely and safely negotiate targeting, authentication, validity, and information
transfer for lawful information access. All of the above factors raise costs. Risks of exposure, for instance, change the threat
landscape for organizations, which must then worry about mistaken or fraudulent disclosures. The government would have
increased bureaucracy to test and approve key recovery systems. Software vendors would have to bear the burden of increased
engineering costs. In 1997, we found that systems enabling exceptional access to keys would be inherently less secure, more
expensive, and much more complex than those without. This result helped policymakers decide against mandated exceptional
access. 1.3 What has changed and what remains the same since 1990s? It is impossible to operate the commercial Internet or
other widely deployed global communications network with even modest security without the use of encryption. An extensive
debate in the 1980s and 1990s about the role of encryption came to this conclusion once before. Today, the fundamental
technical importance of strong cryptography and the difficulties inherent in limiting its use to meet law enforcement purposes
remain the same. What has changed is that the scale and scope of systems dependent on strong encryption are far greater, and
our society is far more reliant on far-flung digital networks that are under daily attack.

Encryption keys cause decreased protection against hackers


Rodriguez 7/7/15 <Salvador, Correspondent for the International Business Times, focused on covering Google, Apple, Yahoo
and diversity within the tech industry, cites study by top cyberexperts, 7/7/15, Cybersecurity Experts Recommend Against
Encryption Backdoors For Government Agencies, International Business Times, http://www.ibtimes.com/cybersecurity-expertsrecommend-against-encryption-backdoors-government-agencies-1998670>//wx
A group of the world's top cybersecurity experts recommend against giving government agencies like the FBI and the National Security Agency
backdoor access to the encrypted information stored by tech giants like Google and Facebook, saying it would put sensitive data at risk of
being compromised by hackers. The experts took their stance in a paper issued this week prior to an upcoming Senate Judiciary Committee hearing
where U.S. officials are scheduled to speak about why government agencies need access to this kind of data to defend national security and enforce the law. In
the past year, law officials have faced off with privacy advocates and tech companies hoping to gain so-called exceptional access to their

encrypted data. "These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo
progress on security at a time when Internet vulnerabilities are causing extreme economic harm," the experts said in the paper. "We find that it would
pose far more grave security risks, imperil innovation, and raise thorny issues for human rights and international relations ." The
cybersecurity experts argue that creating these backdoor keys would require tech companies to avoid using the best security practices, making the sensitive data
they store for their users vulnerable to hackers. Additionally, creating these kinds of systems would require complex configurations, which typically create more

loopholes that can be exploited by hackers. What's more, if agencies like the FBI or NSA were breached, those backdoor keys could be used by
hackers to access the consumer data stored by tech companies . Those are now plausible scenarios following recent breaches
into the systems of the U.S. Office of Personnel Management and the Interior Department. Finally, giving backdoor access to agencies in the U.S. or
the United Kingdom could set a bad precedent and lead countries like China and Russia to demand similar access from American companies that offer services
within their borders, the security experts said. "Such access will open doors through which criminals and malicious nation-states can
attack the very individuals law enforcement seeks to defend . The costs would be substantial, the damage to innovation severe, and the
consequences to economic growth difficult to predict," the paper reads.

Eliminating NSA backdoors key to cybersecurity and national security firewall protections
Center for Democracy and Technology 11/10/14 CDT is a non-profit organization that works to find solutions to pressing
internet policy challenges. (CDT, Issue brief: A backdoor to encryption for government surveillance, Center for Democracy and
Technology. https://d1ovv0c9tw0h0c.cloudfront.net/files/2014/11/issuebrief-backdoorencryption.pdf)//ET
Encrypting smartphones and other tech products will help protect against malicious hacking , identity theft , phone theft, and other crimes .
However, a government mandate requiring companies to build a backdoor through encryption to facilitate surveillance would put
consumers at grave risk and impose heavy costs on US businesses. The government can obtain information for investigations from other sources and may
be able to compel an individual to decrypt information with a search warrant. What companies have done recently: Apple and Google recently announced
that their newer smartphones will be encrypted by default. This means that all the data stored on the phone itself will be unreadable to anyone who
accesses the phone without knowing the owners password or key to unlock the encryption. Weak encryption (or obvious passwords) can be broken by widely
available cracking programs, but Apple and Google announced they will apply strong encryption to their devices. Prior to this announcement, many other
companies and nonprofits have long offered products and services, including phones, secured by strong encryption to the public. The primary impact: The
primary impact of this change will be to increase security from cybercriminals for regular smartphone users. Encryption by default ensures
that if criminals steal or attempt to hack into a phone, they will be unable to access the owners sensitive data stored on the device, such as
credit card information, photos, emails, medical records, social media accounts, and more. Millions of American smartphone users are targets of
identity theft, phone theft, and cybercrime, and the principle objective of securing smartphones with strong encryption is to protect against these problems. What
the FBI wants: The FBI wants a backdoor into encrypted products not just phones, but other communications services as well. In a recent speech, FBI
Director Comey called for companies to build security flaws into their encrypted products so that the government can break through and wiretap consumers or
seize data stored on their devices. Director Comey suggested that Congress should enact legislation to impose this requirement on all communications service
providers. A backdoor for government surveillance: During his speech, Director Comey stated the FBI was not actually seeking a backdoor because he is
proposing that companies intentionally build a means of breaking encryption for the purpose of government access into their products and services. However,
this conflates a legal backdoor with a technical one: as a technical matter, creating a path through encryption to provide access that the user does not authorize
is, by definition, a backdoor security vulnerability into the device. It is impossible to build encryption that can be circumvented without creating a technical
backdoor. Backdoors create major problems: Backdoors severely weaken cybersecurity, leaving users exposed to malicious hacking and crime.
A government-mandated security vulnerability in tech products would also be a huge burden on businesses and an obstacle to innovation. User security
undermined: A fundamental problem with a backdoor is that there is no way to control who goes through it. If the US government can exploit
a backdoor security vulnerability to access a consumers device, so will malicious hackers, identity thieves, and foreign governments. This
will devastate the security of not just individual consumers around the world, but also the many businesses that use American commercial tech

products day-to-day. Ultimately, this mandate would have the effect of actually enabling cybercrime and undermining national
security. US businesses harmed: Consumers outside of the US may be much less inclined to purchase American tech products that facilitate government
surveillance. Consider, for example, the difficulty US companies would have selling smartphones or network servers in the EU that are built to enable easy
access for the NSA. As a technical matter, it is difficult and expensive to both build a backdoor security vulnerability and then defend that vulnerability against
unauthorized use. This burden would be heaviest on small businesses and innovators of new communications services, which may create a disincentive to
encrypt their products and reduce the overall security of users.

Backdoors results in more vulnerabilities and bad actors getting access.


Kassner 7/14/15 - Micheal Kasner is fellow of ASM international and won the Oregon College of Engineering award, Cites
many cybersecurity authors like Susan Landau and the people on the National Institute of Standards and Technology( Micheal, Why
government-mandated encryption backdoors are bad for US businesses, http://www.techrepublic.com/article/why-government-mandated-encryption-backdoorsare-bad-for-us-businesses/)//pk
The authors write: "Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of
computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely
effects of imposing extraordinary access mandates." Next, the coauthors issue a stern warning, "We have found that the damage that

could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20
years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today's internet environment,
any proposals that alter the security dynamics online should be approached with caution ." The coauthors do not mince words, ending the
paper's executive summary with, "Many of us worked together in 1997 in response to a similar but narrower and better defined proposal called the Clipper Chip."
What are exceptional access mechanisms? The term backdoor is normally used, but as academics will do, they chose a new one:
exceptional access mechanisms. Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute and one of the paper's authors, in
this Lawfare Institute blog defines exceptional access mechanisms as, "Some form of technology that will enable government access to content even if the

content is encrypted." Three problems with the government's request The scientists state they analyzed the government's request for
exceptional access to communications, and they feel there are three challenges. The first issue is providing exceptional access to
communications would negate many best practices now being deployed to make the internet more secure, including forward secrecy,
where decryption keys are deleted right after being used. The second issue is adding exceptional access would increase the complexity of
already complex security systems, which in turn increases the likelihood of vulnerabilities . The authors make the point, "Features to

permit law enforcement exceptional access across a wide range of internet and mobile computing applications could be
particularly problematic because their typical use would be surreptitious making security testing difficult and less effective." The
third issue is, just as databases of credit-card information interest digital criminals more so than the information from one individual's credit card, exceptional
access will allow bad actors to focus on fewer targets to get the same results. The third problem is especially troubling. "Recent attacks
on the United States Government Office of Personnel Management (OPM) show how much harm can arise when many
organizations rely on a single institution that itself has security vulnerabilities, " write the coauthors. "In the case of OPM, numerous federal
agencies lost sensitive data because OPM had insecure infrastructure. If service providers implement exceptional access requirements
incorrectly, the security of all of their users will be at risk." Cory Doctorow speaks to this in his book Information Doesn't Want to Be Free (page 126): "If you
weaken the world's computer security the security of our planes and nuclear reactors, our artificial hearts and our thermostats, and, yes,
our phones and our laptops, devices that are privy to our every secret then no amount of gains in the War on Terror will balance out the costs
we'll all pay in vulnerability to crooks, creeps, spooks, thugs, perverts, voyeurs, and anyone else who independently discovers
these deliberate flaws and turns them against targets of opportunity."

Backdoor encryption is bad hurts economic growth, innovation, cybersecurity, and political
authority
Page 15 editor for the inquirer (Carly, Crypto experts slam government encryption backdoor demands, 7/8/15,
http://www.theinquirer.net/inquirer/news/2416875/crypto-experts-slam-government-encryption-backdoor-demands)
A GROUP OF CRYPTOGRAPHERS AND COMPUTER SCIENTISTS has blasted demands from US and British governments for
backdoors to encryption systems, saying that it would cause a "major security risk". The report from the Massachusetts Institute
of Technology (MIT) Computer Science and Artificial Intelligence Lab criticises plans to allow law enforcement agencies
unfettered access to encrypted data, following in the footsteps of Apple and Google. UK prime minister David Cameron, for
example, said recently that services such as iMessage and WhatsApp should be banned if British intelligence services cannot
access them, while the FBI has argued that access to encrypted communications is crucial in the fight against terrorism. MIT said
in a 34-page paper, compiled by the likes of security expert Bruce Schneier and professor Ross Anderson from Cambridge
University, that this is a bad idea and will create a major security risk. "Such access will open doors through which criminals and
malicious nation states can attack the very individuals law enforcement seeks to defend, the paper said. "The costs would be
substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the
developed countries soft power and to our moral authority would also be considerable." The paper noted that granting
governments backdoors to encryption systems will also make them a more appealing target to hackers and increase the risk of
data breaches. "Security credentials that unlock the data would have to be retained by the platform provider, law enforcement
agencies, or some other trusted third party," it said. "If law enforcement's keys guaranteed access to everything, an attacker who
gained access to these keys would enjoy the same privilege. "Recent attacks on the US Government Office of Personnel
Management show how much harm can arise when many organisations rely on a single institution that itself has security
vulnerabilities."

Back door encryption creates vulnerabilities leaves room for bad actors
Kassner 15 Freelance writer and editing professional with 15 years of experience covering technology, science,
and business. (Michael, Why government-mandated encryption backdoors are bad for US businesses, 7/14/15,
http://www.techrepublic.com/article/why-government-mandated-encryption-backdoors-are-bad-for-us-businesses/)
The scientists state they analyzed the government's request for exceptional access to communications, and they feel there are
three challenges. The first issue is providing exceptional access to communications would negate many best practices now being
deployed to make the internet more secure, including forward secrecy, where decryption keys are deleted right after being used.
The second issue is adding exceptional access would increase the complexity of already complex security systems, which in turn
increases the likelihood of vulnerabilities. The authors make the point, "Features to permit law enforcement exceptional access
across a wide range of internet and mobile computing applications could be particularly problematic because their typical use
would be surreptitious making security testing difficult and less effective." The third issue is, just as databases of credit-card
information interest digital criminals more so than the information from one individual's credit card, exceptional access will allow
bad actors to focus on fewer targets to get the same results. The third problem is especially troubling. "Recent attacks on the
United States Government Office of Personnel Management (OPM) show how much harm can arise when many organizations

rely on a single institution that itself has security vulnerabilities," write the coauthors. "In the case of OPM, numerous federal
agencies lost sensitive data because OPM had insecure infrastructure. If service providers implement exceptional access
requirements incorrectly, the security of all of their users will be at risk."

Backdoor encryption creates the greatest security risks now


Kassner 15 Freelance writer and editing professional with 15 years of experience covering technology, science,
and business. (Michael, Why government-mandated encryption backdoors are bad for US businesses, 7/14/15,
http://www.techrepublic.com/article/why-government-mandated-encryption-backdoors-are-bad-for-us-businesses/)
With a sense of dj vu, the same group plus four new and also highly-regarded computer scientists published a paper in July
2015 under the auspices of MIT's Computer Science and Artificial Intelligence Lab titled Keys Under Doormats: Mandating
insecurity by requiring government access to all data and communications (PDF). The authors write: "Today we are again
hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer
scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the
likely effects of imposing extraordinary access mandates." Next, the coauthors issue a stern warning, "We have found that the
damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would
have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today's internet
environment, any proposals that alter the security dynamics online should be approached with caution." The coauthors do not
mince words, ending the paper's executive summary with, "Many of us worked together in 1997 in response to a similar but
narrower and better defined proposal called the Clipper Chip."

Encryption backdoors have critical infrastructure in a critically dangerous situation


Perlroth, research of cyber security and top cybersecurity journalist of 2014, 7/7/15
(Nicole Perlroth, The New York Times business, national, and foreign news sections,
http://www.nytimes.com/2015/07/08/technology/code-specialists-oppose-us-and-british-government-access-to-encryptedcommunication.html?_r=0)RL
An elite group of security technologists has concluded that the American and British governments cannot demand
special access to encrypted communications without putting the world's most confidential data and critical infrastructure in
danger. A new paper from the group, made up of 14 of the world's pre-eminent cryptographers and computer
scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists
and privacy advocates. After Edward J. Snowden's revelations - with security breaches and awareness of nationstate surveillance at a record high and data moving online at breakneck speeds - encryption has emerged as a
major issue in the debate over privacy rights. That has put Silicon Valley at the center of a tug of war. Technology
companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and
customer data after learning that the United States National Security Agency and its counterparts were siphoning
off digital communications and hacking into corporate data centers. Yet law enforcement and intelligence agency
leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain,
Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Adm.
Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key
to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government
agency could use it alone. The encryption debate has left both sides bitterly divided and in fighting mode . The group of
cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of
Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, were scheduled to
testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that
encryption technologies will prevent them from effectively doing their jobs. The new paper is the first in-depth
technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield
Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the ''R'' in the widely used RSA public
cryptography algorithm. In the report, the group said any effort to give the government ''exceptional access'' to encrypted

communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power
grid at risk. Handing governments a key to encrypted communications would also require an extraordinary degree of trust . With
government agency breaches now the norm - most recently at the United States Office of Personnel Management, the
State Department and the White House - the security specialists said that the authorities could not be trusted to keep such
keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to
communications, China and other governments in foreign markets would be spurred to do the same. ''Such access will open
doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend ,'' the
report said. ''The costs would be substantial, the damage to innovation severe and the consequences to economic
growth hard to predict. The costs to the developed countries' soft power and to our moral authority would also be
considerable.'' A spokesman for the F.B.I. declined to comment ahead of Mr. Comey's appearance before the Senate
Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, ''Our job is to find needles in a
nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption.'' A Justice

Department official, who spoke on the condition of anonymity before the hearing, said that the agency supported
strong encryption, but that certain uses of the technology - notably end-to-end encryption that forces law
enforcement to go directly to the target rather than to technology companies for passwords and communications interfered with the government's wiretap authority and created public safety risks. Paul Kocher, the president of the
Rambus Cryptography Research Division, who did not write the paper, said that it shifted the debate over
encryption from how much power intelligence agencies should have to the technological underpinnings of gaining
special access to encrypted communications. The paper ''details multiple technological reasons why mandatory
government back doors are technically unworkable, and how encryption regulations would be disastrous for computer security ,''
Mr. Kocher said. ''This report ought to put to rest any technical questions about 'Would this work?''' The group behind the
report has previously fought proposals for encryption access. In 1997, it analyzed the technical risks and
shortcomings of a proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in
cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products
that would have ensured that the government would always be able to unlock scrambled communications. The
government abandoned the effort after an analysis by the group showed it would have been technically
unworkable. The final blow was the discovery by Matt Blaze, then a 32-year-old computer scientist at AT&T Bell
Laboratories and one of the authors of the new paper, of a flaw in the system that would have allowed anyone with
technical expertise to gain access to the key to Clipper-encrypted communications. Now the group has convened for
the first time since 1997. ''The decisions for policy makers are going to shape the future of the global Internet and
we want to make sure they get the technology analysis right,'' said Daniel J. Weitzner, head of the Cybersecurity
and Internet Policy Research Initiative at the Massachusetts Institute of Technology and a former deputy chief
technology officer at the White House, who coordinated the latest report. In the paper, the authors emphasized that
the stakes involved in encryption are much higher now. In the 1990s, the Internet era was just beginning. Today,

the government's plans could affect the technology used to lock data from financial and medical institutions, and poke a hole in
mobile devices and countless other critical systems that are moving rapidly online, including pipelines, nuclear facilities and the
power grid. ''The problems now are much worse than they were in 1997,'' said Peter G. Neumann, a co-author of both
the 1997 report and the new paper, who is a computer security pioneer at SRI International, the Silicon Valley
research laboratory. ''There are more vulnerabilities than ever, more ways to exploit them than ever, and now the government
wants to dumb everything down further. '' ''The government's proposals for exceptional access are wrong in principle and
unworkable in practice,'' said Ross Anderson, a professor of security engineering at the University of Cambridge and
the paper's sole author in Britain. ''That is the message we are going to be hammering home again and again over
the next few months as we oppose these proposals in your country and in ours.''

--xt backdoors fail


Encryption backdoors are useless lack of corporate co-op and structural barriers
Lin 15 <Herbert, Senior Research Scholar, Center for International Security and Cooperation Research Fellow, Hoover
Institution Chief Scientist (Emeritus), CSTB, National Academies, 7/8/2015, Testimony for the Senate Judicial Committee,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Lin%20Testimony.pdf>//wx
First, the US government has framed solutions to the going dark problem around the concept of NOBUS access to encrypted data.
(NOBUS stands for nobody but us where us is the government , a term first used publicly by Michael Hayden.) This approach has generated
polarization around two positions. One side says NOBUS access inevitably weakens the security of a system and will eventually be compromised by a bad guy;
the other side says it doesnt weaken security and wont be compromised. Neither side can prove its case, and we see a theological clash of absolutes. To get
out of this box, lets instead consider time scale. If it takes a thousand years for a bad guy to figure out how to hack a NOBUS mechanism,
thats probably secure enough. If it takes him 30 seconds, using that mechanism is a dumb idea . So somewhere between 30 seconds
and a thousand years, the mechanism changes from being unworkable to being secure enough. How can we estimate the time the bad guy needs? We dont
understand very well today how to make these estimates for computer systems. But there are methodologies that are often used today to make such estimates
for systems in other domains. For example, an approach called probabilistic risk analysis is often used in estimating the time before a nuclear reactor
experiences a meltdown. Generally speaking, one estimates the probabilities of various sequences of events that could lead to failure whats called fault and
event tree analysis, and out of that comes an estimate that it will take 10,000 years or a million years. Opponents and proponents of nuclear power use different
numbers to make their probability estimates, but at least they use the same methodology and they can identify where they disagree technically. Thats a better
outcome than shouting at each other over a table saying yes or no. The most important thing about this approach is that it requires a specific reactor design
and siting plan to analyze. Only when specifics are involved can one actually have a technical debate. Would a similar approach work in analyzing a proposed
NOBUS mechanism? I think so, but I could be wrong. Thats why its a research problem we should assess whether such methodologies can be
usefully applied to estimate how long it might take for a bad guy to hack any specific NOBUS mechanism. But the government

has not yet provided any specifics, arguing that private vendors should do it. At the same time, the vendors wont do it, because
its customers arent demanding such features. Indeed, many customers would see such features as a reason to avoid a given
vendor. Without specifics, there will be no progress. I believe the government is afraid that any specific proposal will be subject to enormous criticismand
thats truebut the government is the party that wants NOBUS access, and rather than running away from such criticism, it should embrace any resulting
criticism as an opportunity to improve upon its initial designs. Exactly the same issues came up in the 1990s, only then the government did propose a specific
mechanism. When the National Academies studied the problem then, it made a recommendation that still makes sense todaya prerequisite for going down
this path is for the government to gain experience about how to properly operate a governmentonly system allowing NOBUS access. Without such experience ,
large scale deployment of any access mechanism across the entire nation is asking for trouble . A final point is asking the major
vendors to provide NOBUS access is only the first step , as Director Comey implied in his comments regarding endtoend encryption to CNN on
June 18. The next step is to impose access requirements on small app and open source developers , because they can build apps that
bypass NOBUS mechanisms built into the platforms. And then you have to prevent people from bringing into the U.S. apps from abroad
that dont have NOBUS access, which means an Internet firewall around the United States that blocks such apps and border inspections
and import controls. Second, a partial alternative to NOBUS access is for law enforcement authorities to obtain legal authorization to take advantage of
the vulnerabilities that already exist in all software. With proper legal authorization, law enforcement could hack the devices of bad guys to obtain unencrypted
information when the bad guys themselves accessed it, and they do this to some extent today. Third, criminals are just like the rest of us in that they also forget
passwords, and if they have not saved them somewhere, certain crimes will not happen because the wouldbe perpetrators will not be able to get the information
needed to commit them. Remember also that data is often backed up to the cloud by default. So criminals will want mechanisms that enable them to retrieve
inaccessible data, and if they do, thats a way that law enforcement can gain access. I hope that these comments are helpful and Im ready to answer questions. I
ask that a number of relevant documents that support my testimony be entered into the record. These documents have already been provided to Committee
staff.

Backdoors compromise data security and US legitimacy


Wyden 14 (Ron, Senior Senator of Oregon, Member of the Congressional Internet Caucus and United States Senate Select
Committee on Intelligence, With hackers running rampant, why would we poke holes in data security?, 12/14/14,
http://www.latimes.com/opinion/op-ed/la-oe-1215-wyden-backdoor-for-cell-phones-20141215-story.html)ML
Hardly a week goes by without a new report of some massive data theft that has put financial information, trade secrets or
government records into the hands of computer hackers. The best defense against these attacks is clear: strong data encryption and
more secure technology systems. The leaders of U.S. intelligence agencies hold a different view . Most prominently, James Comey, the
FBI director, is lobbying Congress to require that electronics manufacturers create intentional security holes so-called back
doors that would enable the government to access data on every American's cellphone and computer, even if it is protected by
encryption. Unfortunately, there are no magic keys that can be used only by good guys for legitimate reasons . There is only strong
security or weak security. Americans are demanding strong security for their personal data. Comey and others are suggesting that security
features shouldn't be too strong, because this could interfere with surveillance conducted for law enforcement or intelligence
purposes. The problem with this logic is that building a back door into every cellphone, tablet, or laptop means deliberately
creating weaknesses that hackers and foreign governments can exploit. Mandating back doors also removes the incentive for

companies to develop more secure products at the time people need them most; if you're building a wall with a hole in it, how much are you going
invest in locks and barbed wire? What these officials are proposing would be bad for personal data security and bad for business and
must be opposed by Congress. In Silicon Valley several weeks ago I convened a roundtable of executives from America's most innovative tech companies. They
made it clear that widespread availability of data encryption technology is what consumers are demanding . It is also good public policy.
For years, officials of intelligence agencies like the NSA, as well as the Department of Justice, made misleading and outright inaccurate
statements to Congress about data surveillance programs not once, but repeatedly for over a decade . These agencies spied
on huge numbers of law-abiding Americans, and their dragnet surveillance of Americans' data did not make our country safer .
Most Americans accept that there are times their government needs to rely on clandestine methods of intelligence gathering to protect national security and
ensure public safety. But they also expect government agencies and officials to operate within the boundaries of the law, and they now know how
egregiously intelligence agencies abused their trust. This breach of trust is also hurting U.S. technology companies ' bottom line,
particularly when trying to sell services and devices in foreign markets . The president's own surveillance review group noted that concern about
U.S. surveillance policies can directly reduce the market share of U.S. companies. One industry estimate suggests that lost market share will cost just the U.S.
cloud computing sector $21 billion to $35 billion over the next three years. Tech firms are now investing heavily in new systems, including
encryption, to protect consumers from cyber attacks and rebuild the trust of their customers . As one participant at my roundtable put it, I'd
be shocked if anyone in the industry takes the foot off the pedal in terms of building security and encryption into their products.

Prefer empirics Greece and China prove


Wyden 14 (Ron, Senior Senator of Oregon, Member of the Congressional Internet Caucus and United States Senate Select
Committee on Intelligence, With hackers running rampant, why would we poke holes in data security?, 12/14/14,
http://www.latimes.com/opinion/op-ed/la-oe-1215-wyden-backdoor-for-cell-phones-20141215-story.html)ML
Tech firms are now investing heavily in new systems, including encryption, to protect consumers from cyber attacks and rebuild the trust of their customers. As
one participant at my roundtable put it, I'd be shocked if anyone in the industry takes the foot off the pedal in terms of building security and encryption into their
products. Built-in back doors have been tried elsewhere with disastrous results. In 2005, for example, Greece discovered that
dozens of its senior government officials' phones had been under surveillance for nearly a year. The eavesdropper was never identified,
but the vulnerability was clear: built-in wiretapping features intended to be accessible only to government agencies following a legal process. Chinese
hackers have proved how aggressively they will exploit any security vulnerability . A report last year by a leading cyber security
company identified more than 100 intrusions in U.S. networks from a single cyber espionage unit in Shanghai . As another tech
company leader told me, Why would we leave a back door lying around?

Encryption backdoors leave vulnerabilities bad actors


Chaffetz 15 - the U.S. Representative for Utah's 3rd congressional district, first elected in 2008. He is a member of
the Republican Party. (Encryption Technology and Potential U.S Policy Responses, Jason E. Chaffetz, April 29,
2015, Opening Statement: Committee on Oversight and Government Reform,
https://oversight.house.gov/hearing/encryption-technology-and-potential-u-s-policy-responses/)//chiragjain
I thank the Chairman and I appreciate your passion and this topic. It affects literally every American. It affects people all across the
world. I think one of the great questions that will be posed to our society and certainly our country as a whole is
how to find the right balance between personal privacy and national security. I for one am not willing to give up
every bit of privacy in the name of security. So how do we find that right balance? Its not easy to find. In response to the
recent moves by Apple and Google mentioned by Chairman Hurd, FBI Director Comey recommended, a
regulatory or legislative fix, which would force companies to manufacture their mobile devices in such a way that law
enforcement can access the data on those devices with a warrant or court order. I have at least three general concerns with
Director Comeys proposal as I understand it. First, its impossible to build a backdoor only for the good
guys you think, just the good guys can get this. If somebody at the Genius Bar can figure it out so can the nefarious
folks in a van down by the river [can figure it out]. As Alex Stamos, Yahoo!s chief information security officer, recently
explained: All of the best public cryptographers in the world would agree that you cant really build
backdoors in crypto. That its like drilling a hole in the windshield. The Commerce Departments National Institute

of Standards and Technologies chief cyber- security adviser agreed, saying, Theres no way to do this
where you dont have unintentional vulnerability. I worry about those unintentional vulnerabilities. We
have a wide variety of experts on the panel today to help us examine some of the potential economic, privacy, security, and
geopolitical consequences of introducing a vulnerability into the system.

We live in the golden age of surveillance yet the backdoors remain


vulnerable others exploit it
Chaffetz 15 - the U.S. Representative for Utah's 3rd congressional district, first elected in 2008. He is a member of
the Republican Party. (Encryption Technology and Potential U.S Policy Responses, Jason E. Chaffetz, April 29,
2015, Opening Statement: Committee on Oversight and Government Reform,
https://oversight.house.gov/hearing/encryption-technology-and-potential-u-s-policy-responses/)//chiragjain

Second, we already

live in what some experts have referred to as the golden age of surveillance for law
enforcement. Federal, state, and local law enforcement have never had more tools at their disposal to help
detect, prevent, and prosecute crime. It seems we hear every day there is a new and often startling story about the U.S.
governments ability to track its own citizens. I recognize technology can be a double-edged sword and may pose
challenges for law enforcement as well, but we are certainly not going dark, and in many ways have never been brighter.
Third, strong encryption prevents crime and is a part of the economy. People keep their lives on their mobile phones.
A typical mobile phone might hold a persons pictures, contacts, communications, finances, schedule, and much more personal
information in addition to my Words with Friends which is critical to my daily sanity. If your phone is lost or stolen you
want to know your information is protected. Encryption does that. There is a reason the worlds largest
technology companies are increasingly developing stronger and more user-friendly encryption techniques. Its

not because they are anti-law enforcement. On the contrary, its because sophisticated cyber hacks are
near daily events. No one is immune from digital snooping - from the White House to corporate America to private citizens.
The opportunities brought to us by modern technology are nearly limitless but not if the system is compromised. Strong
encryption helps ensure data is secure and allows companies and individuals to operate with confidence
and trust. I look forward to hearing from our witnesses today. We have choices to make. Do we allow the 99 percent of Americans
who are good, honest, decent, hardworking and patriotic people to have encrypted phones? Or do we need to leave a backdoor open
and create vulnerability for all of them? Because vulnerability is all or nothing folks. Its not just a little bit. Its not

just for the good guys. And thats why we are having this hearing today.

Backdoor access causes system weaknesses Global expert consensus


Trevor Timm 15 (Guardian US columnist and executive director of the Freedom of the Press Foundation,
http://www.theguardian.com/commentisfree/2015/mar/04/backdoors-encryption-china-apple-google-nsa)CK
As Yahoos top security executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week, building
backdoors into encryption is like drilling a hole into a windshield. Even if its technically possible to produce the flaw - and we,
for some reason, trust the US government never to abuse it - other countries will inevitably demand access for themselves.
Companies will no longer be in a position to say no, and even if they did, intelligence services would find the backdoor
unilaterally - or just steal the keys outright. For an example on how this works, look no further than last weeks Snowden
revelation that the UKs intelligence service and the NSA stole the encryption keys for millions of Sim cards used by many of the
worlds most popular cell phone providers. Its happened many times before too. Security expert Bruce Schneier has
documented with numerous examples, Back-door access built for the good guys is routinely used by the bad guys. Stamos
repeatedly (and commendably) pushed the NSA director for an answer on what happens when China or Russia also demand
backdoors from tech companies, but Rogers didnt have an answer prepared at all. He just kept repeating I think we can work
through this. As Stamos insinuated, maybe Rogers should ask his own staff why we actually cant work through this, because
virtually every technologist agrees backdoors just cannot be secure in practice.

Backdoors cause security concerns and attacks- anyone can get access
Gold 9/15/2014, Staff Writer for Engineering and Technology Magazine (Steve Gold, Engineering and Technology Magazine,
Volume 9 Edition 9 Communications device cyber-security: 'backdoors' http://eandt.theiet.org/magazine/2014/09/backdoors-tothe-future.cfm)NF
On the mobile front, phone operator Three launched the UK's first 3G network with an array of battery-hungry handsets mainly
from Chinese manufacturer Huawei in 2003, but it took until the late 2000s before the first dedicated 3G modems and USB sticks
(aka '3G dongles') appeared to kick-start in earnest the world of mobile data communications for mass consumption. Security

had always been an issue. Rumours of 'backdoors' in 3G modems had been bouncing around in
information security circles for years before a revealing presentation at Black Hat Europe 2013 raised more general
awareness of the possibility and, for many, confirmed the topic as a legitimate cause for concern . Nikita
Tarakanov, an independent IT researcher from Russia, presented a paper entitled 'From China with Love' co-written with fellow
industry colleague Oleg Kupreev which detailed some startling 'features' of a wide range of Huawei cellular broadband dongles.
Tarakanov explained that, in the preceding 12 months or so, he and Kupreev had been researching socalled 'backdoors' into the company's 3G dongles and even though Huawei is a major supplier of mobile broadband dongles,
and there are dozens of models available in different markets around the world they are mostly based around a single
chassis. This chassis, the researcher said, has a number of 'vulnerabilities' (or 'features', depending on who you
talk to and what they're willing to divulge) that allow all manner of remote feeds and access to the device.

Because of this, Tarakanov reckons that a typical Huawei USB modem can be used for a number of
security attack vectors. These include: a flash memory attack on the host computer, DNS (Domain Name

System) poisoning, auto-update poisoning, rogue XML re-configuration and Wi-Fi auto-connect-based
attacks using a pre-set approach to compromising the modem itself.

Backdoors are open for anyone to attack- no magic key for government
Wyden, Senator of the United States 12/14/2014 (Ron Wyden, senior United States Senator for Oregon since 1996,
Previous member of the United States House of Representatives from 1981 to 1996, Juris Doctor degree from the University of
Oregon School of Law. Los Angeles Times Newspaper, With hackers running rampant, why would we poke holes in data
security? http://www.latimes.com/opinion/op-ed/la-oe-1215-wyden-backdoor-for-cell-phones-20141215-story.html)NF
The leaders of U.S. intelligence agencies hold a different view. Most prominently, James Comey , the FBI director, is lobbying
Congress to require that electronics manufacturers create intentional security holes so-called back doors
that would enable the government to access data on every American's cellphone and computer, even if it is
protected by encryption. In attack on encryption, FBI director ignores those who need protection Unfortunately, there are no
magic keys that can be used only by good guys for legitimate reasons. There is only strong security or
weak security. Americans are demanding strong security for their personal data. Comey and others are suggesting that
security features shouldn't be too strong, because this could interfere with surveillance conducted for law
enforcement or intelligence purposes. The problem with this logic is that building a back door into every
cellphone, tablet, or laptop means deliberately creating weaknesses that hackers and foreign governments
can exploit. Mandating back doors also removes the incentive for companies to develop more secure products at the time people
need them most; if you're building a wall with a hole in it, how much are you going invest in locks and barbed wire? What these
officials are proposing would be bad for personal data security and bad for business and must be opposed by Congress.
In Silicon Valley several weeks ago I convened a roundtable of executives from America's most innovative tech companies. They
made it clear that widespread availability of data encryption technology is what consumers are demanding.

Unfortunately, there are no magic keys that can be used only by good guys for legitimate reasons. There is only
strong security or weak security.- It is also good public policy. For years, officials of intelligence agencies like the NSA, as well as
the Department of Justice, made misleading and outright inaccurate statements to Congress about data surveillance programs not
once, but repeatedly for over a decade. These agencies spied on huge numbers of law-abiding Americans, and their dragnet
surveillance of Americans' data did not make our country safer. Most Americans accept that there are times their government needs
to rely on clandestine methods of intelligence gathering to protect national security and ensure public safety. But they also expect
government agencies and officials to operate within the boundaries of the law, and they now know how egregiously intelligence
agencies abused their trust. This breach of trust is also hurting U.S. technology companies' bottom line, particularly when trying to
sell services and devices in foreign markets. The president's own surveillance review group noted that concern about U.S.
surveillance policies can directly reduce the market share of U.S. companies. One industry estimate suggests that lost market share
will cost just the U.S. cloud computing sector $21 billion to $35 billion over the next three years . Tech firms are now
investing heavily in new systems, including encryption, to protect consumers from cyber attacks and rebuild
the trust of their customers. As one participant at my roundtable put it, I'd be shocked if anyone in the industry

takes the foot off the pedal in terms of building security and encryption into their products. Was Apple's
FairPlay worse for the record labels than for consumers? Built-in back doors have been tried elsewhere with
disastrous results. In 2005, for example, Greece discovered that dozens of its senior government officials' phones had been

under surveillance for nearly a year. The eavesdropper was never identified, but the vulnerability was clear: built-in wiretapping
features intended to be accessible only to government agencies following a legal process. Chinese hackers have proved how

aggressively they will exploit any security vulnerability. A report last year by a leading cyber security
company identified more than 100 intrusions in U.S. networks from a single cyber espionage unit in
Shanghai. As another tech company leader told me, Why would we leave a back door lying around?

Backdoors dont know the difference between FBI and hackers- extremely vulnerable to attacks
Geller 7/10/2015, (Eric Geller, Editor overseeing Daily Dots morning shift and staff writer, awarded the P.F. Kluge Collegian
Prize, Socrates Award for Academic Inquiry, English Achievement Award, Journalism Achievement Award, Highly educated in the
American political system and Public Policy process, the Daily Dot The Rise of the new Crypto War
http://www.dailydot.com/politics/encryption-crypto-war-james-comey-fbi-privacy/)NF
The starting point for any analysis of backdoor security is the indisputable fact that a backdoor is a new entry point into a secured
system. Adding a backdoor, Heninger said, increases the attack surface of the system. Foreign governments

and cybercriminals are constantly studying the encrypted systems of banks and email providers, looking
for any weak point. By virtue of its very existence, a backdoor increases their options. What worries researchers and
tech companies the most about a backdoor is the fact that it adds a vulnerability to a system that the systems
operator cannot fully manage. When companies implement their own encryption, they scrutinize every aspect of it to ensure

that it functions properly. They monitor attempted breaches and respond accordingly. They can fully evaluate their encryption
because it is theirs and theirs alone. A backdoor robs companies of that total control and awareness . It is not just that
a backdoor is another way into a system; it is that a backdoor is a way into a system that cannot be guarded by the
systems operators. You have this backdoor out there thats run by other people who arent telling you what kind of security
measures theyre taking, what kinds of protections they have, said Schoen. If you think that theres some precaution that they

ought to be using, you have no ability to get them to take that precaution. Imagine that you own a home with locks on all your doors
made by a trusted, respected company. Then the police ask you to add a new door to your house, protected by a lock whose key you
dont have. The police say they are the only ones with the key, but they wont tell you how theyre guarding that key, and they have a
history of being hacked and losing sensitive data. They wont even promise to tell you if someone steals their key. Would you agree to
add that door? You have this whole set of security risks about the people who administer the backdoor, and
their security and their security measures and their defenses against attacks , Schoen said. Backdoor opponents
love pointing out that, in the words of Sen. Ron Wyden (D-Ore.), Theres no such thing as a magic door that can only

be used by the good people for worthwhile reasons. Nearly every security expert interviewed for this story
stressed the fact that backdoors have no way of distinguishing between lawful and unlawful uses of their
secret access. A vulnerability is a vulnerability, Tien said. It doesnt know whether youre the FBI or
China. China, a major state sponsor of cyberattacks, allegedly used a government backdoor in Gmail to hack the
email provider in January 2010. Confirmed backdoor exploits extend beyond state actors. In 2007, a government backdoor in
the Greek wireless carrier Vodafone-Panafon allowed hackers to steal the data of Athens mayor and more than 100 Greek and
international officials. And in 2006, the Italian government began investigating a spy ring hidden inside Telecom Italia that taped
the phone conversations of politicians, industrialists, and even footballers. Hall described the Greek and Italian incidents as cases
where dormant wiretapping functionality that was essentially a backdoor was activated. Security researchers repeatedly pointed to
the technical lessons learned from the most famous hardware backdoor ever proposed: the so-called Clipper chip. The NSA
developed the chip, which used an encryption scheme called Skipjack, to be a one-size-fits-all backdoor module that could be
inserted into computers, phones, and other devices. Each Clipper-chipped device would carry a unique encryption key that the
government could access with a warrant. But in 1994, a year after the NSA proposed the chip, a cryptography expert named Matt
Blaze published a paper laying bare the Skipjack algorithms many security flaws. The government abandoned the chip two years
later, and its cryptographic design now serves as a textbook example of the dangers posed by poorly configured backdoors. Jake
Laperruque, a fellow on privacy, surveillance, and security at CDT, said that a government-only backdoor was simply not
technologically feasible. He offered a timely pop-culture analogy: The Avengers: Age of Ultron. The FBI, what theyre

basically asking for is a Thors hammer that only a good guy can pick up. By setting up a system in which
it can access a backdoor, the government turns itself into a huge target for foreign governments and other
malicious actors. Backdoors would be concerning enough from a civil-liberties perspective if they truly were limited to
lawful use by the government. But the governments own security vulnerabilities, laid bare by years of
cyberattacks and leaks, show that even a well-intentioned FBI couldnt prevent a backdoor from being
exploited. All an attacker has to do is to obtain the master key and they can now compromise everything,
Nicolas Christin, assistant research professor in electrical and computer engineering at Carnegie Mellon University, told the Daily
Dot via email. It doesn't matter if you split the master key in halfdetermined attackers will look for both halves. Because keyescrow systems are triggered by the authorities inserting their piece of a key into a backdoor, exploitation would be as simple as
acquiring that key. As Heninger put it, referring to the Snowden leaks, We have some examples of how the government hasnt been
doing such a good job of keeping that information secret. A single master key that can decrypt every single message

sent by anybody in America to anybody else in America becomes an incredible target, both for theft and
also for abuse, said Matthew Green, assistant research professor at the Johns Hopkins Information Security Institute. On
March 17, 2011, RSA Data Security, one of the oldest and most trusted security companies, announced that it had been the
victim of an extremely sophisticated cyberattack. Hackers had stolen the master keys to the companys
SecurID authentication devices, which the worlds largest companies used to add a second layer of security to employee
logins. A few months later, Lockheed Martin, a major U.S. defense contractor, announced that hackers had stolen military secrets
from it by exploiting the SecurID system. Even sophisticated security companies who have been building systems

to protect military secrets have not managed to keep their keys from getting hacked, Green said of the
RSA hack. And [a backdoor master] key would be a million times more sensitive than that.

NSAs required backdoors let attackers inSony attack proves


Cole 2014 (Juan Cole, American academic and commentator, Richard P. Mitchell Collegiate Professor of History at the University of Michigan, appeared on
ABC nightly news, Nightline, the Today Show, Countdown with Keith Olbermann, Rachel Maddow, the Colbert Report, and Democracy Now, has a regular
column at Truthdig, Awarded a prestigious National Endowment for the Humanities grant for research on Shiite Muslim thought and history 12/23/14, Informed
Comment Is the NSA Responsible for N. Koreas Hack of Sony Pictures? http://www.juancole.com/2014/12/responsible-koreas-pictures.html )
In all the discussions of what is alleged to be North Koreas horrible cyber-vandalism against Sony Pictures , I
havent seen anyone bring up a key

issue: The National Security Agency has been for two decades a powerful behind-

the-scenes lobby for weak internet encryption and privacy protocols . I dont know enough of the details of how
Sony was hacked to be able to prove that specific weaknesses derived from the NSA anti-privacy lobbying and bribing. But it is
certainly the case that the US government is implicated in exposing millions of consumers to such

invasions of privacy. Just this year, I wrote of a Reuters story: Reuters gets the scoop: the National Security
Agency gave internet security firm RSA some $10 million to use an NSA encryption formula in its
BSafe software. RSA is now a subsidiary of the EMC corporation, and they have urged customers not to use
BSafe since the revelations by Edward Snowden made clear that the NSAs formula in fact allowed the agency
access to all the information supposedly encrypted with it. This story should be a huge scandal, but I fear it wont

This is like the FDA paying a pharmaceutical company to carry a drug that does not
work and could therefore leave patients open to dying from an untreated illness after
taking medication they are assured will cure it. If the NSA could exploit weaknesses in
the encryption formula, so could hackers. The NSA subverted the will of millions of customers around
be.

the world who used RSA software precisely in a quest to be safe from the prying eyes of government officials and
other peeping Toms. Moreover, the $10 million has to be seen as a bribe (it was a third of that RSAs income
that year). Isnt it illegal for government officials to bribe private companies? Isnt it moreover
illegal for intelligence officials to give out money like candy to a private company in order to spy on Americans on
American soil? Id like to know what NSA official or officials were involved in this sting operation on the American
people. Id like to know if Barack Obama knew about it. Id like to know if the corporate officials who accepted the
contract with these strings attached knew they were screwing us all over. This Reuters story makes sense of the
allegation emerging from the Snowden leaks three months ago that the NSA had spent $250 million on keeping
access to encrypted data by working with firms that provided encryption services. Presumably they have just

been ensuring that no ones encryption formula actually shields things from them .
Increasingly, firms and governments abroad would be crazy to buy encryption products
from American companies. Likewise, getting cloud services from US corporations is a way to ensure that the
US government can steal your trade secrets. And here is Pratap Chatterjee: There are three broad ways that these
software companies collaborate with the state: a National Security Agency program called Bullrun through which
that agency is alleged to pay off developers like RSA, a software security firm, to build backdoors into our
computers; the use of bounty hunters like Endgame and Vupen that find exploitable flaws in existing software like
Microsoft Office and our smartphones; and finally the use of data brokers like Millennial Media to harvest personal
data on everybody on the Internet, especially when they go shopping or play games like Angry Birds, Farmville, or
Call of Duty. ProPublica has also been reporting

on how the NSA systematically and


determinedly more or less broke the internet with regard to privacy. Hollywood executives are
going back to faxing things instead of emailing them, and that might be a good idea for everyone. So when Barack Obama
urges Sony executives to stand firm, and when Sen. Lindsey Graham (R-SC) rattles sabers
at North Korea, we should remember that this act of war, as some term Pyongyangs hacking of Sony,
was probably made possible by the baleful effect on the internet of the US government,
because it wants to be able to do to whoever it pleases what North Korea just allegedly did
to Sony. -

--a2 alt cause


The threat of cyberattacks is causing business to ramp up cybersecurity -> the only thing hindering
them is the government
Chuna, a reporter from BDO USA, 3/4/15
(Amanda Chun, These findings are from the eighth annual 2015 BDO Technology Outlook Survey, a national
telephone survey conducted by Market Measurement, Inc., an independent market research consulting firm, whose
executive interviewers spoke directly to 100 chief financial officers at leading technology companies throughout the
United States https://www.bdo.com/news/2015-march/tech-cfos-counter-cybersecurity-threats)//RL
In the last year many well-known organizations had to deal with cyberattacks and other data security issues, leaving many
executives concerned about their own IT infrastructures and contingency plans. According to BDO USA, LLP's annual
survey of 100 U.S. technology CFOs, 67 percent have increased their spending on cybersecurity measures during the past
year. Of those who have taken action, a vast majority (90 percent) has implemented new software security tools, 72 percent
created a formal response plan for security breaches, 48 percent turned to an external security consultant and 30 percent
hired a chief security officer. On the heels of recent security risks, companies are also on edge when it comes to
protecting their intellectual property (IP). Forty-seven percent say foreign IP infringements has had the greatest
impact on their IP security, followed by changes in patent law (24 percent) and patent trolls (20 percent). Online
security challenges could also stem from geopolitical issues as countries, including the U.S., are prioritizing cybersecurity
efforts to combat potential domestic and foreign hacking. In fact, 14 percent of CFOs believe global political issues will
be the leading barrier to industry growth in 2015. Recent cyberattacks have even grabbed the attention of the White
House with President Obama proposing a budget that would increase cybersecurity spending to $14 billion. "The
threat assessments of likely cyberthreats from unknown entities is causing the tech industry to be on high alert,"
said Aftab Jamil, partner and leader of the Technology and Life Sciences Practice at BDO USA, LLP. "In addition to
navigating every day business challengesboth domestically and internationally, managing operations and
maintaining compliance with regulatory requirements, U.S. companies will also need to implement or enhance their data
privacy initiatives to mitigate any risks or vulnerabilities to their IT infrastructures, particularly with cyber capabilities
evolving at rapid speed."

--a2 unlikely
Encryption backdoors undermine cybersecurity
Sasso 4/29/14: Technology Correspondent for The National Journal, Covered tech for The Hill, researcher and writer for
Almanac of American Politics 2012, Graduated from Claremont McKenna College BA in government. (The NSA Isn't Just Spying
on Us, It's Also Undermining Internet Security, Brendan Sasso, The National Journal, April 29, 2014,
http://www.nationaljournal.com/daily/the-nsa-isn-t-just-spying-on-us-it-s-also-undermining-internet-security20140429)//chiragjain

Bolstering the nations defenses against hackers has been one of the Obama administrations top goals.
Officials have warned for years that a sophisticated cyberattack could cripple critical infrastructure or
allow thieves to make off with the financial information of millions of Americans. President Obama pushed
Congress to enact cybersecurity legislation, and when it didnt, he issued his own executive order in 2013. The
cyber threat to our nation is one of the most serious economic and national security challenges we
face, Obama wrote in a 2012 op-ed in The Wall Street Journal. But critics argue that the National Security Agency has
actually undermined cybersecurity and made the United States more vulnerable to hackers. "Surveillance
at the scale they want requires insecurity." At its core, the problem is the NSAs dual mission. On one hand, the agency is
tasked with securing U.S. networks and information. On the other hand, the agency must gather intelligence on foreign threats to
national security. Collecting intelligence often means hacking encrypted communications. Thats nothing new for
the NSA; the agency traces its roots back to code-breakers deciphering Nazi messages during World War II. So in many ways, strong
Internet security actually makes the NSAs job harder. This is an administration tha4t is a vigorous defender of surveillance, said
Christopher Soghoian, the head technologist for the American Civil Liberties Union. Surveillance at the scale they want

requires insecurity. The leaks from Edward Snowden have revealed a variety of efforts by the NSA to
weaken cybersecurity and hack into networks. Critics say those programs, while helping NSA spying, have made
U.S. networks less secure. According to the leaked documents, the NSA inserted a so-called back door into at least
one encryption standard that was developed by the National Institute of Standards and Technology. The NSA
could use that back door to spy on suspected terrorists, but the vulnerability was also available to any other
hacker who discovered it.

Attacks are empirical and increasing energy infrastructure is particularly vulnerable


Gilmour, energy and politics researcher, 4/27/15
(Jared Gilmour, Christian Science Monitor, http://www.csmonitor.com/Environment/Energy/2015/0427/Climate-changecyberattacks-are-growing-threats-to-grid-says-US-energy-chief)RL
US energy infrastructure is vast, aging, and in need of an overhaul, Energy Secretary Ernest Moniz says, and the biggest challenges are
the most unpredictable: climate change and cyberattacks. Staggering in size, the US energy system includes 2.6 million miles of pipeline and 6.3 million
miles of electrical distribution lines. There are 414 natural gas storage facilities and 330 ports handling crude and petroleum products, plus 140,000 miles of
railway carrying crude and more from well to refinery - and that's only a small sample of the transmission, distribution, and storage systems that power the US.
But all of that infrastructure is vulnerable to growing threats , Sec. Moniz said Monday at a Monitor-hosted breakfast for reporters in Washington.
"I'm not going to single out one [threat] because we've got to address them all," Moniz said. But looking ahead, he added, "I think the two that almost
certainly will increase in risk level are cyber and extreme weather " made worse by climate change. Last week, Moniz rolled out his department's
Quadrennial Energy Review (QER), identifying weaknesses in US energy infrastructure - from inadequate natural gas distribution pipelines to an outdated
electric systems. The electric grid, the report found, is especially vulnerable. "Threats to the grid - ranging from geomagnetic storms that can
knock out crucial transformers; to terrorist attacks on transmission lines and substations ; to more flooding, faster sea-level rise, and increasingly
powerful storms from global climate change - have been growing even as society's dependence on the grid has increased ," according to
the report. Among its recommendations for modernizing US energy infrastructure - most of which would require appropriations from the GOP-controlled
Congress - the QER requested $3.5 billion to update the electric grid, $2.5 billion to improve distribution of natural gas, and at least $1.5 billion to shore up the
Strategic Petroleum Reserve, an emergency stockpile of oil. The question is whether the Obama administration and Republicans in Congress can agree on
which energy projects to pursue and how to fund them. Some observers are hopeful that compromise is possible, particularly in light of bipartisan deals in recent
weeks that brought a Medicare "doc fix," the confirmation of Attorney General Loretta Lynch, and an anti-human-trafficking bill across the finish line. "There is
momentum and serious commitment to get some energy legislation out of Congress, and you're hearing it from all the leadership," says Margot Anderson,
executive director of the energy project at the Bipartisan Policy Center, a Washington think tank, in an interview Friday. "I think the QER can provide some new
ideas, and can be incorporated into what leadership is already talking about." The GOP response to the Obama administration's QER last week suggested
compromise between Republicans on Capitol Hill and the Democratic administration was possible - at least on some issues. "While we share our differences with
this administration regarding energy policy, when it comes to the transmission, storage, and distribution of our resources, we can all agree that targeted changes
to our laws and policies are necessary," Rep. Fred Upton (R) of Michigan and Rep. Ed Whitfield (R) of Kentucky, two top energy lawmakers, said last week in a
joint statement. What's unclear is how the Republican caucus will react to energy spending related to climate change. Many Republicans in Congress have

rejected the idea that humans are causing climate change, or that the government should take regulatory action to reduce emissions. Moniz urged immediate
action on climate change at Monday's breakfast, and noted that the QER is a part of President Obama's Climate Action Plan. "It's time to stop debating what's not
debatable," he said of global warming, referencing the broad scientific consensus that climate change is happening and is human-generated. Climate change is a
threat to energy infrastructure because planetary warming exacerbates high-intensity storms, makes water scarce, and alters weather patterns - all of which can
put unexpected strain on the US grid and can stress other critical infrastructure. Moniz said he was hopeful that efforts to curb climate change would stall
warming, diminishing the threat extreme weather poses in the future. At the same time, though, the grid is under attack from cyber threats both
domestically and around the world. Moniz emphasized that the energy sector needs to adapt to ever-changing cyber threats, so that
the industry can "stay ahead of the bad guys." As the Monitor reported in December, critical infrastructure in the US is already under

attack from hackers, and the grid would be a prime target in cyberwar. "The electric industry, in reality, has done an inadequate
job of securing the electric system," Joe Weiss, a leading expert on electric grid security, told the Monitor . "Is cyber a household word in
the electric sector? Yes. Are they trying to address cyber vulnerabilities in ways that will make sure all systems are secure? No ." "So far
we have not had any major actual disruption of our energy infrastructure, but it ain't for lack of people trying," Moniz said.

More susceptible to attacks now more than ever- OPM breach proves
Johnson 15 (Steve Johnson, graduate from Auburn, reporter for WHNT news, WHNT news O.P.M. data breach affects
thousands of workers in north Alabama 7/22/15 http://whnt.com/2015/07/22/o-p-m-data-breach-affects-thousands-of-workers-innorth-alabama/)
REDSTONE ARSENAL, Ala. On any given weekday, some 40,000 people go to work at Redstone Arsenal. Its a safe bet that most of
them have had their personal information stolen. The same goes for contractors, and even families. Its scary, says Luereen Phillips.
Luereen is an Internet Technology Specialist at Redstones Aviation and Missile Command. Its her job to answer the questions from
fellow workers, and to even reassure them. But Luereen has her own questions, too. What happened? Whats the breakdown? There
are rules, there are policies all the way up to Congress level that mandate certain things have to happen, and they didnt happen, said
Luereen. The right things didnt happen at the Office of Personnel Management . OPMs website is covered with information
about the data breach, calling it two separate but related incidents. However its described, it involves the
personal information from more than 21 million Americans . The most serious data stolen was that contained

on security clearance forms that are required for many types of government work. Everything from Social
Security numbers, to information on family and friends is included on the forms . People like retired Army test pilot

Pablo Herrera say theyre angry. I am, because I was under the impression I was under the belief that we were better than that, that
our security was better than that, said Pablo, who hasnt been notified yet that his information was part of the breach. Retired Lt.
General Jim Link, a former Commander for AMCOM at Redstone, is also waiting on his notification. General Links information was
compromised because of a security clearance form filled out as a defense contractor in 2005. When we federal employees give

all the information they ask for, with that comes trust. Trust that its going to be protected, and when its not
protected, we do feel violated, says General Link. The General believes what many other people believe. The OPM
database was hacked by Chinas government. You know, I dont think in this particular instance its trying to steal identity
for financial gain. I think its more espionage, said General Link. The Office of Personnel Management makes no claim on who

might be to blame for the hack, but there is a recommendation for those affected to sign up for credit monitoring. Thats the sort of data
theft people understand. I am concerned that Im going to look at my bank account one day, and there wont be
any money there, or somebody is going to try and steal my identity do some things that are going to affect me for a
long time, said AMCOM worker Lucinda Edwards. OPM recommends a service that covers everything from credit monitoring, to a
Social Security number trace. Unfortunately, you have to also do your own monitoring. Youve got to look at your bank accounts, even
your medical records because somebody could be using your information to go to the doctor, or in case of a crime, give them your
information instead of theirs, says Luereen Phillips. Millions of Americans now have this worry, which is likely to last
for years. They know about the hack, and they know their identity has been stolen. They just dont know who did it or why. There is a
thought they do share, though. Somebody needs to be accountable, said Lucinda Edwards. Katherine Archuleta resigned under
pressure from her job as head of the Office of Personnel Management. Unfortunately, that doesnt change the breach, or the fact that
the affected workers will have this as part of their lives for years to come. For more information about the data hack, and
recommendations on action you can take, visit opm.gov/cybersecurity.

PLCs cause the grid to be easily vulnerable to cyber attacks and airgaps fail Stuxnet proves
McElfresh, a Ph.D. in Physics, M.A. in chemistry and a B.S. in Biochemistry, 6/18/15
(Michael McElfresh is an Adjunct Professor of Electrical Engineering at Santa Clara University where he teaches the
foundation course in the Sustainable Energy program and courses in wind power and energy storage. He is also the
Interim Lead for Power Grid R&D at Argonne National Laboratory. For the past several years he has led the Power

Grid Simulator effort and advised the Energy and Global Security directorate on power grid and other energy related
issues., published in the Conversation reprinted at scientific American,
http://www.scientificamerican.com/article/power-grid-cyber-attacks-keep-the-pentagon-up-at-night/) // RL

Why the grid so vulnerable to cyberattack Grid operation depends on control systemscalled Supervisory Control
And Data Acquisition (SCADA)that monitor and control the physical infrastructure.

