NSA UPDATES

Aff

Tech Leadership Advantage

1ac – asteroids impact

Cloud computing is also critical to space situational awareness – solves asteroids and debrisJohnston et al 9 [Steven, PhD in computer engineering and MEng degree in software engineering, specializes in cloud-based architecture, Kenji Takeda, Solutions Architect and Technical Manager for the Microsoft Research Connections EMEA team, has extensive experience in Cloud Computing, Hugh Lewis, professor at University of Southampton, specialist in space situational awareness, Simon Cox, professor of Computational Methods and Director of the Microsoft Institute for High Performance Computing at University of Southampton, Graham Swinerd, professor at University of Southampton, specializes in space situational awareness, “Cloud Computing for Planetary Defense”, http://eprints.soton.ac.uk/71883/1/John_09.pdf, October 2009, 3/31/15]Abstract¶ In this paper we demonstrate how a cloud-based computing architecture can be used for planetary defense

and space situational awareness (SSA ) . We show how utility compute can facilitate both a financially

economical and highly scalable solution for space debris and near-earth object impact analysis . As we improve our ability to track smaller space objects, and satellite collisions occur, the volume of objects being tracked vastly increases, increasing computational demands. Propagating trajectories and calculating conjunctions becomes increasingly time

critical, thus requiring an architecture which can scale with demand . The extension of this to tackle the problem of a future near-earth object impact is discussed, and how cloud computing can play a key role in this civilisation-threatening scenario.¶ Introduction¶ Space situational awareness includes scientific and operational aspects of space weather, near-earth objects and space debris. This project is part of an international effort to provide a global response strategy to the threat of a Near Earth Object (NEO) impacting the earth, led by the United Nations Committee for the Peaceful Use of Space (UN-COPUOS).

The impact of a NEO – an asteroid or comet – is a severe natural hazard but is unique in that technology exists to predict and to prevent it, given sufficient warning. As such, the International Spaceguard survey has identified nearly 1,000 potentially hazardous asteroids >1km in size although NEOs smaller than one kilometre remain predominantly undetected, exist in far greater numbers and impact the Earth

more frequently1. Impacts by objects larger than 100 m (twice the size of the asteroid that caused the Barringer crater in Arizona) could occur with little or no warning , with the energy of hundreds of nuclear weapons, and are “devastating at potentially unimaginable levels”2 (Figure 1). The tracking and prediction of potential NEO impacts is of international importance, particularly with regard to disaster management . Space debris poses a serious risk to satellites and space missions. Currently Space Track3 publishes the locations of about 10,000 objects that are publicly available. These include

satellites, operational and defunct, space debris from missions and space junk. It is believed that there are about 19,000 objects with a diameter over 10cm. Even the smallest space junk travelling at about 17,000 miles per hour can cause serious damage; the Space Shuttle has undergone 92 window changes due to debris impact, resulting in concerns that a more serious accident is imminent4, and the International Space Station has to execute evasion

manoeuvres to avoid debris. There are over 300,000 objects over 1cm in diameter and there is a desire to track most , if not all of these. By improving ground sensors and introducing sensors on satellites the Space Track database will increase in size.

By tracking and predicting space debris behaviour in more detail we can reduce collisions as the orbital environment becomes ever more crowded.¶ Cloud computing provides the ability to trade computation time against costs. It also favours an architecture which inherently scales, providing burst capability. By treating compute as a utility, compute cycles are only paid for when they are used. Here we present a cloud application framework to tackle space debris tracking and analysis, that is being extended for NEO impact analysis. Notably, in this application propagation and conjunction analysis results in peak compute loads for only 20% of the day, with burst capability required in the event of a collision when the number of objects increases dramatically; the Iridium-33 Cosmos-2251 collision in 2009 resulted in an additional 1,131 trackable objects (Figure 2). Utility computation can quickly adapt to these situations consuming more compute, incurring a monetary cost but keeping computation wall clock time to a constant . In the event of a conjunction event being predicted, satellite operators would have to be quickly alerted so they could decide what mitigating action to take.¶ In this work we have migrated a series of discrete manual computing processes to the Azure cloud platform to improve capability and scalability. It is the initial prototype for a broader space situational awareness platform. The workflow involves the following steps: obtain satellite position data, validate data, run propagation simulation, store results, perform conjunction analysis, query satellite object, and visualise.¶ Satellite locations are published twice a day by Space Track, resulting in bi-daily high workloads. Every time the locations are published, all previous propagation calculations are halted, and the propagator

starts recalculating the expected future orbits. Every orbit can be different, albeit only slightly from a previous estimate, but this means that all conjunction analysis has to be recomputed . The quicker this workflow is completed the quicker

possible conjunction alerts can be triggered, providing more time for mitigation .¶ The concept project uses Windows

Azure as a cloud provider and is architected as a data-driven workflow consuming satellite locations and resulting in conjunction alerts, as shown in Figure 3. Satellite locations are published in a standard format know as a Two-Line Element (TLE) that fully describes a spacecraft and its orbit. Any TLE publisher can be consumed, in this case the Space Track website, but also ground observation station data. The list of TLEs are first separated into individual TLE Objects, validated and inserted into a queue. TLE queue objects are consumed by comparator workers which check to see if the TLE exists; new TLEs are added to an Azure Table and an update notification added to the Update Queue.¶ TLEs in the update notification queue are new and each requires propagation; this is an embarrassingly parallel computation that scales well across the cloud. Any propagator can be used. We currently support NORAD SGP4 propagator and a custom Southampton simulation (C++) code. Each propagated object has to be compared with all other propagations to see if there is a conjunction (predicted close approach). Any conjunction source or code can be used, currently only SGP4 is implemented; plans are to incorporate more complicated filtering and conjunction analysis routines as they become available. Conjunctions result in alerts which are visible in the Azure Satellite tracker client. The client uses Virtual Earth to display the orbits. Ongoing work includes expanding the Virtual Earth client as well as adding support for custom clients by exposing the data through a REST interface. This pluggable architecture ensures that additional propagators and conjunction codes can be incorporated, and as part of ongoing work we intend to expand the available analysis codes.¶ The

framework demonstrated here is being extended as a generic space situational service bus to include NEO impact predictions. This will exploit the pluggable

simulation code architecture and the cloud’s burst computing capability in order to allow refinement of predictions for disaster

management simulations and potential emergency scenarios anywhere on the globe .¶ Summary¶ We have shown

how a new architecture can be applied to space situational awareness to provide a scalable robust data-driven architecture which can enhance the ability of existing disparate analysis codes by integrating them together in a common framework. By automating the ability to alert satellite owners to potential conjunction scenarios we reduce the potential of conjunction oversight and decrease the response time, thus making space safer. This framework is being extended to NEO trajectory and impact analysis to help improve planetary defencs capability for all.

Asteroid strikes are likely and cause extinctionCasey, 6/30/15 – environmental, scientific, and technological reporter for CBS News (Michael, “On Asteroid Day, raising awareness that Earth could get hit again”, CBS News, http://www.cbsnews.com/news/asteroid-day-raising-awareness-earth-could-be-hit-by-asteroids/, //11)"Asteroids are the only natural disaster we know how to prevent and protecting our planet, families and communities is the goal of Asteroid Day," said Grigorij Richters, producer of the asteroid-themed movie "51 Degrees North" and co-founder of Asteroid Day. "Asteroids teach us about the origins of life, but they also can impact the future of our species and life on Earth ."Most of what people know about asteroids comes from movies like "Deep Impact" or "Armageddon," or because they've heard that an asteroid triggered global disasters that led to the extinction of the dinosaurs 65 million years ago.But asteroids are not just the stuff of science fiction or ancient history. In January, a huge asteroid passed close to Earth - within 745,000 miles (1.2 million kilometers) of our planet. NASA said it was the closest any space rock is expected to come to Earth until asteroid 1999 AN10 flies past in 2027, but there could be other close calls scientists aren't expecting . In 2013, an asteroid exploded over Chelyabinsk, Russia - creating a fireball brighter than the sun and an explosion that was as powerful as about 40 Hiroshima-type bombs . NASA seems to concur that the threat has to be taken seriously.Earlier this month, NASA signed a deal with the National Nuclear Security Administration to look into the nuclear option should they discover that an asteroid was on a collision course with Earth. The space agency currently only tracks about 10 percent of the 1 million asteroids in our solar system with the potential to strike Earth, according to Asteroid Day.org.The European Space Agency, meanwhile, convened a meeting Tuesday with emergency response officers from Switzerland, Germany, Luxembourg, Romania, Sweden and the United Kingdom to discuss how to respond to the asteroid threat."Planets can't hit us, while comet debris doesn't survive to strike our surface. But asteroids -- chunks of stone or metal -- arrive by the thousands every day, and are responsible for nearly all of the 50,000

catalogued meteorites," Slooh astronomer Bob Berman said. "The largest asteroids are fascinating to observe, while the hazardous ones need to be watched while defenses are being conceived."In December, astrophysicist Dr. Brian May (who was also a founding member and lead guitarist of the rock band Queen) joined Lord Martin Rees, UK Astronomer Royal; Bill Nye, the Science Guy; and astronauts Rusty Schweickart, Ed Lu and Tom Jones to launch Asteroid Day. In their mission statement, they said their goal was nothing short of ensuring the survival of future generations .As part of that, they also announced the 100X Declaration, which calls for a 100-fold increase in detection and monitoring of asteroids."The more we learn about asteroid impacts, the clearer it becomes that the human race has been living on borrowed time," May said. "Asteroid Day and the 100X Declaration are ways for the public to contribute to bring about an awareness that we can get hit anytime . A city could be wiped out any time because we just don't know enough about what's out there."

2ac – detection neededAt least 10% are undetectedRobson, 7/3/15 – reporter for National Post (John, National Post, “Fear the asteroid, humanity’s greatest threat!”, http://news.nationalpost.com/full-comment/john-robson-fear-the-asteroid-humanitys-greatest-threat, //11)How big is the danger? NBC’s story on Asteroid Day noted with curious complacency that “based on a statistical analysis, NASA says it’s found more than 90 percent of the estimated 981 asteroids” a kilometre or more wide capable of annihilating civilization . So that missing nearly 10 per cent leaves, um, almost 100 lurking undetected, right guys? Plus NASA hasn’t found 90 per cent of those over 140 meters wide, let alone the “hundreds of thousands” of smaller ones still capable of smashing a city. I’d grade this “incomplete” at best.If you’re not worried yet, consider that the goal of Asteroid Day is to increase the number of near-Earth objects found from 1,000 to 100,000 a year. A year? Man, they’ll have to queue up to dive onto us.

2ac – tech discussions keyTechnical discussions about asteroids are crucial to educating the publicMorrison et al 2 – Morrison: NASA Astrobiology Institute; Harris: NASA Jet Propulsion Laboratory; Sommer: RAND Corporation; Chapman: Southwest Research Institute, Boulder; Carusi: IAS, Roma (David Morrison, Alan W. Harris, Geoff Sommer, Clark R. Chapman, Andrea Carusi, “Dealing with the Impact Hazard”, 6/8/02, http://www.disastersrus.org/emtools/spacewx/NEO_Chapter_1.pdf, //11)While NEO research embodies classic scientific objectives, studies of impact hazards form an applied science that may be judged by different criteria. In determining an NEO hazard mitigation strategy, we

must consider the reaction of society . Such considerations are familiar to specialists in other fields of natural hazard, such as meteorology (with respect to storm forecasts) and seismology. NEO hazard specialists have the added difficulty of explaining a science that is arcane (orbital dynamics) and

beyond personal experience (no impact disaster within recorded history). As the NEO community has

begun to realize, it has a social responsibility to ensure that its message is not just heard but comprehended by society at large. The adoption of the Torino Impact Scale (Binzel, 1997, 2000) was a notable first step toward public communication, although the unique aspects of NEO detection and warning (particularly the evolution of uncertainty) continue to cause communications difficulties (Chapman, 2000).

2ac – at: no deflectionWe have deflection capabilities, but detection is keyWall, 13 – senior writer at space.com (Mike, Space.com, “How Humanity Could Deflect a Giant Killer Asteroid”, 11/22/13, http://www.space.com/23530-killer-asteroid-deflection-saving-humanity.html, //11)Humanity has the skills and know-how to deflect a killer asteroid of virtually any size, as long as the

incoming space rock is spotted with enough lead time , experts say. Our species could even nudge off course a 6-mile-wide (10 kilometers) behemoth like the one that dispatched the dinosaurs 65 million years ago. We'd likely have to slam multiple spacecraft into a gigantic asteroid over a period of several decades to do the job, but the high stakes would motivate such a strong and sustained response, researchers say."If you can hit it with a kinetic impactor, you can hit it with 10 or 100 of them," former NASA astronaut Ed Lu, chairman and CEO of the nonprofit B612 Foundation, which is devoted to protecting Earth against asteroid strikes, said during a news conference last month. "And I would submit to you that if we were finding an asteroid that's going to wipe out all life on Earth, or the majority of life on Earth, that funding is not an issue for launching 100 of them," Lu added.Undiscovered asteroidsLu and four other spaceflyers spoke Oct. 25 at the American Museum of Natural History in New York City. A primary purpose of the event was to draw attention to the danger asteroids pose to human civilization and life on Earth, and to discuss ways to mitigate the threat.Earth has been pummeled by space rocks repeatedly over the eons and will continue to get hit, a reality that was reinforced in February when a 55-foot-wide (17 meters) space rock exploded in the atmosphere over the Russian city of Chelyabinsk, injuring more than 1,000 people.The Russian meteor came out of nowhere, evading detection by the various instruments that are scanning the heavens for potentially hazardous objects. And there are many more such space rocks out there, gliding through deep space unknown and unnamed. To date, scientists have discovered about 10,000 near-Earth objects , or NEOs — just 1 percent of the 1

million or so asteroids thought to come uncomfortably close to our planet at some point in their orbits.

So the top priority of any asteroid-defense effort should be a stepped-up detection campaign , Lu said.

"Our challenge is to find these asteroids first, before they find us," he said. " You cannot deflect an asteroid you haven't yet found ."

2ac – at: psychoAsteroids are real threats – psychoanalysis does not disprove our factual claims Yudkowsky, 8 – Research Fellow and Director of the Singularity Institute for Artificial Intelligence, principal contributor to the Oxford-sponsored Overcoming Biases (Eliezer, Machine Intelligence Research Institute, “Cognitive Biases Potentially Affecting Judgment of Global Risks”, https://intelligence.org/files/CognitiveBiases.pdf, //11)Robert Pirsig said: “The world’s biggest fool can say the sun is shining, but that doesn’t make it dark out.” If you believe someone is guilty of a psychological error, then demonstrate your competence by first demolishing their consequential factual errors. If there are no factual errors, then what matters

the psychology? The temptation of psychology is that, knowing a little psychology, we can meddle in arguments where we have no technical expertise—instead sagely analyzing the psychology of the disputants.If someone wrote a novel about an asteroid strike destroying modern civilization, then someone might criticize that novel as extreme, dystopian, apocalyptic; symptomatic of the author’s naive inability to deal with a complex technological society. We should recognize this as a literary criticism, not a scientific one; it is about good or bad novels, not good or bad hypotheses. To quantify the annual probability of an asteroid strike in real life, one must study astronomy and the historical record : no amount of literary criticism can put a number on it. Garreau (2005) seems to hold that a scenario of a mind slowly increasing in capability, is more mature and sophisticated than a scenario of extremely rapid intelligence increase. But that’s a technical question, not a matter of taste; no amount of psychologizing can tell you the exact slope of that curve. It’s harder to abuse heuristics and biases than psychoanalysis. Accusing someone of conjunction fallacy leads naturally into listing the specific details that you think are burdensome and drive down the joint probability. Even so, do not lose track of the real-world facts of primary interest; do not let the argument become about psychology.Despite all dangers and temptations, it is better to know about psychological biases than to not know. Otherwise we will walk directly into the whirling helicopter blades of life. But be very careful not to have too much fun accusing others of biases. That is the road that leads to becoming a sophisticated arguer—someone who, faced with any discomforting argument, finds at once a bias in it. The one whom you must watch above all is yourself. Jerry Cleaver said: “What does you in is not failure to apply some high-level, intricate, complicated technique. It’s overlooking the basics. Not keeping your eye on the ball.”Analyses should finally center on testable real-world assertions . Do not take your eye off the ball.

Safe Harbor Advantage

1ac – internal linkSurveillance programs/leaks crush/change the Safe-Harbor agreementDonohue 15 – Professor of Law, Georgetown Law and Director, Center on National Security and the Law, Georgetown Law (Lauren, HIGH TECHNOLOGY, CONSUMER PRIVACY, AND U.S. NATIONAL SECURITY, Symposium Articles, 4 Am. U. Bus. L. Rev. 11 p.45-46, 2015, Hein Online)//JJ3. Safe Harbor ConsiderationsIn the wake of the Snowden revelations , the EU Commission issued a report recommending the retention of Safe Harbor, but recommending significant changes, including required disclosure of cloud computing and other service provider contracts used by Safe Harbor members.16' The Safe Harbor provisions, developed from 1999 to 2000 by the U.S. Commerce Department, the Article 31 Committee on Data Privacy, and the European Union, created a narrow bridge between the United States and EU. At the time, the European Parliament, which did not bind the European Commission, rejected the Safe Harbor provisions by a vote of 279 to 259, with twenty-two abstentions. Chief amongst European concerns was the failure of the agreement to provide adequate protections . In light of the massive data breaches over the past five years in the United States, the practices of a largely unregulated high

technology industry, and the ubiquitous nature of NSA surveillance , Europeans are now even less

supportive of the Safe Harbor provisions . ' They amount to a self-regulated scheme in which the U.S. Federal Trade Commission looks at whether a company, which has voluntarily opted-in to the program, fails to do what it has stated it will do, within the bounds of its own privacy policy. Stronger measures

are necessary to restore European confidence in U.S. high technology companies.

Current US surveillance threatens to undermine US-EU Safe Harbor provisions—applying PPD-28 to US corporations is key to restoring trust in US corporations and passing TTIPHancock 14 – Managing Editor at Inside U.S. Trade, contributor at CSM and the Yonhap News Agency (Ben Hancock, 6/13/14, “U.S.-EU 'Safe Harbor' Talks Snag Over National Security Exception Limits,” Inside US Trade 32.24, ProQuest)//twemchenThe top U.S. and European Union officials in charge of negotiating reforms to the "Safe Harbor" framework governing

trans-Atlantic data transfers on June 10 signaled their talks are hung up over an EU demand for new U.S. assurances that it will invoke the arrangement's national security exception only in limited circumstances . Paul Nemitz, director

for fundamental rights and citizenship at the European Commission's Directorate-General for Justice, said securing U.S. commitments on this issue is at least "50 percent" of what the EU hopes to achieve overall through the negotiations to renew Safe Harbor. Deputy Assistant

Secretary for Commerce Ted Dean, Nemitz's U.S. counterpart, hinted the U.S. believes it has already having given sufficient assurances

to the EU in this regard -- albeit indirectly -- through a speech made by President Obama on Jan. 17 and corresponding Presidential Policy

Directive, known as "PPD-28," issued after revelations about National Security Agency (NSA) surveillance. The ability of both sides to

bridge their differences on how to update Safe Harbor will have a direct bearing on the ability of the European Commission in

the Transatlantic Trade and Investment Partnership (TTIP) to agree to U.S. demands for provisions permitting the free flow of data across the Atlantic . The U.S.-EU Safe Harbor framework provides a legal basis for companies to conduct

transfers of EU personal data to the U.S. that would otherwise breach EU law , provided they adhere to certain safeguards

for privacy protections. Both Nemitz and Dean spoke at an event hosted by the Center for Strategic and International Studies (CSIS). Nemitz said

the national security issue is the "elephant in the room" in the talks, which are being held this week in Washington on June

11-12. This is the case even though a November report by the European Commission identifies the national security exception as only one of 13 total recommendations to strengthen Safe Harbor, he added. Late last week, EU Justice Commissioner Viviane Reding said the Safe Harbor negotiations have progressed well on all EU recommendations with the exception of the demand that the national security exception foreseen by the Safe Harbor decision is used "only to an extent that is strictly necessary or proportionate." "And for me it is

very clear: I have made it clear to my counterparts that the 13th point must be clarified for the European Commission to

finally say that Safe Harbor is 'safe, '" Reding said on June 6. Dean said his office is working to address EU fears that U.S. authorities use the exception to conduct bulk surveillance. But he also noted the Department of Commerce has no authority by itself to offer any assurances with regard to the scope of U.S. law enforcement or intelligence-gathering activities. That authority rests with the Justice Department and U.S. intelligence agencies. Dean noted that the U.S. made immediate changes to some its policies after the revelations of NSA

surveillance. "Since the commission's report, PPD-28 made announcements about particular things that changed immediately, and

set in place several processes that continue now," Dean said. " We still have work to do ," he added, "but É the broader context is I

think changed" by what the White House has issued. He did not point to any specific provisions in PPD-28 to back up his claims. But Section 4 of that document establishes -- among other things -- that the intelligence community "shall establish policies and procedures reasonably designed to minimize the dissemination and retention of personal information." It also states generally that: "All persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and all persons have legitimate privacy interests in the

handling of their personal information." Nemitz signaled the European Commission wants a more concrete commitment than

that. "People expect to have certainty that the exemption , which is that privacy principles under Safe Harbor can be

ignored, they can be set aside, for purposes of national security, does not become the rule ," he said in an interview after the CSIS panel. "And on that, we need assurances that only if necessary and proportional for national security these rules can be set aside. This has to be

[made concrete]. How it is done remains to be seen," Nemitz added. He held open the possibility that this could be done through new

U.S. legislation limiting bulk collection of company data -- something that observers say is a distant prospect. But the EU

official was unequivocal in saying that, whatever the U.S. puts forward, it has to be able to pass muster before the European

Parliament and the general public. "One thing is clear: we need commitments and certainty in this respect, because otherwise the basic purpose of the Safe Harbor, which is to ensure a higher level of protection of Europeans, is undermined by generalized

bulk collection, and that's not going to stand the test before the European Parliament in particular." Safe Harbor was originally negotiated between Commerce and the European Commission in 2000. It provides a way for firms operating in Europe to legally transfer data on EU citizens back to the jurisdiction of the U.S., despite the commission's determination that the U.S. legal regime does not provide "adequate" protections for consumer privacy. Over 3,000 companies participate in the program, including technology giants like Google, but other types of firms also use the framework to be able to transfer human resources data and similar information. Since former NSA contractor Edward Snowden leaked information about the agency's activities last year, however, the agreement has come under fire from Reding and members of the European Parliament as providing a loophole through which U.S. authorities could gather data on EU citizens via online services

providers like Google and Skype. One other recommendation having to do with access by U.S. authorities to Safe Harbor participants'

data in the commission's report was that companies "should include information on the extent to which U.S. law

allows public authorities to collect and process data transferred under the Safe Harbor." Reding's comments on June 6

suggest this has not been a sticking point. The other 11 recommendations put forward by the EU primarily relate to transparency , redress , and enforcement of the Safe Harbor mechanism. Dean said in May remarks at the U.S. Chamber of

Commerce that many of the suggestions -- especially those related to transparency -- are uncontroversial for the U.S. (Inside U.S. Trade, May 23). Dean reiterated his earlier point, made in May, that for other recommendations that may be difficult for the U.S. government and industry to accept, Commerce is trying to find alternate ways to address the underlying worries of the EU. One suggestion that has caused U.S. companies alarm would require Safe Harbor participants to "publish privacy conditions of any contracts they conclude with subcontractors," such as those providing cloud-computing services. Industry experts have said that companies -- especially large firms with dozens of vendors -- would likely be wary of disclosing the terms of private contracts for varying commercial reasons. Nemitz stressed that making sure that subcontractors are not outside the scope of the Safe Harbor obligations is a critical EU demand, but seemed to signal flexibility in terms of how this is implemented. "We have to make sure that [subcontractors] cannot be used ... to evade the Safe Harbor principles. We're talking in that context about an obligation to make things visible, so that people can see that the basic principles are not evaded," he said. "I'm pretty sure that everybody understands this, and we will find a solution on this."

