The Great Firewall, the Sovereign Web, and a New Era for Cybersecurity

Driving Data Like You Stole It

In my past career I was the victim of multiple massive hacks.   The biggest was the Office of Personnel Management (OPM) hack in the Summer of 2015, where the identities of a majority of US persons with a security clearance (and their family and friends) had their intimate data stollen by the Chinese intelligence establishment.  This was before I had ever touched cryptocurrency, or understood the cryptographic mechanisms that real blockchains like DigiByte operate on, but the experience cause a lot of reflection.  Not only did it affect the lives of myself and my peers, but I recognized it was endemic to the Western approach towards data, the internet, and security generally.  
  
The West's modern day “Web 2.0” business model is to gather data greedily and organize it fastidiously - with AI and other methods - but not guard it as something so precious.  For a visualization of this, check out Information Is Beautiful’s graphic, available here.
  
Many modern day internet behemoths are built on an internet that is fundamentally insecure, and their success is a reflection of that insecurity.  When they take our data, they drive it like they stole it, and losing it to a competitor or a foreign power is (tacitly) “no big deal”. 
 
To be “secure” in this world we have become vassals to the large players, like medieval serfs trying to hide from barbarian hordes inside the walls of King’s Landing.  What most don’t get is that the marginal security of using these platforms comes at the cost of centralization - which the denizens of King’s Landing might tell us a thing or two about. 
  

Cybersecurity in Essos and Sothros

The way the West secures its internet is different from the way Russia and China secure their internets, both of which reflect the political and economic directives of these countries.  These strategies combine defense at home and offense against the Western world, and the sections below delve into both.
  

Russia’s "Sovereign Internet"

Defense: Russia’s approach to the internet has been effectively captured by the state.  Despite the presence of some entrepreneurial companies in Russia, the system is effectively controlled from the top down by the Government of the Russian Federation, chiefly the FSB (Федеральнаяслужба безопасности Российской Федерации), which acts as a direct successor to the KGB and is responsible for policing political speech within Russia and by Russians abroad.
 
This includes “aping” [not API-ing] American and other companies to provide a Russian-dominated alternative.  A good example of this is VKontakt, which acts as a surrogate for Facebook (…er, FSBbook) and Yandex, which acts as Ruskie Google.
  
This strategy keeps the profit of such innovations inside of Russia’s security orbit, and prevents data on Russian citizens and activities from being visible to American companies.  Beyond this, the Russian Federation denies American tech companies the right to access the Russian market unless they place their servers inside of Russia and allow the Russian government to access said data unencrypted.  Further, all internet traffic into and out of Russia goes through a SORM box, which monitors every incoming and outgoing packet.
 
Offense: When it comes to offense, the most famous case is the Russian intelligence service’s recent meddling in American and European elections through social media.  Regardless of one’s politics and regardless of the scope of the effectiveness of such meddling, the truth is that the Internet Research Agency was easily able to exercise foreign influence in a democratic election by leveraging western companies openness to new accounts and new“data”. It didn’t take sleuthwork and skulduggery to set up fake news accounts on Facebook and Twitter, and neither platform anticipated that they would become platforms for spreading disinformazia.
 
This is just one example of the inequality between the West and Eastern approaches to political and cybersecurity.  For an even more stark example, one can look at the People’s Republic of China, which has embraced controlling the internet as a means of governing over a billion people.
 

China’s Great Firewall and the Heist of the Century

Defense: China’s internet is similar to Russia’s, in that it is an authoritarian, top-down system designed to police speech inside China while being opaque to outsiders.  The most egregious example of this is China’s Social Credit System, which assigns a score to each and every citizen based on their demonstrated enthusiasm for the Communist Party and its policies.  One can lose their right to use a high-speed train, or can lose their children’s access to school, based on a universal surveillance of political speech through 200 million cameras and every WiFi router.
 
Offense:  China’s offensive game is just as agressive as its domestic internet policy, and like Russia it is leveraging the insecurity of the Western internet for its own purposes.  Chief among these is to exfiltrate huge amounts of economic data from America and Europe.
 
