A Minotaurs' Maze - Cap. Lebed
An Operational Reflection on the Challenges and Opportunities of Cyberspace
02.12.14
0
“You’ve got to hear what my nephew did yesterday!” an acquaintance of mine shouted a few weeks ago, as he entered our apartment building. “Well, what?” I asked nonchalantly, anticipating yet another story about diapers and the wonders of wet wipes. “He was sitting by the window, looking at the view, then reached out, and swiped his finger over the window, several times, from left to right, as if he was trying to change the view on the screen of his iPad!” enthused the uncle. We all laughed; but after a few moments it hit me – the future is already here.
According to figures presented by Intel Israel President Shmuel (Mooly) Eden at the recent Tel Aviv University International Cyber Conference, during the time it took for you to read the story of little Uri and the window, more than thirty hours of video clips were uploaded to YouTube, a hundred thousand tweets were published on Twitter, and around six million pages were viewed on Facebook. Uri barely managed to reach out his hand to the window, and twenty million images were scanned to Flickr, some forty-seven thousand apps were downloaded to various smartphones, and about forty-five malwares were uploaded to the network. With every passing minute, the data transferred over the network is enough to fill 230,000 CDs – a relatively small number, when compared with the forecasts for 2015, which predicted that fifteen billion (15,000,000,000) devices will be connected to the internet. The volume of wireless communications (smartphones, tablets, etc.) is expected to increase eleven-fold, and the volume of all global communications is expected to increase threefold.
Predictions regarding the extensive growth in the volume of data transferred, are not only a result of an increase in the global number of users. They are also a result of the expected fundamental change in the way users in the developed world experience communication. The vision of the Internet of Things (IoT), or the Internet of Everything (IoE), which has gained momentum, particularly in the past year, is expected to become a reality much sooner than we imagined. Soon, we will be able to look at a transparent hologram on our hand, and read our blood sugar level, or our body fat percentage; our refrigerator will buy groceries online from the supermarket, our car will signal our home that we are approaching, and the garage door will be waiting, open for us, or the kettle will be boiling; at the same time the city where we live will route us away from traffic jams by means of a sophisticated traffic lights system and make the most efficient use of power and water.
Currently, approximately 85% of all electrical appliances in the world are not part of the IoT category, since they do not comply with three basic conditions – calculation of mathematical functions, communications and a cloud platform. Nevertheless, as soon as 2020, humanity is expected to use approximately fifty billion devices based on processing and communications, all linked to an enormous data cloud. By the way, some are already considering the names to be given to larger measurement units, following the yottabyte (one yottabyte equals one thousand billion terabytes, or in short, 1024 bytes, in the decimal system).
As mentioned, it seems that this digital convenience will become an inseparable part of our world and day-to-day lives in the not so distant future. However, as great as the promise this progress brings, the risks involved are just as great. The danger is not only that my refrigerator will order seventy tons of pastrami from the shop, or that my car will insist time and time again to take me to my mother-in-law’s house, instead of my home. The danger is not even limited to espionage, identity theft, and intelligence collection as we in the military may think.[2] The main danger lies is the loss of control over every area known to us, losing control over our self-perception – as individuals, society, nation, and as pessimists would say – as the human race.
Nevertheless, I am not going to rob philosophers, psychologists, or even insurance companies of their chance to make their daily bread. In this article, I will use the complex systems theory to form a conceptual system which will hopefully help explain and shed light on the discomfort characterizing the 'cyber problem.' This discomfort is caused by a wide range of tensions, which come into being, and increase, as more children are trying to change the view seen from their windows. Privacy versus convenience, personal versus collective, secrecy versus operational effectiveness – all of these, alongside many other elements, are tensions and dilemmas which we already face, both in our private lives, and in our work in the defense establishment. The lack of borders and the infinite innate potential of cyberspace seem to suggest the following paradoxical question, a question that still remains unanswered – how does a nation’s obligation to operate in a new space come to terms with the very nature of this space, which ostensibly seeks to undermine the nation's existence?
The chaotic nature of cyberspace, the infinite number of factors of which it is composed, its tendency to self-organization, and other characteristics, make its analysis a good test-case for the research of emerging systems. Therefore, the methodology for the analysis of cyberspace proposed in this article is a holistic one – systemic, based on the complex systems theory, which I shall discuss in detail in the first part.
The second part of the article will open by an extensive discussion of the defense aspect of cyber operations. Through a review of a US Navy learning process aimed at developing an operational approach to defense in cyberspace, and by elaborating on the development of the concept of 'cloud computing' and its protection, I will explore the shift, currently taking place in the field of information security, from a 'deep defense' to a 'forward defense' thought model. The other components of cyberspace, such as collection, deterrence, influence and combating hackers will be discussed, in a systemic analysis context, at the end of this part. For various reasons, other aspects of cyber operations are not discussed in this article.
A. The Complex Systems Theory – Development and Characteristics
There are various competing approaches and schools of thought in the field of social research, and in the analysis of the social dynamics characterizing different societies. They diverge in their interpretation of observed phenomena. Nevertheless, for hundreds of years they had agreed on one basic characteristic of society – based on this or that set of laws, an intelligent management of society is attainable. Any disagreement always revolved around the nature of these laws. This concept can be summarized by a simple equation: a certain action will necessarily produce a certain outcome. This is part of the linear Cartesian philosophy.[3]
The infinite quantity of data available for research, the complexity of the analysis and the many theoretical constructions required by researchers in their work, turn modern science into a growing snowball which comes to encompass an ever-growing number of new and renewed disciplines. Thus, science finds itself being repeatedly divided into an enormous number of spheres, splitting in turn into sub-spheres, etc. Nonetheless, a review of the development of modern science reveals a surprising fact. Despite the absence of a general conceptualization, and the independence of some disciplines from others, problems, dilemmas and similar or sometimes even identical world-views are often found across many disciplines that apparently have no common characteristics or similarities.[4]
During the twentieth century, this old analytical approach gave rise to a skepticism within the scientific community concerning its ability to meet the challenges which often result from the complexity of society and modern technology. This led to a growing realization that a new understanding is required, one that would be based on comprehensive, systemic and multi-disciplinary approaches.[5]
In his seminal book, Ludwig von Bertalanffy, one of the pioneers and developers of the general systems theory, writes, “It is a change in basic categories of thought of which the complexities of modern technology are only one-and possibly not the most important manifestation. In one way or another, we are forced to deal with complexities, with ‘wholes’ or ‘systems,’ in all fields of knowledge. This implies a basic re-orientation in scientific thinking.”[6]
The development of this new systemic thinking generated the need for a formulation of a general theory for systems. Although it would not necessarily override earlier theories for specific systems, it will work in parallel with them, and possibly even organize them under a single research concept based on universal principles. Thus, in the early 1950s, von Bertalanffy (a biologist) was joined by Anatol Rapoport (mathematician), Kenneth Boulding (economist) and Ralph Gerard (physicist), to establish this new scientific discipline. In practice, their approach does not constitute a refutation of the Cartesian way of thinking, but rather provides a modern answer to, or a modern expression of, the same state of mind.
