The scope has changed in the intervening years. Initially Google planned to scan the 15 million books in six years. That projection was revised upwards to more than 20 million books, and the New Yorker recently reported that Google is now aiming to scan at least 32 million books, besting the number of titles in the largest bibliographic database, WorldCat. It hopes to finish within ten years. As one Googlehead told the New Yorker’s Jeffrey Toobin, “I think of Google Books as our moon shot.” It remains to be seen how realistic this goal is. Google will not divulge how many books it is scanning currently, or how many titles are already in its database, which went live to the public in May 2005 at books.google.com. To get a rough sense of things, the University of Michigan library has 7 million volumes and Google estimates it will have annexed them all by 2013, noting that it is scanning tens of thousands of books each week. Google will not reveal how it scans the books. As for the cost, this too is closely guarded by Google. In a similar venture, Microsoft is spending $2.5 million to scan 100,000 books; if that scale were to hold, Google might spend as much as $800 million.
On the copyright issue:
The legal problems lie with the Library Project. Copyright has its foundations in English law and the Licensing Act of 1662. The falling costs of printing had created rampant book piracy in England. Concerned that such behavior would blunt creativity and harm the book business, Charles II established a register of licensed books to protect authors and publishers. A hundred years later, the copyright was the only right the Founding Fathers gauged important enough to recognize explicitly in the Constitution itself. In the intervening years, it has evolved somewhat. Today, works published before 1923 are generally in the public domain. There are exceptions and complexities, but works published after 1978 are protected by copyright for 70 years from the author’s death. As for works published between 1923 and 1978, they were given an original copyright protection of 28 years from first publication and another 67 years of protection upon renewal of the copyright. Got that? And here lies Google’s dilemma: Out-of-copyright books account for about one-sixth of all titles. Most books—75 percent of them—are in copyright, but out of print. Only about 10 percent of all books are both copyrighted and in print. Google has decided to get around this problem of copyright protection by simply ignoring it: forging ahead and scanning books, regardless of their copyright status. If a book is in the public domain, its full text is displayed to users, but if the book is protected, then Google shows users only a “snippet” of the text surrounding the search result. It is relevant to note that “snippet” is Google’s word and is intentionally not a legal term; how much text is displayed is entirely at Google’s discretion.]]>
There is another side in the presentation, number 15, that shows the relationship between AFCYBER and other organizations. My paper is going to explain how this diagram does not show enough, that there are many more bubbles that need to be added, and that AFCYBER or the military in general is not the appropriate bubble for the middle.
]]>Back to the presentation itself. It is a great example of how the US’ cyber forces should NOT be organized. It defines cyberspace significantly vaguely as to assign responsibility to AFCYBER such missions as 1) strategic cyber warfare (like what I will focus on in my paper) 2) tactical jamming 3) tactical jamming including jamming the signals used for IEDs in Iraq and Afghanistan.
I agree with number 1. The US needs a main POC in charge of offensive and active defensive – Cyberspace command, being the only organization “authorized to conduct offensive cyberwar”, seems to be a good fit. I disagree with the application of “fly fight win” to cyberspace – I would like Dr. Kass to tell me exactly how one is to “fly” in cyberspace, as it is not a physical environment, nor does it have air through which to fly. At the same time, other Air Force mantra seem to apply, for example “global strike” and having an understanding of cyberspace “dominance”, which is applicable to air and space dominance. Cyberspace dominance does certainly have an effect on the battlefield, and without achieving it before land or even air operations puts US servicemen at risk.
Numbers 2 and 3 though, are, simply put, ridiculous. First off, tactical jamming should not be relegated to a command that can probably not even have members in theater, much in an area that is close enough to the battlefield itself that they themselves would not be susceptible to jamming. Mobile communications units at the company or lower level is the only way to accomplish this, other than from an air or sea borne platform. Yes, there should be some kind of organization responsible for determining plans, policies and doctrine for these kinds of activities, but such an organization cannot be an Air Force one if you expect there to be any benefits outside the Air Force. Such is the nature of inter-service rivalry.
Point #3 though, gosh. This is simply a political statement designed to get the Air Force involved in Iraq. Since major combat operations, the AF has had a pretty small role in Iraq and Afghanistan. But AF cyber command is not going to solve that problem. This is what my paper is all about – only by correctly prioritizing cyberpower and avoiding overlap between strategic cyber and tactical silliness can this problem really be solved.