2ac – xt: surveillance kills safe harbor

Continued NSA surveillance ruptures EU-US trust Wright and Kreissl, 13 – American writer, holds a B.A. from Carleton College and an M.F.A from the MFA Program for Poets & Writers; sociologist, co-editor of “Surveillance in Europe”, authored several articles on social control, public security, and welfare state theory (David and Reinhard, “European responses to the Snowden revelations: A discussion paper”,Increasing Resilience in Surveillance Societies, December, 2013, http://irissproject.eu/wp-content/uploads/2013/12/IRISS_European-responses-to-the-Snowden-revelations_18-Dec-2013_Final.pdf)//TTWhen people became aware of how massive the surveillance of virtually everyone had become, among the reactions was not only outrage and fury, but also of an “enormous loss of trust”, as Elmar Brok, the chairman of the Foreign Affairs Committee at the European Parliament, put it.36 The theme of trust was repeated by many others. For example, German federal data protection commissioner Peter Schaar was quoted as saying that “If we want to return to a relationship based on trust, it will require serious effort… Officially the Americans said that they respected German law. Now we know that was not the case.”37The breakdown of trust is often accompanied by embarrassment, but the embarrassment was not just in Washington. The revelations also caused embarrassment in Europe. In the summer of 2013, German Chancellor Angela Merkel defended the US, when it became known that the NSA had the whole of the German population as a target of mass surveillance. But when Merkel discovered that the US had been listening in on even her mobile calls, she rose to anger. However, she also found herself, somewhat embarrassingly, having to fend off criticism within her country that she had failed to react vigorously to the initial disclosures of extensive American eavesdropping on millions of Germans, and really became engaged only after her own personal privacy was violated.38Merkel demanded that Washington reach a “no-spying” agreement with Berlin and Paris by the end of 2013, even though more than 90 per cent of Germans think that the Americans would breach a no-spying agreement anyway and continue their surveillance activities, according to a survey by public broadcaster ARD and Die Welt. 39US federal regulators have recognised that the NSA revelations have been damaging to USEurope relations: Federal Trade Commissioner Julie Brill said (in October 2013): “There is no doubt that the revelations about the National Security Agency’s surveillance programs have severely tested the close friendship between the United States and many of our European colleagues.”40

US circumvention in EU-US Safe Harbor agreement undermines EU privacy regime Wright and Kreissl, 13 – American writer, holds a B.A. from Carleton College and an M.F.A from the MFA Program for Poets & Writers; sociologist, co-editor of “Surveillance in Europe”, authored several articles on social control, public security, and welfare state theory (David and Reinhard, “European responses to the Snowden revelations: A discussion paper”,Increasing Resilience in Surveillance Societies, December, 2013, http://irissproject.eu/wp-content/uploads/2013/12/IRISS_European-responses-to-the-Snowden-revelations_18-Dec-2013_Final.pdf)//TTThe Snowden revelations have put the proposed Safe Harbor agreement in trouble – again. The Safe Harbor agreement between the US and EU came into operation in 2000 after the EU determined that US standards were “inadequate” in meeting the data protection principles of the EU’s Data Protection

Directive of 1995. The agreement allows US companies that want to handle or store European citizens’ data to self-certify annually with the Department of Commerce that they will abide by the standards. The FTC is tasked with enforcing breaches of that agreement. European regulators became more vocal in their criticism of the framework following the first Snowden revelations, pointing out that Safe Harbor specifically provides for exemptions “to the extent necessary to meet national security, public interest or lawenforcement requirements”. However, such exemptions are a kind of Trojan horse which allow questionable activity not always in the public interest, even though security agencies say it is. Who is going to challenge them if such activities are not subject to public scrutiny or effective oversight?Some EU officials, alarmed by reports of the NSA’s access to Internet companies, say Safe Harbor gives US companies a way to evade the EU’s more stringent privacy regime.66 European Parliament member Jan Philipp Albrecht told US officials in October 2013 that the agreement allows U.S companies to “circumvent” democratically established law. Albrecht said Europe “shouldn’t allow our standards to be undermined by certain loopholes”, which he said the Safe Harbor agreement facilitates.67German federal data protection commissioner Peter Schaar called the Safe Harbor agreement a “fiction,” given how much technology and the flow of information have changed in the past decade and how many new regulations Washington has drawn up since the treaty was signed. “Consequently, I do not think it is right that we continue to facilitate the transfer of data into the USA,” Schaar said. The agreements “must be renegotiated, and must include reasonable protections against eavesdropping by state and secret services.”68In addition to their critique of Safe Harbor’s lack of stringency, European regulators and others have attacked the agreement on the grounds that it is poorly enforced. EU officials released two reports critical of the program’s enforcement in 2002 and 2004. Australian consulting firm Galexia reported hundreds of Safe Harbor violations in a 2008 report that criticised both the EU and the US for not taking enforcement more seriously. Indeed, the FTC did not bring its first enforcement under Safe Harbor rules until 2009, and its batch of seven enforcement actions that year targeted companies for falsely advertising their Safe Harbor certification, not for any failures to protect Europeans’ data. Since then, the FTC has brought three Safe Harbor enforcement actions against Facebook, Google and MySpace.69 Other testimony to the LIBE committee contends that “The Safe Harbor does not (and cannot) cover major categories of data that appear to be the subject of surveillance, including financial records, travel records, and significant portions of voice and data traffic carried by US telecommunications providers.”70In late November 2013, the European Commission released a Communication which was critical of the Safe Harbor Agreement, but did not completely sink it.71 The Communication concludes thatDue to deficiencies in transparency and enforcement of the arrangement, specific problems still persist and should be addressed: a) transparency of privacy policies of Safe Harbour members, b) effective application of Privacy Principles by companies in the US, and c) effectiveness of the enforcement. Furthermore, the large scale access by intelligence agencies to data transferred to the US by Safe Harbour certified companies raises additional serious questions regarding the continuity of data protection rights of Europeans when their data in transferred to the US.

2ac – safe harbor solves privacy

Safe Harbor is key to privacy protectionGreer 11 – Safe Harbor Program, US administration (Damon, “Safe Harbor—a framework that works”, International Data Privacy Law, 5/26/11, http://idpl.oxfordjournals.org/content/1/3/143.full.pdf+html)//DBICritics also fail to understand the key role the Safe Harbor has played in raising awareness and acceptance of privacy protection in the USA. At the time Safe Harbor was enacted, many such companies in the USA were deeply sceptical that legal regulation of privacy would actually be workable in an increasingly globalized and fast-paced business environment. As the current discussion concerning privacy regulation in the USA demonstrates, many US companies have completely changed their positions, and now accept the need for some regulation as a way to build consumer confidence and deal with cases that self-regulation cannot. In addition, privacy compliance has become widely accepted among globalized US companies as essential to protect personal data and avoid legal liability.Discussions with the chief privacy officers of US companies and anecdotal evidence leave no doubt that the experience of having to implement privacy protections under the Safe Harbor was crucial in leading to greater acceptance of privacy compliance and protection among the US business community over the past ten years. It has instilled into corporations the importance of safeguarding personal data and has contributed to the development, growth, and adoption of strategic information business practices that integrate the corporation’s principal divisions up to the executive level in devising comprehensive codes of conduct to protect personal data. Examples of the commitment to apply Safe Harbor privacy principles to corporate policies include the following observations from executives in the privacy arena:

1ar – xt: safe harbor solves privacy

Safe Harbor effectively protects privacyGreer 11 – Safe Harbor Program, US administration (Damon, “Safe Harbor—a framework that works”, International Data Privacy Law, 5/26/11, http://idpl.oxfordjournals.org/content/1/3/143.full.pdf+html)//DBIThe Safe Harbor Framework’s structure is founded on a self-regulatory regime based on a sector-specific approach and linked with federal enforcement primarily based on the FTC’s section 5 authority under the FTC Act of 1914 governing deceptive and unfair trade practices (enforcement is undertaken instead by the US Department of Transportation in the case of Safe Harbor members who are subject to its jurisdiction rather than that of the FTC). Organizations are under no compulsion to join Safe Harbor and their commitment to adhere to the principles and the fifteen FAQs is voluntary. Furthermore, the FTC has committed to give priority attention to complaints referred to it by the EU data protection authorities’ dispute resolution panel on behalf of EU citizens. In recent years, FTC enforcement has become increasingly involved in privacy disputes, including those involving Safe Harbor (see above), and its enforcement power is much feared among US companies. In the early years of Safe Harbor’s existence, few self- certifications were received from the business community. Perhaps influenced by the lack of predictability of EU member states’ enforcement of national data protection laws, or lack of awareness of the data privacy legal framework in the European Union, Safe Harbor as a tool to promote compliance was underutilized. However, since then the Safe Harbor has continually evolved, and its use is much more sophisticated than it was ten years ago. Companies now routinely spend considerable amounts of money and time complying with the Safe Harbor principles, so that compliance goes much farther than simply ‘checking the box’, a point with critics of Safe Harbor fail to realize.

2ac – at: companies ignore safe harbor

Companies have incentives to adhere to Safe Harbor—economics and trustGreer 11 – Safe Harbor Program, US administration (Damon, “Safe Harbor—a framework that works”, International Data Privacy Law, 5/26/11, http://idpl.oxfordjournals.org/content/1/3/143.full.pdf+html)//DBICritics of Safe Harbor also fail to take into account the costs of complying with it, and those of failing to comply with the law. In February 2011, the Ponemon Institute issued a study entitled ‘Cost of Compliance: Benchmark Study of Multinational Organizations’ (the text of the study is available at ,http://www.tripwire. com/ponemon-cost-of-compliance/pressKit/ True_Cost_of_Compliance_Report.pdf . , accessed 27 April 2011; see also ,http://www.ponemon.org.). The study examined the compliance practices of 46 multinational organizations and sought to quantify the costs associated with both compliance and non-compliance with selected data protection and privacy regulatory requirements (compliance with the EU Directive was covered in the study). The findings indicated that average compliance costs were US$3.5 million, and the costs for non-compliance with laws was nearly three times higher ($9.4 million), with a range from $1.4 million to $28 million. The per capita compliance cost was $222 per employee, and the per capita non-compliance cost was $820 per employee. Clearly, it is in the interest of the organization to comply with data protection laws wherever they may be encountered.In addition, the harm done to trust and reputation by failing to comply with data protection regimes (as noted by UK Information Commissioner Christopher Graham in his presentation at the ‘23rd Annual Inter- national Conference 2010 Privacy Practices on Trial’ conference in Cambridge, UK) is, in many ways, incalculable and ultimately erodes an organization’s presence in the global marketplace and imperils its competitiveness. Today, any organization that builds a solid compliance regime irrespective of the legal framework under which it functions will gain a competitive edge as new technologies, applications, and processes emerge. To do otherwise would, as the Ponemon study clearly points out, cause the business greater, long-term harm.

2ac – safe harbor solves terrorResolving NSA-based Safe Harbor disputes is crucial to combatting terrorism – opens global data flowsArchick, 14 – specialist in European affairs (Kristin, Congressional Research Service, “U.S.-EU Cooperation Against Terrorism”, 12/1/14, https://www.fas.org/sgp/crs/row/RS22030.pdf, //11)Although the United States and the EU both recognize the importance of sharing information in an

effort to track and disrupt terrorist activity, data privacy has been and continues to be a key U.S.-EU sticking point. As noted previously, the EU considers the privacy of personal data a basic right; EU data privacy regulations set out common rules for public and private entities in the EU that hold or transmit personal data, and prohibit the transfer of such data to countries where legal protections are not deemed “adequate.” In the negotiation of several U.S.-EU information sharing agreements, some EU officials have been concerned about whether the United States could guarantee a sufficient level of protection for European citizens’ personal data. In particular, some Members of the European Parliament (MEPs) and many European civil liberty groups have long argued that elements of U.S.-EU information-sharing agreements violate the privacy rights of EU citizens. The unauthorized disclosures since June 2013 of U.S. National Security Agency ( NSA) surveillance programs and the spate of subsequent allegations of U.S. collection activities in Europe (including reports that U.S. intelligence agencies have monitored EU diplomatic offices and computer networks, as well as German Chancellor Angela Merkel’s mobile phone) have strained transatlantic trust and exacerbated EU worries about U.S. data protection safeguards.

surv hurts trade agreements

Crushes global trade agreements – TTIP and TPPDonohue 15 – Professor of Law, Georgetown Law and Director, Center on National Security and the Law, Georgetown Law (Lauren, HIGH TECHNOLOGY, CONSUMER PRIVACY, AND U.S. NATIONAL SECURITY, Symposium Articles, 4 Am. U. Bus. L. Rev. 11 p.18-20, 2015, Hein Online)//JJ B. Trade AgreementsThe NSA programs, and media coverage of them, have further impacted bi- and multi-lateral trade

negotiations , undermining U.S. economic security. Consider two of the most important talks currently

underway: the Transatlantic Trade and Investment Partnership ( TTIP ) and the Trans- Pacific Partnership

( TPP ).TTIP is a trade and investment negotiation that is being conducted between the European Commission and the United States. The purpose of the agreement is to create better trade relations between the two region, enabling companies on both sides of the Atlantic to thrive. The revelations about NSA activities have had a profound impact on the negotiations. In March 2014 the European Parliament passed a resolution noting "the impact of mass surveillance." It stated, "the revelations based on documents leaked by former NSA contractor Edward Snowden put political leaders under the obligation to address the challenges of overseeing and controlling intelligence agencies in surveillance activities and assessing the impact of their activities on fundamental rights and the rule of law in a democratic society.'' It recognized that the programs had undermined "trust between the EU and the US as transatlantic partners ." Not least were concerns that the information could be used for "economic and industrial espionage"-and not merely for the purpose of heading off potentially violent threats. Parliament strongly emphasized, "given the importance of the digital economy in the relationship and in the cause of rebuilding EU- US trust," that its "consent to the final TTIP agreement could be endangered as long as the blanket mass surveillance activities and the interception of communications in EU institutions and diplomatic representations are not completely abandoned and an adequate solution is found for the data privacy rights of EU citizens." The resolution underscored that any agreement to TTIP would hinge on the protection of the data privacy rights as reflected in the protection of fundamental rights in the EU Charter.Even if the surveillance programs do not entirely derail TTIP, they have the potential to significantly retard negotiations. Much is at stake. The Center for Economic Policy Research in London, for instance, estimates that a successful TTIP could improve U.S. workers' wages, provide new jobs, and increase the country's GDP by $100 billion per year. Another study, conducted by the Bertelsmann Foundation, suggests that TTIP "could increase GDP per capita in the United States by 13 percent over the long term. To the extent that the programs weaken the U.S. position in the negotiations, the impact could be

significant . Although the United States Trade Representative is trying to counter the political fallout from the NSA debacle by putting local data protection initiatives on the table in the TTIP negotiations, the EU has steadfastly resisted any expansion into this realm . TPP, in turn, is a trade agreement that the United

States is negotiating with 11 countries in the Asia-Pacific region (Australia, Brunei Darussalam,Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, and Vietnam). TPP (with participation of Japan), accounts for nearly 40% of global GDP, about 1/3 of world trade. Two of the United States' objectives in these negotiations are directly implicated by the Snowden releases : e-commerce / telecommunications, and intellectual property rights.The NSA programs relate to a number of categories under e- commerce -such as rules preventing discrimination based on the country of origin, and efforts to construct a single, global Internet. Nevertheless, as discussed below, some of the countries involved in TPP have already adopted data localization laws. The NSA programs have thus weakened the United States' negotiation position in these discussions, by making it more difficult to reach agreement in key areas.In addition to e-commerce considerations, as part of the TPP negotiations, the United States has prioritized intellectual property rights. Some 40 million American jobs are directly or indirectly tied to "IP- intensive" industries. These jobs tend to be high-paying and stimulate approximately 60% of U.S. merchandise exports, as well as a significant portion of services. Efforts to make progress in TPP by developing stronger protections for patents, trademarks copyrights, and trade secrets- including safeguards against cyber theft of trade secrets-is made more perilous by the existence of the NSA

programs .

2ac – ttip kt us-eu relations

TTIP is key to US-EU relationsHamilton and Quinlan 15 - Director and Senior Fellow, respectively, at the Johns Hopkins University Center for Transatlantic Relations, and co-authors of The Transatlantic Economy 2015 (Daniel and Joseph, “More than trade, TTIP leads to confident Atlanticism”, EurActiv.com, 3/18/15, http://www.euractiv.com/sections/trade-society/more-trade-ttip-leads-confident-atlanticism-313006)//DBIThe US-EU Transatlantic Trade and Investment Partnership (TTIP) is generating more heat than light when it comes to most European debates, which tend to cast TTIP as yet another free trade agreement. Yet TTIP is about more than trade. It is about creating a more strategic, dynamic and holistic US-EU relationship that is more confident, more effective at engaging third countries and addressing regional and global challenges, and better able to strengthen the ground rules of the international order.To the extent that TTIP can help generate jobs, spark growth and reinvigorate the US and European economies, it promises to renew confidence among publics and elites and ameliorate some of the political dysfunction afflicting many Western societies. Greater confidence and economic vigor at home, in turn, has the potential to increase the magnetic pull of Western values elsewhere, underwrites US and EU diplomatic capacity, and enhances possibilities for strategic outreach.TTIP can also reassure each side of the Atlantic about each other. Europeans are more likely to have greater faith in America's security commitments if they are anchored by strong trade and investment

links . TTIP would be an important US validation of EU legitimacy, while reassuring Americans that the EU is looking outward rather than inward.