Bertalanffy defines a system as a totality of interactive elements. Therefore, he argues that the problems a certain system faces are related to reciprocal relations between the large number of variables, which exist in politics, economics, industry, commerce, and military administration. Bertalanffy proposes a set of cognitive tools for the evaluation and control of systems, based on three parameters: the first is quantitative, namely the number of elements composing the system; the second is the material, dealing with the nature of the elements; the third is the qualitative parameter, or, to be precise, the substantial parameter, focusing on the characteristics of relations between various system elements.[7]
Bertalanffy then defines two basic categories of universal systems - open systems and closed systems: “We express this by saying that living systems are basically open systems. An open system is defined as a system in exchange of matter with its environment, presenting import and export, building-up and breaking-down of its material components... closed systems... are considered to be isolated from their environment.”[8]
Over the years, the theory of general systems has undergone developments, changes and the emergence of ‘derivative theories'. Considering the scope of this article, I will not mention all stages of its development, but we cannot fail to mention the cybernetic theory which developed in the 1940s, system dynamics, which emerged in the 1960s, and the chaos theory, which gained popularity mainly in the 1990s.[9]
As stated, since its emergence in the 1950s, the theory of general systems has not presented an alternative to the Cartesian, deterministic way of thought, but rather served as a modern expression of the old way of thinking. Over time, and following the theoretical developments of the last decades, an alternative approach has emerged, namely Complexity Science, which has been gradually making inroads in the social sciences. This approach revolves around the following realization: there are systems (physical, biological and social)[10] that do not operate in accordance with the linear perception characterizing system conduct according to Bertalanffy. Complex systems are thus named because of the very nature of their behavior – complex and non-linear. According to this theory, and contrary to the Cartesian perception, the relation between actions and their outcomes shifts across a network[11] containing an infinite number of interrelations between a large number of elements.
In other words, in a given system, everything influences everything – a sort of a butterfly effect. For this reason, the most minuscule stimulus to one part of the system may lead to far-reaching consequences in its other parts, even undermining its stability or causing its destruction. For example, an insignificant genetic defect, causing a shortage of a certain enzyme in the body, which, when absent, prevents a person from digesting a certain ingredient, is liable to cause death if food containing this ingredient is eaten. In a similar manner, the December 2010 self-immolation of an ordinary Tunisian citizen, facilitated, through a series of unexpected incidents, a chain of historic events that took place during the past few years, which have been labeled 'the Arab Spring' or the “regional upheaval.” This non-linear association (a marginal action which may cause a significant change, or vice versa) makes complex systems unpredictable by definition.[12]
In order to comprehend the behavior of complex systems, it is necessary to understand not only the behavior of each of the parts that compose the system, but also the way they function together, which shapes the behavior of the entire system. We cannot describe the whole without describing its parts, and we cannot describe any component, except in relation to the other components.[13] Therefore, the nature of a system depends on the reciprocal relations between components, more than on anything else.
An additional characteristic of complex systems is that they constantly exist 'on the edge of chaos.' Since unexpected changes in complex systems are within their normative functioning, the systems always 'walk on the edge.' That is, the behavior of complex systems cannot be expected to follow any plan, their reaction will always be particular and follow the circumstances of a certain situation or moment. For example, as early as the nineteenth century, Clausewitz unintentionally formulated a complex system argument, when he stated that the battlefield is the realm of uncertainty, where events will never unfold as planned.
The chaotic nature of complex systems, and the question, “If this is the case, how does it actually work?” received an answer: The research of complex systems demonstrates that the built-in chaos and disorder are offset by a balancing and organizing force, known as 'self-organization.'[14]
The power of self-organization is no less great than that of disorder. For example, democratic society is a form of self- organization, a cultural virtue sacred to Western society. Civilian militias formed for the purpose of self-defense, at times of distress and following the weakening of the central government, constitute an additional example. Since Thomas Hobbes’ State of Nature, where the self-organization of individuals into a society was discussed, numerous academic sources document instances in which a leadership that decreases chaos and disorder (always) emerges out of groups of frightened individuals.[15]
Such an organization results from the principle of attraction towards the strongest 'attractor' among all other factors operating in a specific context. The concept of an attractor, used by the complex systems theory, could be understood as somewhat similar to 'motivation.' However, the attractor pulls toward itself, like a magnet, because it is perceived by the system as the strongest source of 'relief' at a given time. Since the system as a whole is always on the verge of collapse, it shifts incessantly between various attractors. The constant rotation of attractors is due to the influence of many varied and powerful forces, both external and internal, operating in a networked (non-linear) association, continuously exert on the components of the complex system in different manners.
But the principle of thesis and anti-thesis also applies in this case – in addition to attractors, there are other elements influencing the behavior of the system, and its shift between attractors – “repellers.”[16] Repellers and attractors have an opposite effect on the system - instead of attracting system components into self-organizing around them, they repel them, thereby influencing system self-modeling. By the way, according to this approach, the Islamic State's success is a result of it being an 'attractor' generating order (according to their worldview) in the chaotic system of the contemporary Middle East. Just like any other attractor, it is in competition with other sources of attraction and repulsion, which shape the regional system just as much as IS.[17]
As mentioned, complex systems are characterized by their infinite number of elements, and an infinite number of associations between these elements. This situation makes it extremely difficult, some say impossible,[18] to apply the basic method of scientific research – reduction. Traditionally, according to the deterministic world view, reduction for research purposes makes it possible to study and comprehend a certain part of a whole, in order to incorporate the insights deduced from the analysis into the whole. Since complex systems have an infinite number of elements and associations, they cannot be subject to reduction.[19] Therefore, in the past few decades, many modern methodologies have been developed to deal with complex systems.
On Care, Modesty, and Application Methodologies
The “complex system” lives up to its name – complex, patently unpredictable, and unyielding to research and understanding by traditional scientific methods. If we take an example from the military world, the traditional situational assessment methodology might be relevant and suitable for studying the physical condition of an enemy division over the hill; but as far as gaining input on IS, for example, or on emerging terrorist threats in desert parts of the country, assessing the situation may provide partial answers at best, which are perhaps relevant for collecting information, but not helpful for the development of knowledge.