At the heart of these SCADA

systems are specialized computers known as programmable logic controllers (PLCs). Initially developed by the automobile
industry,

PLCs are now ubiquitous in manufacturing, the power grid and other areas of critical infrastructure , as well as

various areas of technology, especially where systems are automated and remotely controlled. One of the

most well-

known industrial cyberattacks involved these PLCs: the attack, discovered in 2010, on the centrifuges the Iranians were
using

to enrich uranium. The Stuxnet computer worm, a type of malware categorized as an Advanced Persistent Threat

(APT), targeted the Siemens SIMATIC WinCC SCADA system. Stuxnet


centrifuges,

was able to take over the PLCs controlling the

reprogramming them in order to speed up the centrifuges, leading to the destruction of many , and yet displaying a

normal operating speed in order to trick the centrifuge operators. So these new forms of malware can not only shut things
down but can alter their function and permanently damage industrial equipment . This was also demonstrated at the now
famous Aurora experiment at Idaho National Lab in 2007. Securely upgrading PLC software and securely reprogramming
PLCs has long been of concern to PLC manufacturers, which have to contend with malware and other efforts to
defeat encrypted networks.

The oft-cited solution of an air-gap between critical systems , or physically isolating a secure

network from the internet, was precisely what the Stuxnet worm was designed to defeat .

The worm was specifically created

to hunt for predetermined network pathways, such as someone using a thumb drive, that would allow the malware to move
from an internet-connected system to the critical system on the other side of the air-gap.

The IoT and Smart Grid allows tons of grid access points easier cyberattacks
McElfresh, a Ph.D. in Physics, M.A. in chemistry and a B.S. in Biochemistry, 6/18/15
(Michael McElfresh is an Adjunct Professor of Electrical Engineering at Santa Clara University where he teaches the
foundation course in the Sustainable Energy program and courses in wind power and energy storage. He is also the
Interim Lead for Power Grid R&D at Argonne National Laboratory. For the past several years he has led the Power
Grid Simulator effort and advised the Energy and Global Security directorate on power grid and other energy related
issues., published in the Conversation reprinted at scientific American,
http://www.scientificamerican.com/article/power-grid-cyber-attacks-keep-the-pentagon-up-at-night/) // RL

Internet of many things

The growth of smart grid the idea of overlaying computing and communications to the power grid

has created many more access points for penetrating into the grid computer systems . Currently knowing the provenance of
data from smart grid devices is limiting what is known about who is really sending the data and whether that data is legitimate
or an attempted attack. This concern is growing even faster with the Internet of Things (IoT), because there are many different

types of sensors proliferating in unimaginable numbers. How do you know when the message from a sensor is legitimate
or part of a coordinated attack?

A system attack could be disguised as something as simple as a large number of apparent

customers lowering their thermostat settings in a short period on a peak hot day . Defending the power grid as a whole is
challenging from an organizational point of view. There are about 3,200 utilities, all of which operate a portion of the
electricity grid,

but most of these individual networks are interconnected . The US Government has set up numerous

efforts to help protect the US from cyberattacks. With regard to the grid specifically, there is the Department of
Energys Cybersecurity Risk Information Sharing Program (CRISP) and the Department of Homeland Securitys
National Cybersecurity and Communications Integration Center (NCCIC) programs in which utilities voluntarily share
information that allows patterns and methods of potential attackers to be identified and securely shared. On the
technology side, the National Institutes for Standards and Technology (NIST) and IEEE are working on smart grid and
other new technology standards that have a strong focus on security. Various government agencies also sponsor
research into understanding the attack modes of malware and better ways to protect systems. But the gravity of
the situation really comes to the forefront when you realize that the Department of Defense has stood up a new
command to address cyberthreats, the United States Cyber Command (USCYBERCOM). Now in addition to land, sea,
air, and space, there is a fifth command: cyber. The latest version of The Department of Defenses Cyber Strategy
has as its third strategic goal, Be prepared to defend the US homeland and US vital interests from disruptive or
destructive cyberattacks of significant consequence. There is already a well-established theater of operations
where significant, destructive cyberattacks against SCADA systems have taken place. In a 2012 report, the National
Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to
modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and
an array of devices are connected to the internet, security and protection must be a high priority.

U.S. is vulnerable to cyber-attacks Congress and the administration are


only making empty claims are maintaining silence
Bolton 6/10/15: American lawyer and diplomat that has served in multiple republican administrations. Yale College: Yale
School of Law B.A. and J.D. Member of Yale Political Union. Was associate at the Washington office of Covington & Burling. Bolton
was also a partner in the law firm of Lerner, Reed, Bolton & McManus. He is currently of counsel in the Washington office of
Kirkland & Ellis. (Obama's cyber silence leaves U.S. unprepared, John Bolton, LA Times, June 10, 2015,
http://www.latimes.com/opinion/op-ed/la-oe-bolton-chinese-hack-response-20150610-story.html)//chiragjain
Although many details of the massive cyberattack against U.S. government personnel records are still not public, its strategic
implications are plain. Washington remains unprepared in cyberspace , floundering and unable to articulate its intentions and
capabilities on this new battlefield. China is the likely culprit, and its cyberwarfare added to its near-belligerent behavior in the

South and East China seas, its expanding military assets and its use of economic clout for political ends is part of a deeply
troubling pattern. Unfortunately, President Obama's response is also apparently part of a pattern of sustained inaction. The Pentagon may be working
hard to develop offensive and defensive countermeasures , but the administration has done precious little to articulate what
America's strategy should be in response to these challenges. The president's policy silence is chilling and inexcusable. To be sure,
silence before or after a particular clandestine operation is often necessary to protect operational methods and information sources. For example, Washington
did not take direct credit indeed did not confirm or deny its probable role in temporarily taking down Pyongyang's Internet after
North Korea hacked into Sony Pictures six months ago. But protecting clandestine methods and sources is one thing; Obama's
policy silence is another. Americans understand how important information technology is, and society's increasingly computerized
complexity and interdependence. But they require leadership to understand how seriously we could be hurt if our IT infrastructure is
compromised. In China's case, based on a long history amply documented by the Pentagon, the People's Liberation Army is almost certainly the perpetrator of
the federal hacking, which means, to state the obvious, that Beijing sees penetrating U.S. government computers as a military capability .
Right now, our enemies are faced mostly with rhetoric mere hand-wringing not clear deterrence. This vacuum must be replaced by a
stated strategy, and quickly. Fortunately, once Washington concludes to its satisfaction that Beijing conducted the recent attack, the

response can include building blocks for a more comprehensive cyberwarfare strategy . First, America must create structures of
deterrence. Starting now, America's cyber response should be disproportionate . The justification for such a response is all too clear: Without it we
are facing repeated cycles of cyber incursions. To persuade Beijing and others to desist, they must believe their conduct will result in costs
that are unacceptable and unsustainable. Mere tit-for-tat responses indicate an inability or unwillingness to react more strongly and may simply tempt
aggressors into more ambitious operations. The White House considered the sanctions it ordered in response to North Korea "proportional," but compared with
the decades-old U.S. sanctions regime against the Pyongyang government, the incremental new sanctions were trivial. Nor does Obama's April 1 executive order
authorizing sanctions against other cyberattackers augur anything beyond the North Korean example. Second, U.S. retaliation must include political
and economic measures beyond the cyber realm. The latest hack was motivated by something more than theoretical curiosity about how to
penetrate foreign computer networks. China might intend to use the government personnel files for blackmail, or to understand our security clearance methods
so as to better conceal its own covert agents. Accordingly, Washington's response must go well beyond simply inflicting pain on China's computer networks.
Beijing's ambassador, and other Chinese diplomats in America (especially anyone connected with Chinese intelligence), should be declared persona non grata
and sent home. Travel restrictions should be imposed on those remaining, and on personnel at Beijing's United Nations mission. All

military-to-military programs should be terminated or suspended indefinitely. Economically, the U.S. must retaliate strongly
against entities that support or are controlled by the PLA, especially those related to computers and communications. The latest
attack exposes a related U.S. vulnerability: the extent to which our cyber infrastructure derives from components manufactured in
China. That supply chain must now come under scrutiny, with greater reliance, for example, on companies that keep their production facilities elsewhere. There
is obviously risk in any strong response to a cyberattack. But if America is unwilling to defend itself when the costs and risks are relatively low, there is no reason
for Beijing and others to think it will do so when the potential consequences are far greater. North Korea's attack on Sony Pictures was a wake-up call. China's
apparent capture of U.S. government personnel records is like being upended out of bed to the floor. What else is it going to take?

Cyberattacks will happen and result in a laundry list of impacts


Barak Obama, President of the United States 7/23/2012 (The White House Blog Taking Cyberattack Threat
Seriously https://www.whitehouse.gov/blog/2012/07/20/taking-cyberattack-threat-seriously?utm_source=related)NF
Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across
the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in
several states had shut down, contaminating drinking water and causing Americans to fall ill. Our nation, it appeared, was under
cyber attack. Unknown hackers, perhaps a world away, had inserted malicious software into the computer networks of private-sector
companies that operate most of our transportation, water and other critical infrastructure systems. Fortunately, last month's scenario
was just a simulationan exercise to test how well federal, state and local governments and the private sector can work together in
a crisis. But it was a sobering reminder that the cyber

threat to our nation is one of the most serious economic and

national security challenges we face. So far, no one has managed to seriously damage or disrupt our critical infrastructure
networks. But foreign governments, criminal syndicates and lone individuals are probing our financial,
energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the
Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of
companies that operate our natural-gas pipelines. Computer

systems in critical sectors of our economyincluding


the nuclear and chemical industriesare being increasingly targeted . It doesn't take much to imagine the
consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy
on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital
banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could
spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring
businesses, cities and entire regions to a standstill. This is the future we have to avoid. That's why my
administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses. It's why
Congress must pass comprehensive cybersecurity legislation. We all know what needs to happen. We need to make it easier for the
government to share threat information so critical-infrastructure companies are better prepared. We need to make it easier for these
companieswith reasonable liability protectionto share data and information with government when they're attacked. And we
need to make it easier for government, if asked, to help these companies prevent and recover from attacks.

ISIS will transition to large-scale cyberattacks- already have capability


Bennett 2015 (Cory Bennett, Graduate from Columbia University, Cybersecurity Reporter for the Hill and Assistant Editor for
Warren Communications News, Inc, The Hill Newspaper- Ex-government leaders: ISIS could make leap into cyberattacks
1/15/2015 http://thehill.com/policy/cybersecurity/229705-former-top-government-officials-destructive-isis-cyberattacks-coming)NF

The Islamic State in Syria and Iraq (ISIS) could make the leap to serious cyberattacks in the coming month s, said
a retired top lawmaker and former high-ranking intelligence official. Ive been surprised it hasnt happened yet, said
Michael Hayden, a previous director of both the CIA and National Security Agency. Theyre really good on the net.
Theyre on the cutting edge of using social media, said former House Intelligence Committee Chairman Mike Rogers
(R-Mich.), who just retired from Congress. The two men were speaking at a Bipartisan Policy Center event . A pro-ISIS hacking

group has been linked to Monday's takeover of the U.S. Central Command (Centcom) Twitter and
YouTube accounts. For 30 minutes, digital vandalizers tweeted out stolen military documents and posted
ISIS propaganda videos. The incident highlighted the extremist groups developing cyber abilities. ISISs
digital savvy separates it from al Qaeda, which was mostly aspirational when it came to the cyber arena, Rogers said. We saw that
al Qaeda groups were advertising for people with the capability to conduct cyberattacks, he said. Which told us they had the
aspiration to do it. You see something different in ISIS, he added. Rogers said the group has already successfully pulled off a
number of pretty simple distributed denial of service (DDoS) attacks, in which hackers overwhelm a website with traffic to shut it
down. The next step would be a destructive cyberattack, in which data or physical equipment is destroyed.

The recent Sony Pictures hack, which destroyed the company's internal data, dramatically revealed the
widespread ramifications of a destructive cyber hit. The FBI blamed North Korea for the Sony incident. Can ISIS get
from that aspirational stage to that operational stage? Rogers asked. I dont think they're there yet. However, they could do it, he
added. You can make this leap pretty easily. Hayden wondered why ISIS hasnt already taken the leap. He speculated, it may not
be the kind of heroic destruction that fits the model. Hayden pointed to ISIS criticism of the U.S. for using remotely operated drones,
which ISIS sees as an unheroic and unmanly way of fighting ones enemies. A cyberattack would be the ultimate in
remote creation of destruction, Hayden added. Maybe it just doesnt fit the style. But both former government
leaders agreed the group will eventually make the transition to destructive digital assaults. I worry about
that, Rogers said. I would begin to worry about it in the weeks and months ahead.

Thousands of critical government buildings face high risk of cyberattacks


Westwood, Investigative Reporter at the Washington Examiner, 1/12/15
(Sarah Westwood, The Washington Examiner, http://www.washingtonexaminer.com/thousands-of-critical-government-buildingsface-high-risk-of-cyberattacks/article/2558542)RL
Systems that control the elevators, lights, ventilation, and fire alarms in federal buildings are
vulnerable to cyberattacks that could compromise security or result in serious harm to
government workers. In a report released within hours of high-profile social media hacks at U.S.
Central Command, the Government Accountability Office said homeland security officials
have little understanding of the risks presented by Internet-based control systems and dont
have a clear strategy for dealing with an attack if one were to occur. The congressional
watchdog is worried that cyberattacks on the access and control systems of federal
buildings could damage the governments credibility. Such attacks could allow outsiders to
access restricted federal buildings or result in death if fire alarms and sprinklers were
switched off during a blaze, the report said. The Department of Homeland Security is responsible for
protecting thousands of office complexes, laboratories and warehouses, many of which are
managed by the General Services Administration. GAO has designated both federal information systems and federal
property management as high risk areas." Because functions like air conditioning, closed-circuit TV
surveillance and door locks are increasingly automated and centralized, federal buildings
face a heightened risk of cyberattack. Such threats can come from corrupt employees,
criminal groups, hackers, and terrorists, GAO said. No one in DHS is assessing the cyber risk to
building and access control systems at the almost 9,000 facilities under the agencys protection. GSA
officials have also yet to inspect the cybersecurity of control systems in hundreds of federal
buildings, the report said. Between 2011 and 2014, cyber incidents involving control systems jumped from 140 to 243, an increase of 74
percent. GAO pointed to the highly-publicized breach of customer information at Target stores in 2013 as an example of the threat digital control systems can
pose, claiming the attack likely occurred after intruders obtained a heating, ventilation, and air-conditioning system vendors credentials to access the outermost
portion of Targets network. Access and control systems were not designed with cybersecurity in mind,
the report noted. Whats more, DHS has yet to define the problem, let alone determine what resources it will need to arm buildings against cyber attacks, the
report said. Federal facilities that store high-risk items such as weapons and drugs are more
likely to be the target of a cyber attack, according to the the report.

Major cyber-attack on health agencies this year results in more than 84.5 million people effected
Terhune, healthcare researcher and writer, 7/27/15
(Chad Terhune, LATimes, http://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html)RL

Marking another high-profile data breach, hackers broke into UCLA Health System's computer network and may have accessed sensitive
information on as many as 4.5 million patients, hospital officials said. This cyberattack at UCLA comes on the heels of a major breach of
federal employee records and a massive hack at health insurance giant Anthem Inc. affecting 80 million Americans this year . The
intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical
records and other sensitive data they are stockpiling. The revelation that UCLA hadn't taken the basic step of encrypting this patient data
drew swift criticism from security experts and patient advocates , particularly at a time when cybercriminals are targeting so many big players in
healthcare, retail and government. "These breaches will keep happening because the healthcare industry has built so many systems with thousands of weak
links," said Dr. Deborah Peel, founder of Patient Privacy Rights in Austin, Texas. UCLA said Friday that it's working with the FBI and had hired computer forensic
experts to further secure its network. The university said there was no evidence yet that patient data were taken, but it can't rule out that possibility while the
investigation continues. "We take this attack on our systems extremely seriously," said Dr. James Atkinson, interim president of the UCLA Hospital System. "For
patients that entrust us with their care, their privacy is our highest priority. We deeply regret this has happened." Atkinson said the hospital detected unusual
activity on one of its computer servers in October and began investigating with help from the FBI. It wasn't until May 5, according to UCLA, that investigators
determined that the hackers had gained access to parts of UCLA Health's computer network where some patient information was
stored. Those parts of the network contained names, dates of birth, Social Security numbers, Medicare and health plan identification
numbers as well as some medical information such as patient diagnoses and procedures. The unauthorized access could have begun in September
2014, UCLA said, and some of the patient information dates to 1990. Atkinson said it doesn't appear that credit card and other financial information was involved.
"They are a highly sophisticated group [of hackers] likely to be offshore,w " he said. "We really don't know. It's an ongoing investigation." An FBI
spokeswoman said the agency "is looking into the nature and scope of the matter, as well as the person or group responsible" for the UCLA breach. UCLA said
that prior to the attack on its system it had been taking steps and spending tens of millions of dollars to strengthen its computer security. It added that it has
successfully thwarted hacker attacks in the past. But some security experts were unimpressed. They questioned the lack of encryption at UCLA in
light of other breaches across the country . Anthem faced similar criticism over its failure to encrypt the information that was exposed to hackers during
its cyberattack. "Despite these painful lessons, it seems that personal data compromised in the latest breach were still not encrypted," said Igor Baikalov, chief
scientist at Securonix, a data security firm in Los Angeles. "If our premium universities don't learn from experience, what can we expect from other, less-learned
organizations?" Mark Savage, a health information technology expert at the National Partnership for Women & Families, a nonprofit advocacy group in
Washington, said it's too early to assess UCLA's digital defenses until more details are known about what the hackers did and what protections were in place.
The UC system vowed Friday to learn from the UCLA incident and fortify its defenses across all of its universities and hospitals. In a statement, the university
system said President Janet Napolitano has established an external cybersecurity group that will examine the "security posture across the UC system" and
"assess emerging threats and potential vulnerabilities." Atkinson said the UCLA breach illustrates one potential drawback to the nation's push to ditch paper
records and digitize patient information in giant databases. "We live in a digital age which brings tremendous benefits," he said. "But electronic health records
come with the risk of this." UCLA said it's sending letters to affected patients, which include many of its own staff and faculty. The university is offering a year of
identity-theft protection as well as a year of credit monitoring to people who had their Social Security or Medicare ID numbers stored on the compromised
network. For more information, people can contact UCLA at (877) 534-5972 or check the website www.myidcare .com/uclaprotection. Federal health officials
investigate breaches of patient privacy and can levy significant fines for violations under the Health Insurance Portability and Accountability Act, also known as
HIPAA. The UCLA Health System found itself at the center of a scandal in 2008 involving workers who snooped into the medical records of Britney Spears,
Farrah Fawcett and Maria Shriver, among others. One former employee was convicted of selling celebrity medical information to the National Enquirer. UCLA
agreed to pay $865,500 as part of a settlement with federal regulators.

--a2 sq solves
The US is not prepared for cyberattacks, ex-NSA chief warns
Bennett, a cyber and technology researcher, quoting the ex-NSA chief, 11/14/14
(Cory Bennett, The Hill, http://thehill.com/policy/cybersecurity/224181-ex-nsa-chief-warns-us-not-prepared-for-cyber-attacks)
Destructive cyberattacks targeting the United States are a looming threat for which the country is not adequately prepared , a key
lawmaker and a former director National Security Agency (NSA) said Friday. A recent cyberattack that wiped out data on three-fourths of
the oil company Saudi Aramcos computers should stand as a wake-up call for the U nited States, said former NSA Director Keith
Alexander. This is a whole new ballgame," Alexander said at a Bloomberg event Friday. One that, quite frankly, as a country, I dont think were
prepared for. In August, Iranian hackers unleashed what is thought to be the most destructive cyberattack to date. On a day when most
Saudi Aramco employees stayed home to prepare for a religious holiday, a hacker planted a virus into the companys networks, wiping out
documents, spreadsheets and emails. In their place, the virus left an image of a burning American flag. These are the kinds of
concerns that our country as a whole needs to look at, Alexander said. House Homeland Security Committee Chairman Michael McCaul (R-Texas) said these
are the type of attacks that keep him up at night Its the ability to shut things down power grid, water supply, critical infrastructure , he told
a crowd at the Council on Foreign Relations on Thursday night. Its that ability that Irans trying to develop that concerns me . And its not just Iran.
McCaul described a recent classified briefing on cyber threats from Russia. Were seeing an evolving trend thats coming out of
countries like Russia, he said. Its not only theft or espionage, but rather a destructive threat . Any attack resembling the Saudi
Aramco sabotage would have huge consequences on any portion of our government, Alexander said. Both McCaul and Alexander have been
strong proponents of enhancing cyber threat information sharing between the government and private sector. The Senate is currently considering the
Cybersecurity Information Sharing Act (CISA), its version of a bill the House Intelligence Committee passed last year. The bill would enable critical infrastructure
companies to exchange cyber information with the NSA and other intelligence agencies. Privacy advocates have urged the White House to veto the bill,
concerned it would allow the government to collect personal information on Americans. McCaul has been pushing his own House-passed cyber information
sharing bill, developed in his Homeland Security Committee. His bill would direct the private sector to swap cyber threat information with the Department of
Homeland Security. "These are very serious issues and I dont think many members of Congress understand the gravity," McCaul said. " If a greater attack
occurs, it's going to be on the head of Congress for not acting. "

Critical Infrastructure is vulnerable to attacks and impacts are large


Brown 2005 (Gerald G. Brown, Distinguished professor of operations research at the National Academy of Engineering, Ph.D. University of California Ph.D. in Mathematical Methods, University of
California, Los Angeles, Graduate School of Management, 1974. Minor Fields: Computer Science, Mathematics and Statistics. M.B.A., in Quantitative Methods, California State University, Fullerton, June 1969, with
highest honors. Distinguished Professor of Operations Research, Naval Postgraduate School, 2001-Present.Professor of Operations Research, Naval Postgraduate School, 1980-2001.Associate
Professor of Operations Research and Computer Science, Naval Postgraduate School, 1976-1980.Associate Professor of Operations Research, Naval Postgraduate School, 1975-1976.Assistant
Professor of Operations Research, Naval Postgraduate School, 1973-1975. Matthew Carlyle, Javier Salmeron, and Kevin Wood Operations Research Department, Naval Postgraduate School, Tutorials
Operations Research Informs 2005, Analyzing the vulnerability of critical infrastructure to attack and planning defenses http://www.dtic.mil/dtic/tr/fulltext/u2/a576172.pdf)

What is critical infrastructure? The National Strategy for Homeland Security deems 13 infrastructure sectors critical to the United States; see Table
1 (DHS [18]). These include sectors such as Government and Public Health, but a number, such as Transportation and Information and
Telecommunications, comprise physical systems that connect components of our economy : In essence, they enable the transfer and
distribution of our economys life forces. We focus on defending this type of infrastructure from attacks by terrorists , but we believe
almost any type of critical infrastructure deserves analysis with the techniques we describe. Any critical infrastructure system represents a huge investment of our
nations wealth, and minor disruptions to such a systems componentsthese disruptions can be random or deliberatecan severely degrade
its performance as well as the performance of dependent systems . For instance, a massive power outage can result from the failure of just a few
key lines and protective circuit breakers (U.S.-Canada Power System Outage Task Force [39]). The direct effect is to interrupt the energy supply to residential
and industrial customers, but all other infrastructure systems listed in Table 1 will be affected if the power outage lasts long enough. So, how do we carry out a
vulnerability analysis when terrorist attacks are the key concern? That is, how do we analyze the vulnerability of a critical infrastructure system to a
terrorist attack, or set of coordinated attacks, and make informed proposals for reducing that vulnerability? Most infrastructure systems are engineered to handle
disruptions that result from accidents, or from random acts of nature, with little or no degradation in performance. Real-time reliability assessment of an electric
power grid pronounces the system robust if no crippling single point of failure exists (e.g., Wood and Wollenberg [44]). Analysts of transportation systems,
power plants, and other infrastructure often use fault trees to assess vulnerability (Roberts et al. [34]). Such an assessment helps identify minimal sets of events,
or cutsets, that are most likely to disrupt the system, and pronounce the system robust if their combined probability is sufficiently low. This assessment can
suggest changes to the system to improve robustness, and the overall methodology can be used to evaluate alternative system configurations proposed by the
analyst. However, infrastructure that resists single points of random failure, or whose cutsets have low occurrence probabilities, may not survive a malicious,
intelligent attack. For example, a lone attacker with a high-powered rifle could gravely damage an entire electric power grid by targeting
highly reliable components at just a few key substations. (We reach this conclusion from our own analyses of electric power grids and from reports
of gunfire disabling a substation; see Wallace [41].) Also, cutsets that are likely to occur due to random causes may not share any similarities to the cutsets that
an attacker will likely find. An analyst might attempt a fault-tree assessment of a system subject to attack by guessing at the probability that each individual
component might be attacked. In fact, such analysis is practiced (Garcia [22]), but the results must be classified as a guesses. We require a new paradigm for
vulnerability analysis. The new paradigm must account for an adversarys ability to collect information about an infrastructure system and use that information to
identify weak spots in the systems architecture. A captured Al Qaeda training manual (Department of Justice [19]) advises: Using public

sources openly and without resorting to illegal means, it is possible to gather at least 80% of information about the enemy. We
interpret that statement to mean: It is possible to gather, from public sources, at least 80% of the information needed to plan a
highly disruptive attack on an infrastructure system. Our experience indicates that one can often find all the information necessary to plan such an

attack. Our backgrounds compel us ask how a military analyst, faced with an intelligent enemy, would approach vulnerability analysis for military infrastructure.
First, the analyst would assume that our infrastructure will be attacked and that we must take steps to protect it, i.e., harden the infrastructure or improve its
active defenses. The budget for hardening or actively defending infrastructure will always be limited. So, typically, the analyst would be instructed to create a
prioritized list of defended assets most in need of protection, along with a list of potential defensive measures, and deliver those lists to higher-level decision
makers. The latter parties would make the final decisions after balancing costs, effectiveness, and intangibles, and after determining the true budget (which may
be monetary or may be the number of aerial sorties, cruise missiles, tanks, etc., that can be spared for defensive purposes). Table 2 shows the doctrinal
components that the U.S. Army uses to guide the prioritization of its defended assets (as well as its enemies). Any person who has had a course in discrete
optimization understands the fundamental flaw in the concept and use of a prioritized list. In addition to that shortcoming of the nominal military approach, we see
that the civilian problem itself differs from the military one: almost every civilian U.S. asset is susceptible to surveillance or attack, and is
thus vulnerable; Brown et al.: Analyzing the Vulnerability of Critical Infrastructure to Attack and Planning Defenses 104 Tutorials in Operations Research, c
2005 INFORMS Table 2. Criteria for prioritizing defended assets (Department of the Army [20, 21]). Criticality How essential is the asset? Vulnerability How
susceptible is the asset to surveillance or attack? Reconstitutability How hard will it be to recover from inflicted damage, considering time, special repair
equipment, and manpower required to restore normal operation? Threat How probable is an attack on this asset? no matter how hard it is to recover from
inflicted damage, we will, eventually, reconstitute and recover; and military planners have vast experience in determining the likelihood of alternative attacks;
homeland-security planners do not. Thus, we must plan for what is possible, rather than what subjective assessments indicate is likely. In fact, normally, we do
not try to measure the importance, or value, of an asset directly. Rather, we model a complete infrastructure system, its value to society, and how losses of the
systems components reduce that value, or how improvements in the system mitigate against lost value. The exact meaning of value will depend on the system
under investigation: It may mean economic output, time to detection of a toxic subs, tance, etc., and sometimes cost, the converse of value, will be a more
convenient yardstick

US critical infrastructure is extremely vulnerable --electric grid security is weak


Popik and Harris 9/26/14: Thomas Popik is the chairman of the Foundation for Resilient Services,
Thomas Popik is a Principal Investigator for Resilient Societies, specializing in vulnerability assessment, comparative risk analysis,
and economic modeling. Mr. Popik holds a Master of Business Administration from Harvard Business School and a Bachelor of
Science in Mechanical Engineering from MIT. Mr. Popik has been a co-founder of several organizations, including the Academy for
Science and Design, New Hampshire's charter high school for science and math education, and Body1, a website dedicated to health
education. William Harris is Assistant professor for teaching graduate students at the Georgia Institute of Technology College of
Computing School of Computer Science. He will be the Class of 1969 Teaching Fellow this year, and has published multiple books.
(Weak Security For America's Electric Grid Makes Us Vulnerable, Thomas S. Popik and William R. Harris, Investors.com,
September 26, 2014 6:51 pm ET, http://news.investors.com/ibd-editorials-viewpoint/092614-719235-us-needs-to-prepare-forpossible-attack-on-its-electrical-grid.htm#disqus_thread)//chiragjain
The U.S. conducts airstrikes in Syria to prevent terrorist acts here at home. At the same time, U.S. utilities leverage a weak
regulatory process to minimize responsibility for protecting critical electric grid facilities. Overseas military

action is not
enough to protect the public. We also need effective defensive measures for our critical
infrastructure , starting with the grid upon which modern life depends. Unfortunately, electric
grid security is weak, and the regulatory process is failing . The vulnerability of Americas
electric grid is well-known. In March 2014, a leaked staff analysis from the Federal Energy Regulatory
Commission (FERC) revealed that an attack on only nine critical transformer substations could
bring down our continental grid for 18 months. According to this federal grid regulator, an attack on
just four substations could black out the grid from the Rocky Mountains to the East Coast. An attack on just
three could black out California and 10 other western states. Replacing the custom-made transformers to
restore power would take months, using equipment primarily from foreign suppliers.

US critical infrastructure is vulnerable continuous attacks


approaching max capacity in the squo

Mello 5/17/13: Freelance technology and security writer and editor. Government Security News Magazine , PCWorld,
TechNewsWorld Part of ECT News Network, largest e-publisher for the US, myTech blog SmallBizResource operated by CMP
Publications, Digital Shot Blog for photographic enthusiasts hosted by Creative Weblogging, white papers and special projects for
Triangle Publishing, conference calls for CBN. Managing editor for JupiterMedia --- cited for exceptional quality by CEO, Freelance
for BostonGLobe, CFO Magazine, CMP, Boston Herald. Managing editor for Boston Phoenix, Boston Business Journal. Editor for
Ca-mden Communications, Wayne Greene, Wayne Green Publciations, Reporter for State House News Service. Studies at
Northeastern University. (Nation's critical infrastructure cyber defenses weak, DHS tells hearing, John P. Mello Jr., May 17, 2013
8:00 AM PT, CSO Online, http://www.csoonline.com/article/2133462/data-protection/nation-s-critical-infrastructure-cyberdefenses-weak--dhs-tells-hearing.html)//chiragjain
The nation's

to cyber attacks and better information


sharing is needed to strengthen defenses. That's the message Charles Edwards, deputy inspector
critical infrastructure is vulnerable

general for the U.S. Department of Homeland Security, told a Congressional committee
at a public hearing on Thursday. Since 1990, Industrial Control Systems (ICS), which are used to
manage components of the country's critical infrastructure, have been connecting to the
Internet

to improve their operations, Edwards explained in written testimony submitted to the House Subcommittee on

Cybersecurity, Infrastructure Protection and Security Technologies. "[ Security]

for ICS was inherently weak


because it allowed remote control of processes and exposed ICS to cyber security risks that
could be exploited over the Internet," Edwards said. "As a result, ICS are increasingly under attack by a
variety of malicious sources," he continued. " These attacks range from hackers looking for
attention and notoriety to sophisticated nation-states intent on damaging equipment
and facilities, disgruntled employees, competitors, and even personnel who inadvertently bring malware into the workplace
by inserting an infected flash drive into a computer." Edwards cited survey results that showed that a majority of the
companies in the energy sector had experienced cyber attacks , and about 55 percent of these attacks
targeted control systems. "Successful attacks on ICS can give malicious users direct control of
operational systems," he said, "creating the potential for large-scale power outages or manmade environmental disasters and cause physical damage, loss of life , and other
cascading effects that could disrupt services."

--xt impact infrastructure


A cyber-attack destroys all U.S. critical infrastructure
Daly 2/21/13: Michael Daly, Special Correspondant for the Daily Beast, columnist with New York Daily News, staff write for
New York magazine, finalist for 2002 Pulitzer Prize, numerous awards. Cites the Defense Secretary Leon Panetta quotes are basis
for evidence. (U.S. Not Ready for Cyberwar Hostile Hackers Could Launch, Michael Daly, Daily Beast, February 21, 2013,
http://www.thedailybeast.com/articles/2013/02/21/u-s-not-ready-for-cyber-war-hostile-hackers-could-launch.html)//chiragjain

If hackers shut down much of the electrical grid and the rest of the critical infrastructure goes
with it ... If we are plunged into chaos and suffer more physical destruction than 50 monster
hurricanes and economic damage that dwarfs the Great Depression ... Then we will wonder why we failed to
guard against what outgoing Defense Secretary Leon Panetta has termed a "cyber-Pearl Harbor." "An aggressor nation or extremist group
could use these kinds of cybertools to gain control of critical switches," Panetta said in a speech in October. " They could derail passenger trains
or, even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water
supply in major cities or shut down the power grid across large parts of the country." And Panetta was hardly being an
alarmist. He could have added that cybersecurity experts such as Joe Weiss of Applied Control Solutions suggest a full-on cyberattack would
seek not simply to shut down systems, but wreck them[systems], using software to destroy hardware. Some believe we could
then be sent into chaos not just for days of even weeks, but for months. The mother of all nightmare scenarios would see
electric, oil, gas, water, chemical, and transit, our entire essential infrastructure, knocked
out as we sought to replace equipment that can take more than a year to manufacture and is in many cases no longer made in the U.S. Lights would
stay out. Gas stations would be unable to pump and would have nothing to pump anyway. There would be no heat, no fuel, in many places
no running water, no sewage treatment, no garbage, no traffic lights, no air-traffic control, minimal
communication, and of course, no Wi-Fi. Neighborhoods around chemical plants could become Bhopals. But Panetta was scary enough as he
issued his warning at a gathering of Business Executives for National Security, appropriately held at the Intrepid Sea, Air, and Space Museum in New
York, on a decommissioned aircraft carrier built in the immediate aftermath of the Japanese attack on Pearl Harbor. The ship was hurried into action
and survived multiple kamikaze attacks as well as being torpedoed. Panetta now spoke aboard it of a new kind of threat not on land or sea or in the air,
but in cyberspace. "A destructive cyberattack could paralyze the nation, " Panetta said. As it happens, the Intrepid is docked
directly across 12th Avenue from the consulate general of the People's Republic of China. The public was still five months away from learning via The
New York Times of another Chinese government building, this the Shanghai headquarters of the People's Liberation Army Unit 61398, which
apparently has been busy hacking extensively into American infrastructure. Panetta no doubt was well aware of 61938 and similar units at other
nations, as well as hackers in extremist groups. "We

know that foreign cyberactors are probing America's critical


infrastructure networks," Panetta told the assembled executives. "They are targeting the computer control systems
that operate chemical, electricity, and water plants and those that guide transportation throughout the country."
Panetta went on, "We know of specific instances where intruders have successfully gained access to these control systems. We also know they are

a 2007
experiment at Idaho National Laboratory, where researchers staged an experimental cyberattack that
succeeded in commanding a power-station generator to destroy itself . He instead chose a more recent and
seeking to create advanced tools to attack these systems and cause panic, destruction, and even the loss of life." He could have spoken of

dramatic example--an actual attack using a virus called Shamoon to wreck 30,000 computers at the Saudi oil company Aramco.

A US Power Grid outage leads to physical harm and economic decline


McElfresh, a Ph.D. in Physics, M.A. in chemistry and a B.S. in Biochemistry, 6/18/15
(Michael McElfresh is an Adjunct Professor of Electrical Engineering at Santa Clara University where he teaches the
foundation course in the Sustainable Energy program and courses in wind power and energy storage. He is also the
Interim Lead for Power Grid R&D at Argonne National Laboratory. For the past several years he has led the Power
Grid Simulator effort and advised the Energy and Global Security directorate on power grid and other energy related
issues., published in the Conversation reprinted at scientific American,
http://www.scientificamerican.com/article/power-grid-cyber-attacks-keep-the-pentagon-up-at-night/) // RL

Its very hard to overstate how important the US power grid is to American society and its economy . Every critical infrastructure,
from

communications to water, is built on it and every important business function from banking to milking cows is completely

dependent on it. And the dependence on the grid continues to grow as more machines , including equipment on the power
grid, get connected to the Internet. A report last year prepared for

the President and Congress emphasized the vulnerability of

the grid to a long-term power outage, saying For those who would seek to do our Nation significant physical, economic,

and psychological harm, the electrical grid is an obvious target. The damage to modern society from an extended power outage
can be dramatic, as millions of people found in the wake of Hurricane Sandy in 2012. The Department of Energy earlier this
year said

cybersecurity was one of the top challenges facing the power grid, which is exacerbated by the interdependence

between the grid and water, telecommunications, transportation, and emergency response systems . So what are modern griddependent societies up against? Can power grids survive a major attack? What are the biggest threats today? The
grids vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has
been repeatedly demonstrated. But its

the threat of cyberattack that keeps many of the most serious people up at night ,

including the US Department of Defense.

Cyber-attack would destroy the economy, government, and all U.S. critical
infrastructure
Palmer 8/31/13: B.A., May 2000, University of Minnesota, Duluth J.D., December 2005, Marquette Law School, Peer

Reviewed by Faculty of The George Washington University Law School in partial satisfaction of the requirements for the degree of
Master of Laws, Thesis directed by Gregory E. Maggs Professor of Law, Co-director, National Security and U.S. Foreign Relations
Law Program. Palmer serves in the U.S. Air Force Judge Advocate Generals Corps. This paper was submitted in partial satisfaction
of the requirements for the degree of Master of Laws in National Security and Foreign Relations at The George Washington
University Law School. (Critical Infrastructure: Legislative Factors for Preventing a Cyber-Pearl Harbor, Robert K. Palmer,
August 31, 2013, pp 4.)//chiragjain

Warnings about the possibility of a cyber-Pearl Harbor attack on our nations vulnerable critical
infrastructure have been promulgated with increased frequency over the past several years. In fact, the systems
vital to the everyday operation of our government, economy and well-being are already under attack, and
trends indicate they these attacks will continue to increase in number . The current state of cyber
vulnerability in critical infrastructure makes it not a matter of if a component of critical infrastructure
will be taken out, but rather a matter of when , and the possibility exists that several such attacks
could be chained together in such a way to cause destruction and death on a scale that could paralyze
the nation.

Attacks on critical infrastructure devastate the economy and national security - consensus of
defense experts
Rollins and Henning 9 <John Rollins, Specialist in Terrorism and National Security, and Anna C. Henning, Legislative
Attorney, 3/10/2009, Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations, p. 2-4,
Congressional Research Service, http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/R40427_03102009.pdf>//wx
Threats to the U.S. cyber and telecommunications infrastructure are constantly increasing9 and evolving as are the entities that show
interest in using a cyber-based capability to harm the nations security interests.10 Concerns have been raised since the 1990s regarding the use of the internet
and telecommunications components to cause harm to the nations security interests. Activities producing undesirable results include unauthorized
intrusion to gain access and view protected data, stealing or manipulating information contained in various databases, and attacks on telecommunications
devices to corrupt data or cause infrastructure components to operate in an irregular manner. Of paramount concern to the national and homeland
security communities is the threat of a cyber related attack against the nations critical government infrastructure s systems and
assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a

debilitating impact on security, national economic security, national public health and safety, or any combination of those
matters.11 Early concerns noted attacks on components of the energy grid, infrastructure control systems, and military equipment
as examples of telecommunications based threats to physical infrastructures.12 In response, the Department of Energy conducted an experiment in
2007 in which the control system of an unconnected generator, containing similar components as that of larger generators connected

to many power grids in the nation supplying electricity, was damaged and became inoperable.13 While data from federal agencies demonstrate
that the majority of attempted and successful cyber attacks to date have targeted virtual information resources rather than physical infrastructures,14 many

security experts are concerned that the natural progression of those wishing to harm U.S. security interests will transition from
stealing or manipulating data to undertaking action that temporarily or permanently disables or destroys the telecommunication network or
affects infrastructure components. Many security observers agree that the United States currently faces a multi-faceted, technologically
based vulnerability in that our information systems are being exploited on an unprecedented scale by state and non-state actors [resulting
in] a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities, and weak situational awareness.15 This , coupled with
security observers contention that the United States lacks the capability to definitively ascertain perpetrators who might unlawfully
access a database or cause harm to a network, leaves the nation increasingly at risk . It also causes acts or discussions related to deterring
cyberattacks to be ignored or negated by entities exploiting known or newly found vulnerabilities. Prominent national security experts have emphasized the
vulnerability of U.S. infrastructures. As recently as January 2009, former Director of National Intelligence (DNI) Mike McConnell equated cyber
weapons with weapons of mass destruction when he expressed concern about terrorists use of technology to degrade the nations
infrastructure. In distinguishing between individuals gaining access to U.S. national security systems or corporate data for purposes of exploitation for
purposes of competitive advantage, former Director McConnell noted that terrorists aim to damage infrastructure and that the time is not too far
off when the level of sophistication reaches a point that there could be strategic damage to the United States.16 Similarly, in elaborating on
the potential consequences of a cyber attack, newly confirmed DNI Dennis Blair offered the following statement during the Annual Threat Assessment of the
Intelligence Community for the Senate Select Committee on Intelligence: Growing connectivity between information systems , the Internet, and

other infrastructures creates opportunities for attackers to disrupt telecommunications, electrical power, energy pipelines,
refineries, financial networks, and other critical infrastructures . Over the past several years we have seen cyber attacks against
critical infrastructure abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts. A successful
attack against a major financial service provider could severely impact the national economy , while cyber attacks against physical
infrastructure computer systems such as this that control power grids or oil refineries have the potential to disrupt services for hours to
weeks.17

Attacks on critical infrastructure are likely and cause major damage


Assante 2014 (Michael Assante- Director of Industrial Control Systems as well and Supervisory Control and Data Acquisition
Networks for the SANS Institute 11/11/2014 Forbes Magazine Americas Critical Infrastructure is Vulnerable to Cyber Attacks
http://www.forbes.com/sites/realspin/2014/11/11/americas-critical-infrastructure-is-vulnerable-to-cyber-attacks/)NF
Americas critical infrastructurethe utilities, refineries, military defense systems, water treatment plants and other
facilities on which we depend every day has become its soft underbelly, the place where we are now most
vulnerable to attack. Over the past 25 years, hundreds of thousands of analog controls in these facilities have
been replaced with digital systems. Digital controls provide facility operators and managers with remote visibility and
control over every aspect of their operations, including the flows and pressures in refineries, the generation and transmission of
power in the electrical grid, and the temperatures in nuclear cooling towers. In doing so, they have made industrial

facilities more efficient and more productive. But the same connectivity that managers use to collect data
and control devices allows cyber attackers to get into control system networks to steal sensitive
information, disrupt processes, and cause damage to equipment. Hackers , including those in China, Russia and
the Middle East, have taken notice. While early control system breaches were random, accidental infections, industrial
control systems today have become the object of targeted attacks by skilled and persistent adversaries.
Industrial control systems are being targeted The recently discovered Industrial Control System modules of the
HAVEX trojan are one example. The malware infiltrated an indeterminate number of critical facilities by attaching itself to software
updates distributed by control system manufacturers. When facilities downloaded the updates to their network, HAVEX used open
communication standards to collect information from control devices and send that information to the attackers for analysis. This

type of attack represents a significant threat to confidential production data and corporate intellectual
property and may also be an early indicator of an advanced targeted attack on an organizations
production control systems. Other hacks represent a direct threat to the safety of U.S. citizens . Earlier this
year, the FBI released information on Ugly Gorilla, a Chinese attacker who invaded the control systems of utilities in the United
States. While the FBI suspects this was a scouting mission, Ugly Gorilla gained the cyber keys necessary for access to systems that
regulate the flow of natural gas. Considering that cyber attackers are numerous and persistentfor every one you see
there are a hundred you dontthose developments should sound alarms among executives at companies using industrial controls
and with the people responsible for protecting American citizens from attacks. To their credit, both businesses and the

U.S. government have begun to take action; however, neither is adequately addressing the core of the
issue.

--xt impact meltdown


Grid failure triggers nuclear meltdowns extinction
Huff 8/12/14: Ethan Huff is a freelance writer digging deep to get to the truth. Online publication of his own at
http://wholesomeherald.blogspot.com. He is also a staff writer for Naturalnews.com and a writer for AlignLife.com. Natural News
News Analyst. Natural News is a credible news source reporting on Natural events. (Nuclear power + grid down event = global
extinction for humanity, Ethan A. Huff, Natural News, August 12, 2014,
http://www.naturalnews.com/046429_nuclear_power_electric_grid_global_extinction.html#)//chiragjain
(NaturalNews) If you think the Fukushima situation is bad, consider the fact that the United States is

vulnerable to the exact same meltdown situation, except at 124 separate nuclear reactors throughout
the country. If anything should happen to our nation's poorly protected electric power grid, these
reactors have a high likelihood of failure, say experts, a catastrophic scenario that would most likely lead
to the destruction of all life on our planet, including humans. Though they obviously generate power
themselves, nuclear power plants also rely on an extensive system of power backups that ensure the constant flow of
cooling water to reactor cores. In the event of an electromagnetic pulse (EMP), for instance, diesel-powered backup
generators are designed to immediately engage, ensuring that fuel rods and reactor cores don't overheat and melt ,
causing unmitigated destruction. But most of these generators were only designed to operate for a maximum
period of about 24 hours or less, meaning they are exceptionally temporary in nature. In a real emergency situation, such as
one that might be caused by a systematic attack on the power grid, it could take days or even weeks to bring
control systems back online. At this point, all those backup generators would have already run out of fuel, leaving
nuclear reactors everywhere prone to meltdowns.

--xt impact kinetic escalation


Cyberwar is coming and escalates into physical war
Hultz 2014 (Jonathan Paul Hultz the Potential Risk of Cyberwar against the United States A project submitted to the Faculty of
Utica College December 2014, Published by ProQuest pages 16-18 http://search.proquest.com/docview/1647758313)NF
In a cyberwar the combatants are not limited to warring countries and can contain outside parties (Giesen, 2013). Cyberspace expands the boundaries
of the battlefield where attacks can originate from any geographic location and consist of combat teams that have never met in
person (Andress & Winterfeld, 2011). With the evolution of computer technology, there now exists possibilities of cyberwar crossing borders
with the combatants emerging from many nations to join in a cyberwar. This indicates that a cyberwar refers to conducting , and
preparing to conduct, military operations according to information-related principles (Arquilla & Ronfeldt, 1993, p. 30). A cyberwar can inflict significant
damage at a small economic cost using a series of cyber attacks. Cyberwar can have such a significant impact because it is
viable in all types of environments. In both conventional and non-conventional warfare, it is not limited to simple communication disruptions or
information gathering. A cyber attack is similar to the blitzkrieg used by the Germans in the 20th century, and signifies the change in the nature of war (Arquilla &
Ronfeldt, 1993). In response to this change in war the UN has created a principle on what can justify entry into a war and could be updated to include the
constant evolution of cyber weapons (Giesen, 2013). 17 The use of a computer virus should be considered a weapon, as it could be just as

destructive as a physical attack. The constant innovations of technology is pushing the limits of progress, thus allowing computer
technology to be utilized as a destructive weapon. To provide an analogy from the realm of physical warfare, tanks and aircraft carry weapons;
likewise, malware or software can be crafted to carry weapons in the cyber (or cyber-physical) landscape (Giesen, 2013). There must also be consideration that
a cyberwar is unlike a conventional war and can be an asymmetric war. An asymmetric war can be referred to as an Irregular Warfare or Unconventional
Warfare [which] is war between a dominant force and a smaller force where the smaller force uses indirect or guerrilla tactics rather than to engage in force-onforce battles (Andress & Winterfeld, 2011, p. 10). This can occur if a surprise attack is successful and the defending party is never able to go on the offensive,
allowing the initial attacker to gain battle superiority. This dynamic is prominent in cyberspace where there exists a high probability of asymmetric war. This
occurs when two cyber armies are engaged in warfare, whether it is major super powers such as the United States, China, and Russia or non-affiliated
organizations including terrorist and hacktivist groups (Giesen, 2013). In war there exists a term called the sub rosa conflict which can be defined as a hidden
war, where the aggressor and the defender are trying to stay out of the public eye (Giesen, 2013). In the past, the Cold War and parts of Americas entry into
World War II were part of the sub rosa conflict. During World War II, U-boat attacks by Germany on the U.S. were part of this conflict known as the Battle of the
Atlantic that resulted destruction of an estimated 3,000 ships (Battle of the, n.d.). The U-boat attacks against the U.S. were concealed with little information 18
available to the media. The U.S. government attempted to devalue operations against the U.S. with the propaganda slogan Loose Lips Sink Ships (Loose Lips
Sink, 1997). There are various effects of a sub rosa conflict. First , there is the spillover effect that will occur if information of the conflict goes

public. The result of a cyber-conflict going public could lead to repercussions, possibly with a cyberwar escalating into a physical
war. Another effect is how far the conflict affects the legal limits each party is willing to stretch. This entails the degradation of legal means to end a conflict.

Cyberattacks will escalate globally


Austin 13 [Director of Policy Innovation at the EastWest Institute, Costs of American Cyber Superiority, 8/6,
http://www.chinausfocus.com/peace-security/costs-of-american-cyber-superiority/] //khirn
The United States is racing for the technological frontier in military and intelligence uses of cyber space . It is ahead of all others, and has
mobilized massive non-military assets and private contractors in that effort. This constellation of private sector opportunity and deliberate government policy has
been aptly labeled in recent months and years by so many credible observers (in The Economist, The Financial Times and the MIT Technology Review) as the
cyber industrial complex. The United States is now in the unusual situation where the head of a spy agency (NSA) also runs a major
military unified command (Cyber Command). This is probably an unprecedented alignment of Praetorian political power in any major democracy in
modern political history. This allocation of such political weight to one military commander is of course for the United States to decide and is a legitimate course
of action. But it has consequences. The Snowden case hints at some of the blow-back effects now visible in public. But there are others, less visible. The NSA
Prism program exists because it is technologically possible and there have been no effective restraints on its international targeting. This lack of restraint is
especially important because the command and control of strategic nuclear weapons is a potential target both of cyber espionage and

offensive cyber operations. The argument here is not to suggest a similarity between the weapons themselves, but to identify
correctly the very close relationship between cyber operations and nuclear weapons planning . Thus the lack of restraint in cyber
weapons might arguably affect (destabilize) pre-existing agreements that constrain nuclear weapons deployment and possible
use. The cyber superiority of the United States, while legal and understandable, is now a cause of strategic instability between nuclear armed powers. This is
similar to the situation that persisted with nuclear weapons themselves until 1969 when the USSR first proposed an end of the race for the technological frontier
of potential planetary devastation. After achieving initial capability, the U.S. nuclear missile build up was not a rational military response to each step increase in
Soviet military capability. It was a race for the technological frontier by both sides with insufficient recognition of the consequences. This conclusion was
borne out by a remarkable Top Secret study commissioned in 1974 by the U.S. Secretary of Defense, Dr James Schlesinger. By the time it was completed and
submitted in 1981, it assessed that the nuclear arms build-up by both sides was driven not by a supposed tit for tat escalation in capability of deployed military
systems but rather by an unconstrained race for the technological limits of each sides military potential and by its own military doctrinal preferences. The
decisions of each side were not for the most part, according to this now declassified study, a direct response to particular systems that the other side was
building. In 1969, the USSR acted first to propose an end to the race for the technological frontier of nuclear weapons because it knew it was losing the contest
and because it knew there was political sentiment in the United States and in its Allied countries that supported limitations on the unbridled nuclear fetish. As we
ponder the American cyber industrial complex of today, we see a similar constellation of opposition to its power emerging. This constellation includes not just the
political rivals who see they are losing in cyber space (China and Russia), but nervous allies who see themselves as the likely biggest victims of the American

race for cyber superiority, and loyal American military commanders who can see the risks and dangers of that quest. It is time for the United States to take stock
of the collateral damage that its quest for cyber military power, including its understandable quest for intelligence superiority over the terrorist enemy, has caused
amongst its allies. The loss has not yet been seen at the high political level among allies, in spite of several pro forma requests for information from countries
such as Germany. The loss of U.S. credibility has happened more at the popular level. Around the world, once loyal supporters of the United States in its war on
terrorism had a reasonable expectation to be treated as faithful allies. They had the expectation, perhaps nave, that privacy was a value the Americans shared
with them. They did not expect to be subject to such a crude distinction (you are all non-Americans now). They did not want to know that their entire personal
lives in cyber space are now recoverable should someone so decide by the running of a bit of software in the NSA. After the Prism revelations, so many of
these foreign citizens with an internationalist persuasion and solidarity for the United States now feel a little betrayed. Yet, in the long run, the most influential
voice to end the American quest for cyber military superiority may come from its own armed forces. There are military figures in the United States who have had
responsibility for nuclear weapons command and control systems and who, in private, counsel caution. They advocate the need to abandon the quest
for cyber dominance and pursue a strategy of mutual security in cyber space though that has yet to be defined. They cite military

exercises where the Blue team gets little or no warning of Red team disruptive cyber attack on systems that might affect critical
nuclear command and control or wider war mobilization functions. Strategic nuclear stability may be at risk because of
uncertainty about innovations in cyber attack capability. This question is worth much more attention. U.S. national security strategy in
cyber space needs to be brought under stronger civilian oversight and subject to more rigorous public scrutiny. The focus on Chinese
cyber espionage has totally preempted proper debate about American cyber military power. Most in the United States Congress have lined up to condemn
Snowden. That is understandable. But where are the critical voices looking at the bigger picture of strategic instability in cyberspace that existed before Snowden
and has now been aggravated because of him? The Russian and Chinese rejections of reasonable U.S. demands for Snowdens extradition may be every bit as
reasonable given their anxiety about unconstrained American cyber superiority.

--xt impact retaliation


Cyber-attacks will trigger immense U.S. retaliation recent doctrinal shift
Stewart 4/22/15: Phil Stewart is the Military Affairs and Intelligence Correspondent for Reuters reported from > 45 countries,
before Reuters, covered Washington politics for States News Service. BS in international relations from Georgetown Universitys
school of foreign service. (Pentagon's new cyber strategy cites U.S. ability to retaliate, Phil Stewart, Reuters, April 22, 2015,
http://www.reuters.com/article/2015/04/23/us-usa-pentagon-cyber-idUSKBN0NE0AS20150423)//chiragjain
U.S. Defense Secretary Ash Carter is due to unveil an updated cyber strategy on Thursday that will stress the

military's ability to retaliate with cyber weapons, a capability he hopes will help deter attacks. The strategy
presents a potentially far more muscular role for the U.S. military's cyber warriors than the Pentagon was willing to acknowledge in
its last strategy rollout in 2011 and singles out threats from Russia, China, Iran and North Korea. " The United States must be
able to declare or display effective response capabilities to deter an adversary from initiating an
attack ," according to a copy of the document, obtained by Reuters ahead of its release. The Defense Department, it said,
must develop "viable cyber options" as part of the full range of tools available to the United States during heightened
tensions or outright hostilities. It should be able to use cyber tools to disrupt an enemy's command of networks,
military-related critical infrastructure and weapons capabilities.

Cyber-attack on U.S. will result in military response by NATO


Croft 9/5/14: Part of UK Reuters reporting team, writing about foreign policy and UK politics, Posting in multiple countries.

(NATO agrees cyber attack could trigger military response, Adrian Croft, September 5, 2014: 8:02 am EDT, Reuters,
http://www.reuters.com/article/2014/09/05/us-nato-cybersecurity-idUSKBN0H013P20140905)//chiragjain
NATO leaders agreed on Friday that a large-scale cyber attack on a member country could be considered an

attack on the entire U.S.-led alliance , potentially triggering a military response. The decision
marks an expansion of the organisation's remit, reflecting new threats that can disable critical
infrastructure, financial systems and government without firing a shot. "Today we declare that cyber defence is
part of NATO's core task of collective defence," NATO Secretary-General Anders Fogh Rasmussen told a news
conference. In 2007, a series of crippling cyber attacks paralysed much of NATO member Estonia in an apparent
response to a dispute over the movement of a Soviet-era war memorial. Most Western experts suspected the Kremlin was
responsible but Russia denied it.

NATO military response to cyber-attack on U.S.


Hardy 3/25/15: News Editor, Sightline Media Group (formerly Gannett Government Media) - The Federal Times, C4ISR &
Networks, Freelance Writer/Editor; Previous: 1105 Government Information Group, Potomac Tech Journal, United
Communications Group. News Editor at multiple locations. BA Communication Arts at University of West Florida, Associate of Arts
(AA), Liberal Arts and Sciences, General Studies and Humanities at Pensacola Junior College. (Cyber attack could draw military
response from NATO, Michael Hardy, C4ISR Networks, March 25, 2015, http://www.c4isrnet.com/story/militarytech/cyber/2015/03/25/nato-cyber-article-5/70455026/)//chiragjain
A cyber attack could draw a military response from NATO, leaders of the organization said at an event in Washington.
NATO Secretary-General Jens Stoltenberg told a key alliance planning summit on Wednesday morning that " cyber is now a

central part of virtually all crisis and conflicts, NATO has made clear that cyber attacks can potentially
trigger an Article 5 response," according to a report in Defense News. Bonus: Attend an informative panel discussion on the
new cyber paradigm at the C4ISR & Networks Conference on April 7. Panelists include: BG Kevin Nally, the Marine Corps' CIO; Tim
Rudolph, CTO and PEO C3I and Networks at the Air Force, and; Paul Seay, director of enterprise architecture and solutions at
Northrop Grumman Information Systems. Gary Winkler, president of American Cyber, will moderate. Click here to learn more and
register. Article 5 of the Washington Treaty, NATO's organizing document, holds that an attack against one member nation

is an attack against all , triggering a collective response. In a recent appearance in Brussels, Konstantin Kosachev,
chairman of Russia's Federation Council Committee on International Affairs, challenged Stoltenberg on whether NATO might
bomb countries that are involved in cyber attacksor are suspected of being. "We will do what's
necessary to do to protect all allies," Stoltenberg replied. "But I'm not going to tell you exactly how I'm going to do that ...
that's the main message."

