In 1866, the U.S. Minister to France, John Bigelow, sent a cautionary note to the Secretary of State William Seward on “this triumph of modern science,” a telegraph cable connecting Europe and the U.S. He wrote: “It is not likely that it would suit the purposes of the government to have its telegrams for this legation first read by the French authorities and yet you are well aware that nothing goes over a French telegraph wire that is not transmitted to the Ministry of Interior.”
Similarly, when navies adopted Marconi’s radio to communicate with distant ships, their operators discovered they could receive not only messages intended for them but the messages sent by other nations to their own fleets—this was the dawn of signals intelligence. Technologists, it appears, rarely think about security, and intelligence tools to take advantage of the unwary have accompanied every advance in communications technology.
The Internet created a golden age for signals intelligence, for both the U.S. and our opponents. As individuals, companies, and governments moved massive amounts of sensitive data onto poorly secured networks, they offered undreamt-of opportunities for intelligence collection. Most unclassified networks have pathetic security, which means that almost everything that is online can be collected. The problem for cyber espionage is not acquiring information, it is storing and sorting mountains of data to find what is useful.
Even if collection is easy, a nation’s willingness to spend and its interests dictate how much it collects. That said, almost everyone spies on the U.S. and the U.S., it appears from press reports, spies on almost everyone. The Internet gives low cost, global reach to a new kind of signals intelligence. Edward Snowden’s revelations were carefully shaped to make it seem that cyber espionage is uniquely American. This is false. All nations engage in some kind of cyber espionage, if we include monitoring communications networks, and many intelligence services “hack” into other nations’ computer networks. Five or six countries excel at cyber espionage, and others are improving rapidly.
The commercialization and widespread adoption of the Internet came at a time when global tensions exploded, and with this explosion came a voracious demand for intelligence. Now may be the moment to feel a pang of regret for the millennial beliefs of the 1990s about international relations and the expectation of “one world” with shared democratic values and an end to conflict. These notions, however, were entirely wrong. While the chances of global war are remote, endemic, espionage and low-level conflict in cyberspace are the norms.
The Internet is the focal point for this new style conflict. When Russia and China abandoned Marxism, it did not mean they embraced democracy or accepted U.S. global leadership. A U.S. review found that these former Cold War foes are America’s primary opponents in cyber espionage. They regard normal online activities—speech, access to information—as American plots to destabilize their governments. Their suspicions of the U.S. and their desire to illicitly acquire its information and financial resources have led them to create espionage campaigns that dwarf their Cold War efforts.
The Internet is a focal point for espionage. The U.S. and its allies were not slow in exploiting the Internet for intelligence purposes. This includes both traditional strategic and political military intelligence as well as espionage for counter-terrorism—and counter-terrorism relies on communications surveillance as the most effective means for detecting planned attacks. China’s cyber spying involves a massive global campaign of economic espionage so active that it has become a source of tension between China, its neighbors, and its trade partners, while Russia uses the Internet for both traditional espionage and for covert action to influence or coerce.
Espionage is not war, nor is it considered the use of force under international law. This means there can be no legitimate military response to cyber espionage. Countries have never gone to war over spying. Frustrating as this may be for bellicose commentators who see China’s rampant economic espionage as some kind of combat, changing this interpretation to allow a military response would not be in the U.S. interest, given our own prolific efforts at cyber spying.
But cyber espionage has become a major problem for international security. The combination of the immense scope of cyber spying and the apparent inability to prevent it means that cyber espionage has become a source of instability in international relations. Cyberspace, weakly governed and technically indefensible, appears to have unbounded risk.
This is not a stable situation and changing it is an important priority for many nations. Spying will never end, but it can be managed and its destabilizing effect reduced. While espionage is unlikely to ever be a topic of multilateral negotiation or made subject to international law, agreements on surveillance, privacy, and protection of intellectual property can indirectly frame and limit cyber spying. A good outcome for the world would be to develop international norms for responsible state behavior in cyberspace that protect data and constrain espionage by all actors, not just the U.S. This sounds utopian and unachievable, but shrewd negotiation can tame cyber espionage in ways that serve the interests of the U.S., its allies, and friends.
This piece is part of The Fletcher Forum of World Affairs’ 2014 Global Risk Forum. The Global Risk Forum is an effort to convene conversations around some of the most pressing issues we face as a global community in the year ahead: the breakdown of climate change negotiations; the spread of sectarian violence in the Middle East; the credit crisis and economic slowdown in China; the growth of cyber espionage; and the unraveling of Africa’s economic boom. We encourage you to read the conversations, participate with written responses or on social media, and help us work together to produce constructive ideas that will reduce the aggregate risks we face.