2ac – ttip kt deter rising powers

TTIP is key to deter rising powers from challenging the global order—specifically, China and RussiaHamilton and Quinlan 15 - Director and Senior Fellow, respectively, at the Johns Hopkins University Center for Transatlantic Relations, and co-authors of The Transatlantic Economy 2015 (Daniel and Joseph, “More than trade, TTIP leads to confident Atlanticism”, EurActiv.com, 3/18/15, http://www.euractiv.com/sections/trade-society/more-trade-ttip-leads-confident-atlanticism-313006)//DBISecond, TTIP is important in terms of how the transatlantic partners together might best relate to rising

powers . Whether those powers choose to challenge the current international order and its rules or promote themselves within it depends significantly on how the US and Europe engage, not only with them but also with each other. The stronger the bonds among core democratic market economies, the better their chances of being able to engage rising partners as responsible stakeholders in the international system. The looser or weaker those bonds are, the greater the likelihood that rising

powers will challenge this order . TTIP has particular meaning for US and EU relations with China . TTIP is lazily portrayed as an effort to confront and isolate China. Yet is less about containing China than about the terms and principles guiding China's integration and participation in the global order. China's burgeoning trade with both the United States and Europe attests to US and EU interest in engaging China, not isolating it. Yet Beijing has yet to embrace some basic tenets of the international rules-based order. TTIP, TPP and related initiatives are important instruments to help frame Beijing's choices -- by underscoring China's own interests in an open, stable international system as well as the types of norms and standards necessary for such a system to be sustained.TTIP is also important with regard to US and EU relations with Russia and Eurasia . TTIP is a values-

based, rules-based initiative that is likely to strengthen Western economic and social cohesion , reinforce US commitment to Europe , strengthen transatlantic energy ties , and contribute to greater

attractiveness of the Western model . TTIP would also bolster the resilience of central and east

European economies, stimulate US investment and enable such countries to more easily resist Russian

encroachment . These changes are likely to resonate across Wider Europe, especially Ukraine, Moldova, Georgia and even Belarus.This is anathema to the current leadership in the Kremlin. TTIP presents a huge challenge to the Kremlin's efforts to divide Europeans from Americans. It offers something that the Kremlin cannot match: a transparent, mutually beneficial agreement that creates a rules-based framework for

international cooperation . A reinvigorated transatlantic marketplace among highly-connected, highly-competitive democracies, whose people enjoy greater economic growth and rising standards of living, would challenge the Kremlin's version of ''managed democracy'' and render Russia’s own one-dimensional natural-resource-based economic model unattractive. Greater US-EU energy cooperation would blunt Russia's monopolistic approach to European energy markets. And if such benefits extended

to non-EU neighbors, particularly Ukraine, Russians themselves are likely to ask why their own country can't be better run.

2ac – ttip kt international order

TTIP is key to sustain the international rules-based orderHamilton and Quinlan 15 - Director and Senior Fellow, respectively, at the Johns Hopkins University Center for Transatlantic Relations, and co-authors of The Transatlantic Economy 2015 (Daniel and Joseph, “More than trade, TTIP leads to confident Atlanticism”, EurActiv.com, 3/18/15, http://www.euractiv.com/sections/trade-society/more-trade-ttip-leads-confident-atlanticism-313006)//DBIThird, TTIP can help strengthen the international rules-based order. Europeans and Americans share an interest in extending prosperity through multilateral trade liberalization. But the Doha Round is stuck and the WTO system is under challenge. EU and US officials are using TTIP to unblock the WTO Doha negotiations, jumpstart multilateral negotiations, and extend the multilateral system it to new areas.

TTIP could result in clearer, transparent rules of origin that could facilitate global trade and serve as a

common public good. It could pioneer new ways to ensure high standards for consumers, workers,

companies and the environment while sustaining the benefits of an open global economy. Without TTIP, Americans and Europeans could become standard-takers rather than standard-makers.

2ac – eu-us rels impact filterA strong US-European alliance serves as a global stabilizing powerNSS, 15 – National Security Strategy (White House, “National Security Strategy”, February 2015, https://www.whitehouse.gov/sites/default/files/docs/2015_national_security_strategy.pdf, //11)Strengthen Our Enduring Alliance with EuropeThe United States maintains a profound commitment to a Europe that is free, whole, and at peace. A strong Europe is our indispensable partner, including for tackling global security challenges ,

promoting prosperity , and upholding international norms . Our work with Europe leverages our strong and historic bilateral relationships throughout the continent . We will steadfastly support the aspirations of countries in the Balkans and Eastern Europe toward European and Euro-Atlantic integration, continue to transform our relationship with Turkey, and enhance ties with countries in the Caucasus while encouraging resolution of regional conflict.NATO is the strongest alliance the world has ever known and is the hub of an expanding global security network. Our Article 5 commitment to the collective defense of all NATO Members is ironclad, as is our commitment to ensuring the Alliance remains ready and capable for crisis response and cooperative security. We will continue to deepen our relationship with the European Union (EU), which has helped to promote peace and prosperity across the region, and deepen NATO-EU ties to enhance transatlantic security. To build on the millions of jobs supported by transatlantic trade, we support a pro-growth agenda in Europe to strengthen and broaden the region’s recovery, and we seek an ambitious T-TIP to boost exports, support jobs, and raise global standards for trade.Russia’s aggression in Ukraine makes clear that European security and the international rules and norms against territorial aggression cannot be taken for granted. In response, we have led an international effort to support the Ukrainian people as they choose their own future and develop their democracy and economy. We are reassuring our allies by backing our security commitments and increasing responsiveness through training and exercises, as well as a dynamic presence in Central and Eastern Europe to deter further Russian aggression. This will include working with Europe to improve its energy security in both the short and long term . We will support partners such as Georgia, Moldova, and Ukraine so they can better work alongside the United States and NATO, as well as provide for their own defense.And we will continue to impose significant costs on Russia through sanctions and other means while countering Moscow’s deceptive propaganda with the unvarnished truth. We will deter Russian aggression , remain alert to its strategic capabilities, and help our allies and partners resist Russian

coercion over the long term , if necessary. At the same time, we will keep the door open to greater collaboration with Russia in areas of common interests, should it choose a different path—a path of peaceful cooperation that respects the sovereignty and democratic development of neighboring states.

2ac – at: safe harbor badSafe Harbor is good to go – their authors have a flawed understanding of the programFPF, 13 – Future of Privacy Forum (“The US-EU Safe Harbor: An Analysis of the Framework’s Effectiveness in Protecting Personal Privacy”, December 2013, http://www.futureofprivacy.org/wp-content/uploads/FPF-Safe-Harbor-Report.pdf, //11)As this report will show, these criticisms of the Safe Harbor program are largely unfounded .40 While the Safe Harbor program surely could be strengthened, as is the case with nearly every privacy regime, a close look at the experience that companies have had with the Safe Harbor reveals that the program has been largely successful in achieving its stated twin goals of protecting privacy while promoting international data transfer.41 The success of the Safe Harbor can be seen in three distinct areas. First, the program has grown significantly since its inception, underlying the importance of trans-Atlantic data flows. Second, US companies have increased privacy protections for individuals by making modifications to their privacy practices in order to comply with the Safe Harbor’s requirements. Third, there are strong enforcement mechanisms in place – in the form of both the FTC and third-party dispute resolution providers – to ensure that when individuals complain that a Safe Harbor participant is failing to live up to its obligations, such complaints are satisfactorily addressed. Many critics have unfairly attacked the Safe Harbor based on a misunderstanding of the program and its goals, and many of the recent criticisms reflect a misunderstanding of the relationship between the program and the NSA’s surveillance practices. In fact, suspending the Safe Harbor’s protections would negatively impact both the personal privacy of EU citizens and international trade. The Future of Privacy Forum (FPF) therefore suggests that rather than dismantling the Safe Harbor, the US and EU make specific reforms to the program to increase transparency and enhance efforts on both sides of the Atlantic to police compliance.

Cybersecurity Advantage

1ac – cybersecurity

Cyber attacks on the horizon- threaten international escalationHeyward 5/20, cyberterror analyst and contributor at BreitBart, (John, CYBERTERRORISM IS THE NEXT ‘BIG THREAT,’ SAYS FORMER CIA CHIEF, http://www.breitbart.com/national-security/2015/05/20/cyberterrorism-is-the-next-big-threat-says-former-cia-chief/)//AKMany experts reckon the first cyberwar is already well under way. It’s not exactly a “cold war,” as the previous generation understood the term, because serious damage valued in millions of dollars has been done, and there’s nothing masked about the hostile intent of state-sponsored hackers. What has been masked is the sponsorship.Every strike has been plausibly deniable, including whitehat operations such as the nasty little Stuxnet bug Iran’s nuclear weapons program contracted a few years back. Cyberwar aggressors like Russia and China officially claim to be interested in peace and security.The cyberwar could get much hotter soon, in the estimation of former CIA counter-intelligence director Barry Royden, a 40-year intel veteran, who told Business Insider the threat of cyberterrorism is pervasive, evasive, and so damned invasive that, sooner or later, someone will give into temptation, pull the trigger, and unleash chaos.Effective security against a massive attack by militarized hackers is “extremely difficult – in fact, it’s impossible,” according to Royden. “Everyone is connected to everyone, and as long as you’re connected you’re vulnerable. And there are firewalls, but every firewall is potentially defeatable, so it’s a nightmare in my mind. You have to think that other governments have the capability to bring down the main computer systems in this country, power grids, hospitals, or banking systems – things that could cause great economic upheaval and paralyze the country.”There are, in fact, excellent reasons to believe hostile governments have the capability Royden describes. Even top-level systems at the State Department and White House have been penetrated by hackers, in what appear to be exploratory operations. North Korea, a relatively small cyberwar player, did a horrific amount of damage to Sony Pictures, possibly with the help of insiders. We don’t know how many “insiders” there are. Not only is hacker warfare fought on an entirely new battleground, but it adds new dimensions to old-school espionage.Some non-governmental hacking incidents could be a result of military hacking units polishing their skills. Last week, Penn State University announced it was hit by “two sophisticated hacking attacks, one of which cyber-security experts say originated in China,” according to NBC News. The personal information of some 18,000 students and university employees was jeopardized. The university had to disconnect its systems completely from the Internet to deal with the threat.Unplugging from the Internet won’t be an option if systems across the nation, including vital infrastructure systems, are hit simultaneously by a massive attack.Penn State University President Eric J. Barron put the problem in perspective by vowing to “take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage.”The extent of the risk to our nation’s physical infrastructure was highlighted when security researcher Chris Roberts was removed from a United Airlines plane last month, because he was passing his time on the tarmac tweeting about the plane’s security vulnerabilities.

Popular Science notes that the Government Accountability Office recently published a report “highlighting the potential dangers posed by hackers using commercial airlines’ onboard wireless communications networks, including Wi-Fi, as a possible attack vector.”Roberts previously claimed to have hacked the International Space Station and taken control of its thermostat, and he thought he might have a shot at hacking the Mars rover.Economic infrastructure is equally at risk. The Federal Reserve Bank of St. Louis confirmed on Tuesday that its systems were breached by hackers, “redirecting users of its online research services to fake websites set up by the attackers,” as reported by the New York Times.

Cyberterrorism is the most likely impact – will have catastrophic ramificationsBucci 09 - Dr. Steven P. Bucci is IBM's Issue Lead for Cyber Security Programs and a part of the Global Leadership Initiative, the in-house think tank for IBM's public-sector practice. He most recently served as Deputy Assistant Secretary of Defense, Homeland Defense and Defense Support to Civil Authorities. (Steven, “The Confluence of Cyber Crime and Terrorism”, The Heritage Foundation, June 12, 2009, http://www.heritage.org/research/lecture/the-confluence-of-cyber-crime-and-terrorism//DM)Terrorists will recognize the opportunity the cyber world offers sooner or later. They will also recognize that they need help to properly exploit it. It is unlikely they will have the patience to develop their own completely independent capabilities. At the same time, the highly developed, highly capable cyber criminal networks want money and care little about the source.This is a marriage made in Hell. The threat of a full nation-state attack, either cyber or cyber-enabled kinetic, is our most dangerous threat. We pray deterrence will continue to hold, and we should take all measures to shore up that deterrence.Terrorists will never be deterred in this way. They will continue to seek ways to successfully harm us, and they will join hands with criminal elements to do so. A terrorist attack enabled by cyber crime capabilities will now be an eighth group of cyber threats, and it will be the most likely major event we

will need to confront.Some would say that cyber crime is a purely law enforcement issue, with no national security component. That is a dubious "truth" today. This is not a static situation, and it will definitely be more dangerously false in the future. Unless we get cyber crime under control, it will mutate into a very real, very dangerous national security issue with potentially catastrophic ramifications . It would be far better to address it now rather than in the midst of a terrorist incident or campaign of incidents against one of our countries.Terrorism enabled by cyber criminals is our most likely major cyber threat. It must be met with all our

assets.

Our evidence is backed by expertsCarney 14 – Jordain Carney is a defense reporter at National Journal. She previously worked as a staff writer for the Hotline, covering congressional and gubernatorial elections in the South. Jordain graduated from the University of Arkansas with a bachelor’s degree in English, political science, and journalism. (Jordain, “Defense Leaders Say Cyber is Top Terror Threat”, National Journal, January 6, 2014, http://www.nationaljournal.com/defense/defense-leaders-say-cyber-is-top-terror-threat-20140106//DM)

Defense officials see cyberattacks as the greatest threat to U.S. national security, according to a survey released Monday.Forty-five percent of respondents to the Defense News Leadership Poll named a cyberattack as the

single greatest threat—nearly 20 percentage points above terrorism, which ranked second.The Defense News Leadership Poll, underwritten by United Technologies, surveyed 352 Defense News subscribers, based on job seniority, between Nov. 14 and Nov. 28, 2013. The poll targeted senior employees within the White House, Pentagon, Congress, and the defense industry."The magnitude of the cyber problem, combined with declining budgets, will challenge the nation for years to come," said Vago Muradian, the editor of Defense News.It's not the first time cyber has ranked at or near the top of a list of security concerns. Seventy percent of Americans called a cyberattack from another country a major threat in a Pew Research Center survey released last month.Defense Department officials, for their part, have warned about the increasing threat. FBI Director James Comey, Rand Beers, the then-acting secretary for the Homeland Security Department, and Gen. Keith Alexander, director of the National Security Agency, each voiced their concerns before Congress last year.And House Intelligence Committee Chairman Mike Rogers, R-Mich., called it the "largest national security threat to the face the U.S. that we are not even close to being prepared to handle as a country."

NSA overreach makes cyber-security impossible – 2 internal links

First is overreach – NSA surveillance of American companies undercuts cybersecurity – creates vulnerabilitiesKehl 14 - Danielle Kehl is a Policy Analyst at New America’s Open Technology Institute (OTI) (Danielle, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity”, New America’s Open Technology Institute, https://www.newamerica.org/downloads/Surveilance_Costs_Final.pdf//DM)

In addition to influencing standards-setting bodies, the NSA also goes straight to American and international tech companies to ensure that it can exploit vulnerabilities in their products. The NSA spends $250 million a year—more than 20 times what it spends on the much-discussed PRISM program—on a project to develop relationships with companies in order to weaken standards and convince them to insert backdoors into their products. According to documents released by ProPublica, the NSA’s SIGINT Enabling Project “actively engages the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs. These design changes make the systems in question exploitable through SIGINT collection.”262 The Fiscal Year 2013 budget documents indicate that the goals of the project include inserting vulnerabilities into commercial encryption systems, IT networks, and communications devices as well as making it easier to exploit next generation encryption used for 4G wireless networks. The documents reference “continued partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” and other relationships with commercial IT providers.263 One of the goals for that year is to “shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS [Central Security Service].”264 Programs like SIGINT Enabling are a central piece of the NSA’s covert strategy to weaken commercial encryption, demonstrating how the agency switched from a public approach for a government mandate in the 1990s to developing a set of private

partnerships with the tech industry over the past two decades. “Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,” explains Bruce Schneier. “If the back door is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.”265Beyond SIGINT Enabling, the NSA appears to have other programs aimed at leveraging private sector relationships to insert and maintain vulnerabilities in commercial products as well. According to The Guardian, the NSA’s Commercial Solutions center—the program which offers technology companies an opportunity to have their security products assessed and presented to prospective government buyers266—is also quietly used by the NSA to “leverage sensitive, co-operative relationships with specific industry partners” to insert vulnerabilities into those security tools.267 Similarly, a general classification guide details the relationships between industry partners and the NSA, as well as the agency’s ability to modify commercial encryption software and devices to “make them exploitable” and obtain otherwise proprietary information about the nature of company’s cryptographic systems.268 Even before SIGINT Enabling was disclosed, The Guardian reported that the NSA worked with Microsoft directly to circumvent the encryption on popular services including Skype, Outlook, and SkyDrive,269 although Microsoft denies those allegations.270 New information has also come to light about backdoors planted in foreign-bound network routers from companies like Cisco, apparently without the knowledge of the companies that sell them.271 Cisco CEO John Chambers also spoke out after the May 2014 revelations that the NSA had inserted backdoors into network routers, writing a letter to the Obama Administration asking it to curtail the NSA’s surveillance activities and institute reforms that rein in its seemingly-unchecked power.272 In a blog post, Cisco’s Senior Vice President Mark Chandler wrote, “We comply with US laws… we ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry.”273The existence of these programs, in addition to undermining confidence in the Internet industry, creates real security concerns. The SIGINT Enabling budget request suggests that the secrecy of the endeavor acts as a safeguard against any security concerns about the manufactured vulnerabilities, including an assurance that “to the consumer and other adversaries, however, the systems’ security remains intact.”274 This assertion relies on the false assumption that if the program is not made public, then others will never discover or exploit those vulnerabilities—and that the program’s benefits outweigh the cost.275 Stephanie Pell, a non-resident fellow at the Center for Internet and Society at Stanford Law School and a former prosecutor at the Department of Justice, explains in a recent paper that “building in back door access…inevitably produces security vulnerabilities” because such back doors “create additional ‘attack surfaces.’”276 And as security researcher Dr. Susan Landau noted in testimony to Congress, “building wiretapping [capabilities] into communications infrastructure creates serious risk that the communications system will be subverted either by trusted insiders or skilled outsiders, including foreign governments, hackers, identity thieves and perpetrators of economic espionage.277 Furthermore, creating a back door in an encrypted communications service requires access to the unencrypted data, which means that “if and when security flaws in the system are discovered and exploited, the worst case scenario will be unauthorized access to users’ communications… [W]hen compromised, an encrypted communications system with a lawful interception back door is far more

likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users.”278The fact that only the NSA was supposed to know about these backdoors does not alleviate the concerns. Matthew Green, a cryptography researcher at Johns Hopkins University, warned in The New York Times that “the risk is that when you build a back door into systems, you’re not the only one to exploit it,” since anyone else who discovers the weakness, including U.S. adversaries, can exploit it as well.279 These risks are not theoretical; there are numerous examples where technologies intended to facilitate lawful intercepts of communications have created additional vulnerabilities and security holes that have been exploited by unauthorized actors.280 As the white paper from the Institute of Electrical and Electronics Engineers concludes, “While the debate over how we should value both privacy and security is important, it misses a critical point: The United States might have compromised both security and privacy in a failed attempt to improve security.”281

That’s a threat magnifier – makes it easier for cyberterrorists to attackZhang 14 - Shu is pursuing her graduate degree at the Medill School of Journalism at Northwestern University, specializing in business reporting and video journalism. Currently, she is a health care and pharmaceutical industry reporter at Medill News Service in Chicago. (Shu, “Tech companies hurt by NSA surveillance take actions to improve internet security”, Medill National Security Zone, http://nationalsecurityzone.org/site/tech-companies-hurt-by-nsa-surveillance-take-actions-to-improve-internet-security//DM)WASHINGTON — This month a four-month investigation by The Washington Post reported that nine out of 10 people targeted by the National Security Agency’s surveillance program were normal Internet users, most of whom were American citizens. While there seems to be no doubt how the NSA’s spying into our daily lives violated the Fourth Amendment against unreasonable search and seizure, its harm to cyber security and U.S.-based technology companies hasn’t been well recognized by the public because of the issue’s complexity.How does the NSA, whose mission is to protect American people and the government, create a more dangerous domestic and international internet environment through surveillance? Earlier this month experts gave the answer in a panel discussion titled “National Insecurity Agency: How the NSA’s Surveillance Programs Undermine Internet Security” at the New America Foundation in Washington, D.C.“The issue is that they are deliberately weakening the security of everyone else in the world in order to make that spying easier,” said Bruce Schneier, a cryptology expert and author who contributed to The Guardian’s coverage on former NSA contractor Edward Snowden’s leaks.Instead of targeting specific “bad guys,” Schneier argued, the NSA was creating a more vulnerable cyber network that exposed both the agency’s enemies and harmless regular people to greater outside threats. While it was easier for the NSA to attack whoever it wanted, Internet terrorists could also do the same thing to anyone else.“That’s exactly what the NSA has become: the best hacker in the entire world,” said Joe Hall, chief technologist at the Center for Democracy and Technology.One way the NSA can make it easier for bad guys is by requiring U.S. tech companies to insert backdoors into their commercial products so that the agency could hack in whenever it identified any targets.

However, the backdoors inevitably weaken the security of those products, leading to unpredictable risks.“Put a backdoor in,” Schneier said, “three years from now, criminals are using it.”In addition, when the NSA found the weakness of a software or system, experts said, the agency wouldn’t alert companies to fix the problem. Instead, the NSA would keep the secret to itself for potential future actions.