]]>After reading an article in Foreign Affairs called “Virtual Defense”, I did a little more research on this problem and came up with some interesting results.
First I took a look at Monster and Yahoo! Hotjobs. I searched for jobs in the defense/intelligence sector (much as I had been doing prior to working at my current job). Now though, rather than hundreds of Pashto/Dari speakers wanted, 30-40% of the jobs seemed to be for systems integrators and computer programmers, many of them for aerospace companies.
I also found an article in Career World Magazine that explicitly mentioned the problem and how the government is now offering a variety of scholarships for computer guys to get their M.A.s in return for a 3-5 commitment ot government service. In a few years, I’ll be interested to see if those requirements drop, as they have been for language training-government internship-type jobs.
I’m not sure how this fits into my overall paper topic, but it is definitely worth mentioning.
]]>The Army acknowledged in the announcement that it already has waged cyberattacks on enemy networks and communications platforms, but provided no details. But it wants to “leverage innovative technologies” to improve its cyberattacks “and prevent enemy forces from detecting and countering efforts directed against them,” according to the announcement. “Technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use.”and, later in the article
The offensive cyberattack capabilities that the Army and Air Force want to develop match what Marine Gen. James Cartwright, commander of the Strategic Command, called for during a hearing of the House Armed Services Committee in March. He told the panel that if “we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests.”
More to come next week, as I just today found a PowerPoint presentation by Dr. Lani Kass on Air Force Cyber Command and the limits of cyberspace.
]]>“A couple weeks ago when the whole thing started we had some problems in our online services and then our mail server was absolutely inundated with spam e-mails as well,” Estonian journalist Aet Suvari told the BBC. “In the past few weeks it has been quite difficult for some government officials to read their e-mails on the web, to get access to the banks.”There are a number of issues raised by the attacks, some of which I want to explore in my paper. In a article from August in Wired called “Hackers Take Down the Most Wired Country in Europe” , the author does a nice job pulling out some of them. For the sake of brevity, I will bullet them below.
The defense ministry says that the cyber attacks come from all over the world, but some have been hosted by Russian state servers.
Is a cyberattack an act of war? At the beginning of the Wired article , it briefly outlines the thought process of the Estonian Defense Minister in the early hours of the attacks. Considering the legal ramifications of the attack, the Defense Minister, Jaak Aaviksoo, almost invoked Article 5 of the NATO treaty, the collective security portion of the treaty. This would have declared Estonia in a state of war and obligated the other NATO countries to come to Estonia’s defense.
Tracing the source of an attack is critical both in stopping and/or countering the attack, and in determining its possible political ramifications. Related to the previous point, the authorities involved in the defense of Estonia’s networks had to determine where the attack was coming from (as it turns out, the botnets were largely in Egypt, Peru and Southeast Asia). In doing so, they linked some of the bots to computers in Russia. But since far many more were in other countries, including the US, there was no real way of determining the real source of the attack, only the avenues through which it was conducted. This is a serious problem for national authorities in a time of crisis, and is, to some extent, the equivalent of a cargo container nuke blowing up in port with no way of determining where it came from.
International and public/private sector cooperation is key to fending off a cyber attack and possibly countering it. The Estonian authorities ended up having to cooperate with dozens of foreign ISPs to shut down the IPs. They could only do so through some folks at NetNod, one of the 13 root DNS servers. The fact that some of the top cyber experts in that organization just so happened to be in or near Estonia at the time was extremely lucky for them. In the event of an attack on the US, there would need to be some kind of preparedness plan in place so that this kind of luck isn’t relied on.
]]>[to] provide combat ready forces trained and equipped to conduct sustained offensive and defensive operations through the electromagnetic spectrum and fully integrate these with air and space operations,” The organization will also “leverage, consolidate and integrate” Air Force-unique cyber capabilities.
There were a few other very interested quotes that are relevant to my paper near the end of this press release:
“Your primary mission is warfighting,” Moseley stated. “You will provide options and capabilities scalable from ‘cyber strike packages’ to full-scale global effects.” The command is also expected to identify “intelligence
requirements sufficient to direct and counter adversaries across the electromagnetic spectrum.”
