1NC ST Garimella-Wang vs KQ Franz rd 1 draft
advertisement
1NC KQ Franz T 1. Interpretation – Surveillance is systematic and routine attention to personal details for the purpose or influence or detention. Richards, 2013 Neil M. Professor of Law, Washington University. "The Dangers of Surveillance" Harv. L. Rev. 126 1934 http://www.harvardlawreview.org/wpcontent/uploads/pdfs/vol126_richards.pdf What, then, is surveillance? Scholars working throughout the English-speaking academy have produced a thick descriptive literature examining the nature, causes, and implications of the age of surveillance.6 Working under the umbrella term of “surveillance studies,” these scholars represent both the social sciences and humanities, with sociologists making many of the most significant contributions.7 Reviewing the vast surveillance studies literature, Professor David Lyon concludes that surveillance is primarily about power, but it is also about personhood.8 Lyon offers a definition of surveillance as “the focused, systematic and routine attention to personal details for purposes of influence, management, protection or direction.”9 Four aspects of this definition are noteworthy, as they expand our understanding of what surveillance is and what its purposes are. First, it is focused on learning information about individuals. Second, surveillance is systematic; it is intentional rather than random or arbitrary. Third, surveillance is routine — a part of the ordinary administrative apparatus that characterizes modern societies.10 Fourth, surveillance can have a wide variety of purposes — rarely totalitarian domination, but more typically subtler forms of influence or control.11 2. Violation – Backdoors are not surveillance because there is no observation of personal information on a routine basis David Omand 15, 3-19-2015, visiting professor at King’s College London. "Understanding Digital Intelligence and the Norms That Might Govern It," Global Commission On Internet Governance Paper Series: no. 8 — March 2015 , https://www.cigionline.org/publications/understanding-digital-intelligence-and-normsmight-govern-it The second issue concerns how an invasion of privacy of digital communications is defined. Is it when the computer of an intercepting agency accesses the relevant packets of data along with the rest of the streams of digital information on a fibre optic cable or other bearer? Or is it when a sentient being, the intelligence analyst, can actually see the resulting information about the communication of the target? Perhaps the most damaging loss of trust from the Snowden allegations has come from the common but unwarranted assumption that access in bulk to large volumes of digital communications (the “haystack”) in order to find the communications of intelligence targets (the wanted “needles”) is evidence of mass surveillance of the population, which it is not.∂ The distinction is between authorizing a computer to search through bulk data on the basis of some discriminating algorithm to pull out sought-for communications (and discard the rest) and authorizing an analyst to examine the final product of the material thus filtered and selected. It is the latter step that governs the extent of, and justification for, the intrusion into personal privacy. The computer filtering is, with the right discriminator, capable (in theory, of course, not in actual practice) of selecting out any sought for communication. But that does not mean the population is under mass surveillance.47 Provided the discriminator and selection program chosen and used by the accessing computer only selects for human examination the material that a warrant has authorized, and the warrant is legally justified, then the citizens’ privacy rights are respected. Of course, if the selectors were set far too broadly and trawled in too much for sentient examination, then the exercise would fail to be proportionate (and would be unlawful, therefore, in most jurisdictions). 3. Prefer our interpretation A. Limits are necessary for negative preparation and clash, and their interpretation makes the topic too big. B. Including data gathering as surveillance makes the topic unmanageable and undebateable for the negative. 4. Topicality is a voting issue. K Narratives of the apocalypse require focus on the future rather than on the now – this creates the inability to challenge forms of injustice that happen in the present. Queers challenge notions of survivalism by rethinking the present into a radically different world based on what the end would hold Kouri-Towe ’13 (Natalie; 6/16/13; Fuse, “Queer Apocalypse: Survivalism and Queer Life at the End” http://fusemagazine.org/2013/06/36-3_kouri-owe) Queer adjective • Strange, odd, peculiar, eccentric. Also: of questionable character; suspicious, dubious. noun informal • colloq. (freq. derogatory). A homosexual; esp. a male homosexual. verb informal • To put out of order; to spoil. Also: to spoil the reputation or chances of (a person); to put (a person) out of favour (with another). • To cause (a person) to feel queer; to disconcert, perturb, The apocalypse is coming and queers are going to spoil it. As narratives of impending apocalypse and postapocalyptic survival permeate our cultural and political landscapes, it becomes increasingly easy to imagine our end. Whether the end of a sustainable environment, the end of culture, or the end of global capitalist economies, the end of life as we know it is both a terrifying possibility and a promising fantasy of a radically different form of life beyond the present. Mainstream depictions of postapocalyptic survival largely centre on the archetypical figure of the male saviour or hero, and advance a familiar patriarchal instrumentalization of women’s bodies as vessels for the survival of the human species. But what alternate stories might we tell about the end, and how might a queer framework reshape our apocalyptic narratives? The proposal to think queerly about the apocalypse is not an attempt to rescue apocalypse stories from the insidious reproduction of hegemonic relations; rather it is an opportunity to playfully consider what queer approaches to survival at the end might offer to our rethinking of the present. Apocalyptic narratives are appealing because we find it hard to imagine a radically different social and political world without the complete destruction of the institutions and economies that were built and sustained through colonial and imperial violence and exploitation. If we are already thinking and talking about the apocalypse, then queer thinking about the apocalypse serves as an opportunity for rethinking narratives of politics in both the future and the present. As global, structural, economic and political asymmetries accelerate, more people live in conditions lacking basic resources like food and water, and increasingly suffer from criminalization and incarceration. It is clear that postapocalyptic survival is also not simply a fiction but a daily reality for many people. From refugee camps to welfare reforms, unsettle. Now rare. [1] survival is more than an exercise in imagining a different world. But, even for those who are not living through conditions of We take pleasure in imagining how we might prepare or attempt survival in a shifted environment because to imagine how catastrophic loss, thinking about apocalypse is enticing. we might live differently is to introduce new realms of possibility for living differently in our present. So how can we reconcile both the demand for attending to the crisis of survival in the present and the fantasy of postapocalypse? Here queerness might offer us some considerations for rethinking the apocalypse and narratives of survival. Queer Survivalism Survivalism noun • A policy of trying to ensure one’s own survival or that of one’s social or national group. • The practicing of outdoor survival skills. [2] If survivalism is wrapped up in the preservation of the nation state, of race, of gender or of our social order in general, then the first contribution of queerness to the apocalypse is its disruption to the framing of who and what survives, and how. There can be no nation in queer postapocalyptic survival, because the nation presents a foundational problem to queer survival. The nation, which regulates gender and reproduction, requires normalized organizations of sexual and family life in order to reproduce or preserve the national population. If we are already at the end, then why not consider survival without the obligation of reproduction and the