Us is ramping up its counter cyber attack capabilities- not afraid to retaliate against attacks
Stuart 2015 (Phil Stuart, Bachelor of Science in international relations from Georgetown Universitys School of Forensic
Science, Reporter and Staff Writer for Reuters News, Reuters News Pentagons new cyber strategy cites U.S. ability to retaliate
4/23/2015 http://www.reuters.com/article/2015/04/23/us-usa-pentagon-cyber-idUSKBN0NE0AS20150423)NF
U.S. Defense Secretary Ash Carter is due to unveil an updated cyber strategy on Thursday that will stress the military's
ability to retaliate with cyber weapons, a capability he hopes will help deter attack s. The strategy presents a
potentially far more muscular role for the U.S. military's cyber warriors than the Pentagon was willing to acknowledge in its last
strategy rollout in 2011 and singles out threats from Russia, China, Iran and North Korea. "The United States must be able to
declare or display effective response capabilities to deter an adversary from initiating an attack," according to a copy of the
document, obtained by Reuters ahead of its release. ADVERTISING The Defense Department, it said, must develop "viable

cyber options" as part of the full range of tools available to the United States during heightened tensions
or outright hostilities. It should be able to use cyber tools to disrupt an enemy's command of networks,
military-related critical infrastructure and weapons capabilities . The full-throated acknowledgement of such
possibilities in the unclassified document is a major shift from 2011 and reflects the U.S. hope that it will help dissuade potential
enemies. Officials note that other tools to respond include publicly identifying nations responsible and imposing sanctions. Carter,
speaking to reporters flying with him to California, where he is due to meet Silicon Valley executives and speak at Stanford
University, said the primary focus of the cyber strategy was defense. But he acknowledged that the new strategy was "more

clear and more specific about everything, including offense." "It will be useful to us for the world to know
that, first of all, we're going to protect ourselves," Carter said, noting that deterrence included "a threat to
retaliate against those who do us harm." "We obviously have a capability to do that, not just in cyber but
in other ways." Carter's visit comes two months after President Barack Obama visited Silicon Valley, asking U.S. executives
for closer cooperation in defending against hackers after high-profile attacks on companies like Sony Pictures Entertainment. "The
North Korean attack on Sony was one of the most destructive cyber attacks on a U.S. entity to date," the document said. The
document said Russia's cyber actors were stealthy but had unclear intentions and lambasted China's theft of intellectual property.
Iran and North Korea had "less developed cyber capabilities" but overt hostile intent toward U.S. interests.

Counterattacks are likely to involve nuclear weapons


Buchan 2003 (Future Roles of U.S. Nuclear Forces by Glenn C. Buchan, David Matonick, Calvin Shipbaugh and Richard
Mesic, Published in 2003 by RAND- project Air Force page 36
http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR1231.pdf)NF
Absent leakproof defenses, the next option is a range of attacks on enemy forces. There are at least two general classes of relevant military operations. In
theater conflicts, a broad range of attacks on enemy military forces is routine; it requires a decision to initiate attacks by the United States and its allies, but in the
face of action by an enemyespecially launching an invasionsuch a decision should not be particularly demanding. Counterforce attacksattacks on
an enemys nuclear forces, as that term is generally used in this contextare a much more serious matter. They involve attacks, perhaps
with nuclear weapons, on an enemys homeland. To be fully effective, they require striking first. During the Cold War, the concern with such attacks
was that they might not be effective and might indeed precipitate precisely the effect that they were intended to prevent (i.e., a nuclear attack on the United
States). Moreover, pursuit of such capabilities fueled a strategic arms race that was not only expensive but arguably left the United States worse off . Much has

changed over the years in the technical feasibility of launching counterforce attacks. Nuclear weapons systems are much more
effective than they once were. So are conventional weapons.

US not afraid of military use in response to a cyberattack


Stuart 2011 (Phil Stuart, Bachelor of Science in international relations from Georgetown Universitys School of Forensic
Science, Reporter and Staff Writer for Reuters News, Reuters News-Analysis: Could a cyberwar turn into a real one for the
U.S.? 06/01/2015 http://www.reuters.com/article/2011/06/01/us-usa-cyber-pentagon-idUSTRE74U75420110601)NF
The United States is warning that a cyber attack -- presumably if it is devastating enough -- could result in
real-world military retaliation. Easier said than done. In the wake of a significant new hacking attempt against Lockheed
Martin Corp, experts say it could be extremely difficult to know fast enough with any certainty where an attack came from.
Sophisticated hackers can mask their tracks and make it look like a cyber strike came from somewhere else. There are also hard
questions about the legality of such reprisals and the fact that other responses, like financial sanctions or cyber countermeasures,
may be more appropriate than military action, analysts say. "There are a lot of challenges to retaliating to a cyber attack," said
Kristin Lord, author of a new report on U.S. cyber strategy at the Center for a New American Security, a Washington-based think
tank. "It is extremely difficult to establish attribution, to link a specific attack to a specific actor, like a foreign government." The

White House stated plainly in a report last month that Washington would respond to hostile acts in
cyberspace "as we would to any other threat to our country" -- a position articulated in the past by U.S. officials. The
Pentagon, which is finalizing its own report, due out in June, on the Obama administration's emerging strategy to deal with the cyber
threat, acknowledged that possibility on Tuesday. "A response to a cyber incident or attack on the U.S. would not
necessarily be a cyber response ... all appropriate options would be on the table," Colonel Dave Lapan, a
Pentagon spokesman, said. The sophistication of hackers and frequency of the attacks came back into focus after a May 21 attack
on Lockheed Martin, the Pentagon's top arms supplier. Lockheed said the "tenacious" cyber attack on its network was part of a
pattern of attacks on it from around the world. The U.S. Defense Department estimates that over 100 foreign intelligence

organizations have attempted to break into U.S. networks. Every year, hackers steal enough data from U.S. government agencies,
businesses and universities to fill the U.S. Library of Congress many times over, officials say. BEHIND THE CURVE Several current
and former national security officials said U.S. intelligence agencies did not appear particularly concerned about the Lockheed
attack. One official said that similar cyber attacks directed at defense contractors and government agencies occurred all the time.
Some critics say the Obama administration is not moving fast enough to keep up with the cyber threat or to develop a strategy that
fully addresses concerns about privacy and oversight in the cyber domain. "The United States, in general, is well behind the curve,"
said Sami Saydjari, president of the privately held Cyber Defense Agency, pointing to "significant strategic advances" out of
countries like China and Russia. China has generally emerged as a prime suspect when it comes to keyboard-launched espionage
against U.S. interests, but proving Beijing is behind any future plot would be difficult because of hackers' ability to misdirect, analysts
say. China has denied any connection to cyber attacks. The Pentagon's upcoming report is not expected to address
different doomsday scenarios, or offer what Washington's response would be if, say, hackers wiped out Wall
Street financial data, plunged the U.S. Northeast into darkness or hacked U.S. warships' computers. "We're not going to necessarily
lay out -- 'if this happens, we will do this.' Because again the point is if we are attacked, we reserve the right to do any
number of things in response," Lapan said.

US Security Leader Says U.S. will retaliate against cyberattacks


Mazzetti and Sanger, national security researcher and Pulitzer prize winner and foreign policy research and two times
Pulitzer prize winner, 3/12/13
(Mark Mazzetti and David Sanger, The New York Times, http://www.nytimes.com/2013/03/13/us/intelligence-official-warnscongress-that-cyberattacks-pose-threat-to-us.html?_r=0)RL
WASHINGTON The chief of the militarys newly created Cyber Command told Congress on Tuesday that he is establishing 13
teams of programmers and computer experts who could carry out offensive cyberattacks on foreign nations if the U nited States
were hit with a major attack on its own networks, the first time the Obama administration has publicly admitted to developing such weapons for use in
wartime. I would like to be clear that this team, this defend-the-nation team, is not a defensive team, Gen. Keith Alexander, who runs both the
National Security Agency and the new Cyber Command, told the House Armed Services Committee. This is an offensive team that the
Defense Department would use to defend the nation if it were attacked in cyberspace . Thirteen of the teams that were creating are for that
mission alone. General Alexanders testimony came on the same day the nations top intelligence official, James R. Clapper Jr., warned Congress that a major
cyberattack on the United States could cripple the countrys infrastructure and economy, and suggested that such attacks now pose the most dangerous
immediate threat to the United States, even more pressing than an attack by global terrorist networks. On Monday, Thomas E. Donilon, the national security
adviser, demanded that Chinese authorities investigate such attacks and enter talks about new rules governing behavior in cyberspace. General Alexander has
been a major architect of the American strategy on this issue, but until Tuesday he almost always talked about it in defensive terms. He has usually deflected
questions about Americas offensive capability, and turned them into discussions of how to defend against mounting computer espionage from China and Russia,
and the possibility of crippling attacks on utilities, cellphone networks and other infrastructure. He was also a crucial player in the one major computer attack the
United States is known to have sponsored in recent years, aimed at Irans nuclear enrichment plants. He did not discuss that highly classified operation during
his open testimony. Mr. Clapper, the director of national intelligence, told the Senate Intelligence Committee that American spy agencies saw only a remote
chance in the next two years of a major computer attack on the United States, which he defined as an operation that would result in long-term, wide-scale
disruption of services, such as a regional power outage. Mr. Clapper appeared with the heads of several other intelligence agencies, including Lt. Gen. Michael
T. Flynn of the Defense Intelligence Agency, the F.B.I. director Robert S. Mueller III, and the C.I.A. director John O. Brennan, to present their annual assessment
of the threats facing the nation. It was the first time that Mr. Clapper listed cyberattacks first in his presentation to Congress, and the rare occasion since the Sept.
11, 2001, attacks that intelligence officials did not list international terrorism first in the catalog of dangers facing the United States. In some cases, Mr. Clapper
said in his testimony, the world is applying digital technologies faster than our ability to understand the security implications and
mitigate potential risks. He said it was unlikely that Russia and China would launch devastating cyberattacks against the United States in the near future,
but he said foreign spy services had already hacked the computer networks of government agencies, businesses and private
companies. Two specific attacks Mr. Clapper listed, an August 2012 attack against the Saudi oil company Aramco and attacks on American
banks and stock exchanges last year, are believed by American intelligence officials to have been the work of Iran . General
Alexander picked up on the same themes in his testimony, saying that he was adding 40 cyber teams, 13 focused on offense and 27 on training
and surveillance. When pressed, he said that the best defense hinged on being able to monitor incoming traffic to the United States through private Internet
service providers, which could alert the government, in the milliseconds that electronic messages move, about potentially dangerous attacks. Such surveillance
is bound to raise more debate with privacy advocates, who fear government monitoring of the origin and the addressing data on most e-mail messages and other
computer exchanges. Traditional threats occupied much of Mr. Clappers testimony. American intelligence officials are giving new emphasis to the danger posed
by North Koreas Nuclear Weapons and missile programs, and missile programs, which are said for the first time to pose a serious threat to the United States
as well as to its East Asian neighbors. North Korea, which recently made a series of belligerent statements after its third nuclear test, has displayed an
intercontinental missile that can be moved by road and in December launched a satellite atop a Taepodong-2 launch vehicle, Mr. Clappers prepared statement
noted. The rhetoric, while it is propaganda laced, is also an indicator of their attitude and perhaps their intent, Mr. Clapper said during one exchange with a
lawmaker, adding that he was concerned that North Korea could initiate a provocative action against the South. In his discussion of terrorism, Mr. Clapper noted
that while Al Qaedas core in Pakistan is probably unable to carry out complex, large-scale attacks in the West, spinoffs still posed a threat. Listed first is the
affiliate in Yemen, Al Qaeda in the Arabian Peninsula, which Mr. Clapper said had retained its goal of attacks on United States soil, but he also noted militant
groups in six other countries that still threaten local violence. Mr. Clapper began his remarks by criticizing policy makers for the current budget impasse, saying
that the budget cuts known as sequestration will force American spy agencies to make sharp reductions in classified programs and to furlough employees. The
classified intelligence budget has ballooned over the past decade, and Mr. Clapper compared the current round of cuts to the period during the 1990s when the
end of the cold war led to drastic reductions in the C.I.A.s budget. Unlike more directly observable sequestration impacts, like shorter hours at public parks or
longer security lines at airports, the degradation of intelligence will be insidious, Mr. Clapper said. It will be gradual and almost invisible unless and until, of
course, we have an intelligence failure. The threat hearing is the only scheduled occasion each year when the spy chiefs present open testimony to Congress
about the dangers facing the United States, and Mr. Clapper did not hide the fact that he is opposed to the annual ritual. President Obama devoted part of his

State of the Union address to a pledge of greater transparency with the Congress and the American public, but Mr. Clapper, a 71-year-old retired Air Force
general, made it clear that he saw few benefits of more public disclosure. An open hearing on intelligence matters is something of a contradiction in terms, he
said.

Obama already started programs to punish other groups/countries for cyber attacks
Crabtree, white house correspondent, 4/1/15
(Susan Crabtree, Washington Examiner, http://www.washingtonexaminer.com/obama-issues-cybersecurity-executiveorder/article/2562372)RL
President Obama on Wednesday issued an executive order allowing the government to impose penalties on foreign individuals or
entities that engage in cyberattacks that threaten U.S. national security or the economy . The executive action deems the recent
onslaught of cyberattacks a "national emergency" and authorizes the U.S. Treasury, in consultation with the attorney general and
secretary of state, to impose sanctions on individuals that engage in "significant malicious cyberenabled activities" against the
U.S. government or American businesses. Penalties for the illicit cyberactivity could include freezing their assets or barring commercial transactions between the
U.S. government and American businesses and the individuals or entities. "Cyberthreats pose one of the most serious economic and national
security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them, " Obama
said in a statement. "As we've seen in recent months, these threats can emanate from a range of sources and target our critical infrastructure, our companies,
and our citizens," he continued. "This executive order offers a targeted tool for countering the most significant cyberthreats that we face." The move gives the
administration more legal leverage to punish and try to prevent the avalanche of credit card data theft, corporate espionage and cyberattacks on critical
government computer systems. "This executive order supports the administration's broader strategy by adding a new authority to combat the
most serious malicious cyberthreats that we face," Obama said. The U.S. already had the power to sanction governments they deem responsible for
engaging in cyberattacks or crime. After U.S. intelligence officials blamed North Korea for the attack on Sony, the U.S. government placed sanctions on
Pyongyang and 10 individuals they believe were involved in the hack. It was the first time the U.S. has moved to punish any country for cyberattacks on a U.S.
company. After that attack, in January Obama called on Congress to pass new cybersecurity legislation that would require companies to inform clients when they
have suffered a data breach and also share information with the government about hacking threats an issue that security officials believe is essential but has
stirred fears over online privacy.

--xt impact econ


Cyberattacks collapse global economy- cost market 3 trillion dollars
Taylor 2014 (Brian Taylor, degree from University of Illinois at Urbana-Champaign, Bachelor of Science, Biology, Russian
degree from Indiana University Bloomington, Writer at TechRepublic, TechRepublic Cyberattacks fallout could cost the global
economy $3 trillion by 2020 http://www.techrepublic.com/article/cyberattacks-fallout-could-cost-the-global-economy-3-trillion-by2020/)NF
The global risk of cyberattacks is a real and growing threat, and could carry a whopping price tag , says
McKinsey & Company in a report on enterprise IT security implications released in January 2014. What kind of risk?

Organizations worldwide are not "sufficiently protected" against cyberattacks , says McKinsey in its "Risk and
responsibility in a hyperconnected world" report. As a result, the price tagthe material effect of slowing the pace of
technology and innovation due to a lack of cyberresiliencycould be as high as $3 trillion by 2020. That's the number
three, by the way, followed by 12 zeros. And it's a scenario, asserts McKinsey, that senior leadership in the public and private
spheres had best pay attention to. The report states that if

"attackers continue to get better more quickly than


defenders," as is presently the case, "this could result in a world where a 'cyberbacklash' decelerates
digitization." The asymmetric effect of a small number of successful attackers, leading to tighter
government restrictions, could mean that: the world would capture less of the $10 trillion to $20 trillion
available from big data, mobility, and other innovations by 2020the ultimate impact could be as much as
$3 trillion in lost productivity and growth. That is the report's main findingthe global economy has yet to mount
an adequate defense against the rise of cyberattacks . McKinsey and the World Economic Forumconducted a survey
last year of 200 enterprises, tech vendors, and public sector agencies. The two other findings of the report are that executives in
enterprise tech have a consensus on the seven best practices for cyberresiliency, and that cybersecurity is a CEO-level issue.

Each cyberattack costs billions- devastates global economy


Lewis 02 (James A. Lewis, Director and Senior Fellow of the technology and public policy program at the center for strategic
and international studies at Washington, D.C., Former member of U.S. Foreign Service and Senior Executive Service, Ph.D. from
University of Chicago, Center for Strategic and International Studies Assessing the Risks of Cyber Terrorism, Cyber War, and
Other Cyber Threats December 2002 page 9-10 http://www.steptoe.com/publications/231a.pdf)NF
Cyber attacks do pose a very real risk in their potential for crime and for imposing economic costs far out of proportion to the price of
launching the attack. Hurricane Andrew, the most expensive natural disaster in U.S. history, caused $25 billion dollars in damage and the average annual
cost from tornadoes, hurricanes, and flood damage in the U.S. is estimated to be $11 billion . In contrast, the Love Bug virus is
estimated to have cost computer users around the world somewhere between $3 billion and $15 billion. Putting aside for the moment the question
of how the estimates of the Love Bugs cost were calculated (these figures are probably over-estimates ), the ability of a single university student in
the Philippines to produce this level of damage using inexpensive equipment shows the potential risk from cyber crime to the
global economy.15 The financial costs to economies from cyber attack include the loss of intellectual property, financial fraud,
damage to reputation, lower productivity, and third party CSIS, 2002 9 liability. Opportunity cost (lost sales, lower productivity, etc) make
up a large proportion of the reported cost of cyber attacks and viruses. However, opportunity costs do not translate directly into costs to the national economy.
For example, if a Distributed Denial of Service attack prevents customers from reaching one online bookseller, they may instead go to another to purchase their
books. The aggregate national sale of books could remain the same although the first booksellers market share would decline. A small number of customers
may choose not to bother going to another site if their first choice is unavailable, but some of these lost sales may well be recouped by later return to the sight by
the customer. Businesses face greater damage from financial fraud and theft of intellectual property over the Internet, crimes that continue to grow in number.16

Emphasizing the transnational nature of cyber security issues, the last few years have seen the emergence of highly
sophisticated criminal gangs capable of exploiting vulnerabilities in business networks. Their aim is not terror, but fraud or the
collection of economically valuable information. Theft of proprietary information remains the source of the most serious losses, according to surveys
of large corporations and computer crime.17 These crimes must be differentiated from the denial of service attacks and the launching of viruses. Denial of
services or viruses, while potentially damaging to business operations, do not pose the same level of risk. Cyber crime is a serious and growing

threat, but the risk to a nation-state in deploying cyber-weapons against a potential opponents economy are probably too great
for any country to contemplate these measures. For example, writers in some of Chinas military journals speculated that cyber attacks could
disable American financial markets. The dilemma for this kind of attack is that China is as dependent on the same financial markets as the United
States, and could suffer even more from disruption. With other critical infrastructures, the amount of damage that can be done is, from a strategic viewpoint,
trivial, while the costs of discovery for a nation state could be very great. These constraints, however, do not apply to non-state actors like Al Qaeda. Cyber
attacks could potentially be a useful tool (albeit not a fatal or determinative tool) for nonstate actors who reject the global market

economy.

Major cyber attack will lose billions to damage and theft


Tucker 10/29/14: Technology Editor at DefenseOne, Previously Penguin Books Ltd, THE FUTURIST, The World Future

Society, Multiple projects at places like Slate, THE FUTURIST, American Legion Magazine, and BBC. Education: MA in Writing at
John Hopkins University, Liberal Arts at Sarah Larence University, Santa Fe Prep School, Multiple programming and technology
skills, speaking, writing, and communication skills. (Major Cyber Attack Will Cause Significant Loss of Life By 2025,
Experts Predict, Patrick Tucker, DefenseOne, October 29, 2014, http://www.defenseone.com/threats/2014/10/cyber-attack-willcause-significant-loss-life-2025-experts-predict/97688/)//chiragjain

A major cyber attack will happen between now and 2025 and it will be large enough to cause
significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars ,
according to more than 60 percent of technology experts interviewed by the Pew Internet and American
Life Project. But other experts interviewed for the project Digital Life in 2015, released Wednesday, said the current
preoccupation with cyber conflict is product of software merchants looking to hype public anxiety against an eternally
unconquerable threat. Its the old phantom of the cyber Pearl Harbor, a concept commonly credited to

former Defense Secretary Leon Panetta but that is actually as old as the world wide web. It dates back to
security expert Winn Schwartaus testimony to Congress in 1991, when he warned of an electronic Pearl
Harbor and said it was waiting to occur. More than two decades later, were still waiting. The Pew report offers, if
nothing else, an opportunity to look at how the cyber landscape has changed and how it will continue to
evolve between now and 2025.

Cyber attack on East coast could cost a trillion dollars


Cohn 7/8/15: Worked at Reuters for more than 20 years, writes about things like insurance deals, fund trends, geopolitical
risks, worked at Business Insider. (A cyber attack on the US east coast could cost economy $1 trillion, Carolyn Cohn, Business
Insider Reuters, July 8, 2015, http://www.businessinsider.com/r-cyber-attack-on-us-power-grid-could-cost-economy-1-trillionreport-2015-7)//chiragjain
LONDON (Reuters) - A

cyber attack which shuts down parts of the United States' power grid
could cost as much as $1 trillion to the U.S. economy, according to a report published on Wednesday.
Company executives are worried about security breaches, but recent surveys suggest they
are not convinced about the value or effectiveness of cyber insurance . The report from the
University of Cambridge Centre for Risk Studies and the Lloyd's of London insurance market outlines a scenario of an

electricity blackout that leaves 93 million people in New York City and Washington DC
without power. The scenario, developed by Cambridge, is technologically possible and is assessed to
be within the once-in-200-year probability for which insurers should be prepared , the
report said. The hypothetical attack causes a rise in mortality rates as health and safety systems fail, a drop in trade as
ports shut down and disruption to transport and infrastructure. "The total impact to the
U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most
extreme version of the scenario," the report said. The losses come from damage to
infrastructure and business supply chains, and are estimated over a five-year time period. The extreme scenario
is built on the greatest loss of power, with 100 generators taken offline, and would lead to insurance industry losses of more than
$70 billion, the report added. There have been 15 suspected cyber attacks on the U.S. electricity grid since 2000, the report said,
citing U.S. energy department data. The U.S. Industrial Control System Cyber Emergency Response Team said that 32 percent of its
responses last year to cyber

security threats to critical infrastructure occurred in the energy

sector. "The evidence of major attacks during 2014 suggests that attackers were often able to exploit vulnerabilities faster than
defenders could remedy them," Tom Bolt, director of performance management at Lloyd's, said in the report. Lloyd's syndicates
offer cyber insurance but only 160 million pounds ($246.82 million) in cyber insurance premiums are written through London,
which amounts to more than 10 percent of the global market.

--add-on weather sats


Hackers have exposed the vulnerability of the weather system shuts down the entire US weather
system
Pagliery, a researcher and reporter of cybersecurity, 12/29/14
(Jose Pagliery, CNN Money New York, http://money.cnn.com/2014/11/12/technology/security/weather-system-hacked/) // RL
Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds and several pivotal websites. The
National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block
the attackers, government officials were forced to shut down some of its services. This explains why satellite data was
mysteriously cut off in October, as well as why the National Ice Center website and others were down for more than a week.
During that time, federal officials merely stated a need for "unscheduled maintenance." Still, NOAA spokesman Scott Smullen
insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public." Little more is publicly known
about the attack, which was first revealed by The Washington Post. It's unclear what damage, if any, was caused by the hack.
Related: Welcome to the Age of Hacks But hackers managed to penetrate what's considered one of the most vital aspects of the
U.S. government. The nation's military, businesses and local governments all rely on nonstop reports from the U.S. weather
service. The impact of the hack was real: Scientists at Atmospheric and Environmental Research in Lexington, Massachusetts
were unable to send a preliminary report about weather patterns to traders and investors earlier this year. "We were shut out
entirely. That's our one source of data," said Rutgers climatologist David Robinson, whose global snow lab also relies on the
satellite data. The cyberattack on the U.S. weather system is only the latest one on the United States. The White House was
hacked last month. Shortly before that, hackers breached USIS, a federal contractor that knows who has top security clearances
for the U.S. government -- because it provides background checks. Typically, cybersecurity experts blame Russia for hacks on
the nation's infrastructure -- or sometimes China.

Weather Satellites are vital for the armed forces to pull off successful defense and attack operation
on all fronts and military readiness
Spaceflight Now Space, quoting a collection of Armed Forces directors, 4/4/15
(Spaceflight now space, quoting many directors of the armed forces and other including; Sue Strech - DMSP program director,
Col. Scott Larrimore Air Force weather program director, Mark Valerio vp of Lockheed Martins military space division, Gen.
William Shelton commander of Space Command published at space.com with cooperation from spacefilightnow.com,
http://www.space.com/25368-military-weather-satellite-rocket-launch.html) // RL
A new global weather observatory for the U.S. armed forces was lofted into orbit aboard its
Atlas 5 booster rocket from California on Thursday

to provide tactical forecasts to military operations .

Powering away from Vandenberg Air Force Base at 7:46 a.m. local (10:46 a.m. EDT; 1446 GMT), the liftoff was timed
to deliver the Defense Meteorological Satellite Program Flight 19 spacecraft into its precise orbit 530 miles high.
"Weather

guides some of the most important decisions in the armed forces, from flight

patterns to troop movements. Through DMSP, we're helping to provide safer, successful
missions," said Sue Stretch, DMSP program director at Lockheed Martin. [See photos of the DMSP-19 weather
satellite launch] "This new asset

will carry on the mission for military users and civilians who depend on it." About

18 minutes into flight, the 2,700-pound satellite separated from the Centaur upper stage, marking the 115th
successful Atlas launch in a row over the past two decades. "DMSP

Flight 19 will provide data to identify,

locate and determine the intensity severe weather such as thunderstorms, hurricanes and
typhoons, and is used to form three-dimensional cloud analyses, which form the basis for
computer forecast models needed to meet unique DOD requirements, " said Col. Scott Larrimore,
Air Force weather program director. "DMSP

Flight 19 continues the legacy of over 50 years of

providing meteorological data to the armed forces worldwide." The $518 million observatory will be
checked out and ready for service in about two months, and joins a half-dozen older DMSPs in orbit divided into two

orbital groupings. "F19 is placed into an orbit compromised between the two planes we currently have. We are
changing our operational concept from this two-plane constellation to this single-plane constellation. We can do that
because

we can get data to the Air Force Weather Agency faster than before ," Larrimore said. The

craft carries a sophisticated suite of weather instruments to observe virtually the entire
planet twice daily. Data from DMSP satellites is used to create global weather forecasts that
military commanders and strategic planners rely upon. The satellites can track weather systems by
visible and infrared cloud-cover imagery, day and night, plus monitor ice and snow coverage, pollution and fires.
The primary sensor, one of seven aboard, is the Operational Linescan Sensor, which collects visible and infrared
cloud pictures in 1,800-mile swaths covering the globe. The microwave sounder provides storm intensity
measurements. "Weather

is the vital element of well-planned missions for each branch of

service. High winds limit aircraft, storms threaten ships and low visibility can alter troop
movements. The data that DMSP provides is essential to mission success," said Stretch. What comes
later is not quite clear. DMSP F20 remains on the ground, but officials may elect to keep it there in favor of moving
on to the next-generation of a smaller spacecraft. "We certainly hope they launch it. It's built, paid for, it's a capable
satellite, and we know it works, so we think that's the smart decision

for the Air Force," said Mark Valerio, vice

president of Lockheed Martin's military space division. "You have to find a balance because if you launch too early
you might waste the on-orbit life, and if you wait too long then you run into the cost of storing it on the ground."
"What happens after that is under review, but we're confident we're in a good place," said Gen. William Shelton,
commander of Space Command. "Following the analysis of alternatives, we have gone on with a weather system
follow-on program, which will end up being a small satellite which has unique DoD requirements satisfied. We will
count on NOAA,international

partners, and commercial [providers] to provide the rest of the data that's needed to

round out the picture." Next for the Atlas program, attention returns to the East Coast and another try at launching
the NROL-67 mission as early as April 10. That flight and a SpaceX resupply mission to the International Space
Station planned for late March both were delayed due to a Range radar outage. The next space launch from
Vandenberg will be the return of the Delta 2 rocket on July 1 with NASA's Orbiting Carbon Observatory 2. Another
Atlas 5 will carry the commercial Earth-imaging spacecraft into orbit in August.

Military readiness key to deter hostile nations- impact is war

Spencer, Policy Analyst for Defense and National Security at Heritage,


9/15/2000
(Jack Spencer, The Heritage Foundation,
http://www.heritage.org/Research/MissileDefense/BG1394.cfm) //RL
The evidence indicates that the U.S. armed forces are not ready to support
America's national security requirements. Moreover, regarding the broader
capability to defeat groups of enemies, military readiness has been declining. The
National Security Strategy, the U.S. official statement of national security
objectives, 3 concludes that the United States "must have the capability to deter
and, if deterrence fails, defeat large-scale, cross-border aggression in two distant
theaters in overlapping time frames." 4 According to some of the military's highestranking officials, however, the United States cannot achieve this goal. Commandant
of the Marine Corps General James Jones, former Chief of Naval Operations Admiral

Jay Johnson, and Air Force Chief of Staff General Michael Ryan have all expressed
serious concerns about their respective services' ability to carry out a two major
theater war strategy. 5 Recently retired Generals Anthony Zinni of the U.S. Marine
Corps and George Joulwan of the U.S. Army have even questioned America's ability
to conduct one major theater war the size of the 1991 Gulf War. 6 Military readiness
is vital because declines in America's military readiness signal to the rest of the
world that the United States is not prepared to defend its interests. Therefore,
potentially hostile nations will be more likely to lash out against American allies and
interests, inevitably leading to U.S. involvement in combat. A high state of military
readiness is more likely to deter potentially hostile nations from acting aggressively
in regions of vital national interest, thereby preserving peace.

--add-on disease sats


Satellites are vulnerable to cyberattacks- NOAA attack proves
Livingstone 14 (David Livingstone, staff writer for Newsweek, Newsweek Cyberattacks in Space: We must defend the final
frontier 11/26/14 http://www.newsweek.com/cyberattacks-space-we-must-defend-final-frontier-287525)
On November 12, The Washington Post reported that the U.S. satellite weather network had suffered an electronic attack,
forcing cyber-security teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial
uses. The attack resulted in an unscheduled maintenance of the United States National Oceanic and Atmospheric Administration (NOAA)s
data feed for weather forecasts. Although the maintenance required had only a small impact on weather forecasts, the hack has highlighted
a vulnerability in satellite systems that reaches far beyond the meteorological community. Much of the worlds
critical national infrastructure is now heavily reliant on space technology, and the upward trend of this dependency
will continue. Whether related to communications, to precise navigation and timing, or to earth observation, satellite data and its associated
connectivity touch every aspect of daily life. There are now many hundreds of satellites orbiting the Earth, with many built and controlled by
commercial concerns, possessing capabilities that hitherto have been found only in the defense or special intelligence communities. The U.S.
governments recent decision to loosen its export control restrictions on satellite technologies to allow private sector capture of 25cm-resolution
imagery shows the importance of the market forces in play. As the number of satellite data feeds continues to rise, so does the
opportunity for illegal interference within the space data ecosystem. The origins of space exploitation have hitherto been
generally either government (for military and intelligence purposes) or academic; but the future of space lies with commercial enterprise. Lowcost access to space, a fundamental enabler for future space capability, is now a phenomenon of the present. For example, CubeSat technology,
combined with a dramatic reduction in costs of manufacture and launch, is enabling private individuals, nongovernmental and international
organizations to launch their own mini-satellites; the U.K. is now in the process of selecting its first spaceport to launch winged cargo-carrying
space planes on a routine basis. If, right now, space was suddenly denied to its users through some dramatic event, the
harm created to the worlds economy and to the safety of its citizens would be immense. It is therefore surprising that there
is not a greater focus on increasing the space domains resilience to cyberattack, from whatever quarter. The U.K.s National Security Risk
Assessment (NSRA) places cyberattack within the top four challenges that the nation faces, and this position will no
doubt be similar in nations elsewhere around the globe. Thus a 48-hour outage at NOAA is a worrying signal that the space
community has yet to adopt a more stringent approach to space-related data. If a government-related data feed has this level of
vulnerability, then what will the vulnerabilities be in a broader domain in which commercial drivers, including the sometimes expensive
discipline of security, hold sway? Furthermore, it is a concern and possibly symptomatic in the U.K.s case that, despite the prominence of cybersecurity in the NSRA, the same issue receives only scant consideration by the British governmentonly a single dedicated paragraph in the
U.K.s National Space Security Policy. Chatham Houses continuing study of space and cyber-security indicates that an inclusive and cultural
approach to the space-cyber-security phenomenon is absent on both national and international stages. It is becoming increasingly

apparent that there are critical weaknesses not simply in the identification of deficiencies in particular space systems,
but also in the way that the conjunction of space and cyber-security is being organized . There are mature and internationally
respected models for the management of cyber-security, which, when applied to the ground-based parts of the space data eco-system, serve well.
What is needed, however, is an end-to-end approach based on risk management and resilience. Each and every stakeholder, from satellite
assembly through to data exploitation, via the space-based segment, needs to know his or her respective cyber-security responsibilities in
delivering assured space-based services. This applies particularly to the commercial cadre whose management instinct may be to duck the cybersecurity issue (or try and get away with the minimum effort required to check the ISO 27001 boxes) on cost grounds. There will not be a single
process applied within this complex and interlinked domain; the level of resource required for individual missions, for example, will depend on a
variety of factors, including criticality of the capability being deployed, the endurance of the craft itself, the likelihood of attack and the fall-back
options if an attack is successful. The software of spacecraft needs to be designed from the outset for the appropriate level
of security, and some systems may need to be checked for resilience before launch (and not once ensconced in orbits from
which there are now no plausible recovery options). Cyber-security in space is both a critical area and also one that is most

vulnerable to exploitation when set in the context of very complex supply chains and space-related operational
infrastructures. Satellite services are key targets for a number of cyber-security threats, as they support a critical
level of national infrastructure functionality and this is growing year by year. A single successful attack on a critical
node, if unmitigated, can have the potential to affect a significant number of important national and international
capabilities. Awareness of the potential attack on the NOAA systems was made clear in July when a report by the Office of Audit and
Evaluation in the U.S. Department of Commerces Office of Inspector General raised the alarm on the significant security deficiencies
in NOAAs information systems. NOAA is not alone in being vulnerable to cyber-security attacks. Now that the news is
out in the public domain, we can only hope that it serves as a significant wake up call.

Satellite surveillance key to preventing disease outbreaks


American Society of Tropical Medicine and Hygiene 07 (American Society of Tropical Medicine and Hygiene on
Research presented at the American Society of Tropical Medicine and Hygiene Meeting in Philidelphia, EurekAlert NASA

technology helps predict and prevent future pandemic outbreaks 11/6/07 http://www.eurekalert.org/pub_releases/2007-11/asotnth110607.php)
With the help of 14 satellites

currently in orbit and the National Aeronautics and Space Administration's (NASA) Applied
Sciences Program, scientists have been able to observe the Earth's environment to help predict and
prevent infectious disease outbreaks around the world. The use of remote sensing technology aids
specialists in predicting the outbreak of some of the most common and deadly infectious diseases
today such as Ebola, West Nile virus and Rift Valley Fever. The ability of infectious diseases to thrive depends on
changes in the Earth's environment such as the climate, precipitation and vegetation of an area. Through orbiting satellites, data is
collected daily to monitor environmental changes. That

information is then passed on to agencies such as the


Centers for Disease Control and Prevention and the Department of Defense who then apply the data
to predict and track disease outbreaks and assist in making public health policy decisions. "The use
of this technology is not only essential for the future of curbing the spread of infectious diseases ,"
explains John Haynes, public health program manager for the NASA Earth Science Applied Sciences Program. "NASA satellites are
also a cost-effective method for operational agencies since they are already in orbit and in use by scientists to collect data about the
Earth's atmosphere." Remote

sensing technology not only helps monitor infectious disease outbreaks in highly affected
areas, but also provides information about possible plague-carrying vectors -- such as insects or rodents -globally and within the U.S. The Four Corners region, which includes Colorado, New Mexico, Arizona, and Utah, is a highly
susceptible area for plague and Hanta virus outbreaks, and by understanding the mixture of vegetation, rainfall and slope of the
area, scientists

can predict the food supply of disease transmitting vectors within the region and the
threat they cause to humans. Because plague is also considered a bioterrorism agent, NASA surveillance systems enable
scientists to decipher if an outbreak was caused by natural circumstances or was an act of bioterrorism. A particular infectious
disease being targeted by NASA is malaria, which affects 300-500 million persons worldwide, leaving 40 percent of the world at risk
of infection. The Malaria Modeling and Surveillance Project utilizing NASA satellite technology is currently in use by the Armed
Forces Research Institute of Medical Sciences in Thailand and the U.S. Naval Medical Research Unit located in Indonesia. Data
collected at these locations is combined and used to monitor environmental characteristics that effect malaria transmission in
Southeast Asia and other tropical and subtropical regions. Malaria surveillance provides public health organizations with increased
warning time to respond to outbreaks and assistance in the preparation and utilization of pesticides, which leads to a reduction in
drug resistant strains of malaria and damage to the environment. "NASA

satellite remote sensing technology has


been an important tool in the last few years to not only provide scientists with the data needed to
respond to epidemic threats quickly, but to also help predict the future of infectious diseases in areas
where diseases were never a main concern," says Mr. Haynes. "Changing environments due to global warming have
the ability to change environmental habitats so drastically that diseases such as malaria may become common in areas that have
never been previously at-risk."

No defense best evidence proves extinction


Casadevall 12 (Arturo Casadevall, Professor and Chair of the Department of Microbiology and Immunology, Professor in the
Division of Infectious Diseases, and Director of the Center for Immunological Sciences, Albert Einstein College of Medicine, The
future of biological warfare, Microbial Biotechnology, 5(5), September 2012, p.584-585,
http://onlinelibrary.wiley.com/doi/10.1111/j.1751-7915.2012.00340.x/abstract)
In considering the importance of biological warfare as a subject for concern it is worthwhile to review the known existential threats. At this time this writer can
identify at three major existential threats to humanity: (i) large-scale thermonuclear war followed by a nuclear winter, (ii) a planet killing asteroid impact and (iii)
infectious disease. To this trio might be added climate change making the planet uninhabitable. Of the three existential threats the first is deduced from the
inferred cataclysmic effects of nuclear war. For the second there is geological evidence for the association of asteroid impacts with massive extinction (Alvarez,
1987). As to an existential threat from microbes recent decades have provided

unequivocal evidence for the ability of certain pathogens


to cause the extinction of entire species. Although infectious disease has traditionally not been associated with extinction this view has changed by the
finding that a single chytrid fungus was responsible for the extinction of numerous amphibian species (Daszak et al., 1999; Mendelson et al.,
2006). Previously, the view that infectious diseases were not a cause of extinction was predicated on the notion that many
pathogens required their hosts and that some proportion of the host population was naturally resistant . However, that calculation does
not apply to microbes that are acquired directly from the environment and have no need for a host, such as the majority of fungal

pathogens. For those types of hostmicrobe interactions it is possible for the pathogen to kill off every last member of a species without harm to
itself, since it would return to its natural habitat upon killing its last host. Hence, from the viewpoint of existential threats environmental microbes
could potentially pose a much greater threat to humanity than the known pathogenic microbes, which number somewhere near 1500 species (Cleaveland et al.,
2001; Tayloret al., 2001), especially if some of these species acquired the capacity for pathogenicity as a consequence of natural evolution or bioengineering.

--a2 adv cp cnci prereq


Eliminating backdoors is a prerequisite to effective CNCI vulnerabilities
Eric Chabrow 15--- Executive Editor of GovInfoSecurity and journalist who has covered information technology and
government. Formerly Top editor at award-winning business journal CIO Insight. Hes also Presented at RSA, the premier IT
security conference. (Chabrow, Is Barack Obama a Cybersecurity Leader?, Gov Info Security.
http://www.govinfosecurity.com/blogs/barack-obama-cybersecurity-leader-p-1800)//ET
Technology, after all, is in Obama's DNA, and from his very first day in office, securing technology was a very personal matter. Remember the news stories before
his inauguration that he didn't want to give up his BlackBerry, so the smart phone had to be modified to become extremely secure? Cybersecurity has been
a priority of the Obama presidency from the get-go. Within a month of his inauguration six years ago this week, he commissioned a government wide
cybersecurity review that three months later produced the Comprehensive National Cybersecurity Initiative, which he announced with much
fanfare in a White House speech (see The President's 10-Point Cybersecurity Action Plan). Within a year, Obama named the first White House cybersecurity
coordinator (see Schmidt: A Take-No-Nonsense Cybersecurity 'Czar'). Still, Obama would go months, even longer, without uttering the word "cybersecurity" in
public, although his aides contended it was a topic he remained engaged in behind the scenes. Legislation Languishes In 2011, Obama offered a comprehensive
legislative proposal - one similar to the package he revealed this past week - but over the next 3 years, cybersecurity bills backed by Obama languished in the
Capitol (see White House Unveils Cybersecurity Legislative Agenda) . Not getting his legislation through Congress, Obama decided to use his executive
authority, and nearly two years ago signed an executive order directing the federal government to share cyberthreat information with critical infrastructure owners
(see Obama Issues Cybersecurity Executive Order). He also ordered the National Institute of Standards and Technology to work with industry to create a
cybersecurity framework, a compendium of IT security best practices, which critical infrastructure operators and others could adopt voluntarily. That framework
was issued in February 2014 to mostly positive reviews from the business community (see NIST Releases Cybersecurity Framework). This past year, Obama
issued another executive order directing government agencies to shift to the use of chip-and-PIN cards that are deemed more secure than magnetic stripe cards
(seeObama Seeks to Speed EMV Adoption). Now, the president is aggressively pushing his latest cybersecurity initiatives, which include measures to encourage
businesses to share cyberthreat information, nationalize data breach notification and toughen criminal laws to allow prosecution of botnet sales and protect
student data (see Obama Unveils Cyberthreat Info Sharing Plan and Obama Seeks to Nationalize Breach Notification). "If we don't act, we'll leave our nation and
our economy vulnerable," Obama said in this week's State of the Union address. "If we do, we can continue to protect the technologies that have unleashed
untold opportunities for people around the globe." Defining Leadership Does all of this make Obama a cybersecurity leader? To help me answer that question, I
asked experts in the IT security and privacy field to share their thoughts on the matter. "It's incontrovertible that the president has demonstrated true leadership in
the cybersecurity space," says Larry Clinton, president of the industry trade group Internet Security Alliance. "No world leader has shown more vision and insight
to the cyberthreat." Clinton, to back his contention, points to the initiatives cited above. "This degree of presidential focus is unprecedented and is one of the
hallmarks of leadership," he says. With less fervor, privacy and data security lawyer Francoise Gilbert sees leadership tendencies in Obama's actions. "No other
U.S. president has been as proactive as President Obama in pushing privacy or security legislation," she says. "From this standpoint, he is a better leader in
regards to cybersecurity and data privacy than any of his predecessors, but I would not give him an A for his performance. There is room for improvement."
Determining whether Obama is a true cybersecurity leader could be shaded by one's own agenda. Clinton generally agrees with Obama's cybersecurity agenda,
although he says the Internet Security Alliance seeks more aggressive action than the president proposes. Change of Heart Privacy advocate Rebecca Herold
says the president demonstrated leadership by proposing legislation to hold companies accountable for protecting consumers' personal information and to
safeguard the data of students. "I was hopeful that President Obama would be a good technology leader when he had promoted privacy with these initiatives,"
she says. But her opinion changed about his leadership with revelations of National Security Agency snooping during his tenure, as well as his stated belief that
law enforcement might need to have a backdoor to break encryption on suspected terrorists' mobile devices (see Obama Sees Need
for Encryption Backdoor). "There is an apparent large gap between his stated concerns and his understanding of cybersecurity ," Herold
says. "It doesn't seem as though he realizes that putting backdoors into security technologies will make those

security technologies
ineffective and put organizations at risk of having the cybercrooks using those backdoors, and will make it significantly harder for
organizations to effectively protect data and systems." It's not just a philosophical bent that could determine whether one considers anyone a leader. It
could be missed opportunities to evangelize the cause.

--a2 adv cp cnci fails


CNCI fails at creating transparency too vague
Aftergood 10 <Steven, Director of the FAS Project on Government Secrecy, BS from UCLA, 3/3/2010, White House Offers
Glimpse of Cybersecurity Program, Federation of American Scientists, http://fas.org/blogs/secrecy/2010/03/wh_cyber/>//wx
The White House yesterday released a newly declassified description (pdf) of the Comprehensive National Cybersecurity Initiative (CNCI), a
highly classified program that is intended to protect U.S. government computer networks against intrusion and disruption . The
cybersecurity initiative was established in January 2008 by President Bushs classified National Security Presidential Directive (NSPD) 54, and quickly became
controversial in part because of the intense secrecy surrounding it. Virtually everything about the initiative is highly classified, the Senate Armed Services
Committee complained in 2008, and most of the information that is not classified is categorized as For Official Use Only. These restrictions preclude public
education, awareness and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties. The
Committee strongly urges the [Bush] Administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the
initiative. No such reconsideration was forthcoming until now. Concerns about overclassification were also expressed by the National Academy of Sciences in a
2009 report, which called for a broad, unclassified national debate and discussion about cyber-attack policy, and argued that secrecy even about broad policy
issues serves mostly to inhibit necessary discussion about them. The Comprehensive National Cybersecurity Initiative was the single largest request and the
most important initiative of the Presidents fiscal year 2009 [intelligence] budget request, the House Intelligence Committee said in its report on the FY2009
intelligence authorization act. The Electronic Privacy Information Center filed a Freedom of Information Act lawsuit (pdf) just last month seeking declassification
and disclosure of the Bush Administrations NSPD 54. But that foundational directive was not disclosed, nor did the Obama Administration address the issue of
offensive cyber policy raised by the National Academy. Instead, the White House released a descriptive summary of 12 component elements of the Cybersecurity
Initiative, a gesture that it said was consistent with the Presidents emphasis on increased transparency. Transparency is particularly vital in areas, such as the
CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity, said Howard A. Schmidt,
the White House Cybersecurity Coordinator who announced the disclosure. Transparency provides the American people with the ability to partner with
government and participate meaningfully in the discussion about how we can use the extraordinary resources and expertise of the intelligence community with
proper oversight for the protection of privacy and civil liberties, Mr. Schmidt said. But without a

clear delineation of legal authorities and


implementation mechanisms, the scope for meaningful public discussion seems limited. As the House Intelligence Committee put it in 2008,
a cybersecurity initiative [is] worthwhile in principle, but the details of the CNCI remain vague and, thus, open to questio n. In order
to bolster independent oversight of programs such as the CNCI that must remain classified, at least in part, dozens of public interest organizations including the
Federation of American Scientists this week urged President Obama (pdf) to finally appoint the members of an independent executive branch oversight board.
The Privacy and Civil Liberties Oversight Board (pdf), originally proposed in 2004 by the 9/11 Commission to monitor and defend civil liberties in information
sharing and counterterrorism activities, was given independent agency status by Congress in 2007. But it has remained vacant since that time and thus unable to
fulfill its assigned task. It is crucial that you nominate qualified individuals to serve on the PCLOB, so that it may begin to provide guidance as new policies and
procedures are developed, the public interest group letter said.

CNCI cant solve too secretive and neglects private sector security
Rollins and Henning 9 <John Rollins, Specialist in Terrorism and National Security, and Anna C. Henning, Legislative
Attorney, 3/10/2009, Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations, p. 2-4,
Congressional Research Service, http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/R40427_03102009.pdf>//wx
As of the date of this report, unclassified versions of the January 2008 directives establishing the CNCI have yet to be released. While the Initiative has yet to be
legislatively recognized, presidential directives, sometimes considered types of executive orders and visa versa, have the force of law if they are supported by
constitutional or statutory authority.26 Although much remains unknown about the CNCI due to the classified nature of the presidential
directives and supporting implementation documents, federal government agency press releases and statements by government officials provide a bit of
insight regarding the program. Some security observers are concerned that because the CNCI is focused on developing and adhering to strategies and

policies to secure the federal systems, many of which rely on private sector telecommunications networks for service and
support, and identifying current and emerging threats and vulnerabilities, it is incumbent on the federal government to improve its
coordination activities with non-federal entities and undertake enhanced sharing of timely and relevant cybersecurity related plans and risk data. Few
details have been publicly released regarding the implementation activities or status of CNCI efforts since the establishment of the
initiative. According to one media account, Steven Chabinsky, Deputy Director of the Joint Interagency Cyber Task Force for the Office of the DNI, stated at an
information technology security conference that there are 12 objectives supporting the Initiatives goal of comprehensively addressing the nations cyber security
concerns. They are: 1. Move towards managing a single federal enterprise network; 2. Deploy intrinsic detection systems; 3. Develop and deploy intrusion
prevention tools; 4. Review and potentially redirect research and funding; 5. Connect current government cyber operations centers; 6. Develop a governmentwide cyber intelligence plan; 7. Increase the security of classified networks; 8. Expand cyber education; 9. Define enduring leap-ahead technologies; 10. Define
enduring deterrent technologies and programs; 11. Develop multi-pronged approaches to supply chain risk management; and 12. Define the role of cyber
security in private sector domains.27 One question often raised is whether the CNCI objectives are being pursued concurrently. Some security observers are
concerned that the governments focus to date has been on securing federal security systems at the expense of other networks that
have similar vulnerabilities. The disruption, or perceived accessing or manipulating of data in non-federal networks that contain
personal financial information or manage the control systems of the nations critical infrastructure could have significant economic , safety,
and confidence-in-government implications. It is often noted that in the homeland security and law enforcement communities, where a great deal of post- 9/11
emphasis is placed on continuous information exchange and collaboration, efforts to secure the federal technology systems, while relegating
state, local, and private sector organizations to lower standards of security, will simply

redirect

or delay

risk

that inevitably accompanies

increased collaboration. This concern is often expressed by non-federal governmental entities which rely on and routinely coordinate efforts with the U.S.
government but have not been apprised of the plans or resources accompanying the CNCI . Given the secretive nature of the CNCI, one of the
common concerns voiced by many security experts is the extent to which non-federal entities should have a role in understanding the
threat to the nations telecommunications and cyber infrastructure and assist with providing advice , assistance, and coordination in preparation
and response for ongoing and future intrusions and attacks.28 As telecommunications providers and internet service providers are corporate entities
residing in the private sector, and are relied upon heavily to support federal government activities and services, many cyber-security
observers suggest that a comprehensive approach to an effective monitoring, defending, and responding regime is not possible without the
collaboration and expertise of the nations cyber sector owners and operators . As evidenced in the twelve objectives of CNCI, it appears the
federal government focus is on the prevention aspects of addressing potential threats to the nations cyber and telecommunications infrastructure. In contrast, the
primary response and recovery activities associated with previous network breaches have been addressed by the private sector entity that has been the victim of
the attack. In an apparent admission of the need for further transparency and enhanced public-private partnership to better fulfill the goals of the CNCI, former
President Bushs Assistant Secretary of Cybersecurity and Telecommunications at the Department of Homeland Security (DHS), Greg Garcia, recently stated that
there was too much classified (about the CNCI) which was not helpful politically and not helpful in getting the word out. Acknowledging the balance between
incorporating the view of non-federal entities and the concern of allowing those that wish to use cyber activities to cause harm, Assistant Secretary Garcia went
on to further state that the Department had to walk the line between raised awareness of what was being accomplished and not letting out too much information
that could cause us to be targeted. Still, too much was kept secret.29 Based on the number of unknowns concerning the CNCI and the apparent

lack of inclusiveness with the private sector telecommunication and internet providers, some analysts are concerned that future
opportunities for successfully ascertaining known and future threats and developing a comprehensive set of legal and policy responses
may not be achievable . An apparent Obama Administration goal for the current 60-day cyber security review is a more transparent and coordinated
approach to the nations cyber security risks with the perceived end result being that all affected parties are consulted and given the opportunity to provide advice
and assistance in proposing changes to existing legislation, policy, and processes.30

No solvency- CNCI is only focused on securing government networks


Catherine Elizabeth Hart 12--- MA from Simon Fraser University in the School of Communications Faculty of Communication,
Art and Technology. B.A. from Birmingham University. (Hart, Securing Freedom: A media framing analysis of
Cybersecuritization. P. 66-67. Masters Thesis. https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=20&cad=rja&uact=8&ved=0CF0QFjAJOApqFQoTCP3l6Oq78cYCFQPPcgod5K8OuA&
url=http%3A%2F%2Fsummit.sfu.ca%2Fsystem%2Ffiles
%2Firitems1%2F12560%2Fetd7558_CHart.pdf&ei=svqwVf3ELoOeywPk37rACw&usg=AFQjCNHEx3r6hsAYDXDFoSpX32MBT7
TKLw&sig2=bQZTt-jKSPXhcQsml_Enkw&bvm=bv.98476267,d.bGQ)//ET
Since the early 1990s, the U.S. government carried out various formal investigations into cybersecurity with the aim of persuading the
major actors in cybersecurityi.e. policymakers, industry leaders, and the publicof the need to develop a coherent policy. These policy documents
consulted a range of actors, including industry representatives, military and government officials, and to a lesser extent, the general public and civil society
groups. The first significant attempt at promoting awareness and acceptance of the cyberthreat was in a 1997 report written by the Presidents Commission on
Critical Infrastructure Protection, called Critical Foundations: Protecting Americas Infrastructures. It is on this report that the Clinton Administrations cybersecurity
policy, Presidential Decision Directive 63 (PDD 63) was based. The policy document is briefonly fifteen pageswhich is in keeping with its position as a first
attempt at articulating cybersecurity policy, however the Critical Foundations report was a much more in-depth exploration of the issues, as little was known or
understood about cyberthreats, meaning that policy makers first needed to be convinced of its importance. The National Strategy to Secure Cyberspace (NSSC)
was written half a decade later by the Bush Administration, by which time, according to PDD 63, the security of critical infrastructure should have been achieved,
but this had not been the case. Internet penetration in the U.S. was much higher , and the networking of critical infrastructure much
greater, resulting in greater awareness and acceptance within government of the vulnerabilities in national security which could be
exploited through the Internet. Therefore a much more concerted effort was made in this document to communicate this knowledge not only to government and
industry, but to the general 67 public whose use of this digital infrastructure could have a direct impact on the security of the nation. The NSSC superseded PDD
63, and gave responsibility for the coordination of national efforts to protect critical infrastructure to the new Department of Homeland Security, situating
cybersecurity firmly in the context of counter-terrorism efforts. The emphasis on the threat of terrorism and the emotive appeal to the public to
fall in line with a national effort to improve national security through cybersecurity is clear throughout the document. This was followed by

the Comprehensive National Cybersecurity Initiative (CNCI) of 2007 , which is neither comprehensive, nor national and focuses
on securing government networks (Clarke 2010, 115). It is also classified, except for a one-page outline released in 2010. The most
recent development to cybesecurity policy is the Cyberspace Policy Review (CPR) of 2009 which does not offer much in the way of new policy, but rather
reaffirms existing efforts, and places slightly greater emphasis on public awareness-raising. Like the NSSC, it focuses on security holistically, including
government, industry, and civilian networks. However both documents are conspicuously silent on the role of the military, despite being focused on national
security and defence. They were written in very different political climates, and under different presidents who had very different expectations. The CPR gives
little attention to a description of the vulnerabilities of cyberspace and the threat this poses to the nation, while the NSSC dedicates an entire section to the case
for action. This different framing has two likely reasons; firstly, in the time that elapsed between the writing of the NSSC and the CPR, cybersecurity became an
accepted priority issue that did not require justification. Secondly, former President Bush had a fairly low approval rating prior to the 9/11 attacks, and the onus
was therefore on the administration to justify its every move. Conversely, Obama entered the presidency accompanied by an expectation of hope and change,
and so the CPR was framed as an attempt to improve existing policy, not justify its existence in the first place. The NSSC was one of the first documents of this
nature, suggesting new cooperation between industry, government, and the public to increase control over and therefore security of the national computer
networks on which the country depends. By comparison, the CPR was dealing with currently existing partnerships, policies, and protocol, giving this document
more of a bureaucratic management emphasis.

