Black Code

From P2P Foundation
Jump to navigation Jump to search

* Book: Ron Deibert. Black Code: Inside the Battle for Cyberspace.



1. From the publisher/author:

"Cyberspace is all around us. We depend on it for everything we do. We have reengineered our business, governance, and social relations around a planetary network unlike any before it. But there are dangers looming, and malign forces are threatening to transform this extraordinary domain.

In Black Code, Ronald J. Deibert, a leading expert on digital technology, security, and human rights, lifts the lid on cyberspace and shows what’s at stake for Internet users and citizens.

As cyberspace develops in unprecedented ways, powerful agents are scrambling for control. Predatory cyber criminal gangs such as Koobface have made social media their stalking ground. The discovery of Stuxnet, a computer worm reportedly developed by Israel and the United States and aimed at Iran’s nuclear facilities, showed that state cyberwar is now a very real possibility. Governments and corporations are in collusion and are setting the rules of the road behind closed doors.

This is not the way it was supposed to be. The Internet’s original promise of a global commons of shared knowledge and communications is now under threat.

Drawing on the first-hand experiences of one of the most important protagonists in the battle — the Citizen Lab and its global network of frontline researchers, who have spent more than a decade cracking cyber espionage rings and uncovering attacks on citizens and NGOs worldwide — Black Code takes readers on a fascinating journey into the battle for cyberspace.

Thought-provoking, compelling, and sometimes frightening, it is a wakeup call to citizens who have come to take the Internet for granted. Cyberspace is ours, it is what we make of it, Deibert argues, and we need to act now before it slips through our grasp." (

2. Adam Thierer:

"So, what is “black code” and why should we be worried about it? Deibert uses the term as a metaphor for many closely related concerns. Most generally it includes “that which is hidden, obscured from the view of the average Internet user.” (p. 6) More concretely, it refers to “the criminal forces that are increasingly insinuating themselves into cyberspace, gradually subverting it from the inside out.” (p. 7) “Those who take advantage of the Internet’s vulnerabilities today are not just juvenile pranksters or frat house brats,” Deibert notes, “they are organized criminal groups, armed militants, and nation states.” (p. 7-8) Which leads to the final way Deibert uses the term “black code.” It also, he says, “refers to the growing influence of national security agencies, and the expanding network of contractors and companies with whom they work.” (p. 8)

Deibert is worried about the way these forces and factors are working together to undermine online stability and security, and even delegitimize liberal democracy itself.

His thesis is probably most succinctly captured in this passage from Chapter 7:

- We live in an era of unprecedented access to information, and many political parties campaign on platforms of transparency and openness. And yet, at the same time, we are gradually shifting the policing of cyberspace to a dark world largely free from public accountability and independent oversight. In entrusting more and more information to third parties, we are signing away legal protections that should be guaranteed by those who have our data. Perversely, in liberal democratic countries we are lowering the standards around basic rights to privacy just as the center of cyberspace gravity is shifting to less democratic parts of the world. (p. 130-1)" (


Adam Thierer:

"The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.

Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Indeed, he and his colleagues at The Citizen Lab have occasionally been major players in this drama as they have researched and uncovered various online vulnerabilities affecting millions of people across the globe.


Going forward, therefore, perhaps there are some reasons for hope. Perhaps the various generic strategies that Deibert outlines in his book, coupled with the remarkable ability of humans to roll with the punches and adapt, will help us come out of this just fine (or at least reasonably well).

Of course, it could also be the case that these security concerns just multiply and that the Internet then morphs into sometime quite different than the interconnected “network of networks” we know today. As I noted in my 2009 essay on “Internet Security Concerns, Online Anonymity, and Splinternets,” we might be moving toward a world with more separate dis­connected digital networks and online “gated communities.” This could take place spontaneously over time and be driven by corporations seeking to satisfy the demand of some consumers for safer and more secure online experiences. As I noted in my review of Jonathan Zittrain’s book, The Future of the Internet, I am actually fine with some of that. I think we can live in a hybrid world of “walled gardens” alongside of the “Wild West” open Internet, so long as this occurs in a spontaneous, organic, bottom-up fashion. [For a more extensive discussion, see my book chapter, "The Case for Internet Optimism, Part 2 – Saving the Net From Its Supporters."]

