title: Part way down a slippery slope


by: Scott Bradner


It has long been rumored that some governments have sponsored research programs in cyberterrorism with the aim of being ready to disrupt the networks and network-based services of some, to be identified in the future, enemy. Now it seems that some governments do not want to wait and may be ready to use cyberterrorism weapons against some tiny targets today.


According to Spiegel Online (http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html) German Minister of the Interior Otto Schily has floated the idea of using state-sponsored cyberterrorism against non-German web sites the Germans consider illegal under German law.  Minster Schily seems to have in mind using various denial of service (DoS) attacks against US-based Nazi websites.


An aside, not being a reader of German, I used Google's (www.google.com) language translation service to  be able to read the Spiegel Online article.  I could not find a simple 'translate this URL' command so I had to fake a URL that invoked the translation service with the URL that I wanted translated. ( I used the string "http://translate.google.com/translate?hl=en&sl=de&u=" followed by the URL.)  This service works just well enough.  The output would not have gotten me a good grade in the last German language class I had but a reader can mostly understand what was being said.  The translation does have a few funnies (Translating "American Constitution" as "American condition" for example.) but sure does a better job than I could have these many years after failing the German class at BU.


Schily  seems to ignore or dismiss some issues I would think are relevant.  There is a minor question of violating the sovereignty of another nation as well as Germany's own anti-cyberterrorism laws.  There is the precedent that would be established -- Germany could quickly find its own network under attack based on any number of imagined violations of local laws.  Would this stance justify an attack on the German banking system just because charging interest is against the law in some countries?  How selective would the German tools be?  If an official  German DoS  attack disrupted a legal, under German law, site would that just be seen as unavoidable collateral damage?  Would a US ISP that protects its infrastructure against a German DoS attack face charges of aiding an enemy in Germany?


As DoS protection technologies improve Germany would have to develop better attacks just to keep even - how could they be sure that their new attack technology would not be analyzed and used against German targets? The attitude seems sort of like wanting to use chemical or biological weapons while assuming your own population can refrain from breathing for a few weeks.


This is a really bad idea and I trust people in Germany somewhat more in tune with international law and that can see more than 3 minutes into the future will put a stop to it.


disclaimer:  Luckily for every person at Harvard that has a really bad idea there are more than a few people around to recognize it for what it is but I've not consulted either on this column.