--a2 adv cp cnci links ptx


Counterplan links to politics--- cybersecurity bills blocked and Obama will push for CNCI
Dara Kerr 15--- staff reporter for CNET focused on the sharing economy and tech culture. Degree from U.C. Berkeley Graduate
School of Journalism. (Kerr, Obama asks for $14 billion to step up cybersecurity 2/2/15. CNET.
http://www.cnet.com/news/obama-adds-14b-to-budget-for-stepped-up-cybersecurity/)//ET
Following through on his State of the Union address, President Barack Obama has added $14 billion to the 2016 budget proposal to beef up
cybersecurity in the US, according to Reuters. If approved by Congress, this money would be used to better protect government and private computer
systems from hackers. While the president was light on details during the State of the Union, he's now outlined his goals for cybersecurity
reform in his Comprehensive National Cybersecurity Initiative . These goals include increasing information sharing between private
companies and the government, enhancing counterintelligence capabilities and expanding cyber-education in the federal government. The cybersecurity
funding listed in the fiscal 2016 budget (PDF) would go toward specific programs and projects, like the Einstein intrusion detection system, federal
computer network monitoring and six cyberops centers for carrying out US cyberactivities. The fiscal year begins October 1. " This budget provides the
resources we need to defend the nation against cyberattacks ," Obama wrote in the 2016 proposed budget, which was released Monday. "No
foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families." The focus on
cybersecurity is apt : The US government and private companies fell victim to waves of hacking sprees in 2015. Retailers and banks, like Target, Home
Depot and JPMorgan, experienced security breaches and credit card theft; and a cyberattack on Sony Pictures, which the US blamed on North Korea, led to a
contentious face-off between the two countries. It's unclear if the Republican-controlled Congress will approve the funding for Obama's
proposed measures, however. Cybersecurity legislation that was proposed in the past has been stalled in Congress for years. "In

addition to increasing funding to protect our nation against cyberattacks," Obama wrote in the 2016 budget, " I continue to urge
the Congress to finally pass the legislation we need to meet this evolving threat."

Counterplan links to politics---new unification proposal proves


Maggie Ybarra 15--- Ybarra is a military affairs and Pentagon correspondent for The Washington Times. Ybarra, Congress
skeptical of Homeland Security developing unified plan on WMD defense, 7/14/15. The Washington Times.
http://www.washingtontimes.com/news/2015/jul/14/congress-skeptical-homeland-security-developing-un/)//ET
The Department of Homeland Security is planning on creating a one-stop shop that would centralize weapons of mass destruction defense, a
restricting the long delay of which, lawmakers say, has left the U.S. vulnerable to an attack. The new chemical, biological, radiological, and nuclear office
would create departmental unity between the Office of Health Affairs, the Domestic Nuclear Detection Office and elements of the Science and
Technology Directorate, said Reginald Brothers, DHS undersecretary for science and technology. Federal authorities envision that the new office will be a
mission support office, said Huban Gowadia, director of DHSs Domestic Nuclear Detection Office. The two department officials, along with Office of Health
Affairs Assistant Secretary Kathryn Brinsfield, testified during a rare joint hearing of the two subcommittees of the House Homeland Security Committee on
Cybersecurity, Infrastructure Protection and Security Technologies, and on Emergency Preparedness, Response and Communications. But

lawmakers

remain leery about the departments ability to organize a cohesive plan to counter the weapons of mass destruction threat through several
different offices. That plan seems unlikely to come to fruition quickly or efficiently, given the departments track record, said Rep. John Ratcliffe, Texas Republican
and chairman of the Cybersecurity subcommittee. In September of 2013, DHS was directed by Congress to undertake an in-depth review of
its WMD programs, he said. The review also required recommendations to improve its organizational structure to be more effective. Unfortunately, the
Committee only received this report less than a month prior to this hearing, meaning that its nearly two years late. Congressional documents show that
Homeland Security Department discovered that its directorates would take leadership during a biochemical attack . A restructure
plan should have taken form that year , but department shelved the idea due to lack of leadership interest. Criticism of the
department was high that year due to chemical and nuclear threats against the U.S. and its interests by terror groups, like al Qaeda. Those threats
have evolved in recent years to include the ambitions of the Islamic State, which has called on its supporters living in America to attack U.S. citizens
wherever they are and however they can. A laptop retrieved from a Syria-based Islamic State hideout in 2014 was reportedly found to contain plans for
weaponizing the bubonic plague and a document that discussed the advantages of using biological weapons signs that the terror groups ambitions are
growing, said Rep. Martha McSally, Arizona Republican and chairwoman of the Emergency Preparedness subcommittee. Experts suggest that terrorist interest
in utilizing chemical agents has increased, she said. In fact, reports indicate that ISIS may currently be conducting attacks using chemical agents in Syria and
Iraq. Lawmaker concern over the departments lackluster interest in streamlining its w eapons of mass destruction defense plan has
continued to spike in recent years. After the 2010 internal review, both the Houses Homeland Security and Appropriations committees launch their own
reviews of that plan. Congressional documents show that two years later, in 2012, department officials still did not have a clear entry point
for weapons of mass destruction coordination with other agencies, nor consistent representation at the table in the interagency community. Now, in
2015, that problem remains the same, said Rick Nelson, senior associate of the Center for Strategic and International Studies Homeland Security and
Counterterrorism Program. The Homeland Security Department has remained unable to keep up with the security efforts of its fellow
government agencies, Mr. Nelson told lawmakers during the hearing. Not only does DHS continue to be the outlier with its fractured

approach to [chemical, biological, radiological, and nuclear] but it also, for unknown reasons, has resisted or just simply failed to prioritize efforts to
correct the issue, he said.

--a2 adv cp cnci links terror


CP links to crime DA --- bad actors use encryption anyways
Bankston 4/29/15 - Kevin S. Bankston: Policy Director of New Americas Open Technology Institute & Co-Director of
New Americas Cybersecurity Initiative. Kevin was a Senior Counsel and the Director of the Free Expression Project at the Center for
Democracy & Technology. He is the Director of New Americas Open Technology Institute. Masters from the University of Southern
California Law School (Before the U.S. House of Representatives Subcommittee on Information Technology of the Committee on
Oversight and Government Reform: Hearing on Encryption Technology and Possible U.S. Policy Responses., Kevin S. Bankston,
April 29, 2015, https://static.newamerica.org/attachments/2982-at-crypto-hearing-best-arguments-against-backdoor-mandatescome-from-members-of-congress-themselves/Bankston_Oral_Testimony.ffdedda50c6149309d6d6da935795ed7.pdf)//chiragjain
Thats not even counting the many more billions of dollars that would be lost as consumers worldwide lost confidence in the security
of American computing products and online services. American technology companies, which currently dominate the global market,
have already been wrestling with diminished consumer trust in the wake of revelations about the scope of the National Security
Agencys programs, a loss of trust already predicted to cost our economy billions of dollars.23 Any new requirement that those
companies guarantee that the U.S. government have the technical capability to decrypt their users data would give foreign users
including major institutional clients such as foreign corporations and governments that especially rely on the security of those
products and serviceseven more incentive to avoid American products and turn to foreign competitors. It would also likely
diminish trust in the security of digital technology and the Internet overall, which would slow future growth of the Internet and
Internet-enabled commerce and threaten the primary economic engine of the 21st century. To put it bluntly, foreign customers will
not want to buy or use online services, hardware products, software products or any other information systems that have been
explicitly designed to facilitate backdoor access for the FBI or the NSA.24 Nor will many American users, for that matter. Instead,
they will turn to more secure products that are available for purchase or for free download from sources outside of the United States,

It would not succeed at keeping bad actors from using


unbreakable encryption. Encryption technology and the ability to create it was already
becoming widespread during the original Crypto Wars,25 and at this point is nearly ubiquitous. And,
as was true then, much of that technology is free and open source . For example, there are the open
which is a major reason why 4.

source versions of PGP encryption software that are still the most popular end-to-end email encryption solution, the OpenSSL
software library that has long been used to encrypt vast amounts of every-day web traffic, open source disk encryption programs like
TrueCrypt, the open source Off-The-Record instant messaging encryption protocol used by a wide variety of IM clients, and the TOR
onion routing software originally developed by the Naval Research Laboratory that is now widely used to circumvent oppressive
governments censorship regimes and allow for anonymous online browsing.26 A

government mandate
prohibiting U.S. companies from offering products or services with unbreakable
encryption is of little use when foreign companies can and will offer more secure
products and services, and when an independent coder anywhere on the planet has the resources to create and distribute
free tools for encrypting your communications or the data stored on your mobile devices. As former Homeland Security Secretary
Michael Chertoff recently put it, [T]hat genie is not going back in the bottle.27 The

result is that a U.S.


government-mandated backdoor into the encrypted products and services of U.S.
companies, while undermining the information security of millions of ordinary
Americans and the economic security of the American tech industry, would do little to
prevent bad actors from taking advantage of strong encryption. Or, as PGPs inventor Phil
Zimmerman famously said in the 90s: If privacy is outlawed, only outlaws will have privacy .28 Not only
is such a mandate likely to be ineffective, but also 5. Its unnecessary in order to keep us safe from criminalsbut strong
encryption is. So far, the opponents of strong device encryption have failed to offer any compelling examples where such encryption
seriously hindered a criminal investigation or prosecution. FBI Director Comey did offer, in his October speech on the subject, four
examples of cases where cellphonederived evidence was supposedly critical to a solving a crime, but those examples were quickly
debunked by the press.29 During the same event, Director Comey came up empty when asked for a real-world example where
encryption actually stymied an investigation.30 And in March he admitted to the House Appropriations Committee in March that he
wasnt in a position to offer a percentage or number of cases affected by encrypted devices.31 Meanwhile, in the realm of law
enforcement wiretaps of phone and Internet communications, where numbers are available via annual reports by the Administrative
Office of the U.S. Courts, the number of cases where encryption has posed a problem is miniscule. Specifically, according to the
report issued in 2014, of the over 3,576 wiretaps conducted by federal and state law enforcement in 2013, encryption was
encountered in only 41 cases, and the police were able to obtain the plain text of the encrypted communications in 32 of those 41
cases. 32 So, strong encryption posed a problem in only nine of 3,500 wiretaps, and that was a record high.

--a2 adv cp info-sharing


Information sharing does virtually nothing to combat cyberattacks
Sorcher 15 (Sara Sorher, staff writer for CS Monitor, deputy editor of Passcode, The Christian Science monitor Influencers:
Obamas info-sharing plan wont significantly reduce security breaches 2/25/15,
http://www.csmonitor.com/World/Passcode/2015/0225/Influencers-Obama-s-info-sharing-plan-won-t-significantly-reduce-securitybreaches)
In the wake of several high-profile cyberattacks, President Obama pushed a plan to increase the exchange of
information about threats between the private sector and the government. Even if it passes Congress,
however, a strong 87 percent majority of Passcode's Influencers say this initiative will not significantly reduce
security breaches. "Yawn. This is the 99th time I've heard of this idea," wrote technologist and author Dan
Geer. "The private sector in various places (like high end banks) is doing such a better job of information sharing that the
US government has nothing to add unless it wants to just give all the chief information security officers a clearance which,
incidentally, they have largely done for the bigs but not for the littles," said Geer, chief information security officer for In-QTel, a not-for-profit investment firm that works to invest in technology that supports the missions of US intelligence
community. "Banks are way, way ahead," he said. " The big data breaches are so often the result of not paying

attention by the victim." If the solution to significantly reduce security breaches is information
sharing, said Jeff Moss, president of DEF CON Communications, "then the market would have
addressed it years ago with a crowded field of info exchange tools, but [it] hasn't . Information
sharing allows better and faster bandaids but doesn't address the core problem." The Obama

administration's plan, designed to pool threat information and improve response times to cyberattacks, would put the
Department of Homeland Security as the central repository of the information coming from the private sector. It came on
the heels of major security breaches at companies such as Sony Pictures and Target. The plan would have helped in just a
"small subset of cases to provide information sharing and smarter defenses, but that alone won't significantly stop
attacks," said one Influencer, who chose to remain anonymous. "If private sector companies set up the infrastructure,
training, and process to defend their networks using this and lots of other intelligence then it will indeed start to
provide significantly greater protection. All that being said, the smartest and most sophisticated adversaries will
continue to penetrate what are in many cases inherently vulnerable systems. " The Passcode Influencers
Poll brings together a diverse group of more than 70 security and privacy experts from across government, the private
sector, academia, and the privacy community. To preserve the candor of their responses, Influencers have the choice to keep
their comments anonymous, or voice their opinions on the record. Relying on information-sharing to prevent
attacks "presumes that hackers will evidence the same signature over a long period of time ," wrote
Martin Libicki, senior management scientist at RAND. "If it functions at all (as a signature-passing device), its primary
effect will be to force hackers to modify their signatures. After the hackers do so, this expensively-wrought measure will be
fairly useless." There is momentum on Capitol Hill to pass a version of Obama's information-sharing plan, which did have
some defenders within Passcode's pool of experts. Thirteen percent of Influencers said the plan would significantly reduce
security breaches, even as some acknowledged it's not a panacea. "While important, information sharing wont solve
everything," said Congressional Cybersecurity Caucus co-chair Rep. Jim Langevin (D) of Rhode Island. "What it will do,
though, is enable companies to discover and respond to threats of which they may not have been aware - and provide badly
needed situational awareness to the government. Its a first step, but an important one, and will allow us to broaden the
conversation to other important cybersecurity policy matters."

--a2 adv cp regulations


Regulations would harm businesses, stifle innovation, impede advancements, and impede security
avoiding regulations helps expand the internet
Leahy 15 - the U.S. Representative for Utah's 3rd congressional district, first elected in 2008. He is a member of
the Republican Party. (Encryption Technology and Potential U.S Policy Responses, Jason E. Chaffetz, April 29,
2015, Opening Statement: Committee on Oversight and Government Reform,
https://oversight.house.gov/hearing/encryption-technology-and-potential-u-s-policy-responses/)//chiragjain

Over the past 20 years, the Internet has transformed the lives of Vermonters and the
American people. We use the Internet to communicate, make financial transactions, access medical records, file taxes, and
store personal information and photographs. Critical to this digital revolution has been the
development and use of strong encryption. Encryption ensures that the digital
information we send or store electronically is protected against hackers , criminals, and spies. But
as we will hear this morning, the increased use of encryption also presents challenges for law
enforcement. Two decades ago, during the so-called Crypto Wars, the FBI and others argued that strong
encryption prevented investigators from obtaining access to information even when they
had a court order. They are voicing similar concerns today. As a former prosecutor, I am sympathetic to these public safety
concerns. Encryption can impede investigations by federal, state and local law enforcement
officials. So this is an important discussion for us to have. But as we learned in the 1990s, this is a complicated problem with no
easy solutions. Some have suggested that technology companies should build special law enforcement access into their systems. But

we also have to consider the risks of this approach. Strong encryption has revolutionized
the online marketplace and protects American businesses and consumers from
cybercrime, espionage, identity theft, stalking, and other threats on the Internet.
Undermining strong encryption could make our data more vulnerable . In the 1990s, I
opposed efforts to regulate the development of encryption technology . I sponsored and otherwise
supported legislation that authorized the use of any type of encryption technology in the United States; prohibited the government
from requiring key recovery features; and eased export restrictions limiting the sale of encryption technology abroad. I also opposed
efforts to promote the Clipper Chip, a cryptographic device for voice communications that facilitated government access to those
communications. I was concerned that regulating

encryption would stifle innovation, harm American


businesses, impede technological advancements, and undercut security. In 1996, I wrote an
open letter to the Internet and became the first member of Congress to use the popular encryption program Pretty Good Privacy
and sign a letter using an encrypted digital signature arguing that

regulating encryption was a hopelessly


outdated policy that fails to account for the real needs of individuals and businesses in
the global marketplace. The Clinton administration ultimately abandoned efforts to limit encryption technology. Many
experts now credit this decision for helping create the modern Internet, in which consumers use encryption to facilitate online retail,
banking, social media, and other communications. 2 Fifteen

years later, the vast majority of security


experts explain that creating special access for law enforcement would still introduce
into the digital space significant security weaknesses -- at a time when we need the
strongest possible cybersecurity. Just yesterday, a group of the worlds preeminent computer scientists and security
experts released a report concluding that any special access for law enforcement would pose grave
security risks, imperil innovation, and raise thorny issues for human rights and
international relations. Last month, nearly 150 security experts, tech companies, and other organizations wrote to the
President making similar points. I ask that those materials be placed in the record. The Presidents Review Group on Intelligence
and Communications Technology also explained in their December 2013 report that in light of the massive increase in cyber-crime
and intellectual property theft on-line, the use of encryption should be greatly expanded to protect not only data in transit, but also
data at rest on networks, in storage, and in the cloud. We also have to consider the effect on U.S. government efforts to promote
encryption and secure communications technology around the world. As Ranking Member of the Appropriations Subcommittee on
State, Foreign Operations and Related Programs, I know we have appropriated more than $100 million dollars just in the past two
years to promote Internet freedom, including providing strong encryption technology to human rights workers, journalists, and
political dissidents working under repressive regimes. Even if the United States were to take steps to facilitate law enforcement
access to encrypted communications, we need to evaluate how much it would help. Strong encryption would still be available from
foreign providers. Some say that any

competent Internet user would be able to download strong

encryption technology, or install an app allowing encrypted communications


regardless of restrictions on American businesses. But it would put American companies
at a disadvantage in the global marketplace.

ADV ECON

--a2 sq solves econ


US economy is in decline Trade deficit at a 6 year high
Harlan 5/29 [Chico, covers economics for the Washington Post, Works for several other acclaimed magazines, U.S. economy
shrinks in first quarter, raising questions about underlying strength, Washington Post, May 29, 2015,
http://www.washingtonpost.com/blogs/wonkblog/wp/2015/05/29/analysts-expect-decline-in-u-s-gdp-in-first-quarter/, July 17,
2015] KL
The U.S. economy shrank at an annualized pace of 0.7 percent in the first three months of the year , according to government data
released Friday morning, a tumble for a recovering nation that until recently seemed poised for takeoff. The contraction, the countrys third in the
aftermath of the Great Recession, provides a troubling picture of an economy that many figured would get a lift from cheap oil,
rapid hiring and growing consumer confidence. Instead, consumers have proved cautious, and oil companies have frozen investment all while a
nasty winter caused havoc for transportation and construction and a strong dollar widened the trade deficit. The numbers released Friday were a revision of
earlier figures that had shown GDP growing in the first quarter at 0.2 percent. Markets had since expected the downward revision, in large part
because of recent data showing the trade deficit at a 6-year high. Though the United States has shaken off nasty quarters in the past, including
one year ago, this time the rebound doesnt appear to be so dramatic. Halfway through the second quarter, economists say growth again appears to be below
expectations. Many analysts expect the GDP to expand roughly 2 percent in the second quarter, while the Federal Reserve Bank of Atlanta takes an even darker
view, predicting an expansion of just 0.8 percent. That would leave the United States with six months of economic standstill. In 2014, the economy contracted 2.1
percent in the first quarter. But growth was rapid for the rest of the year, expanding 4.6 percent in the second quarter and 5 percent in the third. Really the
interesting question is how much of this will bounce back, said Jeremy Lawson, a chief economist at Standard Life Investments, an asset management firm. My
take is that activity will rebound more slowly than it did last year. Some of these downward pressures are more persistent than in the past. Those pressures

include an oil price shock has stalled one of Americas best-performing sectors while forcing tens of thousands of layoffs and an
appreciated dollar that makes U.S. exports pricier overseas, pinching profits of major domestic companies . Remove the trade deficit,
and the U.S. GDP grew 1.2 percent in the first quarter . Not since 1985 has trade so heavily dragged down growth . In the first quarters,
businesses also pulled back on inventories, further cutting into growth. Still, perhaps the biggest surprise of the past six months has been the muted pickup in
consumer spending, which accounts for about two-thirds of the economy. Personal consumption grew 1.8 percent in the first quarter, but thats well off the pace
from the second half of 2014. Consumers, instead, have taken the money saved at the gasoline pump and used it to pay back debt or rebuild savings, according
to government and credit card data.

US econ declining now GDP decrease


HOUSE 6/25/14 - Jonathan House covers economics from Washington, D.C. Previously, he worked from Madrid, where he
covered the European debt crisis.( U.S. Economy Shrinks by Most in Five Years; June 2014; http://www.wsj.com/articles/u-s-gdp-contracted-at-2-9pace-in-first-quarter-1403699600)//pk

June 25, 2014 8:29 p.m. ET


Weather disruptions at home and weak demand abroad caused a contraction of rare severity in the U.S. economy in the first quarter, renewing
doubts about the strength of the nation's five-year-old recovery. Gross domestic product, the broadest measure of goods and services
produced across the economy, fell at a seasonally adjusted annual rate of 2.9% in the first quarter, the Commerce Department said in

its third reading of the data Wednesday. That was a sharp downward revision from the previous estimate that output fell at an
annual rate of 1%. It also represented the fastest rate of decline since the recession, and was the largest drop recorded since the
end of World War II that wasn't part of a recession. To be sure, many signs since March, including reports of growth in consumer spending, business
investment and hiring, indicate the first quarter doesn't mark the start of a new recession. And revisions in future years could alter the first-quarter figure. J.P.
Morgan Chase economist Michael Feroli described the decline as "mostly a confluence of several negative, but mostly one-off, factors." But the severity of the
drop, he said, "calls into question how much vigor there is in the pace of activity" going forward. One factor in the government's revision of first-

quarter output was difficulty in estimating the impact of the Affordable Care Act on health-care expenditures. Actual health
spending came in substantially lower than expected based on ACA enrollments and Medicaid data, declining at a 1.4%
annualized pace in the period compared with an earlier estimate of a 9.1% increase. Beyond that, consumer spending on goods,
business outlays on equipment and housing investment were all soft , a weakness that economists have attributed, at least in part, to unusually
harsh winter weather. Overall consumer spending on goods and services, which accounts for more than two thirds of economic output, increased at an annual
rate of 1%, off from the earlier estimate of 3.1% growth. The Commerce report showed businesses sharply drawing down inventories in the first quarter after
building them up to levels deemed unsustainable by economists late last year. The move subtracted 1.7 percentage points from growth. Exports in the
period fell by nearly 10%, a new sign of a challenging global economic environment. The European recovery remains anemic, while growth
in fast-expanding emerging markets such as China and Brazil has downshifted. The severity of the first-quarter downturn is at odds with other data showing
greater strength in the economy, especially a recent pickup in job creation. Since World War II, there have been 15 other quarters during which GDP contracted
by this amount or more. In 14 of those 15 quarters, hiring contracted along with output. Meanwhile, early data from the second quarter indicate the economy has
improved this spring, as warmer weather has helped release pent-up demand. Sales of new homes surged to a six-year high last month, while existing-home
sales rose to their highest level since October, data released earlier this week showed. "Things are looking very strong here in Naples," said Anthony Solomon,
owner of The Ronto Group, a land developer in Naples, Fla. "In all our communities, we're seeing great appetite from home builders and from end buyers." Still,

the depth of the first-quarter decline in output means growth during the first half of the year likely will fall below the economy's

average rate of just over 2% since it emerged from recession in June 2009 . That is below the longer-term growth rate, during recent decades,
of slightly more than 3%. "It does not sound like the economy has reached escape velocity no matter how you try to spin it," said Chris
Rupkey, an economist at Bank of Tokyo-Mitsubishi. For economic output to ratchet up to a healthier long-term trend, economists say
consumer spending must rise to its prerecession pace of about 3% growth. But five years into the recovery, high unemployment
and stagnant incomes continue to restrain the American consumer. "We just don't see consumer spending coming back to the levels that they
were before," Virginia McDowell, chief executive of Isle of Capri Casinos, Inc., recently told investors at a presentation of the company's fourth-quarter earnings.
"We continue to get pressured on the top line because our consumer spending habits have changed," Ms. McDowell said.

--xt plan k/t econ


Backdoors ensure growth slowdown
Bankston 15 - Kevin S. Bankston: Policy Director of New Americas Open Technology Institute & Co-Director of New Americas Cybersecurity Initiative.
Kevin was a Senior Counsel and the Director of the Free Expression Project at the Center for Democracy & Technology. He is the Director of New Americas
Open Technology Institute. Masters from the University of Southern California Law School (Before the U.S. House of Representatives Subcommittee on
Information Technology of the Committee on Oversight and Government Reform: Hearing on Encryption Technology and Possible U.S. Policy Responses.,
Kevin S. Bankston, April 29, 2015, https://static.newamerica.org/attachments/2982-at-crypto-hearing-best-arguments-against-backdoor-mandates-come-frommembers-of-congress-themselves/Bankston_Oral_Testimony.ffdedda50c6149309d6d6da935795ed7.pdf)//chiragjain

It would cost the American economy untold billions of dollars. Experts estimated during the original Crypto Wars that building and operating
the kind of key escrow infrastructure desired by the government would have cost the government and industry many billions of
dollars.21 Since then, the number of computer and Internet users, and computer and Internet devices, has grown
exponentially ; so too has the complexity and cost of such a scheme to give the government the universal decryption capability it apparently
desires.22 Thats not even counting the many more billions of dollars that would be lost as consumers worldwide lost confidence in
the security of American computing products and online services . American technology companies, which currently dominate the global
market, have already been wrestling with diminished consumer trust in the wake of revelations about the scope of the National
Security Agencys programs, a loss of trust already predicted to cost our economy billions of dollars.23 Any new
requirement that those companies guarantee that the U.S. government have the technical capability to decrypt their users data would give
foreign users including major institutional clients such as foreign corporations and governments that especially rely on the security of those products and
serviceseven more incentive to avoid American products and turn to foreign competitors. It would also likely diminish trust in the
security of digital technology and the Internet overall, which would slow future growth of the Internet and Internet-enabled
commerce and threaten the primary economic engine of the 21st century. To put it bluntly, foreign customers will not want to buy
or use online services, hardware products, software products or any other information systems that have been explicitly designed
to facilitate backdoor access for the FBI or the NSA.24 Nor will many American users, for that matter. Instead, they will turn to more
secure products that are available for purchase or for free download from sources outside of the United States, which is a major reason why

US economy relies on strong encryption money circulation


Venezia 7/13/15 Paul Venezia, Director of Government services Cyber 360 Inc. Cyber 360 Inc. is the leading Cybersecurity
full-time consultant and staffing firm in the U.S. ( Encryption with backdoors is worse than useless -- it's dangerous, July 15,
http://www.infoworld.com/article/2946064/encryption/encryption-with-forced-backdoors-is-worse-than-useless-its-dangerous.html)//pk
Last week FBI Director James Comey testified before a Senate Judiciary Committee about the use of encryption among terrorist groups. For anyone who
understands the critical role that encryption plays in the Internet and our private data networks, many of the exchanges between Comey and the senators on the
panel were not only revealing, but rather disturbing. Examples abound, but a few stick out. For instance, while discussing various types of encryption on data
communications and devices, Sen. John Cornyn, R-Texas, said this: It strikes me as irresponsible and perhaps worse for a company to design a product that
would intentionally prevent them from complying with a lawful court order. [ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure
your systems with InfoWorld's Security newsletter. ] By this he appears to mean that he would expect that anything that was encrypted should be able to be
decrypted without the actual keys at the request of a U.S. court. Director Comey clearly agreed: I don't understand the demand for people who would want
encryption that couldn't be decrypted at the order of an American judge. On the other side of the pond, U.K. Prime Minister David Cameron has said he wants to
either ban strong encryption or require backdoors to be placed into any encryption code to allow law enforcement to decrypt any data at any time. The fact that
these officials are even having this discussion is a bald demonstration that they do not understand encryption or how critical it is for modern life. They're missing
a key point: The moment you force any form of encryption to contain a backdoor, that form of encryption is rendered useless. If a backdoor exists, it will be
exploited by criminals. This is not a supposition, but a certainty. It's not an American judge that we're worried about. It's the criminals looking for exploits. We

use strong encryption every single day. We use it on our banking sites, shopping sites, and social media sites. We protect our
credit card information with encryption. We encrypt our databases containing sensitive information (or at least we should). Our
economy relies on strong encryption to move money around in industries large and small. Many high-visibility sites, such as Twitter,
Google, Reddit, and YouTube, default to SSL/TLS encryption now. When there were bugs in the libraries that support this type of encryption, the IT world moved
heaven and earth to patch them and eliminate the vulnerability. Security pros were sweating bullets for the hours, days, and in some cases weeks between the
hour Heartbleed was revealed and the hour they could finally get their systems patched -- and now politicians with no grasp of the ramifications want to introduce

They are threatening the very foundations of not only Internet commerce, but the
health and security of the global economy. Put simply, if backdoors are required in encryption methods, the Internet would
essentially be destroyed, . Those of us who know how the security sausage is made are appalled that this is a point of discussion at any level, much less
a fixed vulnerability into these frameworks.

nationally on two continents. Its abhorrent to consider. The general idea coming from these camps is that terrorists use encryption to communicate. Thus, if there
are backdoors, then law enforcement can eavesdrop on those communications. Leaving aside the massive vulnerabilities that would be introduced on everyone
else, its clear that the terrorists could very easily modify their communications to evade those types of encryption or set up alternative communication methods.

We would be creating holes in the protection used for trillions of transactions, all for naught. Citizens of a city do not give the police the keys to their houses. We
do not register our bank account passwords with the FBI. We do not knowingly or specifically allow law enforcement to listen and record our phone calls and
Internet communications (though that hasnt seemed to matter). We should definitely not crack the foundation of secure Internet communications with a backdoor
that will only be exploited by criminals or the very terrorists that were supposedly trying to thwart. Remember, if the government can lose an enormous cache of
extraordinarily sensitive, deeply personal information on millions of its own employees, one can only wonder what horrors would be visit ed upon us if it
somehow succeeded in destroying encryption as well.

Backdoors bad Privacy issues and loss of competitiveness for US companies in EU markets
Balaganski 15 - Alexei Balaganski is an analyst at Kuppinger Cole with specific focus on cybersecurity. After graduating with
an MSc degree in Mathematics and Computer science he has worked in the IT industry for over 15 years .-(Will there be a winner in
the encryption wars?; 7/22/2015; http://www.itproportal.com/2015/07/22/will-there-be-a-winner-in-the-encryption-wars/)//pk
Read more: http://www.itproportal.com/2015/07/22/will-there-be-a-winner-in-the-encryption-wars/#ixzz3ggeaLwk3

If there is one thing that can be said about most politicians, its that they do not understand technology. This is especially true
when the technology in question is related to cybersecurity and strong encryption in particular. Governments have always considered the
ability to intercept and decrypt communications of foreign nations a matter of national security, but no other country has been as persistent in their fight against
encryption as the United States. In the previous round of the Crypto Wars in the 90s, the US government had come up with the idea of an encryption device with
a built-in backdoor to be installed into every communication device, which would allow government agencies to obtain the encryption key and intercept all data
transmitted by that device. The proposal was met with unanimous opposition, and security experts have demonstrated multiple weaknesses in both the concept
of key escrow and the actual implementation of the chip. The idea has been abandoned in the end, but export controls that restricted which encryption methods
could be exported from the USA were introduced. Although eventually those regulations were lifted, many current software products still have to support those
weakened ciphers for compatibility reasons. Just recently, nearly a third of all websites were found to be vulnerable to the FREAK attack,
which allowed downgrading the security of an encrypted session and then successfully breaking the encryption. Fast-forward twenty
years, and the US and UK governments are now discussing very similar plans. Again, claims are brought forward that without having exceptional
access to all digital communications intelligence agencies will go dark and wont be able to fight terrorism . The same idea of a
centralised body holding all encryption keys in escrow for the government agencies is being discussed again. The UK government has gone so far as to suggest
banning certain types of encryption completely. It is all as if nothing has changed since the 90s. Alas, the world we are living in is now completely different. Before
discussing technical implications of these new proposals, its worth noting that the very premise of the current debate is demonstrably wrong .
Thanks to the documents leaked by Edward Snowden, we now know that NSA has not gone dark since the 90s . In fact, their
technical, legal and clandestine arsenal of surveillance tools has expanded immensely in the last decade. Essentially, they are capable
of intercepting a vast majority of communications around the world. Unfortunately, they are yet to show any evidence that this has actually helped prevent a
single act of terrorism. In fact, if these new regulations on encryption are going to be adopted after all, criminals and terrorists wont
have any real difficulties going back to low tech communication methods. Legitimate enterprises, however, will face much bigger problems. With all
the recent trends of digitalisation of businesses, the companies are becoming increasingly interconnected. Secure communications channels are now an
essential component of every companys infrastructure. This is especially true for cloud service providers, financial, health organisations, and other companies
dealing with large amount of other peoples sensitive data. A government-mandated backdoor to their infrastructures obviously introduces a
vulnerability ready to be exploited by a malicious agent, but thats not the biggest problem. A centralised government-controlled
body holding credentials for multiple such infrastructures is an even more lucrative target for attackers , and government agencies
arent exactly known for their high cybersecurity standards. Another problem is jurisdiction: if a US company operates in another
country, should it provide exceptional access to that countrys intelligence agencies as well ? What if the country in question is a
geopolitical enemy of the free world? Does it mean that well need to maintain another export-grade backdoor, too? Just imagine how complex and

expensive addressing these technical and legal problems would be. All these efforts, however, are most likely to be in vain, since
anyone wishing to evade the mandatory surveillance can simply switch to a solution from a non-US company, and that wont be
just the criminals, but every business or individual concerned about security and privacy of their communications . This effectively
means that US and UK companies are going to lose their competitive advantage in the world markets , especially in the
E uropean U nion countries like Germany, where privacy is considered an almost sacred right . Their reputation has already been
damaged by Snowdens revelations, and with new regulations in place, their entire business models will be severely crippled. In fact, with all things
considered, its difficult to imagine a single party that would gain any advantage, political, financial or otherwise, from
these proposed regulations . To me, it seems that in the Crypto Wars, like in a nuclear war, everybody loses

Exceptional access is bad economy and cybersecurity


Schneier et al 15 Bruce Schneier is an American cryptographer, computer security and privacy specialist, and writer. He is
the author of several books on general security topics, computer security and cryptography. Other authors are all security experts
from all places. Most are from MIT(Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications; 201507-06; http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8; Page 15-17)//pk

Designing exceptional access into todays information services and applications will give rise to a range of critical security risks.
First, major efforts that the industry is making to improve security will be undermined and reversed . Providing access over any period of
time to thousands of law enforcement agencies will necessarily increase the risk that intruders will hijack the exceptional access mechanisms. If law

enforcement needs to look backwards at encrypted data for one year, then one years worth of data will be put at risk. If law
enforcement wants to assure itself real time access to communications streams, then intruders will have an easier time getting access in real time, too. This is a
trade-off space in which law enforcement cannot be guaranteed access without creating serious risk that criminal intruders will gain the same access. Second,

the challenge of guaranteeing access to multiple law enforcement agencies in multiple countries is enormously complex. It is
likely to be prohibitively expensive and also an intractable foreign affairs problem. Simple requirements can yield simple solutions (e.g. a
door lock). But the requirements 7We note that some pieces of malware, such as Stuxnet and Duqu 2, have relied on code-signing keys issued to legitimate
companies. When a key is compromised, it must be replaced. of law enforcement access to encrypted data are inherently complex and, as we have already
shown, nearly contradictory. Complex or nearly contradictory requirements yield brittle, often-insecure solutions. As NSAs former head of research testified in
2013: When it comes to security, complexity is not your friend . Indeed it has been said that complexity is the enemy of security. This is a point

that has been made often about cybersecurity in a variety of contexts including, technology, coding and policy. The basic idea is
simple: as software systems grow more complex, they will contain more flaws and these flaws will be exploited by cyber
adversaries. We have a very real illustration of the problem of complexity in a recent analysis of one of the most important security systems on the Internet:
SSL/TLS. Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL) are the mechanisms by which the majority of the web encrypts its
traffic every time a user logs into a bank account, makes an electronic purchase, or communicates over a social network, that user is trusting SSL/TLS to
function properly. All a user needs to know of all of this complexity is that the lock or key icon shows up in the browser window. This indicates that the
communication between the user and the remote website is secure from interception. Unfortunately, writing code that correctly implements such cryptographic
protocols has proven difficult; weakened protections makes it harder still. For instance, OpenSSL, the software used by about two-thirds of websites to do TLS
encryption, has been plagued with systems-level bugs resulting in catastrophic vulnerabilities. The now-infamous Heartbleed bug was caused by a missing
bounds check, an elementary programming error that lurked in the code for two years, leaving 17% of all websites vulnerable to data theft. More recent

vulnerabilities, however, were caused by legacy restrictions on the exportation of cryptographic algorithms, dating back to the
Crypto Wars. The fact that there are so many different implementations of TLS, all of which have to interoperate to make the
Web secure, has proven to be a real source of security risk [37]. Website operators are reluctant to switch to more secure
protocols if this will lose them even a few percent of prospective customers who are still using old software, so vulnerabilities
introduced deliberately during the Crypto Wars have persisted to this day. Introducing complex new exceptional access
requirements will similarly add more security bugs that will lurk in our software infrastructure for decades to come. Third, there are
broader risks for poorly deployed surveillance technology. Exceptional access mechanisms designed for law enforcement use
have been exploited by hostile actors in the past. Between 1996 and 2006, it appears that insiders at Telecom Italia enabled the wiretapping of 6,000
people, including business, financial, and political leaders, judges, and journalists [38]. In a country of 60 million, this means that no major business or political
deal was truly private. The motivation here appeared to be money, including the possibility of blackmail. As we mentioned earlier, from 2004 to 2005, the cell
phones of 100 senior members of the Greek government, including the Prime Minister, the head of the Ministry of National Defense, the head of the Ministry of
Justice, and others. Vodafone Greece had purchased a telephone switch from Ericsson. The Greek phone company had not purchased wiretapping capabilities,
but these were added during a switch upgrade in 2003. Because Vodafone Greece had not arranged for interception capabilities, the company did not have the
ability to access related features, such as auditing. Nevertheless, someone acting without legal authorization was able to activate the intercept features and keep
them running for ten months without being detected. The surveillance was uncovered only when some text messages went awry. Although the techniques of how
it was done are understood, who was behind the surveillance remains unknown[19]. Next , there are the broader costs to the economy. Economic

growth comes largely from innovation in science, technology, and business processes. At present, technological progress is
largely about embedding intelligence software and communications everywhere. Products and services that used to be standalone
now come with a mobile phone app, an online web service, and business models that involve either ads or a subscription. Increasingly these are also social, so
you can chat to your friends and draw them into the vendors marketing web. Countries that require these new apps and web services to have
their user-to-user communications functions authorized by the government will be at a significant disadvantage . At present, the

world largely uses US apps and services, rather than the government-approved ones from Russia and China. This provides
enormous leverage to US businesses. Finally, this market advantage gives real benefits not just economically but in terms of soft
power and moral leadership. The open Internet has long been a foreign policy goal of the US and its allies for a lot of good
reasons. The Wests credibility on this issue was damaged by the Snowden revelations, but can and must recover. Lawmakers
should not risk the real economic, geopolitical, and strategic benefits of an open and secure Internet for law enforcement gains
that are at best minor and tactical.

Backdoor encryption surveillance costs the US economy $35 billion a year


Woolf with the Information Technology Industry Council and Software and Information Industry Assosiation, 6/9/15
(Nicky Woolf, The Guardian, http://www.theguardian.com/technology/2015/jun/09/tech-industry-groups-obama-policiesencryption)RL
US tech industry groups have urged Barack Obama not to pursue policies which might weaken encryption as a new report suggests that fear of government
surveillance costs the economy by more than $35bn in revenue each year. The request was made in an open letter sent jointly on Tuesday by
the Information Technology Industry Council and the Software and Information Industry Association, industry groups which represent companies including
Apple, Microsoft, Facebook and Google. "We are opposed to any policy actions or measures that would undermine encryption as
an available and effective tool," the letter reads, adding that "consumer trust in digital products and services is an essential component
enabling continued economic growth of the online marketplace ." Their statement was bolstered by a study also released on Tuesday by the
Information Technology and Innovation Foundation, which found that the US government's failure to reform many of the NSA's surveillance programs
had damaged the competitiveness of the US tech sector and cost it a portion of the global market share that would "likely far

exceed" $35bn. "In the short term, US companies lose out on contracts, and over the long term, other countries create protectionist
policies that lock US businesses out of foreign markets. This not only hurts US technology companies, but costs American jobs and
weakens the US trade balance," the study found. Since the publication of the documents leaked by former defence contractor Edward Snowden in 2013,
the Obama administration has been struggling to justify its bulk collection programs to an increasingly sceptical public. In May, a crucial senate vote to extend the
program - which was authorised under Section 215 of the Patriot Act - failed, followed by the passing last week of the USA Freedom Act, effectively ending bulk
data collection, at least for the time being. "We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat
crime and threats," reads the ITIC letter. "However, mandating the weakening of encryption or encryption 'work-arounds' is not the way to address this need." The
letter was copied to US secretary of state John Kerry, attorney general Loretta Lynch and homeland security secretary Jeh Johnson, as well as the secretary of
commerce, the director of the FBI, and the director of the National Economic Council. In a press briefing on 4 June, White House press secretary Josh Earnest
addressed the problem obliquely when asked a question about the now-defunct Section 215 of the Patriot Act, which allowed the federal government's bulk
collection of data. Describing what he saw as the "tough challenge of balancing the privacy and civil liberties of law-abiding American citizens with the need for us
to try to detect and apprehend terrorists before they commit an act of violence", Earnest said the president saw an opportunity to work with the tech sector. "As
much as they value and champion the privacy and civil liberties rights of American citizens, we also know that those individuals do not want to be in a situation
where their technology is responsible for allowing somebody who is seeking to carry out an act of violence to evade detection from the federal government," he
added.

Backdoors deck the economy China proves


Timm 15 <Trevor, executive director of the Freedom of the Press Foundation, wrote for Electronic Frontier Foundation, cites top security
executives of numerous corporations, 3/04/15, Building backdoors into encryption isnt only bad for China, Mr. President., The Guardian,
http://www.theguardian.com/commentisfree/2015/mar/04/backdoors-encryption-china-apple-google-nsa>//wx
Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look no further than President Obamas stark criticism of Chinas
plan to do exactly that on Tuesday. If only he would tell the FBI and NSA the same thing. In a stunningly short-sighted move, the FBI - and more recently the NSA
- have been pushing for a new US law that would force tech companies like Apple and Google to hand over the encryption keys or build backdoors into their
products and tools so the government would always have access to our communications. It was only a matter of time before other governments jumped on the
bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago. As President Obama himself described to Reuters,
China has proposed an expansive new anti-terrorism bill that would essentially force all foreign companies, including US companies,
to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services.
Obama continued: Those kinds of restrictive practices I think would ironically hurt the Chinese economy over the long term because I dont
think there is any US or European firm, any international firm, that could credibly get away with that wholesale turning over of data, personal data, over to a
government. Bravo! Of course these are the exact arguments for why it would be a disaster for US government to force tech
companies to do the same. (Somehow Obama left that part out.) As Yahoos top security executive Alex Stamos told NSA director Mike Rogers in a public
confrontation last week, building backdoors into encryption is like drilling a hole into a windshield. Even if its technically possible to produce the flaw - and we,
for some reason, trust the US government never to abuse it - other countries will inevitably demand access for themselves. Companies will no longer be in a
position to say no, and even if they did, intelligence services would find the backdoor unilaterally - or just steal the keys outright. For an example on how this
works, look no further than last weeks Snowden revelation that the UKs intelligence service and the NSA stole the encryption keys for millions of Sim cards used
by many of the worlds most popular cell phone providers. Its happened many times before too. Security expert Bruce Schneier has documented with numerous
examples, Back-door access built for the good guys is routinely used by the bad guys. Stamos repeatedly (and commendably) pushed the NSA director for an
answer on what happens when China or Russia also demand backdoors from tech companies, but Rogers didnt have an answer prepared at all. He just kept
repeating I think we can work through this. As Stamos insinuated, maybe Rogers should ask his own staff why we actually cant work through this, because
virtually every technologist agrees backdoors just cannot be secure in practice. (If you want to further understand the details behind the encryption vs. backdoor
debate and how what the NSA director is asking for is quite literally impossible,read this excellent piece by surveillance expert Julian Sanchez.) Its downright
bizarre that the US government has been warning of the grave cybersecurity risks the country faces while, at the very same time, arguing that we should pass a
law that would weaken cybersecurity and put every single citizen at more risk of having their private information stolen by criminals, foreign governments, and our
own. Forcing backdoors will also be disastrous for the US economy as it would be for Chinas. US tech companies - which already

have suffered billions of dollars of losses overseas because of consumer distrust over their relationships with the NSA would lose all credibility with users around the world if the FBI and NSA succeed with their plan. The White House is supposedly coming out with an
official policy on encryption sometime this month, according to the New York Times but the President can save himself a lot of time and just apply his
comments about China to the US government. If he knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a
debate?

Top experts and empirics agree backdoors kill US credibility and econ
Adhikari 15 <Richard, writer for TechNewsWorld, ECT news, cites experts from New Americas Open Technology Institute,
1/13/15, The Fallout From the NSAs Backdoors Mandate, Ecommerce Times,
http://www.ecommercetimes.com/story/81530.html>//wx
Massive Cost to U.S. Businesses In August of last year, the German government reportedly warned that Windows 8 could act as a Trojan when combined
with version 2.0 of theTrusted Platform Module (TPM), a specification for a secure cryptoprocessor. The TPM is included in many laptops and tablets, and the
concern is that TPM 2.0 makes trusted computing functions mandatory rather than opt-in as before, meaning it can't be disabled. Further, it can let Microsoft
establish a backdoor into the device it's in. Microsoft's response was that OEMs can turn off the TPM in x86 computers. T he German government will end
its contract with Verizon; Brazil has decided to replace its fighter jets with ones made by Sweden 's Saab instead of Boeing; and Web
hosting firm Servint Corp. reported a 30 percent decline in overseas business since the NSA leaks first made news in June 2013.
"There is both diplomatic and economic backlash against these tactics," Robyn Greene, policy counsel at New America's Open Technology Institute,
told the E-Commerce Times. It's difficult to establish an exact dollar amount, but "experts have estimated that losses to the U.S. cloud industry

alone could reach (US)$ 180 billion over the next three years," Greene said. "Additionally, major U.S. tech companies like Cisco and IBM have
lost nearly one-fifth of their business in emerging markets because of a loss of trust." Foreign companies are using their non-U.S. status
to advertise themselves as more secure or protective of privacy, Greene remarked. The Other Side of the Story On the other hand, Cisco's share of the service
provider router and carrier Ethernet market bounced back strongly after an unusually weak Q2, primarily because of a strong performance in the Asia-Pacific and
the EMEA regions, SRG Research reported. "Cisco is in a league of its own, with a global presence, credibility and product range that cannot be matched by its
competitors," John Dinsdale, managing director and chief analyst at SRG, told the E-Commerce Times. "When demand increases, there is only a rather short list
of vendors who can satisfy it, and Cisco clearly has the strongest story to tell." In addition, the allegations that U.S. high-tech firms built backdoors into their
products are not true, contended Philip Lieberman, president of Lieberman Software. "I have never seen any cooperation between U.S.-owned software or
hardware manufacturers to insert backdoors into their products for the use of the NSA," Lieberman told the E-Commerce Times. "The damage

that such an inclusion would cause to the company that did so would be catastrophic and probably unrecoverable." Rebuilding
Faith and Trust With its backdoors, the NSA "broke the foundational element of trust, and that's something very difficult to recover from. [It has] in effect
destroyed the trusted and secure reputation of U.S. companies," said Neivert. "More and more we will see U.S. tech companies focusing on distinguishing their
products and services with heightened security offerings and working to achieve legislative reforms that would rein in [surveillance practices]. That's the case with
the Reform Government Surveillance Coalition and tech industry trade associations that represent thousands of companies," New America's Open Technology
Institute's Greene added.

Backdoors are detrimental to innovation and economic growth


Zakrzewski 7/7 (Cat, multimedia journalist for Medill News Service in Washington, The Chicago Sun-Times, Northwestern
Magazine, Top Security Experts Say Government Limits On Encryption Present Risks, 7 July 2015
http://techcrunch.com/2015/07/07/top-security-experts-say-government-limits-on-encryption-present-risks/)RR
Since October, U.S. law enforcement officials have called for a special door that would allow government agencies to access
encrypted data that could help them in investigations. The report tells us that a backdoor for the government and law
enforcement also provides an opening that could be exploited by hackers . The experts argue such special access points pose far
more grave security risks, imperil innovation on which the worlds economies depend , and raise more thorny policy issues than we could have
imagined when the Internet was in its infancy. At a time when we are struggling to make the Internet more secure, these proposals would
take a step backward by building weakness into our infrastructure , MIT principal research scientist Daniel Weitzner says. Its like leaving
your house keys under the doormat: Sure, it may be convenient, but it creates the opportunity for anyone to walk in the door . The
report comes just one day before Federal Bureau of Investigation director James Comey appears at back-to-back hearings on the Hill to make his case that the
agency should have backdoor access to encrypted data so that it can complete investigations. Comey has been calling for action on this issue since October,
when Apple first released an operating system with encryption enabled. Public discourse on the issue was reignited a week ago when Prime Minister David
Cameron said he would ban encryption, a lofty and unpopular goal. The White House has notably remained silent as public discourse has mounted. The
Washington Post reported aids were compiling a report on encryption in the spring, but a spokesman said the White House has nothing to announce at this time.
Comey took to the popular security blog Lawfare to make his case yesterday. There is simply no doubt that bad people can communicate with impunity in a
world of universal strong encryption, Comey wrote. I really am not a maniac (or at least my family says so). But my job is to try to keep people safe. In universal
strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job. The debate over privacy and
security is as old as the Fourth Amendment. One can reasonably understand that at times law enforcement, with the appropriate oversight, may need access to
private information. But todays report goes beyond theoretical debates about civil liberties and asserts the action legislators are

considering is not even possible. According to the CSAI Lab experts, we do not currently have a technical capability to create a
door for law enforcement that could not be exploited by others . Many of the issues at play hark back to a Clinton-era discourse over what was
known as the Clipper chip. With the rise of the Internet, the National Security Agency was searching for a way to protect its electronic surveillance abilities. The
Clipper Chip was a microcircuit that would encrypt data but also give the government access to the keys needed to unlock the data. The chip faced backlash
from the public and was never adopted, setting an important precedent for encrypted communications. The CSAI Lab experts report requiring such an
access point almost 20 years later poses even more of a threat today due to the comparatively larger role computers play in our
economy and daily lives. With more hackers with more advanced capabilities than ever before, its not the time to limit our devices security mechanisms.
The groups conclusions mirror what private sector companies, who have been ramping up encryption efforts in the wake of the Edward Snowden revelations,
have said for months.

Encryption gives American companies a competitive edge

Pate 13, (Steve, CTO and co-founder of HighCloud Security, Special to Network world, Encryption
as an enabler: top 10 benefits, http://www.networkworld.com/article/2165740/techprimers/encryption-as-an-enabler--the-top-10-benefits.html, AL)
Encryption gives services providers a competitive edge. As a cloud service provider, you are a guardian of your customers' applications and data. Thieves are
getting smarter and regulations are getting more stringent. The good news is that security technology is also getting better. Encryption and key management software,
designed specifically for virtualized environments, can help you significantly improve your security posture, attract new customers,
and expand your business with existing clients. This allows you to: Gain competitive advantage and differentiation, Expand revenue
potential to customers with sensitive or regulated data ,Protect customer data against access by unauthorized users ,Satisfy data
residency and privacy requirements,, Reduce hardware costs through cryptographic multi-tenancy, Assure customers that they

can de-provision securely without leaving data behind Newer encryption technologies are easy to deploy and offer robust APIs that allow for transparent
integration into the CSP environment.

--xt us k/t global


Yes, the US economy is the engine for global economic growth
Brett 15 (Shane, Founder of Global Perspectives and author of "The AIFMD Cheat Sheet", The Global Economy In 2015 - 5
Key Trends 11 January 2015, http://seekingalpha.com/article/2811155-the-global-economy-in-2015-5-key-trends)RR
In 2015, the greenback will continue to strengthen on the back of accelerating US growth. The US economy created 7,000 jobs
per day in 2014 and this remarkable rate of employment growth is set to escalate in 2015 . The perceived decline of American power has
been greatly exaggerated. Commentators confuse the current US unwillingness to wield hard power, for a lack of underlying real power. They also confuse
deadlock in Washington with the underlying dynamism of many US regions and States. The US still controls the global economy, all the world's
oceans, its trade routes and its reserve currency. It spends nearly as much on defence as the rest of the world put together. This will not change
anytime soon. In 2015, the US will continue to be the global engine for growth, enterprise and innovation, as it has been for most of
the last century. This should not be surprising. The English-speakers (i.e. the USA/UK) have run the world for 3 centuries now. They have consistently
defeated all challengers to world hegemony that have appeared over this time (Philip II, Louis XIV, Napoleon, Kaiser Wilhelm II, Hitler, Stalin etc.). Despite the
chorus of BRIC hysteria over the last few years, the economic growth in these countries has taken place because they adopted US policies of trade liberalization,
economic freedom and a free market. In 2015, they will endure a major emerging market crisis. Their power will not surpass the US for decades (if ever ). The
main cloud on and an otherwise rosy US economic horizon is an overvalued stock market , which will suffer a significant correction at some
stage in the medium term (perhaps as Obama's term ends in 2016). In the meantime, the US Dollar will continue its run of strength throughout

2015, placing huge pressure on developing world currencies.

Yes the USA economy effects many countries even without being trade partners
Dees and Saint-Guilhem 9 (Stephane and Arthur, Professional Economic Adviser and Economist at European Central
Bank, THE ROLE OF THE UNITED STATES IN THE GLOBAL ECONOMY AND ITS EVOLUTION OVER TIME pg. 5-6)RR
The U.S. economy is very often seen as "the engine" of the world economy. As a result, any sign of slowdown in the United
States raises concerns about harmful spillovers to the other economies. The current economic recession in the United States
has questioned the ability of the global economy to "decouple" from U.S. cyclical developments. While there were some signs of
decoupling in the first quarters following the U.S. downturn, they disappeared rapidly towards the end of 2008, when the crisis
became more global and the economic cycles turned out to be more synchronous across the world. While the increasing
economic integration at the world level and the resulting emergence of large economic players, like China, is likely to have
weakened the role of the U.S. economy as a driver of global growth, the influence of the United States on other economies
remains however larger than direct trade ties would suggest. Third-market effects together with increased financial integration
tends to faster the international transmission of cyclical developments. Based on a Global VAR modelling approach, this paper
attempts to provide some answers by analysing how a change in U.S. GDP is transmitted to the rest of the world and to what
extent such a transmission has changed during the period 1979-2006. An important caveat of this approach concerns the
identification of a U.S. shock. It is clearly difficult to identify a purely U.S.-specific shock, whose nature is entirely idiosyncratic.
Moreover, the nature of the shock might also alter the way the shock is transmitted to the rest of the world. While these limits
would call for a more complex modeling of the international linkages, our approach has remained on purpose very agnostic,
while keeping as comprehensive as possible the representation of international linkages. By including a large number of
countries in the modeling of the world economy, the GVAR approach allows us to account for the complexity of global
interdependencies in a trans- parent and coherent framework and to give some idea about the dynamics of the propagation of
shocks. A more detailed modeling in terms of the nature of the shocks and their transmission channels would definitely be at the
expense of both the rich geographical coverage and the time-varying dimension. The empirical analysis shows various results.
First, the economies differ as regards their sensitivity to U.S. developments. The U.S. economy is for most economies their first
trading partner and has remained so during the last 25 years. Even for countries that do not trade so much with the U.S.. they
are influenced by its dominance through other partners trade. Of course, the economies that trade a lot with the U.S. are most
likely affected by U.S. economic shocks. At the regional level, however, such effects tend to be diluted and the transmis- sion of
U.S. cyclical developments seem to Ik* somewhat dampened by regional integration. Moreover, while no clear trend seems to
emerge, it seems that the role of the U.S. in the global economy has changed over time. Although, we are not able to identify any
structural break in the sample, we can see that a time-varying estimation shows some noticeable differences in the transmission
of U.S. shocks over time. Overall, it seems that for most countries, a change in U.S. GDP has weaker impacts during mast
recent periods than for earlier periods. However, the persistence of such shocks seem to have increased in the most recent
periods. The increase in persistence of the U.S. shocks together with the increase in the impact elasticities of non-U.S. foreign
activity for some regions (emerging in particular) emphasises the role of second-round and third partners effects, making U.S.
cyclical developments more global.

--a2 no econ impact


Economic collapse causes competition for resources and
instability that escalates and goes nuclear
Harris and Burrows 9 [counselor in the National Intelligence Council, the
principal drafter of Global Trends 2025, **member of the NICs Long Range Analysis Unit
Revisiting the Future: Geopolitical Effects of the Financial Crisis, Washington Quarterly,
04/09/2009, http://www.twq.com/09april/docs/09apr_burrows.pdf, 5/22/15] KL
Of course, the report encompasses more than economics and indeed believes the future is likely to be the result of
a number of intersecting and interlocking forces. With so many possible permutations of outcomes, each with ample
opportunity for unintended consequences, there is a growing sense of insecurity. Even so, history may be more
instructive than ever. While we continue to believeRe that the Great Depression is not likely to be
repeated, the lessons to be drawn from that period include the harmful effects on fledgling
democracies and multiethnic societies (think Central Europe in 1920s and 1930s) and on the sustainability
of multilateral institutions (think League of Nations in the same period). There is no reason to think that this
would not be true in the twenty-first as much as in the twentieth century. For that reason, the

which the potential for greater conflict could grow would seem to be even more apt in
a constantly volatile economic environment as they would be if change would be steadier. In surveying
ways in

those risks, the report stressed the likelihood that terrorism and nonproliferation will remain priorities even as
resource issues move up on the international agenda. Terrorisms appeal will decline if economic growth continues
in the Middle East and youth unemployment is reduced. For those terrorist groups that remain active in 2025,
however, the diffusion of technologies and scientific knowledge will place some of the worlds most dangerous
capabilities within their reach. Terrorist groups in 2025 will likely be a combination of descendants of long
established groups inheriting organizational structures, command and control processes, and training procedures
necessary to conduct sophisticated attacks and newly emergent collections of the angry and disenfranchised that
become self-radicalized, particularly in the absence of economic outlets that would become narrower in an
economic downturn. The most dangerous casualty of any economically-induced drawdown of U.S.
military presence would almost certainly be the Middle East. Although Irans acquisition of nuclear weapons
is not inevitable, worries about a nuclear-armed Iran could lead states in the region to develop

new security arrangements with external powers, acquire additional weapons, and consider
pursuing their own nuclear ambitions. It is not clear that the type of stable deterrent relationship
that existed between the great powers for most of the Cold War would emerge naturally in the Middle East
with a nuclear Iran. Episodes of low intensity conflict and terrorism taking place under a nuclear umbrella could lead
to an unintended escalation and broader conflict if clear red lines between those states involved are not well
established. The close proximity of potential nuclear rivals combined with underdeveloped surveillance
capabilities and mobile dual-capable Iranian missile systems also will produce inherent difficulties in
achieving reliable indications and warning of an impending nuclear attack. The lack of strategic depth in
neighboring states like Israel, short warning and missile flight times, and uncertainty of Iranian

intentions may place more focus on preemption rather than defense, potentially leading to
escalating crises . Types of conflict that the world continues to experience, such as
over resources, could reemerge , particularly if protectionism grows and there is a resort
to neo-mercantilist practices. Perceptions of renewed energy scarcity will drive countries to
take actions to assure their future access to energy supplies. In the worst case, this could result
in interstate conflicts if government leaders deem assured access to energy resources, for example, to be
essential for maintaining domestic stability and the survival of their regime. Even actions short of war, however, will
have important geopoli`tical implications. Maritime security concerns are providing a rationale for naval
buildups and modernization efforts, such as Chinas and Indias development of blue water naval capabilities.
If the fiscal stimulus focus for these countries indeed turns inward, one of the most obvious funding targets may be
military. Buildup of regional naval capabilities could lead to increased tensions, rivalries, and
counterbalancing moves, but it also will create opportunities for multinational cooperation in protecting critical sea
lanes. With water also becoming scarcer in Asia and the Middle East, cooperation to manage changing water
resources is likely to be increasingly difficult both within and between states in a more dog-eat-dog world.