It should be pointed out that there are many methodologies for the practical application of the complex systems theory. The relative ease with which both practitioners and experts fall under the spell of one single application methodology, which they consider the be-all and end-all, while finding themselves “fitting” reality into the dimensions of a language to which they are accustomed, only make caution and self-criticism more vital.
In recent decades, various practices of analyzing and coping with complex systems have emerged. It seems that due to the fierce competition and the daily struggle of living “on the edge of an abyss” most of these practices have been developed for the business sector. Numerous books were published over the years, advising organizations on the “correct” way of coping with the changing reality surrounding them.[20]
For instance, this remarkable practice is one of the numerous recommended methods. Due to the interdisciplinary nature of the systems approach (since a complex system is characterized by elements from a whole range of varied domains), the senior manager, or the board, should avoid “decision making” and developing long-range, linear plans, in favor of a continuous “design,” while being alert to changes taking place on the move, and navigating the organization’s ship through the rough sea of an ever-changing reality.[21]
In addition to business organizations, modern armies have also adopted the approach of systemic design. Probably due of the revolutionary spirit of the age, the pioneer in the field was the Soviet army, which adopted the approach and developed the field as early as the 1930s, and during the Second World War.[22] Operational thought methodologies for campaign planning (design) were also later developed in the Israeli and US military, first and foremost the SOD (System Operational Design). Additional developments of the concept followed in later years.
Familiarity with the principles of systems thinking does not ensure that we think systemically. Over the years, various system analysis methodologies have been developed, based on different approaches to the systems theory. However, all methodologies offer a system analysis model, problem identification / learning process and adapting the solution to a given situation. In choosing between various methodologies, three criteria may be used to gauge the applicability of a methodology’s work process: A. Do we use systems thinking alongside the methodology? B. Have we chosen the methodology most suitable to the system we are researching? C. Is the methodology accessible to non-professionals?[23]
While a good methodology might not actually require the presence of a methodology expert in the room, the choice of a methodology suitable to the context under study should be made after a great deal of thought.
B. A systemic observation of cyberspace
This section of the article contains a hidden paradox. As described in the previous section, an analysis of complex problems based on the characteristics of the complex systems theory requires a holistic systemic approach – without breaking down the problem into its various components. Why, therefore, does this section contain a breakdown of cyberspace into its known components rather than a systemic analysis of cyberspace as a complex super-system?
Since the purpose of this article is to propose a different view of the accepted aspects of cyberspace, and to offer better professional tools of coping with it, the reader will be presented with a systemic interpretation of each aspect of cyberspace, separately. The task of constructing one super-system, including all aspects as networked layers, can only be achieved by professional “cyber artists,” having a systemic overview, and following a structured learning process.
On Fighting Viruses – From a Cyber Defense System to the Human Body’s Immune System
The problem of cyber defense is the most discussed, most analyzed and most popular cyber issue, both in the practical world of information security companies and government organizations, and in the academic world. Thanks to this lively discourse, the aspect of defense might also be the most developed, from a theoretical point of view (at least in open sources). Therefore, the relevant CONOPS are also more advanced, compared with other aspects of cyber operations.
The fact that cyberspace has rapidly made its way into nearly every part of our lives (this penetration, as described in the introduction, is expected to grow exponentially) has been the main cause for the rising concern over a hostile takeover of and malicious influence on systems which we have become increasingly dependent on. Malware have been in existence for over forty years,[24] but according to a report by the Spanish information security firm Panda Security, about twenty percent of all existing malware were developed in 2013 alone.[25] In its 2013 summary, the company presented figures indicating that an average of 82,000 malware strains are created daily and distributed on the internet.[26] But in the report for the third quarter of 2014, this number increases to nearly 230,000 programs each day. Therefore, from July to September 2014 alone, more than twenty million new malware programs were developed.[27]
In the last three decades, dozens of anti-virus programs were developed and distributed in the market. They were developed and upgraded as various threats to the network were themselves developed and upgraded. The concept of defense has, of course, changed over the years, and very advanced security programs were distributed. However, they primarily added layers of defense to various internet sites, and their users. The concept of multi-layered defense draws from the core of the common defense CONOPS – the Defense-in-Depth strategy, borrowed from the tactical- operational military domain.[28]
Such defense does not focus on a complete prevention of attacks, but rather on their delay, as much as possible, particularly by means of structural redundancy. This is aimed at gaining time in which the defense system could identify the threat and prepare a suitable response. Antitank obstacles, for example, are a manifestation of the Defense in Depth approach – they do not prevent the entry of enemy tanks, but delay it. The “layers of defense” approach is accepted today by the majority of data security companies, and its gist lies in creating a security response for all strata of online traffic – from our personal computer (end user) to internet suppliers. A characteristic, visual expression, for example, can be seen in the presentation of Intel’s defense concept, as presented in the January 2014 CyberStart14 Security Conference in Helsinki:[29]
In his well-known book, An Introduction to Cybernetics (1956), Ross Ashby, a British psychiatrist and one of the “founding fathers” of cybernetics and of the complex systems theory, stated that a managing system must, by necessity, be more complex than the managed system.[30] Thus, in recent decades, security companies attempted to keep an identical, and faster if possible, rate of development and upgrade, compared with that of the various malwares. Recent years has seen the emergence of different voices in the academic (and practical) discourse on cyber defense, who seek to examine other ways of further developing Layered Defense.
There is an ever-deeper understanding that if cyber defense is already facing increasing challenges and difficulties in coping with such a vast number of attacks (some of which are particularly sophisticated), the challenge these systems face will become much greater in the future, when the volume of data traffic in cyberspace will grow exponentially. Voices are calling for a “different” thinking and for a conceptual change in the basic approach and even Symantec's Senior Vice President for Information Security, Brian Day, ceremoniously announced “the death of the antivirus” in 2014, relating to a process of changing the company’s systemic approach to cyber defense.[31]
Against the backdrop of the change in discourse among cyber defense practitioners, and even before the subject became so popular, a cooperative research[32] carried out by the US Navy Chief of Naval Operations Strategic Studies Group (SSG) and the New England Complex Systems Institute, headed by Prof. Yanir Bar-Yam, resulted in original systemic conclusions:[33]
“The original premise of Stacey (a research fellow at the institute) and Bar-Yam is that the traditional approaches to cyber defense become less relevant with the escalation of threats, and their sophistication, and the rate at which they change. Moreover, they argue that in the world of security, similar, general operation patterns can be identified, and that identifying of the characteristics of general, efficient security systems, can be useful in coping with new, complex challenges in global terrorist networks and cyber security. In the paper summarizing the joint study with the SSG, the researchers use the human immune system as an inspiration: a system facing challenges and threats that are parallel to those existing in cyberspace."
