Three days before he was to leave office, President Dwight D. Eisenhower delivered his farewell address warning of the rise of the military-industry complex. Eisenhower described the "conjunction" of a large military establishment and arms industry unparalleled in American history and saw that its "total influence—economic, political, even spiritual—is felt in every city, every state house, every office of the federal government." In his new book, @War: The Rise of the Military-Internet Complex, journalist Shane Harris argues that the surveillance state and the defense contractors, tech giants, financial institutions, and telecommunication companies are forming a new alliance that will likewise shape cyberspace and American life.
In the wake of Edward Snowden’s revelations about the National Security Agency (NSA) mass surveillance programs and cyber espionage operations, Harris echoes an argument that many in the technology and Internet freedom communities make: the cure has been worse than the disease. Harris is mindful of the very real threats that exist—terrorists using the web to organize, Chinese hackers stealing intellectual property, the vulnerability of energy grids, financial institutions, and other critical infrastructure—but argues that, "in its zeal to protect cyberspace, the government, in partnership with corporations, is making it more vulnerable." This is especially clear in the NSA’s alleged efforts to undermine encryption and purchases of zero-days, unknown vulnerabilities that users and administrators have had no time to patch and address. These actions may allow the United States to strike its enemies more effectively, but also leave the vast majority of users in and outside of the United States exposed to attacks.
While Harris writes that the "NSA is not the enemy," he clearly thinks that the agency, and its former director General Keith Alexander in particular, overstepped boundaries, exploited political opportunities, and hyped the threat. Intentions are ascribed to Alexander, but they are often derived from interviews with others—people in the room at meetings with Alexander. This use of anonymous sources is a necessity, as Harris argues especially as the Obama administration prosecutes the leakers of classified material, but does raise the question of how reliable critics engaged in bureaucratic turf battles with the NSA are in describing Alexander’s thinking. In addition, how much presidents George W. Bush and Barack Obama understood about the expansion of the NSA’s power remains unclear. In some instances in Harris’ narrative, the White House enthusiastically embraces new technological capabilities. In others, it seems to be absentmindedly led by the NSA.
Harris hammers home the blurring of the boundaries between offense and defense. In almost all the cases he describes, the success of U.S. operations depends on active intelligence gathering and computer network operations. He also does a good job describing how intertwined the private and public sector are becoming as private companies take actions that were previously the responsibilities of states, such as developing and amassing arsenals of malware, publicly identify nation states as responsible for hacking campaigns, and sharing threat intelligence. At the same, the government is heavily involved in commercial markets. NSA officials warn of the risk Chinese and Russian hackers pose to banks, retailers, and other businesses, and these business in turn look to cybersecurity companies founded by former NSA, Defense Department, and Justice Department officials for their defense.
Given this blending obfuscates actors and interests, the book would benefit from a more rigorous typology. Many things are described as cyber war when they in fact are espionage or sabotage. Moreover, the book overstates how new and unprecedented cyber operations are. Harris describes the hacking of insurgents cell phones in Iraq and the planting of false information that leads to ambushes as an almost revolutionary breakthrough. As Jason Healey points out in his history of cyber conflict, A Fierce Domain, most of the change in cyberspace have been gradual enough for us to learn from the past. The Union cavalry, for example, used captured Confederate telegraph stations to send false telegraph messages.
Harris brings new details both to hacking cases that have already been widely discussed in the press and to those less publicly known. @War concludes by suggesting that governments will not be the dominant actor in cyberspace, "at least not from day to day." Rather, corporations will take the lead in defense, with companies increasingly making strong security a selling point for consumers. Yet these commercial pressures raises the possibility that the the military-Internet complex will neither be as stable nor as long lasting as the military-industrial complex. As Harris notes, ever since the Snowden revelations, the technology companies have been scrambling to distance themselves from the United States government, introducing legal and technical challenges to surveillance (see, for example, Microsoft resisting a government warrant to hand over data stored in Ireland, and Apple and Android introducing encryption by default on mobile phones). The military-Internet complex may come apart not because of the protests of the American people, but because of Google, Apple, and facebook have to satisfy customers in Brazil, India, and Russia.