Dan Geer is the Chief Information Security Officer (CISO) for In-Q-Tel, the U.S. Intelligence Community's Venture Capitalist arm. In other words, he is in charge of cybersecurity for a company funded by agencies like the NSA who are tasked with securing the internet. He's also one of the smartest people on the cutting edge of information technology. In a paper for the IEEE, he makes the following statement:
"...—states
of every stripe and virtue are arming themselves
with cyberweaponry, ipso facto, you have
no choice but to do the same." -Dan Geer
What do you think? Should we have something like the Castle Doctrine to protect our online interests? In some states, you can use the Castle Doctrine to kill someone who is on your property threatening you. Of course, in the physical world, we have police working to prevent crime and arrest criminals. Therefore, we should not expect to need to shoot criminals very often. But our police are under-funded and under-trained to protect us in the virtual world. We have Federal military and intelligence agencies to protect us against foreign states, but their scope and power is limited by the Standing Rules of Engagement (SROE) and the Posse Comitatus Act.
The Second Amendment was written so that our citizens could protect themselves against their government and so that we could have a militia defend our nation at a moment's notice. Does the same principle apply in Cyberspace?
There is a popular quote attributed to Japanese Admiral Isoroku Yamamoto during World War II where we reportedly feared invading the U.S. mainland due to the possibility of a weapon behind every blade of grass. Yamamoto probably never said that, but it continues to live on because there is a truth behind it: an army invading the U.S. certainly would face a well-armed insurgency of ethical, patriotic Americans. That is not as true in most nations.
We have convincing evidence that China sponsors hacking against American target--and they have been wildly successful. Syrian dissidents have been target with malware which probably originated from state-sponsored sources. The extent of state-sponsored hacking is hard to determine with today's open-source intelligence, but it undeniably exists and will certainly grow. Hacking groups like Anonymous are a real and persistent threat to our companies as well to individual citizens.
Can we depend on our Government to protect our digital interests, our digital equity, and our identities that span the physical and digital realm? Should we depend on our Government for complete protection? Or should we arm ourselves with cyber-weaponry and attack cyber-targets which threaten us?