heteronormative family? Masculinist narratives of postapocalyptic survival deploy the male protagonist as the extension of the nation . Here, the male hero stands in the place of the military, the police or the law by providing safety and security to his family and “weak” survivors Queer survivalism, on the other hand, disrupts the normative embodiments of survivalism by redirecting our desires to queer bodies, opening up survival to those outside of the prototypes of fitness and health. Because postapocalyptic narratives replicate racist and ableist eugenic tropes of “survival of the fittest,” a queering of survivalism opens up space for thinking about, talking about and planning for more varied and accessible frameworks for doing survival. Conversely, a queering of survival might also open up the option of choosing not to survive, through the refusal of reproduction or the refusal of life itself. The Queer Apocalypse Apocalypse noun • More generally: a disaster resulting in drastic, irreversible damage to like children and animals. human society or the environment, esp. on a global scale; a cataclysm. [3] If we are going to imagine the destruction of the world as we know it, then why not make these fictions meaningful to the present? Lee Edelman has argued that queerness is “the place of If queerness is a kind of end to the norms and structures of our world, then it makes sense that queerness might say something meaningful about imagining the end. Narratives of postapocalyptic survival function primarily as stories of individual survival against a hostile world, and often a hostile other — in the form of dangerous strangers or zombies. These narratives privilege the individual as the basic unit for survival, replicating the neoliberal values of individualism. At best, these narratives expand beyond the individual survivor when he is joined by his immediate family or builds a new family. Queer models of kinship offer alternate frameworks for imagining survival beyond the individual, through collectivity and alternative kinships. If we are going to imagine surviving either our present or our impending futures, we need collectives to survive. This is old news to people who have long survived through collective struggle and collective support. This is not to simply produce a romantic the social order’s death drive.” [4] fantasy of a utopian community, but rather to acknowledge and recognize that strength comes from organizing together. If capitalist, nationalist, patriarchal, heteronormative and neoliberal logics tell us that we’re each responsible for our own lives, then what better queering can we offer than to reimagine stories of how we think about survival, or even to refuse to survive? So what tools do we need for queer survival? First, we need alternative models for building survival strategies . For instance, learning how to repurpose everyday objects, everyday networks and everyday resources. [5] Second, we need to consider models of communalism, and to develop better ways of communicating and working through conflict. Third, we need to strategize collectively, share skills, build skills and foster collaboration. And lastly, we need to mobilize what queers do best — spoiling, twisting and perverting the normative narratives that dominate survivalism and stories of apocalypse. The state is anti-queer. Violence becomes inevitable because the world is founded on the abuse and domination over queer bodies, which the aff’s use of the state perpetuates. The kritik also functions as a way to attack problematic systems that are used to control and destroy Mary Nardini gang 2009 (criminal queers from Milwaukee, Wisconsin “toward the queerest insurrection” 2009) A fag is bashed because his gender presentation is far too femme. A poor transman can’t afford his life-saving hormones. A sex worker is murdered by their client. A genderqueer persyn is raped because ze just needed to be “fucked straight”. Four black lesbians are sent to prison for daring to defend themselves against a straightmale attacker.1 Cops beat us on the streets and our bodies are being destroyed by pharmaceutical companies because we can’t give them a dime. Queers experience, directly with our bodies, the violence and domination of this world . Class, Race, Gender, Sexuality, Ability; while often these interrelated and overlapping categories of oppression are lost to abstraction, queers are forced to physically understand each. We’ve had our bodies and desires stolen from us, mutilated and sold back to us as a model of living we can never embody. 1 Free the New Jersey 4. And let’s free everyone else while we’re at it. Foucault says that “power must be understood in the first instance as the multiplicity of force relations immanent in the sphere in which they operate and which constitute their own organization; as the processes which, through ceaseless struggles and confrontations, transforms, strengthens or reverses them; as the support which these force relations find in one another, thus forming a chain or system, or on the contrary, the disjunctions and contradictions which ; and lastly, as the strategies in which they take effect, whose general design or institutional crystallization is embodied in the state apparatus, in the formulation of the law, in the various social hegemonies.” We experience the complexity of domination and social control amplified through heterosexuality. When isolate them from one another police kill us, we want them dead in turn. When prisons entrap our bodies and rape us because our genders aren’t similarly contained, of course we want fire to them all. When borders are erected to construct a national identity absent of people of color and queers, we see only one solution: every The perspective of queers within the heteronormative world is a lens through which we can critique and attack the apparatus of capitalism. We can analyze the ways in which Medicine, the Prison System, the Church, the State, Marriage, the Media, Borders, the Military and Police are used to control and destroy us. More importantly, we can use these cases to articulate a cohesive criticism of every way that we are alienated and dominated. Queer is a position from which to attack the normative - more, a position from which to understand and attack the ways in which normal is reproduced and reiterated. In destabilizing and problematizing normalcy, we can destabilize and become a problem for the Totality. nation and border reduced to rubble. VII Violence against queerness results in the annihilation of identity—this is a form of soul murder Yep, Lovaas, and Elia 03 Professors, San Francisco University (Gust, Karen, and John, Journal of Homosexual Studies, Vol. 45, No. 2/3/4, pp. 18,) These are the internal injuries that individuals inflict upon themselves. Very early in life children learn from interpersonal contacts and mediated messages that deviations from the heteronormative standard, such as homosexuality, are anxiety-ridden, guiltproducing, fear-inducing, shame-invoking, hate-deserving, psychologically blemishing, and physically threatening. Internalized homophobia, in the form of self-hatred and self-destructive thoughts and behavioral patterns, becomes firmly implanted in the lives and psyches of individuals in heteronormative society. Exemplifying the feelings and experiences of many people who do not fit in the heteronormative mandate, Kevin Jennings (1994) tells us his personal story: I was born in 1963. . . . [I] realized in grade school that I was gay. I felt absolutely alone. I had no one to talk to, didn’t know any openly gay people, and saw few representations of gays in the media of the 1970s. I imagined gay people were a tiny, tiny minority, who had been and would always be despised for their “perversion.” Not once in high school did I ever learn a single thing about homosexuality or gay people. I couldn’t imagine a happy life as a gay man. So I withdrew from my peers and used alcohol and drugs to try to dull the pain of my isolation. Eventually, at age seventeen I tried to kill myself, like one out of every three gay teens. I saw nothing in my past, my present, or (it seemed) my future suggesting that things would ever get any better. (pp. 13-14) Heteronormativity is so powerful that its regulation and enforcement are carried out by the individuals themselves through socially endorsed and culturally accepted forms of soul murder. Soul murder is a term that I borrow from the child abuse and neglect literature to highlight the torment of heteronormativity (Yep, 