The researchers argue that this comparison becomes possible, as computer communications undergo development, becoming continuous and fast. The human immune system consists of billions of cells that coordinate responses to security challenges in the human body. The activity of the immune system cannot be understood as a centrally managed process, but rather as arising from a large number of local communications among specialized components aimed at providing an immediate emergency response. Evolutionary natural selection has made the immune system so sophisticated that it manages to be largely successful, is flexible, measurable and is generally capable of distinguishing between friend and foe in a dynamic manner.
The operation of the immune system can be divided into three layers. The first layer consists of barriers between “security domains” and their surroundings, including the skin and membranes separating the human body from its surroundings and barriers between compartments of the body. The second layer consists of responses to damage to the system which affects many cells, including repairs to barriers and tissues. The third layer, the adaptive immune system, spearheads the response to the most significant challenges to the system: detection of cells or molecules distributed through the system, specifically viruses and bacteria that can rapidly replicate to a large number, and immediately acting to neutralize them. Bar-Yam claims that all layers of the immune system have their cyber defense analogues. The third layer is the most important and sophisticated and therefore we will focus on it.
The central capabilities of the adaptive immune system are detection and response, which can also be found in any security system. Detection is achieved by mapping the secured space, its content and routine activity there, enabling distinction between threats and non-threats (“friend or foe”), during an attack. When a 'foe' that infiltrated the secured environment is detected, a response is immediately triggered. Detection and response are two distinct functions of system components, requiring careful regulation that will enable synchronized action. A comprehensive analysis of communication protocols between various immune system elements reveals patterns that enable the system to 'learn from conflict' and bolster its ability to quickly react to new threats. This system quickly distributes the knowledge of the “detection mechanisms” in the body, which are maintained or forgotten, according to their efficiency, determined by natural selection.
Researchers have repeatedly claimed that existing cyber security systems also share similar characteristics with the human immune system. The concept of barriers and separation found in the first level of security corresponds to firewalls and separation between networks. The second layer of security consists of response to system vulnerabilities, for example Domain Name Server Black Lists (DNSBLs), aimed at blocking spam distributers. The third layer of security includes antivirus software and e-mail filters that detect, and block, malware. While there is a similarity between the immune system and the current cyber defense concept, this comparison reveals two main gaps in network architecture, which prevent network security mechanisms from being relevant for tomorrow's challenges. First, there is no mechanism for distribution of knowledge generated following the identification of malware to other security mechanisms. This knowledge distribution is optional, and is enabled only if individuals actively subscribe to security systems.
While malware is capable of self-replication and distribution on the web (some even 'learning on the go' and improving as they move on), knowledge generated from blocking them at end terminals is not generated, and neither does it “teach” other end terminals, which immediately puts defense systems at a disadvantage. Second, the accepted security system concept is not systemic because it does not include collective defense systems. It does not protect the Internet but rather protects individual components of the Internet (whether user terminals or specific sites). Without a collective security system, the only way of tackling growing and changing challenges is to bolster the security of every component of the internet, a task that is far from easy. As a result, researchers argue, cyberspace lacks mechanisms that would block attack as they enter the common space, while focusing on blocking them at many attack points, after they have already spread.
Although cyber defense has long been inspired by threats to the human immune system (there is obviously a reason why a computer affected by a malware is said to be 'infected by a virus'), only the last five years have seen the emergence of systemic protection systems. The main motivation for the development of a systemic approach for information security was the development of the concept and technology of Cloud Computing. This concept, which lays the foundation for the Internet of Things, mentioned at the beginning of this article, envisions a future reality in which documents, pictures, programs, and in practice, everything that has been saved on our personal computer, will be accessible to us by means of a data “cloud” in which it will be stored.
Instead of having to purchase a program and install it on our personal computer (or on a local network), it will be possible to use data or an application that have been stored on a remote server farm, paying (if at all) per use. This use of the internet can be compared, for example, to the use of the power grid; the user is always connected to the network, paying only when they actually use electricity. In effect, anyone who has, for example, a Facebook account, and stores pictures on it, is already using cloud storage services. Cloud computing technology forces new, more stringent, information security demands. Currently, when a user (or a firm) loses “physical connection” with their personal, or business, data (when it is no longer possible to double click on My Documents), the fear of interference by hostile external parties, and of losing data, only grows.
A fundamental change of this nature now leads to a rethinking of the concept of Defense in Depth, which has led the world of cyber defense for so many years. Infrastructure suppliers can no longer allow themselves to pursue containment on their own turf, since this will endanger data they were entrusted to protect. Therefore, the emerging concept of Cloud Security is leaning more and more in the direction of a Forward Defense doctrine, designed to prevent the penetration of hostile elements, even before they reach the border.'[34] However, the current lively discourse about the nature of cloud security, its structure, and its modus operandi (significant problems of privacy protection are also playing a part) still has a long way to go before any sort of consensus is reached on CONOPS within the data security community, and among users.
Information War, and Freedom of Information – a Systemic Examination of the Components of Cyberspace
“All around the world there are people observing different parts of what is happening to them locally. And there are other people that are receiving information that they haven’t observed firsthand. In the middle, there are people who are involved in moving information from the observers to the people who will act on this information. These are three separate problems that are all tied together.
I felt that there was a difficulty in taking observations and, in an efficient way, putting them into a distribution system which could then get this information to people who would act upon it. You can argue that companies like Google, for example, are involved in this “middle” business of moving information from people who have it to people who want it. The problem I saw was that this first step was crippled, and often the last step was as well, when it came to information that governments were inclined to censor.
We can look at this whole process as justice produced by the Fourth Estate. This description, which is partly derived from my experiences in quantum mechanics, looks at the flow of particular types of information which will effect some change in the end. The bottleneck appeared to me to be primarily in the acquisition of information that would go on to produce changes that were just. In a Fourth Estate context, the people who acquire information are sources; the people who work on information and distribute it are journalists and publishers; and the people who may act on it includes everyone. That’s a high-level construct, but it then comes down to how you practically engineer a system that solves that problem, and not just a technical system but a total system. WikiLeaks was, and is, an attempt—although still very young—at a total system.”
Julian Assange[35]
Between February 18th, 2010 and September 1st, 2011, the world experienced what was later called “The biggest leak in history,” or, officially, The Cablegate Scandal. For nineteen months, the WikiLeaks website published 251,287 classified items of correspondence, which were originally sent to the US Department of State from 274 of its consulates, embassies, and other representatives around the world, including political analyses and quotations from various leaders and government ministers the world over, originally said behind closed doors. The leaked documents were originally produced between December 1966 and February 2010, and contained political analyses from world leaders, assessments of US diplomats and of officials from their host countries.
