By Paul Rosenzweig, The George Washington University Law School
Anthem Inc., one of America’s largest health insurers, disclosed in early 2015 that hackers had stolen personal information on more than 80 million of its customers. Although not conclusively determined, some news reports linked it to the Chinese government. The Anthem attack seemed to be an instance of surveillance of American citizens—by a foreign government—through cyber means.
The massive data breach was one of the largest cyberattacks in American history, at the time. And it was different than most cyber crimes that came before it. These hackers gained access to a wealth of personal data, including names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, and employment information—including income. And yet, the motivation, in so far as one could discern it, was not for profit or other financial gain.
This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on Wondrium.
Surveillance or Espionage?
Generally, one focuses on the question of a government’s surveillance of its own citizens. In the United States, it has been seen as the pressing political and moral question. Yet, a discussion on surveillance would be incomplete if one did not include consideration of how we might be subject to observation by those outside our borders. After all, one country’s espionage is another country’s surveillance—just by a different name.
Indeed, given the size of the Anthem breach, it might not be an exaggeration to say that more Americans have had their personal privacy violated by the Chinese government than by any other single entity in the world, which is a conclusion that ought to give us pause. And so it seems useful to look at surveillance from that perspective.
The Role of the Internet
Only a few years ago, the topic of foreign surveillance on American soil would have been a subject of little concern. Such spy craft, when it occurred, would have been limited to instances of physical or electronic surveillance that were relatively few and far between. This was mostly because virtually all personal surveillance requires a physical presence in the United States, as a condition of successful action.
One couldn’t be a spy without being in the country one was spying against. Today, that paradigm has changed. The Internet telescopes time and space. It allows almost instantaneous action at a distance. That’s a sea change in our conception of surveillance.
Learn more about how geolocation data is gathered.
Viewed another way, the history of human interaction is, essentially, one of the increasing distance at which our interactions occur. Take armed conflict, for example. Early on in human history, conflict required physical proximity. Think of Romans fighting at sword length apart from the invading Visigoths and you have an idea of how close you had to be in order to fight a war back in ancient times.
Likewise, the sale of goods and the ancient economy. The buyer and the seller had to come physically together to trade goods. And as for malicious acts, such as theft or murder, the perpetrator had to be physically close—either to the victim or to the victim’s property. So, too, with espionage and surveillance. The spy had to actually break into someone’s office and steal the secret plans, for example. Over time, the necessity for close proximity has weakened.
Malicious Software and Cyberspace
Cyberspace is a quantum leap in that direction. Action in the cyber domain occurs at the speed of light and crosses immense distances almost instantaneously. From your desktop—at the mere flick of a finger—you can access a website in Japan, read a South American newspaper, or make reservations at a restaurant in Paris. But what is easy for you, from your home computer, is also easy for any malicious actor who wants access to that computer, or the networks it operates on.
Whether the object is warfare, terrorism, espionage, or crime, it is no longer necessary for the malevolent actor to be anywhere near their objective. One incident makes the point that is, the discovery of malicious software—probably from China though nobody’s quite certain—found on the computer of the U.S. Secretary of Defense, at the time, Robert Gates.
Learn more about the US intelligence community.
In earlier times if a Chinese spy, or perhaps it was a Russian spy, had wanted to get access to the office of the Secretary of Defense, he or she would’ve had to pass through several checkpoints at the gates of the Pentagon, and surreptitiously made their way into his inner sanctum in the E-ring of the building.
By virtue of the structure of the Internet, the malicious actor was, in this instance, able to penetrate Secretary Gates’s computer from a distance that effectively put him or her beyond our reach.
As a consequence of all this, America, today, is more vulnerable to foreign surveillance and espionage than ever before. Foreign watchers can, in effect, peer over our shoulders, safe in their own homes, behind their own borders.
Common Questions about Hacking and Cyber Attacks
Earlier, one couldn’t be a spy without being in the country one was spying against. Today, the Internet telescopes time and space. It allows almost instantaneous action at a distance.
In the Anthem data breach, the hackers gained access to a wealth of personal data, including names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, and employment information—including income.
Given the instances of cyberattacks, one could safely say, more Americans have had their personal privacy violated by the Chinese government than by any other single entity in the world.