2002). Shengold (1999) defines soul murder as the “apparently willful abuse and neglect of children by adults that are of sufficient intensity and frequency to be traumatic . . . [so that] the children’s subsequent emotional development has been profoundly and predominantly negatively affected” (p. 1). Further explaining this concept, Shengold (1989) writes, “soul murder is neither a diagnosis nor a condition. It is a dramatic term for circumstances that eventuate in crime–the deliberate attempt to eradicate or compromise the separate identity of another person” (p. 2, my emphasis). Isn’t the incessant policing and enforcement, either deliberately or unconsciously, by self and others, of the heteronormative mandate a widespread form of soul murder? The alternative is to embrace failure as a radical means of rejecting normative notions of success and productivity Halberstam 11. J. J. Jack Halberstam, professor of English at the University of Southern California, The Queer Art of Failure, pg. 2 In this book I range from children’s animation to avant-garde performance and queer art to think about ways of being and knowing success in a heteronormative, capitalist society equates too easily to specific forms of reproductive maturity that stand outside of conventional understandings of success. I argue that combined with wealth accumulation. But these measures of success have come under serious pressure recently, with the collapse of financial markets on the one hand and the epic rise in divorce rates on the other. If the boom and bust years of the late twentieth century and the early twenty-first have taught us anything, we should at least have a healthy critique of static models of success and failure . Rather than just arguing for a reevaluation of these standards of passing and failing, The Queer Art of Failure dismantles the logics of success and failure with which we currently live. Under certain circumstances failing , losing , forgetting , unmaking , undoing , unbecoming , not knowing may in fact offer more creative , more cooperative , more surprising ways of being in the world . Failing is something queers do and have always done exceptionally well ; for queers failure can be a style , to cite Quentin Crisp, or a way of life , to cite Foucault, and it can stand in contrast to the grim scenarios of success that depend upon “ trying and trying again. ” In fact if success requires so much effort , then maybe failure is easier in the long run and offers different rewards . What kinds of reward can failure offer us? Perhaps most obviously, failure allows us to escape the punishing norms that discipline behavior and manage human development with the goal of delivering us from unruly childhoods to orderly and predictable adulthoods . Failure preserves some of the wondrous anarchy of childhood and disturbs the supposedly clean boundaries between adults and children, winners and losers. And while failure certainly comes accompanied by a host of negative affects, such as disappointment, disillusionment, and despair, it also provides the opportunity to use these negative affects to poke holes in the toxic positivity of contemporary life . As Barbara Ehrenreich reminds us in Bright- sided, positive thinking is a North American affliction , “a mass delusion ” that emerges out of a combination of American exceptionalism and a desire to believe that success happens to good people and failure is just a consequence of a bad attitude rather than structural conditions (2009: 13). Positive thinking is offered up in the U.S. as a cure for cancer, a path to untold riches, and a surefire way to engineer your own success. Indeed believing that success depends upon one’s attitude is far preferable to Americans than recognizing that their success is the outcome of the tilted scales of race, class, and gender. As Ehrenreich puts it, “If optimism is the key to material success, and if you can achieve an optimistic outlook through the discipline of positive thinking, then there is no excuse for failure.” But, she continues, “the flip side of positivity is thus a harsh insistence on personal responsibility ,” meaning that while capitalism produces some people’s success through other people’s failures, the ideology of positive thinking insists that success depends only upon working hard and failure is always of your own doing (8). We know better of course in an age when the banks that ripped off ordinary people have been deemed “too big to fail” and the people who bought bad mortgages are Ehrenreich uses the example of American women’s application of positive thinking to breast cancer to demonstrate how -dangerous the belief in optimism can be and how deeply Americans want to believe that health is a matter of attitude rather than environmental degradation and that wealth is a matter of visualizing success rather than having the cards stacked in your favor . For the nonbelievers outside the cult of positive thinking, however, the failures and losers, the grouchy, irritable whiners who do not want to “have a nice day” and who do not believe that getting cancer has made them better people, politics offers a better explanatory framework than personal disposition . For these negative thinkers, there are definite advantages to failing. Relieved of the obligation to keep smiling through chemotherapy or bankruptcy, the negative thinker can use the experience of failure to confront the gross inequalities of everyday life in the United States . From the perspective of feminism , failure has often been a better bet than success . Where feminine success is always measured by male standards , and gender failure often means being relieved of the pressure to measure up to patriarchal ideals , not succeeding at womanhood can offer simply too little to care about. In Bright-sided unexpected pleasures . In many ways this has been the message of many renegade feminists in the past. Monique Wittig (1992) argued in the 1970s that if womanhood depends upon a heterosexual framework , then lesbians are not “women ,” and if lesbians are not “women ,” then they fall outside of patriarchal norms and can re-create some of the meaning of their genders . Also in the 1970s Valerie Solanas suggested that if “woman” takes on meaning only in relation to “man,” then we need to “cut up men” these kinds of feminisms, what I call shadow feminisms in chapter 5, have long haunted the more acceptable forms of feminism that are oriented to positivity, reform, and accommodation rather than negativity, rejection, and transformation. Shadow feminisms take the form not of becoming, being, and doing but of shady, murky modes of undoing, unbecoming, and violating. (2004: 72). Perhaps that is a little drastic, but at any rate Case Cyber Security Cyber vulnerabilities are inevitable regardless of backdoors Tang 15 (http://www.techtradeasia.info/2015/04/enteprrises-mostly-unpreparedfor.html, Enterprises mostly unprepared for cyberattacks: Intel Security)//A.V. A new report, Tackling Attack Detection and Incident Response* from the Enterprise Strategy Group (ESG), has found that security professionals are inundated with security incidents, averaging 78 investigations per organisation in the last year. Over a quarter (28%) of those incidents involved targeted attacks – one of the most dangerous and potentially damaging forms of cyberattacks. According to the IT and security professionals surveyed in the study, commissioned by Intel Security (formerly McAfee), better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency and effectiveness of the information security staff. “When it comes to incident detection and response, time has an ominous correlation to potential damage,” said Jon Oltsik, Senior Principal Analyst at ESG. “The longer it takes an organisation to identify, investigate, and respond to a cyberattack, the more likely it is that their actions won’t be enough to preclude a costly breach of sensitive data. With this in mind, Chief Information Security Officers (CISOs) should remember that collecting and processing attack data is a means toward action -- improving threat detection and response effectiveness and efficiency.” Nearly 80% of the people surveyed believe the lack of integration and communication between security tools creates bottlenecks and interferes with their ability to detect and respond to security threats. Real-time, comprehensive visibility is especially important for rapid response to targeted attacks, and 37% called for tighter integration between security intelligence and IT operations tools. In