Second is US-Chinese cooperation – NSA overreach makes cyber-surveillance cooperation with China impossibleDonohue 15 – Professor of Law, Georgetown Law and Director, Center on National Security and the Law, Georgetown Law (Lauren, HIGH TECHNOLOGY, CONSUMER PRIVACY, AND U.S. NATIONAL SECURITY, Symposium Articles, 4 Am. U. Bus. L. Rev. 11 p.35-36, 2015, Hein Online)//JJOnline warfare between China and the United States simmered in the background, until in early 2013 the Obama Administration began to make it center stage. In January 2013, the New York Times reported that Chinese hackers had infiltrated its computers following a threat that if the paper insisted on publishing a story about its prime minister, consequences would follow.17 The following month, a security firm, Mandiant, revealed that the Chinese military unit 61398 had stolen data from U.S. companies and agencies.118 In March 2013 President Obama's National Security Advisor publicly urged China to reduce its surveillance efforts -after which classified documents leaked to the public demonstrated the extent to which China had infiltrated U.S. government servers. Two months later, the National Security Advisor flew to China to lay the groundwork for a summit, in which cyber surveillance would prove center stage. Two days before the Obama-Xi meeting was scheduled to take place, The Guardian ran the first story on the NSA programs. On June 7, when Obama raised the question of Chinese espionage, Xi responded by quoting The Guardian and suggesting that the U.S. should not be

lecturing the Chinese about surveillance . Although differences may mark the two countries' approaches (e.g., in one case for economic advantage, in the other for political or security advantage), the broader translation for the global community has been one in which the United States has lost the high ground to try to restrict cyber-surveillance.A final point is worth noting in this context. To the extent that non-U.S. companies are picking up customers and business overseas, the United States' ability to conduct surveillance may be further harmed-thus going directly to the country's national security interests. In other words, it may be in the country's best interests to keep traffic routed through U.S. companies, which would allow the national security infrastructure, with appropriate legal process, to access the information in question. The apparent overreach of the NSA , however, may end up driving much of the traffic elsewhere, making it

harder for the United States to obtain the information needed to protect the country against foreign threats.

Loss of US cyber credibility strikes at the core of US- China technological collaborations Li 13 – Director, John L. Thornton China Center, Senior Fellow, Foreign Policy (Cheng, “NSA Revelations Have Irreparably Hurt U.S. Corporations in China”, Brookings, 12/12/13,

http://www.brookings.edu/research/opinions/2013/12/12-nsa-revelations-hurt-corporations-china-li-mcelveen)//GKAfter the Sunnylands summit, the Chinese government turned to official media to launch a public campaign against U.S. technology firms operating in China through its “de-Cisco” (qu Sike hua) movement. By targeting Cisco, the U.S. networking company that had helped many local Chinese governments develop and improve their IT infrastructures beginning in the mid-

1990s, the Chinese government struck at the very core of U.S.-China technological and economic collaboration. The movement began with the publication of an issue of China Economic Weekly titled “He’s Watching You” that singled out eight U.S. firms as “guardian warriors” who had infiltrated the Chinese market: Apple, Cisco, Google, IBM, Intel, Microsoft, Oracle and Qualcomm. Cisco, however, was designated as the “most horrible” of these warriors because of its pervasive

reach into China’s financial and governmental sectors. For these U.S. technology firms, China is a vital source of business

that represents a fast-growing slice of the global technology market. After the Chinese official media began disparaging the “guardian warriors” in June, the sales of those companies have fallen precipitously. With the release of its third

quarter earnings in November, Cisco reported that orders from China fell 18 percent from the same period a year earlier and

projected that overall revenue would fall 8 to 10 percent as a result, according to Reuters. IBM reported that its

revenue from the Chinese market fell 22 percent, which resulted in a 4 percent drop in overall profit. Similarly, Microsoft has said that China had become its weakest market. However, smaller U.S. technology firms working in China have not seen the same slowdown in business. Juniper Networks, a networking rival to Cisco, and EMC Corp, a storage system maker, both saw increased business in the third quarter. As the Chinese continue to shun the “guardian warriors,” they may turn to similar but smaller U.S. firms until domestic Chinese firms are ready to assume their role. In the meantime, trying to completely “de-Cisco” would be too costly for China, as Cisco’s network infrastructure has become too deeply embedded around the country.

Chinese cyber technology is going rogue - increase in cyber espionage and breaching of intellectual property rights of American firmsLi 13 – Director, John L. Thornton China Center, Senior Fellow, Foreign Policy (Cheng, “NSA Revelations Have Irreparably Hurt U.S. Corporations in China”, Brookings, 12/12/13, http://www.brookings.edu/research/opinions/2013/12/12-nsa-revelations-hurt-corporations-china-li-mcelveen)//GKChinese technology firms have greatly benefited in the aftermath of the Snowden revelations . For example,

the share price of China National Software has increased 250 percent since June. In addition, the Chinese government continues to push for faster development of its technology industry, in which it has invested since the early 1990s, by funding the development of supercomputers and satellite navigation systems. Still, China’s current investment in cyber security cannot compare with that of the United States. The U.S. government spends $6.5 billion annually on cyber security, whereas China spends $400 million, according to

NetentSec CEO Yuan Shengang. But that will not be the case for long. The Chinese government’s investment in both cyber espionage and cyber security will continue to increase, and that investment will overwhelmingly benefit Chinese technology

corporations. China’s reliance on the eight American “guardian warrior” corporations will diminish as its domestic firms develop commensurate capabilities. Bolstering China’s cyber capabilities may emerge as one of the goals of China’s National Security Committee, which was formed after the Third Plenary Meeting of the 18th Party Congress in November. Modeled on the U.S. National Security Council and led by President Xi Jinping, the committee was established to centralize coordination and quicken response time, although it is not yet clear how much of its efforts will be focused domestically or internationally. The Third Plenum also brought further reform and opening of China’s economy, including encouraging more competition in the private sector. The Chinese leadership continues to solicit foreign investment, as evidenced by in the newly established Shanghai Free Trade

Zone. However, there is no doubt that investments by foreign technology companies are less welcome than

investments from other sectors because of the Snowden revelations. As 2013 comes to a close, it is now well documented

and well-known that both the United States and China engage in extensive espionage efforts for national security interests. But China’s espionage efforts are different in one key respect: China conducts surveillance on U.S. commercial entities, while the United States focuses on government targets. Although the U.S. government

classifies its surveillance and does not share business secrets with U.S. companies, Chinese spies readily hand over proprietary

information from U.S. firms to Chinese firms, breaching intellectual property rights and stealing the fruits of research and development on which American companies have spent billions of dollars. To address these concerns, the United States must clearly indicate that its primary concern is China’s commercial cyber espionage, and that its goal is to protect future U.S. innovation. This is a goal to which both the U.S. and her allies can commit. By working to forge an agreement with China on the enforcement of intellectual property rights protections, the U.S. will finally be able to move out of the shadow of Edward Snowden. Even then, U.S. technology companies must prepare for their new reality—a greatly reduced share of the Chinese market wherein the enforcement of IPR will only soften their downfall.

(INSERT CHINA CYBER ESCALATION IMPACT)

Chinese cyberattack is likely - will shut down US power grids and critical infrastructureLenzner 14 - Robert Lenzner is National Editor of Forbes magazine. He joined Forbes as a Senior Editor in September 1992.Mr. Lenzner has a B.A. (cum laude) from Harvard University and an M.B.A. from Columbia University. (Robert, “Chinese Cyber Attack Could Shut Down U.S. Electric Power Grid”, Forbes, November 28, 2014, http://www.forbes.com/sites/robertlenzner/2014/11/28/chinese-cyber-attack-could-shut-down-u-s-electric-power-grid//DM)Welcome to the increasingly dangerous world of cyber-warfare. The latest nightmare; a western intelligence agency of unknown origin (according to the Financial Times of London) is infecting the internet service providers and sovereign telecoms operations of Russia, Saudi Arabia, Iran, Mexico and Ireland. To what end is not known, though the cyber security company Symantec calls the malware extremely sophisticated.Then, there are the criminal elements, who have been hacking into the credit card details of JP Morgan Chase (76 million customers’ names), and retailers like Home Depot, Target and EBay. Or the attempts going on by ne’er-do-well nations to break down the control of energy plants and factories, at times by criminal elements that act like stalking horses for sovereign nations up to no good.I wrote about this phenomenon a decade ago for Forbes magazine (“The Next Threat”) and raised the problem of private industry, especially public utilities, needing to invest major capital into establishing cyber defenses against the very real possibility that our enemies could break into the internet connections of urban public utilities and cause chaos and massive economic injury by closing down the public’s access to electricity. Threats existed as well against the operations of infrastructure projects like dams, gas pipelines and transportation systems.A DOD research facility in New Mexico plainly showed me how the nation’s public utility system could be penetrated and closed down via their internet connection. Apparently, we have made little or no progress in the past decade of defending our artificial light and energy.It appears that our enemies (read competitors) have made exceedingly greater progress in their sophisticated cyber-warfare techniques than we have achieved in defending ourselves. Now comes Admiral Michael Rogers, the head of the National Security Agency and the U.S. Cyber Command, who warned last week that China and perhaps two other unnamed nations had “the ability to launch a cyber attack that could shut down the entire U.S. power grid and other critical infrastructure.”Such a dire possibility should well have gotten a wider prominent play in the media. Yet Admiral Rogers underscored that software detected in China could seriously damage our nation’s economic future by interfering with the electric utility power companies that the citizens of New York, Dallas, Chicago, Detroit and other urban centers require as the basic life blood of survival. This possibility is a great deal more dangerous than stealing 76 million names from JP Morgan Chase.

This not a Sci-Fi fantasy being perpetrated as a hoax on the American public. The NSA head flatly predicted that “it is only a matter of the when, not the if, that we are going to see something traumatic.” He admitted NSA was watching multiple nations invest in this dangerous capability. He called the danger a “coming trend,” where our vulnerability will be equivalent to a hole in our software systems that are unseen by the multinational company, the public utility, the telecom giant, the defense manufacturer, the Department of Defense.NATO took the threat seriously enough to organize mock cyber-wargame trials in Estonia several days ago that indicated the western nations are aware of the need to fight on a new battlefield where the enemy cannot be seen physically. It was the largest digital warfare exercise ever attempted, a trial run to test dealing with a new non-military threat to global security.Consider the financial damage to our nation from an attack that could shut down the power systems of major cities. As Forbes pointed out a decade ago, there was a very great need to spend the money building firewalls around our infrastructure’s internet communications network. We are in worse shape today, since NSA chief Rogers plainly told the congressional intelligence committee last week “the Chinese intelligence services that conduct these attacks have little to fear because we have no practical deterrents to that threat.”The cyber threat is real. America had better wake up to the need to defend the cogwheels of our economy from the electronic reconnaissance attacking our industrial control systems. Public opinion needs to be aroused by the media and security officials into a threat that no one can see as it is invisible. It is not Soviet missiles we fear, but inroads by nation states and criminal elements fronting for them. Our cyber command capabilities are as crucial as our Special Forces in beating back ISIS and other Islamic terrorists.

Grid attacks take out command and control ---causes retaliation and nuclear warTilford 12 [Robert, Graduate US Army Airborne School, Ft. Benning, Georgia, “Cyber attackers could shut down the electric grid for the entire east coast” 2012, http://www.examiner.com/article/cyber-attackers-could-easily-shut-down-the-electric-grid-for-the-entire-east-coa] //khirnTo make matters worse a cyber attack that can take out a civilian power grid, for example could also cripple the U.S. military. The senator notes that is that the same power grids that supply cities and towns, stores and gas stations, cell towers and heart monitors also power “every military base in our country.” “Although bases would be prepared to weather a short power outage with

backup diesel generators, within hours, not days, fuel supplies would run out” , he said. Which means military

command and control centers could go dark . Radar systems that detect air threats to our country would shut Down completely . “Communication between commanders and their troops would also go silent. And many weapons systems would be left without either fuel or electric power”, said Senator Grassley. “So in a few short hours or days, the mightiest military in the world would be left scrambling to maintain base functions”, he said. We contacted the Pentagon and officials confirmed the threat of a cyber attack is something very real. Top national

security officials—including the Chairman of the Joint Chiefs, the Director of the National Security Agency, the Secretary of Defense, and the CIA Director— have said, “preventing a cyber attack and improving the nation’s electric grids is among the most urgent priorities of our country” (source: Congressional Record). So how serious is the Pentagon taking all this? Enough to start, or end a war over it, for sure (see video: Pentagon declares war on cyber attacks http://www.youtube.com/watch?

v=_kVQrp_D0kY&feature=relmfu ). A cyber attack today against the US could very well be seen as an “Act of War” and could be met with a “full scale” US military response. That could include the use of “nuclear weapons ”, if authorized by the President.

2ac – xt: china i/lNSA revelations have irreparably hurt the credibility of Obama’s Chinese cybersecurity agenda Li 13 – Director, John L. Thornton China Center, Senior Fellow, Foreign Policy (Cheng, “NSA Revelations Have Irreparably Hurt U.S. Corporations in China”, Brookings, 12/12/13, http://www.brookings.edu/research/opinions/2013/12/12-nsa-revelations-hurt-corporations-china-li-mcelveen)//GKLawfare readers have followed and discussed the Snowden revelations with a mixture of dread and excitement. Our focus, understandably, is on the impact of the leaks on the intelligence community and on U.S. national security policy. The seemingly endless disclosures and associated news stories, along with the many declassified documents from the ODNI, have sparked discussions on technological change, government

accountability and oversight, FISA reform, and other important issues. For many Americans, however, the bigger problem is the leaks’ impact on the U.S. economy and on American businesses—many of whom do business overseas . European allies may eventually shrug off their frustrations with the NSA, but my Brookings colleagues Cheng Li and Ryan McElveen argue that China is far less likely to do so. The revelations are leading to a policy shift that may hinder U.S. technology firms in China for years or even decades. Cheng Li is director of research and a senior fellow at the John L. Thornton China Center in the Foreign Policy program at Brookings, and is a director of the National Committee on U.S.-China Relations. Ryan McElveen is a research assistant at the Thornton Center. NSA

Revelations Have Irreparably Hurt U.S. Corporations in China U.S. technology firms conducting business in China are used to being swayed by geopolitical winds, but they will never fully recover from the irreparable damage left by the devastating NSA revelations of 2013. After such a turbulent year, it is useful to review what happened and determine how to

move forward. As the first summit meeting between Chinese President Xi Jinping and U.S. President Barack Obama

approached in June at the Sunnylands estate in California, the Obama administration made every indication that cyber security would take top billing on the agenda. This was a hard-won break from the past for U.S. corporations. After years of trying to elevate the issue of commercial cyber espionage in the public consciousness, the business community was finally given a golden opportunity

to push for change as events evolved in its favor in early 2013. In February, U.S. cyber security firm Mandiant released a report revealing that the Chinese government had infiltrated almost 150 major U.S. corporations and agencies over the past seven years. The report narrowed the origin of these extensive online attacks to a People’s Liberation Army (PLA) operations center in the Pudong area of Shanghai. In May, another report emerged from the Defense Science Board revealing that China had

secured access to detailed designs of Pentagon military weaponry and aircraft. As these events unfolded, President Obama’s then

National Security Advisor Tom Donilon began urging China to curtail these activities and pushing for China to address them

at the June Presidential summit. At the same time, though, NSA contractor Edward Snowden was encouraging newspapers to publish accounts of NSA espionage. For the Obama administration, Snowden’s timing could not have been worse. The first story about the NSA appeared in The Guardian on June 5. When Obama and Xi met in

California two days later, the United States had lost all credibility on the cyber security issue. Instead of providing Obama with the perfect opportunity to confront China about its years of intellectual property theft from U.S. firms, the Sunnylands meeting forced Obama to resort to a defensive posture. Reflecting on how the tables had turned, the media reported that President Xi chose to stay off-site at a nearby Hyatt hotel out of fear of eavesdropping.

2ac – xt: overreach i/lThe NSA internet surveillance undermines internet securityKehl 14 - Danielle Kehl is a Policy Analyst at New America’s Open Technology Institute (OTI) (Danielle, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity”, New America’s Open Technology Institute, https://www.newamerica.org/downloads/Surveilance_Costs_Final.pdf//DM)

We have previously focused on the economic and political repercussions of the NSA disclosures both in the United States and abroad. In this section, we consider the impact on the Internet itself and the ways in which the NSA has both weakened overall trust in the network and directly harmed the security of the Internet.Certainly, the actions of the NSA have created a serious trust and credibility problem for the United States and its Internet industry. “All of this denying and lying results in us not trusting anything the NSA says, anything the president says about the NSA, or anything companies say about their involvement with the NSA,” wrote security expert Bruce Schneier in September 2013.225 However, beyond undermining faith in American government and business, a variety of the NSA’s efforts have undermined trust in the security of the Internet itself. When Internet users transmit or store their information using the Internet, they believe—at least to a certain degree—that the information will be protected from unwanted third-party access. Indeed, the continued growth of the Internet as both an economic engine and an as avenue for private communication and free expression relies on that trust. Yet, as the scope of the NSA’s surveillance dragnet and its negative impact on cybersecurity comes into greater focus, that trust in the Internet is eroding.226 Trust is essential for a healthy functioning society. As economist Joseph Stiglitz explains, “Trust is what makes contracts, plans and everyday transactions possible; it facilitates the democratic process, from voting to law creation, and is necessary for social stability.”227 Individuals rely on online systems and services for a growing number of sensitive activities, including online banking and social services, and they must be able to trust that the data they are transmitting is safe. In particular, trust and authentication are essential components of the protocols and standards engineers develop to create a safer and more secure Internet, including encryption.228 The NSA’s work to undermine the tools and standards that help ensure cybersecurity—especially its work to thwart encryption—also undermines trust in the safety of the overall network. Moreover, it reduces trust in the United States itself, which many now perceive as a nation that exploits vulnerabilities in the interest of its own security.220 This loss of trust can have a chilling effect on the behavior of Internet users worldwide.230 Unfortunately, as we detail below, the growing loss of trust in the security of Internet as a result of the latest disclosures is largely warranted. Based on the news stories of the past year, it appears that the Internet is far less secure than people thought—a direct result of the NSA’s actions. These actions can be traced to a core contradiction in NSA’s two key missions: information assurance—protecting America’s and Americans’ sensitive data—and signals intelligence—spying on telephone and electronic communications for foreign intelligence purposes.In the Internet era, these two missions of the NSA are in obvious tension. The widespread adoption of encryption technology to secure Internet communications is considered one of the largest threats to the NSA’s ability to carry out the goals of its signals intelligence mission. As the National Journal explained, “strong Internet security actually makes the NSA’s job harder.”231 In the 1990s, the NSA lost the public policy battle to mandate that U.S. technology companies adopt a technology called the “Clipper Chip” that would give the government the ability to decrypt private communications,232 and since then strong encryption technology has become a bedrock technology when it comes to the security of the Internet. The NSA lost that early battle against encryption, sometimes called the “Crypto War,”233 not

only due to vocal opposition from privacy and civil liberties stakeholders, but also because the private sector convinced policymakers that subverting the security of American communications technology products would undermine the U.S. technology industry and the growth of the Internet economy as a whole.234 However, as an explosive New York Times story first revealed in September 2013, the NSA has apparently continued to fight the “Crypto War” in secret, clandestinely inserting backdoors into secure products and working to weaken key encryption standards.235 “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo from the Government Communications Headquarters (GCHQ), the NSA’s British counterpart. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”236Given the amount of information the NSA is collecting, it is not surprising that the agency would also take aggressive steps to improve its ability to read that information. According to the “black budget” released by The Washington Post in August 2013, 21 percent of the intelligence budget (roughly $11 billion) goes toward the Consolidated Cryptologic Program, with a staff of 35,000 in the NSA and the armed forces’ surveillance and code breaking units.237 “The resources devoted to signals intercepts are extraordinary,” wrote Barton Gellman and Greg Miller.238 However, the agency has employed a variety of methods to achieve this goal far beyond simple code-breaking—methods that directly undermine U.S. cybersecurity, not just against the NSA, but also against foreign governments, organized crime, and other malicious actors. In this section, we consider four different ways that the NSA has damaged cybersecurity in pursuit of its signals intelligence goals: (1) by deliberately engineering weaknesses into widely-used encryption standards; (2) by inserting surveillance backdoors in widely-used software and hardware products; (3) by stockpiling information about security vulnerabilities for its own use rather than disclosing those vulnerabilities so that they can be remedied; and (4) by engaging in a wide variety of offensive hacking techniques to compromise the integrity of computer systems and networks around the world, including impersonating the web sites of major American companies like Facebook and LinkedIn.