If, however, this “splintering” of the Net is done from the top-down through intentional (or even incidental) government action, then it is far more problematic. We already see signs, for example, that Russia is pushing even more strongly in that direction in the wake of the NSA leaks. (See “N.S.A. Leaks Revive Push in Russia to Control Net,” New York Times, July 14.) The Russians have been using amorphous security concerns to push for greater Internet control for some time now. Of course, China has been there for years. So have many Middle Eastern countries. Of course, there’s no guarantee that their respective “splinternets” are, or would be, any more secure than today’s Internet, but it sure would make those networks far more susceptible to state control and surveillance. If that’s our future, then it certainly is a dismal one.

Anyway, read Ron Deibert’s Black Code for an interesting exploration of these and other issues. It’s an excellent contribution to field of Internet policy studies and a book that I’ll be recommending to others for many years to come." (


Conducted by Spark CBC radio:

"The subtitle for your book is, “Inside the Battle for Cyberspace,” and you lay out different battlegrounds where this is going on. How would you characterize what that battle is?

We kind of take this communications ecosystem that’s all around us for granted. It surrounds us, it’s deeply embedded in everything we do. It seems like this wonderful liberating technology, which it is, in many cases. It’s phenomenal. But there are kind of dark clouds forming on the horizon. They come in multiple shapes and forms, which I try to describe in the book.

I think one of the biggest ones has to do with security. The fact that this domain is now being securitized, that was probably inevitable. When it was a minor network used by university researchers and geeks, it really didn’t matter. Now that it is part of everything, part of critical infrastructure, hospitals and so on, of course, securing it has become critical.

* What do you mean by securitized?

Securitized is actually a term that comes from political science, a term that describes the process of taking an area, whatever it is, drugs, environment, and describing it in military terms — the “war on drugs” and so on. We’re seeing a lot of that in cyberspace — cyberwarfare, cybersecurity.

People who have studied the processes of securitization notice that there are certain tendencies that go along with it. Secrecy is one. The predominance of military and intelligence agencies is another. Trying to govern a domain through hierarchy and closure and so on.

We see this going on in cyberspace. The big three-letter agencies that most people have never heard of are now actually taking command of cyberspace. To me, that’s paradoxical. In a world of so much seeming transparency, we’re delegating authority over — essentially our public sphere — to some of the world’s most secretive agencies. This is not a good recipe in the long run.

* One of the things that you explore is how governments are surveilling and censoring the Internet. How have you seen that play out in Syria?

Syria is a really interesting case. In addition to all the terrible things that are going on, they’re in the midst of a civil war and obviously war crimes, crimes against humanity happening. I think many people initially thought, a couple of years ago, that Syria would follow in step with the other Arab regimes, like Tunisia, Egypt. There would be a toppling of this dictatorship because of Twitter-enabled dissidents.

We at the Citizen Lab — I think primarily because of our research networks in the Middle East and North Africa — we had a different view on it. We were certainly more cautious. That was because we had seen the ways these governments that were quickly toppled in Egypt and Tunisia actually had capabilities that, if you re-ran history, it might have turned out differently. I think the clock ran out on them. But they had very advanced surveillance technologies equipped by Western firms that enabled them to infiltrate opposition groups and essentially monitor their computers.

We see this going on now in Syria. Dissidents, opposition — the Syrian opposition — is routinely targeted with malicious software, usually through a Skype link or a comment on YouTube that then takes over their computers and compromises their social networks. It’s hard to say, on balance, what impact that has had on the conflict, but it’s certainly put many people on the opposition side at great risk.