addition, the top time-consuming tasks involved scoping and taking action to minimise the impact of an attack, activities that can be accelerated by integration of tools. These responses suggest that the very common patchwork architectures of dozens of individual security products have created numerous silos of tools, consoles, processes and reports that prove very time consuming to use. These architectures are creating ever greater volumes of attack data that drown out relevant indicators of attack. Security professionals surveyed claim that real-time security visibility suffers from limited understanding of user behaviour and network, application, and host behaviour. While the top four types of data collected are network-related, and 30% collect user activity data, it’s clear that data capture isn’t sufficient. Users need more help to contextualise the data to understand what behaviour is worrisome. This gap may explain why nearly half (47%) of organisations said determining the impact or scope of a security incident was particularly time consuming. Users understand they need help to evolve from simply collecting volumes of security event and threat intelligence data to more effectively making sense of the data and using it to detect and assess incidents. Fiftyeight percent said they need better detection tools, such as static and dynamic analysis tools with cloud-based intelligence to analyse files for intent. Fifty-three percent say they need better analysis tools for turning security data into actionable intelligence. One-third called for better tools to baseline normal system behaviour so teams can detect variances faster. People who took the survey admitted to a lack of knowledge of the threat landscape and security investigation skills, suggesting that even better visibility through technical integration or analytical capabilities will be inadequate if incident response teams cannot make sense of the information they see. For instance, only 45% of respondents consider themselves very knowledgeable about malware obfuscation techniques, and 40% called for more training to improve cybersecurity knowledge and skills. The volume of investigations and limited resources and skills contributed to a strong desire among respondents for help incident detection and response. Forty-two percent reported that taking action to minimise the impact of an attack was one of their most time-consuming tasks. Twenty-seven percent would like better automated analytics from security intelligence tools to speed real-time comprehension; while 15% want automation of processes to free up staff for more important duties. “Just as the medical profession must deliver heart-attack patients to the hospital within a ‘golden hour’ to maximise likelihood of survival, the security industry must work towards reducing the time it takes organisations to detect and deflect attacks, before damage is inflicted,” said Chris Young, General Manager at Intel Security. “This requires that we ask and answer tough questions on what is failing us, and evolve our thinking around how we do security.” The ESG believes that there is a hidden story within the Intel Security research that hints at best practices and lessons learned. This data strongly suggests that CISOs: · Create a tightly-integrated enterprise security technology architecture CISOs must replace individual security point tools with an integrated security architecture. This strategy works to improve the sharing of attack information and cross-enterprise visibility into user, endpoint, and network behaviour, not to mention more effective, coordinated responses. · Anchor their cybersecurity strategy with strong analytics, moving from volume to value Cybersecurity strategies must be based upon strong security analytics. This means collecting, processing, and analysing massive amounts of internal and external data. Internal data includes logs, flows, packets, endpoint forensics, static/dynamic malware analysis, organisational intelligence (i.e., user behaviour, business behaviour, etc.) while external data would cover threat intelligence and vulnerability notifications, among others. · Automate incident detection and response whenever possible Because organisations will always struggle to keep up with the most recent attack techniques, CISOs must commit to more automation such as advanced malware analytics, intelligent algorithms, machine learning, and the consumption of threat intelligence to compare internal behaviour with incidents of compromise (IoCs) and tactics, techniques, and procedures (TTPs) used by cyber-adversaries. · Commit to continuous cybersecurity education CISOs should require ongoing cyber-education for their security teams, including an annual series of courses that provide individual professionals more depth of understanding of threats and best practices for efficient and effective incident response. Can't solve grid—too many operational burdens Parthemore & Rogers, ‘10 [Christine, Fellow, Will, Bacevich Fellow, Center for New American Security, “Nuclear Reactors on Military Bases May Be Risky,” Center for a New American Security, 5-20, http://www.cnas.org/node/4502] Many serious complications must be weighed as well. Military base personnel often do not have the necessary training in nuclear reactor management, oversight and regulatory credentials. Nuclear reactors would necessitate additional qualified personnel and improved physical security requirements to meet the 24/7 operations needs. As with siting for all energy production, local public resistance could be problematic. When considering the impact of a reactor casualty, the resulting impact on the operational mission effectiveness of the tenant commands on the base must also be considered so as to avoid a single point vulnerability that disables all military operations on site. And while many private companies are touting new designs for small reactors that would work well in this capacity, the technology may still be years away from fully meeting technical requirements and federal regulatory standards.13 Proliferation considerations would also need to be part of any adjudication of what types of reactors are most suitable for these purposes. Cyber doom impacts are not supported by evidence and their authors have a financial incentive to make the impacts seem worse than they are. Lawson, 2013, Sean Department of Communication University of Utah. "Beyond Cyber-Doom: Assessing the Limits of Hypothetical Scenarios in the Framing of Cyber-Threats." Journal of Information Technology & Politics 10.1 (2013): 86-103. Nonetheless, many cybersecurity proponents continue to offer up cyber-doom scenarios that not only make analogies to weapons of mass destruction (WMDs) and the terrorist attacks of 9/11, but also hold out economic, social, and even civilizational collapse as possible impacts of cyberattacks. A report from the Hoover Institution has warned of so-called “eWMDs” (Kelly & Almann, 2008); the FBI has warned that a cyberattack could have the same impact as a “wellplaced bomb” (FOXNews.com, 2010b); and official DoD documents refer to “weapons of mass disruption,” implying that cyberattacks might have impacts comparable to the use of WMD (Chairman of the Joint Chiefs of Staff 2004, 2006). John Arquilla, one of the first to theorize cyberwar in the 1990s (Arquilla & Ronfeldt, 1997), has spoken of “a grave and growing capacity for crippling our tech-dependent society” and has said that a “cyber 9/11” is a matter of if, not when (Arquilla, 2009). Mike McConnell, who has claimed that we are already in an ongoing cyberwar (McConnell, 2010), has even predicted that a cyberattack could surpass the impacts of 9/11 “by an order of magnitude” (The Atlantic, 2010). Finally, some have even compared the impacts of prospective cyberattacks to the 2004 Indian Ocean tsunami that killed roughly a quarter million people and caused widespread physical destruction in five countries (Meyer, 2010); suggested that cyberattack could pose an “existential threat” to the United States (FOXNews.com 2010b); and offered the possibility that cyberattack threatens not only the continued existence of the United States, but all of “global civilization” (Adhikari, 2009). In response, critics have noted that not only has the story about who threatens what, how, and with what potential impact shifted over time, but it has done so with very little evidence provided to support the claims being made (Bendrath, 2001, 2003; Walt, 2010). Others have noted that the cyber-doom scenarios offered for