NSA hacking and impersonation of American companies magnifies cybersecurity risksKehl 14 - Danielle Kehl is a Policy Analyst at New America’s Open Technology Institute (OTI) (Danielle, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity”, New America’s Open Technology Institute, https://www.newamerica.org/downloads/Surveilance_Costs_Final.pdf//DM)

Relying on weakened encryption standards, surveillance backdoors created with or without company knowledge and assistance, and its massive catalogue of security vulnerabilities, the NSA engages in a wide variety of offensive hacking through which it has built a massive network of compromised computers systems and networks around the world. Much of this is done through an elite group known as the Tailored Access Operations (TAO) unit, which Der Spiegel likened to “a squad of plumbers that can be called in when normal access to a target is blocked.”304 TAO employees specialize in Computer Network Exploitation to “subvert endpoint devices” such as computers, routers, phones, servers, and SCADA systems. They have developed a range of sophisticated tools to help them effectuate network intrusions that are undetectable by anti-virus software and are otherwise nearly impossible to find.305 As Schneier puts it, “TAO has a menu of exploits it can serve up against your computer… and a variety of tricks to get them on to your computer... These are hacker tools designed by hackers with an essentially unlimited budget.”306One tactic for quietly scooping up vast amounts of data is to target the infrastructure around networks and network providers, including the undersea fiber optic cables that carry global Internet traffic from

one continent to another. Leaked documents reveal that in February 2013 the NSA successfully hacked the SEA-ME-WE-4 cable system, which originates in France and connects Europe to the Middle East and North Africa.307 Reports also suggest that the NSA has hacked fiber optic links connecting Google and Facebook data centers located outside of the United States.308 For access to messages that are encrypted, the NSA maintains an internal database through its Key Provisioning Service which has encryption keys for a wide array of commercial products. A separate unit within the agency, the Key Recovery Service, exists for the purpose of trying to obtain keys that are not already a part of the NSA’s database. According to The New York Times, “How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored.”309The NSA has also been working on ways to track and access the communications of users of anonymity tools such as Tor. According to The Guardian, the NSA “has made repeated attempts to develop attacks against people using Tor,” including targeting the Firefox web browser used with Tor and tracking signals entering and leaving the Tor network to try to de-anonymize its users.310 Originally a project of the U.S. Naval Research Laboratory, Tor is a service that attempts to protect user identities by routing traffic through a network of virtual tunnels. According to the project website, “Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination.”311 One de-anonymization technique the NSA has tried against Tor is “based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the ‘exits’ from the Tor network, they could identify a large amount of the traffic passing through it”—although it remains unclear how many Tor nodes the NSA actually operates and whether the tracking was successfully implemented.312 A different program called EgotisticalGiraffe exploits a vulnerability in the Firefox browser to perform a ‘man-in-the-middle’ attack on Tor users.313 Still other projects attempt to identify users by measuring the timing of messages going in and out of the network and by deliberately trying to disrupt or degrade Tor traffic to force users off of the service. As The Guardian points out, attempts by the NSA to undermine the Tor network are particularly interesting given the fact that Tor is largely funded by other parts of the U.S. government, including the State Department’s Internet Freedom program, as part of an effort to protect free expression online.314One of the crown jewels of the NSA’s offensive capabilities is the “QUANTUMTHEORY” toolbox, which the agency deploys to insert malware on to target computers through a variety of tactics.315 According to Der Spiegel, an internal NSA presentation about QUANTUM capabilities lists a wide range of popular American companies as targets, including Facebook, Google, Yahoo, LinkedIn, and YouTube. The agency has used the program to spy on high-ranking members of the Organization of the Petroleum Exporting Countries (OPEC), while its British counterpart GCHQ relied on the capabilities to attack computers of Belgacom, a telecommunications company partly owned by the Belgian government.316 One QUANTUM tactic is to insert malware by impersonating these companies and redirecting traffic to the NSA’s own servers to obtain access to sensitive information or insert malware.317 The NSA and GCHQ have masqueraded as both LinkedIn and Facebook on various occasions, and have reportedly attempted to spoof Google as well.318 The reaction to this news from major American tech companies has been swift, public, and decisively critical of the U.S. government. Facebook CEO Mark Zuckerberg publicly blasted the Obama administration in March for the breach of trust as well as personally calling the President to voice his concerns.319 “The US government should be the champion for the internet, not a

threat,” Zuckerberg wrote in a post on his Facebook page, expressing his frustration about the slow speed of the reform process.320Using capabilities like those in its QUANTUM toolbox to insert malware and the TURBINE system for command and control of that malware, the NSA has exploited innumerable computers and networks across the globe. Each computer or network that is infected enables the infection of even more computers and networks—with NSA’s ultimate goal being the insertion of millions of software implants across the Internet.321Taken together, the NSA activities described in this section—the undermining of encryption, the insertion of backdoors, the stockpiling of vulnerabilities, and the building of a massive malware network that relies on the impersonation of American companies—represent a fundamental threat not just to the U.S. Internet economy but to cybersecurity itself. Yet, like the other costs discussed in this paper, they are often ignored when discussing the NSA’s surveillance programs, in favor of a simplistic debate over security versus liberty.We literally cannot afford to continue ignoring these costs.

encryption i/lWeakening encryption for surveillance undermines cybersecurityHaydock 15 – Writer for War on the Rocks (Walter, “COUNTERTERRORISM, BACKDOORS, AND THE RISK OF “GOING DARK”, War on the Rocks, 6/25/15, http://warontherocks.com/2015/06/counterterrorism-backdoors-and-the-risk-of-going-dark/2/)//GKThe terrorist threat to the United States is evolving rapidly, especially in terms of the methods by which extremists

communicate. Counterterrorism analysts and operators face a variety of technical challenges to their efforts. In

Oct. 2014, Federal Bureau of Investigation (FBI) Director James Comey warned of the growing risk of “going dark,”

whereby intelligence and law enforcement agencies “have the legal authority to intercept and access

communications and information pursuant to court order,” but “lack the technical ability to do so.” European Police Chief Rob Wainwright has warned that terrorists are using secure communications in their operations more frequently, a technique the Islamic State of Iraq and the Levant (ISIL) is apparently pioneering. The emergence of secure messaging applications with nearly unbreakable end-to-end encryption capabilities such as surespot, Wickr, Telegram, Threema, and kik highlights how rapid technological change presents a powerful

challenge to security and counterterrorism agencies. Responding to such developments, the FBI has lobbied Congress to legislate the mandatory creation of “backdoors” in commercially available communications via an update to the Communications Assistance for Law Enforcement Act. The Director of the National Security Agency (NSA), Adm. Michael Rogers, suggested creating overt “front doors” to allow the U.S. government access to certain devices and software. This scheme would split between agencies the “key” necessary to decode encrypted information. British Prime Minister David Cameron, went as far as to recommend legislation outlawing end-to-end encryption in the United Kingdom unless the government had assured access to the data “in extremis.” President Barack Obama declared that the absence of such backdoors is “a problem” and described the ability to lawfully intercept all forms of communication

as a “capability that we have to preserve.” Such proposed steps are misguided and ill-advised. Creating backdoors in commercial communications technology is not the answer. First and foremost, in an era where state, terrorist, and criminal

actors constantly strive toward — and succeed in — penetrating American commercial and government networks, legislating holes in encryption is dangerous. U.S. government networks themselves are clearly insecure, as the recently identified electronic intrusion into Office of Personnel Management records, as well as historical breaches of Department of Defense systems, indicates. ISIL has even successfully hacked American military social media accounts. Unidentified criminals stole the personal

information of more than 100 million Target customers in a breach that the company discovered in 2013. Requiring software companies to weaken their encryption would provide hostile cyber actors additional vectors by which to

harass, rob, and spy on American citizens.

Encryption goodEncryption restores trust in U.S. marketsClarke et al, 13 – former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States (Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass R. Sunstein, Peter Swire, Review Group on Intelligence and Technologies, “LIBERTY AND SECURITY IN A CHANGING WORLD”, 12/3/13, https://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf, //11)We recommend that, regarding encryption, the US Governmentshould:(1) fully support and not undermine efforts to create encryptionstandards;(2) not in any way subvert, undermine, weaken, or makevulnerable generally available commercial software; and(3) increase the use of encryption and urge US companies to do so,in order to better protect data in transit, at rest, in the cloud, andin other storage. Encryption is an essential basis for trust on the Internet ; without such trust, valuable communications would not be possible. For the entire system to work, encryption software itself must be trustworthy. Users of encryption must be confident, and justifiably confident, that only those people they designate can decrypt their data.The use of reliable encryption software to safeguard data is critical to many sectors and organizations, including financial services, medicine and health care, research and development, and other critical infrastructures in the United States and around the world. Encryption allows users of information technology systems to trust that their data, including their financial transactions, will not be altered or stolen. Encryption-related software, including pervasive examples such as Secure Sockets Layer (SSL) and Public Key Infrastructure (PKI), is essential to online commerce and user authentication. It is part of the underpinning of current communications networks. Indeed, in light of the massive increase in cyber-crime and intellectual property theft on-line, the use of encryption should be greatly expanded to protect not only data in transit, but also data at rest on networks, in storage, and in the cloud.

Encryption must become a norm – public pressure keyTimm 6/2 - co-founder and the executive director of the Freedom of the Press Foundation (Trevor Timm, “Congress passes USA Freedom Act, the NSA 'reform' bill. What does it mean for your privacy?” Boing Boing, 6/2/2015, http://boingboing.net/2015/06/02/congress-passes-usa-freedom-ac.html)//MBBEncryption is now a legitimate bulwark against mass surveillance by any government. Open-source and free software projects are both getting easier to use for ordinary users and are proliferating in numbers. Once collaborators with the NSA, big tech companies have also taken a far more adversarial position since their secret capitulations were exposed. These companies have at least partially responded to demand from citizens to protect their communications with encryption that can prevent intelligence agencies from spying on innocent people.

While companies like Apple have made great strides by encrypting iPhones by default, a lot more needs to be done to make sure end-to-end encryption—whether we are emailing, texting, or calling each other—becomes the norm in 21st century society. Continued pressure from the public will get us there.Edward Snowden’s leaks have also opened the door to more court challenges. For years the government was able to hide behind procedural maneuvers, like invoking standing or the state secrets privilege, to prevent judges from ruling on the constitutionality of the programs. As the Second Circuit’s landmark opinion ruling NSA mass surveillance of Americans illegal, this tactic is slowly crumbling. While it remains an uphill climb for anyone to challenge the government’s actions, whistleblowers like Snowden and others are breaking down that wall.We hope that all of these actions--in Congress, in the courts, and from the public—-will continue to become stronger and bring permanent reform in the months and years to come.

Encryption backdoors violate Human Rights – UN Report confirmsPeters 5/28 – Senior Editor at Dark Reading (Sara Peters, “UN Report Warns Encryption Backdoors Violate Human Rights”, Dark Reading, 5/28/2015, http://www.darkreading.com/endpoint/privacy/un-report-warns-encryption-backdoors-violate-human-rights/d/d-id/1320611) Report says States should be promoting strong encryption and anonymity tools, not restricting them.Encryption is essential to protecting a variety of human rights, and nation-states should avoid all measures to weaken it, according to a report released today by the United Nations Human Rights Council.The document, written by UN Special Rapporteur David Kaye, was based upon questionnaire responses submitted by 16 States, opinions submitted by 30 non-government stakeholders, and statements made at a meeting of experts in Geneva in March.According to the report, encryption and anonymity tools (like VPNs, proxies, and onion routing) are both necessary to ensuring individuals' privacy, freedom of opinion, freedom of expression, and freedom to seek, receive, and impart information and ideas. All of these rights are protected under and described by the UN's International Covenant on Civil and Political Rights, to which 168 states are party, and the UN Universal Declaration on Human Rights.Yet, law enforcement and intelligence agencies in a variety of countries, including the United States, are trying to institute restrictions on encryption, arguing that it jeopardizes their efforts to protect national security and bring criminals to justice. [Although law enforcement is asking for "indulgence on the subject of encryption," cloud providers, mobile device manufacturers, and lawmakers aren't ready to oblige. See "Law Enforcement Finding Few Allies on Encryption."]According to the UN's report, "States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows."It even goes so far as to suggest "States should promote strong encryption and anonymity" [emphasis added].Some of the reasons it's so important:The report points out that while freedom of expression gets plenty of attention, greater attention must be paid to freedom of ideas, because "the mechanics of holding opinions have evolved in the digital age and exposed individuals to significant vulnerabilities."Whereas ideas might once have just been stored in one's mind or jotted down in a bedside diary or private letters, now ideas are scattered around places like browser histories, e-mail archives, and

mandatory surveys on web registration pages. Ideas thus become concrete, instead of abstract, which changes the scope of surveillance, criminalization, harassment, and defamation that can happen in relation to opinions.Encryption and anonymity technology could help individuals protect their rights; and by proxy, help the nations that are obligated to help them protect those rights. The International Covenant on Civil and Political Rights not only protects individuals against "arbitrary or unlawful interference with his or her privacy ... or correspondence" and "unlawful attacks on his or her honour and reputation," it also states that “everyone has the right to the protection of the law against such interference or attacks.”"Such protection must include the right to a remedy for a violation," the report states. "In order for the right to a remedy to be meaningful, individuals must be given notice of any compromise of their privacy through, for instance, weakened encryption or compelled disclosure of user data."The report also points out that some countries base their censorship efforts on keyword searches, and that encryption enables individuals to avoid that kind of filtering. "The trend lines regarding security and privacy online are deeply worrying," the report says. "States often fail to provide public justification to support restrictions. Encrypted and anonymous communications may frustrate law enforcement and counter-terrorism officials, and they complicate surveillance, but State authorities have not generally identified situations — even in general terms, given the potential need for confidentiality — where a restriction has been necessary to achieve a legitimate goal. States downplay the value of traditional non-digital tools in law enforcement and counter-terrorism efforts, including transnational cooperation ..."Efforts to restrict encryption and anonymity also tend to be quick reactions to terrorism, even when the attackers themselves are not alleged to have used encryption or anonymity to plan or carry out an attack."The UN Human Rights Council, in the report, advises against any restrictions on encryption and anonymity technologies, but acknowledges that if restrictions must happen, they meet several requirements:Any restriction must be "precise, public, transparent and avoid providing State authorities with unbounded discretion to apply the limitation." Limitations must only be justified to protect specified interests. States must prove any restriction is "necessary" to achieve and legitimate objective, and release that restriction as soon as that objective is complete. By "necessary," the report means that the restriction must be the least intrusive measure available and proportional to the severity of the objective.

NSA surveillance undermines encryption and builds backdoors into softwareGranick 13 - Director of Civil Liberties at the Stanford Center for Internet and Society (Jennifer Granick, “We All Go Down Together: NSA Programs Overseas Violate Americans’ Privacy, Yet Escape FISC, Congressional Oversight”, Just Security, 10/17/2013, http://justsecurity.org/2125/together-nsa-programs-overseas-violate-americans-privacy-escape-fisc-congressional-oversight/)We have also learned that the NSA subverts encryption standards, collaborates with technology companies in the United States and abroad to build backdoors into their products, and coerces businesses into handing over their master encryption keys. These practices impact the privacy of average people by making the systems we rely on for the transmission and storage of sensitive data less secure. Both the NSA and thieves can defeat weak encryption standards and find hidden backdoors.

Turning over encryption keys gives the NSA technical access to all the services’ customers’ communications.These practices by themselves they do not fit the FISA definition of electronic surveillance, though the acquisition of content or installation of surveillance devices enabled by these techniques may. There’s no sign that Congress or the FISA court approved the NSA’s NIST caper or its successful negotiations to ensure or install backdoors in commercial products. No law that requires Internet companies to grant such access or empowers the government to demand it. In 1994, Congress adopted the Communications Assistance for Law Enforcement Act (“CALEA”). CALEA was intended to preserve but not expand law enforcement wiretapping capabilities by requiring telephone companies to design their networks to ensure a certain basic level of government access. The Federal Bureau of Investigation pushed its powers under CALEA, however, and the law was expanded in 2005 by the Federal Communications Commission to include broadband Internet access and “interconnected” VoIP services which rout calls over the traditional telephone network. Pure Internet services, however, are not subject to CALEA. The FBI will seek to change that, but for now, nothing in CALEA prohibits these companies from building robustly secure products that will protect their customers’ data from attacks.Yet, the Guardian reported that some companies have built or maintained backdoors allowing government access to their services, and specifically identified Microsoft and its VoIP service, Skype. To the extent Skype’s VoIP service operates peer-to-peer independent of the traditional phone network, it is not subject to CALEA obligations. Yet, Microsoft said, in response to the Guardian report, “when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request.” It’s unclear what those “legal obligations” might be, though some have pointed to the general obligation of electronic communications service providers to “provide the Government with all information, facilities, or assistance necessary to accomplish the acquisition” under section 702 of the FISA Amendments Act. Is the government is using that rather generic provision of law to force creation or maintenance of technological vulnerabilities in communications networks? If so, Congress ought to know, and so should the public which relies on these facilities for secure communications.

The difference between content and metadata is key to cybersecurity Tene, 14 - Associate Professor at the College of Management School of Law (Omar,2014, “A NEW HARM MATRIX FOR CYBERSECURITY SURVEILLANCE”, http://ctlj.colorado.edu/wp-content/uploads/2014/11/Tene-website-final.pdf)//ggMoreover, cybersecurity threats in particular can be embedded into all layers of a communication, regardless of the distinction between content and metadata. This means that protecting computers, networks and infrastructure against cyber risks requires monitoring not only of metadata but also of

contents. Hence, with respect to the United States Computer Emergency Readiness Team’s (US-CERT) Einstein Program, an intrusion detection system that monitors the network gateways of government agencies for cybersecurity risks, Dempsey writes that: “[t]he distinction between content and non-content is largely irrelevant to the Einstein debate, because Einstein undoubtedly captures and examines content, using a technique called deep-packet inspection.”128 This is corroborated by the Department of Homeland Security’s privacy impact assessment for Einstein 3, which states that:

DHS Office of Cybersecurity and Communications [CS&C] relies on signatures based on specific indicators that are known or suspected to be associated with malicious activity. While indicators will often be based on network traffic metadata, such as IP addresses, they may potentially be designed to match against any packet data, including the payload (the network traffic data). As such, E³A prevention capabilities may include deep packet inspection by ISPs.129 Paul Rosenzweig supports this approach, stating that “it would be an extremely poor rule that permitted screening of only non-content information for malware, as that would simply draw a map for malfeasant actors about how to avoid the intrusion detection systems.”130 The Review Group recognized the weakness of the existing model, stating that “In a world of ever more complex technology, it is increasingly unclear whether the distinction between ‘meta-data’ and other information carries much weight.”131 It recommended that “the government should commission a study of the legal and policy options for assessing the distinction between metadata and other types of information.”132The foregoing discussion supports a shift away from the traditional content-metadata dichotomy towards a framework that assesses privacy risk based on the purpose of monitoring . Different rules and procedures should apply to monitoring activities depending if they involve collection of evidence,

intelligence gathering or cybersecurity defense. Where monitoring is restricted to cybersecurity defense, content can be conceptualized as a container for metadata, since its analysis is not intended to discern the “substance, purport, or meaning” of a communication. Rather it is meant to identify anomalies and signatures, including malware, viruses, Trojans, rootkits and phishing attacks (which are themselves non-content) that may be embedded in the content layer.133 Hence, a machine would be reviewing the content of communication but only in search of suspicious metadata.134 This monitoring could be analogized to a search performed by analysts who are non-English speakers, who can identify signatures of cybersecurity risks but are unable to comprehend the contents of the English-based communications that they sift through. Such analysts would technically be privy to the content of the communication but impervious to its “substance, purport and meaning.” Clearly, they would be impotent if the purpose of the monitoring were the production of evidence or gathering of intelligence. Such a purpose would require application of different rules.Advocating for a rule based on the purpose of monitoring should not be confused with support for a rule shifting privacy protections from the data collection to the data use stage. Over the past few years, several commentators have argued that privacy law should recalibrate to impose use, as opposed to collection-limitations.135 This essay does not advocate wholesale data collection. On the contrary, it cautions against data retention and calls for analysis of data on the fly or upon very short periods (e.g., milliseconds) of storage.136Purpose-based rules for monitoring communications content and metadata can be based on two existing Supreme Court doctrines: the special needs doctrine and the contraband-specific doctrine.

Cyber attacks on the horizon- threaten international escalationHeyward 5/20, cyberterror analyst and contributor at BreitBart, (John, CYBERTERRORISM IS THE NEXT ‘BIG THREAT,’ SAYS FORMER CIA CHIEF, http://www.breitbart.com/national-security/2015/05/20/cyberterrorism-is-the-next-big-threat-says-former-cia-chief/)//AK

Many experts reckon the first cyberwar is already well under way. It’s not exactly a “cold war,” as the previous generation understood the term, because serious damage valued in millions of dollars has been done, and there’s nothing masked about the hostile intent of state-sponsored hackers. What has been masked is the sponsorship.Every strike has been plausibly deniable, including whitehat operations such as the nasty little Stuxnet bug Iran’s nuclear weapons program contracted a few years back. Cyberwar aggressors like Russia and China officially claim to be interested in peace and security.The cyberwar could get much hotter soon, in the estimation of former CIA counter-intelligence director Barry Royden, a 40-year intel veteran, who told Business Insider the threat of cyberterrorism is pervasive, evasive, and so damned invasive that, sooner or later, someone will give into temptation, pull the trigger, and unleash chaos.Effective security against a massive attack by militarized hackers is “extremely difficult – in fact, it’s impossible,” according to Royden. “Everyone is connected to everyone, and as long as you’re connected you’re vulnerable. And there are firewalls, but every firewall is potentially defeatable, so it’s a nightmare in my mind. You have to think that other governments have the capability to bring down the main computer systems in this country, power grids, hospitals, or banking systems – things that could cause great economic upheaval and paralyze the country.”There are, in fact, excellent reasons to believe hostile governments have the capability Royden describes. Even top-level systems at the State Department and White House have been penetrated by hackers, in what appear to be exploratory operations. North Korea, a relatively small cyberwar player, did a horrific amount of damage to Sony Pictures, possibly with the help of insiders. We don’t know how many “insiders” there are. Not only is hacker warfare fought on an entirely new battleground, but it adds new dimensions to old-school espionage.Some non-governmental hacking incidents could be a result of military hacking units polishing their skills. Last week, Penn State University announced it was hit by “two sophisticated hacking attacks, one of which cyber-security experts say originated in China,” according to NBC News. The personal information of some 18,000 students and university employees was jeopardized. The university had to disconnect its systems completely from the Internet to deal with the threat.Unplugging from the Internet won’t be an option if systems across the nation, including vital infrastructure systems, are hit simultaneously by a massive attack.Penn State University President Eric J. Barron put the problem in perspective by vowing to “take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage.”The extent of the risk to our nation’s physical infrastructure was highlighted when security researcher Chris Roberts was removed from a United Airlines plane last month, because he was passing his time on the tarmac tweeting about the plane’s security vulnerabilities.Popular Science notes that the Government Accountability Office recently published a report “highlighting the potential dangers posed by hackers using commercial airlines’ onboard wireless communications networks, including Wi-Fi, as a possible attack vector.”Roberts previously claimed to have hacked the International Space Station and taken control of its thermostat, and he thought he might have a shot at hacking the Mars rover.Economic infrastructure is equally at risk. The Federal Reserve Bank of St. Louis confirmed on Tuesday that its systems were breached by hackers, “redirecting users of its online research services to fake websites set up by the attackers,” as reported by the New York Times.