--a2 sq solves tech


US Tech industry in decline right now Over 600000 jobs have been lost
Pellissier 12 [Hank, IEET Interim Managing Director and Fundraiser. He was IEETs Managing Director on January-October
in 2012, and is an IEET Affiliate Scholar, Headhunter explains why USA high-tech industry is declining, IEET, 2/20/2012,
http://ieet.org/index.php/IEET/more/pellissier20120220, July 17, 2015] KL
The United States has lost 28% of its jobs in high tech since its peak in 2000 , claims a study released recently by the National Science Board.
This means 687,000 positions have been lost. Why has this happened? Ive lived near Silicon Valley for three decades. Ive always regarded
the high-tech hub as a permanent dynamo in the USA economy, an employment source for its citizens, and ground zero for the futures
scientific breakthroughs. Imagine my surprise when I queried a headhunter recently who informed me that times-are-a-changing; high-tech
is migrating to Asia, and why be surprised? A huge percent of SV jobs are already filled by immigrants from that continent The
Anonymous Headhunter patiently answered my questions about today and tomorrows global realities in the high-tech sector:
Hank Pellissier: Please describe for me and IEET readers your occupation as an SV headhunter. Anonymous Headhunter: Ive been headhunting for 19 years,
my partner for 15 years. Most of our clients are startups - we also work with venture capital firms. We are engineering focused, but also place in Marketing,
Sales, technical writing, etc. Most of our placements are high level - Director or VP level, and architect or Principal engineers. The bulk of our work is for Silicon
Valley. Hank Pellissier: You locate employees for high tech companies. Okay, heres my next question. Demographics in SV have
changed enormously since the 1980s - Cupertino is now 63% Asian, Fremont 50%, Sunnyvale 40%, Santa Clara 38%. Many, I guess, are high-tech
workers who immigrated here? Did you get them hired? Anonymous Headhunter: Yes, a huge portion of the potential candidates for positions that we submit to
our clients are foreigners, mostly Indians, then Chinese, then other nationalities (Israeli, Europeans, etc.) Hank Pellissier: So there just arent enough qualified
USA workers for many of the jobs offered? Anonymous Headhunter: The technical jobs in Silicon Valley are hard to fill with Americans. We
have 18,000 people in our database, collected over 10 years, and easily 65% or more are foreign. The ones that are not are executives
and marketing and sales guys. The number of American engineers is small, by comparison. Not to say the universities are not still cranking out software and
hardware engineers, but I am sure that foreigners outnumber American kids in all those classes. When we asked computer science professors for help, asking
which students they would recommend, they sent us all foreign names. Hank Pellissier: Why do you think America isnt producing enough workers for these highquality jobs? Are we lazy? Do our schools suck? Are we obese and stupid? Do the Chinese and Indians just work harder? Anonymous Headhunter: Why is the
big question. Since Ive been a recruiter for almost 20 years, Ive seen the number of foreign candidates rise each year. American students
are simply not choosing engineering as much as the foreign students . American schools have great computer science programs, that is not the
issue. Its just seems that more foreigners are picking those majors than the American students. Lots of Americans must be choosing business or Humanities and
not enough technical majors. But that is just my opinion, based on the number of young American technical candidates i see coming out of schools. I get email
every day from new grads, asking for help finding jobs, but honestly, most are Indian or Chinese, not many Americans. In my opinion, American schools,

starting about 30 years ago, slacked on the technical requirements. USA grade schools and high schools didnt emphasize
technology, so when those students got to college, they were already behind - they couldnt compete in the technical courses, so they chose a different
profession, instead of engineering. Today the USA has a ton of MBAs. This is good, if partnered with a technical degree. But just a bunch of MBAs with no
technical backgrounds? It takes business know-how to run a successful global company now, but you have to start with technical
expertise, or you have nothing to build and sell eventually. And no engineers to create your product . What are American students doing
now? Flipping hamburgers? Dropping out of school? Taking Psychology courses? This generation is not helping the US economy. Hank Pellissier: Do the Indian
and Chinese technical workers you hire, specialize or dominate in specific fields? Are Americans the leaders in anything?

US computer tech industry in decline


Barney 7/17 [Doug, writer/editor for GFI Software, founding editor of Redmond Magazine, Executive Editor of Network World,
Editor in Chief of Network Computing, A Cringe-worthy analysis of the US computer biz, GFI on Tech, Publishers of tech
articles and other things, July 17, 2015, http://www.gfi.com/blog/a-cringe-worthy-analysis-of-the-us-computer-biz/, July 17, 2015]
KL
The US computer industry is going down and it has no one but itself to blame. That, at least, is the view of one Robert X. Cringely, a long-time
industry watcher. Part of the problem, he argues, is immigration and foreign workers policies. The other part is that many tech execs are sometimes
foolish. If you ever read InfoWorld, or read the 1992 book Accidental Empires: How the Boys of Silicon Valley Make their Millions, Battle Foreign Competition,
and Still Cant Get a Date, or even saw the documentary Triumph of the Nerds, youve heard of Robert X. Cringely. And if you read this piece the whole way
through, Ill tell you where Robert X Cringely actually came from (hint: its not his real name). Lately Cringely has been focused on the future of the
US computer industry, with particular focus on the big guns such as IBM and HP, and claims the future isnt so bright. Of course he

is focused on what this means for the good old US of A, but its also worth looking beyond that and seeing the declines effect
internationally. The Cringe somewhat recently predicted massive IBM layoffs , and, well, he wasnt wrong. That had him thinking about the
impact that offshoring and foreign workers using H-1B visas have on American workers and their companies. If you have US blinders on, youd agree
its not good. If you have a world view, you may have a totally different perspective. The entire world has a right to participate in
and influence high tech. Seeds sown The seeds for the decline of the American computer industry were actually sown at its
inception. The truth is that much (but not all) of the American technology industry is being led by what my late mother would have called
assholes. And these are needlessly destroying the very industry that made them rich. It started in the 1970s when a couple of obscure

academics created a creaky logical structure for turning corporate executives from managers to rock stars, all in the name of maximizing shareholder value,
Cringely wrote.

Tech Industry declining now job loss


Hesseldahl 1/21/15 - . Arik was senior technology writer at Bloomberg Businessweek and wrote the online column and
companion blog called Byte Of the Apple, devoted to all things Apple, for Businessweek.com From 2000 to 2005, Arik was
senior editor and technology columnist at Forbes.com. (Last Year Saw the Worst Decline in Tech Jobs Since 2009; January 15;
http://recode.net/2015/01/21/last-year-saw-the-worst-decline-in-tech-jobs-since-2009/)//pk
The tech sector may be a growing segment of the economy, but 2014 was the worst year for job cuts in the technology sector
since 2009, according to a new report from Challenger, Gray and Christmas, an outplacement firm that helps people find new jobs after theyve been let go.

Corporate restructuring at big tech firms like Hewlett-Packard and Microsoft pushed the number of jobs eliminated in tech fields
to 100,757, a rise of 77 percent over 2013. It was the first time that number rose above 100,000 since 2009, the first full year of
the recent recession. The biggest portion of those cuts occurred in the computer industry where 59,523 jobs were eliminated .
Another 19,408 jobs were cut in the electronics industry, more than double the amount from the prior year. Cuts in the telecom
industry rose 68 percent to 21,821. Lost tech jobs accounted for 21 percent of the total number of jobs 483,171 eliminated
during 2014. Microsoft was responsible for 18,000 cut, and HP dropped 16,000 positions during the year, according to the firm.
Cisco Systems, Intel and Symantec were among the other firms who announced large-scale layoffs during the year.

--xt plan k/t tech industry


Encryption backdoors kills US tech leadership decks consumer trust
Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
Mandated vulnerabilities are bad industrial policy they threaten U.S. technological leadership without preventing bad actors
from using strong encryption. I next turn to why mandated vulnerabilities are bad as a matter of economic and industrial policy. Such vulnerabilities
threaten U.S. technological leadership because they provide a ready excuse for foreign governments and purchasers to eschew American
products and services. As we learned from the crypto battles of the 1990s, they also are futile they encourage non-U.S. suppliers to gain
the technical edge in supplying effective encryption . In April, 2015 House testimony, Kevin Bankston of the New America Foundation summarized
key economic arguments: American technology companies, which currently dominate the global market, have already been
wrestling with diminished consumer trust in the wake of revelations about the scope of the N ational Security Agencys programs,
a loss of trust already predicted to cost our economy billions of dollars . Any new requirement that those companies guarantee
that the U.S. government have the technical capability to decrypt their users data would give foreign users including major
institutional clients such as foreign corporations and governments that especially rely on the security of those products and services even more incentive
to avoid American products and turn to foreign competitors. It would also likely diminish trust in the security of digital technology
and the Internet overall, which would slow future growth of the Internet and Internetenabled commerce and threaten the
primary economic engine of the 21st century . To put it bluntly, foreign customers will not want to buy or use online services,
hardware products, software products or any other information systems that have been explicitly designed to facilitate backdoor
access for the FBI or the NSA.28 The experience from the 1990s shows that foreign suppliers are eager to step into gaps left by U.S. restrictions on
encryption. Under the export control regime then in existence, it was illegal to export strong encryption from the U.S. Other encryption suppliers, such as from
Russia and Israel, became significant players precisely because U.S.-based companies could not supply effective software encryption from the U.S. In my
experience, the futility of the encryption limits was an especially persuasive argument to members of Congress why should we support an approach that
undermined the U.S. tech sector and also didnt stop the spread of strong encryption? A related phenomenon, less well known, was the concern within the
Pentagon about the rising competition from non-U.S. technology companies. For the Department of Defense, limits on U.S. encryption development

meant that it faced the risk of relying on second-rate encryption for its own systems, while other countries could be developing
state-of-the-art encryption that would benefit other militaries but not the United States. Mandated vulnerabilities within the United
States, to assist law enforcement, thus repeat the 1990s syndrome of harm to U.S. industry as well as futility. Much of the growth in encryption-related
software and products could come from non-U.S. companies that serve the global market for secure communications and storage. Other growth would come
from the already-flourishing free and open source sector. As Bankston wrote: A government mandate prohibiting U.S. companies from offering

products or services with unbreakable encryption is of little use when foreign companies can and will offer more secure products
and services, and when an independent coder anywhere on the planet has the resources to create and distribute free tools for
encrypting your communications or the data stored on your mobile devices . As former Homeland Security Secretary Michael Chertoff recently
put it, [T]hat genie is not going back in the bottle.29 Stanford cybersecurity research Jonathan Mayer sums up the futility of technology controls justified by
going dark concerns: Cryptographic backdoors are, however, not a solution. Beyond the myriad other objections, they pose too much of a cost-benefit
asymmetry. In order to make secure apps just slightly more difficult for criminals to obtain, and just slightly less worthwhile for developers, the government would
have to go to extraordinary lengths. In an arms race between cryptographic backdoors and secure apps, the United States would
inevitably lose. 30

NSA surveillance is destroying US Tech Perception Destroys our economy


Miller 14 [Claire Cain, Writer for the NYTimes about the technology sector, Revelations of N.S.A. Spying Cost , U.S. Tech
Companies, NYTimes, National News Paper, March 21, 2014, http://www.nytimes.com/2014/03/22/business/fallout-fromsnowden-hurting-bottom-line-of-tech-companies.html?_r=0, July 21, 2015] KL
SAN FRANCISCO Microsoft has lost customers , including the government of Brazil. IBM is spending more than a billion
dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the
United States government. And tech companies abroad , from Europe to South America, say they are gaining customers that are
shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security
Agencys vast surveillance program. Even as Washington grapples with the diplomatic and political fallout of Mr. Snowdens leaks, the more
urgent issue, companies and analysts say, is economic. Technology executives, including Mark Zuckerberg of Facebook, raised the issue when
they went to the White House on Friday for a meeting with President Obama. It is impossible to see now the full economic
ramifications of the spying disclosures in part because most companies are locked in multiyear contracts but the pieces are beginning
to add up as businesses question the trustworthiness of American technology products. The confirmation hearing last week for the new

N.S.A. chief, the video appearance of Mr. Snowden at a technology conference in Texas and the drip of new details about government spying have kept attention
focused on an issue that many tech executives hoped would go away. Despite the tech companies assertions that they provide information on

their customers only when required under law and not knowingly through a back door the perception that they enabled the
spying program has lingered. Its clear to every single tech company that this is affecting their bottom line , said Daniel Castro, a
senior analyst at the Information Technology and Innovation Foundation, who predicted that the United States cloud computing industry could lose $35 billion by
2016. Forrester Research, a technology research firm, said the losses could be as high as

$180 billion , or 25 percent of industry


revenue, based on the size of the cloud computing, web hosting and outsourcing markets and the worst case for damages. The business effect of the
disclosures about the N.S.A. is felt most in the daily conversations between tech companies with products to pitch and their wary
customers. The topic of surveillance, which rarely came up before, is now the new normal in these conversations, as one tech company executive described
it. Were hearing from customers, especially global enterprise customers , that they care more than ever about where their
content is stored and how it is used and secured , said John E. Frank, deputy general counsel at Microsoft, which has been publicizing that it allows
customers to store their data in Microsoft data centers in certain countries. At the same time, Mr. Castro said, companies say they believe the federal government
is only making a bad situation worse. Most of the companies in this space are very frustrated because there hasnt been any kind of
response thats made it so they can go back to their customers and say, See, this is whats different now, you can trust us again,
he said. In some cases, that has meant forgoing potential revenue. Though it is hard to quantify missed opportunities, American businesses are being

left off some requests for proposals from foreign customers

that previously would have included them, said James Staten, a cloud computing
analyst at Forrester who has read clients requests for proposals. There are German companies, Mr. Staten said, explicitly not inviting certain American
companies to join. He added, Its like, Well, the very best vendor to do this is IBM, and you didnt invite them. The result has been a boon for foreign
companies.

Encryption key to tech competitivenessperception key and U.S. policies spillover


Claire Groden 6/9/15Reporter from Time with a degree from Dartmouth. Previously worked for the Wall Street Journal.
(Groden, NSA Spying Is Going to Cost the Tech Sector Much More Than We Thought, Time.
http://time.com/3914843/surveillance-tech-sector/)//ET
The economic reverberations will likely far exceed an initial $35 billion estimate, a report says NSA surveillance is going to cost
the U.S. tech sector a lot more than originally thought. The Information Technology and Innovation Foundation (ITIF), a Washington, D.C. -based
think tank that advocates for policies that nurture technology innovation, has released a new report in which it raises its previous estimate of
how much surveillance by the U.S. intelligence community could cost U.S. tech companies. In 2013, the non-partisan group estimated that
the NSA-related revelations stemming from Edward Snowdens 2013 leak would scare away foreign customers in the cloud computer
sector to the tune of as much as $35 billion in business. The new report says that figure is too low, and that the economic reverberations will likely far
exceed that initial $35 billion estimate, although the report wasnt more specific on a final figure. American tech companies saw a slump in
sales after Snowden set off a chain of disclosures that revealed the widespread nature of U.S. surveillance, such as the PRISM program that gave
the intelligence community access to private online communications . Acco+rding to the report, U.S. companies including IBM, Microsoft,
and Cisco all saw drops in their sales in China after reports that said the NSA program built backdoors into encryption products.
The report says many countries are now looking to enact or have already enacted tougher policies for American tech companies
operating on their soil. Russia, for example, has enacted laws that require companies to store data domestically. And a new Chinese regulation established
this January forces tech companies to submit to audits and build encryption keys in their products. When historians write about this period in
U.S. history it could very well be that one of the themes will be how the United States lost its global technology leadership to other nations, the studys authors
Daniel Castro and Alan McQuinn wrote.

Backdoors kill US cybersecurity, privacy, human rights and tech leadership


Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
The testimony specifically shows the enormous gains to law enforcement resulting from adoption in the past twenty years of digital smartphones and text
messaging, the two areas most highlighted by law enforcement as examples of going dark. Although relatively few text messages were sent twenty years ago,
by 2010 the number exceeded 6 trillion texts per year. For the predominant share of those messages, the content is available from the provider. Even for the

subset where the content is encrypted, law enforcement can gain access to the meta-data, linking suspects and witnesses to
their entire social graphs. For text messages, it might be tempting to say that law enforcement could call the glass half-empty (some texts are encrypted) or
half-full (some texts are in the clear). With over six trillion messages filling the cup, though, it takes chutzpah to say the glass is empty. Text messages are a
prime example of a golden age of surveillance, and not of going dark. Third, government-mandated vulnerabilities would threaten

severe harm
to cybersecurity, privacy, human rights, and U.S. technological leadership , while not preventing effective encryption by
adversaries. As occurred in the 1990s, a diverse coalition of cybersecurity experts, technology companies, privacy experts, human rights activists, and others
has expressed vociferous and united opposition to government-mandated encryption vulnerabilities.2 My testimony highlights some of these concerns:
Technology companies, even before Snowden, had multiple reasons to deploy strong encryption to enhance cybersecurity and customer trust. The ongoing
development of encryption should thus not be seen primarily as a short-term response to Snowdens revelations . Overwhelming technical problems

and costs result from mandates to create vulnerabilities in encryption . A new report issued on July 7 is just the most recent, credible explanation
of these technical issues. U.S. Government support for encryption vulnerabilities increases cybersecurity problems in the least
trusted countries and globally, and undermines U.S. human rights policies . The United States should be a strong example for cybersecurity
and human rights, rather than an excuse used by repressive regimes to surveil U.S.-based businesses and individuals and clamp down on political dissent.

Mandated vulnerabilities are bad industrial policy they threaten U.S. technological leadership without preventing bad actors
from using strong encryption. In conclusion, providing access exceptions for U.S. law enforcement and intelligence agencies will be
harmful, rather than helpful, to national security. Despite concerns of going dark, the steady increase of electronic communications
worldwide provides these agencies with an ever-growing amount of valuable data and meta-data to use in identifying and pursuing
targets of investigations. The inability to directly access the content of a small fraction of these communications does not warrant the
subsequent damage that would result to privacy and to U.S. economic, diplomatic, and security interests.

Backdoors deck US tech leadership Crypto Wars prove


Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
While national security interests are, justifiably, the focus of the current discussion around encryption, any mandated vulnerabilities would have far
reaching effects in other sectors of U.S. interest as well. The first Crypto Wars in the 1990s are illustrative of the futility of this
approach: attempts to control the export of encryption negatively impacted U.S. business interests while other players entered to
provide their own encryption solutions. Any mandated weakening of U.S. encryption today would create similar issues , as consumers
both at home and abroad demand strong, independent encryption for a variety of reasons. Hamstringing U.S. companies from being able to meet
this demand will only benefit foreign competitors who seek to fill the void while giving political cover for those countries who will
demand similar access in order to further the suppression of targeted speech and oppression.

Encryption backdoors causes lack of trust in encryption companies and the government
Anthony 13 (Sebastian, ExtremeTech Senior Editor, 9/6/13, Anthony, ExtremeTech,
http://www.extremetech.com/computing/165849-nsa-and-gchq-have-broken-internet-encryption-created-backdoors-that-anyonecould-use)-SK
This is the big one: New documents released by Edward Snowden show that the NSA and its British equivalent, GCHQ
(pictured above), have cracked VPNs, SSL, and TLS the encryption technologies that keep your data secure on the internet .
The NSA program, dubbed Bullrun, took 10 years to crack the webs encryption technologies, before finally reaching a
breakthrough in 2010 that made vast amounts of previously unreadable data accessible. Perhaps more worryingly, the NSA
has an ongoing program to place backdoors in commercial products (websites, routers, encryption programs, etc.) to enable
easy snooping on encrypted communications. The documents, which contain some choice phrases such as, work has
predominantly been focused this quarter on Google due to new access opportunities being developed, almost completely
undermines the very basis of the internet, obliterating the concept of trust online. The documents outline a three-pronged plan to
ensure the NSA can access the bulk of the internets encrypted traffic: Influencing the development of new encryption standards
to introduce weaknesses, using supercomputers to break encryption, and collaborating with ISPs and tech companies to gain
backdoor access . Unfortunately, the documents dont outline exactly how the NSA and GCHQ broke the security of VPNs, SSL,
and TLS, only that they have successfully done it. There are numerous possibilities, with the two simplest being that the
intelligence agencies have either obtained the root certificates used to sign private keys, or theyve found a flaw in the standards
that can be easily exploited perhaps using a flaw that they themselves introduced into the standard. A slide detailing the
successes of the NSA and GCHQ programs to break internet encryption The final point, that the NSA has been lobbying ISPs
and tech companies to include backdoors in their products, is the most chilling. These backdoors might consist of hardware-level
access (say, in your home router or a big router at your ISP) that allows the NSA to log in and spy on any data that passes
through. These backdoors might be the NSA working with major tech companies, such as Microsoft or Facebook, to
deliberately introduce flaws into the encryption tech so that the NSA can easily crack it . (A previous leak pegged Microsoft as
helping the NSA circumvent encryption used by Outlook.com and IM services.) The main thing, though, is that these commercial
entities are working with, not against, the NSA to introduce these backdoors. At first blush, in the words of the NSA itself, these
decryption programs are the price of admission for the US to maintain unrestricted access to and use of cyberspace. The
problem is, by deliberately introducing security flaws, the NSA and GCHQ have obliterated the concept of trust online. The whole
point of VPNs and TLS is that they are impossible to crack at least within a reasonable time frame. We now know that our
secure communications can be easily snooped on by the government but more importantly, due to this plethora of backdoors,
we cant be sure that only the government is listening in . Thats the problem with a backdoor: Its great while youre the only one
who knows about it, but its game-breakingly awful if someone else an enemy government, for example stumbles across it.

(See: XKeyscore: The NSA program that collects nearly everything that you do on the internet.) This diagram shows how GCHQ
proposed to identify, intercept, and decrypt encrypted traffic in near-real time. For years the security industry has speculated that
the internet was riddled with NSA backdoors, and now it seems we have confirmation. It would be foolish to assume that these
backdoors havent been exploited by other, non-authorized entities. If you require private and secure communications, now
would be the time consider your alternatives. (Have you ever thought about physically exchanging thumb drives?) Ideally, if the
cryptographic systems behind VPN, SSL, and TLS have been broken (3DES, AES, etc.) then work needs to begin on new
industry-standard ciphers. This would likely take years. For a lot more information on the NSA and GCHQs sigint (signals
intelligence) operations,hit up the Guardian. I cant say that Im really surprised, but its still a bit depressing to see the terrifying
extent of their sigint operations laid bare and moreover, I guarantee that, due to the higher levels of classification that
Snowden couldnt access, this is still just the tip of the iceberg.

Curtailing backdoors key to U.S. Tech companiesperceived data security flaws


Center for Democracy and Technology 11/10/14 CDT is a non-profit organization that works to find solutions to pressing
internet policy challenges. (CDT, Issue brief: A backdoor to encryption for government surveillance, Center for Democracy and
Technology. https://d1ovv0c9tw0h0c.cloudfront.net/files/2014/11/issuebrief-backdoorencryption.pdf)//ET
Encrypting smartphones and other tech products will help protect against malicious hacking, identity theft, phone theft, and other crimes. However, a government
mandate requiring companies to build a backdoor through encryption to facilitate surveillance would put consumers at grave risk and
impose heavy costs on US businesses. The government can obtain information for investigations from other sources and may be able to compel an
individual to decrypt information with a search warrant. What companies have done recently: Apple and Google recently announced that their newer
smartphones will be encrypted by default. This means that all the data stored on the phone itself will be unreadable to anyone who accesses the
phone without knowing the owners password or key to unlock the encryption. Weak encryption (or obvious passwords) can be broken by widely available
cracking programs, but Apple and Google announced they will apply strong encryption to their devices. Prior to this announcement, many other companies and
nonprofits have long offered products and services, including phones, secured by strong encryption to the public. The primary impact: The primary impact of
this change will be to increase security from cybercriminals for regular smartphone users. Encryption by default ensures that if criminals steal
or attempt to hack into a phone, they will be unable to access the owners sensitive data stored on the device, such as credit card information ,
photos, emails, medical records, social media accounts, and more. Millions of American smartphone users are targets of identity theft, phone theft, and
cybercrime, and the principle objective of securing smartphones with strong encryption is to protect against these problems. What the FBI wants: The FBI wants
a backdoor into encrypted products not just phones, but other communications services as well. In a recent speech, FBI Director Comey called for companies
to build security flaws into their encrypted products so that the government can break through and wiretap consumers or seize data stored on their devices.
Director Comey suggested that Congress should enact legislation to impose this requirement on all communications service providers. A backdoor for
government surveillance: During his speech, Director Comey stated the FBI was not actually seeking a backdoor because he is proposing that companies
intentionally build a means of breaking encryption for the purpose of government access into their products and services. However, this conflates a legal
backdoor with a technical one: as a technical matter, creating a path through encryption to provide access that the user does not authorize is, by definition, a
backdoor security vulnerability into the device. It is impossible to build encryption that can be circumvented without creating a technical backdoor. Backdoors
create major problems: Backdoors severely weaken cybersecurity, leaving users exposed to malicious hacking and crime. A government-mandated
security vulnerability in tech products would also be a huge burden on businesses and an obstacle to innovation. User security
undermined: A fundamental problem with a backdoor is that there is no way to control who goes through it. If the US government can exploit
a backdoor security vulnerability to access a consumers device, so will malicious hackers, identity thieves, and foreign governments. This
will devastate the security of not just individual consumers around the world, but also the many businesses that use American commercial tech
products day-to-day. Ultimately, this mandate would have the effect of actually enabling cybercrime and undermining national security. US
businesses harmed: Consumers outside of the US may be much less inclined to purchase American tech products that facilitate
government surveillance. Consider, for example, the difficulty US companies would have selling smartphones or network servers in the
EU that are built to enable easy access for the NSA. As a technical matter, it is difficult and expensive to both build a backdoor security
vulnerability and then defend that vulnerability against unauthorized use. This burden would be heaviest on small businesses and innovators
of new communications services, which may create a disincentive to encrypt their products and reduce the overall security of users.
Government is not going dark: There is no doubt that some communications are more difficult to intercept than others, and that the FBI has a legitimate concern
that criminals and terrorists will gravitate to communications technologies that are more difficult to surveil. However, taken as a whole, the digital revolution has
made more data about us available than ever before, and the government has more tools to obtain and analyze that data than ever before. The volume of
government surveillance increases almost every year. The claim that companies increasing adoption of strong encryption by default will suddenly lead to
government going dark and unable to access critical information is speculative.

NSA BULLRUN program kills Tech industry credibility Other countries dont want to interact with
US tech companies
Timm 13 [Trevor, Journalist for the Guardian, Director/Co-founder of freedom of the press foundations, How NSA Mass
Surveillance is Hurting the US Economy, Electronic Frontier Foundation, November 25,2013,
https://www.eff.org/deeplinks/2013/11/how-nsa-mass-surveillance-hurting-us-economy, July 18, 2015] KL

Privacy may not be the only casualty of the National Security Agencys massive surveillance
program. Major sectors of the US economy are reporting financial damage as the recent
revelations shake consumer confidence and US trade partners distance themselves from
companies that may have been compromised by the NSA or, worse, are secretly
collaborating with the spy agency. Member of Congress, especially those who champion Americas
competitiveness in the global marketplace, should take note and rein in the NSA now if they want to stem the
damage. The Wall Street Journal recently reported that AT&Ts desired acquisition of the European company
Vodafone is in danger due to the companys well-documented involvement in the NSAs data-collection programs.
European officials said the telecommunications giant would face intense scrutiny in its bid to purchase a major
cell phone carrier. The Journal went on to say: Resistance to such a deal, voiced by officials in

interviews across Europe, suggests the impact of the NSA affair could extend beyond the
diplomatic sphere and damage US economic interests in key markets . In September,
analysts at Cisco Systems reported that the fallout reached another level, when the
National Institute of Standards and Technology (NIST) told companies not to use
cryptographic standards that may have been undermined by the NSAs BULLRUN program .
The Cisco analysts said that if cryptography was compromised it would be a critical blow to trust
required across the Internet and the security community. This forecast was proven true in mid-

November, when Cisco reported a 12 percent slump in its sales in the developing world due to the NSA revelations.
As the Financial Times reported, new orders fell by 25 percent in Brazil and 30 percent in Russia and Cisco predicts
its overall sales could drop by as much 10 percent this quarter. Cisco executives were quoted saying the

NSAs activities have created "a level of uncertainty or concern" that will have a deleterious
impact on a wide-range of tech companies. It is hard for civil libertarians to shed tears over AT&T
losing business because of NSA spying, considering the company allowed the NSA to directly tap into its
fiber optic cables to copy vast amounts of innocent Americans Internet traffic. AT&T was also recently
revealed as having partnered with both the DEA and the CIA on separate mass surveillance
programs. It is also hard to feel sorry for Cisco, which stands accused of helping China spy on dissidents and
religious minorities. But the fact that the spying is hurting these major companies is indicative of
the size of the problem. This summer, European Parliaments civil liberties committee was presented with a
proposal to require every American website to place surveillance notices to EU citizens in order to force the US
government to reverse course: The users should be made aware that the data may be subject

to
surveillance (under FISA 702) by the US government for any purpose which furthers US
foreign policy. A consent requirement will raise EU citizen awareness and favour growth of services solely within
EU jurisdiction. This will thus have economic impact on US business and increase pressure on
the US government to reach a settlement. [emphasis ours] Meanwhile, Telenor, Norways largest
telecom provider has reportedly halted its plans to move its customers to a US-based cloud provider. Brazil seems
to be moving ahead to create its own email service and require US companies locate an office there if they wish to
do business with Brazilian customers. Laws like this mean that companies like Google could be barred from doing
business in one of the worlds most significant markets, according to Googles director for law enforcement and
information security at Google, Richard Selgado. Google has been warning of this as far back as July, when in FISA
court documents it argued that the continued secrecy surrounding government surveillance demands would harm
its business. Many commentators have been warning about the economic ramifications for
months. Princeton technologist Ed Felten, who previously at the Federal Trade Commission, best explained why
the NSA revelations could end up hurting US businesses: This is going to put US companies at a

competitive disadvantage, because people will believe that U.S. companies lack the ability
to protect their customersand people will suspect that U.S. companies may feel compelled to lie to their
customers about security. The fallout may worsen. One study released shortly after the first Edward Snowden leaks
said the economy would lose $22 to $35 billion in the next three years. Another study by Forrester said the $35
billion estimate was too low and pegged the real loss figure around $180 billion for the US tech industry by 2016.
Much of the economic problem stems for the US governments view that its open season when it comes to spying
on non-U.S. persons. As Mark Zuckerberg said in September, the governments position isdont worry, were not
spying on any Americans. Wonderful, thats really helpful for companies trying to work with people around the
world. Googles Chief Legal Officer David Drummond echoed this sentiment last week, saying: The justification
has been couched as 'Don't worry. We're only snooping on foreigners.' For a company like ours, where most of our
business and most of our users are non-American, that's not very helpful." Members of Congress who care

about the US economy should take note: the companies losing their competitive edge due to
NSA surveillance are mainstream economic drivers. Just as their constituents are paying attention, so
are the customers who vote with their dollars. As Sen. Ron Wyden remarked last month, If a foreign enemy was
doing this much damage to the economy, people would be in the streets with pitchforks.

NSA has done more damage to reputation of U.S. tech companies than any other program
Messmer, technology and security researcher and writer, 9/10/13
(Ellen Messmer, Network World, http://www.networkworld.com/article/2169810/data-center/reported-nsa-actions-raise-seriousquestions-about-tech-industry-partnerships.html)RL
Revelations that the National Security Agency may be pressuring vendors to put hidden backdoors in their software and hardware for
espionage purposes casts a huge shadow over many programs run by the NSA to interact with the high-tech industry for
purposes of evaluating, testing and accrediting products. The NSA's actions, revealed in documents leaked by former contractor Edward Snowden and
made public by The Guardian and The New York Times, raise questions about NSA-run programs such as the Commercial Solutions for Classified
Components (CSfC), National Information Assurance Partnership, and DoD Information Assurance, Certification and Accreditation Process, as well as protocols
promulgated by the NSA, such as Suite B cryptography. Virtually every U.S.-based network and security product provider of any
significance participates in some way in these product evaluation programs because through them , they can sell to federal
agency customers and the military. To date, news sources such as The Guardian, which has worked closely with Snowden, haven't put forward

any names of companies that may have agreed to compromise their products for the NSA's behalf nor have they mentioned
these NSA-run product-evaluation programs . [TRUST NO ONE: Schneier on NSA's encryption defeating efforts] But last Friday, the Obama
Administration appeared to verify assertions made in the media the day before that the NSA works through partnership programs
with industry to undermine network and security products for espionage purposes . The Office of the Director of National
Intelligence (ODNI) didn't refute the notion that the NSA spends millions of dollars each year to subvert software and hardware by
pressuring the high-techindustry to put in backdoors for the NSA's benefit . In its official statement, ODNI said the stories published "reveal
specific and classified details about how we conduct this critical intelligence activity." Leaked documents posted by the Times and Guardian included NSA
statements such as the NSA SIGINT division "actively engages the U.S. and foreign IT industries to covertly influence and overtly leverage their commercial
products' designs. These design changes make the systems exploitable through SIGINT collection (.e.g., Endpoint, Midpoint, etc.) with foreknowledge of the
modification. To the consumer and other adversaries, however, the systems' security remains intact." One goal is said to be to "insert vulnerabilities into
commercial encryption systems, IT systems, networks and endpoint communication devices used by targets." That the NSA manages to somehow
make these modifications is considered "top secret," according to Snowden documents posted online. In its numerous product evaluation programs
with industry, the NSA would have ample opportunity to pursue these goals. Bruce Schneier, crypto expert and author of several books, including the recent
"Liars and Outliers," maintains that the revelations about the NSA constitute a fundamental betrayal of the Internet and the people that
use it. He advocates that anyone, especially engineers, with knowledge of how the NSA is subverting software and hardware should go
public with what they know. He adds that's as long as they're not bound by specific legal or confidentiality restrictions, such as a National Security Letter.
"If you have been contacted by the NSA to subvert a product or protocol , you need to come forward with your story," said Schneier in a recent
Guardian article. "Your employer obligations don't cover illegal or unethical activity . If you work with classified data and are truly brave, expose
what you know. We need whistleblowers." When yesterday asked whether China and Russia might also be working with any of their

homegrown industries to also subvert products for espionage purpose, Schneier said he had no direct knowledge about this. But
having read a slew of documents that Snowden has released, Schneier said he's convinced that the NSA is doing "everything
possible" to ensure complete access to everything it can. The influence of the U.S. and the United Kingdom on software, hardware and
the Internet gives them "a very privileged position on the Internet," he said. The NSA readily acknowledges it is always seeking to "break"
security of adversaries and encryption -- that after all, is part of its mission as America's cyber-espionage agency, which also maintains a
Cyber Command to attack adversaries via cyberspace. But the revelation that the NSA is spending millions each year to try and
get software and hardware vendors to modify their products to include backdoors for intelligence-collection purposes and
weakening of cryptographic and security systems raises the prospect of what legal ramification this will all have when more
becomes known. It's possible lawsuits from both businesses and consumers may arise if it becomes known specific products and
services were designed with backdoors for the NSA without disclosure of that to the buyer in what would be seen as a deceptive
practice. Some revelations in June from Snowden about the NSA's so-called PRISM program for intelligence collection are
starting to have legal impacts. Under PRISM, the NSA can collect e-mail, chat, videos, stored data, VoIP, file transfer and other material
from Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL and Yahoo. Microsoft and Google say they provide this data to
the NSA under the Foreign Intelligence Surveillance Act order and want to disclose how many of those are received each year ,
but say so far the U.S. Department of Justice is not agreeing to that. At the end of August, Microsoft General Counsel and Executive Vice
President Brad Smith said his company and Google would "move forward with litigation in the hopes the courts will uphold our right to speak more freely." They
did that yesterday in legal filings at the Foreign Intelligence Surveillance Court, joined by Yahoo. Public prosecutors in France are said to be starting
to build a case against the NSA and the FBI for PRISM-related spying on French citizens . Overall, there's a kind of gloom in the

high-tech industry and wariness among business customers about the implications of what the NSA is said to be doing in its zeal
to be able to conduct intelligence gathering for purposes of national defense . Richard Stiennon, chief research analyst at consultancy
IT-Harvest, says given how badly the NSA's purported actions have hurt U .S. industry, lawsuits should fly. He adds, "Like many wellintentioned government efforts, the NSA has singlehandedly done more damage to the reputation of U .S. technology companies than
any other event in the brief, meteoric rise of U.S. dominance. The implication that the most powerful and well-funded intelligence
service can leverage its relationship with U.S. companies such as Microsoft, Google, Yahoo, and even Apple, to get foreknowledge of
vulnerabilities or backdoors into their information systems , is going to kick off a new era of tech mercantilism. All U.S. tech
companies are going to be asked tough questions by their global clients . I am already hearing from tech giants that they are

being asked to attest to the absence of an NSA presence in their data centers . Competing cloud services and security products from
European and Nordic states are going to see rapid growth." Ellen Messmer is senior editor at Network World, an IDG publication and website, where she
covers news and technology trends related to information security . Twitter: MessmerE. E-mail:emessmer@nww.com

Failure to close backdoors forfeits 25% growth


Sherry 7/11/15 JD Sherry VP of Technology and Solutions, Over the past decade, he has established himself as a trusted
senior advisor and cloud security specialist for the protection of Payment Card Industry (PCI), Health Information Privacy Act
(HIPAA), and Personally Identifiable Information (PII) data. ( Closing the Back Door Responding to the Whisper Campaign; July 15;
http://blog.trendmicro.com/responding-whisper-campaign//pk

The Information Technology (IT) industry is a huge economic driver for the world economy . Purchasing products and solutions are based
not only on superior technology, but also whether you have trust and confidence in a vendor. Theres no doubt that the ongoing whispering
campaign of possible trust concerns around US-based companies and the National Security Agency (NSA) is taking its toll . For
months there have been claims of unauthorized access to cloud-based data, purposefully weakened (and possibly compromised) encryption keys, and even
backdoors in hardware and software of US-based companies. The impact of this is that Forrester has claimed that the loss for US-based IT

Service Providers in overall revenue due to the highly publicized Prism Scandal could be US$180 Billion or 25 percent by
2016. While US-based companies and the NSA have dominated the news cycle around these concerns, Vodaphones report of government surveillance,
including some governments having direct access to telecommunications traffic makes clear this is really a global issue. It raises questions for companies around

With massive amounts of revenue at stake , you would expect that


companies would be doing all they can to get in front of the issue, and for customers to confront and dispel those well-placed
concerns. But thats not happening. Actually, its the opposite. There are more scandals and more leaks, and no official response from the many global
players. The latest chapter in this saga is a claim that the largest security software company has been accused by China of having
backdoors in one of their major products. The reports go on to say that the Chinese government is banning the use of some of
this companys offerings. Its not clear if the claims are true or not, and thats part of the problem. With one exception, companies are being silent about
these accusations, neither confirming nor denying them. This leaves their customers to speculate fact or fiction. Naturally, thats leading their customers
to assume the worst, which is a negative for both. The notable (and praiseworthy) exception to this is Cisco. In May this year, John
Chambers from Cisco stepped up and wrote an open letter to President Obama about how the NSA tampers with Cisco
equipment before it is ships overseas. Granted it was after leaks, but still, bravo! This is what the IT industry should do! Be brave and be honest. Dont
the world who work in conjunction with governments globally.

be silent, and dont try to hold back information. In October 2013, after the Prism Scandal, the EFF and Bits of Freedom asked the IT security vendors to reply to
simple questions regarding requests from governments only a handful of companies responded. Trend Micro did. You can read our reply where Raimund
Genes, Chief Technology Officer, states unequivocally that we have not and would not comply with such a request. Trend Micro is truly a global company. Our
sole focus is to protect all of our customers around the world from all threats, whatever they may be and wherever they may be coming from. Yes we work with
governments and law enforcement, but always in service of protecting you, our customer. This is an issue where there should be no competitio n. All
companies should share this same, clear focus of putting the customer first. One way to do that is through transparency and honesty. Its late, but not too late for
those who have not addressed this head-on: respond the EFF and Bits of Freedom request. If you have been asked by any government to insert backdoors
talk with them and remove them. Through your words and actions stand with your peers around the world and take a clear stand putting customers first above
all else.

NSA backdoors caused the fallout of billions of dollar in contracts loss of trust
Swartz 2/28/14 Jon Swartz is a Silicon Valley based tech reporter at USA today (NSA surveillance hurting tech firms' business; Feb
14; http://www.usatoday.com/story/tech/2014/02/27/nsa-resistant-products-obama-tech-companies-encryption-overseas/5290553/)//pk
SAN FRANCISCO It used to be that tech titans such as Cisco Systems and IBM could bank on fertile markets in Asia and Europe

in their quest for worldwide financial domination. Not so much anymore. The National Security Agency, and revelations about its
extensive surveillance operations sometimes with the cooperation of tech firms have undermined the ability of many U.S. companies
to sell products in key foreign countries, creating a fissure with the U.S. government and prompting some to scramble to create "NSA-resistant"
products. The fallout could cost the tech industry billions of dollars in potential contracts, which has executives seething at the
White House. "Suspicion of U.S. vendors is running at an all-time high ," says Andrew Jaquith, chief technology officer at cloud-security firm
SilverSky. Cisco, IBM, Microsoft and Hewlett-Packard have reported declines in business in China since the NSA surveillance program was exposed. The
Information Technology & Innovation Foundation estimates the NSA imbroglio will cost U.S. businesses $22 billion through 2016 .
Forrester Research pegs potential losses at $180 billion, which includes tech firms and managed service providers The conflagration
took on political tones this month when German Chancellor Angela Merkel whose mobile phone was tapped by U.S. spy agencies said she would press
France President Francois Hollande to back a push for EU-based alternatives to the current U.S.-dominated Internet infrastructure. "We'll talk with France about
how we can maintain a high level of data protection," Merkel said in her weekly podcast in mid-February. "Above all, we'll talk with European providers that offer
security for our citizens, so that one shouldn't have to send e-mails and other information across the Atlantic." The situation is more combustible at home.
Disclosures that the NSA routinely cracked encryption, or data-scrambling, technology has heightened the anxiety of industry leaders. But in their pursuit of NSAproof products, they've alarmed some intelligence officials, who argue that without the ability to break encryption and create "back doors" to enter computer
systems abroad, the USA would be disarming at a moment of heightened cyberconflict. During a speech on NSA reforms on Jan. 17, President Obama angered
tech leaders when he did not embrace two recommendations by a panel he appointed to review the surveillance that are of pressing concern to Silicon Valley
and the business community. It had recommended the NSA "not in any way subvert, undermine, weaken or make vulnerable" commercial software, and that it

move away from exploiting flaws in software to conduct cyberattacks or surveillance. NSA-resistant products Many tech companies feel they have no

choice but to try to develop NSA-resistant products because customers from China to Germany threaten to boycott American
hardware and cloud services they view as compromised. It's already happening, with large corporate deals either lost or in danger of falling by the
wayside. The United Arab Emirates is threatening to scrap a $926 million intelligent-satellite deal with two French firms unless they
remove U.S.-built components. The UAE fears the equipment would contain digital backdoors that compromise the security of data. About 25% of
300 British and Canadian businesses surveyed by Canadian cloud firm Peer 1 Hosting said they intend to move their computerhosting operations out of the U.S. While Internet service providers question the practicalities of how e-mail between the U.S. and other countries would
work in such an undefined new service suggested by Merkel, American tech companies caution secure regional networks would fragment the Internet. With the
exception of Microsoft which says it will let overseas customers have personal data stored on servers outside the U.S. tech companies such as
Facebook and Google have opposed such private European clouds . Their fear: Regional data systems could Balkanize the Internet and
undercut its efficiency.

Lack of trust in US companies hurts the tech industry


Kassner 15 Freelance writer and editing professional with 15 years of experience covering technology, science,
and business. (Michael, Why government-mandated encryption backdoors are bad for US Businesses, 7/14/15,
http://www.techrepublic.com/article/why-government-mandated-encryption-backdoors-are-bad-for-us-businesses/)
For insight on the impact to businesses, I talked to Benjamin Dean, fellow in cybersecurity and internet governance staff
associate at Columbia University. "US companies will lose out from a policy that involves exceptional access," mentions Dean.
"Think about the customer whose goal is to purchase a product that will secure their information. Would that customer buy or use
the weakened encryption product from a US company or would that customer instead purchase a security product from a
company residing in a country where robust encryption is allowed?" Dean then adds, "Demand for information security will
remain with or without the policy. It's just that US companies will be unable to service this demand, which translates into lost
revenue for US tech businesses." Next I asked Dean if exceptional access might have an effect similar to the Snowden releases.
"The NSA's activities, disclosed by Snowden, involved undermining key information security standards and technologies," states
Dean. "The severe erosion of user trust in technologies sold by US companies has translated into revenue losses for US
technology companies. Depending on what you measure and how you measure it, loss estimates vary from $21.5-35 billion
(from ITIF) through to $180 billion (from Forrester)." Dean continues, "FBI Director Comey is proposing encryption, an important
measure for information security, should be weakened. This would trigger a further erosion of trust in technologies developed and
sold by US companies. Estimating the exact losses is difficult. However, it is safe to say that this proposal would not benefit US
technology companies." As for all other businesses, exceptional access would complicate how they meet international
regulations and liability clauses. For example, assuming the paper's authors are right, if a criminal element figures out
exceptional access for an encryption product, who is liable for the damages accrued by companies using the compromised
product?

Encryption is key to the tech industry


Stevenson 15 (Alastair, Reporter for V3 news in United Kingdom, Encryption is good for the economy, even if the Tories say
otherwise, 22 May 2015, http://www.v3.co.uk/v3-uk/opinion/2409567/encryption-is-good-for-the-economy-even-if-the-tories-sayotherwise)RR
Digital privacy has been a growing concern for businesses and general web users ever since Edward Snowden leaked PRISM
documents to the press, and for good reason. The documents revealed a digital surveillance operation that was larger and more efficient than even
the most zealous tinfoil hat wearer could have imagined. They detailed operations that collected vast streams of data from big name companies, including Apple,
Microsoft, Google, Facebook and Yahoo, that had been approved in dark, back-room, secret courts away from the eyes of privacy advocates and digital
watchdogs. Worse still, the companies involved were prevented from speaking publicly about the operations and left with woefully few
means to fight the special requests being thrown at them under the F oreign Intelligence Surveillance Act. In turn, the revelations led to a
backlash against the private sector parties involved . Attacks on the firms included accusations that they didn't fight hard enough or were in cahoots
with the intelligence agencies. However, a silver lining soon appeared around the PRISM cloud as the companies involved, in my mind, reacted in the best way
possible. Following PRISM, everyone from Google, Microsoft, Facebook and Yahoo to local SMBs began re-examining their data

collection and protection policies and rolling out new technologies to protect data passing through their networks. The biggest of
these is the ongoing move to encrypt online services, which will help to stop spooks and cyber criminals getting hold of the data.
Snowden himself has listed encryption as one of, if not the, best way for people and businesses to protect their data, and for me
the rising use of anonymising services and a focus on data protection is a huge positive that governments should be promoting.
Sadly, though, many have gone the other way, arguing that mass data collection and the ability to access businesses' customer data is a necessary evil in the
fight against criminal and terrorist groups. It's a belief that has been accepted enthusiastically by the Tory government. In turn, the US and UK governments have
debated new legislation that would grant intelligence agencies yet more surveillance powers and ways to get round the encryption roadblock. These attacks on
encryption are ridiculous and foolhardy for two reasons. First, attacking or blocking encryption won't stop the bad people that the government

alleges it's fighting by weakening web users' cyber security. It'll just make general web users more vulnerable. Second, it will

destroy customer trust in online businesses that handle data and have a negative impact on the global economy. Fortunately I
am far from alone in this belief. This week over 140 businesses, researchers, government advisors and white hats sent a letter to
US president Barack Obama urging him to block proposed legislation that would let agencies legally collect and decrypt data
from "communications devices". The letter, which has been signed by tech firms including Apple, Google Microsoft, Twitter,
Yahoo, Symantec and HP, expresses my concerns nicely. "Introducing mandatory vulnerabilities into American products would
further push many customers - be they domestic or international, individual or institutional - to turn away from those
compromised products and services," it said. "[Customers] and many of the bad actors whose behaviour the government is hoping to
impact will simply rely on encrypted offerings from foreign providers, or avail themselves of the wide range of free and open
source encryption products that are easily available online ." This isn't rocket science. If you reduce overall cyber security levels and make
commonly used encryption protocols and defence tools vulnerable you won't catch the serious cyber criminals because they don't use them. The bad people
running cyber black markets dealing in arms, exploit kits, drugs, or even child pornography are smarter than that. They know how to hide their operations and will
simply move deeper underground, using even more advanced detection dodging technologies, and evolving their strategies to exploit businesses' governmentmade weaknesses. It won't make any difference to me as I am not part of the one percent that our new government cares about, but I wanted to use this column
to add my voice to the 140 companies on the letter and urge the US and UK governments to reconsider their war on encryption.

Backdoor cause revenue loss to US tech companies 21.5-35 billion dollars


Kassner 7/14/15 - Micheal Kasner is fellow of ASM international and won the Oregon College of Engineering award, Cites
many cybersecurity authors like Susan Landau and the people on the National Institute of Standards and Technology( Micheal, Why
government-mandated encryption backdoors are bad for US businesses, http://www.techrepublic.com/article/why-government-mandated-encryption-backdoorsare-bad-for-us-businesses/)//pk
How would exceptional access affect US businesses? For insight on the impact to businesses, I talked to Benjamin Dean, fellow in cybersecurity and internet
governance staff associate at Columbia University. "US companies will lose out from a policy that involves exceptional access," mentions
Dean. "Think about the customer whose goal is to purchase a product that will secure their information. W ould that customer buy or use the weakened

encryption product from a US company or would that customer instead purchase a security product from a company residing in a
country where robust encryption is allowed?" Dean then adds, "Demand for information security will remain with or without the policy .
It's just that US companies will be unable to service this demand, which translates into lost revenue for US tech businesses." Next
I asked Dean if exceptional access might have an effect similar to the Snowden releases. " The NSA's activities, disclosed by Snowden, involved
undermining key information security standards and technologies ," states Dean. "The severe erosion of user trust in technologies
sold by US companies has translated into revenue losses for US technology companies . Depending on what you measure and how you
measure it, loss estimates vary from $21.5-35 billion (from ITIF) through to $180 billion (from Forrester)." Dean continues, "FBI Director
Comey is proposing encryption, an important measure for information security, should be weakened. This would trigger a further erosion of trust in technologies
developed and sold by US companies. Estimating the exact losses is difficult. However, it is safe to say that this proposal would not benefit US technology
companies." As for all other businesses, exceptional access would complicate how they meet international regulations and liability
clauses. For example, assuming the paper's authors are right, if a criminal element figures out exceptional access for an encryption
product, who is liable for the damages accrued by companies using the compromised product? To put it simply Bruce Schneier, wellknown security expert and one of the paper's authors, always has interesting comments on his blog. And his post on this topic is no exception. David C
comments, "I doubt the bad guys, the FBI want, are going to use broken encryption. They'll go find good encryption and use it." An obvious point, and one, I
hope, not overlooked.

Backdoor destroying business revenue China bans US companies


Whittaker 2/25/15 Zack Whittaker, A part-writer, part-editor for ZDNet on business technology, CNET(trusted tech website)
on politics and consumer technology, and CBS News on anything in-between. (It's official: NSA spying is hurting the US tech economy Feb
2015, http://www.zdnet.com/article/another-reason-to-hate-the-nsa-china-is-backing-away-from-us-tech-brands/)//pk

China is no longer using high-profile US technology brands for state purchases, amid ongoing revelations about mass
surveillance and hacking by the US government. A new report confirmed key brands, including Cisco, Apple, Intel, and McAfee -- among others -have been dropped from the Chinese government's list of authorized brands, a Reuters report said Wednesday. The number of approved foreign
technology brands fell by a third, based on an analysis of the procurement list. Less than half of those companies with security products remain on the
list. Although a number of reasons were cited, domestic companies were said to offer "more product guarantees" than overseas rivals in
the wake of the Edward Snowden leaks. Some reports have attempted to pin a multi-billion dollar figure on the impact of the
leaks. In reality, the figure could be incalculable. The report confirms what many US technology companies have been saying for the past year: the activities by
the NSA are harming their businesses in crucial growth markets, including China. The Chinese government's procurement list changes
coincided with a series of high profile leaks that showed the US government have been on an international mass surveillance spree, as well as hacking
expeditions into technology companies, governments, and the personal cellphones of world leaders. Concerned about backdoors implanted by the

NSA, those revelations sparked a change in Chinese policy by forcing Western technology companies to hand over their source
code for inspection. That led to an outcry in the capital by politicians who in the not-so-distant past accused Chinese companies of doing exactly the same
thing. From encrypted instant messengers to secure browsers and operating systems, thees privacy-enhancing apps, extensions, and services can protect you
both online and offline. The fear is that as the China-US cybersecurity standoff continues, it's come too late for Silicon Valley
companies, which are already suffering financially thanks to the NSA's activities. Microsoft said in January at its fiscal fourth-quarter earnings

that China "fell short" of its expectations, which chief executive Satya Nadella described as a "set of geopolitical issues" that the company was working through.
He did not elaborate. Most recently, HP said on Tuesday at its fiscal first-quarter earnings call that it had "execution issues" in China thanks to the "tough market"
with increasing competition from the local vendors approved by the Chinese government. But one company stands out: Cisco probably suffered the worst of all.

Earlier this month at its fiscal second-quarter earnings, the networking giant said it took a 19 percent revenue ding in China, amid
claims the NSA was installing backdoors and implants on its routers in transit. China remains a vital core geography for most US technology
giants with a global reach. But until some middle-ground can be reached between the two governments, expect Silicon Valley's struggles in the country to only
get worse

Securing data key to business growth and tech sectors growth


Matuszak & Hanley 15 (Gary Matuszak, Global and U.S. Chair, Technology, Media &
Communications, KPMG, and Richard Hanley, Advisory Sector Leader, Technology, Media &
Communications, KPMG LLP (U.S.), Technology Industry Outlook Survey, A tale of two
disruptions: tech innovation and cybersecurity, June 2015,
https://www.kpmg.com/US/en/industry/technology/Documents/technology-industry-outlookpublication.pdf Page 25-27)//pk
With every technical innovation the sector produces, a need to implement and maintain effective security remains an industry constant. As the nature of the

threats evolve, so do the tech sector's efforts to secure their own data and intellectual property, and to enhance the security tools
and services they offer to customers. Many companies expect to spend between 1 and 5 percent on information security over the
next year. Recognizing not only the importance of information security to ensuring their operations and maintaining customer trust as wed as the evolving
nature of security threats, three-fourths of technology executives expect their companies to spend 1 to 5 percent of their revenue on IT security over the next 12
months. At the same time. 23 percent of those surveyed say their company has suffered a security breach in the past 12 months. The

survey findings on security are an important marker since tech companies are the pace setters in IT security. How much and
where tech companies spend on IT security, and how successful they are can serve as guides for all other industries . In today's
digitally driven world, information security is a foundation for business growth and sustainability.

--xt tech k/t econ


Tech Industry Specifically k2 economy
Kvochko 13 [Elena, Manager in Information Technology Industry at World Economic Forum, Five ways technology can help
the economy, World Economic Forum, Publisher of stories about the world economy, April 11, 2013,
https://agenda.weforum.org/2013/04/five-ways-technology-can-help-the-economy/, July 18, 2015] KL
At a time of slowed growth and continued volatility, many countries are looking for policies that will stimulate growth and create new jobs. Information

communications technology (ICT) is not only one of the fastest growing industries directly creating millions of jobs

but it is also
an important enabler of innovation and development. The number of mobile subscriptions (6.8 billion) is approaching global population figures, with 40% of
people in the world already online. In this new environment, the competitiveness of economies depends on their ability to leverage new technologies. Here are
the five common economic effects of ICT. 1.