years by cybersecurity proponents have yet to come to pass and question whether they are possible at all (Stohl, 2007). Some have also questioned the motives of cybersecurity proponents. Various think tanks, security firms, defense contractors, and business leaders who trumpet the problem of cyber attacks are portrayed as selfinterested ideologues who promote unrealistic portrayals of cyber-threats (Greenwald, 2010). No war from economic collapse – empirics prove Barnett ’09 (Thomas P.M. Barnett, Thomas P.M. Barnett is an American military geostrategist and Chief Analyst at Wikistrat, 24 Aug 2009, “ The New Rules: Security Remains Stable Amid Financial Crisis”, http://www.worldpoliticsreview.com/articles/4213/the-new-rules-security-remains-stable-amid-financialcrisis) SRK When the global financial crisis struck roughly a year ago, the blogosphere was ablaze with all sorts of scary predictions of, and commentary regarding, ensuing conflict and wars -- a rerun of the Great Depression leading to world war, as it were. Now, as global economic news brightens and recovery -- surprisingly led by China and emerging markets -- is the talk of the day, it's interesting to look back over the past year and realize how globalization's first truly worldwide recession has had virtually no impact whatsoever on the international security landscape. None of the more than threedozen ongoing conflicts listed by GlobalSecurity.org can be clearly attributed to the global recession. Indeed, the last new entry (civil conflict between Hamas and Fatah in the Palestine) predates the economic crisis by a year, and three quarters of the chronic struggles began in the last century. Ditto for the 15 low-intensity conflicts listed by Wikipedia (where the latest entry is the Mexican "drug war" begun in 2006). Certainly, the Russia-Georgia conflict last August was specifically timed, but by most accounts the opening ceremony of the Beijing Olympics was the most important external trigger (followed by the U.S. presidential campaign) for that sudden spike in an almost two-decade long struggle between Georgia and its two breakaway regions. Looking over the various databases, then, we see a most familiar picture: the usual mix of civil conflicts, insurgencies, and liberation-themed terrorist movements. Besides the recent Russia-Georgia dust-up, the only two potential state-on-state wars (North v. South Korea, Israel v. Iran) are both tied to one side acquiring a nuclear weapon capacity -- a process wholly unrelated to global economic trends. And with the United States effectively tied down by its two ongoing major interventions (Iraq and Afghanistan-bleeding-into-Pakistan), our involvement elsewhere around the planet has been quite modest, both leading up to and following the onset of the economic crisis: e.g., the usual counter-drug efforts in Latin America, the usual military exercises with allies across Asia, mixing it up with pirates off Somalia's coast). Everywhere else we find serious instability we pretty much let it burn, occasionally pressing the Chinese -- unsuccessfully -- to do something. Our new Africa Command, for example, hasn't led us to anything beyond advising and training local forces. So, to sum up: *No significant uptick in mass violence or unrest (remember the smattering of urban riots last year in places like Greece, Moldova and Latvia?); *The usual frequency maintained in civil conflicts (in all the usual places); *Not a single state-on-state war directly caused (and no great-power-on-great-power crises even triggered); *No great improvement or disruption in great-power cooperation regarding the emergence of new nuclear powers (despite all that diplomacy); *A modest scaling back of international policing efforts by the system's acknowledged Leviathan power (inevitable given the strain); and *No serious efforts by any rising great power to challenge that Leviathan or supplant its role. (The worst things we can cite are Moscow's occasional deployments of strategic assets to the Western hemisphere and its weak efforts to outbid the United States on basing rights in Kyrgyzstan; but the best include China and India stepping up their aid and investments in Afghanistan and Iraq.) Sure, we've finally seen global defense spending surpass the previous world record set in the late 1980s, but even that's likely to wane given the stress on public budgets created by all this unprecedented "stimulus" spending. If anything, the friendly cooperation on such stimulus packaging was the most notable great-power dynamic caused by the crisis. Can we say that the world has suffered a distinct shift to political radicalism as a result of the economic crisis? Indeed, no. The world's major economies remain governed by center-left or center-right political factions that remain decidedly friendly to both markets and trade. In the short run, there were attempts across the board to insulate economies from immediate damage (in effect, as much protectionism as allowed under current trade rules), but there was no great slide into "trade wars." Instead, the World Trade Organization is functioning as it was designed to function, and regional efforts toward free-trade agreements have not slowed. Can we say Islamic radicalism was inflamed by the economic crisis? If it was, that shift was clearly overwhelmed by the Islamic world's growing disenchantment with the brutality displayed by violent extremist groups such as al-Qaida. And looking forward, austere economic times are just as likely to breed connecting evangelicalism as disconnecting fundamentalism. At the end of the day, the economic crisis did not prove to be sufficiently frightening to provoke major economies into establishing global regulatory schemes, even as it has sparked a spirited -and much needed, as I argued last week -- discussion of the continuing viability of the U.S. dollar as the world's primary reserve currency. Naturally, plenty of experts and pundits have attached great significance to this debate, seeing in it the beginning of "economic warfare" and the like between "fading" America and "rising" China. And yet, in a world of globally integrated production chains and interconnected financial markets, such "diverging interests" hardly constitute signposts for wars up ahead. Frankly, I don't welcome a world in which America's fiscal profligacy goes undisciplined, so bring it on -- please! Add it all up and it's fair to say that this global financial crisis has proven the great resilience of America's post-World War II international liberal trade order. Do I expect to read any analyses along those lines in the blogosphere any time soon? Absolutely not. I expect the fantastic fearmongering to proceed apace. That's what the Internet is for. Hegemony US rivals are not close to catching up – even if they can innovate tech they will not be able to turn it into productivity to compete with the U.S. – Japan and Taiwan prove. Bhidé ‘9 Amar Bhidé, Thomas Schmidheiny Professor in The Fletcher School of Law and Diplomacy @ Tufts, was Glaubinger Professor of Business at Columbia University. “The Venturesome Economy: How Innovation Sustains Prosperity in a More Connected World”. Winter 2009. Journal of Applied Corporate Finance • Volume 21 Number 1. http://bhide.net/venturesome_press/JACF_Venturesome_Economy_1_bhide.pdf The world is a long way from being “flat”—China and India aren’t anywhere close to catching up with the U.S. in their capacity to develop and use technological innovations. Starting afresh may allow China and India to leapfrog ahead in some fields, in building advanced mobile phone networks, for example. But excelling in the overall innovation game requires a great and diverse team, which, history suggests, takes a very long time to build. Consider Japan, which began to “enter the world” after the Boshin War of 1868. In the subsequent Meiji Restoration, the country abolished its feudal system and instituted a Western legal system and a quasiparliamentary constitutional government. In a few decades, Japan had modernized its industry, its military, and its educational system. Today Japan is a highly developed economy and makes important contributions to advancing the technological frontier. But nearly a century and a half after Japan started modernizing, its overall capacity to develop and use innovations, as evidenced by the country’s average productivity, remains behind that of the U.S. Similarly, Korea and Taiwan started industrializing (as it happens, under Japanese rule) about a century ago and enjoyed miraculous rates of