It is hard to exaggerate the influence of WikiLeaks on cyberspace. In his book, Assange quotes Sami Ben Gharbia, publisher of the Tunisian newspaper Naawat, who wrote: “Twenty days passed between the release of the Tunileaks cables, on November 28th, 2010, and the start of the Arab Spring, on December 17th, 2010. That was the day a poor street vendor named Mohamed Bouazizi set himself on fire. In a chat with a British journalist this year, Ben Ali’s propaganda minister Oussama Romdhani confessed that “Tunileaks was the coup de grâce, the thing that broke the Ben Ali system.” It wasn’t the information about corruption and cronyism, Tunisians didn’t need Tunileaks to tell them their country was corrupt. [...] What was different was the psychological effect on an establishment confronted so publicly with its own ugly image. [...] And the one telling the story wasn’t a dissident or a political conspirator. It was the US State department, an alleged ally.” [36]
Many others assign a significant, if not decisive, role to WikiLeaks in the outbreak of revolts against autocratic regimes throughout the Arab world,[37] but even if we let history be the judge of this episode, WikiLeaks’ most significant success was in putting the accessibility of information on the public agenda, on an unprecedented scale.
Back to the subject at hand, it is interesting to see that the initial reaction of cyber entities, both private and institutional, to the leaks was trying to “take it down.” The various WikiLeaks sites sustained artillery fire from all directions, the site went down and up a number of times, and an all-out war broke out against the server providers working with Assange, and against the credit card companies that supplied financial support for the project. The attacks on WikiLeaks were carried out, it would seem, out of a desire for revenge, or an intention to attack the site, for it is clear to any mediocre computer specialist that once information has been put on the internet, it stays there.
There is ample evidence. Even today one can still enter the WikiLeaks site, unimpeded, and see all the material that was published at that period, as well as new leaks that appear from time to time. The story of WikiLeaks is not mentioned here only as a spicy anecdote illustrating the dangers of the internet. WikiLeaks, particularly the Cablegate Scandal, serve as a classic example of a complex system defeating a less complex one. WikiLeaks was not only constructed in a technologically complex manner in order to withstand the outbreak of attacks on its web sites, it was constructed with a logic that destroys the operational logic of the “rival” system. The US Department of State, in its usual functioning vis-à-vis its representatives around the world, and by using an ancient principle known as document “security classification,” was not built to withstand this sort of attack.
The Anonymous group also uses a logic intended to destroy the structure of the “rival” system. Anonymous emerged sometime in 2003, as a chat group within the 4chan forum. From the beginning, Anonymous members acted together to “troll”[38] other forums, and various online games. As time went by, this joint activity shifted towards 'hacktivism' and an anti-establishment subversion. As their hacking activity became more widespread, they became more popular. Over time, the group was recognized as an “internet phenomenon,” and is today considered to have highly sophisticated hacking capabilities (in 2012 Anonymous brought down the websites of the US Department of Justice, the Federal Bureau of Investigation and of various music and entertainment companies, such as Universal music, in protest against the shutdown of the Megaupload downloading service and the steps taken by the US administration against pirate sites). One of the group’s symbols, a business suit with a question mark in place of a head, is one graphic expression of the logic behind their actions – massive, violent cyber activity, without a body to hold on to, without a spokesperson, presenters, and with no postal address.
In Wikipedia, Anonymous is classified as an “organization.”[39] As such, the page is given an Identity Card box awarded to all organizations described in Wikipedia, containing common organizational parameters (country of origin, founders, address of head office, ownership...). In the attached illustration, you can see for yourself to what an extent Anonymous fits the “common” definitions of an organization, and get a living example of the establishment's ability to 'contain' such phenomena.
I have no intention to either express support or condemn entities, organizations or individuals operating in cyberspace. Without a doubt, some hackers are exploiting their talents to severely cripple the privacy of internet users, the economic development of companies and states, and the intellectual property of artists, etc. However, as data security expert Keren Elazari has argued, hackers have the potential of becoming cyberspace's 'immune system', due to their capability to identify security breaches and system failures, and to provide warning about them.[40]
Terrorist organizations using cyberspace to gain influence does another phenomenon deserve systemic analysis. Bren and Levy have already written about this issue at length, focusing on IS's cyber operations. At the same time, there is much evidence of, and research on, online operations carried out by states such as Iran,[41] and terrorist organizations such as Hamas and Hezbollah,[42] which are aimed at gaining influence, building support and mobilizing resources. Terrorist organizations, alongside criminal organizations, exploit the anonymity of the Darknet[43] to communicate among themselves, and with other criminal networks and potential customers, all the while operating under the radar, and in complete anonymity.
I have no doubt that Western intelligence organizations are aware of this phenomenon. Shortly after WikiLeaks, a new affair broke out: the Edward Snowden leaks. In June 2013, Snowden, a former National Security Agency (NSA) employee, provided the Guardian and the Washington Post with classified material on the NSA’s most secret programs, including surveillance programs, PRISM (operated by the NSA) and Muscular (operated jointly by the NSA and the British intelligence agency GCHQ).
According to the leaked documents, PRISM is a secret plan to collect intelligence from US technology companies, operating since 2007. The companies included in the program are Microsoft (since 2007) Yahoo (since 2008), Google, Facebook and Paltalk (since 2009), YouTube (since 2010), AOL and Skype (since 2011) and Apple (since 2012). 98% of the information collected came from Yahoo, Google and Microsofta software program developed Muscular is[44] by the British intelligence agency (GCHQ) exploited a breach to access the databases of Google and Yahoo; a similar program was used by the NSA in its own surveillance program.