In his book, Dawn of the Code War, former DoJ National Security Chief John Carlin cites former NSA Director Keith Alexander and ODNI Chief Dennis C. Blair’s calculation that Chinese IP theft represents“thegreatest illicit transfer of wealth in human history” with damages ranging as high as 600 Billion U.S. Dollars per year. Blair’s article represents the nation’s chief cybersecurity official’s understanding of the current operating environment, and it provides a concise diagnosis of the problem at hand.  We recommend you read it in full at your convenience, but  because it is such a helpful object lesson, we have included excerpts here as a vignette.  To quote Alexander & Blair’s op-ed in the New York Times:
 
Chinese companies, with the encouragement of official Chinese policy and often the active participation of government personnel, have been pillaging the intellectual property of American companies.
 
All together, intellectual-property theft costs America up to $600 billion a year, the greatest transfer of wealth in history. China accounts for most of that loss.  Intellectual-property theft covers a wide spectrum: counterfeiting American fashion designs, pirating movies and video games, patent infringement and stealing proprietary technology and software.
  
This assault saps economic growth, costs Americans jobs, weakens our military capability and undercuts a key American competitive advantage.
Chinese companies have stolen trade secrets from virtually every sector of the American economy: automobiles, auto tires, aviation, chemicals, consumer electronics, electronic trading, industrial software, biotech and pharmaceuticals. Last year U.S. Steel accused Chinese hackers of stealing trade secrets related to the production of lightweight steel, then turning them over to Chinese steel makers.
 
This brobdignagian level of theft is occurring because the West and her companies have stuck with an internet that is fundamentally insecure.  IP theft is a national industry in the PRC and elsewhere, and is formally backed by the nation’s resource-rich intelligence services, which are closely tied to the nation’s public sector.  
 
Cyberattacks are reported to comprise 15% of global internet traffic on any given day: that figure plummets to about 6.5% on October 1, China’s National Day.  
  
Doing the math, roughly 57% of professional cyber criminals take Chinese federal holidays off.
 
  

Web 3.0 and the Urgency of Defending Against Cyberwarfare

Blockchain tech is revolutionary from a political and economic standpoint, not just as a form of stateless and private payment and wealth, but because it provides tools that might be used in rearchitecting the internet in a more secure way that preserves our freedoms while providing for greater security.  Blockchain does this in direct contrast to the existing“bigtech” firm’s strategies, which involve leveraging the openness of the Western internet to scrape up, collect, and organize data and attention in their own fiefdoms, and leverage that data to influence us.
 
Ultimately, the only way to ensure your data isn’t driven like its stolen is to keep the keys yourself.
  
This extends to the political world and the right to privacy, but it is even more important to states.  If we care about defending against the massive theft that has occurred and preserving our economic capacity and wellbeing, it stands to reason that Western nations should take a more pro-active approach to embracing blockchain and distributed cryptography.  This is broadly understood in the cybersecurity industry, but poorly practiced by states who don’t even properly protect the data of their own employees and agencies.
Imagine a world where software requires keys and cannot be used when stolen, where vital secrets and data are decentralized and run on cryptography, not hoarded and guarded by ignorance and slovenly security hygiene.
  
Blockchain tech is out of the bag.  It’s decentralized, but states, companies, and governments are going to find uses for it, regardless of what blockchain purists think or feel.  No one can stop them.  It’s best to anticipate this, and acknowledge the huge potential the technology has beyond just payments and investment.  That doesn't mean it will ever cease to be the path freedom and a check on tyranny for the millions living under the thumb of oppressive regimes that don't extend the same freedoms enjoyed in the West.
 
Blockchain will be the key to a more secure and more self-sovereign internet.  Cyber is the most important present-day conflict between sovereign states, and the states that embrace blockchain and cryptography for cybersecurity implementations will gain a geopolitical advantage.  This doesn’t mean that we will “put everything on the blockchain” - far from it, but as we outline in Blockchain 2035, blockchain provides substantial answers that can fix several of the cybersecurity flaws currently in circulation, and can help us move towards an internet and economy that is not fundamentally insecure and inclined towards hacking and theft.  
  
  

Recommended Reading

Blackwill & Harris. War by Other Means: Geoeconomics and Statecraft.Belknap Harvard, 2016.
   
Soldatov & Borogan.  The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries.  Public Affairs, 2015.
   
Carlin & Graff.  Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Cyber Threat.  Public Affairs, 2018.
   
Susan Landau.  Surveillance or Security: The Risks Posed by New Wiretapping Technologies.  MIT, 2013.
  
We believe that blockchain technology will fundamentally affect the way the world works in the early 21st century.  For further discussion of this and many more topics, pre-order our upcoming book, Blockchain 2035: The Digital DNA of Internet 3.0.