Direct job creation The ICT sector is, and is expected to remain, one of the largest employers. In
the US alone, computer and information technology jobs are expected to grow by 22% up to 2020, creating 758,800 new jobs. In
Australia, building and running the new super-fast National Broadband Network will support 25,000 jobs annually. Naturally, the growth in different segments is
uneven. In the US, for each job in the high-tech industry, five additional jobs, on average, are created in other sectors. In 2013, the global tech market will grow

Contribution to GDP growth Findings from various countries


10% increase in broadband penetration is associated with a 1.4%

by 8%, creating jobs, salaries and a widening range of services and products. 2.

confirm the positive effect of ICT on growth. For example, a


increase in GDP growth in emerging markets . In China, this number can reach 2.5%. The doubling of mobile data use caused by the increase in
3G connections boosts GDP per capita growth rate by 0.5% globally. The Internet accounts for 3.4% of overall GDP in some economies. Most of this effect is
driven by e-commerce people advertising and selling goods online. 3. Emergence of new services and industries Numerous public services
have become available online and through mobile phones. The transition to cloud computing is one of the key trends for modernization. The government of
Moldova is one of the first countries in Eastern Europe and Central Asia to shift its government IT infrastructure into the cloud and launch mobile and e-services
for citizens and businesses. ICT has enabled the emergence of a completely new sector: the app industry. Research shows that Facebook apps alone
created over 182,000 jobs in 2011, and that the aggregate value of the Facebook app economy exceeds $$12 billion. 4.

Workforce transformation New microwork platforms, developed by companies like oDesk, Amazon and Samasource, help to
divide tasks into small components that can then be outsourced to contract workers . The contractors are often based in emerging
economies. Microwork platforms allow entrepreneurs to significantly cut costs and get access to qualified workers. In 2012, oDesk alone had over 3 million
registered contractors who performed 1.5 million tasks. This trend had spillover effects on other industries, such as online payment systems. ICT has also
contributed to the rise of entrepreneurship, making it much easier for self-starters to access best practices, legal and regulatory information, marketing and

5. Business innovation In OECD countries, more than 95% of businesses have an online presence. The
Internet provides them with new ways of reaching out to customers and competing for market share. Over the past few years, social
investment resources.

media has established itself as a powerful marketing tool. ICT tools employed within companies help to streamline business processes and improve efficiency.
The unprecedented explosion of connected devices throughout the world has created new ways for businesses to serve their customers.

U.S. tech industry key to economy


Grisham 15: Senior Manager Public Policy Communications CompTIA, Stonewall Strategies; served as the Manager of U.S.
Public Affairs at the Public Affairs Council and Communications Director for Congressman Mike Turner of Ohio; BA in Public
Relations at University of South Carolina-Columbia: (UNITED STATES TECH INDUSTRY EMPLOYS 6.5 MILLION IN 2014,
Preston Grisham, CompTIA, February 10, 2015, https://www.comptia.org/about-us/newsroom/press-releases/2015/02/10/unitedstates-tech-industry-employs-6.5-million-in-2014) //chiragjain
Washington, D.C., February 10, 2015 The U.S. tech industry added 129,600 net jobs between 2013 and 2014, for
a total of nearly 6.5 million jobs in the U.S., according to Cyberstates 2015: The Definitive State-by-State Analysis of the
U.S. Tech Industry published by CompTIA. The report represents a comprehensive look at tech employment, wages, and other key
economic factors nationally and state-by-state, covering all 50 states, the District of Columbia, and Puerto Rico. This years edition
shows that tech industry jobs account for 5.7 percent of the entire private sector workforce. Tech industry
employment grew at the same rate as the overall private sector, 2 percent, between 2013-2014. Growth was led by

the IT services sector which added 63,300 jobs between 2013 and 2014 and the R&D, testing, and
engineering services sector that added 50,700 jobs. The U.S. tech industry continues to make significant
contributions to our economy, said Todd Thibodeaux, president and CEO, CompTIA. The tech industry accounts for
7.1 percent of the overall U.S. GDP and 11.4 percent of the total U.S. private sector payroll . With annual
average wages that are more than double that of the private sector, we should be doing all we can to encourage the
growth and vitality of our nations tech industry. An examination of tech job postings for the nation shows a yearover-year jump of more than 11 percent for technology occupations, with over 650,000 job openings in
fourth quarter of 2014. At the state level, Cyberstates shows that 38 states had an overall net increase of tech
industry employment in 2014. The largest gains were in California (+32,900), Texas (+20,100), Florida (+12,500),
Massachusetts (+8,700), and Michigan (+8,100). The states with the highest concentration of workers were Massachusetts (9.8% of

private sector employment), Virginia (9.4%), Colorado (9.2%), Maryland (8.6%), and Washington (8.4%). The largest states by tech
industry employment continues to be California, Texas, and New York.

Tech industry development is key to the economy


MHTA 13 (Minnesota High tech Association, Tech sector employs 6.5M nationwide, Article presents no date except the year,
2013, https://www.mhta.org/tech-sector-employs-6-5m-nationwide/)RR
The U.S. tech industry added 129,600 net jobs between 2013 and 2014, for a total of nearly 6.5 million jobs in the U.S ., according to
Cyberstates 2015: The Definitive State-by-State Analysis of the U.S. Tech Industry published by CompTIA. The report represents a comprehensive look at tech
employment, wages, and other key economic factors nationally and state-by-state, covering all 50 states, the District of Columbia, and Puerto Rico. This

years edition shows that tech industry jobs account for 5.7 percent of the entire private sector workforce. Tech industry
employment grew at the same rate as the overall private sector, 2 percent, between 2013-2014. Growth was led by the IT
services sector which added 63,300 jobs between 2013 and 2014 and the R&D, testing, and engineering services sector that
added 50,700 jobs. The U.S. tech industry continues to make significant contributions to our economy, said Todd Thibodeaux,
president and CEO, CompTIA. The tech industry accounts for 7.1 percent of the overall U.S. GDP and 11.4 percent of the total
U.S. private sector payroll. With annual average wages that are more than double that of the private sector, we should be doing
all we can to encourage the growth and vitality of our nations tech industry. An examination of tech job postings for the nation shows a
year-over-year jump of more than 11 percent for technology occupations, with over 650,000 job openings in fourth quarter of 2014 . At
the state level, Cyberstates shows that 38 states had an overall net increase of tech industry employment in 2014 . The largest gains were in
California (+32,900), Texas (+20,100), Florida (+12,500), Massachusetts (+8,700), and Michigan (+8,100). The states with the highest concentration of workers
were Massachusetts (9.8% of private sector employment), Virginia (9.4%), Colorado (9.2%), Maryland (8.6%), and Washington (8.4%). The largest states by tech
industry employment continue to be California, Texas, and New York. While California was a leading state for 12 of the 16 technology industry clusters,
Cyberstates also shows clusters throughout the United States, said Skip Newberry, president, Technology Association of Oregon and vice chairman, Technology
Councils of North America TECNA). The state of Washington leads the nation in software publishers employment and Texas leads in tech wholesalers and repair
services. Oregon and Arizona have strong clusters in semiconductors. Virginia has one in computer systems design, a major component of IT services.
Massachusetts is a serious powerhouse in R&D and testing labs. The U.S. tech industry spans the country from coast to coast. The strength of the

technology industry is built on the hard work, intellectual capital, high-value skills, and innovation of our nations technology
workers, said Newberry. Tech workers are the life blood of our industry and as such we need to continue to do all that we can to
ensure access to the best and the brightest workers in the world . This means focusing on STEM education, training and improving access to
high-skilled immigrants. They are going to be the future drivers of our industry. Cyberstates 2015, in its 16th edition, relies primarily on data from the U.S. Bureau
of Labor Statistics. The report provides 2014 national and state-by-state data on tech employment, wages, establishments, payroll, wage differential, employment
concentration, economic output, and job openings. All data are the most recent available at the time of production. 2014 data are preliminary and subject to
revisions.

--a2 adv cp subsidies


Government subsidies fail The government doesnt have incentive to make sure a company is
successful
De Rugy 15 [Veronique, senior research fellow at the Mercatus Center at George Mason University, primary research
interests include the U.S. economy, the federal budget, homeland security, taxation, tax competition, and financial privacy,
Subsidies Are the Problem, Not the Solution, for Innovation in Energy, House Committee on Science, Space, and Technology,
Subcommittee on Energy, March 24, 2015, http://mercatus.org/publication/subsidies-are-problem-not-solution-innovationenergyhttp://mercatus.org/publication/subsidies-are-problem-not-solution-innovation-energy, July 18, 2015] KL
GOVERNMENT LACKS THE PROPER INCENTIVES Even with the best of intentions, elected officials and bureaucrats simply do not possess
the proper incentives to manage taxpayers money prudently. They are not rewarded when they maximize consumer value; nor are they punished when they take
unnecessary risks or fail to minimize costs. Government actors operate with limited knowledge. While individuals acting in markets are able to use price signals
to guide their decisions. When a private company fails, the owners and its investors lose. Government decision makers have no such

guide. They have no way of accounting for the value or costs of their decisions. And when the government fails, taxpayers lose.
Subsidies are justified as being necessary to encourage the development of alternative energies because the private sector is unwilling to undertake the risk
necessary for their development. The truth is that private investors should avoid throwing scarce dollars at endeavors that do not make
economic sense. Instances where the private sector will not invest signal that it would also be a bad idea for taxpayers to invest. Policymakers who

believe that entrepreneurs and venture capitalists are investing insufficiently in new technologies should focus their efforts on
reducing the federal tax burden on businesses and investment rather than attempting to subsidize specific firms, industries, or
technologies. Lowering the tax burden is more likely to result in higher economic growth, innovation, and job creationthe same canned justification
that policymakers often fall back on to justify subsidy programs. It is amazing that many of the policymakers who believe that the private sector
needs the government to fill this mythical investment gap are the same ones who want to further tax the rewards of investment, and support sending the money
to agencies like EERE that fund the research and development of commercial products. Advanced research and development subsidies are a form of corporate
welfare because the rewards end up going to private interests while the costs are borne by taxpayers. This cycle of tax and subsidize is just another example of
the government robbing Peter to pay Paul. Policymakers like to tout Pauls success stories when defending energy subsidies, but somehow Peter escapes
acknowledgement.

Subsidies destroy the economy they distort economic activity


De Rugy 15 [Veronique, senior research fellow at the Mercatus Center at George Mason University, primary research
interests include the U.S. economy, the federal budget, homeland security, taxation, tax competition, and financial privacy,
Subsidies Are the Problem, Not the Solution, for Innovation in Energy, House Committee on Science, Space, and Technology,
Subcommittee on Energy, March 24, 2015, http://mercatus.org/publication/subsidies-are-problem-not-solution-innovationenergyhttp://mercatus.org/publication/subsidies-are-problem-not-solution-innovation-energy, July 18, 2015] KL
SUBSIDIES DISTORT ECONOMIC ACTIVITY Policymakers justify energy subsidies by arguing that they are needed to fix alleged imperfections in
the marketplace. The imperfections, however, are typically short-term issues (e.g., oil price spikes) that the marketplace will addressif allowed. Policymakers
often rush to address short-term concerns with government interventions, including subsidies, which end up distorting economic activity and generating failures
of their own.2 The problem is compounded by the reality that policymakers usually have political and parochial interests in mind when creating and sustaining
subsidy programs. When government intervenes, 1) subsidized firms get an unfair competitive advantage over firms that do not receive a

government subsidy, and 2) policymakers, instead of the market , pick winners and losers. Unseen Losses of Unsubsidized Competitors
By aiding particular businesses and industries, subsidies put other businesses and industries at a disadvantage . This market
distortion generates losses to the economy that are not easily seen and thus generally arent considered by
policymakers . For example, energy companies that dont receive a government subsidy are disadvantaged when they compete against companies that do
receive government backing. A company or entrepreneur with a superior product or technology might never reach the market because they didnt have access to
government handouts. The result is a diversion of resources from businesses preferred by the market to those preferred by policymakers, which leads to losses
for the overall economy. The Cost of Policymakers Picking Winners and Losers When the government starts choosing industries and
technologies to subsidize, it often makes bad decisions at taxpayer expense, because policymakers possess no special knowledge
that allows them to allocate capital more efficiently than markets . Businesses and venture capital firms make many mistakes as well, but they
bear the consequences of those mistakes. When the government picks losers, the costs are involuntarily borne by taxpayers. Even the supposed success
stories that government officials and the direct beneficiaries of subsidies like to tout at congressional hearings do not come without cost. In addition to the
taxpayer money thats spent when policymakers try to steer the market in certain directions, government intervention can also delay the development of superior
alternatives by companies and entrepreneurs who didnt receive government backing. Worse, young companies and entrepreneurs can have a harder time
acquiring capital because private investors usually prefer to provide capital to projects that are subsidized over ones that are not.

ADV CLOUD COMPUTING

--xt plan k/t cloud


NSA backdoor surveillance destroys US cloud computing industry AND the U.S. economy
Kehl 14 [Danielle, Policy Analyst at New Americas Open Technology Institute, Surveillance Costs: The NSAs Impact on the
Economy, Internet Freedom & Cybersecurity, NewsAmerica, July 2014, https://www.newamerica.org/oti/surveillance-costs-thensas-impact-on-the-economy-internet-freedom-cybersecurity/, July 17, 2015] KL
It is becoming clear that the post-9/11 surveillance apparatus may be at cross-purposes with our high-tech economic growth ,
declared Third Ways Mieke Eoyang and Gabriel Horowitz in December 2013. The economic consequences [of the recent revelations] could be
staggering.25 A TIME magazine headline projected that NSA Spying Could Cost U.S. Tech Giants Billions, predicting losses
based on the increased scrutiny that economic titans like Google, Microsoft, Facebook, and Yahoo have faced both at home and
abroad since last June.26 The NSAs actions pose a serious threat to the current value and future stability of the information technology industry, which has
been a key driver of economic growth and productivity in the United States in the past decade.27 In this section, we examine how emerging
evidence about the NSAs extensive surveillance apparatus has already hurt and will likely continue to hurt the American tech
sector in a number of ways, from dwindling U.S. market share in industries like cloud computing and webhosting to dropping tech sales overseas. The
impact of individual users turning away from American companies in favor of foreign alternatives is a concern. However, the major
losses will likely result from diminishing confidence in U.S. companies as trustworthy choices for foreign government
procurement of products and services and changing behavior in the business-to-business marke t. Trust in American businesses
has taken a significant hit since the initial reports on the PRISM program suggested that the NSA was directly tapping into the
servers of nine U.S. companies to obtain customer data for national security investigations .28 The Washington Posts original story on the
program provoked an uproar in the media and prompted the CEOs of several major companies to deny knowledge of or participation in the program.29 The
exact nature of the requests made through the PRISM program was later clarified, 30 but the public attention on the relationship
between American companies and the NSA still created a significant trust gap, especially in industries where users entrust companies to
store sensitive personal and commercial data. Last years national security leaks have also had a commercial and financial impact on
American technology companies that have provided these records, noted Representative Bob Goodlatte, a prominent Republican leader and
Chairman of the House Judiciary Committee, in May 2014. They have experienced backlash from both American and foreign
consumers and have had their competitive standing in the global marketplace damaged .31 Given heightened concerns about the
NSAs ability to access data stored by U.S. companies, it is no surprise that American companies offering cloud computing and webhosting
services are among those experiencing the most acute economic fallout from NSA surveillance . Within just a few weeks of the first
disclosures, reports began to emerge that American cloud computing companies like Dropbox and Amazon Web Services were
starting to lose business to overseas competitors. 32 The CEO of Artmotion, one of Switzerlands largest offshore hosting providers, reported in July
2013 that his company had seen a 45 percent jump in revenue since the first leaks,33 an early sign that the countrys perceived neutrality and strong data and
privacy protections34 could potentially be turned into a serious competitive advantage.35 Foreign companies are clearly poised to benefit from growing fears
about the security ramifications of keeping data in the United States. In a survey of 300 British and Canadian businesses released by PEER 1 in January
2014,36 25 percent of respondents indicated that they were moving data outside of the U.S. as a result of the NSA revelations. An overwhelming number

of the companies surveyed indicated that security and data privacy were their top concerns, with 81 percent stating that they
want to know exactly where their data is being hosted. Seventy percent were even willing to sacrifice performance in order to ensure that their
data was protected.37 It appears that little consideration was given over the past decade to the potential economic repercussions if the NSAs secret programs
were revealed.38 This failure was acutely demonstrated by the Obama Administrations initial focus on reassuring the public that its

programs primarily affect non-Americans, even though non-Americans are also heavy users of American companies products.
Facebook CEO Mark Zuckerberg put a fine point on the issue, saying that the government blew it in its response to the scandal. He
noted sarcastically: The government response was, Oh dont worry, were not spying on any Americans. Oh, wonderful: thats really helpful to companies [like
Facebook] trying to serve people around the world, and thats really going to inspire confidence in American internet companies.39 As Zuckerbergs comments
reflect, certain parts of the American technology industry are particularly vulnerable to international backlash since growth is heavily dependent on foreign
markets. For example, the U.S. cloud computing industry has grown from an estimated $46 billion in 2008 to $150 billion in 2014, with

nearly 50 percent of worldwide cloud-computing revenues coming from the U.S.40 R Street Institutes January 2014 policy study
concluded that in the next few years , new products and services that rely on cloud computing will become increasingly pervasive. Cloud computing is
also the root of development for the emerging generation of Web-based applicationshome security, outpatient care, mobile payment, distance learning, efficient
energy use and driverless cars, writes R Streets Steven Titch in the study. And it is a research area where the United States is an undisputed leader.41 This
trajectory may be dramatically altered, however, as a consequence of the NSAs surveillance programs. Economic forecasts after the Snowden leaks
have predicted significant, ongoing losses for the cloud-computing industry in the next few years . An August 2013 study by the
Information Technology and Innovation Foundation (ITIF) estimated that revelations about the NSAs PRISM program could cost the American
cloud computing industry $22 to $35 billion over the next three years. 42 On the low end, the ITIF projection suggests that U.S. cloud computing
providers would lose 10 percent of the foreign market share to European or Asian competitors, totaling in about $21.5 billion in losses; on the high-end, the $35
billion figure represents about 20 percent of the companies foreign market share. Because the cloud computing industry is undergoing rapid growth right now a

2012 Gartner study predicted global spending on cloud computing would increase by 100 percent from 2012 to 2016, compared
to a 3 percent overall growth rate in the tech industry as a whole 43vendors in this sector are particularly vulnerable to shifts in the market.
Failing to recruit new customers or losing a competitive advantage due to exploitation by rival companies in other
countries can quickly lead to a dwindling market share . The ITIF study further notes that the percentage lost to foreign competitors could go
higher if foreign governments enact protectionist trade barriers that effectively cut out U.S. providers, citing early calls from German data protection authorities to
suspend the U.S.-EU Safe Harbor program (which will be discussed at length in the next section).44 As the R Street Policy Study highlights,
Ironically, the NSA turned the competitive edge U.S. companies have in cloud computing into a liability, especially in Europe. 4
Research analyst James Staten argued that the think tanks estimates were low, suggesting that the actual figure could be as high as $180 billion over three
years.46 Staten highlighted two additional impacts not considered in the ITIF study. The first is that U.S. customersnot just foreign companieswould also
avoid US cloud providers, especially for international and overseas business. The ITIF study predicted that American companies would retain their domestic
market share, but Staten argued that the economic blowback from the revelations would be felt at home, too. You dont have to be a French company, for
example, to be worried about the US government snooping in the data about your French clients, he wrote.47 Moreover, the analysis highlighted a second and
far more costly impact: that foreign cloud providers, too, would lose as much as 20 percent of overseas and domestic business because of similar spying
programs conducted by other governments. Indeed, the NSA disclosures have prompted a fundamental re-examination of the role of intelligence services in
conducting coordinated cross-border surveillance, according to a November 2013 report by Privacy International on the Five Eyes intelligence partnership
between the United States, the United Kingdom, Canada, Australia, and New Zealand.48 Staten predicts that as the surveillance landscape

around the world becomes more clear, it could have a serious negative impact on all hosting and outsourcing services, resulting
in a 25 percent decline in the overall IT services market, or about $180 billion in losses .49 Recent reports suggest that things are, in fact,
moving in the direction that analysts like Castro and Staten suggested.50 A survey of 1,000 [Information and Communications Technology (ICT)] decisionmakers from France, Germany, Hong Kong, the UK, and the USA in February and March 2014 found that the disclosures have had a direct impact on how
companies around the world think about ICT and cloud computing in particular.51 According to the data from NTT Communications, 88 percent of decisionmakers are changing their purchasing behavior when it comes to the cloud, with the vast majority indicating that the location of the data is very important. The
results do not bode well for recruitment of new customers, either62 percent of those currently not storing data in the cloud indicated that the revelations have
since prevented them from moving their ICT systems there. And finally, 82 percent suggested that they agree with proposals made by German Chancellor Angela
Merkel in February 2014 to have separate data networks for Europe, which will be discussed in further detail in Part III of this report. Providing direct

evidence of this trend, Servint, a Virginia-based webhosting company, reported in June 2014 that international clients have
declined by as much as half, dropping from approximately 60 percent of its business to 30 percent since the leaks began .52 With
faith in U.S. companies on the decline, foreign companies are stepping in to take advantage of shifting public perceptions. As Georg Mascolo and Ben Scott
predicted in a joint paper published by the Wilson Center and the New America Foundation in October 2013, Major commercial actors on both continents are
preparing offensive and defensive strategies to battle in the market for a competitive advantage drawn from Snowdens revelations.53 For example, Runbox, a
small Norwegian company that offers secure email service, reported a 34 percent jump in customers since June 2013.54 Runbox markets itself as a safer email
and webhosting provider for both individual and commercial customers, promising that it will never disclose any user data unauthorized, track your usage, or
display any advertisements.55 Since the NSA revelations, the company has touted its privacy-centric design and the fact that its servers are located in Norway
as a competitive advantage. Being firmly located in Norway, the Runbox email service is governed by strict privacy regulations and is a safe alternative to
American email services as well as cloud-based services that move data across borders and jurisdictions, company representatives wrote on its blog in early
2014.56 F-Secure, a Finnish cloud storage company, similarly emphasizes the fact that its roots [are] in Finland, where privacy is a fiercely guarded value.57

Presenting products and services as NSA-proof or safer alternatives to American-made goods is an increasingly viable strategy
for foreign companies hoping to chip away at U.S. tech competiveness. 58

--xt cloud unencrypted


Unencrypted cloud data is unsecure; easy to hack
McLaughlin, reporter on surveillance and national security, 15 (Jenna McLaughlin, reporter on surveillance and
national security, FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption Dilemma, 7/8/15,
https://firstlook.org/theintercept/2015/07/08/fbi-director-comey-proposes-imaginary-solution-encryption/)//EM
The vast majority of cloud computing services are , by default, insecure.42 Often, usernames and passwords are transmitted to
remote servers via unencrypted network connections. In cases where encryption is used, it is typically only used to transmit the initial login
information, while all subsequent data is sent in the clear. 43 This data can easily be snooped on by hackers. This exposes users to
significant risks when they connect to the services using public wireless networks .44 These flaws are rarely, if ever, disclosed to endusers.45 In order to explore the issues surrounding these privacy risks, consider the following two scenarios: Alice, a college student, decides to do her
homework at a coffee shop, using her laptop and a copy of Microsoft Word. In such a situation, it will be exceedingly difficult for a malicious person (perhaps
sitting at another table or across the street) to breach her privacy. If the snooping hacker is sitting behind her, he could perhaps read over Alices shoulder, but
such activity would soon become obvious. If he is extremely tech savvy, perhaps he can hack into Alices computer over the wireless networkbut this will
require that Alices operating system be vulnerable to an attack for which no patches have been released by the software vendor, or which Alice has not yet
applied. Such an attack will also require that the adversary perform the active task of breaking into Alices computer in order to steal a copy of her documents.
Compare this to a similar situation in which Alice is using Google Docs on her laptop, at the same coffee shop. In this case, every character that
Alice types into her word processing document is transmitted to Googles remote servers over the unsecured wireless network. 46
Due to the fact that most of Googles services do not by default use encryption to transmit user data, the attacker can use one of many
off-the-shelf tools to passively sniff the network and capture Alices private data as it is transmitted to the companys servers .
Worse, the hacker can capture the credentials necessary to later impersonate Alice, thus enabling him to later connect to her
account and browse through older documents and emails .47 Freely available off the shelf tools automate these widely publicized vulnerabilities in
many cloud computing services.48 These tools abstract away the technical details underpinning the data capture techniques, and since they allow the attacks to
be performed with a few mouse clicks, are accessible to even non-expert attackers. While the service providers have known about these flaws (and the ease with
which they can be exploited) for several years,49 they continue to ship products with unsafe default settings,50 and, in most cases do not offer any protection to
end users.51 Users of cloud computing services lack basic security protections which users of traditional PC based software often take for granted. Google,

the market leader, and nearly all other leading cloud providers offer products that are by default vulnerable to snooping,
account hijacking, and data theft by third parties.52 Every time a user logs into their Microsoft Hotmail, Google Docs, Flickr,
Facebook or MySpace account from a coffee shop or other public wireless network, they risk having their private data stolen by
hackers. This problem is not due to the web-based nature of these services. Consumers are able to safely check their online bank accounts, order books from
Amazon, or trade stocks with an online broker while using open wireless networks without any risk of account hijacking or data theft. Yet this private and valuable
information flows over the same Internet connection that Google, Microsoft, Facebook and MySpace have somehow been unable (or unwilling) to secure.

ADV HUMINT

--a2 humint fails


Studies prove Humint is empirically successful key to solve terror, narcotics and prolif
Loch Johnson 9---- Loch has a PhD, Political Science, University of California at Riverside. He is Regents Professor of Political Science in
the Department of International Affairs at the University of Georgia. Dr Johnson was Special Assistant to the Chair of the Senate Select
Committee House Sub-committee on Intelligence Oversight. He was a Visiting Scholar at Yale University in 2005. Johnson edits the Praeger
Security International Series Intelligence and the Quest for Security and is co-editor of the journal Intelligence and National Security. (Lock,
"Evaluating "Humint": The Role of Foreign Agents in U.S. Security", Peer reviewed conference paper. 2/15/9.
http://citation.allacademic.com//meta/p_mla_apa_research_citation/3/1/0/6/6/pages310665/p310665-14.php)//ET
Deutch, they argued, failed to understand the Hobbesian nature of international affairs; his nave rules were creating a risk averse Operations Directorate.
When Qaeda terrorists struck U.S. embassies in Kenya and Tanzania in 1998, the criticism mounted, despite Deutchs reaffirmation that his rules had nothing to
do with the rec.ruitment of counterterrorist assets. Indeed, Deutch had never rejected a recruitment requestno matter how unscrupulous the potential source
when it came to humint sources directed against terrorist organizations. Nevertheless, in a backlash that followed the 9/11 attacks against the United States, the
CIA began to ignore the Deutch rules altogether. They were formally rescinded in July of 2002 by DCI George J. Tenet (1997-2004). Surge or Presence. When
the Cold War ended in 1991, a quest for a peace dividend began in Washington, D.C. Perhaps money spent in fighting the Soviets could now be used for other
purposes, from health care to education. As a result, defense and intelligence budgets started to shrinka trend that the 9/11 attacks would dramatically reverse.
During this interim, though, budget pressures forced intelligence managers to consider cost-savings measures. On the humint side of things, the number of
operations officers was reduced around the world. Compared to techint, humint is relatively inexpensive , amounting to less than 10 percent of
the total intelligence budget. xviii Nevertheless, a penny saved is a penny earned; so in the spirit of achieving a peace dividend, DCI R. James Woolsey
(1993-95) advocated the idea of humint global surge or global reach. According to the Woolsey prescription, just as the United States had limited resources to
build aircraft carriers and, thus, had to move (surge) them from one sea to another, depending on the need, so, too, should the CIA move operations officers from
one place to another, as required. Bolivia today, Bulgaria tomorrow. The alternative was to seek a global presence for operations officers, that is, the stationing
of CIA operatives in most every country, busily recruiting assets. In light of the yearning for a peace dividend, global presence was viewed by some as too
expensive; surge would have to suffice. The argument in favor of surge lasted about as long as the quest for a peace dividend, which is to say until the 9/11
attacks. Cost-benefit analysis aside, the idea of surge never made much sense to most observers. How could a Spanish-speaking CIA officer in Bolivia, capable
perhaps of impressive asset recruitment tallies in that country, be expected to have the same success when suddenly dropped into Bulgaria, Somalia, or
Indonesia? If establishing a comfort zone in a foreign country took some seven years, what could be accomplished in Bulgaria in seven days? This is not to say
that the concept of surge was completely without merit. As a senior CIA told the author: While most operations officers are not that fungible, some may be
sufficiently flexible to take on selected tasks wherever they are posted. xix An example would be installing listening devices in buildings overseas. Moreover,
sometimes surge is a necessity. Today, Baghdad has hundreds of operations officers (few of whom were previously Iraqi specialists), because it is an important
theater of combat for the United States. Support for military operationsthe SMO imperativerequires many asset recruitments, especially for the tactical
intelligence requirements of counterinsurgency warfare. Generally, though, surging humint officers is unproductive, given the long start-up time for recruitment
effectiveness. In contrast, the surging of techint can be a valuable option, moving satellites and reconnaissance airplanes wherever they are most needed.
Studies on the Uses of Humint by Policymakers Soon after the end of the Cold War , intelligence managers in the United States paused to
assess the contributions made to their intelligence reports by the various collections methods, from humint to a range of techint
activitiessatellite photography and telephone taps, for instance. In a government-wide survey conducted in 1994, the managers polled the
consumers of intelligence (those policymakers who receive secret reports from the intelligence agencies ) to ascertain their impressions about
the value added by the various intelligences or, for short, the ints. These ints include, primarily: open-source intelligence (osint); signals
intelligence (sigint, including telephone wiretaps); imagery intelligence (imint or photography, especially from satellite cameras); masint (measurement-andsignatures intelligence, which involvesfor examplethe capture traces that indicate the presence of weapons, biological materials, and chemicals); and
humint. The consumer survey explored twelve issue domains , including such topics as arms control or specific countries and regions of the world. xx
The intelligence consumers were asked to rate the contribution of each int to 376 specific information needs or requirements they had within the dozen issue
domains. The survey asked respondents to appraise each of the int contributions as either critical, important, useful, or of no value. As displayed in Figure
1, humint (both overtly and covertly collected)

surpassed the other ints when it came to critical contributions

(so designated in 205 of

the 376 needs, or 55 percent), with sigint next (35 percent), followed by osint (25 percent), imint (11 percent), and masint (2 percent). [Insert Figure 1 Here]
More detailed data on humint and osint sources from the 1994 survey are provided in Figure 2, which illustrates the strong attraction of both collection methods
to policymakers when it comes to selected topics and areas of the world. The consumers indicated a strong preference for humint when it came
to counterterrorism (critical for 74 percent ), counternarcotics (64 percent), Europe (54 percent), and Near East/South Asia (51 percent). Osint, though,
was considered vastly superior to humint with respect to some regions of the world, most notably Russia/Eurasia (82 percent) and Latin America (77 percent).
The value of the ints varied according to the target, with humint performing most effectively on selected international (transnational) issues,

such as counterterrorism and counternarcotics. With respect to drugs, humint was graded critical more often than all the other
ints together, and provided the main contribution when it came to the vital area of weapons proliferation . Some intelligence experts view
the contribution of osint as widely underappreciated by policymakers, but the findings in Figures 1 and 2 suggest otherwise. Where humint was weakest, osint
proved strongest (Russia/Eurasia and Latin America); conversely, where osint was weakest, humint proved strongest (counterterrorism and counternarcotics).
Beyond excelling on key transnational targets, humint made significant contributions to a number of country targets even if it appeared to be
of little use with respect to Russia, Eurasia, and Latin America. The humint-rich targets were Europe, Near East, and South Asia. Humint added value on Africa
as well, registering a critical evaluation in almost 40 percent of the cases. During the year of the survey (1994), the CIA had its largest number of humint assets
in the two regions that received strong evaluations (Europe and Africa), suggesting that the greater the number of human assets targeted on a
topic or country, the more effective the results. This hypothesis warrants much more testing, however, since in 1994 some locations with a relatively high
density of humint assets recorded only modest results (notably, Central Eurasia/Russia, where osint suddenly experienced a bonanza of open sources when the

iron curtain collapsed three years earlier). [Insert Figure 2 Here] Another survey initiated by intelligence managers soon after the end of the Cold War focused on
intelligence sources for items published in the National Intelligence Daily (NID), one of Americas key intelligence products circulated widely among security
officials in Washington and the worldwide U.S. military chain of command. This survey, conducted during January of 1993, found that osint and overt State
Department humint reporting accounted for the most heavily used sources of information: 525 out of 846 items in the NIDs or 62 percent (see Figure 3). xxi
Clandestinely derived humint from the CIA accounted for 133 items or about 16 percent, with the Defense Attach system far back at 32 items or about 4
percent. Techint played its role, weighing in above CIA humintbut below osint and State humintby contributing to 156 items or 18 percent of the total.
According to this survey, CIA humint reporting was particularly helpful in NID coverage of (in order of value): Africa (19 items), Latin America and the Middle East
(tied at 15), weapons proliferation (14), and East Asia (11). Significant humint contributions also appeared in reporting on Europe and Somalia (both 10) and the
Balkans (9), and was least helpful on transnational issues dealing with counternarcotics (4), terrorism (0), human rights (0), and the environment (0). Defense
attach reporting contributed only modestly across the board, with (in its best performance) seven items on Europe. The most conspicuous contributions in the
survey were chalked up by osint with respect to Eurasia/Russia (65 items), Europe (53), and East Asia (34); by State Department humint with Europe (40) and
Eurasia/Russia (34); and by techint with the Middle East (48). These results are in part a commentary on what topics intelligence consumers and managers may
have wanted to hear about; a political crisis in Portugal would have stimulated more items about that country. Still, the survey results do provide a sense of which
ints contributed to high-priority intelligence targeting in early 1993. [Insert Figure 3 Here] Overlaying the 1993 and the 1994 surveys, the most striking general
conclusion to emerge is that opinions of intelligence consumers on the value of the ints can vary significantly. The 1994 survey found humint particularly
helpful when it came to the broad transnational targets of counterterrori smeven before the Age of Al Qaeda arrived in 1998 with the attacks
on U.S. embassies in Africaand counternarcotics. Important, as well, in this survey were the humint contributions made toward understanding a traditional
regional target, Europe; but also toward the Near East and South Asia, regions given less attention by the United States during the Cold War. These opinions,
recall, reflected how consumers perceived the value of the various ints. In contrast, the 1993 survey looked at actual items appearing in the NID and traced them
back to their int sources. In this case, humint contributions to counterterrorism and counternarcotics fared less well. Here humint shined against specific
regions of the world Africa, Latin America , the Middle East and against weapons proliferation. As a broad generalization, the combined survey
data suggest that clandestinely derived human intelligence has the potential to acquire useful information with respect to the targets listed in Figure 4, which
includes much of the world. Notably missing are Russia/Eurasia and East Asia, as well as humanitarian, environmental, and scientific topics. Humints
contribution to economic intelligence, though relatively small, wasat one-third in the 1994 surveynot insignificant. These survey results support
the view reached about the same time by John I. Millis, an experienced CIA officer, that humint was unsurpassed as a source of critical
intelligence to the national policymaker.

HUMINT works prefer empirics


McLaughlin 14 (John McLaughlin, the CIAs acting director in 2004 and deputy director from 2000 to 2004. His CIA career
lasted more than 30 years. Deputy Director and Director of the Office of European Analysis from 1985 to 1989 Deputy Director
for Intelligence, Vice Chairman for Estimates of the National Intelligence Council, and Acting Chairman of the National
Intelligence Council from 1995 to 1997. Senate Interrogation report distorts the CIAs successes at foiling terrorist Plots The
Washington Post
<http://www.washingtonpost.com/opinions/senate-interrogation-report-distorts-the-cias-success-foiling-terroristplots/2014/12/09/de5b72ca-7e1f-11e4-9f38-95a187e4c1f7_story.html> December 9 2014 ) \\mwang

The most incredible and false claim in the Senate intelligence committees report on the CIA
interrogation program is that the program was neither necessary nor effective in the
agencys post-9/11 pursuit of al-Qaeda. The report, written by the committees Democratic

majority and disputed by the Republican minority and the CIA, uses information selectively and distorts
facts to prove its point. I wont try to convince you that the program was the right thing to do
reasonable people will differ. Nor will I discuss the management of the program, other than to say that
the record clearly shows the agency went to extraordinary lengths to assure it was both legal and
approved and the CIA halted the program when uncertain. What I want to address instead is the

committees assertion that the intelligence produced by the interrogation program was not
required to stop al-Qaeda terrorists. The Democratic staffers who drafted the report assert the
program contributed nothing important, apparently to bolster a bogus claim that the CIA lied. But lets
look at a few cases: Finding Osama bin Laden. The committee says the most critical
information was acquired outside the interrogation program. Not true. The man who led the
United States to bin Laden, a courier known as Abu Ahmed al-Kuwaiti, was mentioned by
earlier sources but only as one of many associates bin Laden had years before. Detainees in the
CIA interrogation program pushed Kuwaiti to the top of the list and caused the agency to
focus tightly on him. The most specific information about the courier came from a detainee,
Hassan Ghul, who, after interrogation, strengthened the case by telling of a
specific message the courier had delivered for bin Laden to operations chief Abu Faraj
al-Libi. Finally, interrogated senior operatives such as Khalid Sheik Mohammed, who by that

time was enormously cooperative, lied when confronted with what we had learned about the
courier. That was a dramatic tip-off that he was trying to protect bin Laden . The
staffers who prepared the Senate draft do not appear to understand the role in analysis of
accumulating detail, corroboration and levels of confidence in making momentous decisions like the
May 2011 Abbottabad operation that killed bin Laden. Familiarity with this truth is presumably why
former CIA director Leon Panetta, even though he does not support the program, said, At bottom, we
know we got important, even critical, intelligence from individuals in it. Capturing 9/11

mastermind Khalid Sheik Mohammed. This led to disrupting numerous plots. But
the committee says interrogation of detainees did not play a role in getting him because a
CIA asset (not a terrorist detainee) helped us. This is astounding to those of us involved in
capture operations. In fact, interrogated detainees were essential to connecting the source to
Mohammed. The CIA will not permit me to reveal the operational details a classic problem for
intelligence officers seeking to defend against outlandish charges. Capturing Southeast
Asian terrorist leader Riduan Isamuddin (Hambali). The committee says
interrogation played no role in bringing down this architect of the 2002 Bali bombings. This
is nonsense. After interrogation, Khalid Sheik Mohammed told us he transferred money to
Hambali via a certain individual to finance attacks in Asia. This triggered a string of captures across
two continents that led us to Hambali in Southeast Asia. Disrupting a second wave plot
on the U.S. West Coast. The committee says a source run by another country mentioned
a plot to use airplanes to strike West Coast targets. But thats all we knew none of the
details needed to stop it. That information came from detainees, starting with Khalid Sheik
Mohammed, who told us after interrogation that Hambali would replace him in this plot. This
drove our effort to find Hambali. After that capture, Mohammed said Hambalis brother would
take over. We located him and found he had recruited 17 Southeast Asians and was
apparently trying to arrange flight training for them to attack the West Coast. Disrupting
plots to bomb Karachi hotels. The committee says interrogation played no role in heading off

attacks on the Pakistani hotels, where U.S. and other Western visitors stayed. But it leaves out the fact
that detainee Zayn al-Abidin Muhammed Hussein, better known as Abu Zubaida, provided

information on how to locate al-Qaeda safe houses in Karachi . One of these


provided us a letter that tipped us to the plots. That is how those famous dots really get
connected. To drive home their points, the committee frequently cherry-picks documents. It describes

officers expressing concern via e-mail that they will be ostracized for saying that certain detainees
did not tell us everything. But the staff leaves out the critical context: The CIA officers were actually
discussing their dismay over the agencys decision to cease the interrogation program, causing the
loss of important intelligence information. Many administration and congressional officials ritualistically
say we will never know whether we could have gotten important information another way. This is a
dodge wrapped in political correctness. We could say that about all intelligence successes. Well

never know , for example, what intelligence is missed when capture is declared too
difficult and terrorists are killed from the air . The point is we did succeed in getting vital
information during a national emergency when time was limited by the great urgenc y of a clock
ticking on the next plot. Terrorists had just killed thousands of Americans, and we felt a deep

responsibility for ensuring they could not do it again. We succeeded.

Tech cant fill in HUMINT is key


Rettman 10 (Andrew Rettman, Andrew Rettman writes about foreign relations for EUobserver. He joined the site in 2005 and
specialises in Israel, Russia, the EU foreign service and security issues. Wrote for Bloomberg Business week and the Guardian
also. Security Chief criticizes EU approach to Air Safety. <http://euobserver.com/justice/31257> November 12, 2010.)\\mwang
The head of security at one of Europe's busiest airports has said that EU governments
should invest more resources in old-fashioned human intelligence and fewer in new regulations
and screening technology. Speaking on a panel at the Global Security Challenge (GSC) event in London on
Thursday (11 November), Marijn Ornstein, the manager of security policy at Schiphol airport in Amsterdam, said:

" If

you look at all the recent terrorist incidents, the bombs were detected because
of human intelligence not because of screening ... If even a fraction of what is spent on
screening was invested in the intelligence services we would take a real step toward making
air travel safer and more pleasant." Riordan: 'We need to move away from devices and materials to
passenger intent' (Photo: dacba10) Ms Ornstein noted that EU and national-level regulators have entered into an
"arms race" with terrorists in which they are always one step behind. "With every incident that happens, the
regulators ask for more measures, more measures, more measures," she said. "As soon as they heard about this
[the recent plot to load PETN explosives into printer ink cartridges] we got letters from the US and the UK telling us
to take out all the ink cartridges coming through, which means we are fighting yesterday's war because there is no
terrorist in the world who is now going to put PETN into an ink cartridge anyway." The security manager explained
that Schiphol airport is reaching the limits of how much extra security equipment and staff it can put in place due to
physical space and labour market constraints. Security costs have climbed 175 percent in the past five years and
the airport currently employs 4,000 security guards, equivalent to about 1 in 10 of all security guards working in
Amsterdam. Ms Ornstein's concerns were echoed by Kevin Riordan, the UK technical director of private security
company Smiths Detection. "We need to move to dynamic screening - we need to know where you've bought your
ticket, where you've been before, not just what you keep in your bag. We need to move away from devices and
materials to passenger intent. There's all sorts of information available out there and we're not using it," he said.
Speaking on behalf of Contest, the UK home office's security and counter-terrorism bureau, Adam Ogilvie-Smith
noted that the UK is already profiling people who espouse radical ideas as part of its so-called Instinct programme,
but that there are limits to what is acceptable. "Its not about controlling radical opinion. We're not in the game of
controlling people's thoughts - that's not what we're about. You cross the line when you want to become violent," he
said. Schiphol airport's Ms Ornstein also criticised the EU's unilateral decision to begin lifting restrictions on liquids
from April 2011. Under current rules, passengers are not allowed to bring large volumes of liquids on board the
plane even if they have bought them in a duty-free zone in a non-EU airport or on a non-EU airline and carry them
in a sealed transparent bag. From April next year, they will be able to bring them on board in a sealed bag which
will have to be specially scanned in a time-consuming process. "I strongly believe they do not understand the
impact of their decisions at an operational level," Ms Ornstein said. "Under sever pressure from the European
Parliament, they now plan to repeal that regulation. But they do not see whether or not the threat still exists and
they do not realise the extra delays and the confusion that they will cause ... As a normal passenger you will not be
able to understand this. You will not know where and when the material is allowed to be in your luggage." The GSC
event in London is the culmination of a year-long talent-scouting competition for new ideas in the security industry
funded by the US Department of Defence. Two of the winners for 2010 announced on Thursday were Ghanaian firm
mPedigree, which has designed an SMS-based method for detecting counterfeit medicines, and Australian company
iWebGate, which works in the Internet security arena.

HUMINT succeeds
Henley-Putnam 11 (Henley-Putnam University, only accredited online university

solely focused on Strategic Security online degree programs, SIGINT AND HUMINT
ESSENTIAL COMPONENTS OF INTELLIGENCE COLLECTION http://www.henleyputnam.edu/articles/sigint-and-humint.aspx. 2011.)\\mwang
Human intelligence is what is commonly thought of when people think
of the intelligence community. The stereotypical spys main focus is gathering information
from human sources. They use tactics such as espionage and interrogation. HUMINT is an extremely
important function that is instrumental to infiltrating terrorist organizations and
collecting information on terrorist attacks. The Central Intelligence Agency is responsible for
HUMINT The Spy Business

overseeing the majority of HUMINT operations, although the military is often involved in HUMINT as well. Both
parties make use of two main tactics, gathering intelligence through interrogations and through conversations with
key persons who have access to valuable information. HUMINT sources of information include
diplomats, military attaches, prisoners of war, and espionage . SIGINT and HUMINT Training: Both
signals intelligence and human intelligence require training in specialized skills that are unique to each discipline.
SIGINT involves technical skills including computer science and mathematics, whereas HUMINT involves a lot of
psychological training.

--a2 sq solves
Reason why Humint lower because of other intelligence gathering- Humint Key
Margolis 13
Gabriel Margolis (Conflict Management and Resolution Graduate Program University of North Carolina Wilmington Wilmington,
NC28412Gsm2768@uncw.edu[http://globalsecuritystudies.com/Margolis%20Intelligence%20(ag%20edits).pdf)

The United States has accumulated an unequivocal ability to collect intelligence as a result of the technological advances of the
20th century. Numerous methods of collection have been employed in clandestine operations around the world including those
that focus on human, signals, geospatial, and measurements and signals intelligence. An infatuation with technological methods
of intelligence gathering has developed within many intelligence organizations, often leaving the age old practice of espionage
as an afterthought. As a result of the focus on technical methods , some of the worst intelligence failures of the 20th century can
be attributed to an absence of human intelligence. The 21st century has ushered in advances in technology have allowed UAVs
to become the ultimate technical intelligence gathering platform; however human intelligence is still being neglected . The
increasing reliance on UAVs will make the United States susceptible to intelligence failures unless human intelligence can be
properly integrated. In the near future UAVs may be able to gather human level intelligence, but it will be a long time before
classical espionage is a thing of the past.

--xt humint k/t counter-terror


HUMINT is key to counter various terror groups---ISIS
Caruso 14 (Robert Caruso, served in the United States Navy as a special security officer, and has worked in the Office of the
Secretary of Defense, the Bureau of Diplomatic Security at the Department of State, the office of the Special Inspector General
for Afghanistan Reconstruction, and as a contractor for the Department of the Army.
The U.S needs Better HUMINT to beat ISIS Business Insider <http://www.businessinsider.com/the-us-needs-better-humint-tobeat-isis-2014-9>, September 8, 2014)\\mwang
In the 21st century, the enemy is not a state. Today's insurgents are ruthless, resourceful, and adept
at weaving themselves into the fabric of their societies, making themselves virtually
undetectable until they strike. "They are everywhere, yet they are nowhere," the intellectual
godfather of counterinsurgency, David Galula, famously observed. It will take proactive
elements of our clandestine service elements which the United States does not adequately possess to
identify today's threats, as well as future threats. Americas adversaries now exhibit a
tenacity unmatched even by al Qaeda central. The U.S. needs to match that tenacity and then some.
Even in today's era of irregular warfare, the fine art of collecting human source intelligence has in
large part become lost thanks to the relative comfort afforded by partner relationships and
advances in intelligence technology. This reliance has been coupled with the tendency to
lean on practices and procedures that reduce the risk of seeking out and engaging potential
human sources. Clandestine human intelligence or HUMINT makes up a surprisingly small
percentage of the US intelligence collection effort worldwide. I can say from experience that
the U.S. could devote significantly more resources to human-derived information . This lack of
HUMINT might have something to do with the lack of warning about ISIS's summer blitz through Iraq and Syria. The
United States carries out targeted killings and surveillance missions, but the drone-centric strategy used in

Yemen and Pakistan does not work in Iraq or future hot spots. Without granular intelligence,
drones have no way of distinguishing between combatants and noncombatants. And drone
attacks are only as effective as the intelligence behind them. President Obama has called
radical jihadist groups like ISIS a cancer. But done improperly, chemotherapy can kill the patient faster than
cancer itself. An effective counterterrorism strategy involves a range of financial, law

enforcement, and military tools, but that is not enough. Groups regenerate. Terrorists recruit
new terrorists. Names change, or were never true to begin with. You cannot kill your way to
victory; you must interrogate your way to mission success. Drug Enforcement Agency and
FBI personnel, working alongside Joint Special Operations Command and the CIA should capture and interrogate as
many militants as possible, in a lawful manner. This would allow interrogators to discern the size, nature and
intentions of militant groups with an eye towards destroying them from within. Mike Nudelman/Business Insider

HUMINT needed now more than ever: enemies are hidden among people
Kosh 08 (Colby Cosh, former politics research writer for Alberta in the 20th Century, Alberta Report, and writer for The National
Post. The Necessity of HUMINT May 30, 2008.)\\mwang
That scary acronym HUMINT is, in truth,
nothing more that mil-speak for any relevant knowledge gathered by an army directly from
human sources. Other types include signals intelligence (SIGINT), obtained by intercepting and decrypting the
Guys, honestly: Why even bother having a defence critic?

enemy's (or someone else's) information transmissions, and imagery intelligence (IMINT), which comes from the
study of photographs taken from the air or space. It is not news that the CF has been trying to
strengthen its HUMINT-gathering capacity for years; indeed, it has been openly recruiting bright,
curious soldiers for the purpose. Most of us now know how important SIGINT was in determining Allied success in
the Second World War; victory in Europe would have been delayed considerably if high-level German cryptographic
traffic hadn't been cracked by the British, who essentially invented the digital computer for the purpose. Yet the
importance of human intelligence can scarcely be overstated, though it is sometimes neglected by
the historians. The invasion of Normandy could not have succeeded without an enormous layer
of resistance-provided HUMINT, covering everything from the quality of glider-landing sites to the
dispositions of Axis forces guarding bridgeheads. (By contrast, better Allied HUMINT might have saved
the failed Market Garden offensive of 1944 by tipping commanders to the presence of two freshly arrived

as the shooting war turned into


a balance of terror between nuclear-armed superstates, HUMINT began to take more and more
of a back seat to technological methods of intelligence-gathering in the military and espionage
directorates of Western democracies, and this was particularly true of Canada. But in the 1990s, theorists were
clever enough to see that emerging wars of the immediate future-- strikes at "non-state
actors," counterterror operations, humanitarian interventions -- would require
superior HUMINT and more trainees. If your enemy is embedded amongst the
people of an occupied country, you need to be able to talk to the people. Talking, of
SS Panzer divisions in the neighbourhood of the main thrust.) Nevertheless,

course, probably isn't the reason the CF intends to burn through $27-million. Much of what Canada's HUMINT
company is probably getting up to has very little to do with "spies" as such. The religious, all-male, communal
nature of the Taliban makes it virtually impossible to infiltrate by means of cash (consider how little publicly known
progress has been yielded by means of the bounties on Osama bin Laden's head) or other inducements. Anyway,
even under ideal conditions, much of the work of a HUMINT agency is sophisticated bookkeeping. Some of the
expense will no doubt go toward providing a credible security cover for installations in the region: The Taliban
cannot be allowed to blind our intelligence apparatus at the cost of one suicide bomber. But a lot of it will be going
toward computers and software. Tips and reports from Afghan civilians opposed to the Taliban must be stored in a
way that makes them available for retrieval, rated for reliability and plausibility and turned into memoranda for the
timely use of soldiers and staff. The toughest task of all is linking multiple fragments of intelligence together so that
they combine into a trustworthy picture of, say, the location of a bomb factory or the date of an attack. Military
software developers have been putting a great deal of effort into applying artificial intelligence to HUMINT
gathering: arming computers with natural-language recognition abilities would help them navigate databases and
put up flags when pieces of evidence point in a common direction. It is absurd to demand a "debate" on

whether a fighting force abroad should have a HUMINT apparatus; it would be exactly like
debating whether it should carry ammunition. And the existence of such an apparatus can only raise
"red flags" in the eyes of a person who has never devoted a moment's thought or study to how armies fight.

HUMINT key to counterintelligence


Tougaw, 09 (Robert L. Tougaw Jr., Mj, US Air force. IMPROVING COLLABORATION
BETWEEN AIR FORCE HUMAN INTELLIGENCE AND COUNTERINTELLIGENCE. April
2009 Pg. 11-12.)\\mwang

HUMINT and CI do not fit one within the other. HUMINT is an intelligence discipline used to collect, process, analyze,
and act on intelligence information, while CI is an intelligence function that may employ any number
of intelligence disciplines, including HUMINT. The relationship is recognized in DoD strategy and doctrine,

HUMINT, along with counterintelligence activities,


are the best and only sources of adversary intentions. 16 HUMINT and CI
complement each other, but many make the mistake of considering them one in the same, or labeling CI a
sub-discipline of HUMINT.17 As a discipline, HUMINT uses various techniques, tactics, and procedures
to obtain a specific type of intelligence that is actionable for a variety of purposes (force
and Air Force doctrine contends that often

protection, center of gravity identification, and timing for offensive or defensive operations, among others),
especially when integrated with intelligence obtained through other disciplines . CI uses various
disciplines for the specific purpose of protecting friendly forces from the intelligence activities of an adversary.
Renowned intelligence expert Mark Lowenthal states on one hand that CI does not fit neatly with HUMINT, but he
goes on to explain the importance of CI techniques such as feeding foreign agents false
information or turning them into double agents to provide information on their employer; these are HUMINT
endeavors.18 Retired CIA Associate Deputy AU/ACSC/TOUGAW/AY09 Director for Operations, John McGaffin, notes
that CI in its most aggressive performance includes deep human source penetration of enemy

intelligence services as well as the use of double agents and deception to misinform an
adversarys intelligence services and policy makers; these too are HUMINT actions.19 A
National Counterintelligence Institute report on desired core competencies for CI professionals lists such things as
interviewing and interrogation skills, elicitation, assessing people for targeting, manipulating/influencing/exploiting
people, and managing human sources as key knowledge, skills and abilities; these are also core competencies for
HUMINT professionals.20 HUMINT and CI are not contained one within the other, but they have areas of significant
overlap, including the expertise and training required of the professionals who perform them. HUMINT and CI
have many common characteristics and operate in overlapping spheres, but should not be
mistakenly categorized as the same thing. Although they share several tactical attributes, the ultimate focus of

The HUMINT deliverable is a better understanding of the


adversary, an understanding that can then be acted upon in a variety of ways.

HUMINT and CI is different.

The CI deliverable is to act on what is known about the adversarys intelligence activities
and manipulate the adversarys understanding of friendly forces. 21 Air Force intelligence doctrine
recognizes the compatibility between HUMINT and CI but does not sufficiently explain the relationship or provide a
construct to ensure the proper synergy and collaboration between them.

--xt humint k/t drones


Intelligence gathering and drones surveillance rely on HUMINT---Al
Qaeda depended more on humans than modern communications
Ramana 10 (Siddharth Ramana, research officer at IPCS Travel Security
Services, International SOS and Control Risks, International Institute for
Counter Terrorism, Middle East Strategic Informer The Role of Human
Intelligence in Counter-Terrorism <http://www.ipcs.org/article/india/the-role-ofhuman-intelligence-in-counter-terrorism-3280.html > November 16 2010) \\mwang
The uncovering of recent terror plots, including the arrests in Europe and the detection of
letter bombs targeting synagogues in the US can be credited to human intelligence or
humint. Humint is a category of intelligence derived from information collected and provided
by human sources . Humint is an indispensable source of intelligence gathering,
which has grown in importance after the limitations of technological intelligence gathering
systems, electronic intelligence and signals intelligence have revealed themselves. Historical
narratives on war and strategy are replete with stories of spies. Chinese strategist Sun Tzu had said that
dispositions of an enemy are ascertainable through spies and spies alone ; while Indian
philosopher Chanakya wrote that The ruler should act upon the information given to him by his secret spies about
every effort, initiative, political desire and treaties of his enemies. More recently, humints importance was
highlighted by the fact that nearly all terror plots in France have been foiled thanks to it ,
according to a member of Frances main counter-terrorism force. The modern day terrorist is adept at
counter-surveillance skills, and the efforts made into training terrorists to cover their tracks have paid rich
dividends. It is important to note here that while terrorists may be ingenious in their usage of modern tools, they
are essentially low-level technicians, with only a minority engaging in communication systems which can be traced

The difficulties faced by law enforcement agencies in relying on modern


intelligence gathering methods was admitted by US Defense Secretary Robert Gates in
2009 when he stated that it was years since he received useful intelligence on the
whereabouts of bin Laden. This is traceable to bin Ladens judicious use of modern
communication technology, relying more on human couriers. It is reported that bin Laden
stopped using his satellite phone as early as 1998 when he realized that his conversations about the
African embassy bombings were being monitored. In uncovering recent plots, intelligence was
garnered through interrogations of captured suspects. But intelligence services have also
infiltrated or bought up members of terrorist groups. The infiltration of terrorist cells has helped
counter-terrorism officials to gain good intelligence on the activities and membership of a
group, and they have also been used in the execution of terrorist leaders. For example, the Israeli security
and monitored.

agencies used a local contact to replace Hamas bomb-maker Yahya Ayyashs phone with an explosive device which
killed him in 1996. One of the problems with using human intelligence sources is the difficulty in infiltrating a
terrorist organization due to obvious fears of detection and murder of the asset. In one instance, Egyptian security
forces blackmailed their assets in an attempt to assassinate Aymaan al-Zawahiri, the leader of the Egyptian Islamic
Jihad. The plan backfired with Zawahiri surviving and executing his betrayers. Gaining assets in jihadist groups is
particularly difficult owing to their allegiance to a larger community based on faith rather than a solitary-cause
movement. For example, the member of a pan-Islamic jihadist group owes allegiance to the Ummah (Islamic
community) beyond the group. Under these circumstances getting him/her to betray the cause becomes even more
difficult. The fear of being double-crossed by an asset also plays on the minds of his/her handler. A member of a
terrorist group used as an asset by intelligence agencies can cause significant damage because of his/her ability to
play both sides. This was most effectively demonstrated in the case of Humam Khalil Abu Mulal al-Balawi, a
Jordanian doctor, who was recruited by the CIA to infiltrate al Qaeda in Pakistan. Balawi scheduled a meeting with
his CIA handlers in an American base in Afghanistan, and when he arrived he blew himself up, killing seven
Americans. Significantly, the attack killed senior veterans of the CIA, and has been described as a serious blow to
the agencys efforts in the region. The setbacks faced in using human intelligence tools should not come in the way
of expediting their recruitment for intelligence gathering. Human intelligence should not be limited to intelligence
and counter-terrorism agencies, but adopted at the grassroots levels of policing. Cooperative community policing
being adopted worldwide is indicative of this trend. A key element to bolstering the intelligence apparatus should
be developing cooperation between the different security wings. Human intelligence should be shared
quickly and followed up with equal speed, as this could be the game changer in a ticking time bomb
situation. The example of the Nigerian bombers father, who tried to warn the authorities

about his son before he attempted to bomb a plane bound for the United States, is a case in
point. The need to further develop Indias human intelligence capabilities is acutely felt with increasing concerns
of religious extremism gaining momentum in the country. With technical and signals intelligence being boosted in
recent years, the focus of attention should be on human intelligence for the security of the country.