US government officials becoming aware of cyber terror threats but no progress being made- threats will escalate in the short termFortyno 5/20, political analyst and contributor at Progress Illinois, (Ellyn, Leon Panetta Warns Of Cyberattack Threat, Blasts Congressional Gridlock At Chicago Discussion, http://progressillinois.com/posts/content/2015/03/19/panetta-warns-cyber-terrorism-threat-blasts-congressional-gridlock-chicago)//AKIn a wide-ranging discussion at the Chicago Council on Global Affairs Thursday evening, former U.S. Defense Secretary and past CIA Director Leon Panetta reiterated his concern over the threat of potential cyberattacks against the United States. Such attacks, he said, could do serious damage to technology that runs everything from the nation's transportation system to its power grid."We're now seeing viruses that can literally destroy computers," Panetta told a crowd of approximately 800 people at the event, held at the Fairmont Chicago Millennium Park.Panetta's greatest fear is that this type of destructive technology "moves into the hands of terrorists, who then don't have to come to this country to blow us up. They can basically use that kind of technology to cripple our country."Cyberterrorism was one of many topics covered at the talk, moderator by Ivo Daalder, president of the Chicago Council on Global Affairs and former U.S. Permanent Representative to the North Atlantic Treaty Organization.Asked about the Iran nuclear talks, Panetta started by saying, "Look, I don't trust the Iranians," explaining that "they've been engaged in promoting terrorism throughout the world.""Add to that the fact that they have developed a nuclear enrichment capability ... with 19,000 centrifuges for God's sake, and they tried to hide it from the world," he said. That being said, negotiations over Iran's nuclear program are "obviously ... worth the effort," Panetta said."If they can get the kind of inspection regime put in place that really makes it clear you can go in and go where you want to make sure that they're not doing any high enrichment and you can enforce that, that would give me some comfort in whatever deal is cut," he said.As far as Russian President Valdimir Putin's actions in eastern Ukraine, Panetta said he approves of President Barack Obama's move to impose sanctions on Russia."I think it's very important to be very tough with Putin at this point," Panetta said, adding that he doesn't understand the "hesitancy" in giving military arms to Ukraine."You're providing a lot of stuff now, you might as well provide arms as well to try to give them half a chance at being able to be successful," he said.At the top of the discussion, Panetta detailed the May 2011 raid that killed Osama bin Laden. That operation, which Panetta oversaw as the then-CIA director, sent "a message to the world that nobody attacks our country and gets away with it," he stressed.A good portion of the talk, however, involved Panetta expressing frustration over what he sees as a different kind of national security threat -- congressional gridlock.Panetta said America will ultimately "pay a price" for the political stalemate in Washington, D.C."What I'm concerned about today is that because there's this conflict [in Congress] ... because all the rules of the game seem to be thrown out the window, that there's this kind of sense of giving up," he stressed. "And so major issues that are facing this country, there's a sense we're not going to deal with them."

"Right now we're fighting ISIS," Panetta noted, refering to the terrorist group. "We've got men and women in uniform out there putting their lives on the line and the damn Congress can't agree as to what war authority we ought to have. So the likelihood is they're probably not going to do anything ... Too often they do nothing, and we're going to pay a price for this."Panetta, a Democrat, served in the U.S. House from 1977 to 1993, representing California's 16th congressional district. After that, Panetta was the director of the Office of Management and Budget before becoming President Bill Clinton's chief of staff from 1994 to 1997.Out of the many jobs he's had, Panetta said he enjoyed serving in Congress the most."As far as the mission of getting something done like the Bin Laden mission, being director of the CIA, obviously is tremendously satisfying as well," he said. "But I have to tell you, being a member of Congress at a time when ... both sides were working together to get something done, that was great."After the program, Panetta signed copies of his recent book, "Worthy Fights: A Memoir of Leadership in War and Peace."

NSA circumvents encryption protocolsSchneier, 15, fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient Systems, Inc (Bruce, Data and Goliath: the Hidden Battles to Collect Your Data and Control Your World, Ch. 6)//AK

We don’t know what sort of pressure the US government has put on the major Internet cloud providers to persuade them to give them access to user data, or what secret agreements those companies may have reached with the NSA. We do know the NSA’s BULLRUN program to subvert Internet cryptography, and the companion GCHQ program EDGEHILL, were successful against much of the security that’s common on the Internet. Did the NSA demand Google’s master encryption keys and force it to keep quiet about it, as it tried with Lavabit? Did its Tailored Access Operations group break into Google’s overseas servers and steal the keys, or intercept equipment intended for Google’s overseas data centers and install backdoors? Those are all documented NSA tactics. In the first case, Google would be prohibited by law from admitting it, in the second it wouldn’t want to, and in the third it would not even know about it. In general, we know that in the years immediately after 9/11, the US government received lots of willing cooperation from companies whose leaders believed they were being patriotic.I believe we’re going to see more bulk access to our data by the NSA, because of the type of data it wants. The NSA used to be able to get everything it wanted from Internet backbone companies and broadband providers. This became less true as encryption— specifically a kind called SSL encryption—became more common. It will become even less true as more of the Internet becomes encrypted. To overcome this, the NSA needs to obtain bulk data from service providers, because they’re the ones with our data in plaintext, despite any encryption in transit . And to do that it needs to subvert the security protocols used by those sites to secure their data. Other countries are involved in similar skullduggery. It is widely believed that the Chinese government embeds the capability to eavesdrop into all networking equipment built and sold by its own company Huawei. And we have reason to suspect that British, Russian, Israeli, and French Internet products have also been backdoored by their governments.

Vulnerabilities within the government internet infrastructure make governmental cyber warfare a real possibilitySchneier, 15, fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient Systems, Inc (Bruce, Data and Goliath: the Hidden Battles to Collect Your Data and Control Your World, Ch. 11)//AK

Vulnerabilities are mistakes. They’re errors in design or implementation—glitches in the code or hardware—that allow unauthorized intrusion into a system. So, for example, a cybercriminal might exploit a vulnerability to break into your computer, eavesdrop on your web connection, and steal the password you use to log in to your bank account. A government intelligence agency might use a vulnerability to break into the network of a foreign terrorist organization and disrupt its operations, or to steal a foreign corporation’s intellectual property. Another government intelligence agency might take advantage of a vulnerability to eavesdrop on political dissidents, or terrorist cells, or rival government leaders. And a military might use a vulnerability to launch a cyberweapon. This is all hacking.When someone discovers a vulnerability, she can use it either for defense or for offense. Defense means alerting the vendor and getting it patched—and publishing it so the community can learn from it. Lots of vulnerabilities are discovered by vendors themselves and patched without any fanfare. Others are discovered by researchers and ethical hackers.Offense involves using the vulnerability to attack others. Unpublished vulnerabilities are called “zero-day” vulnerabilities; they’re very valuable to attackers because no one is protected against them, and they can be used worldwide with impunity. Eventually the affected software’s vendor finds out—the timing depends on how widely the vulnerability is exploited—and issues a patch to close it.If an offensive military cyber unit or a cyberweapons manufacturer discovers the vulnerability, it will keep it secret for future use to build a cyberweapon. If used rarely and stealthily, the vulnerability might remain secret for a long time. If unused, it will remain secret until someone else discovers it.Discoverers can sell vulnerabilities. There’s a robust market in zero-days for attack purposes—both governments and cyberweapons manufacturers that sell to governments are buyers—and black markets where discoverers can sell to criminals. Some vendors offer bounties for vulnerabilities to spur defense research, but the rewards are much lower. Undiscovered zero-day vulnerabilities are common. Every piece of commercial software—your smartphone, your computer, the embedded systems that run nuclear power plants—has hundreds if not thousands of vulnerabilities, most of them undiscovered. The science and engineering of programming just isn’t good enough to produce flawless software, and that isn’t going to change anytime soon. The economics of software development prioritize features and speed to market, not security.What all this means is that the threat of hacking isn’t going away. For the foreseeable future, it will always be possible for a sufficiently skilled attacker to find a vulnerability in a defender’s system. This will be true for militaries building cyberweapons, intelligence agencies trying to break into systems in order to eavesdrop, and criminals of all kinds.

cyber impact = probableCyber threats are the biggest threat to national security – outweighs terrorismArce 15 - Contributing Writer at Tech Times. Nicole Arce is based in World Wide. (Nicole, “Cyber Attack Bigger Threat Than ISIS, Says U.S. Spy Chief”, Tech Times, February 27, 2015, http://www.techtimes.com/articles/35965/20150227/cyber-attack-bigger-threat-than-isis-says-u-s-spy-chief.htm//DM)Director of National Intelligence James R. Clapper has identified cyberattacks as the biggest threat to

the economy and national security of the United States , despite the looming threats of extremist terrorist groups such as the Islamic State (ISIS) and the growing nuclear ambitions of countries such as Iran, China, and North Korea.The nation's highest intelligence official told the Senate Armed Services Committee hearing on worldwide threats that although America is not currently at risk for a catastrophic, Armageddon-style scenario that will cause the meltdown of major infrastructures, such as financial institutions or power grids, Clapper said government agencies and private companies in the U.S. are already being subjected to an increasing occurrence of low and moderate-level cyberattacks whose destructive effects accumulate over time to negatively impact the nation's economy and national security."Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact; [and] the ranges of cyber threat actors, methods of attack, targeted systems, and victims are also expanding," Clapper said.Particularly of concern to Clapper is the growing role of politically motivated attacks aimed at infiltrating U.S. government and military networks. He said the cyberattacks, which come in large part from Russia, are "more severe than we have previously assessed," but Clapper did not provide more details. Aside from Russia, hackers backed by the governments of China, North Korea, and Iran have been found to target government and commercial networks "on a daily basis.""Politically motivated cyberattacks are now a growing reality, and foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary's intent became hostile," Clapper said.

2ac – xt: china cyber impact

China has surpassed the US in cyber warfare – any large scale attack will be catastrophicCopp 15 - Tara Copp is a Defense Correspondent for the Washington Examiner. She was a senior defense analyst for the Government Accountability Office, and she previously reported on the Navy for Jane’s Defense Weekly. One of the original embedded reporters in Iraq in 2003, Copp has also traveled in Afghanistan and throughout the Middle East assessing DOD logistics and readiness. A Plan II graduate of the University of Texas, Copp was editor of The Daily Texan, and earned her master’s degree from Georgetown University in security studies. (Tara, “U.S. vulnerable to large Chinese cyberattack, experts warn”, The Examiner, January 21, 2015, http://search.proquest.com.proxy.lib.umich.edu/docview/1647831132/C5DDD5FDA9C94A6EPQ/5?accountid=14667//DM)China has surpassed the United States in conducting cyber warfare and one day may launch a large-

scale attack that the U.S. will be unable to respond to , some of the nation's foremost national security experts warned Wednesday.Unlike nuclear threats, where overwhelming U.S. stockpiles are considered a deterrent to China's smaller numbers of warheads, no such balance exists in the cyber realm, said Zbigniew K. Brzezinski, President Jimmy Carter's former national security adviser.China's superior capabilities in cyber warfare create the possibility "to paralyze an opponent entirely without killing anyone -- that is very tempting," Brzezinski said at the first Senate Armed Services Committee hearing under new Chairman Sen. John McCain, R-Ariz.The committee also discussed the ongoing threats presented by the Islamic State of Iraq and Syria, instability and developing U.S. operations in Syria, potential continued aggression by Russia and the new resurgence of violence in Yemen."President Obama told the nation last night that the 'shadow of crisis has passed.' That news came as quite a surprise to anyone who's been paying attention to what's been happening around the world," McCain said.Brzezinski and retired Air Force Gen. Brent Scowcroft, who served as national security adviser under Presidents Gerald Ford and George H. W. Bush, suggested that the U.S. should pursue both pre-emptive and reactive cyber capabilities that would form a mutually assured deterrent to hostile cyber activity.The nation needs to develop "pre-emptive capability that matches the actions against us ... to change the balance of power."Sen. Joe Donnelly, D-Ind., asked the panel what the U.S. would have done if the recent cyberattack on Sony Pictures had targeted U.S. stock exchanges instead, saying it's only a matter of time.The lack of response is similar to "England before World War II, ignoring a threat that is right before us," Donnelly said. The U.S. has "never had more warnings and done less."Scowcroft cautioned that U.S. efforts to develop a cyber defense strategy are "still at step one. We need serious analysis" of the extent of the gaps in capabilities.

cyber impact = magnitude framingCybersecurity is a matter of national security – can cripple our defense systemsBlumenthal 12 – Senator. Previously, he served as Attorney General of Connecticut. (Richard, ‘Blumenthal: 'Cybersecurity Is National Security’”, Congressional Documents and Publications, proquest, July 11, 2012//DM)The first is, most significantly, the United States today is under attack. We are under cyber-attack. The question is how we respond. It is our national interests that are at stake. And every day this nation suffers attempted intrusions, attempted interference, attempted theft of our intellectual property as a result of the ongoing attack that we need to stop and deter and answer.National security is indistinguishable from cybersecurity. In fact, cybersecurity is a matter of national security. Not only insofar as our defense capabilities, our actual weapons systems are potentially under attack and interference. But also, as my colleague from Rhode Island said so well, because our critical infrastructure, are every day at risk. Our facilities in transportation, our financial system, our utilities that power our great cities and our rural areas, and our intellectual property, which is so valuable and which every day is at risk - in fact, is taken from us wrongfully at great cost to our nation.The number and sophistication of cyber-attacks has increased dramatically over the past five years and all of the warnings - they are bipartisan warnings - say those attacks will continue and will be mounting with increasing intensity. In fact, experts say that with enough time, enough motivation, enough funding, a determined adversary can penetrate nearly any system that is accessible directly from the internet. The United States today is vulnerable. And to take the Pearl Harbor analogy that our Secretary of Defense has drawn so well, we have our ships sitting unprotected today as they were at the time of Pearl Harbor. Our ships today are not just our vessels in the seas, but our institutions sitting in this country and around the world. Our critical infrastructure that is equally vulnerable to sophisticated and unsophisticated hackers. In fact, the threat ranges from the hackers in developing countries, unsophisticated hackers, to foreign agents who want to steal our nation's secrets through terrorists who seek ways to disrupt that critical infrastructure.And it is not a matter simply of convenience. We're not talking here about temporary dislocations like the loss of electricity that the Capitol area suffered recently or that our states of New England suffered as a result of the recent storms last fall. We're talking about permanent, severe, lasting disruptions and dislocation of our financial and our power systems that may be caused by this interference. One international group, for example, accessed a financial company's internal computer network and stole millions of dollars in just 24 hours. Another such criminal group accessed online commercial banking accounts and spread malicious computer viruses that cost our financial institutions nearly $70 million. One company that was recently the victim of an intrusion determined that it lost ten years' worth of research and development valued at $1 billion. That is billion with a "b," virtually overnight.These losses are not just to the shareholders of these companies. They are to all of us who live in the United States, because the losses in many instances are losses of information to defense companies that produce our weapons systems, losses of property that has been developed at great cost to them and to our taxpayers. So we should all be concerned about such losses, as Sean Henry, the executive director of the F.B.I., has said - and I'm quoting - "the cyber threat is an existential one" meaning that a major cyber-attack could potentially wipe out whole companies. End of quote.Those threats to our critical infrastructure, as you have heard so powerfully from my colleague from Rhode Island, are widespread and spreading. Industrial control systems that help control our pipelines, railroads, water treatment facilities, power plants are at an elevated risk today. Not at some point in the

future. Today. The F.B.I. warns that successful cyber-attack against an electrical grid could cause serious damage to parts of our cities and ultimately even kill people. The Department of Homeland Security said last year that it has received nearly 200 reports of suspected cyber incidents, more than four times the number of incidence reported in 2010. In one incident more than 100 computers at a nuclear energy firm were infected with a virus that could have been used to take complete control of that company's system. These reports, these warnings go on. But in summary, the director of the F.B.I. said it best - quote - "we are losing data. We are losing money. We are losing ideas and we are losing innovation." Those threats are existential to our nation, and we must address them now. Not simply as a luxury, not as a possibility, but as a need now.Cyber conflict causes escalation – loss of defensive capabilities and destabilization of international relationsInternational Security Advisory Board 14 - Federal Advisory Committee established to provide the Department of State with a continuing source of independent insight, advice and innovation on scientific, military, diplomatic, political, and public diplomacy aspects of arms control, disarmament, international security, and nonproliferation. (ISAB, “Report on A Framework for International Cyber Stability”, July 2, 2014, http://www.state.gov/documents/organization/229235.pdf, p.6-8//DM)Cyber conflict between nations exploiting any one of the three threat vectors could lead to very severe damage to the integrity of U.S. information architectures. It could damage our ability to communicate, operate, and control escalation, and our ability to preempt attacks. Cyber conflict that integrates measures across all three vectors could have a cascading impact that seriously disrupts and damages U.S. operational and commercial capacity in an unprecedented, idiosyncratic way. The damage could go to the point of making us non-competitive in markets and, in the extreme case, undermining basic national functions embedded in our infrastructure. We are actually seeing very worrying versions of this kind of campaign.During the development of this report, the ISAB Cyber Study Group met with a number of private sector companies. Based on the compilation of cyber, corporate, and economic data, one such company has determined that nation-state threat actors are conducting anti-trust and economic schemes using cyber intrusion and exploitation as a catalyst for market entry and growth, leading to accumulation of market share. Furthermore, their research revealed that these adversaries have a broad understanding of U.S. industries, processes and systems, internal control weaknesses and the cultural and psychological nuances of the broader markets better than most operational, financial and IT executives within the affected industries. At least 25 industries and 48 companies have had indications of offensive nation-state cyber-economic activity against them within the last five years.The potential impact of activity like this with simultaneous exploitation along all three of the threat vectors could be enormous. With Russian cyber attacks in Georgia in 2008 and Ukraine in 2014 executed in support of military operations, we have seen the emergence of a new offensive military potential. Attacks on critical infrastructure (which could include our monetary system and our networked electric and water utilities and transportation control facilities) made in support of an offensive military campaign -- or for purely economic, political or other gain (e.g., criminal or terrorist activity) -- could have a devastating effect on U.S. strategic capability. The challenges inherent in the increasingly opaque nature of the dynamic software combinations needed to run large systems and to counter human misbehavior make the defender’s job very difficult.

“The complexity of these scenarios, which results in part from massive interconnectivity and dependencies between systems that are not always well understood, has made it difficult to develop a consensus regarding the probable consequences of an attack.”4The potential for international relations being destabilized due to cyber activities creates a special concern for the Department of State. The National Academies of Science pointed out that “the world is organized around nation-states and national governments, and every physical artifact of information technology is located somewhere. Consequently, one might expect cyberspace-related tensions to arise between nations exercising sovereignty over their national affairs and interacting with other nations.”5 Many scenarios are possible, among them the actions of a third party (nation-state or not) undermining the relations between two countries. For example, in a cyber attack by country A on country C using means in country B, country C might likely mistakenly blame country B, an innocent bystander. To avoid escalation, means must be found to contain the damage and identify the true nature and perpetrator of the attack.

Cyberattacks are increasingly targeting US defense secrets - this will undermine military superiority Reed 13 - John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. (John, “Here’s How Foreign Spies Are Now Getting U.S. Weapons Tech”, Foreign Policy, July 23, 2013, http://foreignpolicy.com/2013/07/23/heres-how-foreign-spies-are-now-getting-u-s-weapons-tech/?wp_login_redirect=0//DM)Forget the shady middlemen; never mind the students just a little too eager to find out the particulars of engines and warheads. Today, when foreign spies want to acquire America’s latest weapons technology, they just hack into networks and steal the digital designs. 2012 marked the first time, overseas intelligence agencies used cyber espionage – rather than the old-fashioned kind — as their number one way to pilfer information on U.S. weapons.That’s according to a new report by one of Pentagon branches responsible for preventing such spying. Not coincidentally, perhaps, half of all successful incidents in 2012 of espionage against American defense contractors originated in Asia, up from 43 percent the previous year. This report highlights what plenty of us have come to grasp intuitively, cyberattacks are steadily replacing — or at least complementing — attempts to flat-out purchase U.S. defense technology or simply ask for more information about it as the top MO of industrial intelligence operators.This shift from overt attempts at collecting information on U.S. weapons to cyber theft means that it may become more difficult to detect when a rival is trying to gain access to America’s defense secrets. It also shows why the Obama administration has been in such a tizzy of China’s alleged industrial espionage.According to the report from the Defense Security Service, these spies were particularly interested in gathering information on U.S. electronics; worldwide collection attempts in this sector spiked 94 percent from the year before.A "substantial" number of those electronics were radiation-resistant electronics that can be used in

nuclear weapons, ballistic missiles, aerospace and space programs , according to the report.