growth after the 1960s. In several sectors of the electronics industry, Korean and Taiwanese companies are technological leaders. Yet their overall productivity suggests they have less capacity than Japan to develop and use innovations. Is it likely, then, that within any reader’s lifetime China and India will attain the parity with the U.S. that has eluded Japan, Korea, and Taiwan? Alt causes – spending cuts prevent tech competitiveness now Alivisatos et al 13 (Paul Alivisatos is director of Lawrence Berkeley National Laboratory. Eric D. Isaacs is director of Argonne National Laboratory. Thom Mason is director of Oak Ridge National Laboratory) (PAUL ALIVISATOS, ERIC D. ISAACS, AND THOM MASONMAR 12 2013, The Sequester Is Going to Devastate U.S. Science Research for Decades, http://www.theatlantic.com/politics/archive/2013/03/the-sequester-is-going-todevastate-us-science-research-for-decades/273925/) Less than one percent of the federal budget goes to fund basic science research -- $30.2 billion out of the total of $3.8 trillion President Obama requested in fiscal year 2012. By slashing that fraction even further, the government will achieve short-term savings in millions this year, but the resulting gaps in the innovation pipeline could cost billions of dollars and hurt the national economy for decades to come.∂ As directors of the Department of Energy's National Laboratories, we have a responsibility both to taxpayers and to the thousands of talented and committed men and women who work in our labs. We are doing everything we can to make sure our scientists and engineers can keep working on our nation's most pressing scientific problems despite the cuts. It's not yet clear how much funding the National Labs will lose, but it will total tens of millions of dollars. Interrupting -- or worse, halting -- basic research in the physical, biological, and computational sciences would be devastating, both for science and for the many U.S. industries that rely on our national laboratory system to power their research and development efforts.∂ Instead, this drop in funding will force us to cancel all new programs and research initiatives, probably for at least two years. This sudden halt on new starts will freeze American science in place while the rest of the world races forward, and it will knock a generation of young scientists off their stride, ultimately costing billions in missed future opportunities.∂ New ideas, new insights, new discoveries -- these are the lifeblood of science and the foundation of America's historic culture of innovation and ingenuity. The science community recognizes the importance of those new ideas, so we have systems in place to make sure great new ideas get a chance to thrive. Every ongoing federally funded science program is reviewed regularly to make sure it's on track and likely to yield results. Each year, stalled programs are terminated to make room for more promising lines of research. Under sequestration, we will continue to review and cull unsuccessful research efforts, but we won't be able to bring in new ideas to take their place.∂ Every federal agency that supports basic scientific research is facing this impossible dilemma. The National Science Foundation -- which funds 20 percent of all federally supported basic research at American colleges and universities -- just announced it is cutting back on 1,000 new research grants it had planned to award this year. The Department of Energy's Office of Science, the nation's largest supporter of basic research in the physical sciences, will have to shut the door on hundreds of new proposals as well. The impact will multiply as long-planned and overdue supercomputer upgrades and other necessary investments in our scientific infrastructure are stretched out, delayed, or put on hold indefinitely.∂ The National Laboratories aren't just crucial to America's scientific infrastructure. They are also powerful engines of economic development. Nobel Prize-winning economist Robert Solow has calculated that over the past half century, more than half of the growth in our nation's GDP has been rooted in scientific discoveries -- the kinds of fundamental, missiondriven research that we do at the labs. This early-stage research has led to extraordinary real-world benefits, from nuclear power plants to compact fluorescent bulbs to blood cholesterol tests. Because the United States has historically valued scientific inspiration, our government has provided creative scientists and engineers with the support, facilities, and time they need to turn brilliant ideas into real-world solutions.∂ Basing funding decisions solely on short-term fiscal goals risks the heart of America's scientific enterprise and long-term economic growth -diminishing our world leadership in science, technology and in the creation of cuttingedge jobs.∂ Sequestration won't have an immediate, visible impact on American research. Laboratories will continue to open their doors, and scientists and engineers will go to work. But as we choke off our ability to pursue promising new ideas, we begin a slow but inexorable slide to stagnation. We can't afford to lose a generation of new ideas and forfeit our national future. No challengers or war – the only risk of war is from the US pursuing a primacy strategy Green 14 (Brendan Rittenhouse Green, assistant professor of political science at the University of Cincinnati who writes on international relations theory, national security policy, and military behavior, PhD in political science from MIT, “Security Threats in Contemporary World Politics: Potential Hegemons, Partnerships, and Primacy,” in A Dangerous World?: Threat Perception and U.S. National Security, 2014) The United States faces very few security threats from nation-states. The era of potential hegemons has passed: no state is going to conquer a region and turn its power against the Western Hemisphere. The contemporary balance of power, a geography of peace, very difficult military tasks, and nuclear weapons make largescale continental conquest impossible. There will be no blockade of the Western Hemisphere and no corresponding transformation of America into a garrison state. Hitler and Stalin still serve as the backdrop to American grand strategy, yet we will never see their likes again.∂ Such threats as do exist from nation-states, Washington brings on itself. America’s primacy strategy ties itself to regional politics in a way that helps little and could be quite dangerous. Managing security relations abroad is either unnecessary, because of the high costs of war, or unlikely to work in the case of highly dedicated revisionist states. But once committed to a strategy of primacy, policymakers will probably not shy away from the wars they fail to prevent. Primacy will only further stoke the longtime American obsession with credibility, as the strategy hinges on widespread beliefs that America will protect the status quo. Political relationships will tend to take on a value of their own, whether or not they are worth defending. And a powerful America committed abroad will be prone to adventures that have little to do with its security.∂ To put the point sharply: the United States spends hundreds of billions of dollars a year —and risks war—largely to stop other people from fighting among themselves. The common story that reducing regional competition abroad makes America more secure at home is close to being backwards. The United States is tremendously safe; ill-considered decisions to let its alliances lead it into unnecessary foreign conflicts are the only threat Washington faces from states. Politics among nations may well still have some danger, but it is dangerous to America only by its own choice. US hegemony is uncontested and inevitable – no shift in power balance for the foreseeable future Cohen 14 (Michael A., fellow at the Century Foundation, former columnist for Foreign Policy and the New York Times, former senior fellow at the New America Foundation and the American Security Project, master’s degree from Columbia University where he is also an adjunct lecturer in the School of International and Public Affairs, “It’s Coming from Inside the House,” in A Dangerous World?: Threat Perception and U.S. National Security, 2014) Today, America’s military, economic, and diplomatic power is unparalleled, and its global hegemony is uncontested.