The efforts invested by intelligence agencies in developing collection and analysis tools to handle such huge data volumes, must, undoubtedly, have been immense. At the same time, it raises concerns regarding gross violations of civil rights protected by the US constitution, as Professor Laura Donohue of the Georgetown University argues in her article.[45] The US president himself, Barack Obama, said in his speech on the day following the publication of the classified material (my italics):
“You can't have 100 percent security and then also have 100 percent privacy and zero inconvenience. You know, we're going to have to make some choices as a society.”[46]
As a side note, one can only wonder how communications companies use information about us. If intelligence agencies needed to find vulnerabilities in order to get their hands on such valuable information, communications companies are themselves the guardians of this information. In this context, Julian Assange, in his book, quotes a 1999 article by New York Times columnist Tom Friedman: “The hidden hand of the market will never work without a hidden fist -- McDonald's cannot flourish without McDonnell Douglas, the builder of the F-15. And the hidden fist that keeps the world safe for Silicon Valley's technologies is called the United States Army, Air Force, Navy and Marine Corps.”[47] He associates it with a quotation from a 2013 book written by Google CEO Eric Schmidt and Head of Google's Ideas Division Jared Cohen: “What Lockheed-Martin was for the twentieth century, the computer security companies and their technology will be for the twenty-first century.”[48]
The ambitious intentions of intelligence agencies to tap such immense data volumes in order to identify potential (or existing) threats to their countries, are indicative of an engineering approach, according to which, the more information you have, the greater your chances of detecting a hidden threat. This approach may be feasible for finding, for example, small terror networks, planning attacks of some sort (assuming that these networks do, in fact, use tools like Gmail, Facebook or YouTube), but as for identifying trends or charting complex social systems – social networks are full of information the protected citizen shares of his own free will. While it is of course possible to use in-depth scientific analyses of attractors influencing complex systems,[49] a variety of civilian companies are developing algorithms scanning social networks, and providing successful mapping of systems and their components, which could be used just as well.
For example, People Maps, headed by Dave Troy, is a project whose purpose is to discover social connections, groups and communities in a defined geographic area. The social map thus produced, is not necessarily geographic; rather, it indicates social diversity and distinct or overlapping fields of interest among different population groups. For example, let us look at a chart of the primary fields of interest in the city of Baltimore, by a breakdown of the popular topics mentioned by its residents on the social networks:
In the map, each dot represents a person (or user), each line represents a link between people, and a color group represents a community with a common field of interest. A clear racial segregation can be noted in the social map of Baltimore. The map is almost divided into two – the left side represents mainly residents of Afro-American and Latino origin, while the right side displays mainly input about whites. One can also note the fields of interest of the two extremes, and the fact that there is no clear field of interest both share.
On the other hand, the social map of Barcelona looks completely different:
Other than the relative social cohesion, evident in the diversity of fields of interests (circles), 'hot' topics, causing a social network uproar, can clearly be identified. For instance, political expressions in support of Catalan independence, are a significant field of interest for a large group of people, who are linked, unsurprisingly, with a large group of people who are better identified as fans of the Barcelona Football Club (FCB). All groups are concerned with mainstream culture and current affairs. The map also indicates that those interested in technology, startup companies and business, share little with residents identified with either the political left, or with bottom-up movements.
Ongoing monitoring of this sort of maps enables identification of trends and gaps as they emerge, including those absent from the mainstream discourse. Mapping the opinions and thoughts of a society, enables the cyber practitioner (whether part of the establishment or not) to effectively influence target audiences, whether for the purpose of directing trends, or for defense purposes.
All the parties and the phenomena reviewed in this section – WikiLeaks, Anonymous, private hackers, states' and terrorist organizations' use the internet, Prism and Muscular, and methods of mapping social networks, express both sides of the war being currently waged over information. The wide range of topics reviewed, fall into two categories: the first, trying to gain influence in cyberspace, and the other, attempting to contend with this influence and control it. The two categories represent two contradictory approaches. The first, 'the weapon of the weak,' offers a soft approach to exerting power in cyberspace, while the second one, adopted by states, is a more rigid, total approach. There is no need to reiterate that cyberspace is a complex system which cannot be controlled, where one could at most contribute one’s own voice to the byte symphony. Therefore, despite the huge sums invested each year in the development of a technology which will allow the establishment to control the 'rogue cyberspace' it seems that the influence of civilian, non-state forces, on cyberspace, is on the rise.
Conclusion
“It is not unknown to me how many men have had, and still have, the opinion that the affairs of the world are in such wise governed by fortune and by God that men with their wisdom cannot direct them and that no one can even help them; and because of this they would have us believe that it is not necessary to labor much in affairs, but to let chance govern them. [...]I compare her to one of those raging rivers, which when in flood overflows the plains, sweeping away trees and buildings, bearing away the soil from place to place; everything flies before it, all yield to its violence, without being able in any way to withstand it; and yet, though its nature be such, it does not follow therefore that men, when the weather becomes fair, shall not make provision, both with defenses and barriers, in such a manner that, rising again, the waters may pass away by canal, and their force be neither so unrestrained nor so dangerous.”
Niccolo Machiavelli, The Prince, chapter 25
In giving wise (although controversial) advice to generations of Italian rulers, Machiavelli also provides a piece of sound advice to dealing with cyberspace. In an era characterized by a flood of information, which will certainly grow stronger, it seems that the proper way to cope with it, is not by attempting to control the rivers and seas, but rather by constructing dams and canals - by exerting influence, rather than by seizing control.
The conceptual change which the cyber security community undergoes, described at the beginning of the second section of this article, is the first and welcome step in a systemic and complex effort to cope with tomorrow’s challenges. The change from the Defense in Depth concept, layer upon layer of defenses, to a comprehensive Forward Defense, followed the realization that security companies are unable to control the information traffic to all end users in every home, while ensuring its legitimacy. Rather, information traffic should be regulated within a defined, secure area by means of one strong, forward layer of defense.
I continued by describing various trends, phenomena and practices, characterizing current activity in cyberspace. “The power struggles in the Internet,” writes Professor Karine Nahon, “are waged between conflicting sides, but framing them in terms of good against evil, anarchist versus conformist, freedom fighter versus the power-hungry person is simplistic and ignores the complexity of these debates.”[50] It is a fascinating struggle between different world views (although all regard technological progress as a developing deterministic ideal); although they are represented by giant corporations and entities, at the end of the day, it is humans who hold them. Every internet surfer, by the choices they make each time they hit the 'like' button (if they choose to be on Facebook), casts a vote for these different world views.
The complex systems theory, presented very briefly in the first part of this article, is one of the tools for understanding the complex world in which we operate every day. Recognizing that there is infinite information and there are infinite possibilities, and that the nature of social attraction to temporary 'designers' is an important tool in fulfilling our responsibility as military personnel (when thinking about the opportunities and challenges of tomorrow, in terms of security and peace), as citizens (designing, each in his own home, the social eco-system in which our children will grow), and as partners in a world-wide system of beliefs and principles (as people with a voice, which by its sheer volume has already changed the world in the past).
Before concluding, I feel obliged to finally explain the title of the article. The Greek mythology tells us about Minos, who, before becoming king of Crete, prayed to the god Poseidon, asking for a sign indicating that he, rather than his brother, should be the one occupying the royal throne. In return, he promised to sacrifice to Poseidon the creature that would come out of the sea. Poseidon sent him a beautiful, white bull, but Minos, who felt sorry for the wonderful creature, sacrificed a regular bull instead. Poseidon, furious at the violation of the promise, made Pasiphae, Minos’ wife, have intercourse with the bull, and as a result the Minotaur was born – a crossbreed of man and bull. The Minotaur was a wild and savage beast casting terror on the Cretans, and Minos, at the advice of the Delphic oracle, imprisoned it in a labyrinth.