Drones surveillance depends on HUMINT: reliance on tech is bad


Margolis 13 (Gabriel Margolis Conflict Management and Resolution

Graduate Program University of North Carolina Wilmington, The Lack of


HUMINT: A Recurring Intelligence Problem.
<http://globalsecuritystudies.com/Margolis%20Intelligence%20(ag%20edits).pdf > Spring
2013 )\\mwang
The United States has accumulated an unequivocal ability to collect intelligence as a result of the technological
advances of the 20th century. Numerous methods of collection have been employed in

clandestine operations around the world including those that focus on human, signals,
geospatial, and measurements and signals intelligence. An infatuation with technological
methods of intelligence gathering has developed within many intelligence organizations, often
leaving the age old practice of espionage as an afterthought. As a result of the focus on technical
methods, some of the worst intelligence failures of the 20th century can be attributed to an
absence of human intelligence. The 21st century has ushered in advances in technology have
allowed UAVs to become the ultimate technical intelligence gathering platform; however
human intelligence is still being neglected. The increasing reliance on UAVs will make
the United States susceptible to intelligence failures unless human intelligence
can be properly integrated . In the near future UAVs may be able to gather human level intelligence, but
it will be a long time before classical espionage is a thing of the past.

Drones key to prevent terror attacks-devastate organizations


Byman, 13 (Daniel L. Byman the director of research and a senior fellow
in the Center for Middle East Policy at Brookings. His research focuses on
counterterrorism and Middle East security. He is also a professor at
Georgetown University's Security Studies Program. He served as a staff
member on the 9/11 Commission and worked for the U.S. government.
Why Drones Work: The Case for Washington's Weapon of Choice.
<http://www.brookings.edu/research/articles/2013/06/17-drones-obama-weapon-choice-uscounterterrorism-byman)> August 2013 \\mwang
NOBODY DOES IT BETTER The Obama administration relies on drones for one simple reason:
they work. According to data compiled by the New America Foundation, since Obama has been in the

White House, U.S. drones have killed an estimated 3,300 al Qaeda, Taliban, and other
jihadist operatives in Pakistan and Yemen. That number includes over 50 senior leaders of al
Qaeda and the Talibantop figures who are not easily replaced. In 2010, Osama bin Laden[s] warned his
chief aide, Atiyah Abd al-Rahman, who was later killed by a drone strike in the Waziristan region of
Pakistan in 2011, that when experienced leaders are eliminated, the result is the rise
of lower leaders who are not as experienced as the former leaders and who are prone to errors
and miscalculations. And drones also hurt terrorist organizations when they eliminate
operatives who are lower down on the food chain but who boast special skills: passport forgers, bomb
makers, recruiters, and fundraisers. Drones have also undercut terrorists ability to
communicate and to train new recruits. In order to avoid attracting drones, al Qaeda and
Taliban operatives try to avoid using electronic devices or gathering in large numbers. A tip sheet found
among jihadists in Mali advised militants to maintain complete silence of all wireless
contacts and avoid gathering in open areas. Leaders, however, cannot give orders when they are
incommunicado, and training on a large scale is nearly impossible when a drone strike could
wipe out an entire group of new recruits. Drones have turned al Qaedas command and training structures
into a liability, p to choose between having no leaders and risking dead leaders. Critics of drone strikes often
fail to take into account the fact that the alternatives are either too risky or unrealistic. To be

sure, in an ideal world, militants would be captured alive , allowing authorities to question them and
search their compounds for useful information. Raids, arrests, and interrogations can produce vital
intelligence and can be less controversial than lethal operations. That is why they should be, and
indeed already are, used in stable countries where the United States enjoys the support of the host
government. But in war zones or unstable countries, such as Pakistan, Yemen, and Somalia, arresting militants is
highly dangerous and, even if successful, often inefficient. In those three countries, the government exerts little or
no control over remote areas, which means that it is highly dangerous to go after militants hiding out there. Worse
yet, in Pakistan and Yemen, the governments have at times cooperated with militants. If the United States regularly
sent in special operations forces to hunt down terrorists there, sympathetic officials could easily tip off the jihadists,
likely leading to firefights, U.S. casualties, and possibly the deaths of the suspects and innocent civilians.

--xt humint k/t sigint


Humint Key to Broader collection
Best, 2 (Richard A. Best Jr., Specialist in National Defense Foreign Affairs, Defense,
and Trade Division, CRS report for congress, Wrote The National Intelligence
Council: Issues and Options for Congress and published in Library of Congress.
Pages 8-9 February 21, 2002.)\\mwang

Many observers believe that intelligence required for the campaign against terrorism will
require significant changes in the human intelligence (humint) collection effort. The CIAs
Operations Directorate is responsible for the bulk of humint collection although the Defense Humint Service (DHS)
within DOD is a smaller entity more directly focused on military-related issues. Overall budget requirements

for humint are dwarfed by the major investment required for satellites and signals
intelligence collection. Humint, however, undoubtedly can be dangerous for those involved and it is, of
course, for many in the media and the general public the core intelligence discipline .11 Both the
emphasis on humint and on the exchange of data between intelligence and law enforcement
agencies will influence the evolution of the U.S. Intelligence Community in the
coming decade. These two efforts will not in themselves have major budgetary implications humint is
both difficult and dangerous, but not necessarily expensive and information exchanges between
agencies ordinarily involve only information technology costs. Placing priorities on these two aspects of the
intelligence effort will almost inevitably detract from other missions and disciplines. In the view of many observers
there may be a tendency to give less emphasis to traditional intelligence collection and analysis regarding foreign
political, economic, and military developments. Whereas to some extent intelligence analysts experienced in
looking at foreign policy, economic, and defense issues can shift from one country to another, it may be more
difficult for an analysts to turn from issues of diplomacy, economics, and warfare to the study of obscure terrorist
groups that may be involved in religious indoctrination or various criminal fund-raising activities.

HUMINT key to SIGINT and broad intelligence: completes the ISR


picture
Ackerman 06 Robert K. Ackerman, editor in chief of SIGNAL Magazine for

more than a dozen years. A seasoned technology journalist, Ackerman also


has served as a war correspondent minored in political science in
university. His journalism career dates back more than three decades.
Defense HUMINT needs technology too. < http://www.afcea.org/content/?
q=defense-humint-needs-technology-too> October 2006. \\mwang
Intelligence technology research normally focused
on electronics-related disciplines increasingly is being applied to improving human
intelligence capabilities. These capabilities, which range from intelligence collection to distribution,
define human intelligence activities in the war on terrorism. Human intelligence, or HUMINT,
is increasing in importance as allied forces in Iraq and Afghanistan deal with terror networks
moving about the general populace. Preventing attacks on innocent civilians in Southwest
Asia as well as the West may depend on being able to gather information using HUMINT
assets and techniques. The U.S. Defense Department has organized its Defense HUMINT Management Office
Trench coats have given way to optical collectors.

(DHMO) to support HUMINT operators in the field. Much of this support includes tapping conventional and
nontraditional sources for technologies that aid HUMINT collection, processing and dissemination. Drew Bewick is
the chief of technology tradecraft at the DHMO. Bewicks office represents the HUMINT elements in the military
services, the combatant commands and the Defense Intelligence Agency (DIA). He is tasked with finding new
HUMINT technologies and capabilities and speeding them to the field in the war on terrorism. To win this war
on terrorism and to find people, HUMINT is first among equals, Bewick declares. The DHMO has
four organizational pillars: plans and policies; operations and assessments; training, including training standards
and career paths; and technology tradecraft. For its activities, the office has two focus areas. One is to develop key
technologies that enable the department to penetrate difficult targets. The other is to integrate HUMINT data

into the joint and coalition intelligence, surveillance and reconnaissance (ISR) picture. This
requires correlating HUMINT data with that of signals intelligence (SIGINT),

geospatial intelligence (GEOINT) and measurement and signatures intelligence


(MASINT), for example. How the HUMINT data helps the commander in the field is a key criterion for
generating the right knowledge, Bewick allows. The DHMO is aiming to improve collection, processing and
dissemination equally as it strives to apply technologies for better HUMINT. For example, Bewick relates that as
DHMO personnel visit the commands in the field, they often find that HUMINT technology tool sets are nothing more
than stubby pencils and paper. Even improving how HUMINT data is reported will have a major effect. You didnt
see James Bond writing too many reports, he analogizes. Yet, HUMINTers in the Defense Department spend an
awful lot of time writing reports. Providing new capabilities to help them report data is vital to the
success of HUMINT, he declares. If it were possible to develop only capabilities for HUMINT collectors in the
field, that would be awesomethat would help them do their job of penetrating difficult targets, he continues. But
equally, to help them share that data with whomever needs it is just as important.

ISR key to all military operations


NATO 15 (North Atlantic Treaty Organization Joint Intelligence, Surveillance and Reconnaissance.
http://www.nato.int/cps/en/natolive/topics_111830.htm April 13, 2015)\\mwang
Joint Intelligence, Surveillance and Reconnaissance (JISR) is vital for all military operations. It provides information and
intelligence to decision-makers and action-takers, helping them make informed, timely and accurate decisions. While surveillance and
reconnaissance can answer the questions what, when and where, the combined elements from various intelligence sources and
disciplines provide the answers to how and why. When all of this is combined, you create Joint ISR. Intelligence, Surveillance, and
Reconnaissance (ISR) provides the foundation for all military operations, and its principles have been used in warfare for centuries. The individual elements of
ISR are: Intelligence: the final product derived from surveillance and reconnaissance, fused with other information; Surveillance: the persistent monitoring of a
target; and Reconnaissance: information-gathering conducted to answer a specific military question. Both surveillance and reconnaissance can include visual
observation (for example soldiers on the ground covertly watching a target, Unmanned Aircraft Systems (UAS) with cameras), as well as electronic observation.
The difference between surveillance and reconnaissance has to do with time and specificity; surveillance is a more prolonged and deliberate activity, while
reconnaissance missions are generally rapid and targeted to retrieve specific information. Once surveillance and reconnaissance information has been obtained,

intelligence specialists can analyse it, fuse it with other information from other data sources and produce the intelligence which is
then used to inform military and civilian decision-makers, particularly for the planning and conduct of operations. While all countries
have their own sources and methods for the production of intelligence, it is not always easy for them to share their intelligence with Allies. Sometimes this is due
to security concerns, sometimes to internal procedural requirements, and sometimes to technological constraints. The objective of NATO Joint ISR is to
champion the concept of need to share over the concept of need to know. This does not mean that all Allies will automatically share everything, but rather that
NATO can facilitate the procedures and technology to promote sharing while simultaneously providing information assurance (i.e., the protection of data and
networks). This way, Allies can have a holistic picture of whatever crisis is occurring and NATO decision-makers can make well-informed, timely and accurate
decisions.

--add-on laundry list


Humint key to solve terror, prolif, human rights- empirics and unique information
Loch Johnson 9---- Loch has a PhD, Political Science, University of California at Riverside. He is Regents Professor of Political Science in
the Department of International Affairs at the University of Georgia. Dr Johnson was Special Assistant to the Chair of the Senate Select
Committee House Sub-committee on Intelligence Oversight. He was a Visiting Scholar at Yale University in 2005. Johnson edits the Praeger
Security International Series Intelligence and the Quest for Security and is co-editor of the journal Intelligence and National Security. (Lock,
"Evaluating "Humint": The Role of Foreign Agents in U.S. Security", Peer reviewed conference paper. 2/15/9.
http://citation.allacademic.com//meta/p_mla_apa_research_citation/3/1/0/6/6/pages310665/p310665-14.php)//ET
Important, as well, in this survey were the humint contributions made toward understanding a traditional regional target, Europe; but also toward the Near East
and South Asia, regions given less attention by the United States during the Cold War. These opinions, recall, reflected how consumers perceived the value of
the various ints. In contrast, the 1993 survey looked at actual items appearing in the NID and traced them back to their int sources. In this case, humint
contributions to counterterrorism and counternarcotics fared less well. Here humint shined against specific regions of the world Africa, Latin America, the
Middle Eastand against weapons proliferation. As a broad generalization, the combined survey data suggest that clandestinely derived human intelligence has
the potential to acquire useful information with respect to the targets listed in Figure 4, which includes much of the world. Notably missing are Russia/Eurasia and
East Asia, as well as humanitarian, environmental, and scientific topics. Humints contribution to economic intelligence, though relatively small, wasat one-third
in the 1994 surveynot insignificant. These survey results support the view reached about the same time by John I. Millis, an experienced CIA officer, that
humint was unsurpassed as a source of critical intelligence to the national policymaker. xxii [Insert Figure 4 Here] Qualitative Indications of Humint Usage by
Policymakers In 1995, the Aspin-Brown Commission on Intelligence examined a number of intelligence challenges to determine the valueadded of humint. xxiii Among these cases were the questions of whether secret agents contributed to an understanding of a
prominent terrorist group in Japan, Aum Shinrikyo (Supreme Truth, in Japanese); and whether they shed light on a vexing topic that year
concerning the possible Chinese sale of M-11 missiles to Pakistan . As Chairman Les Aspins aide assigned to this project, I examined several CIA
publications, including Intelligence Reports, Research Papers, Intelligence Memoranda, and the Terrorist Review (prepared by the CIAs Counterterrorism
Center). For comparative purposes, I also looked at open media sources, most prominently the New York Times and the Washington Post, as well as the journals
The Economist and The New Republic. (The National Interest, Foreign Affairs, and Foreign Policy had no reporting on this subject.) Aum Shinrikyo. In 1995,
members of the Aum Shinrikyo sect released sarin nerve gas into the Tokyo subway system . Sarin is a lethal substance, accidently
invented by German chemists in the 1930s as they worked on new types of pesticides. It was later used in Nazi death camps. In sufficient concentration, the gas
acts quickly to paralyze the respiratory musculature, resulting in death. Sarin is five hundred times more toxic than the cyanide gas used to
executive criminals in some prisons; only 0.5 milligrams of sarin is sufficient to kill an average-sized person. At 8:13 on the morning of March 20, 1995, during the
rush hour, Aum Shinrikyo operatives placed containers that resembled lunch boxes and bottled drinks near three subway entrances. As the sarin wafted out of
these containers it fortunately pooled at the subway entrances, rather than drifting throughout the tunnels. Thousands could have died; instead, there were
twelve casualties, although another people 5,500 suffered injuries to their lungs and eyes. After the attack, these basic facts about the attack surfaced in the
Times and the Post, along with revelations that the cult had a $1.2 billion treasury and a sizable membership in Japan (10,000) and Russia (20,000); that its
leader, Shoko Asahara, had run for a seat in the Japanese parliament in 1990 and lost by a wide margin, causing him to seek the violent overthrow of the
Japanese government as a means for achieving his rightful place as its leader; that Aum Shinrikyo members, who were known to pay as much as $4,000 to
drink Asaharas bath water and $10,000 to wear special helmets equipped with electrodes that picked up the leaders brain waves, had met with Russian nuclear
specialists in 1994, seeking to purchase nuclear weapons (they were turned down by the Russians); that the cult had the capacity to manufacture fifty tons of
sarin or enough, in theory at least, to kill 4-10 million people; that Japanese police investigations had found biological-weapons materials inside the Aum
Shinrikyo compound, located at the base of Mt. Fuji; and that the cult owned a 48,000-acre ranch in Australia, where it had tested sarin on sheep and
experimented with other chemical and biological agents. The frequency of this fairly extensive open-source coverage of the sarin incident during the key months
of 1995 is summarized in Figure 5. [Insert Figure 5 Here] The question of interest to Les Aspin was: had the U.S. intelligence agencies learned
more about Aum Shinrikyo than was revealed by Americas newspapers? The answer was: the intelligence agencies had found little
additional information from humint or any other int. Indeed, the newspapers had considerably more detail about the history of the sect. The CIA and its
companion agencies simply had no humint sources within, or near to, Aum Shinrikyo; nor did the Japanese police or intelligence agencies,
for that matter. At best, the covert sources that did exist in Japan could add only modest further details. The CIA station in Toyko and the U.S. defense attach
relied overwhelmingly on osint information, chiefly Japanese newspapers. The few available covert humint sources in the country managed to
provide some missing specifics about the administrative structure of the cult and its financial assets, along with the useful assessment that the incident
was the first large-scale terrorist use of chemical weapons against an urban targetthe crossing of a threshold in the annals of global terrorism. Outside the
domain of humint and osint, U.S. intelligence did have satellite photos of the Aum Shrinkyo compound, which allowed intelligence experts to identify key buildings
according to what was likely to be inside. This intelligence could have been helpful to share with Japanese officials, should they have opted for a military or police
assault on these quarters; but the sects leader and other top members were arrested without incident . Through masint (soil samples), the CIA
was also able to determine that sarin had in fact been manufactured on the compounds grounds, a finding already established by the Japanese police. In brief,
both U.S. and Japanese intelligence coverage of Aum Shrinkyo was thin prior to the subway attack , with virtually no enlightenment
from humint. This was a result in large part of a reluctance by Japanese and American authorities to infiltrate what initially seemed to be a religious
organization. One case does not a theory make, but it does appear that in a fast-moving incident of short duration like the Aum Shrinkyo attack, the public media
in the United States is apt to know as much about what happenedin some ways, morethan the America intelligence community, especially if the peering
lenses of overhead satellite cameras are largely irrelevant to the circumstances. If an event involves troop movements somewhere, or large-scale weapons
deployments, intelligenceimint, at any rateis likely to play a greater role than newspaper reporting. What about events that unfold over a longer period of
time? The case of the suspected Chinese M-11 missile sales to Pakistan falls into this category. M-11 Missile Sales to Pakistan The sarin incident was discrete,
lasting but a few hours on one day, followed by the arrest of the suspected perpetrators two months later. In contrast, the M-11 missile controversy
stretched out over several years. In the missile case, years not days are the appropriate measure of time. Data on the open-source coverage of the
suspected M-11 sale are presented in Figure 6, which again draws on two prominent American newspapers and a few widely read periodicals. [Insert Figure 6]

What could the public have learned about the alleged missile sale from open sources on the newsstands? First, the reader could have acquired basic information
about the M-11's specifications. Thirty-one feet in length, the missile had the capacity to carry a payload of 1,750 pounds over a range of 175-185 miles. It was
considered more accurate and easier to launch rapidly, as well as faster and more elusive in flight, than the Soviet-designed Scud missiles used by Iraq during
the first Persian Gulf War. Further, the reader could have found in the newspapers a fairly detailed time line for this issue, from 1983 when the Chinese gave
Pakistan the design of a tested nuclear weapon and enough weapons-grade uranium to build two nuclear bombs to 19 95 when the CIA concluded that
China had delivered M-11missile parts to Pakistanan allegation denied by the governments in Beijing and Islamabad. The public sources of
information on the missile controversy also provided in-depth analysis about U.S.-Chinese and U.S.-Pakistani relations, and why Washington was reluctant to
charge openly either government of duplicity and violations of international agreements prohibiting the proliferation of weapons of mass destruction (WMDs). The
United States sought good relations with both nations, especially the powerful Chinathe fastest growing market for American goods. Moreover, noted some
public commentators, the Chinese may have failed to understand that the M-11 missile did in fact violate accords that banned the sale of medium- range
missiles; the United States defined this category of weapons to include those with a 160- mile range, while the Chinese definition was 625 miles. Other
commentators, though, were more skeptical, accusing the Chinese of violating accords with impunity only to feign great offense whenever anyone complained. In
a word, the public record on this topic was rich during the years from 1989-1995. Readers could take away an extensive understanding of the dispute, although
the record remained cloudy on the central point of contention: had the Chinese actually sold M-11 missiles to Pakistan? To what extent did intelligence reports
chase away these clouds? This was Aspins research question for me. The declassified analyzes provided to the Aspin-Brown Commission by the CIA provided
some valuable additional information, including these key points: the CIA time line was much more detailed in its coverage of key Chinese-Pakistani
interactions related to weapons sales; while less than definitive, imt, sigint, and masint provided significant clues about the likelihood that the sale had been
consummated: records on Pakistani payments for missile components delivered by Chinese freighters; suspicious cargo being unloaded in large boxes from
Chinese vessels in the Pakistani port of Karachi; missile launchers spotted on Chinese trains headed for export ports; photographs of the Sargodha Missile
Complex in Pakistan revealed cylindrical objects on the groundagain, not conclusively identified as M-11 missiles, but strongly suspected as such. Thus, the
circumstantial evidence gathered by U.S. intelligence agencies summed to an even more compelling case than the already persuasive evidence in the
newspapers that the missile deal had gone forward. Much of this covert evidence came from techint, but some humint observations were part of the
data mixmost notably related to port activity in China and Pakistan. While no actual, intact M-11 missiles in Pakistan were ever
observed by a human asset or a spy machine, a combination of the two ints gave Washington officials a much stronger empirical basis to confront officials in
Beijing and Islamabad on the issue through diplomatic channels than would have newspaper reports alone. Both the public and the intelligence record suffered
from many ambiguities; but at least the clandestine sourcesespecially spy machines in this instancecarried the behind-the-scenes debate beyond the
boundaries of speculation and more into the realm of credible, if still circumstantial, evidence. This gave Washington added leverage in ongoing trade and armscontrol negotiations with both powers. Other Qualitative Indicators. While humint played only a secondary role in understanding Aum Shrinkyo
and the Chinese sale of M-11 missiles, in a number of other instances since the end of the Cold War its influence has been strongly felt in
high office, according to my interviews with intelligence and policy officials in Washington from 1992-1998. In 1994, for example, the U.S. Treasury
Department relied heavily on CIA humint reporting in its successful resolution of the Mexican peso crisis in 1994. Almost 600 humint
reports out of Mexico City tracked the deteriorating financial situation and the declining state-led petroleum industry . CIA assets
accurately communicated the likely decreases in Mexicos foreign exchange reserves, its continuing capital flight, a bulge in the short-term debt coming due, and
the probability that Mexico would soon become a net petroleum importer. Humint reports also provided a useful check on the accuracy of
information being released by the Mexican Finance Ministry, which was inclined to manipulate public fiscal dataespecially on the amount of oil revenues
available to the government of Mexico to collateralize U.S. loans. Moreover, negotiations with Tokyo over automobile trade imbalances that favored
the Japanese from 1980-1998 depended on a steady flow of humint (and sigint) reporting. So did questions of tactical military risks and
opportunities in the Balkans, along with bomb-damage assessments from that battlefield during the 1990s. Humint assets secured photography of sites
where human rights atrocities had been committed, including the location of mass graves (further verified by satellite imint) humint in the service of
human rights. Chemical-biological (C-B) weapons production in Russia has also depended on human assets , along with some use of
masint, to report on whether a factory was manufacturing microchips, pharmaceuticals, or C-B weaponry. A Soviet defector offered up startling insights
into Russian production of smallpox, plague, and anthrax in a form for delivery by ICBMs. In each of these instances, humint assets have on
occasion given the United States information to assist its security objectives that was unavailable through other sources.

--add-on china
Human counterintelligence key to prevent China region conflict
Assam Tribune, 12 (Assam Tribune, Guwahati. Local, regional, national, and
international news, in India. English daily newspaper published from Guwahati and
Dibrugarh, Assam. It is the highest circulated English daily in North-East India.
Clandestine defence assets. June 11, 2012.)\\mwang
Guwahati, June 11 -- Offensive techniques in current counter-intelligence doctrine are
principally directed against human sources. It follows that counter-espionage will entail
offensive counter-intelligence, for instance when FBI personnel are embedded with troops
located in war zone. The FBI looks after internal intelligence even as the CIA is concerned
with external intelligence. Rather than battlefield intelligence and tactical support for the
warfighter that have been the brief for intelligence agencies, the Pentagon has constituted a
new intelligence organisation called 'Defence Clandestine Service' (DCS). The focus of DCS
will be on significant facets of 'national intelligence' even as the Pentagon has not been too
specific on the kind of intelligence that may not necessarily be confined to the battlefield.
Intelligence priorities of the United States in recent years have included counter-terrorism on
a global scale with special reference to the Middle East, Asia and Africa. Non-proliferation
issues linked mainly, but not exclusively, to North Korea and Iran, along with the rise in
power and influence of China on a global scale. The US Secretary of State Hillary Clinton has
been critical of the growing military power of China and its increasing assertiveness over
the North China Sea. Under-Secretary of Defence for Intelligence Michael Vickers is better
known as one among others who orchestrated CIA's programme to arm Islamist militants so
as to trigger the ouster of the Soviets from Afghanistan in the 1980s. A former member of US
Special Operations Forces, Vickers has been centred on transforming human intelligence
(HUMINT) into an asset for the world's only superpower. If the US could have had a spy in
the inner circle of former Iraqi President Saddam Hussein, global history would have perhaps
been different. The US Army Command and General Staff are now saddled with the task of
manipulating human sources intelligence into an agency that's proactive, and not entrusted
with the logistics of the war zone or a special force operation that calls for transfer of
personnel from one end of the world to other in a matter of hours, win the war in about a
fortnight and be ready to deploy more than half the world away in 20-30 days to win another
war. The basic objective of the Defence Clandestine Service is meant to complement efforts
of the 19 other intelligence agencies. The objective is to translate the US' clandestine
agency into a springboard for reinforcement of US foreign policy. Military organisations can
do HUMINT that is directly related to their mission, such as local informants in a
peacekeeping or occupation assignment. If a military unit obtains a HUMINT asset of
national interest, the National Clandestine Service (NCS) should oversee it. There may be
special cases where they may run assets directly related to operations. The only rider is that
the CIA would have to be kept in the picture. The recent Pentagon China-phobia policy, its
containment of China, the emergence of new military intelligence agency and the US
hegemonic design in South- and South-East Asia have become a hot debate in electronic
and print media in Europe. The increasing Chinese influence in Pakistan, Afghanistan and Central Asia and
its capture of European and African market together with the aggrandisement of Russian
economy and military industry have caused an unending torment for the United States.
Pentagon authorities didn't sleep a wink since the commencement of recent joint RussiaChina naval exercise in the Yellow Sea between the east coast of mainland China and the
Korean Peninsula and their stance on the Arab Spring. Offensive techniques in current
counter-intelligence doctrine are principally directed against human sources . It follows
that counter-espionage will entail offensive counter-intelligence, for instance when
FBI personnel are embedded with troops located in war zone. FBI looks after internal

intelligence even as the CIA is concerned with external intelligence. The core of exploitation
operations is to degrade the muscle power of an enemy nation or terrorists, militants,
insurgents and guerrilla organisations. There has to be knowledge about the target nation's
intelligence service or a terrorist organisation's. Offensive counter-espionage and counterterrorism is done either by manipulating the adversary in some manner or by disrupting the
adversary's normal operations. Counter-HUMINT deals with both the detection of hostile
HUMINT sources within an organisation, or the detection of individuals likely to become
hostile HUMINT sources in terms of a double agent or spy. There is an additional category
relevant to the broad spectrum of counter-intelligence, and that's when one becomes a
terrorist from being a freedom fighter. 'It's essentially designed to integrate defence
intelligence capabilities with the broader intelligence community by leveraging unique
military capabilities,' said Deputy Assistant Secretary of Defence for Media Operations Navy
Capt John Kirby. He said the new service will inherent 'existing capabilities and personnel to
better concentrate on this kind of intelligence'. About 15 per cent of the DIA's case officers
will be part of the Defence Clandestine Service, The Washington Post wrote. New, more
clearly delineated career paths will give DIA case officers better leverage to continue their
espionage in foreign nations.

--a2 humint bad relations


Spying doesnt undermine foreign relations-every country in the
world spies
Trowbridge 13 (produce at Bloomberg politics, CBS, Politico, went to
University of North Carolina, served as a digital reporter for CBSNews.com
Wrote and reported stories on a range of topics, including international
and domestic politics, energy, retirement, veterans, health and
technology. NSA spying: ally anger justified?
<http://www.cbsnews.com/news/nsa-spying-ally-anger-justified/> July 3,
2013.)\\mwang
Following revelations made last weekend that the United States spies on its allies, European officials - especially
those in Germany and France - lashed out with searing statements conveying their outrage. And in response

to
uproar across the Atlantic, current and former U.S. intelligence officials and government
leaders have argued that, when it comes to spying on allies, the U.S. isn't alone . Bolivia
president's plane rerouted due to Snowden suspicions " It's well known that our allies do spy on
us," said Juan Zarate, a former deputy national security adviser for combating terrorism under President George
W. Bush and a senior national security analyst for CBS News. "Our allies are out to understand what we
know and use it to their advantage." European leaders, he said, may be throwing stones
from their proverbial glass houses. " They should check in with their own intelligence
services before beginning to critique anything the U.S. does, " Zarate said. European
officials lash out at new NSA spying report According to CBS News senior correspondent John Miller, who formerly
worked at Office of the Director of National Intelligence, the practice is widespread. "Pragmatically, even the

countries that are reared up in righteous indignation know, on one level or another, they do
the same thing," Miller said. "Without getting into which countries do what to which other countries, most
people would be surprised if they saw the list of countries. Close military, economic and
political allies of the United States conduct regular intelligence collection operations against
the U.S. overseas and in some cases even on U.S. soil." Other former and current officials have made similar
points after Germany's Der Spiegel's magazine and Britain's The Guardian newspaper published reports Sunday
based on documents leaked by former National Security Agency contractor Edward Snowden detailing the NSA's
surveillance of U.S. allies and their diplomatic missions. Hayden: Administration should do a "bit more" explaining
on surveillance Retired Gen. Michael Hayden, a former NSA director, said on CBS' "Face the Nation" Sunday that
angry Europeans should look at what their own governments are doing. U.S. Secretary of State John Kerry said
" every country in world" spies. And on Monday, President Obama echoed the every-one-does-it
argument. But the outrage in Europe is justified, said James Bamford, who's written multiple books on the NSA,
because of the disproportionate scale of American surveillance activities compared to those of U.S. allies. Countries
spy, yes. But not like the U.S. "It's not the fact that allies spy on each other. It's the extent of the spying," said
Bamford. "The United States spies with the equivalent of a nuclear weapon. And they spy with something more like
a rifle." Many of the major offices for telephone and Internet companies are based in the United States, and,
Bamford argued, the U.S. government can therefore apply pressure to those companies in a way European
countries can't. "Belgium can't go to Yahoo and say, 'Give us all this information,'" he said. Play VIDEO President

Obama addresses accusations of spying on the E.U. In his defense of U.S. surveillance
activities Monday, Mr. Obama quipped, "I guarantee you that in European capitals there are
people who are interested in, if not what I had for breakfast, at least what my talking points
might be should I end up meeting with their leaders." Responding to that quote, Bamford said
Europeans would rightfully find the comment insulting, given, he said, that the NSA spied not just on foreign
government officials but on foreign citizens as well. "What the president of the United States has for breakfast
might be of interest to the intelligence service of some foreign government," Bamford said. "But what an average
European citizen has for breakfast shouldn't be of interest to the American government." But foreign citizens
shouldn't expect the same privacy protection from the U.S. government as American citizens, Hayden said on "Face
the Nation." "Our Fourth Amendment, which protects Americans' privacy, is not an international treaty," Hayden
said. Zarate warned that there are questions about Snowden's credibility and "no hard conclusions" from what he
revealed. "People," he said, "need to take a deep breath here."

Alt causes: U.S. will always spy on its allies for competition
Fisher 13 (Max Fisher, writer at the Washington Post, former writer for

the Atlantic. Why America spies on its allies (and probably should).
<https://www.washingtonpost.com/blogs/worldviews/wp/2013/10/29/whyamerica-spies-on-its-allies-and-probably-should> October 29 2013)
\\mwang
A week now after the initial revelation that the United States may have monitored the cellphone of German
Chancellor Angela Merkel, there's little doubt that the story has been damaging for this country and for the National
Security Agency, which earned the wrath of even longtime defender Sen. Dianne Feinstein, who oversees it as the
Senate Intelligence Committee chair. At the same time, though, the initial anger appears to be giving way to
debate: Is it, in fact, a bad idea for the United States to spy on friendly foreign leaders such as
Merkel? That question might sound counterintuitive, even cynical, a sign of the depth of Americans' hubris that
we would even consider it. After all, friends don't spy on each other, right? But I'm going to let you in on a little

The international system is, and always has been, inherently adversarial,
even among allies . To paraphrase the 19th-century British statesman Lord Palmerston, countries don't
have friends, they have interests. Spying on friendly foreign nations does not actually violate
the standard practices of international relations and in many ways is consistent with those
norms. The close U.S. allies France and Israel are particularly known for it. Still, something as
secret:

explicit as tapping Merkel's cellphone is a big and legitimately surprising step, one that may well go too far. Here is
an evaluation of the pros and cons involved that may help clarify why the United States would decide to take such a
step. The simplest case for spying might be that the United States and Germany, despite being
allies, still compete with one another, sometimes on quite substantive issues. If spying can

give them a leg up on those issues, then aren't their leaders obligated to sanction it?
President Obama's job, after all, is to further American interests, Merkel's to further German interests.
Those conflict more than you might think; when they do, both leaders are potentially better served if they spy on
the other. In 2011, for example, Obama wanted to intervene in Libya, but Merkel did not and could have used her
substantial influence in Europe to reduce NATO's participation. Ultimately, Germany was alone among Western
nations in opposing the U.N. resolution on Libya and nearly alone in not providing military resources for the
intervention. Merkel ended up coming under political pressure at home for the move. Washington and Berlin have
also clashed over how to manage the euro-zone crisis, the resolution and progress of which have far-reaching
implications for the German and U.S. economies. If dropping in on Merkel's phone calls can help the United States
safeguard its economic and national security interests, that would seem to be a strong argument for doing so. The
case may be even starker with France, another major target of recently revealed NSA spying whose
leaders have expressed official outrage at the surveillance. It's easy to forget today that in the 1960s,

France made several provocative breaks with the American ally that had liberated its capital
just two decades earlier. President Charles de Gaulle refused to cooperate on nuclear
weapons with the United States, announcing a nuclear strategy of "defense in all directions" that was
apparently intended to imply his willingness to use them against the Americans. He vetoed Britain's entry into the
European economic partnership that later developed into the European Union, which the United States had
supported. According to historian John Lewis Gaddis, de Gaulle even tried to persuade the leader of West Germany
to loosen his ties with NATO, which would have seriously undermined the U.S.-led coalition and could have changed
the course of the Cold War. Surely those were phone calls the United States would have been well-served by
monitoring.

ADV IHRL

1ac ihrl
Encryption is a human right under international law reforming surveillance in this context is key
Nyst 15, (Carly, Legal Director at Privacy International, TWO YEARS AFTER SNOWDEN, GOVERNMENTS RESIST CALLS
TO END MASS SURVEILLANCE, https://www.privacyinternational.org/?q=node/592, AL)
Governments must accept they have lost the debate over the legitimacy of mass surveillance and reform their oversight of
intelligence gathering, Privacy International and Amnesty International said today in a briefing published two years after Edward Snowden blew the lid on
US and UK intelligence agencies international spying network. The balance of power is beginning to shift, said Edward Snowden in an article published today
in newspapers around the world. With each court victory, with every change in law, we demonstrate facts are more convincing than fear The briefing, Two years
after Snowden: Protecting human rights in an age of mass surveillance, warns that governments are looking to maintain and expand mass surveillance, despite
the practice being condemned as a human rights violation by courts, parliaments and human rights bodies. It comes on the heels of the adoption of the USA
Freedom Act by the US Congress this week, a solitary and limited example of legislative rollback of surveillance powers since Snowden's revelations began.
Thanks to Edward Snowden, millions of ordinary people are now aware that not even their most intimate secrets are safe from government snooping. National
and international expert bodies could not have spoken more clearly: the indiscriminate mass surveillance of communications is a violation of human rights. The
game is up and the time has come for governments to reform their indiscriminate mass surveillance programmes, said Carly Nyst, Legal Director at Privacy
International "It is disappointing that governments have not accepted that mass surveillance violates human rights . While the passage in
Congress of the USA Freedom Act shows that it is possible to roll back surveillance, the prospect of more intrusive spying powers in France and the UK shows
that governments' appetite for ever more information on our private lives is unsated, said Sherif Elsayed-Ali, Deputy Director of Global Issues at Amnesty
International. Governments defy public opinion by expanding surveillance During the past two years, mass surveillance has been condemned as

excessive and a violation of human rights by courts, parliamentary enquiries and legal and technology experts appointed by
governments and international institutions such as the Council of Europe and the United Nations . The briefing warns that, in defiance of
global condemnation, UK and US spying programmes remain shrouded in secrecy, while several other governments are seeking new surveillance powers of their
own. Denmark, Finland, France, the Netherlands, Pakistan and Switzerland are discussing or set to present new intelligence bills that will increase their ability to
spy on communications in these countries and beyond. Just this week, the French Senate voted on a new bill that would grant the authorities vastly increased
surveillance powers. The briefing also warns that technological advances will make surveillance technology cheaper, more powerful and more widespread. Much
of the capability currently available only to US and UK intelligence agencies will likely be available to many more countries in future. Seven-point plan for
protecting human rights in the digital age Amnesty International and Privacy International today presented a seven-point plan calling on governments to introduce
checks and balances on the use of surveillance, including proper judicial control and parliamentary oversight. The rights groups want communications
surveillance to be reeled in within the bounds of international human rights law, which means it only happens when it is: Targeted,

based on sufficient evidence of wrongdoing, and is authorized by a strictly independent authority, such as a judge, Overseen by
transparent and independent parliamentary and judicial processes, Governed by publicly available and sufficiently detailed rules
and policies. The rights groups are also calling on powerful internet and telecoms companies to do more to protect the internet and phone communications of
billions of people from invasive surveillance and criminal attacks. Companies should invest in new and better encryption and other privacy
technologies for securing and anonymizing data, and inform users when the law may oblige them to hand their data over to governments. Tech
companies must do much more to protect their users privacy and freedom of expression online. While some big firms like Apple and Google have started
adopting stronger encryption standards, others are lagging behind. Tech companies need to introduce end-to-end

encryption in their
services by default, whenever possible, said Sherif Elsayed-Ali. The legitimacy of collecting communications in bulk is no longer up for
debate it is a violation of human rights and i nternational law . Mass surveillance must be dismantled and replaced by
targeted, accountable measures that respect human rights , said Carly Nyst. ANNEX Amnesty International and Privacy Internationals seven-point
plan for protecting human rights in the digital age Legal and policy reform: 1. National laws should be reformed to ensure that they comply with
international human rights law and standards, including by not allowing for indiscriminate mass surveillance. Key principles that must
be upheld include: a. Ensuring that surveillance of communications only happens when it is targeted, based on sufficient evidence of wrongdoing, and authorised
by a strictly independent authority, such as a judge; b. Ensuring there is transparent and independent parliamentary and judicial oversight of surveillance powers;
c. Making rules and policies about surveillance publicly available, including how governments are sharing information with other states; d. Ensuring equal privacy
protections apply for nationals and non-nationals, those within the territory of the state, and those outside it. e. Intelligence sharing should be strictly regulated
and conducted in a manner compliant with states human rights obligations; 2. Governments should not make encryption and anonimization technologies, or their
use, illegal; 3. Whistleblowers, including those working on national security issues, should be afforded strong legal protection from any form of retaliation,
including by way of prosecution, for having disclosed public interest information such as on human rights violations. Corporate due diligence In line with
companies responsibility to respect human rights: 4. Companies that own and/or operate telecommunications or internet infrastructure, including undersea
telecommunications cables, and internet companies, must ensure that access to data is permitted only when it conforms to international law and standards on
human rights, including by taking legal action to challenge government requests that seek bulk/wholesale access to communications traffic; 5 . Major internet

and telecommunications companies should lead the way in using strong encryption and other privacy technologies, including
through implementing end-to-end encryption by default, where possible; 6. Internet service providers, telecommunications companies and internet companies
should clearly inform users about legal requirements that they have to comply with, particularly in relation to handing over user information or content.
International standards 7. Further explore and develop means and measures needed to ensure better implementation of the
international human rights standards applicable to communications surveillance , building on efforts towards identifying relevant elements that
have started in the past two years, including reports by the UN Special Rapporteur on Freedom of Expression, the UN High Commissioner of Human Rights the
Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, as well as civil society initiatives such
as the Necessary and Proportionate Principles.

The plan is necessary and sufficient for global compliance


Encryption restrictions violate human rights law- plan is key to reverse global trends
Anna Crowe et al. 15--- Sarah Lee, Mark Verstrete, Carly Nyst, Matthew Rice, Chris Weatherhear, Bonnie Docherty, Tyler Giannini. Anna
Crowe is a Clinical Advocacy Fellow at the international human rights clinic. Crowe worked on transitional justice issues with the International
Crisis Group in Colombia as a Henigson Human Rights Fellow from Harvard Law School. Anna holds an LLM from Harvard Law School and
bachelor's degrees in Law, History and Political Studies from the University of Auckland. Sarah Lee and Mark Verstraete are clinical students at
Harvard Law. Carly Nyst, Legal Director of Privacy International, reviewed the booklet and provided editorial direction. Matthew Rice and Chris
Weatherhead from Privacy International. Bonnie Docherty is a Senior Clinical Instructor, and Tyler Giannini, Co-Director of IHRC, reviewed the
booklet for IHRC. (Crowe et al., Securing Safe Spaces Online, 6/17/15. p.8. Privacy International. http://hrp.law.harvard.edu/wpcontent/uploads/2015/06/Securing-Safe-Spaces-Online-2.pdf)//ET

Legal restrictions and informal obstacles impede the use of encryption and limit anonymous speech online across the four countries examined
in a variety of ways. Legal restrictions on encryption include general bans on the personal use of encryption, as well as more targeted measures, such as the
ability of state authorities to require individuals to decrypt information. The widespread perception that encrypting communications is technically
difficult or an unnecessary burden is among the informal obstacles to personal use of encryption. Meanwhile, online anonymity is hindered by
real name registration laws, which require people to use their real names to register for certain websites, and bans on anonymity tools. Informal obstacles
include websites requiring identity verification as a matter of corporate policy; additionally, lack of trust in the internet as a safe space to
communicate and fear of surveillance can diminish confidence that online anonymity is possible. There are opportunities for governments,
the corporate sector, and civil society to eliminate or minimise obstacles to personal use of encryption and online anonymity. Governments should
implement or reform laws and practices to promote rather than restrict encryption and guarantee anonymous speech online. While the right

to privacy and the right to freedom of expression are not absolute, restrictions must conform with the requirements of international
human rights law . 2 The corporate sector is also in a position to respect rights by promoting practices and developing products that preserve users rights
online. Finally, ci vil society groups should start using and actively promoting encryption and anonymity tools, as well as drawing attention to their relationship
with human rights. Foreword Why We Encrypt Encryption protects our data. It protects our data when its sitting on our computers and in data centres, and it
protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our
anonymity. And sometimes, it protects our lives. This protection is important for everyone. It's easy to see how encryption protects journalists,
human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from
criminals. It protects it from competitors, neighbours, and family members. It protects it from malicious attackers, and it protects it from accidents. Encryption
works best if its ubiquitous and automatic. The two forms of encryption you use most often https URLs on your browser, and the handset-to-tower link for your
cell phone calls work so well because you don't even know they're there. Encryption should be enabled for everything by default, not a feature you turn on only
if you're doing something you consider worth protecting. This is important. If we only use encryption when were working with important data, then encryption
signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses
it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the
dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive. It's important to remember
that encryption doesn't magically convey security. There are many ways to get encryption wrong, and we regularly see them in the headlines. Encryption doesnt
protect your computer or phone from being hacked, and it can't protect metadata, such as e-mail addresses that needs to be unencrypted so your mail can be
delivered. But encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk
surveillance the kind done by governments looking to control their populations and criminals looking for vulnerable victims. By forcing both to target their
attacks against individuals, we protect society. Securing Safe Spaces Online 3 Today, we are seeing government pushback against encryption.

Many countries , from States like China and Russia to more democratic governments like the United States and the United Kingdom, are either
talking about or implementing policies that limit strong encryption. This is dangerous, because it's technically impossible, and the attempt will
cause incredible damage to the security of the Internet . There are two morals to all of this. One, we should push companies to offer
encryption to everyone, by default. And two, we should resist demands from governments to weaken encryption. Any weakening, even in
the name of legitimate law enforcement, puts us all at risk. Even though criminals benefit from strong encryption, we're all much more secure when we all have
strong encryption.

Failure to comply with IHRL undermines multilateralism

Melish 9, (Tara J., Visiting Professor at Notre Dame School of Law, From Paradox to subsidiary: United States and Human
Rights Treaty Bodies, http://www.yale.edu/yjil/files_PDFs/vol34/Melish.pdf, AL)
Institutionalists, on the other hand, see greater instrumental utility in engaging actively with both international institutions and global
norms including human rights norms. While they, too, believe that states act exclusively in accordance with their instrumental interests,146 they see
these interests as being increasingly interwoven with participation in international cooperative, peacebuilding, and dispute-resolution institutions. 147 U.S.
engagement with international institutions thus constitutes for institutionalists an important and instrumental foreign policy tool for
promoting and defending U.S. interests abroad, while conferring key reputational benefits, ever more salient in global politics,
particularly in the international human rights field .148 While realists dominated U.S. human rights policy during the Cold War, 149 and remain highly
influential in the foreign policy establishment today, institutionalists have gained increasing prominence over the last two decades with the dramatic proliferation
of international institutions and rapid expansion of the international human rights architecture. Within this context, the push-pull dynamic over U.S. human rights
policy as a foreign policy objective has shifted determinatively toward institutionalists. For this group, human rights treaty body engagement serves

two primary strategic foreign policy goals today: first, renewal of U.S. moral leadership in multilateral settings and, second,
promotion of human rights and democratic reforms in other countries. Both are directed to furthering national security and global
public order objectives, independent of any domestic policy implication. First, institutionalists appreciate that the international
standing of U.S. diplomats and their ability to lead in international processes of global dispute resolution are compromised by the
nations failure to ratify core human rights treaties and engage in their supervisory procedures. This failure, which has left the
nation increasingly in the company of rogue or failed states,150 renders it out of step with its democratic partners and subjects it
to charges of hypocrisy by less democratic nations where the United States seeks human rights improvements or security
safeguards. 151 On a practical level, this impairs the United Statess ability to accomplish its national security and other global
security priorities within multilateral settings, at times making disagreement with the United States a principled human rights
stand in itself.

US Multilateralism is key to international response to global threats

Brimmer 14, (Esther, Assistant secretary for the bureau of International Organization affairs at the United States Department
of State, Smart Power and Multilateral Diplomacy, June, http://transatlantic.sais-jhu.edu/publications/books/Smarter
%20Power/Chapter%204%20brimmer.pdf, AL)
Over the subsequent decade, the variable definitions of Smart Power have evolved to reflect a rapidly changing foreign affairs
landscapea landscape shaped increasingly by transnational issues and what can only be described Nations of the world must now calibrate their
foreign policy investments to try to leverage new opportunities as truly global challenges. while protecting their interests from emerging
vulnerabilities. Smart Power is no longer an alternative path; it is a four-lane imperative. From terrorism to nuclear proliferation , climate
change to pandemic disease , transnational crime to cyber attacks , violations of fundamental human rights to natural
disasters , todays most urgent security challenges pay no heed to state borders. Ultimately, the other component necessary in todays
Smart Power alchemy is robust, focused, and sustained international cooperation. In effect, in an increasing number of instances, Smart Power must now feature
shared power, and in that context foreign policy choices must follow two related but distinct axes. First, those policy choices must strengthen a states overall
stature and influence (rather than diminish it), leaving the state undertaking the action in a position of equal or greater global standing. This is easier said than
done. The proliferation in challenges facing all states has created a need for multiple, simultaneous diplomatic transactions among a broadening cast of actors.
Given the nature of todays threats facing states both large and small, those transactions have never been more frequent and at times overlappinga reality that
requires new agility and synchronization within foreign policy hierarchies. States that are less capable of responding to this new reality may experience
diminished political capital and international standing by acting on contemporary threats in isolation or without a full appreciation of the reigning international
sentiment. Many observers have highlighted U.S. decision-making in advance of the 2003 Iraq invasion as indicative of just this phenomenon. So, just as
global power is more diffuse, so too are the opposing threats and challenges, and it is in this new reality that the United States must define and employ
its Smart Power resources. Given the nature of todays threats facing states both large and small, those transactions have never been
more frequent and at times overlappinga reality that requires new agility and synchronization within foreign policy hierarchies. It has

become increasingly clear that effective multilateral diplomacy can create the conditions for an international response to a global
challenge or threat that is greater than the sum of its national parts, and that contributes to the effective resolution of both the
instant challenge and future ones.

--xt backdoors key


Strong encryption is key to human rights and freedom of speech
Jonathan Vanian 15- a writer at Fortune with a focus on technology. He has worked as a reporter for a legal affairs newspaper,
freelanced for a business journal in Santa Barbara, interned at the Center for Investigative Reporting, and was an editorial fellow
at Salon. (Vanian, New U.N. report says encryption tech is crucial for human rights, 5/29/15. http://fortune.com/2015/05/29/unencryption-human-rights/)//ET
A recently published U.N. report on encryption technology counters governments claims that the tech is detrimental to a safe society.
The battle between members of law enforcement who stand opposed to strong encryption and those who champion the data-scrambling technology continues.
But a new report from the United Nations has weighed in, saying that encryption is crucial for human rights and freedom of speech.
Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief , writes U.N. special rapporteur
David Kaye, author of the report. Kaye explains that the U.N. Human Rights Council believes that private communications shield an opinion
from outside scrutiny, particularly important in hostile political, social, religious and legal environments . In a nutshell, encryption
technology makes messages sent between multiple parties unreadable to unintended recipients through the help of specialized algorithms that cloak the data.
The U.S. government has been publicly opposed to the way many tech companies like Apple AAPL -7.92% and Google GOOG -0.11% have baked the protection
into their products, like the Apple iPhone. Attorney General Eric H. Holder said last year said that encryption technology prevents the U.S. government from
performing investigations into criminal activity. The U.S. government, along with both the U.K. and Chinese governments, have called for tech companies to
install back-doors into their products that would allow government investigators to read the scrambled data. The U.N. report counters that notion of
encryption impeding government investigations. Kaye writes that Governments have at their disposal a broad set of alternative tools ,
such as wiretapping, geo-location and tracking, data-mining, traditional physical surveillance and many others, which strengthen
contemporary law enforcement and counter-terrorism. Additionally, Kaye notes that governments often use the same type of encryption for their own
undercover operations, while essentially calling for other organizations not to use the tech.

Backdoors undermine human rights


Kravets 4/19/15 - David Kravets is an over-educated and seasoned, 25-year newsman and public relations veteran who has
bridged the divide between old-school and new-school media. He was the AP's award-winning legal writer, and now is the senior
editor at Ars Technica. In between, he was a senior writer at Wired, the press secretary for California Attorney General Jerry
Brown and a myriad of other things. ( David; Tech sector tells Obama encryption backdoors undermine human rights; May 15;
http://arstechnica.com/tech-policy/2015/05/tech-sector-tells-obama-encryption-backdoors-undermine-human-rights/)//pk
Technology giants like Apple, Google, and Microsoft urged President Barack Obama on Tuesday to refrain from supporting any US policy that would require the
tech sector to install backdoors into their products so the authorities can access encrypted data . In a letter (PDF) to Obama, dozens of tech

companies, cryptologists, and rights groups said mandatory backdoorswhich many authorities in the US government and
abroad have been calling forwould weaken cybersecurity as well as "undermine human rights." More than undermining every
Americans cybersecurity and the nations economic security, introducing new vulnerabilities to weaken encrypted products in the
US would also undermine human rights and information security around the globe. If American companies maintain the ability to unlock
their customers data and devices on request, governments other than the United States will demand the same access, and will also be emboldened to demand
the same capability from their native companies. The US government, having made the same demands, will have little room to object. The result will be an

information environment riddled with vulnerabilities that could be exploited by even the most repressive or dangerous regimes.
Thats not a future that the American people or the people of the world deserve.

Strong encryption is a fundamental human right


Bennett 15 Cybersecurity Reporter at The Hill; Government B.A. Cornell University, M.S. Journalism Comlubia
University Graduate School of Journalism (UN report: Encryption crucial for human rights, Cory Bennett, The
Hill, May 28, 2015, http://thehill.com/policy/cybersecurity/243381-un-report-encryption-necessary-to-exercisehuman-rights)//chiragjain
A United

Nations report released Thursday argues that strong encryption is fundamental


to exercising basic human rights. Encryption and anonymity enable individuals to
exercise their rights to freedom of opinion and expression in the digital age and, as such,
deserve strong protection, says the report, from the UNs Office of the High Commissioner for Human Rights. The international
group is releasing the report as the U.S. and other governments debate methods that would give law enforcement agencies
guaranteed access to encrypted data. Special rapporteur David Kaye authored the report,

which is strongly worded


in its opposition to intentional access points built into encryption, or "backdoors." In
the contemporary technological environment, intentionally compromising encryption,
even for arguably legitimate purposes, weakens everyones security online, the report says.

States

should avoid all measures that weaken the security that individuals may enjoy
online, such as backdoors, weak encryption standards and key escrows , it adds. A key escrow is
when a third party holds onto an encryption key, the information needed to decrypt data. The report even called on Congress to
consider the Secure Data Act, a bill that would ban the government from forcing companies to build backdoors into their encryption.
The FBI and National Security Agency (NSA) have been battling technologists, Silicon Valley, and a vocal contingent of lawmakers
over encryption standards. Federal officials argue companies should have a method to decrypt data if its needed for a criminal or
national security investigation. Companies counter that such a decryption method would create inherently vulnerable encryption. "I
certainly have great respect for those that would argue that the most important thing is to ensure the privacy of our citizens and we
shouldnt allow any means for the government to access information, NSA Director Adm. Michael Rogers said during a speech in
Estonia on Wednesday, according to reports. I would argue that's not in the nations best long term interest, that weve got to create
some structure that should enable us to do that, mindful that it has to be done in a legal way and mindful that it shouldn't be
something arbitrary, he continued. The U.N. report, while decrying backdoors, does give some credence to the concept of courtordered decryption. Court-ordered

decryption, subject to domestic and international law, may only be


permissible when it results from transparent and publicly accessible laws applied solely
on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to
judicial warrant and the protection of due process rights of individuals, it says. The report does
not explain exactly how a company would decrypt its data, though. Companies such as Apple and Google have
encryption in place that they say locks even them out. The White House is expected to release a report
soon detailing several options for law enforcement to bypass encryption and access data during investigations.

