Page II: Counter-terrorism adviser to four US presidents Richard Clarke discusses whether cyberterrorism is a misnomer or a real threat.
Oh yes. One thing I know that the United States did before the war was to use the Internet to communicate directly with Iraqi soldiers and to send personalised messages saying, 'We're about to invade. We're going to overwhelm you and if you resist us we're going to kill you. But we don't want to do that. So really the best thing for you to do when we invade is to go home'. Each senior officer of the Iraqi army got that message and most of them went home.
How much can governments see of what goes on in the Internet? Can they see every e-mail?
Oh no. There are technical and legal reasons. The legal reason is, in the US at least, is that you need a court order for each person [to see each e-mail]. The technical reason is that there is too much traffic.
It's interesting what you say about liberty and security and how the two mirror each other...
They can. But I argue that you can't have civil liberties without some degree of security. On the other hand, if you do security improperly, then it can erode civil liberties. So it's getting the balance of security and civil liberties right so one reinforces the other without eroding the other.
Take privacy rights -- if you pass privacy legislation, say, and make all information 'protected' but then the companies aren't required to have real IT security ... the fact that [information] is supposed to be protected and you can't be insured commercially doesn't mean it's protected. So privacy laws are only as good as the security that supports them.
How well do you think governments are dealing with security?
In what sense? The governments themselves?
In protecting their countries.
Well, I think most governments are not doing a very good job of protecting government. And that's unfortunate given all the privacy information about all of us that governments have. I think governments are also not doing a good job of protecting cyberspace that their citizens employ. They are certainly not doing a good job of helping companies within their countries. Private companies for their own part, and for that matter citizens, are pretty much on their own in the cyberworld.
We see an awful lot of fear, uncertainty and doubt heading our way, which almost seems to reflect the state of politics today. Some would say that the IT security market seems to be taking advantage of this. How do you feel about that?
I think that the IT security companies have grown up and no longer are employing fear, uncertainty and doubt as a marketing message. I think what they are saying instead is IT security can be an enabler that can allow companies to do things they would otherwise have been unable to do. And you can open up markets by having IT security. The distinction between IT security and IT management is also blurry. I see less marketing now in terms of fear, uncertainty and doubt.
Howard Schmidt [another head of cybersecurity at the White House] said that people are doing a better job of security. Would you agree with him?
1%
1%
Quote:
How much can governments see of what goes on in the Internet? Can they see every e-mail?
Oh no. There are technical and legal reasons. The legal reason is, in the US at least, is that you need a court order for each person [to see each e-mail]. The technical reason is that there is too much traffic.
Isn't the whole implementation of the Carnivore server combines with the Patriot Act supposed to make a court order unnecessary?