Okay, but then…
Asked if the Cyber Command… will be authorized to shut down intruders that threaten U.S. government or business interests, the general replied, “Can’t do it. It’s illegal. We live in a democracy.” Keys described the conundrum as an urgent issue facing the civilian leadership, noting the military’s job is simply to provide the tools for detection and defense.“If [hackers are] not in the United States, you can’t touch them,” he said. “And if they’re in the United States, the FBI’s going to have to get involved. It is a tremendous question of: Is this a clear and present danger?”
From a technical perspective, putting policy issues aside, the means do exist to temporarily shut down hackers, Keys said. “Could you do it?” he asked. “Well, yeah, you could do it. Would they spring back up? Yeah, almost assuredly.”
So, according to General Keys, the military’s role is to provide some tools for defense. Yet CC Moseley is calling for strike packages with global effects? Following the typical Air force mindset, there is no emphasis on the defense and all the emphasis on offensive “global strike”.
So, it would appear the that purpose, then, of AF Cyber Command is offensive cyberpower operations. Presumably, in wartime Air Force and other military cyberpower resources could be used in a defensive mode, say against the common “Chinese” attacks on the Pentagon networks, by and large it would appear that the purpose of this organization is an offensive one. Given what appears to be the roles and missions of DHS and the FBI (the latter to be explored in a later post) this seems to be a good idea from a national strategy perspective.
]]>Some Russian Internet experts say a turning point came in 2004, when blogs and uncensored online publications helped drive a popular uprising in Ukraine after a pro-Moscow candidate was declared the winner of a presidential election. Days of street protests in the capital, Kiev, led to a new vote that brought a pro-Western politician into the presidency.
Apparently the Kremlin is thinking of building a small army of pro-Putin (soon to be simply “pro-Regime”) bloggers ready to wage a propaganda war against any surge in the opposition. The internet has already shown its efficacy in stirring dissent earlier this year, when internet resources were used to mobilize a march that led to the arrest of Garry Kasparov, a leading opposition figure.
Is this cyberpower? Surely, it is using cyberspace as an instrument of national power, but I am not yet sure if it qualifies. More on this topic and others later this week.
]]>Tags: Deutsche Telecom, net neutrality
In the discussion about net neutrality, the phone and cable companies in the United States never said they would charge some companies more money for better access to their networks. They just said they don’t want rules to prevent them from doing so.In the comments section below the entry, one of the commentors says that Google should respond by blocking all access to its sites and services through the DT network, implying that Google’s content monopoly will force the DT’s monoply to concede. I’m not sure which way I fall on the issue, but it will be interesting to see who backs down, and what precedent this sets for service in the US.
]]>Many of the Nation’s essential and emergency services, as well as our critical infrastructure, rely on the uninterrupted use of the Internet and the communications systems, data, monitoring, and control systems that comprise our cyber infrastructure. A cyber attack could be debilitating to our highly interdependent CI/KR and ultimately to our economy and national security.A variety of actors threaten the security of our cyber infrastructure. Terrorists increasingly exploit the Internet to communicate, proselytize, recruit, raise funds, and conduct training and operational planning. Hostile foreign governments have the technical and financial resources to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. Criminal hackers threaten our Nation’s economy and the personal information of our citizens, and they also could pose a threat if wittingly or unwittingly recruited by foreign intelligence or terrorist groups. Our cyber networks also remain vulnerable to natural disasters.
In order to secure our cyber infrastructure against these man-made and natural threats, our Federal, State, and local governments, along with the private sector, are working together to prevent damage to, and the unauthorized use and exploitation of, our cyber systems. We also are enhancing our ability and procedures to respond in the event of an attack or major cyber incident. The National Strategy to Secure Cyberspace and the NIPP’s Cross-Sector Cyber Security plan are guiding our efforts.
In a sidebar on the previous page, the document lays out the “17 sectors of critical infrastructure”. Reading through this list with the intent of finding references to cyberspace in the document, I identified 9 of the 17 sectors as those affected by the Internet. With such a high proportion of the sectors involved, I expected the document to address cyberspace in a more comprehensive manner.