--a2 alt cause


Plan is necessary and sufficient
Nyst 15, (Carly, Legal Director at Privacy International, ENCRYPTION AND ANONYMITY CREATE A ZONE OF PRIVACY
ONLINE, SAYS UN SPECIAL RAPPORTEUR, https://www.privacyinternational.org/?q=node/600, AL)
A groundbreaking report released today by the UN Special Rapporteur on freedom of expression , David Kaye, calls on states to ensure
security and privacy online by providing comprehensive protection through encryption and anonymity tools , warning that blanket
measures to restrict online privacy fail to comply with human rights norms . To support the findings contained in the Special Rapporteur's report,
Privacy International, the Harvard Law School's International Human Rights Law Clinic and ARTICLE 19 have published an accompanying booklet, Securing
Safe Spaces Online: Encryption, online anonymity and human rights which explores the impact of measures to restrict online encryption and anonymity in four
particular countries the United Kingdom, Morocco, Pakistan and South Korea. The Special Rapporteur's report represents a landmark step forward for the UN
Human Rights Council, from which substantive issues of human rights and technology were absent until just two years ago, and which will shortly appoint a
dedicated Special Rapporteur on the right to privacy. For the first time, the Council has been asked to consider how the use of increasingly popular encryption
and anonymity tools and services can protect and promote human rights online, particularly the rights to freedom of expression and privacy. Bringing human
rights into the digital age The report notes that discussions of encryption and anonymity have all too often focused only on their potential

use for criminal purposes in times of terrorism, rather than their role in promoting secure, private and free communications,
facilitating the realisation of rights to expression, opinion and privacy . Mr Kaye observes that encryption and anonymity, separately or
together, assist in shielding opinions from outside scrutiny(particularly important in hostile environments), empower individuals to
circumvent censorship and other unlawful barriers to the free flow of information, and shield journalists, researchers, lawyers and
civil society from unlawful surveillance and harassment. In this regard, encryption and anonymity provide individuals and groups with a zone of
privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks, Mr Kaye concludes. Affirming an
important application of the right to freedom of expression and opinion to modern-day realities, the report notes that the right to form and hold opinions, unlike the
rights to privacy and freedom of expression, is an absolute right that cannot be limited in any circumstances. Whereas the right to an opinion may traditionally
have been construed as an abstract right that occurs only within one's mind, the report observes, the mechanics of holding opinions have evolved in the digital
age, with individuals both holding opinions digitally saving their views and their search and browse histories, for instance, on hard drives, in the cloud, and in email archives and forming opinions online, through search and browsing activities. The report recommends, inter alia, that States should

not restrict
encryption and anonymity, and blanket prohibitions fail to be necessary and proportionate and thus cannot comply with
human rights law; States should avoid all measures that weaken the security that individuals' privacy may enjoy online, such as
backdoors , weak encryption standards and key escrows ;

ADV MOVEMENTS

--xt plan k/t movements


Backdoors compromise security and prevent anonymity key to human rights
Swire 7/8 <Peter, Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business, 7/9/15, Going Dark:
Encryption, Technology, and the Balance Between Public Safety and Privacy, Senate Judiciary Committee Hearing,
http://www.judiciary.senate.gov/imo/media/doc/07-08-15%20Swire%20Testimony.pdf>//wx
U.S. Government support for encryption vulnerabilities increases cybersecurity problems in the least trusted countries and
globally, and undermines U.S. human rights policies. U.S. Government support for encryption vulnerabilities not only encounters the severe
technical cybersecurity problems just discussed, but also increases the likelihood of cybersecurity threats originating from other countries. U.S. government
support for such vulnerabilities harms both cybersecurity and human rights . In 2012 I was the lead author of a 65-page law review article on
Encryption and Globalization, a comprehensive examination of global effects of national encryption policies.24 What we called the least trusted country
problem is critical to understanding cybersecurity and encryption in our globalized setting. If one country sets limits on encryption, then cross-

border communications that comply with that countrys laws will have that vulnerability. If one party to a communication uses
compromised encryption as required in that country, then those globally who communicate with that country will have their
communications compromised as well. Key escrow provides a vivid example of the least trusted country problem. Consider whatever country in the
world you trust the least. For India, that could be Pakistan, for Taiwan it could be China, for Israel it could be Iran. (I prefer not to pick one such country for the
United States.) How secure would any of these countries be if their least trusted country had key escrow for their communications? We wrote: Ultimately,

laws

that limit effective encryption create security holes . Communications that originate, end, travel through, or comply with the policies of those
nations are systematically weakened they are as secure as they would be in the hands of our least trusted country, whatever country that may be Think
about important communications in the hands of the country you trust least in the world. That is the Internet that would result from limits on strong encryption. In
the United States has a crucial leadership role to play concerning possible compromises in global
communications security . I saw this personally when I met in India with senior officials in 2011, when India was considering a sweeping key escrow

this globalized setting,

proposal. In these discussions, we explained the history of the crypto wars in the 1990s, and gave the technical and political reasons why the U.S. government
had correctly decided to abandon a key escrow approach. After these discussions, and those with other American and global experts, the Indian government
substantially cut back its legal proposal, and also has had far less than full implementation of the residual provisions. In short, the American example was

useful in reducing the bad effects on global security, notably including for U.S. individuals and companies communicating abroad .
If American policy becomes to mandate encryption vulnerabilities, either in law and practice, then our moral and policy authority to argue for strong cybersecurity
is eroded. The human rights implications of mandating vulnerabilities are also substantial and important. The Review Group Report discussed the importance of
the U.S. Internet Freedom agenda, to bolster protections for journalist, religious minorities, and political dissenters around the world, especially in repressive
regimes. In February, the U.S. government wrote a detailed statement about the importance of encryption to global free expression
and human rights to David Kaye, Special Rapporteur on the Promotion of the Right to Freedom of Opinion and Expression for the United Nations High
Commissioner for Human Rights. Key statements included: As President Obama recently made clear, the United States firmly supports the development of
robust adoption of strong encryption, which is a key tool to secure commerce and trade, safeguard private information, promote freedoms of expression and
association, and strengthen cybersecurity. Encryption, as well as tools that assist with anonymity, are especially important in sensitive

contexts where attribution could have negative political, social or personal consequences or when the privacy interests in the
information are strong. Consistent with this legal framework, as a matter of policy, the United States has long supported the development and use of
strong encryption and anonymity-enabling tools online.25 The importance of these anonymity-enabling tools has been underscored by
financial support, especially from the U.S. State Department, for development of software and platforms to enable human rights
activists and others abroad to communicate effectively notwithstanding local political regimes efforts to undermine such
communications. The U.S. government support for its Internet Freedom agenda is broadly consistent with the June 17, 2015 Joint Civil Society Statement by
25 leading non-government organizations entitled Promote Strong Encryption and Anonymity in the Digital Age.26 In conclusion on the least trusted country
discussion, it is abundantly clear in our globalized world that decisions about U.S. law enforcement access to communications have important effects on how
other countries decide to respond to similar issues in their own countries. The Information Technology Industry Council and Software & Information Industry
Association made this point in a recent letter: In addition to these security and trust concerns, the U.S. policy position on encryption will send a
signal to the rest of the world. Should the U.S. government require companies to weaken encryption technology, such

requirements will legitimize similar efforts by foreign governments. This would threaten the global marketplace as well as deprive
individuals of certain liberties. 27 The United States should be a strong example for cybersecurity and human rights, rather than an excuse used by
repressive regimes to surveil U.S.-based businesses and individuals and clamp down on political dissent.

Backdoors threaten human rights human rights activists


Wong 15 Cynthia M. Wong is a senior Internet researcher at Human Rights Watch(
JULY 8, 20
In recent years, pro-democracy and pro-human rights protesters from Egypt and Tunisia to Thailand and Hong Kong have used social
media and mobile phones to organize and broadcast their message to fellow citizens and the world . But governments are
ratcheting up their surveillance capabilities in response . Fear of heavy monitoring and the reprisals that can follow has led human rights activists to

adopt services that support encryption. To

them, encryption is a critical security tool to avoid being identified, arrested, harassed, or
worsemerely for criticizing government policy. The US government supports Internet freedom abroad as a pillar of its human
rights foreign policy. In recognition of the link between encryption and human rights, Congress has appropriated over $125
million to the State Department and US AID since 2008 to promote Internet freedom, including through programs that develop
encryption tools and train activists on how to use them. But the FBI has embarked on an aggressive campaign to convince the
public that encryption built into our digital tools should be weakened in the name of countering terrorism. Yet is has failed to
recognize the broad, though unintended, harm such an approach would bring to human rights activists worldwide . On June 3,
Michael Steinbach, assistant director of the FBIs counterterrorism division, testified before the House Committee on Homeland Security that technology
companies like Apple and Google should prevent encryption above all else because terrorists are increasingly using the companies secured tools to shield
communications and access to their activity is going dark. Privacy, above all other things, including safety and freedom from terrorism, is not where we want to
go, Steinbach said. FBI Director James Comey is likely to make the same argument before two hearings at the Senate Judiciary and Intelligence Committees on
Wednesday. Governments have a human rights obligation to investigate and prosecute crime and thwart terrorist attacks. But while

strong encryption may limit some existing surveillance capabilities, these limitations are greatly offset by the explosion of new
kinds of investigatory material enabled by the digital world, including location information and vast stores of metadata. It is also
unlikely that limiting strong encryption in US products would prevent bad actors from using it. Terrorists could merely shift to foreign alternatives. Most jarring
for human rights groups, however, is that the FBIs going dark narrative simply ignores the cost of undermining encryption to
human rights activists around the world. For activists, this debate is just as much about their safety and freedom as about privacy. All
Internet users, including those most vulnerable, rely on the security practices of US tech companies to protect them from abusive surveillance and
cybercriminals. In December 2010, in the midst of the Tunisian uprisings, Facebook, a crucial platform for the activists, began receiving reports that Tunisian
Facebook accounts had been compromised or deleted. Facebook soon discovered that the government had launched a large-scale attack to steal social media
passwords of activists and journalists and access their private communications and contacts. So Facebook turned to encryption, enabling HTTPS, a secure
communication protocol, automatically to thwart the attack in Tunisia. Facebook now deploys HTTPS automatically for its 1.4 billion users. In 2014, Apple and
Google announced they would go further and begin encrypting data stored on mobile devices used by activists worldwide, with even the companies unable to
decrypt locally stored data. WhatsApp, a group chat application, is also rolling out end-to-end encryption for its 800 million users. These measures can help
protect the safety of protest organizers in places like Hong Kong, Thailand, and the Middle East, along with millions of other, even if they may not realize it. The
FBI insists that they dont want a back door into secured services, but rather a requirement that companies design their services so they can still decrypt data
with a lawful court order. But whatever label you use, the nearly universal view within the digital security community is that there is no technical solution that
would allow the FBI to decrypt all communications, but wouldnt leave internet users exposed to actors (government and non-government) that would try to
uncover that vulnerability for malicious purposes. Repressive regimes will exploit back doors to identify troublemakers and throw them in jail. And if the FBI
forces tech companies to weaken their security, then why wouldnt every other government demand the same, including those that equate dissent with terrorism.
How comfortable would we be if Russia, China, and Saudi Arabia had back door access to Apple and Google devices? Indeed, China has already started down
this road in a counter-terrorism bill introduced earlier this year that would require firms to install back doors and disclose encryption keys. The US government
would lack credibility to criticize these demands on behalf of US industry or on human rights grounds. Strong encryption is a cornerstone of security
in the digital age. It helps protect vulnerable human rights activists everywhere. Internet back doors make us all less safe. The FBI and
Congress should not ignore these inconvenient facts, even in the name of fighting terror.

Encryption key to democratic movements, online security, and open society

Yen 15, (Andy, Graduate from Harvard Physics and Economics, Scientist at European organization
for Nuclear research, Co-founder of Protonmail a email encryption startup, Idea for Ted Talks,
Why we should all care about encryption. Really, http://ideas.ted.com/why-we-should-all-careabout-encryption-really/, AL)
Back in summer 2013, the Edward Snowden revelations got me thinking. How much of our lives are compromised when security agencies or

hackers, or anyone else can read our emails? Emails paint an intimate narrative of ourselves the people we talk to, the
books we read, the politics we practice. This information is powerful. When we lose control over it, it can do great harm to
ourselves and our loved ones. I realized that I wasnt comfortable with the power contained within this information, nor with my lack of control over it.
BANNING ENCRYPTION WONT STOP TERROR ATTACKS OR END RELIGIOUS EXTREMISM. BUT SUCH A BAN WOULD
STIFLE DEMOCRATIC MOVEMENTS, SCUTTLE ONLINE SECURITY, AND UNDERMINE OUR OPEN SOCIETY . In fact, no one
I talk to is comfortable with this information or with its power. But too often, they seem to prefer not to think about these things. Perhaps they imagine their
intimate data tucked away on an anonymous server somewhere, forgotten, and that its potential to impact their lives will remain untapped. Im not so sure. Thats
why I partnered with colleagues from MIT and CERN to build a free, encrypted email service that offers users absolute control over their data. So why does
encryption matter, anyway? Well, some would have you believe that encryption is a tool for the bad guys, enabling terrorists to have
an easy way of plotting their next crimes. In reality, banning encryption wont stop terror attacks or end religious extremism . But
such a ban could stifle democratic movements, scuttle online security, and undermine our open society. Here are three more reasons we should pay attention to
encryption.

Chilling Effect
Cunningham March 2007, Professor of sociology specializing in Social movements, Historical Sociology, Political Sociology,
Quantitative and qualitative inquiry. (David C, Contemporary sociology, March 2007 http://www.jstor.org/stable/20443704?
seq=1#page_scan_tab_contents) //C.A.
But how do we know whether such findings are systematically valid, or whether similar dynamics hold in other cases? Such model-building is not Varons goal; he is squarely focused on the specific contexts
surrounding the WU and RAF, and in the books introduction he clarifies that, while engaging with some of the social movement literature, he does not speak its distinctly sociological causal language (p. 18). Indeed,
his use of oral historical accounts is intended to provide representations of the past generated through the subjective work of memory .|.|. and not the objective reconstruction of the past (p. 16). When confronted
with the thorny issue of specifying the impact of the antiwar movement on U.S. policy, he doubts whether a method could even be devised for rendering such a judgment (p. 147) and instead employs the
biographical account of a single activist to represent his sense of the role played by militants in such outcomes. Fair enough, as his methodology yields a nicely textured portrait of the WU and RAF. His detailed
account of activist experiences also provides a window into the multivalent interactive nature of political contention. But it is difficult to have it both ways, to focus on close readings of subjective experiences while also

Have they fared any better in


their efforts to develop general explanations for the impacts of surveillance against political challengers ? The issue of surveillance
and its effects has long been subsumed by a broader concern with the bidirectional relationship between state action and
dissident mobilization: the so-called repression-mobilization nexus . For at least the past decade, the real action in this literature has been primarily in journals, with few
drawing out general conclusions that beg for more systematized analysis. This latter task, of course, has traditionally fallen to sociologists and political scientists.

attempts to integrate and extend existing insights within book-length analyses (though exceptions include Cunningham, 2004; della Porta and Reiter, 1998; Stanley, 1996). Further, findings have lacked consistency,
with surprisingly little cross-disciplinary conversation. Repression and Mobilization, a recent volume edited by Christian Davenport, Hank Johnston, and Carol Mueller, is a welcome corrective to this trend. The volume
is a product of a 2001 conference at the University of Maryland that brought together many influential thinkers in several social science disciplines, and its contents represent the most significant advance in collective
knowledge on the topic in some time. In his introduction, Davenport astutely assesses the field and suggests possibilities for its advancement. Most importantly for our purposes, his essay identifies a key dynamic
that has steered past research away from detailed analysis of surveillance: the move toward aggregated, multi-form indicators of repression as the object of analysis. To the extent that this approach has
predominated over close study of specific repressive forms (including surveillance) as bounded phenomena, its implicit foundation has been what contributor Charles Tilly labels the classic cost-benefit conception of
the impact of repression on mobilization and vice versa (p. 224). Within such a framework, repression is viewed as a cost imposed by auContemporary Sociology 36, 2 Downloaded from csx.sagepub.com at UNIV
OF MICHIGAN on July 20, 2015 122Symposium thorities on dissidents, leading to invariant conceptions that the allocation of repression decreases mobilization and, conversely, that mobilization predictably
generates a repressive response from authorities. Davenport shows that exploration of the second relationship (i.e., mobilization causes repression) has yielded the expected finding, while studies of the impact of
repression on subsequent mobilization have produced less consistent results. In his view, these empirical regularities/irregularities are problematic, as both have been produced in the presence of significant analytic
blind spots: an overly-narrow conception of repressive and dissident forms, reliance on a small number of fixed cases and data sets, and a simplistic view of the role played by media coverage. What to do? If the

disaggregate analyses to recognize the unique as well as recurrent features of


varied political environments, dissident repertoires, repressive forms, and path-dependent temporal and spatial dynamics. Davenport
volumes take-away lesson can be boiled down to a single idea, it would be to

argues that analysts should view the repression-mobilization nexus interactively, employing explanatory concepts derived from the social movement literatures political process tradition i.e., political opportunities
and threats, mobilizing structures, and cultural frames (see McAdam, 1982; McAdam, McCarthy, and Zald, 1996; Tarrow, 1998). The remainder of the volume is effectively an argument for complicating this baseline
model. Insights explicitly or implicitly tied to surveillance dynamics abound. Clark McPhail and John McCarthy highlight the fact that surveillance operations and other repressive tactics are not static or uniformthey
in fact vary by, and diffuse across, local policing jurisdictions in predictable ways. Gilda Zwerman and Patricia Steinhoff recognize that multiple, often divergent, outcomes result from the imposition of surveillance and

Ferree develops the concept of


soft repression, which emerges within civil society and hinders opposition through ridicule, stigma, and silencing processes
that often require the monitoring and labeling of dissident behavior. But perhaps the most telling signal of the current state of the field is the fact that the two distinguished
other repressive action, as micro-cohorts enter movements at differing points in the protest cycle and exhibit differing reactions to state action. Myra Marx

senior theorists given the final word in the volumeCharles Tilly and Mark Lichbachbarely mention the contributions of the preceding chapters. Instead, they concern themselves with broader issues of analysts
general orientation to the study of political conflict. Tilly suggests that students of repression and mobilization shift their angles of vision (Tilly, 2005: 225) to align with the mechanism-based approach he has
advanced, with Doug McAdam and Sidney Tarrow, in the 2001 book Dynamics of Contention. The DOC approach recognizes that repression and mobilization are relational phenomena, both involving exchanges
between dissidents and authorities. As such, it sees meaning as rooted in interactions within and between social sites, and centers analyses on episodes, or continuous streams of contention including collective
claim making that bears on other parties interests (McAdam et al., 2001: 234). Its empirical program calls for decomposing those episodes into combinations of recognizable, recurrent processes, then identifying
the invariant causal mechanisms that enter those processes (Tilly, 2005: 2112). The goal is not to identify regularities across classes of episodes, but instead to find robust constituent mechanisms and processes
that combine in varying ways to yield distinct outcomes. In short, the program aims at explaining change and variation, not in discovering uniformity among whole classes of episodes (Tilly, 2005: 212). To illustrate
what a DOC-style analysis might look like, Tilly concludes with a discussion of the mechanisms that constitute two varieties of collective violence, which he refers to as scattered attacks and broken negotiations.
Using these examples, he demonstrates that a single type of state actione.g., the imposition of surveillance against challengerscan yield divergent effects across contentious forms. The general point is that it is
likely misplaced to suggest that a single law govern[s] the relationship of mobilization to repression when both sides of the nexus are really shorthand for diverse sets of relational configurations (Tilly, 2005: 222).
We would be better served, Tilly instructs, to break specific configurations (i.e., episodes of contention) into their constituent Contemporary Sociology 36, 2 Downloaded from csx.sagepub.com at UNIV OF MICHIGAN
on July 20, 2015 Symposium123 processes and mechanisms, which become the sites through which particular types of outcomes emerge. Jules Boykoffs The Suppression of Dissent represents a book-length
treatment of a DOC-style mechanism-based approach. Drawing on a range of cases familiar to students of social movements in the U.S. (and relying, unfortunately, almost exclusively on existing secondary sources
as evidence), Boykoff explains how it is that state efforts to suppress political challenges result in the demobilization of social movements in the U.S. Like Tilly, he argues that such an explanation requires the
identification of distinct mechanisms through which actions contribute to the process of demobilization. The bulk of the book is taken up by descriptive case studies involving Martin Luther King, Jr., the Black Panther
Party, the Hollywood Ten, the American Indian Movement, and other activists from his self-described deep, broad survey of suppression in twentieth and twenty-first century U.S. history (p. 303). From these
accounts he inductively identifies a set of twelve actions, or Modes of Suppression. These Modes, in turn, lead to the demobilization of social movements through the work of five causal mechanisms: resource
depletion, stigmatization, divisive disruption, intimidation, and emulation. Curiously, Boykoffs product doesnt look much like Tillys. While Boykoff does inductively identify his population of Modes by examining
specific cases that can plausibly be conceived as episodes, he does not extend his discussion of mechanisms to explain the trajectory of particular cases of state-dissident interaction. This makes it difficult to
understand how constellations of mechanisms might combine to yield change and variation in outcomes, or how the context-laden character of both sides of the struggle might interact to shape the arc of contention.
While Tilly examines how particular combinations of mechanisms can explain variation, rather than uniformity, in outcomes, Boykoff asks why do seemingly different acts produce a common effect: the suppression of
dissent? (p. 264). So where does this leave us? Given the varied and inconsistent strains reviewed here, in what direction might future studies of surveillance in contentious politics productively move? First, if a
common theme exists in these works, it is that we need to disaggregate concepts such as mobilization and repression, and to pay closer attention to the particular ways in which surveillance as a repressive form
impacts contentious episodes. Taking this recommendation seriously requires that we make explicit the features that distinguish surveillance from other modes of repression. Two recent efforts may be instructive. Earl
(2003) has constructed a typology of repression, within which we can understand surveillance as fitting within classes of action that are: 1) coercive, 2) unobserved by targets and the general public, and 3)
perpetrated either by private or state-based agents. Davenport (2005), in a recent journal article, has alternately focused on a single analytic dimension: the distinction between overt and covert repressive action.
While surveillance of dissident targets is sometimes employed overtly, to chill or otherwise alter the behavior of challengers (Marx, 1979), monitoring more often functions covertly as a means to collect information
that can later be used in a variety of ways against targets. This emphasis on covert state action harks back to Gary Marxs (1974, 1988) seminal research on informants, agents provocateurs, and undercover policing,
and links to an emerging concern with the patterning of surveillance-based acts, in particular the ways in which authorities allocate resources to monitor targets. Recent work has highlighted how state agencies
identify targets by constructing them as such, and has shown that such constructions are shaped not only by ethnic, class, religious, etc. characteristics of potential candidates, but also by the organizational structure
of policing agencies (Cunningham, 2004) and the characteristics of neighborhoods where potential targets reside (Davenport, 2005). A related concern is the impact of state surveillancehow such action affects
activists and sympathetic publics. Boykoff argues that the presence of surveillancewhether perceived or realcan contribute to a process of demobilization through the intimidation of targets, often characterized by
a feeling of paranoia. Such efforts, he asserts, also yield a body of information that can be used by state agencies to disrupt the functioning of targeted groups (pp. 2814). While such unique effects speak to the
inappropriateness of lumping together heteroContemporary Sociology 36, 2 Downloaded from csx.sagepub.com at UNIV OF MICHIGAN on July 20, 2015 124Symposium geneous categories of action as
repression, it is important to recognize that state agencies often simultaneously employ a combination of tactics to minimize dissente.g. aggressively policing public space, gathering extensive intelligence through
covert surveillance efforts, empowering community leaders to exert social control on local residents, and so on (Caldwell, 2006). Research that brackets surveillance as its object of study would almost certainly miss
indirect or emergent effects visible only through the contextualization of individual tactics within broader suppressive programs. In certain cases, such as with the FBIs counterintelligence programs (COINTELPROs)
in operation between 1956 and 1971, state agencies have formalized the use of a diverse repertoire of tactics, self-consciously employed in concert (Cunningham, 2003, 2004). Therefore, alongside efforts to
disaggregate analytic categories, we need to find ways to comprehend how tactical combinations interact to yield predictable outcomes. Is a mechanism-based approach the best way to do so? The question is at the
core of current debate in the field of contentious politics as a whole, reflected by the seeming gulf between Tillys approach and the contextualized political process agenda advanced by the other contributors to the
Davenport et al. volume. In that books concluding chapter, Mark Lichbach promotes a strategy to bridge these perspectives. Lichbach is not troubled by the use of mechanisms to generate dynamic causal accounts
that demonstrate how relationships between inputs and outcomes operate. He is, however, wary of research programs organized around the identification of salient mechanisms, as the exhaustive listing of these
mechanisms can easily expand indefinitely, creating an interminable makework project (Lichbach, 2005: 233). To prevent such chaotic proliferation, Lichbach suggests that researchers should embed their
mechanisms within larger organized systems of knowledge (i.e., logicallyconsistent combinations of mechanisms) and employ stylized facts and historical narratives to evaluate them empirically. Such an agenda
may be one way to take the DOC challenge seriouslyi.e., to give attention to the largely unexamined relational transactions lodged within the causal arrows of social science modelswithout discarding the
underlying political process approach that has guided the field for the past two decades. Such an effort can have broader-reaching effects as well, moving theoretically-inclined social scientists toward the center of
policybased dialogue surrounding the varied impacts of surveillance initiatives. These debates are of course pivotal to understanding

how states can preserve the security of their

citizens. Equally important, sophisticated analyses can also demonstrate how surveillance efforts can chill citizens ability to
lawfully express dissent, posing a threat to acts vital to the practice of democracy.

Increased surveillance causes groups to go underground effectively shutting them down


Cunningham March 2007, Professor of sociology specializing in Social movements, Historical Sociology, Political Sociology,
Quantitative and qualitative inquiry. (David C, Contemporary sociology, March 2007 http://www.jstor.org/stable/20443704?
seq=1#page_scan_tab_contents) //C.A.
Police monitoring of law-abiding activists at protest events. A CIA-sponsored program dedicated to investigating financial
transactions. An NSA initiative to collect data from massive numbers of domestic phone calls. The Pentagons aborted Terrorism
Information and Prevention System, TIPS, and Total Information Awareness programs. The USA Patriot Act. Over the last halfdecade, American citizens have been bombarded with a dizzying array of issues and controversies related to state surveillance
initiatives. While the potential impact of surveillance activities is widespreadsome claim, for instance, that the recent NSA program sought to obtain data from
every call placed in the U.S.its effects are most squarely centered on settings that pose a challenge to the institutional political status
quo. It is clear that such efforts have enormous potential effects on the shape of political contention, and that these effects emerge in multifaceted ways. Rich
historical accounts offer a window into these complexities. Take Jeremy Varons Bringing the War Home, a compelling and nuanced chronicle of New Leftist
militancy in the U.S. and Germany during the 1960s and 1970s. Varon focuses on two organizations in particular: the Weather Underground (WU) in America and
the West German Red Army Faction (RAF). While not a comparative study per se, he uses these two juxtaposed cases to develop a layered analysis of how
activists in both countries came to embrace violent revolutionary action, and how varied interactions with the state and civil society shaped their distinct
trajectories. Policing agencies in both nations employed a variety of means to actively monitor and disrupt the WU and RAF. Surveillance through

wiretaps, agent observation of public events, illegal break-ins, and infiltration by informants and provocateursconstituted the
meat of the states repressive efforts, at least in the U.S. Varon notes that, even before the Weatherman organization went underground,
the FBI had identified at least 270 of its members, nearly a third of whom were marked on the Bureaus Security Index for
detainment in the case of national emergency. Agents and informants also diligently recorded the identities of the 300 or so
people in attendance at a Weatherman-sponsored conference in 1969 (p. 158). Despite considerable safeguards in place to prevent infiltration, in at least
three cases informants successfully gained access to radical collectives. In such instances, informants typically operated as provocateurs, encouraging violent
activities for which participants were then arrested. After their move underground in 1970, FBI Director J. Edgar Hoover designated the Weather leadership
subjects of intensive investigation, and three Bureau officials were later indicted for their resulting authorization of a series of break-ins
(known as black-bag jobs) designed to gather information about suspects whereabouts. Varon reaches a number of conclusions
about how such state action impacted the trajectories of each group . State repression, he suggests, caused those skeptical about
vioSurveillance and Social Movements: Lenses on the Repression-Mobilization Nexus DAVID CUNNINGHAM Brandeis University dcunning@brandeis.edu The
Suppression of Dissent: How the State and Mass Media Squelch US American Social Movements, by Jules Boykoff. New York, NY: Routledge, 2006. 288 pp.
$80.00 cloth. ISBN: 0415978106. Repression and Mobilization, edited by Christian Davenport, Hank Johnston, and Carol Mueller. Minneapolis, MN: University of
Minnesota Press, 2005. 328 pp. $75.00. cloth. ISBN: 081664425X. Bringing the War Home: The Weather Underground, the Red Army Faction, and
Revolutionary Violence in the Sixties and Seventies, by Jeremy Varon. Berkeley, CA: University of California Press, 2004. 407 pp. $21.95 paper. ISBN:
0520241190. Downloaded from csx.sagepub.com at UNIV OF MICHIGAN on July 20, 2015 Symposium121 lence to seriously contemplate it and those
persuaded of the need for violence to take the radical leap into action (p. 3). In Germany, [h]ad the states reaction been less severe, the RAFs armed struggle
might neither have endured so long nor become so brutal (p. 254). In the U.S., the traumatic effect of state violence provided a motive for Weather adherents
increased militancy during the late 1960s (p. 162). The move by the Weather Underground toward symbolic damage and away from violence against human
targets prevented the sort of massive program of state repression witnessed in Germany (p. 174). We can also infer dynamics more closely tied to

surveillance: that Weathermans move underground was in part to escape monitoring by police and FBI, and that this move did in
fact significantly reduce the latters ability to surveil the group. Paradoxically, however, this shift expanded the overall scope of the states
surveillance activities as agents increasingly relied on less fine-tuned metrics to locate Weather adherents, focusing on broad networks of above-ground family
and friends as well as a wide range of locales (communes, countercultural centers, etc.) deemed likely to shelter underground suspects. All are provocative
conclusions, and not inconsistent with the specific evidence presented in Bringing the War Home.

--a2 sq solves
Foreign governments are modeling encryption backdoors now
Scheiner 15
Bruce Scheiner (Chief Technology Officer of Resilient Systems, a fellow at Harvard's Berkman Center, and a board
member of EFF ]https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html)

Encryption protects our data. It protects our data when it's sitting on our computers and in
data centers, and it protects it when it's being transmitted around the Internet. It protects our
conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And
sometimes, it protects our lives. This protection is important for everyone. It's easy to see how
encryption protects journalists, human rights defenders, and political activists in authoritarian
countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects
it from competitors, neighbors, and family members. It protects it from malicious attackers, and it
protects it from accidents. Encryption works best if it's ubiquitous and automatic. The two forms of
encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your
cell phone calls -- work so well because you don't even know they're there. Encryption should be
enabled for everything by default, not a feature you turn on only if you're doing something you
consider worth protecting. This is important. If we only use encryption when we're working with
important data, then encryption signals that data's importance. If only dissidents use encryption in a
country, that country's authorities have an easy way of identifying them. But if everyone uses it all of
the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private
conversation. The government can't tell the dissidents from the rest of the population. Every time you
use encryption, you're protecting someone who needs to use it to stay alive. It's important to
remember that encryption doesn't magically convey security. There are many ways to get encryption
wrong, and we regularly see them in the headlines. Encryption doesn't protect your computer or phone
from being hacked, and it can't protect metadata, such as e-mail addresses that need to be
unencrypted so your mail can be delivered. But encryption is the most important privacy-preserving
technology we have, and one that is uniquely suited to protect against bulk surveillance -- the kind
done by governments looking to control their populations and criminals looking for vulnerable victims.
By forcing both to target their attacks against individuals, we protect society. Today, we are seeing
government pushback against encryption. Many countries, from States like China and Russia to more
democratic governments like the United States and the United Kingdom, are either talking about or
implementing policies that limit strong encryption. This is dangerous, because it's technically
impossible, and the attempt will cause incredible damage to the security of the Internet. There are two
morals to all of this. One, we should push companies to offer encryption to everyone, by default. And
two, we should resist demands from governments to weaken encryption. Any weakening, even in the
name of legitimate law enforcement, puts us all at risk. Even though criminals benefit from strong
encryption, we're all much more secure when we all have strong encryption. This originally appeared in
Securing Safe Spaces Online. EDITED TO ADD: Last month, I blogged about a UN report on the value of
encryption technologies to human freedom worldwide. This essay is the foreword to a companion
document: To support the findings contained in the Special Rapporteur's report, Privacy International,
the Harvard Law School's International Human Rights Law Clinic and ARTICLE 19 have published an
accompanying booklet, Securing Safe Spaces Online: Encryption, online anonymity and human rights
which explores the impact of measures to restrict online encryption and anonymity in four particular
countries -- the United Kingdom, Morocco, Pakistan and South Korea.

--xt encryption prerequisite


Encryption key organizing any movements in general

Yen 15, (Andy, Graduate from Harvard Physics and Economics, Scientist at European
organization for Nuclear research, Co-founder of Protonmail a email encryption startup, Idea for
Ted Talks, Why we should all care about encryption. Really, http://ideas.ted.com/why-we-shouldall-care-about-encryption-really/, AL)
In extremis, it has been possible to read someones letter, to listen to someones call, to listen in on mobile communications, said British Prime Minister David Cameron following the
attacks on the offices of Charlie Hebdo magazine in Paris in January 2015. The question remains: are we going to allow a means of communications where it simply is not possible to
do that? My answer to that question is: no, we must not. Meanwhile, over in the United States, President Obama said, If we find evidence of a terrorist plot and despite having a
phone number, despite having a social media address or email address, we cant penetrate that, thats a problem. POLITICIANS ARE NOTORIOUSLY TERRIBLE ARBITERS OF
TECHNOLOGY. These reactions are typical. And perhaps its true if 100% transparency were to somehow magically appear, we might live in a world free of terror and cyberattacks.

The reality is we need some privacy in our lives, and


encryption lies at the foundation of privacy. In every aspect of online security email, banking, medical records we need
encryption to keep our data from falling into the wrong hands. Access to encryption keys whether through back doors or by
storing keys in places where they can be stolen would make the keys themselves useless . Its not just that someone could peer into our
lives by viewing our emails. Do politicians really want us all to send our banking passwords and medical records in plain text so that anyone could read them? Politicians are
notoriously terrible arbiters of technology. If security experts from around the world are unanimously calling for stronger instead
of weaker encryption, perhaps the politicians should listen. 3. Maybe we dont have anything to hide now but maybe we will later. Arguments in favor of
But are we really comfortable living in a world where all of our private details are available for all to see?

surveillance rest on assurances that governments are always benign. But there are many examples of data snooping being used to crush dissent one of the most tragic being
Chinas imprisonment of dissidents, including Wang Xiaoming, using data supplied by Yahoo. Although governments certainly benefit from corporate complicity, they dont like to solely
rely on the cooperation of entities like Yahoo. Consider the persistent efforts of the NSA and other government security organizations to require software back doors in operating
systems to grant them at-will access to data on private servers and computers. Governments dont want to wait for legislation to grant them this access. Recent revelations by the
Russian security software maker Kaspersky Lab show that a shadowy, U.S.-linked intelligence agency installed software deep into the firmware of millions of hard drives at the
manufacturer level, rendering it invisible and undetectable. With this software, a remotely based intelligence agency can not only slip past firewalls and antivirus programs to view whats
on the drives, but could also turn their host computers into tools for future attacks. THERE

IS NO SUCH THING AS A BACK DOOR THAT ONLY LETS


THE GOOD GUYS IN. Why should we care about these back doors if we have nothing to hide? Privacy empowers and protects the minority. The
ability to communicate, organize, and discuss without government interference is what gives dissidents a voice. Without privacy
rights, a democratic government accountable to all of its people not just the majority simply cannot exist. Someday you may find
yourself in the minority. Why encryption is worth fighting for Taking away encryption is not going to suddenly make the world a safer place but it
will make dissidents and activists suffer. Just as importantly, taking away encryption allows invisible observers to place every action of ordinary citizens under a
microscope and file it away for future reference. If we squander privacy by allowing back doors or building illicit vulnerabilities into encryption
tools, there is nothing to protect us from prying corporations, spying governments or even criminals bent on abusing our data.
Unfortunately, there is no such thing as a back door that only lets the good guys in. Data must always be encrypted, end-to-end,
period before it leaves your computer. Privacy is a fundamental right. Lets not squander it in the name of security.

Encryption is key to creating politics of dissent Plan is a prerequisite to the alt

Yen 15, (Andy, Graduate from Harvard Physics and Economics, Scientist at European organization
for Nuclear research, Co-founder of Protonmail a email encryption startup, Idea for Ted Talks,
Why we should all care about encryption. Really, http://ideas.ted.com/why-we-should-all-careabout-encryption-really/, AL)
In extremis, it has been possible to read someones letter, to listen to someones call, to listen in on mobile communications, said British Prime Minister David
Cameron following the attacks on the offices of Charlie Hebdo magazine in Paris in January 2015. The question remains: are we going to allow a means of
communications where it simply is not possible to do that? My answer to that question is: no, we must not. Meanwhile, over in the United States, President
Obama said, If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we cant
penetrate that, thats a problem. POLITICIANS ARE NOTORIOUSLY TERRIBLE ARBITERS OF TECHNOLOGY. These reactions are typical. And perhaps its
true if 100% transparency were to somehow magically appear, we might live in a world free of terror and cyberattacks. But are we really comfortable living in a
world where all of our private details are available for all to see? The reality is we need some privacy in our lives, and encryption lies at the

foundation of privacy. In every aspect of online security email, banking, medical records we need encryption to keep our
data from falling into the wrong hands. Access to encryption keys whether through back doors or by storing keys in places where they can be stolen
would make the keys themselves useless. Its not just that someone could peer into our lives by viewing our emails. Do politicians really want us all to send
our banking passwords and medical records in plain text so that anyone could read them? Politicians are notoriously terrible arbiters of technology. If security
experts from around the world are unanimously calling for stronger instead of weaker encryption, perhaps the politicians should listen. 3. Maybe we dont have

anything to hide now but maybe we will later. Arguments in favor of surveillance rest on assurances that governments are always

benign. But there are many examples of data snooping being used to crush dissent one of the most tragic being Chinas
imprisonment of dissidents, including Wang Xiaoming, using data supplied by Yahoo . Although governments certainly benefit from
corporate complicity, they dont like to solely rely on the cooperation of entities like Yahoo . Consider the persistent efforts of the NSA and other
government security organizations to require software back doors in operating systems to grant them at-will access to data on private servers and computers.
Governments dont want to wait for legislation to grant them this access. Recent revelations by the Russian security software maker Kaspersky
Lab show that a shadowy, U.S.-linked intelligence agency installed software deep into the firmware of millions of hard drives at the manufacturer level, rendering
it invisible and undetectable. With this software, a remotely based intelligence agency can not only slip past firewalls and antivirus programs to view whats on the
drives, but could also turn their host computers into tools for future attacks. THERE IS NO SUCH THING AS A BACK DOOR THAT ONLY LETS THE GOOD
GUYS IN. Why should we care about these back doors if we have nothing to hide? Privacy empowers and protects the minority. The ability to

communicate, organize, and discuss without government interference is what gives dissidents a voice. Without privacy rights, a
democratic government accountable to all of its people not just the majority simply cannot exist . Someday you may find
yourself in the minority. Why encryption is worth fighting for Taking away encryption is not going to suddenly make the world a safer place but it
will make dissidents and activists suffer. Just as importantly, taking away encryption allows invisible observers to place every action of ordinary citizens
under a microscope and file it away for future reference. If we squander privacy by allowing back doors or building illicit vulnerabilities into encryption tools, there
is nothing to protect us from prying corporations, spying governments or even criminals bent on abusing our data. Unfortunately, there is no such thing as a back
door that only lets the good guys in. Data must always be encrypted, end-to-end, period before it leaves your computer. Privacy is a fundamental right. Lets
not squander it in the name of security.

Encryption key to human rights--- solves anonymity


Anna Crowe et al. 15--- Sarah Lee, Mark Verstrete, Carly Nyst, Matthew Rice, Chris Weatherhear, Bonnie Docherty, Tyler Giannini. Anna
Crowe is a Clinical Advocacy Fellow at the international human rights clinic. Crowe worked on transitional justice issues with the International
Crisis Group in Colombia as a Henigson Human Rights Fellow from Harvard Law School. Anna holds an LLM from Harvard Law School and
bachelor's degrees in Law, History and Political Studies from the University of Auckland. Sarah Lee and Mark Verstraete are clinical students at
Harvard Law. Carly Nyst, Legal Director of Privacy International, reviewed the booklet and provided editorial direction. Matthew Rice and Chris
Weatherhead from Privacy International. Bonnie Docherty is a Senior Clinical Instructor, and Tyler Giannini, Co-Director of IHRC, reviewed the
booklet for IHRC. (Crowe et al., Securing Safe Spaces Online, 6/17/15. p.8. Privacy International. http://hrp.law.harvard.edu/wpcontent/uploads/2015/06/Securing-Safe-Spaces-Online-2.pdf)//ET
Less secure forms of encryption also exist. For example, if an individual uses Gmail to send an email, Google uses HTTPS (Hypertext Transfer Protocol over an
encrypted connection) to send that email between Googles servers and email users inboxes. The use of HTTPS prevents unauthorised access to the email
while it is in transit, but Google can still view a plaintext version of the email (the text of the email the sender wrote) while it is stored on its servers. In this
booklet,online anonymitymeans the ability of individuals to conceal their identity when sharing and accessing information and
opinions online. Anonymity is a deeply held value for many internet users and has contributed to a robust internet public sphere. The inventor of the World
Wide Web, Tim Berners Lee, has proposed an onlineMagna Cartathat would explore the principles of privacy, free speech, and responsible anonymity. 5
Expressing views anonymously online does not necessarily require the use of encryption; however, as tools that help internet users
to remain anonymous often utilise encryption, anonymity and encryption are closely linked. Anonymity has long been a means by
which individuals could freely enjoy their right to impart and receive information. The use of pseudonyms, nom de plumes and pen names to
conceal an author's identity has been common throughout history. Anonymity has been essential to the publication of works that critique
governments or powerful actors, or expose wrongdoings. Equally, anonymity plays an important role in securing human rights
online. In a 2013 report, Frank La Rue, then Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, noted
that[a]nonymity of communications is one of the most important advances enabled by the internet, and allows individuals to express
themselves freely without fear of retribution or condemnation. 6 He also observed thatwillingness to engage in debate on controversial subjects in the
public sphere has always been linked to possibilities for doing so anonymously. Legal Restrictions on Personal Use of Encryption Legal restrictions on the
personal use of encryption may be general such as general bans on the use of encryption without government permission or targeted, such as requirements
for individuals to decrypt specific pieces of information. In Pakistan, a general ban exists, subject to an exception that allows individuals to seek permission from
the government to use encryption. Moroccan law, meanwhile, is ambiguous on whether personal use of encryption requires prior government authorisation.

Encryption key to privacy provides means for individuals to share information without
government interference
Kaye 15, (David, Special Rapporteur on freedom of expression, report to the Human Rights Council, Report of the Special
Rapporteur on the promotion and protection of the right to freedom of opinion and expression
http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx, AL)
Contemporary digital technologies offer Governments, corporations, criminals and pranksters unprecedented capacity to
interfere with the rights to freedom of opinion and expression. Online censorship, mass and targeted surveillance and data
collection, digital attacks on civil society and repression resulting from online expression force individuals around the world to
seek security to hold opinions without interference and seek, receive and impart information and ideas of all kinds. Many seek to protect their security
through encryption, the scrambling of data so only intended recipients may access it, which may be applied to data in transit (e.g., e-mail,
messaging, Internet telephony) and at rest (e.g., hard drives, cloud services ). Others seek additional protection in anonymity, using
sophisticated technologies to disguise their identity and digital footprint. Encryption and anonymity, todays leading vehicles for online security,

provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and
information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those
persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to
freedom of opinion and expression.

Encryption protects citizens from Governmental privacy invasions


Kaye 15, (David, Special Rapporteur on freedom of expression, report to the Human Rights Council, Report of the Special
Rapporteur on the promotion and protection of the right to freedom of opinion and expression
http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx, AL)
Individuals and civil society are subjected to interference and attack by State and non-State actors, against which encryption and
anonymity may provide protection. In article 17 (2) of the International Covenant on Civil and Political Rights, States are obliged
to protect privacy against unlawful and arbitrary interference and attacks . Under such an affirmative obligation, States should
ensure the existence of domestic legislation that prohibits unlawful and arbitrary interference and attacks on privacy, whether
committed by government or non-governmental actors . Such protection must include the right to a remedy for a violation. In
order for the right to a remedy to be meaningful, individuals must be given notice of any compromise of their privacy through, for
instance, weakened encryption or compelled disclosure of user data. 19.
The first article of the Universal Declaration of
Human Rights recognizes that everyone is endowed with reason and conscience, a principle developed further in human rights
law to include, among other things, the protection of opinion, expression, belief, and thought. Article 19 (1) of the International
Covenant on Civil and Political Rights, also echoing the Universal Declaration, provides that everyone shall have the right to
hold opinions without interference. Opinion and expression are closely related to one another, as restrictions on the right to
receive information and ideas may interfere with the ability to hold opinions, and interference with the holding of opinions
necessarily restricts the expression of them. However, human rights law has drawn a conceptual distinction between the two.
During the negotiations on the drafting of the Covenant, the freedom to form an opinion and to develop this by way of reasoning
was held to be absolute and, in contrast to freedom of expression, not allowed to be restricted by law or other power. The ability
to hold an opinion freely was seen to be a fundamental element of human dignity and democratic self-governance, a guarantee
so critical that the Covenant would allow no interference, limitation or restriction. Consequently, the permissible limitations in
article 19 (3) expressly apply only to the right to freedom of expression in article 19 (2). Interference with the right to hold
opinions is, by contrast, per se in violation of article 19

ADV CHINA

--xt plan k/t china


Encryption backdoors bad for cybersecurity, econ, US cred, and privacy-hypocrisy against Chinas
policies
Timm 15 (Trevor, Executive Director of Freedom of the Press Foundation, 3/4/15, Timm, The Guardian,
http://www.theguardian.com/commentisfree/2015/mar/04/backdoors-encryption-china-apple-google-nsa)-SK
Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look no further than President
Obamas stark criticism of Chinas plan to do exactly that on Tuesday. If only he would tell the FBI and NSA the same thing. In a
stunningly short-sighted move, the FBI - and more recently the NSA - have been pushing for a new US law that would force tech
companies like Apple and Google to hand over the encryption keys or build backdoors into their products and tools so the
government would always have access to our communications. It was only a matter of time before other governments jumped on
the bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago. As President Obama
himself described to Reuters, China has proposed an expansive new anti-terrorism bill that would essentially force all foreign
companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track
of all the users of those services. Obama continued: Those kinds of restrictive practices I think would ironically hurt the Chinese
economy over the long term because I dont think there is any US or European firm, any international firm, that could credibly get
away with that wholesale turning over of data, personal data, over to a government. Bravo! Of course these are the exact
arguments for why it would be a disaster for US government to force tech companies to do the same. (Somehow Obama left that
part out.) As Yahoos top security executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week,
building backdoors into encryption is like drilling a hole into a windshield. Even if its technically possible to produce the flaw and we, for some reason, trust the US government never to abuse it - other countries will inevitably demand access for
themselves. Companies will no longer be in a position to say no, and even if they did, intelligence services would find the
backdoor unilaterally - or just steal the keys outright. Advertisement For an example on how this works, look no further than last
weeks Snowden revelation that the UKs intelligence service and the NSA stole the encryption keys for millions of Sim cards
used by many of the worlds most popular cell phone providers. Its happened many times before too. Security expert Bruce
Schneier has documented with numerous examples, Back-door access built for the good guys is routinely used by the bad
guys. Stamos repeatedly (and commendably) pushed the NSA director for an answer on what happens when China or Russia
also demand backdoors from tech companies, but Rogers didnt have an answer prepared at all. He just kept repeating I think
we can work through this. As Stamos insinuated, maybe Rogers should ask his own staff why we actually cant work through
this, because virtually every technologist agrees backdoors just cannot be secure in practice. (If you want to further understand
the details behind the encryption vs. backdoor debate and how what the NSA director is asking for is quite literally impossible,
read this excellent piece by surveillance expert Julian Sanchez.) Its downright bizarre that the US government has been warning
of the grave cybersecurity risks the country faces while, at the very same time, arguing that we should pass a law that would
weaken cybersecurity and put every single citizen at more risk of having their private information stolen by criminals, foreign
governments, and our own. Forcing backdoors will also be disastrous for the US economy as it would be for Chinas. US tech
companies - which already have suffered billions of dollars of losses overseas because of consumer distrust over their
relationships with the NSA - would lose all credibility with users around the world if the FBI and NSA succeed with their plan. The
White House is supposedly coming out with an official policy on encryption sometime this month, according to the New York
Times but the President can save himself a lot of time and just apply his comments about China to the US government. If he
knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a debate?

Sustaining encryption backdoors spills over hurts China


Timm 15 - Co-founder and the executive director of the Freedom of the Press Foundation. He is a journalist, activist, and lawyer
who writes a twice weekly column for The Guardian on privacy, free speech, and national security. He has contributed to The
Atlantic, Al Jazeera, Foreign Policy, Harvard Law and Policy Review, PBS MediaShift, and Politico. J.D. from New York Law School.
(Building backdoors into encryption isn't only bad for China, Mr President, Trevor Timm, The Guardian, March 4, 2015,
http://www.theguardian.com/commentisfree/2015/mar/04/backdoors-encryption-china-apple-google-nsa)//chiragjain
Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look

no further than
President Obamas stark criticism of Chinas plan to do exactly that on Tuesday. If only
he would tell the FBI and NSA the same thing. In a stunningly short-sighted move, the FBI - and more
recently the NSA - have been pushing for a new US law that would force tech companies
like Apple and Google to hand over the encryption keys or build backdoors into their products
and tools so the government would always have access to our communications. It was only a matter of time before other

governments jumped on the bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago.
As President Obama himself described to Reuters, China

has proposed an expansive new anti-terrorism


bill that would essentially force all foreign companies, including US companies, to turn
over to the Chinese government mechanisms where they can snoop and keep track of all
the users of those services. Obama continued: Those kinds of restrictive practices I think would ironically hurt the
Chinese economy over the long term because I dont think there is any US or European
firm, any international firm, that could credibly get away with that wholesale turning
over of data, personal data, over to a government. Bravo! Of course these are the exact arguments for why it would be a
disaster for US government to force tech companies to do the same. (Somehow Obama left that part out.) As Yahoos top security
executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week, building backdoors into encryption is like
drilling a hole into a windshield. Even if its technically possible to produce the flaw - and we, for some reason, trust the US
government never to abuse it - other

countries will inevitably demand access for themselves.


Companies will no longer be in a position to say no, and even if they did, intelligence services would find
the backdoor unilaterally - or just steal the keys outright. For an example on how this works, look no further than last weeks
Snowden revelation that the UKs intelligence service and the NSA

stole the encryption keys for millions of

Sim cards used by many of the worlds most popular cell phone providers. Its happened many times before too. Security expert
Bruce Schneier has documented with numerous examples, Back-door access built for the good guys is
routinely used by the bad guys. Stamos repeatedly (and commendably) pushed the NSA director for an answer on
what happens when China or Russia also demand backdoors from tech companies, but Rogers didnt have an answer prepared at all.
He just kept repeating I think we can work through this. As Stamos insinuated, maybe Rogers should ask his own staff why we
actually cant work through this, because virtually every technologist agrees backdoors

just cannot be secure in


practice. (If you want to further understand the details behind the encryption vs. backdoor debate and how what the NSA
director is asking for is quite literally impossible, read this excellent piece by surveillance expert Julian Sanchez.) Its
downright bizarre that the US government has been warning of the grave cybersecurity
risks the country faces while, at the very same time, arguing that we should pass a law
that would weaken cybersecurity and put every single citizen at more risk of having their private information stolen
by criminals, foreign governments, and our own. Forcing backdoors will also be disastrous for the US
economy as it would be for Chinas. US tech companies - which already have suffered
billions of dollars of losses overseas because of consumer distrust over their
relationships with the NSA - would lose all credibility with users around the world if the
FBI and NSA succeed with their plan. The White House is supposedly coming out with an official policy on encryption sometime this
month, according to the New York Times but the President can save himself a lot of time and just apply his comments about China
to the US government. If he knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a
debate?

U.S. encryption backdoors spill over Chinese regulations


Mills 15 Contributing Editor at Gawking Media, Freelance Journalist, Staff Writer at Future Publishing. McGill University
Bachelors Economics, Minchester College, Kings College School Wimbledon. (The U.S. Doesn't Like It When China Wants To
Build Encryption Backdoors, Chris Mills, February 28, 2015, http://gizmodo.com/the-u-s-doesnt-like-it-when-china-wants-tobuild-encry-1688651385)//chiragjain
The NSA

and U.S. tech giants have come to blows over government backdoors in
encryption products lately, with the government arguing that backdoors are vital to national
security, and the likes of Yahoo claiming it will make encryption pointless. Well, it looks the party line on backdoors changes
pretty sharpish when China is involved. As Reuters reports, China is considering a counterterrorism law that
would require technology firms to surrender encryption keys and install backdoors for
security services something that's not exactly dissimilar to the NSA activities revealed by Edward Snowden. But in an
impressive piece of hypocrisy, the US is throwing up a fit over the proposed Chinese law. Michael
Froman, the US trade representative, claims that "the rules aren't about security they are about protectionism and favoring
Chinese companies...the administration is aggressively working to have China walk back from these troubling regulations." But it's
difficult to ignore the fact that the U.S.

has undertaken nearly identical actions in the past the


PRISM program forces major tech companies to hand over access to their servers to the
NSA, via a 'specially constructed backdoor', and in a well-publicized case, even forced secure email provider Lavabit to hand over
encryption keys and SSL keys. The proposed Chinese regulations would make things easier for the

Chinese government encryption keys would be handed over as a matter of form, rather
than on request but the end result is basically identical. Something about chickens coming home to roost would be appropriate
about now. [Reuters]

China passing regulations for encryption backdoors in line with U.S.


BBC 2015 British Broadcasting Corporation (China and US clash over software backdoor proposals, British Broadcasting
Company, March 4, 2015, http://www.bbc.com/news/technology-31729305)//chiragjain

Beijing has rejected President Obama's criticism of its plan to make tech companies put
backdoors in their software and share their encryption keys if they want to operate in China. On
Monday, Mr Obama told the Reuters news agency he had "made it very clear" China had to change its policy if it
wanted to do business with the US. But Beijing said it needed the powers to combat terror ism
and tackle leaks. It also suggested the West was guilty of having double standards. "The legislation is China's domestic affair, and we
hope the US side can take a right, sober and objective view towards it," said Chinese foreign ministry spokeswoman Hua Chunying.
"On the information-security issue, there

was a [recent] media revelation that a certain country

embedded spying software in the computer system of another country's Sim card maker, for surveillance activities. This
is only one out of the recently disclosed cases. "All countries are paying close attention to this and taking measures to safeguard their
own information security, an act that is beyond any reproach." The case she was referring to involved allegations that US cyber-spies
had hacked a Dutch Sim card manufacturer in order to help decrypt their targets' communications. At another press conference,
parliamentary spokeswoman Fu Ying drew attention to the fact that the US government had imposed restrictions on Chinese
companies including Huawei and ZTE. And she suggested that Beijing's

proposals were in line with the same


kind of access to internet correspondence sought by the US and British governments. "We will
definitely continue to listen to extensive concerns and all the parties' views, so we can make the law's formulation more rigorous,"
she added. The rules are part of a proposed counter-terrorism law set to be discussed by China's annual parliament session, the
National People's Congress (NPC), which opens on Thursday. Backdoor graphic Experts warn that adding backdoors to software
could make products vulnerable to hackers 'Paranoid espionage' President Obama's comments had followed the publication of a
fresh draft of the proposed law, which was made public last week. It

"would essentially force all foreign


companies, including US companies, to turn over to the Chinese government mechanisms where
they can snoop and keep track of all the users of those services", the US leader said. "As you might imagine
tech companies are not going to be willing to do that," he added. Microsoft, Cisco, Oracle and IBM are
among firms that would potentially be affected. While the comments by Chinese officials were measured, the government's press
service, Xinhua, was more critical. It accused the US leader of arrogance and hypocrisy, noting that the FBI had criticised Apple and
Google last year for building encryption into their smartphone operating systems, and again drew attention to allegations about the
US National Security Agency's activities made public by the whistleblower Edward Snowden. " With

transparent
procedures, China's anti-terrorism campaign will be different from what the United States
has done: letting the surveillance authorities run amok and turn counter-terrorism into
paranoid espionage and peeping on its civilians and allies," Xinhua wrote. "Contrary to the accusations of the United States,

China's anti-terror law will put no unfair regulatory pressures on foreign companies,
because the provisions will apply to both domestic and foreign firms. " Insecure systems The
Conservative party has indicated it wants to expand the UK's cyber-spies' surveillance powers it if wins the May election. Microsoft
sign in China US firms, including Microsoft, are hoping to boost profits by selling their services to China "Our manifesto will make
clear that we will... use all the legal powers available to us to make sure that, where appropriate, the intelligence and security
agencies have the maximum capability to intercept the communications of suspects while making sure that such intrusive
techniques are properly overseen," Home Secretary Theresa May told Parliament in January. One expert said it should be no
surprise that the West was finding it difficult to prevent China seeking greater cyber-surveillance powers of its own, but added there
were good reasons to fear its proposals. "Either behind the scenes or increasingly openly, the US and UK are justifying similar
behaviour for their own purposes, but are extremely concerned when China asks for its own capabilities," said Dr Joss Wright, from
the Oxford Internet Institute. "But what we don't want to see is a world in which internet-based products and services are riddled
with backdoors by every state that says it needs to act against terrorism. "Backdoors

are always a concern


because they result in a system that is insecure by default, and which can be exploited.
That makes everyone less safe."
China is proposing strict protectionist anti-terrorism bill Multinational
companies wont comply

Leyden 15 Online Media The Register, Public Relations and Journalism. (Obama criticises China's mandatory backdoor
tech import rules, John Leyden, The Register UK, March 5, 2015,
http://www.theregister.co.uk/2015/03/05/obama_criticises_china_tech_rules_backdoor_terrorism/)//chiragjain
As previously reported, proposed

new regulations from the Chinese government would require


technology firms to create backdoors and provide source code to the Chinese

government before technology sales within China would be authorised. China is also asking that tech companies adopt Chinese
encryption algorithms and disclose elements of their intellectual property. The new requirements, laid out in a 22-page
document approved late last year, are supposedly geared towards strengthening the cyber security
of critical Chinese industries and guarding against terrorism. In an interview with Reuters, Obama said Beijing's
far-reaching counter-terrorism law would require technology firms to hand over
encryption keys as well as installing "backdoors" into systems, thus granting Chinese authorities access in the
process. "We have made it very clear that this is something they are going to have to change if they are to do business with the
United States," Obama said. "This is something that Ive raised directly with President Xi." The proposed
essentially force

laws "would
all foreign companies, including US companies, to turn over to the Chinese

government mechanisms where they can snoop and keep track of all the users of those services," Obama added. "As you might
imagine, tech companies are not going to be willing to do that, " he said. Aside from user privacy concerns,
Western business groups such as the US Chamber of Commerce have criticised China's policies as
protectionist. The proposed rules extend the scope of recently adopted financial industry regulations that effectively
encouraged Chinese banks to buy from domestic technology vendors. The Chinese government is pushing these anti-terrorism rules
as vital in protecting state and business secrets. The disagreement marks another cyber security and technology policy difference
between US and China, with relations not yet healed from ongoing complaints about Chinese cyber espionage and the Snowden
revelations. The Snowden revelations have effectively prevented the US from taking the moral high ground on internet security and
technology policy issues. For example, Chinese Foreign Ministry Spokesperson Hua Chunying referred to the Gemalto hack in a
press conference where she was asked about Obama's criticism of China proposed laws. The legislation

is China's
domestic affair, and we hope the US side can take a right, sober and objective view towards it. On the information security
issue, there are media revelations that a certain country embedded spying software in the

computer system of other country's SIM card maker for surveillance activities. This is