At the same time, Minos declared war on Athens in order to avenge the murder of his son by the Athenians. Athens was defeated in the war, and was required, as punishment, to periodically send seven young men and seven young women into the labyrinth, to become prey for the Minotaur. Later, Theseus, the son of the king of Athens, volunteered to be sent into the labyrinth, in order to put an end to the creature, and kill it. Theseus got lucky; Ariadne, daughter of King Minos, fell in love with him, and decided to help him destroy the Minotaur. She gave him a ball of wool, so that he could retrace his footsteps out of the labyrinth. Theseus did indeed kill the Minotaur, and led the rest of the Athenians out of the labyrinth.
Minos, furious that Theseus had succeeded in fleeing from the labyrinth, decided to punish Daedalus for his failure to build the labyrinth as a maze with no exit, and imprisoned Daedalus and his son Icarus in the labyrinth. However, due to Daedalus’ ingenuity and inventive skills, the two managed to escape to freedom, by constructing wings made of feathers and wax.
As I see it, there are many parallels between the legend of the Minotaur and the labyrinth, and the story of cyberspace nowadays. Both were created by man, both embody a struggle, and a person could get lost in both. The secret of Theseus’ victory did not consist only of overcoming the Minotaur, but involved breaking the logic of the labyrinth with the help of a ball of wool. Perhaps love and courage are not bad tools for anyone seeking to deal with his own Minotaur.
And if you did mess up and got caught in a maze – do not despair. Your own vision could also help you break free of the paradigm.
[1] Captain Lior Lebed is a research assistant at the Dado Center.
[2] General David Petraeus, former head of the CIA, already said, “These household spy devices ‘change our notions of secrecy’ and prompt a rethink of ‘our notions of identity and secrecy’.” See: Spencer Ackerman, "CIA Chief: We’ll Spy on You Through Your Dishwasher," Wired ( March ,15 ,2012): http://www.wired.com/2012/03/petraeus-tv-remote/
[3] K. A. Richardson, Mathieson, G. & Cilliers, P. "Theory and practice of complexity science: Epistemological considerations for military operational analysis," SysteMexico1, No. 1, (2000): 25-66.
[4] K. A. Richardson, Mathieson, G. & Cilliers, P. "Theory and practice of complexity science: Epistemological considerations for military operational analysis," SysteMexico1, No. 1, (2000): 25-66.
[5] Shimon Naveh, In Pursuit of Military Excellence: The Evolution of Operational Theory (Routledge 1997).
[6] Von Bertalanffy, op. cit. p.5.
[7] Ibid, pp. 24-25.
[8] Ibid, pp. 141, 39.
[9] Avi Altman, “The Systems Approach – History, Principles and Practice of Systemic Thinking,” Systemic thinking – Professional Auxiliary Material, IDF, Operations Branch/The Dado Center for International Military Thinking (October 2014) unpublished. For cybernetics, see: Norbert Wiener, Cybernetics: Or Control and Communication in the Animal and the Machine (Paris: Hermann & Cie & Camb). For the principle of systemic dynamics, see: Jay W. Forrester, Industrial Dynamics (1961). (Waltham, MA: Pegasus Communications, 1961) On the fundamentals of the theory of chaos, see: James Gleick, Chaos: Making a New Science, (New York: Viking Penguin Inc. 1987).
[10] M. A. Boden, "Autopoiesis and life," Cognitive Science Quarterly 1 (2000): 117- 145.
[11] Y. Bar-Yam, The Dynamics of Complex Systems (Westview Press, 1997).
[12] C. Gershenson & Heylighen, F., "How can we think complex?" In: A. K. Richardson, Managing Organizational Complexity: Philosophy, Theory, and Applications- A Volume in Managing the Complex, (Greenwich, Connecticut: Information Age, 2005): 47-61.
[13] Bar-Yam, 1997; 1.
[14] L. M. Rocha, "Selected self-organization and the semiotics of evolutionary systems," In S. N. Salthe, Van de Vijver, G., Delpos, M., Evolutionary Systems: Biological and Epistemological Perspectives on Selection and Self-organization (Boston, Massachusets: Kluwer Academic Publishers, 1998): 341-358.
[15] S. Guastello, "Self-organization and leadership emergence in emergency response teams," Nonlinear Dynamics, Psychology, and Life Sciences 14, No. 2, 2010: 179-204.
[16] V. Dimitrov, A New Kind of Social Science- Study of Self- Organization of Human Dynamics (Morrisville, NC: Lulu Press Morrisville, 2005): 22.
[17] Felix Lebed & Michael Bar-Eli, Complexity and Control in Team Sports – Dialectics in Contesting Human Systems (London, New York: Routledge, 2014): 11- 18.
[18] L. Biggero, "Sources of complexity in human systems," Nonlinear Dynamics, Psychology and Life Sciences 5, No. 1 (2001): 3-19.
[19] As the journalist and author Henry Louis Mencken famously said: “For every complex problem there is an answer that is clear, simple and wrong.”
[20] See for example, C. West Churchman, The Design of Inquiring Systems: Basic Concepts of Systems and Organization (New York: Basic Books, 1971); Naveh, 2001; Rafi Rudnick, “Evolution of the military system – the linkage between the use of military force and the characteristics of the war environment,” DCJ 2 – Change and Transformation (July 2014): 133-135.
[21] See for example, C. West Churchman, The Design of Inquiring Systems: Basic Concepts of Systems and Organization (New York: Basic Books, 1971).
[22] See: Naveh, 2001; Rafi Rudnick, “Evolution of the military system – The Linkage Between the Use of Military Force and the Characteristics of the War environment,” DCJ 2 – Change and Transformation (July 2014): 133-135.
[23] Altman, 2014.
[24] The common assumption is that the first one was “The Creeper System” (1971), and “Rabbit,” or “Wabbit” (1974).
[25] “ Twenty percent of all malware appeared in 2013,”Panda Security, April 7, 2014:https://www.pandasecurity.com/mediacenter/news/twenty-percent-malware-appeared-2013/
[26] Ibid.