At the same time, I think DHS has a good concept of its role as an instrument of cyberpower. Homeland Security is essentially playing defense when it comes to cyberpower, using its resources to protect cyber infrastructure targets and identify vulnerabilities. I find it curious that the sidebar’s sentence about terrorism talks about the “command and control” and “information operations” aspects of terrorism and cyberspace. I see the kinds of actions taken to counter these two kinds of cyberspace operations more in the purview of the justice or Defense Departments. Over the next few entries, I will seek to see if the relevant documents from those organizations meet my expectations in that regard.
]]>With regard to cyberpower, this dichotomy would be extremely useful, as it is in the physical world. However, the problem with cyberspace is that the sources and actors involved in a specific cyberspace operation are extremely difficult to identify and even if it is possible to identify them, difficult to reliably prove the source of an attack. Because of this, the perhaps useful division of responsibilities between law enforcement and military requirements is a false one. Instead, in my cyberpower paper, I will divide offensive cyberspace operations into three different categories, based on the type of operations – command and control, direct attack and information operations.
Command and Control - When talking about command and control, most of the literature I have encountered has been devoted to terrorism in cyberspace. Terrorist and other kinds of groups use the Internet and Internet technologies to coordinate operations, provide training and recruit new adherents. They are able to do all of these while keeping the individual actors dispersed across the entire globe.
Direct Attack – I have done the least research in this area. However, I know that direct attack operations include nefarious things like computer viruses, worms and “volume attacks” as well more innocuous actions like phishing and information solicitation.
Information Operations – This category includes propaganda as well as using the Internet for other kinds of self-promotion and “getting the message out.” Anti-government and terrorist groups have been highly effective in using cyberspace to promote themselves and challenge the government, especially when it manipulates of hides facts.
These three general categories of cyberspace threats each require different strategies in order to combat against them. The wide range of operations that an adversary can conduct seems to imply that a strategy for cyberpower would have to include a similarly wide range of capabilities and span civilian and military organizations, if not the commercial sector as well.
]]>Related to this point about vulnerability is the fact that cyberspace, the Internet especially, tends to favor these small groups or individuals against the larger organizations that they attack. This creates an asymmetric advantage that must be addressed by any current or future cyberspace capability. Next week, I will write more about the kinds of threats posed, but for this week the important point to make is that cyberspace as a strategic medium seems to decisively favor the offense. Although millions are invested in protecting against hacker attacks, it regularly seems that new viruses, worms and techniques arise that give the attackers access to restricted information. It is less clear that the defenders have a fully developed means of active defense, going after those offenders before they can strike and expose vulnerabilities.]]>
If that’s the case – maybe “cyberpower” is more expansive than it seems. Futhermore, if those two examples above are “cyberpower operations”, then maybe the Air Force is right to take over the cyberpower mission.
]]>The example from class last week of Yahoo and eBay halting all sales of Nazi paraphernalia at the request of the French and German governments is a decent, but incomplete, example of what I am trying to get at. In this case, the US government did not get involved in defending the “rights” of Yahoo and eBay to conduct trade because of the nature of the product and the extremely small market under dispute. But say for example that an ideologically motivated country banned all US online retailers because they facilitated access to “immoral” material? Or, perhaps more insidiously, what if the “ban” were in practice really a discriminatory scheme designed to favor indigenous or other “approved” websites over American ones? How would the Depts. of Commerce and State respond?
I would certainly like to learn more about the foreign policy (and I am using that to refer to both State and Commerce) mechanisms available to combat such a scheme. But, perhaps more relevant to my paper topic (a national strategy for Cyberspace), I would like to know more about the ability of the US to combat this kind of behavior without resorting to international bodies. Is it possible to use coercive national power to force the issue?
]]>Below is an excerpt:
Also, in the offline world, communities typically are responsible for enforcing norms of privacy and general etiquette. In the online world, which is unfettered by the boundaries of real-world communities, new etiquette challenges abound. For example, what do you do with a “friend” who posts inappropriate comments on your Wall? What recourse do you have if someone posts an embarrassing picture of you on his MySpace page? What happens when a friend breaks up with someone—do you defriend the ex? If someone “friends” you and you don’t accept the overture, how serious a rejection is it? Some of these scenarios can be resolved with split-second snap judgments; others can provoke days of agonizing.]]>