∂ The United States confronts no plausible existential security threats, no great power rival, and no near-term military competitor. The U.S. military is far and away the world’s most potent, and it is able to effectively project power to every corner of the globe. America maintains a vast coterie of allies, friends, and like-minded nations with similar values and political systems. Moreover, its position as the world’s preeminent superpower is unlikely to change any time soon, because no country has the ability or inclination to challenge it. China is its closest military rival—and China spends a fraction on armaments compared with the United States. Even emerging from a sustained economic downturn, the U.S. economy remains the largest in the world—with China, at best, two to three decades away from surpassing it. Although the United States faces global challenges to its interests, they pose little actual risk to the overwhelming majority of American citizens or to the country’s security.∂ Quite simply, the United States is the world’s most dominant nation, unchallenged and more secure than any other great power in history—and it will almost certainly remain so for the foreseeable future. Solvency Loopholes exist for the FBI and NSA Cushing 14 Tim Cushing, Techdirt contributor, 12-5-14, "Ron Wyden Introduces Legislation Aimed At Preventing FBI-Mandated Backdoors In Cellphones And Computers," Techdirt., https://www.techdirt.com/articles/20141204/16220529333/ron-wyden-introduceslegislation-aimed-preventing-fbi-mandated-backdoors-cellphonescomputers.shtml//SRawal Here's the actual wording of the backdoor ban [pdf link], which has a couple of loopholes in it. (a) IN GENERAL.—Except as provided in subsection (b), no agency may mandate that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such Subsection (b) presents the first loophole, naming the very act that Comey is pursuing to have amended in his agency's favor. (b) EXCEPTION.—Subsection (a) shall not apply to mandates authorized under the Communications Assistance for Law Enforcement Act (47 U.S.C. 1001 et seq.). Comey wants to alter CALEA or, failing that, get a few legislators to run some sort of encryption-targeting legislation up the Congressional flagpole for him. Wyden's bill won't thwart these efforts and it does leave the NSA free to continue with its pre-existing homebrewed backdoor efforts -- the kind that don't require mandates because they're performed off-site without the manufacturer's knowledge. product, by any agency. Backdoors are irrelevant - cyberattacks will still happen because of lack of security AFP 14 (http://news.yahoo.com/us-unprepared-cyber-attack-9-11-report-authors190538960.html, US unprepared for cyber-attack: 9/11 report authors)//A.V. Washington (AFP) - The United States has failed to sufficiently adapt to new cyber-security threats, exposing itself to potential terror strikes as devastating as September 11, authors of the report on the 2001 attacks warned Wednesday. In July 2004, the independent 9/11 commission issued a comprehensive, nearly 600-page report with numerous recommendations for upgrading the US security apparatus to avoid a new catastrophe. A decade later the commission's former members have released a blunt follow-up, pointing out gaps in US security that increase the risk of cyber-attacks on infrastructure, including energy, transport and finance systems, and the theft of intellectual property from the private sector. After exhaustive meetings with national security officials, "every single one of them said we're not doing what we should be doing to protect ourselves against cyber-security" threats, former 9/11 commission co-chair Tom Kean told a House homeland security panel. "And because this stealing of information is so invisible to the American public, they don't realize what a disaster it is." The new report, released Monday, warned that the fight against terrorism was entering a "new and dangerous phase" marked by a sense of "counterterrorism fatigue" that masked the urgency needed to address emerging threats. "We are at September 10th levels in terms of cyber preparedness," it quoted a former senior national security leader as saying. The former commissioners pointed to the difficulties in beefing up a security posture that brings government and the private sector into cooperation. "The government is doing much better protecting itself and its systems than it is helping the private sector protect itself. We think our vulnerability in the latter area is greater," former commission member Jamie Gorelick said. "We are uncomfortable with having our national security apparatus operating in the private sector," she added. "But if you think about what the real threats are, an enemy who would shut down our power grid for example, those are real threats to which I don't believe we have great answers at the moment." For months Congress and the White House have debated cyber-security legislation that would improve information sharing about cyber threats between federal authorities and companies in strategic sectors. But such coordination remains contentious, amid concerns about the confidentiality of personal data. Plan doesn’t solve – only stops surveillance of vulnerabilities, does not close backdoors The NSA has historically used 0-Days for the same purposes as backdoors, Heartbleed proves. Zetter 15 Kim Zetter is an award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security. She is writing a book about Stuxnet, a digital weapon that was designed to sabotage Iran's nuclear program, 3-30-2015, "US Used Zero-Day Exploits Before It Had Policies for Them," WIRED, http://www.wired.com/2015/03/us-used-zeroday-exploits-policies/ AROUND THE SAME time the US and Israel were already developing and unleashing Stuxnet on computers in Iran, using five zeroday exploits to get the digital weapon onto machines there, the government realized it needed a policy for how it should handle zero-day vulnerabilities, according to a new document obtained by the Electronic Frontier Foundation. The document, found among a handful of heavily redacted pages released after the civil liberties group sued the Office of the Director of National Intelligence to obtain them, sheds light on the backstory behind the development of the government’s zero-day policy and offers some insight into the motivations for establishing it. What the documents don’t do, however, is provide support for the government’s assertions that it discloses the “vast majority” of zero-day vulnerabilities it discovers instead of keeping them secret and exploiting them. “The level of transparency we have now is not enough,” says Andrew Crocker a legal fellow at EFF. “It doesn’t answer a lot of questions about how often the intelligence community is disclosing, whether they’re really following this process, and who is involved in making these decisions in the executive branch. More transparency is needed.” The timeframe around the development of the policy does make clear, however, that the government was deploying zero-days to attack systems long before it had established a formal policy for their use . Task Force Launched in 2008 Titled “Vulnerability Equities Process Highlights,” (.pdf) the document appears to have been created July 8, 2010, based on a date in its file name. Vulnerability equities process in the title refers to the process whereby the government assesses zero-day software security holes that it either finds or buys from contractors in order to determine whether they should be disclosed to the software vendor to be patched or kept secret so intelligence agencies can use them to hack into systems as they please. The government’s use of zero-day vulnerabilities is controversial, not least because when it withholds information about software vulnerabilities to exploit them in targeted systems, it leaves every other system that use the same software also vulnerable to being hacked, including U.S. government computers and critical infrastructure systems. According to the document, the equities process grew out of a task force the government formed in 2008 to develop a plan for improving its ability “to use the full spectrum of offensive capabilities to better defend U.S. information systems.” Making use of offensive capabilities likely refers to one of two things: either encouraging the intelligence community to share information about its stockpile of zero-day vulnerabilities so the holes can be patched on government and critical infrastructure systems; or using the NSA’s cyber espionage capabilities to spot and stop digital threats before they reach U.S. systems. This interpretation seems to be supported by a second document (.pdf) released to EFF, which