"Foreign entities, especially those linked to countries with mature missile programs, increasingly focuses collection efforts on U.S. missile technology, usually aimed at particular missile subsystems," reads the report.Why are nations with mature missile programs trying to steal secrets about American missile parts? To make their missiles even more deadly, of course."After a country masters the chemistry and physics required to launch a missiles, scientists and engineers can focus on accuracy and lethality, the desired characteristics of modern missiles," the report notes.Getting their hands on U.S. missile parts will also help these countries defend against American

weapons ."Reverse-engineering would probably give East Asia and the Pacific scientists and engineers a better understanding of the capabilities of the targeted and acquired technology to develop countermeasures to U.S. weapons systems," reads the document.Overall, foreign spies’ top four American targets were "information systems; electronics; lasers, optics and sensors; and aeronautic systems technologies," according to the report.All of these are crucial parts of the weapons that have given the U.S. a clear advantage on battlefields

for the last 20 years . Information systems are how the US military passes massive amounts of intelligence and communications data. Meanwhile optics, lasers and sensors are key technologies that help American drones spy on enemies and that guide its smart weapons onto targets. Aeronautic systems technologies, as you know, are the parts that make up the Pentagon’s next-generation rockets, stealth drones and fighters — exactly the types of weapons that nations like China are trying to replicate.The report doesn’t specifically call out China as the home of these spies. But let’s be honest, the vast majority of espionage attempts originating from Asia are likely coming from China.

Independent Judiciary

2ac – judicial independenceXO 12333 threatens judicial independence – secrecy inhibits judicial oversightRotenberg, EPIC President and Executive Director, 6-16-15 [Electronic privacy information center, non-profit research and educational organization established in 1994 to focuspublic attention on emerging privacy and civil liberties issues.12 We work with a distinguished panel of advisors in the fields of law, technology and public policy., COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER, file:///C:/Users/Jonah/Downloads/EPIC-12333-PCLOB-Comments-FINAL.pdf] Schloss2For over two hundred years, the American people have proudly and properly maintained a healthy skepticism of their government.165 Correspondingly, an independent judiciary was established to ensure meaningful oversight of the law making and enforcement branches of our government.166 However, EO 12333 167 effectively evades both public and judicial scrutiny.168 While there are minimal reporting requirements for violations of the authority, the secrecy of activities conducted under EO 12333 makes evaluation of those activities—their legality, purpose, scope, and effectiveness—nearly impossible.In 2009, President Barack Obama issued a memorandum to the heads of executive departments and agencies emphasizing the importance of transparency and open government in order to “strengthen our democracy,” “promote efficiency and effectiveness in Government,” and “ensure the public trust.”169 In 2014, President Obama issued Presidential Policy Directive 28,170 laying out for the public the government’s principles and doctrines of surveillance, an act in and of itself in favor of transparency. In February of this year, the President again lauded transparency when he stated, “technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it.”171 Yet, this very month, the Obama administration, without debate or public notice, expanded the National Security Agency’s (NSA’s) warrantless surveillance of Americans’ international internet traffic to search for evidence of computer hacking.172 It is precisely this type of “gradual and silent encroachment” that our the founders warned would lead to greater “abridgement of the freedom of the people” than by “violent and sudden usurpations.”173Potentially unlawful mass surveillance conducted under secret authority is not a phenomenon of the current presidency. In December 2005, the New York Times reported that President George W. Bush secretly issued an executive order in 2002 authorizing the NSA to conduct warrantless surveillance of international telephone and Internet communications on American soil.174 EPIC submitted FOIA requests to the NSA just hours after the existence of the warrantless surveillance program was first reported.175 However, not until September of 2014—after a disregarded court order and persistent delay—did the NSA turn over responsive documents.176 These documents offer the fullest justification of the program to date, but parts of the legal analysis, including possibly contrary authority, were still withheld.U.S. District Judge Henry H. Kennedy echoed the need for transparency in his 2006 order to the NSA writing, “EPIC correctly argues, ‘a meaningful and truly democratic debate on the legality and propriety of the warrantless surveillance program cannot be based solely upon information that the Administration voluntarily chooses to disseminate.’”177 This argument again holds true where even less is known about EO 12333, stifling the dialogue about the order’s legality and scope before it can begin.

For similar reasons, secret legal authorities inherently thwart proactive oversight mechanisms. In 2014, EPIC obtained documents that reveal that the FISA Court sharply criticized the NSA’s internet metadata program, but the Court’s criticism was kept secret.178 One document in particular illustrates how oversight in secret is no oversight at all: FISA Court Judge John Bates’ chastisement of the NSA for “long-standing and pervasive violations of the prior [court] orders in [the] matter.”179 While the FISA Court first authorized the metadata program in 2004, documents obtained by EPIC show that the program’s legal justification was not provided to Congress until 2009.180 The documents also reveal that the DOJ withheld information about the program in testimony for the Senate Intelligence hearing prior to the reauthorization of the legal authority.181 The program was shut down in 2011 after a detailed review.182 What little oversight may be exercised over EO 12333 activities is severely hampered by a near total lack of transparency about which activities or programs are even conducted under its authority.

<insert impact from other file>

Internet Freedom

Latin American democracyInternet freedom helps Latin American democracyMeacham 6/2 - director of the CSIS Americas Program (Carl Meacham, “Are Internet Policy and Technology the Keys to Latin America’s Future?”, Center for Strategic and International Studies, 6/2/2015, http://csis.org/publication/are-internet-policy-and-technology-keys-latin-americas-future)//MBBWith this in mind, a forward-looking Internet policy could help to bolster democracy in Latin America. This policy tool has the potential to develop the strong public sphere necessary to push for democratic consolidation, to facilitate commerce, and to allow for greater accountability of elected officials. Currently, there is a divide between countries that are working to promote a free Internet and open government data and countries that are working to restrict Internet access and government information. Not surprisingly, that divide matches up with countries that are challenging democratic norms in the offline world as well. With the long-term goal of Internet freedom, regional Internet policy could prove part and parcel to efforts to ensure political freedoms all across Latin America.Latin America could well be the next hot spot for social innovation. The region’s long struggles with economic inequality and social stratification are increasingly brought to light by its large and vocal millennial population, more vocal than ever in calling for social and institutional change. Even as some political systems remain tightly controlled by older generations, innovative technologies have the potential to magnify the voices and influence of Latin America’s youth.ConclusionsAs Internet and technological penetration take off throughout the region, Latin America could be on the verge of a series of exciting changes—if only it can create the conditions to allow for them. Improving Internet infrastructure, building a culture of innovation, and resolving persistent controversies over intellectual property and similar issues will enable the region to take advantage of this unique moment. And if it manages to do that, the region could carve out its place in innovative markets while putting itself on track toward greater political openness and the development of a more participatory democracy.

Democracy key to Latin American stabilityBorum 9 – (Randy Borum, Science of Global Security & Armed Conflict, “Democracy May Support Stability and Sustainability”, 6/8/2009, http://globalcrim.blogspot.com/2009/06/democracy-may-support-stability-and.html)//MBBNew research supports this conventional wisdom in a study of 45 African countries and 18 Latin American states over the time period 1996–2004. "While controlling for the material wealth of a country, education, population, armed conflict, ethnic tension, and debt, this pooled timed series analysis points to a strong positive correlation between democracy and good governance practices," according to Daniel Stockemer, a PhD candidate at the Department of Political Science at the University of Connecticut.Stockemer begins by outlining the key ingredients of good governance as described in the scholarly literature: "Under the doctrine of good governance, states are obliged to perform their functions efficiently; to value non-corruptibility, to be responsive to civil society and to guarantee stability. Governments must also be transparent in the allocation of services and equitable in the distribution of goods." This kind of governance - based on the rule of law - promotes stable legal institutions and is a

foundation for sustainable development. Accordingly, the study used four measures of good governance, based on World Bank Good Governance Indicators– (1) political stability and absence of violence, (2) government effectiveness, (3) control of corruption and (4) regulatory qualities.Applying systematic analysis and empirical research methods, he sought to evaluate the relationship between democracy and good governance for Africa and Latin America, focusing on two questions: (1) Are those African and Latin American countries that are democratically ruled better governed than states that are authoritarian? (2) Does a state’s move toward more democracy immediately trigger better governance performance?He found affirmative answers to both questions. More democratic states had better governance. And as states became more democratic, their governance practices also improved (though more so for Africa than Latin America).Stockemer concludes that "democracy is both a normative good and a form of government that leads to better governance, which in turn should trigger enhanced development in the form of high growth rates and advancement of living standards of the majority of the population."’

Latin American stability prevents drug trade expansion – strengthened law enforcementEvan 3 - professor of national security studies, modeling, gaming, and simulation with the Center for Hemispheric Defense Studies, with a research focus on Latin America’s relationships with external actors, including China, Russia, and Iran, (R. Evan “The Impact of Instability in Latin America”, http://www.systemdynamics.org/conferences/2003/proceed/PAPERS/119.pdf)//MBBThe growing disorder in the nations of the Andean ridge highlights a dangerous new phenomenon with significant national security implications for the United States. Criminal organizations and armed groups in the region have fallen into new forms of collaboration that allow them to finance their own operations without reliance on outside aid and its associated strings. The military and self-financing activities of these groups, in turn, creates dynamics that ultimately could break down the economic and sociopolitical fabric of the countries in which they operate. As illustrated by the FARC, ELN, and AUC in Colombia, these organizations leverage the weakness of the states in which they operate to survive and grow. Their activities are financed, in part, by taxing or directly engaging in criminal activity such as narcotrafficking, embezzlement, and extortion.15 These criminal enterprises, in turn, leverage a unique combination of global commerce and information flows and the compromised character of the institutions within their own country. In short, criminal organizations conduct operations involving global shipments of narcotics and other goods, leveraging international banking, the international transportation infrastructure, and the ability to purchase “specialized human expertise” for certain operations on global markets.16 At the same time, the criminal activities depend on “safe havens” that they have created within compromised states to conduct key stages of their operations-- such as money laundering and narcotics production. Within their compromised societies, criminal organizations have enormous manpower needs, both to perform the daily physical labor required by their operations, and to provide protection from the state (and from rivals) for their activities. Armed groups on both the left and right serve the interests of criminal enterprises by physically protecting them in exchange for revenue. This loose partnership between criminal organizations and armed political groups thus generates capabilities, and promulgates incidents that contribute to the weakness of the state--thus sustaining the space in which criminal activity can take place.17 Both criminal organizations and armed groups thus are nourished by--and systematically destroy--the socioeconomic fabric of the state in

which they grow. As the host state weakens, the activities of these organizations also infects and destabilizes neighboring states through flows of guerillas and refugees, and the violence and human suffering associated with them. Although a great deal has been written about narcotrafficking, the spread of insurgency, and socioeconomic problems in Latin America,18 the current confluence of events is new and different with respect to the way in which multiple phenomenon reinforce each other to produce a potential escalating spiral of violence and economic malaise in the region. The individual perpetrators--such as drug cartels, terrorist cells, and insurgent groups—may not be coordinated, yet the combination of their individual goal-directed actions produces systemic effects that could ultimately destabilize the region and undercut the basis for U.S. global power.

Latin American drug trade funds Hezbollah and Iran – causes Iranian prolifMcCaul, 12 – U.S. Representative for Texas's 10th congressional district, Chairman of the House Committee on Homeland Security (Michael T., U.S. House of Representatives, “A LINE IN THE SAND: COUNTERING CRIME, VIOLENCE AND TERROR AT THE SOUTHWEST BORDER”, November 2012, http://homeland.house.gov/sites/homeland.house.gov/files/11-15-12-Line-in-the-Sand.pdf, //11 and MBB)Hezbollah remains especially active in the TBA. 25 With an estimated $12 billion a year in illegal commerce, the TBA is the center of the largest underground economy in the Western Hemisphere.26 Financial crimes are a specialty of the area and include intellectual property fraud, counterfeiting, money laundering and smuggling. Moreover, lax customs enforcement in the area allows

these crimes to continue largely unabated from one country to the other.27 The TBA has been described as one of the most lucrative sources of revenue for Hezbollah outside of state sponsorship.28 The evidence to suggest Hezbollah is actively involved in the trafficking of South American cocaine to fund its operations is mounting as well. In 2008, U.S. and Colombian authorities dismantled a cocainesmuggling and money-laundering organization that allegedly helped fund Hezbollah operations. Dubbed Operation Titan, the enforcement effort uncovered a money laundering operation that is suspected of laundering hundreds of millions of dollars of cocaine proceeds a year and paying 12 percent of those profits to Hezbollah.29 Operation Titan has led to more than 130 arrests and the seizure of $23 million.30 One of those arrests was of Chekri Mahmoud Harb (also known as “Taliban” or “Tali”) who is a Lebanese national suspected of being a kingpin of the operation. In 2010, Harb pled guilty to conspiracy to manufacture and distribute five kilograms or more of cocaine knowing the drugs would ultimately be smuggled into the United States.31 In another example, the Treasury Department’s Office of Foreign Assets Control (OFAC) has listed Ayman “Junior” Joumaa, a Lebanese national and Hezbollah supporter, as a Specially Designated Narcotics Trafficker based upon his involvement in the transportation, distribution and sale of multi-ton shipments of cocaine from South America along with the laundering of hundreds of millions of dollars of cocaine proceeds from Europe and the Middle East.32 Federal prosecutors in Virginia also charged Joumaa for conspiracy to distribute cocaine and money laundering charges. The indictment alleges Joumaa shipped thousands of kilograms of Colombian cocaine to the United States via Guatemala, Honduras and Mexico. Specifically mentioned in the indictment was 85,000 kilograms of cocaine that was sold to the Los Zetas drug cartel from 2005 to 2007.33 The indictment further substantiates the established relationship between Hezbollah, a proxy for Iran, and Mexican drug cartels, which control secured smuggling routes into the United States. This nexus potentially provides Iranian operatives with undetected access into the United States. Joumaa allegedly laundered in excess of $250 million of cocaine proceeds from sales in the United States, Mexico, Central America, West Africa and Europe. Joumaa would typically receive these proceeds in Mexico as bulk cash deliveries. Once the proceeds were laundered, they would be paid out in Venezuelan or Colombian currency to the cocaine suppliers in Colombia. Joumaa’s fee for laundering the currency would vary from eight to 14 percent.34 A recent civil complaint filed by the U.S. Department of Justice states that Joumaa relied heavily upon the Lebanese Canadian Bank (LCB) and the Lebanese exchange houses Hassan Ayash Exchange Company (Hassan) and Ellissa Holding (Ellissa) to conduct the money laundering operation described above.35 The complaint also alleges these businesses partnered with Hezbollah in various other money laundering schemes. One such scheme involved LCB allowing Hezbollah-related entities to conduct transactions as large as $260,000 per day without disclosing any information about the transaction.36 According to the 2011 State Department Country Reports on Terrorism, the Barakat Network in the TBA is another example of drug money being funneled to Hezbollah. Although the total amount of money being sent to Hezbollah is difficult to determine, the Barakat Network provided, and perhaps still provides, a sizeable amount of the money sent annually from the TBA to finance Hezbollah and its operations around the world. Another scheme that took place from 2007 to early 2011 involved LCB, Hassan and Ellissa transferring at least $329 million of illicit proceeds to the United States for the purchase of used cars through 30 car dealerships that typically had no assets other than the bank accounts which received the overseas wire transfers. Once in receipt of the wired funds, these dealerships would purchase used vehicles and ship them to West Africa to be sold. The cash proceeds would then make their way to Lebanon under the security of Hezbollah and its illegitimate money transfer systems.37 Hezbollah has also involved itself in the trafficking of weapons, which fuels the violence so intrinsic to drug trafficking and terrorism in Latin America. On July 6, 2009, Jamal Yousef, also known as Talal Hassan Ghantou, was indicted in New York City on federal narco-terrorism conspiracy charges. According to the unsealed indictment,

Yousef is a former member of the Syrian military and an international arms trafficker who was attempting to make a weapons-forcocaine deal with the Fuerzas Armadas Revolucionarias de Colombia (Revolutionary Armed Forces of Colombia or FARC).38 What Yousef did not know was that he was actually negotiating with an undercover operative of the Drug Enforcement Administration who was posing as a representative of the FARC. Yousef had agreed to provide the FARC military-grade weapons that included 100 AR-15 and 100 M-16 assault rifles, 10 M-60 machine guns, C-4 explosives, 2,500 hand grenades and rocket-propelled grenades. In exchange for the weapons, the FARC was to deliver 938 kilograms of cocaine to Yousef.39 While negotiations progressed, Yousef stated that the weapons had been stolen from Iraq and were being stored in Mexico by Yousef’s cousin who is an active member of Hezbollah. To establish their bona fides for the trade, Yousef’s cousin videotaped the weapons cache on location in Mexico. Towards the completion of the transaction, it was learned that the weapons cache was actually larger than had been first reported. The deal was amended to include the additional weapons in exchange for 7,000 to 8,000 more kilograms of cocaine that would be delivered to the coast of Honduras.40 The transaction was never completed because Yousef was arrested

and imprisoned in Honduras on separate charges beforehand. In August 2009, Yousef was extradited to New York where he awaits trial. The explanation for Iranian presence in Latin America begins with its symbiotic relationship with Hezbollah .41 United in their dedication to the destruction of Israel, Iran has helped Hezbollah grow from a small group of untrained guerrillas into what is arguably the most highly trained, organized and equipped terrorist organization in the world.42 In return, Hezbollah has served as an ideal proxy for Iranian military force – particularly against Israel – which affords Iran plausible deniability diplomatically.43 Hence wherever Hezbollah

is entrenched, Iran will be as well and vice-versa. The primary reason for Iran’s increasing presence and influence in Latin America is based on its growing ideological and economic relationship with Venezuela. Ideologically speaking, both regimes

share a mutual enmity of what they perceive as the imperialist agenda of the United States .44 Economically speaking, the two countries have partnered together in an attempt to survive and thrive despite being ostracized in varying degrees from the official economy and its financial and trade systems.45 On the latter score one would be hard pressed to find a country that has been more successful at overcoming sanctions and embargoes levied by the United States and international community than Iran. In spite of ever-

increasing economic constraints dating back to the Carter Administration, Iran has managed to fight an eight year war with Iraq, become the world’s biggest sponsor of terrorism, vigorously pursued its own nuclear program and become the prime destabilizing factor in the Middle East.46 This impressive adaptability relies in no small part on Iran’s creativity in exploiting unscrupulous businesses, criminal networks and other corrupt regimes for economic survival. For rogue leaders like Venezuela President Hugo Chavez, who see embargoes and sanctions as just another manifestation of American oppression and imperialism, Iran has become their champion and welcomed ally.47 This sentiment has developed into a cooperative understanding that, to the extent they can be successful at overcoming economic sanctions and creating their own economy, Iran and Venezuela can continue to pursue their ideological agendas beyond the reproach of their Western first-world oppressors. In their efforts to achieve this independence, neither Iran nor Venezuela has ignored the pecuniary and political benefits of participating in the illicit drug trade. For example, Iranian Revolutionary Guard Corps (IRGC) General Gholamreza Baghbani has been working in conjunction with the Taliban to oversee the trafficking of opium and heroin from Afghanistan through Iran in order to generate revenue to support Hezbollah.48 General Baghbani is a commander in the IRGC Qods Force which is the Iranian Special Forces unit that works closely with Hezbollah in conducting terror operations throughout the world. In a similar fashion to Iran’s ideological relationship with Hezbollah, Venezuela and the FARC often work together in the trafficking of cocaine for mutual benefit. Numerous Venezuela government officials have been designated by the OFAC as providing assistance to the FARC in the trafficking of cocaine and the purchasing of weapons.49 In addition to participating in cocaine trafficking, Venezuela affords the FARC respite from United States and Colombian pursuit via safe havens within the country.50 Venezuela extends this assistance in part because the socialist regime of Hugo Chavez aligns well ideologically with the FARC’s Marxist underpinnings. Pragmatically speaking, Venezuela provides support to the FARC insurgency because it believes it helps mitigate the perceived threat of United States intervention in the region.51 The FARC in turn has provided reciprocal support of the Chavez regime by such actions as training pro-Chavez militants and assassinating anti-Chavez politicians within Venezuela.52 Given their own individual propensities in the trafficking of illicit drugs to further ideological interests, it should come as no

surprise that the activity is so intrinsic to the ongoing Venezuelan Iranian enterprise in Latin America .53

