Trump's Purge of Kaspersky Simply Proves the Internet is a Weapon
Update: It happened. "Trump administration orders purge of Kaspersky products from U.S. government" — Reuters
Politico reports that Congress is going to take up the issue of banning Kaspersky, a cyber security firm founded in the 1990s in Russia by Eugene Kaspersky.
While it could be months before House and Senate lawmakers agree on a final defense policy bill, they are expressing confidence that the finished measure will contain some form of an amendment to bar the Pentagon from using software developed by Moscow-based cyber giant Kaspersky Lab. ... both chambers will soon be looking to hammer out differences between their separate versions, including the Senate bill provision that would block the use of Kaspersky software on DoD networks and require the Pentagon to “immediately” sever any DoD-connected systems that are “using” Kaspersky technology.
A Kaspersky ban would serve as another piece of legislation meant to thwart Russian hacking — a cause both parties have taken up as many lawmakers chastise the White House for not doing enough in the wake of last year’s alleged Russian election interference campaign. The Moscow-based company is one of the world’s largest cyber firms, claiming over 400 million global users, and the fear is that its wide reach gives Russia a backdoor into key American networks. Kaspersky strenuously denies any ties to the Russian government and has offered up its source code for inspection.
To me, this Congressional freakout about Kaspersky is another confirmation of the obvious: all Internet technology is geopolitical.
If American spies and generals fear that running Kaspersky's antivirus and cyber intrusion detection software gives the Russian government privileged access to their data, then what should other countries think of running products by Microsoft, Apple, Facebook, Google, Cisco, Juniper Networks, CrowdStrike, FireEye and hundreds of other Internet tech companies based in America — all of which have deep and close ties to American intelligence and military agencies?
On top of everything, just like with Kaspersky, you can pretty much take any cyber security professional working today in America or Europe and find deep military and intelligence ties. Most of the cyber experts big on Twitter these days are former spies and/or military analysts/contractors. (For example, see: @pwnallthethings and @RidT.) Hell, even privacy people technologists working for outfits like Tor to Signal are US military contractors.
There is another telling wrinkle here: Kaspersky offered to let US agencies inspect the source code of its security programs to show that there is no backdoor built in for the Kremlin or the Russian government, but officials rejected the offer. It didn't matter if the source code was open, they still did not trust Kaspersky because of its ties to Russia.
So let's review:
When a cyber security program (say Tor or Signal) is funded the U.S. government, you should trust it because it is open source.
- When the cyber security program is Russian, the code is not enough! It's always a tool of the Russian government.
Open source Signal/Tor cultists take note: US spies don’t care about analyzing source code. It’s about trust. Duh. pic.twitter.com/mMzhGxDAIA— Yasha Levine (@yashalevine) July 7, 2017
The fact that Kaspersky is being targeted shows that America's military planners and strategists don't just view Internet technology as a weapon, but are increasingly paranoid about it being turned on them. This reaction only proves China's and Russia's concerns and justifies their crackdown on the Internet in general.
This is all very familiar territory.
As I wrote back in 2014...
Imagine that some of the most popular email, messaging, social networking sites and mobile phone platforms in America were run by Russian companies. Imagine the digital information of several hundred million Americans — private and business info — would be siphoned out of the U.S. and stored on servers located in Russia, where it would be out of the reach of U.S. courts and subject only to Russian law. Imagine further that all the information that passed through these services could be legally obtained by the Russian government and the FSB with a simple court order…but completely out of reach of US authorities. Oh, and on top of everything, imagine that some of these Russian companies have extremely close ties and tech-sharing agreements with Russia’s military and intelligence community.
Then imagine that Occupy Wall Street, anti-Keystone XL pipeline protests and all kinds of domestic opposition political activity would be organized through these Russian-controlled social networks. But don’t stop there: imagine if a huge chunk of America’s digital life — the personal and business information of several hundred million people — was funneled through the servers of a foreign and hostile country, where they’d be wide open to analysis and interception by the FSB.
Imagining all of that is all you can do, because it would never be allowed to happen. America would have a massive nationalist McCarthyite freakout. You know it, I know it, dogs know it.
How violently would America respond? Well, consider the Dubai Ports World fiasco. Back in 2006, America’s political system went into nationalist, anti-Muslim convulsions just because a Dubai-owned company was going to take over management of a handful of US shipping ports. Politicians and pundits freaked out that America was handing over the contract to a foreign entity. Of course, those ports were already being handled by a British company — but the thought of a Middle Eastern state overseeing the transfer of goods in and out of the country was too much. Even then-Senator Barack Obama got his nationalism on. California Senator Barbara Boxer didn’t hold back, either, saying that it was “ridiculous” to allow a “nation that has ties to 9/11 to take over part of our port operations.” And so the deal crashed and burned, despite being supported by the entire Bush administration.
Today's effort to boot Kaspersky out of America only proves my point.