describes how, in 2007, the government realized it could strengthen its cyber defenses “by providing insight from our own offensive capabilities” and “marshal our intelligence collection to prevent intrusions before they happen.” One of the recommendations the task force made was to develop a vulnerabilities equities process. Some time in 2008 and 2009 another working group, led by the Office of the Director of National Intelligence, was established to address this recommendation with representatives from the intelligence community, the U.S. attorney general, the FBI, DoD, State Department, DHS and, most notably, the Department of Energy. The Department of Energy might seem the odd-man-out in this group, but the DoE’s Idaho National Lab conducts research on the security of the nation’s electric grid and, in conjunction with DHS, it also runs a control system security assessment program that involves working with the makers of industrial control systems to uncover vulnerabilities in their products. Industrial control systems are used to manage equipment at power and water plants, chemical facilities and other critical infrastructure. Although there have long been suspicions that the DoE program is used by the government to uncover vulnerabilities that the intelligence community then uses to exploit in the critical infrastructure facilities of adversaries, DHS sources have insisted to WIRED on a number of occasions that the assessment program is aimed at getting vulnerabilities fixed and that any information uncovered is not shared with the intelligence community for purposes of exploiting vulnerabilities. When a significant vulnerability in an industrial control system is discovered by the Idaho lab, it’s discussed with members of an equities group—formed by representatives of the intelligence community and other agencies—to determine if any agency that might already be using the vulnerability as part of a critical mission would suffer harm if the vulnerability were disclosed. Of course, it should be noted that this also allows such agencies to learn about new vulnerabilities they might want to exploit, even if that’s not the intent. Following the working group’s discussions with DoE and these other agencies throughout 2008 and 2009, the government produced a document titled “Commercial and Government Information Technology and Industrial Control Product or System Vulnerabilities Equities Policy and Process.” Note the words “Industrial Control” in the title, signaling the special importance of these types of vulnerabilities. The end result of the working group’s meetings was the creation of an executive secretariat within the NSA’s Information Assurance Directorate, which is responsible for protecting and defending national security information and systems, as well as the creation of the vulnerabilities equities process for handling the decision-making, notification procedures and the appeals process around the government’s use and disclosure of zero-days. We now know, however, that the equities process established by the task force was flawed, due to statements made last year by a government-convened intelligence reform board and by revelations that the process had to undergo a reboot or “reinvigoration” following suggestions that too many vulnerabilities were being withheld for exploitation rather than disclosed. Equities Process Not Transparent The equities process was not widely known outside the government until last year when the White House publicly acknowledged for the first time that it uses zero-day exploits to hack into computers. The announcement came only after the infamous Heartbleed vulnerability was discovered and Bloomberg erroneously reported that the NSA had known about the hole for two years and had remained silent about it in order to exploit it. The NSA and the White House disputed the story. The latter referenced the equities process, insisting that any time the NSA discovers a major flaw in software, it must disclose the vulnerability to vendors to be patched—that is, unless there is “a clear national security or law enforcement” interest in using it The NSA and DOD buy 0-Day vulnerabilities and use them to survey US citizens. Eliminating backdoors does not stop this. Smith 13 Ms. Smith, Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues., 5-12-2013, "U.S. government is 'biggest buyer' of zero-day vulnerabilities, report claims," Network World, http://www.networkworld.com/article/2224620/microsoft-subnet/u-s-government-is--biggest-buyer--of-zero-day-vulnerabilities--report-claims.html When it comes to exploiting zero-days for cyberweapons and cyber-spying, China's not the only "devil"...we are too, according to a Reuters report that claimed the U.S. government is the "biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers." For the first time, the Pentagon's annual report to Congress [pdf] accused the Chinese government and military of targeting U.S. government and defense networks as well as using cyber espionage to get its hands on cutting-edge military technology. While this is not new news, it's new for the Pentagon's report. Also not new was China's reaction,calling the accusations "groundless" and "hype." Some security experts were openly skeptical of the Pentagon's report, which did not mention what cyberspying the U.S. does in return. The U.S. spends billions every year on "cyberdefense and constructing increasingly sophisticated cyberweapons." NSA chief General Keith Alexander told Congress that the U.S. is "creating more than a dozen offensive cyberunits, designed to mount attacks, when necessary, at foreign computer networks." Reuters added that the NSA and Department of Defense are "spending so heavily for information on holes in commercial computer systems, and on exploits taking advantage of them, that they are turning the world of security research on its head." A n unnamed, former defense contractor for the U.S. said, "My job was to have 25 zero-days on a USB stick, ready to go ." Although intelligence agencies code some of their own zero-day exploits, Reuters said, "Private companies have also sprung up that hire programmers to do the grunt work of identifying vulnerabilities and then writing exploit code. The starting rate for a zero-day is around $50,000, some buyers said, with the price depending on such factors as how widely installed the targeted software is and how long the zero-day is expected to remain exclusive." Vendors at secret snoop conferences pimp a variety of products to assist law enforcement and intelligence agencies in spying. Vupen, which is well-known for selling zero-day exploits exclusively to governments, recently sent 12 researchers to an offensive hacking techniques conference where attendees heard talks such as "Advanced Heap Manipulation in Windows 8." While the U.S. government sent more than a dozen people to the conference, it's unknown whether the acquired knowledge or products are intended for spying on other governments or deploying malware for eavesdropping and remote searches, aka virtual force and Trojan horse warrants. ReVuln is newer to the exploits-for-sale game than Vupen, but "specializes in crafting exploits for industrial control systems that govern everything from factory floors to power generators." When "asked if they would be troubled if some of their programs were used in attacks that caused death or destruction, they said: 'We don't sell weapons, we sell information. This question would be worth asking to vendors leaving security holes in their products'." The Reuters' article warned there are "unintended consequences" when the U.S. chooses to exploit a vulnerability instead of warning the public about the hole. If and when other countries discover the vulnerability, it could be reverse-engineered and used against U.S. corporations. One such example was the Duqu malware that was "designed to steal industrial-facility designs from Iran." Duqu was copied by cybercriminals, who then "rolled it into 'exploit kits,' including one called Blackhole and another called Cool." Despite Microsoft issuing a patch, F-Secure reported that "hackers used it last year to attack 16 out of every 1,000 U.S. computers and an even greater proportion in some other countries." Security researchers are increasingly reluctant to publicly report zero-days for no compensation. The vulnerability might be worth a small fortune after all; and even though Google and Facebook pay "bounties," the companies say "they are hard-pressed to compete financially with defense-industry spending."