Each country brings valuable infrastructure to drug trafficking that can be used to help expand and supply a worldwide cocaine market. Assets such as state-owned airlines, shipping companies, airports and sea ports can operate beyond the watchful eyes of the legitimate world. This can be seen in the regularly scheduled flights between Caracas and Tehran that continue despite Venezuelan-owned Conviasa Airlines’ claims they ended in September 2010.54 Even though it was described as a regular commercial flight, there was no means by which to purchase a ticket to travel onboard. Moreover, the flight would depart Caracas from a secluded non-public terminal without the normal manifests associated with legitimate air commerce.55 Another example that also illustrates the ingenuity of Iran in circumventing international sanctions involves the Islamic Republic of Iran Shipping Lines (IRISL), which is responsible for moving almost one-third of Iran’s imports and exports. The IRISL has been under OFAC economic sanction since September 2008 for providing logistical services to Iran’s Ministry of Defense and Armed Forces Logistics.56 In order to stay one step ahead of OFAC and United Nations regulatory efforts, the IRISL regularly reflags and changes the owners of its ships. Between September 2008 and February 2012, there were 878 changes to the IRISL fleet including 157 name changes, 94 changes of flag, 122 changes of operator and 127 changes of registered ownership. This simple tactic has allowed Iran to continue shipping goods to and from Venezuela and all over the world despite the best efforts of the international community to prevent it.57 Being able to control major modes of transportation that operate from one safe port to another beyond the watchful eyes of legitimate immigration and customs authorities is a fundamental advantage that is very difficult to counter. While Iran and Venezuela may be much more interested in using this advantage for commercial, military and nuclear purposes, there is no reason to doubt they would use it in the trafficking

of drugs to finance covert terrorist activities for themselves and their allies. Iran and Hezbollah have been involved in the underworld of Latin America long enough to become intimately familiar with all of its inhabitants and capitalize on their capabilities. Former DEA executive Michael Braun has an interesting way of describing this dynamic: “…If you want to visualize ungoverned space or a permissive environment, I tell people to simply think of the bar scene in the first “Star Wars” movie. Operatives from FTOs (foreign terrorist organizations) and DTOs (drug trafficking organizations) are frequenting the same shady bars, the same seedy hotels and the same sweaty brothels in a growing number of areas around the world. And what else are they doing? Based upon over 37 years in the law enforcement and security sectors, you can mark my word that they are most assuredly talking business and sharing lessons learned.”58 Braun says as Europe's demand for cocaine continues to grow and TCO's operate in West and North Africa to establish infrastructure to move the drugs: "These bad guys (cartels) are now routinely coming in very close contact with the likes of Hezbollah, Hamas, Al Qaeda, who are vying for the same money, the same turf and same dollars. It's really a nightmare scenario. And my point being is if anyone thinks for a moment that Hezbollah and Qods Force, the masters at leveraging and exploiting existing elicit infrastructures globally, are not going to focus on our southwest border and use that as perhaps a spring board in attacking our country then they just don't understand how the real underworld works."59 Iran attempted to leverage this capability in October 2011 with the foiled plot to assassinate the Saudi Ambassador to the United States. According to a federal arrest complaint filed in New York City, the Qods Force attempted to hire a drug cartel (identified by other sources as the Los Zetas) to assassinate Saudi Ambassador Adel al-Jubeir for a fee of $1.5 million. The terror attack was to take place at a popular restaurant in Washington, D.C. without regard to collateral deaths or damage.60 The Qods Force made this solicitation because it knows drug traffickers are willing to undertake such criminal activity in exchange for money. Moreover, if this terror attack had been successful, the Qods Force intended to use the Los Zetas for other attacks in the future.61 Had it not been for a DEA informant posing as the Los Zetas operative, this attack could have very well taken place. It has been suggested that this assassination was directed by the Iranian government in retaliation for a Saudi-led military intervention in Bahrain against an Iranian-backed Shiite Muslim majority that was protesting a Saudi-backed Sunni Muslim minority government.62 There are also indications that Iranian Supreme Leader Ayatollah Khamenei has ordered the Qods Force to intensify terror attacks against the United States and other

Western countries for supporting the ousting of Syrian President and Iranian ally Bashar al-Assad.63 How all of this plays into the Iranian nuclear threat leaves troubling possibilities for the U.S. and our ally Israel . We know that Hezbollah has a significant presence in the United States that could be utilized in terror attacks intended to deter our efforts to curtail Iran’s nuclear program.64 For this same reason, Israelis in the United States and around the world have gone on high alert to prevent a repeat of deadly Hezbollah terror

attacks against Israeli facilities that occurred in Argentina in 1992 and 1994. These increasingly hostile actions taken by the Iranian government would be alarming enough without Iran and Hezbollah having well-established bases of operations in Latin America. While Latin American bases serve as a finance mechanism for Hezbollah, it is believed the ability exists to turn operational if the need arises. There is no doubt that the enemy is at our doorstep and we must do something about it now. While a very aggressive foreign policy to counteract these threats is in order, we must not forget that a secure Southwest border is always our first and last line of defense.

<insert prolif impact>

Neg

Safe Harbor Advantage

TTIP i/l turnTurn – free flowing info undermines the TTIP – external actors are concerned about US-EU internet dominanceAaronson, 4/13/15 – Research Professor at The George Washington University's Elliott School of International Affairs and the former Minerva Chair at the National War College (Susan, World Trade Review, “Why Trade Agreements are not Setting Information Free: The Lost History and Reinvigorated Debate over Cross-Border Data Flows, Human Rights and National Security”, //11)As of July 2014, trade officials are negotiating cross-border data flows in three very different trade agreements. The US and the 28 nations of the EU are negotiating the Transatlantic Trade and Investment Partnership (T-TIP); the US and ten other nations bordering the Pacific are negotiating the Transpacific Partnership (TPP); and some 50 members of the WTO (including the 28 EU states) are negotiating the Trade in Services Agreement of the WTO (TISA).4 Although many government officials around the world want to encourage these data flows, many states have not responded positively to US and EU efforts to facilitate the free flow of information . Officials and citizens from these states worry about their ability to control information flows as well as their dependence on US companies to provide web services (which must comply with US rules on privacy and national security).5 They are also concerned that the US continues to dominate not only the Internet economy, but also Internet governance institutions in ways that benefit US interests.6 Meanwhile, some activists in the US and EU noted that both governments restricted information flows through its punitive approach to online copyright and hence was hypocritical (Aaronson with Townes, 2012: 9, fn 81).

1nc – at: advantage solvencyPolicies have already been reformed – those solve – prefer our evidence, it postdates Aaronson, 4/13/15 – Research Professor at The George Washington University's Elliott School of International Affairs and the former Minerva Chair at the National War College (Susan, World Trade Review, “Why Trade Agreements are not Setting Information Free: The Lost History and Reinvigorated Debate over Cross-Border Data Flows, Human Rights and National Security”, //11)US and EU trade and foreign policymakers recognized that if they wanted to include free flow of information provisions in TTIP they had to change course. First, the EU and the US set up a working

group on privacy , which provided answers to EU questions about the reach, methods, and effectiveness

of the NSA programs.68 Second, the US Department of Commerce took steps to show that Safe Harbor was effective , and US companies that violated these policies would be punished . The US Federal Trade Commission doubled enforcement actions against 14 companies that claimed to participate in the Safe Harbor Framework but had not renewed their certifications under the program.69 The US also reassured businesses that the US remained committed to a voluntary , rather than a top-down regulatory approach to privacy. The two trade giants agreed to develop an interoperable system for data protection. Specifically, they agreed to strengthen the Safe Harbor program for the exchange of personal data for commercial purposes, as they also negotiated a framework agreement which would apply to personal data transferred between the EU and the US for law enforcement purposes. The EU has insisted and US policymakers have reportedly concurred that the US grant EU citizens the same privacy rights as US citizens.70 While the EU’s approach might protect EU citizens and facilitate data exchange among the US and EU, it would do little for citizens of other nations. Nor did it clarify whether the US would view privacy regulations as legitimate exceptions to the free flow of information or address the broader issue of how to deal with the multiplicity of privacy strategies among US and EU trade partners.

Safe Harbor is beyond repair – false membership, lack of transparency, and no review processTNS, 13 – Targeted News Service (“EU and US NGOs Respond to EU Date Safe Harbor Report: Safe Harbor Program Should be Suspended Until US Protects Online Privacy”, 11/27/13, ProQuest, //11)Director General of The European Consumer Organisation, Monique Goyens, commented:"The European Commission's report on the 'Safe Harbour' agreement confirms the longstanding concerns of consumer groups on both sides of the Atlantic. More than a decade after its establishment, the pact is riddled with problems."This agreement claims to reassure EU and US consumers when their personal data is exchanged for commercial purposes, but it has now been shown to retain only a fig-leaf of credibility. In practice, it is riven with false claims of membership , the process is not transparent and many signatories' lack even a privacy policy. In the wake of all this, there has been absence of effective enforcement by regulatory authorities over the years. Recent events have highlighted the obvious imprudence of poorly designed data exchange agreements. The question now will be: 'is Safe Harbour beyond repair?'

"The safety of European consumers' data needs to be paramount. Data flows must have a true harbour, not just a commercial port. US authorities may need to come to understand that Safe Harbour can no longer be used as a free pass for data exchange."The European Commission's 13 Recommendations are a welcome address of many of the issues. Better enforcement is crucial and we're glad to see that being examined. But the ability of companies to self-certify as offering 'Safe Harbour' is unjustifiable and remains inexplicably outside the review . It is hard to see the purpose of proceeding without tackling such basic flaws and perhaps the time has come to put the Safe Harbour agreement to one side and move on.

CircumventionSafe-Harbor will be circumventedWSGR, 13 – Wilson Sonsini Goodrich & Rosati: the premier provider of legal services to technology, life sciences, and growth enterprises worldwide (“Cloud Providers That Adhere to U.S.-EU Safe Harbor Framework Meet EU's Data Protection Adequacy Requirements, Says U.S. Commerce Department”, 5/6/13, https://www.wsgr.com/WSGR/Display.aspx?SectionName=publications/PDFSearch/wsgralert-cloud-providers.htm, //11)While completing the required Safe Harbor application is relatively simple and quick, it can be easy for

organizations to overlook the program's compliance requirements , including annual assessments and documentation of compliance. Given the increasing attention and focus by customers on vendor and supply chain management in this area, increased investment in privacy and data security-related controls may yield quick returns by enabling deals to close more quickly and efficiently. Moreover, with the FTC's prosecution of a number of entities that claimed they were Safe Harbor-certified even though their certifications had lapsed, technical compliance with the Safe Harbor has taken on greater significance. A benefit of the program is that it helps encourage organizations to routinely and annually re-evaluate their privacy and data protection practices and to do so systematically. Many organizations also rely on and work with outside third parties, including law firms, to assist in these efforts. Such assistance can provide valuable benchmarking information and guidance on best practices, as well as assist with risk management.

not topicalSafe Harbor isn’t topical – not national security, federal, or US personsFPF, 13 – Future of Privacy Forum (“The US-EU Safe Harbor: An Analysis of the Framework’s Effectiveness in Protecting Personal Privacy”, December 2013, http://www.futureofprivacy.org/wp-content/uploads/FPF-Safe-Harbor-Report.pdf, //11)Scrutinizing the Safe Harbor over concerns about government access misconstrues the purpose of the Safe Harbor. The Safe Harbor is intended to bring US data practices in line with the EU Data Directive. The Directive does not apply to matters of national security or law enforcement. 173 Article 3 of the Directive states: “This Directive shall not apply to the processing of personal data…[with respect to] operations concerning public security, defen[s]e, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law.” 174 Thus, the Safe Harbor always had been envisioned as protecting the privacy of EU citizens within only the commercial privacy context .175 It should come as no surprise then that the Safe Harbor specifically provides exceptions to the Safe Harbor’s privacy principles “to the extent necessary to meet national security, public interest, or law enforcement requirements.”176

Cybersecurity Advantage

Alt cause to failureNo incentive to protect cyber infrastructure – lack of understandingSales 13 – Associate Professor of Law at the Syracuse University College of Law, former professor at George Mason University School of Law (Nathan A., Northwestern University Law Review, “REGULATING CYBER-SECURITY”, file:///C:/Users/Alana%20Levin/Downloads/SSRN-id2035069.pdf, //11)The poor state of America’s cyber-defenses is partly due to the fact that the analytical framework used to understand the problem is incomplete . The law and policy of cyber-security are under theorized. Virtually all legal scholarship approaches cyber-security from the standpoint of the criminal law or the law of armed conflict.19 Given these analytical commitments, it is inevitable that academics and lawmakers will tend to favor law enforcement and military solutions to cyber-security problems. These are important perspectives, but cyber-security scholarship need not run in such narrow channels. An

entirely new approach is needed . Rather than conceiving of private firms merely as possible victims of cyber-crimes, or as potential targets in cyber-conflicts, we should think of them in regulatory terms.20 Many companies that operate critical infrastructure tend to underinvest in cyber-defense because of negative externalities, positive externalities, free riding, and public goods problems—the same sorts of challenges the modern administrative state encounters in a variety of other contexts.

CircumventionNSA will circumvent cyber restrictionsKehl 14 – policy analyst at New America’s Open Technology Institute (Danielle, Open Technology Institute, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity”, July 2014, https://www.newamerica.org/downloads/Surveilance_Costs_Final.pdf, //11)One tactic for quietly scooping up vast amounts of data is to target the infrastructure around networks and network providers, including the undersea fiber optic cables that carry global Internet traffic from one continent to another. Leaked documents reveal that in February 2013 the NSA successfully hacked the SEA-ME-WE-4 cable system, which originates in France and connects Europe to the Middle East and North Africa.307 Reports also suggest that the NSA has hacked fiber optic links connecting Google and Facebook data centers located outside of the United States.308 For access to messages that are encrypted, the NSA maintains an internal database through its Key Provisioning Service which has encryption keys for a wide array of commercial products. A separate unit within the agency, the Key Recovery Service, exists for the purpose of trying to obtain keys that are not already a part of the NSA’s database. According to The New York Times, “How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored.”309

FCC Mechanism

At: FCC expertiseFCC sucks – evolving marketplace and lack of interbureau coordination undermine transparency and expertiseGAO, 9 – United States Government Accountability Office (“FCC Management: Improvements Needed in Communication, Decision-Making Processes, and Workforce Planning”, December 2009, Google Ebook, //11)What GAO FoundFCC consists of seven bureaus, with some structured along functional lines, such as enforcement, and some structured along technical lines, such as wireless telecommunications and media. Although there have been changes in FCC’s bureau structure, developments in the telecommunications industry continue to create issues that span the jurisdiction of several bureaus. However, FCC lacks written procedures for ensuring the interbureau collaboration and communication occurs. FCC’s reliance on

informal coordination has created confusion among the bureaus regarding who is responsible for handling certain issues. In addition, the lack of written procedures has allowed various chairmen to determine the extent to which interbureau collaboration and communication occurs. This has led to instances in which FCC’s analyses lacked input from all relevant staff. Although FCC stated that is relies on its functional offices, such as its engineering and strategic planning offices, to address crosscutting issues, stakeholders have expressed concerns regarding the chairman’s ability to influence these offices.Weaknesses in FCC’s processes for collecting and using information also raise concerns regarding the

transparency and informed nature of FCC’s decision-making process . FCC has five commissioners, one of which is designated chairman. FCC lacks internal policies regarding commissioner access to staff analyses during the decision-making process, and some chairmen have restricted this access. Such restrictions may undermine the group decision-making process and impact the quality of the FCC’s decisions. In addition, GAO identified weaknesses in FCC’s processes for collecting public input on proposed rules. Specifically, FCC rarely includes the text of a proposed rule when issuing a Notice of Proposed Rulemaking to collect public comment on a rule change, although some studies have noted that providing proposed rule text helps focus public input. Additionally, FCC has developed rules regarding contacts between external parties and FCC officials (known as ex parte contacts) that require the external party to provide FCC a summary of the new information presented for inclusion in the public record. However, several stakeholders told us that FCC’s ex parte process allows vague ex parte summaries and that in some cases, ex parte contacts can occur just before a commission vote, which can limit stakeholders’ ability to determine what information was provided and to rebut or discuss that information. FCC faces challenges in ensuring it has the expertise needed to adapt to a changing marketplace . For example, a large percentage of FCC’s economists and engineers are eligible to retire in 2011, and FCC faces difficulty recruiting top candidates. FCC has initiated recruitment and development programs and has begun evaluating its workforce needs. GAO previously noted that strategic workforce planning should include identifying needs, developing strategies to address these needs, and tracking progress. However, FCC’s Strategic Human Capital Plan does not establish targets for its expertise needs, making it difficult to assess the agency’s progress in addressing its needs.

FCC expertise is hype – their evidence is political self-praise Engebreston, 13 – Executive Editor of Telecompetitor, former editor-in-chief of Telephony Magazine and America’s Network Magazine (Joan, “Catch-Up Talk with Blair Levin Yields Some Surprises”, Telecompetitor 5/6/13, http://www.telecompetitor.com/catch-up-talk-with-blair-levin-yields-some-surprises/, //11)***Blair Levin = former FCC chief of staffCurrently with the Aspen Institute, Blair Levin headed up the team at the FCC that three years ago created the National Broadband Plan with the goal of spurring broadband deployment. But in a speech last week, Levin said, “The FCC is becoming more of a political institution and less an expert agency .” Like other D.C. political institutions, he said, the commission is “increasingly caught up in a one-note narrative . . . of self-praise rather than focusing on providing the expertise and analytic agility necessary to adjust programs to provide bandwidth abundance to constituencies it is meant to serve.”In an interview with Telecompetitor on Friday, Levin directed further criticism at the FCC’s self-praise. “I would never invest in a company that had a CEO who behaved that way,” he said.Work undoneIt was up to the FCC to implement the ideas recommended in the National Broadband Plan – and the way Levin sees it, much of that work has been left undone.One of the most important pieces of information to emerge out of the NBP was that the majority of the homes that can’t get broadband are in areas served by the nation’s largest price cap carriers – and that hasn’t changed much, he told Telecompetitor on Friday.Although he noted that CenturyLink is doing some upgrades, he said “AT&T is doing zero, and Verizon sold some lines to Frontier but they’re not doing anything with what they held on to.” (AT&T would disagree with Levin’s assessment, having touted its rural network upgrade plans last fall. But it’s true that those plans rely heavily on mobile broadband rather than a fixed offering.)Levin also argued in his recent speech that the FCC essentially “punted” on “the critical issue of contribution reform.” In other words, the FCC’s new broadband-focused Universal Service program appears to be doomed to be funded as a percentage of carriers’ long-distance voice revenues – a methodology that is becoming increasingly unsustainable as long-distance voice revenues decline.When I asked Levin what he’d like to see happen on that front, however, he declined to offer a specific suggestion. Instead, he said the commission should pull a lot of ideas together and run a proceeding. (The FCC has avoided taking even such an apparently innocuous step – perhaps because it would then be expected to take action and, politically, it is afraid of taking any action on that controversial issue.)Singing a different tune?When the NBP was released, Levin made some enemies among rural telcos because of some of the Universal Service reforms proposed in the plan. The fundamental point of contention was that in targeting to bring broadband to unserved price cap territories without increasing the size of the fund, the corollary was that rate of return carriers would have to get by on less.Over the past three years, the FCC has implemented some of the reforms proposed in the NBP – although not exactly as the NBP proposed. And some readers might be surprised by one of the things Levin said in another recent speech.“In those areas where the fund was already driving broadband investment, reform has stalled progress ,” he said in Madison, Wisc. on April 4. He even cited a recent survey of small rural phone

companies showing that 69% of respondents have cancelled or postponed investments due to uncertainty about restructuring.

Xt: no written proceduresLack of interagency procedures gut efficiencyGAO, 9 – United States Government Accountability Office (“FCC Management: Improvements Needed in Communication, Decision-Making Processes, and Workforce Planning”, December 2009, p.16-17, Google Ebook, //11)FCC’s lack of written policies and its reliance on informal interbureau coordination to address issues that span beyond the purview of a single bureau can result in inefficiencies . For example, one FCC official told us that while FCC was conducting a merger review of two major media companies, the review process was delayed because of confusion regarding which bureau was responsible. Since each of the companies merging had assets regulated by different FCC bureaus, it was unclear which bureau was the designated lead and would be responsible for a specific portion of the merger review process. Although the chairman eventually designated a lead bureau, the time it took for this to happen slowed down the process, and the overall lack of coordination made the process less efficient. Our International Control and Management Evaluation Tool emphasizes the importance of internal communications, specifically noting the need for mechanisms that allow for the easy flow of information down, across, and up the organization, including communications between functional activities.

Xt: no expertiseFunding constraints complicate the hiring process – difficult to update staff and expertiseGAO, 9 – United States Government Accountability Office (“FCC Management: Improvements Needed in Communication, Decision-Making Processes, and Workforce Planning”, December 2009, p.41, Google Ebook, //11)FCC faces multiple challenges in recruiting new staff. One challenge FCC faces (similar to other federal agencies) is the inability to offer more competitive pay. Additionally, not having an approved budget and working under congressional continuing resolutions has hampered hiring efforts for engineers and economists. Competing priorities may also delay internal decisions regarding hiring. For example, OSP has not received the budgetary allocation for hiring new economists in time for the annual American Economic Association meeting for at least the past 4 years. This meeting is the primary recruiting venue for recently-graduated economists. When the FCC is not able to hire economists at the annual meeting, the agency potentially loses out on skilled employees who have been offered employment elsewhere. FCC officials told us that OSP has received permission to attend the 2010 American Economic Association meeting and hire at least one economist.

Random

Zero DaysDisclosure of zero-days undermines non-proliferation efforts and there’s no spilloverSanger 14 – chief Washington correspondent of The New York Times (David E., New York Times, “Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say”, 4/12/14, http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html?_r=0)The N.S.A. made use of four “zero day” vulnerabilities in its attack on Iran’s nuclear enrichment sites . That operation, code-named “Olympic Games,” managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned that giving up the capability to exploit undisclosed vulnerabilities would amount to “ unilateral

disarmament ” — a phrase taken from the battles over whether and how far to cut America’s nuclear arsenal. “We don’t eliminate nuclear weapons until the Russians do,” one senior intelligence official said recently. “You are not going to see the Chinese give up on ‘zero days’ just because we do.” Even a senior White House official who was sympathetic to broad reforms after the N.S.A. disclosures said last month, “I can’t imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.”