[27] “Quarterly Report”, Q3, 2014, Panda Security: https://www.pandasecurity.com/mediacenter/src/uploads/2014/11/Quarterly-Report-PandaLabs_Q3.pdf
[28] Defense-in-Depth is a concept used by the historian and political scientist, Edward Luttwak, in his seminal book The Grand Strategy of the Roman Empire from the First Century AD to the Third. In it Luttwak presented the thesis that in the 3rd and early 4th centuries, the Imperial Roman army's defense strategy changed from Forward-Defense (or Preclusive Defense) during the Principate era (30 BC-AD 284) to Defense-in-Depth in the 4th century. Forward-Defense was aimed at neutralizing external threats before they crossed the Roman borders: the barbarian regions neighboring the borders were considered theatres of operations. In contrast, Defense-in-Depth would not attempt to prevent incursions into Roman territory, but rather neutralize them on Roman soil - in effect turning border provinces into combat zones. As an illustration, one may argue that David Ben-Gurion’s defense strategy for Israel was of the 'forward' type, striving to shift the war into enemy territory, while the pre-civil war Syrian defense strategy was an 'in-depth' one. Thus, the defensive belt farthest from the nerve center, Damascus, was the weakest, and an invading force was meant to be repelled on Syrian soil by ever stronger forces as the invader approached the capital. The Syrian case demonstrates the fact that Defense-in-Depth is of necessity a layered defense. The term Defense-in-Depth became significant to cyber security. See https://www.nsa.gov/ia/_files/support/defenseindepth.pdf
[29] Intel® Cyber Security Briefing: Trends, Challenges, and Leadership Opportunities. Matthew Rosenquist, Cyber Security Strategist (Intel Corp, January 2014):http://www.slideshare.net/MatthewRosenquist/cyberstrat14-helsinki-matthew-rosenquist-2014-public
[30] W. R. Ashby, An Introduction to Cybernetics (London: Chapman & Hall LTD., 1957): 219-259.
[31] Brad Chacos, “Antivirus is dead, says maker of Norton Antivirus,” PC World (May 2014): http://www.pcworld.com/article/2150743/antivirus-is-dead-says-maker- of-norton-antivirus.html
[32] The cooperation mentioned here took place in 2008, therefore there is no doubt that cyber defense has changed and developed since. Although it is not the concern of this article to promote new discoveries and “revolutions” but to propose tools for a different thinking, the description of the results of the research are brought here as an example of an open learning process which enabled the introduction of concepts, which were, ostensibly, unrelated, such as the human immune system, but which led to the development of original, new concepts.
[33] Blake Stacey and Yaneer Bar-Yam, "Principles of Security: Human, Cyber and Biological," New England Complex Systems Institute, reported to William G. Glenney IV, Chief of Naval Operations Strategic Studies Group (June 2008): http://necsi.edu/research/military/cyber/netsecurity.pdf
[34] Vic Winkler, Securing the Cloud: Cloud Computer Security Techniques and Tactics (Elsevier, 2011): https://cloudsecurityalliance.org/
[35] Julian Assange, When Google met WikiLeaks, http://www.alertgroepen.nl/systeem/wp- content/uploads/2014/10/JulianAssange_WhenGoogleMetWikiLeaks.pdf, 68-9.
[36] Ibid, p. 8, note 15.
[37] See for example: Brett van Niekerk, Kiru Pillay, Manoj Maharaj, "The Arab Spring| Analyzing the Role of ICTs in the Tunisian and Egyptian Unrest from an Information Warfare Perspective," International Journal of Communication 5 (2011); Benedetta Brevini, Arne Hintz, Patrick McCurdy, Beyond WikiLeaks: Implications for the Future of Communications, Journalism and Society (Palgrave Macmillan, 2013); June R. Klein, "Wikileaks, Arab Uprisings, English Riots and Occupy Wall Street: Implications for Internet Policy and Practice from a Business and Industry Outcome Perspective," Information, Communication & Society Journal, No. 14.6 (2012); Theresa Sauter & Gavin P. Kendall," Parrhesia and democracy: Truth telling, WikiLeaks and the Arab Spring", Social Alternatives 30,10-14.
[38] Trolling: make a deliberately offensive or provocative online posting with the aim of upsetting someone or eliciting an angry response from them.
[39] Picture source: https://en.wikipedia.org/wiki/Anonymous_(group)
[40] Dan Smith, "Hackers are the immune system for the information age," Wired, 13 June 2014. http://www.wired.co.uk/news/archive/2014-06/13/keren-elazari See also her TED lecture : https://www.ted.com/talks/keren_elazari_hackers_the_internet_s_immune_syst em
[41] Gabi Siboni and Sami Kronenfeld,” Iran and Cyberspace Warfare,” Military and Strategic Affairs 4, No. 3 ( December 2012).
[42] The IICC’s Information Center on Intelligence and Terror, “The internet as a battlefield with terror organizations: the use made by Hezbollah and Hamas of the internet in the war on consciousness, and ways of dealing with the phenomenon." http://www.terrorism-info.org.il/data/pdf/PDF_07_084_1.pdf
[43] A darknet (or dark net) is an overlay network that can only be accessed with specific software, configurations, or authorization, often using non-standard communications protocols and ports: https://en.wikipedia.org/wiki/Darknet
[44] Roee Goldschmidt, “The Usage of Anonymous Networks”, January, ,1 2012 http://www.knesset.gov.il/committees/heb/material/data/mada2012-01-02.doc For full details on the leak, details of the program, and the consequences of publication: http://www.theguardian.com/us-news/the-nsa-files
[45] Laura K. Donohue, “NSA surveillance may be legal — but it’s unconstitutional," The Washington Post, June 21, 2013 . http://www.washingtonpost.com/opinions/nsa-surveillance-may-be-legal--but- its-unconstitutional/2013/06/21/b9ddec20-d44d-11e2-a73e- 826d299ff459_story.html
]46] Peter Baker and David E. Sanger, "Obama Calls Surveillance Programs Legal and Limited," The New York Times, June 7, 2013. http://www.nytimes.com/2013/06/08/us/national-security-agency- surveillance.html
[47] Thomas Friedman, "A Manifesto for the Fast World," The New York Times, 28 March 1999. http://www.nytimes.com/1999/03/28/magazine/a-manifesto-for- the-fast-world.html?pagewanted=all
[48] Eric Schmidt and Jared Cohen, The New Digital Age, British paperback edition (John Murray, 2013) 98.
[49] See, for example, Maksim Kitsak, Lazaros K. Gallos, ShlomoHavlin, Fredrik Liljeros, Lev Muchnik, H. Eugene Stanley & Hernán A. Makse, "Identification of influential spreaders in complex networks," Nature Physics vol. 6, (2010): 888– 893.
[50] Karine Nahon, Fighting for Which Future? When Google Met Wikileaks, September, 2017. http://ekarine.org/2014/09/when-google-met-wikileaks/
