International cybersecurity begins at home

In an op-ed piece in today’s Washington Post, Harvard Law professor Jack Goldsmith notes Secretary of State Hilary Clinton’s recent speech on Internet freedom and suggests that before the United States can credibly ask other countries to do more to limit cyber attacks and hold accountable individuals and organizations performing those attacks, we need to take steps to acknowledge our own country’s role in the global cybersecurity problem. Goldsmith points to the extensive use of botnets and botnet-based attacks originating from the U.S. as well as American activities in the area of “hactivism” as well as the U.S. government’s classified-yet-assumed capabilities to launch offensive cyberattacks if necessary (to say nothing of the NSA’s cyber intrusion and intelligence gathering expertise). With a line of reasoning consistent to one expressed in this space in the context of the Google-China hacking incident, Goldsmith notes that the U.S. performs many of the same actions we condemn elsewhere, largely because we consider the motives behind our actions to provide justification. Goldsmith goes one step further to argue that because cyberattack methods can in fact be used for positive purposes, it would be a mistake for the U.S. to suspend or prevent these domestic activities, and invokes the sentiments of the NSA’s Lt. Gen. Keith Alexander, nominated to be lead the newly-formed U.S. cyber command, who essentially says the best defense is a good offense. The relative merits of such arguments notwithstanding, Goldsmith is quite correct when he suggests that the U.S. cannot advocate the creation and enforcement of worldwide norms in cyberspace without including American operations and activities as part of the equation.