The other interesting thing about Syria is the Syrian Electronic Army. There is a group of pro-government electronic actors. They seem to be operating with the encouragement and support of the Syrian government, but they’re not quite connected to it. They’re not like a traditional army. They’ve been becoming more sophisticated over time.

At first, they were defacing websites that had no connection to Syria. Of course, just a few weeks ago, they commandeered the Twitter account of Associated Press and put this notice about a bombing, a hoax about a bombing in the White House. We saw the stock market drop 500 points. They’re getting much more sophisticated. That’s a really interesting phenomenon, this idea of pro-government electronic actors using offensive computer network attack capabilities to support autocratic regimes and infiltrating opposition groups abroad.

* You paint a picture of an Internet that’s gradually becoming more controlled by the government. Why is this so troubling to you?

I think there’s a kind of fitness problem when it comes to ideally what we want a global communications environment to look like and how governments tend to operate and the capabilities that they have. I think it’s inevitable that governments would get involved in the Internet.

The issue is that we don’t want a heavy hand. We don’t want them to impose controls that territorialize the Internet because ultimately, in my opinion anyway, if we are going to survive as a species — deal with all the problems that we have from environmental change to population, disease, whatever — we need a single communications environment through which we can share ideas and debate and so on.

With the Internet, we came very close to having that, but it is now being carved up. It’s being heavily monitored, and governments are asserting control. They’re changing the way private companies operate in cyberspace, in important ways.

That will end up essentially Balkanizing it, and I think that’s a recipe for disaster in the long run." (

Tom Slee

"The most explicitly Canadian of the three books, Black Code: Inside the Battle for Cyberspace opens in Calgary, has an epigraph by Dionne Brand and has a subtitle that harks back to the science fiction of William Gibson. It is also the most likely to find a broad audience. Coleman writes well but her academic prose will limit her book’s appeal, while Rainie and Wellman fall between two stools: seeking to appeal both to specialists and general readers, their voice is often that of a tour guide recounting too many facts and dates. Deibert recounts some of Citizen Lab’s own colourful exploits. Given unrestricted access to compromised computers belonging to the office of the Dalai Lama, Citizen Lab researchers uncovered an espionage network affecting more than 100 countries and tracked its control centre to the computers of China’s People’s Liberation Army. Discovering and downloading a database backup belonging to cybercrime ring Koobface that “laid bare the entire operation from inside out,” they pinpointed a group of BMW-driving, World of Warcraft–playing Russians. But while these individual stories convey “the thrill of the hunt,” it is the cumulative effect of Deibert’s global tour of cybercrime and cyber warfare that lingers. In one of the strongest chapters, he describes how post-Soviet states and unofficial “Electronic Armies” in Syria and Iran, aided by western technology companies, combine internet surveillance with thuggery to suppress political opponents. He recounts how China successfully built its “Great Firewall” at home and engages in digital espionage abroad, and how Somalia’s civil war has produced surprisingly robust wireless phone networks. Closer to home, he documents the combined corporate and state surveillance of our daily lives and how the border between digital and physical warfare was erased by United States/Israeli collaboration Stuxnet, a virus designed specifically to break the Siemens industrial centrifuges used in Iran’s nuclear enrichment program. The book’s material on corporate surveillance has little that is new, but that lack is more than made up for by the insight and experience Deibert brings to bear on his specialist areas of cybercrime and cyber warfare. Throughout, he keeps the focus on the technology, leaving readers to draw their own political conclusions. It is a wise call, making the book accessible to readers with a broad range of political opinion. Black Code is essential reading for anyone who cares about the evolution of civil liberties, crime and warfare in the digital age.

A clear message of Black Code is that many interests are bending the internet to their own ends: so much so that Deibert writes that with the growth of the “cyber security industrial complex … the internet as we once knew it is officially dead.” Coleman is not ready to give up: she sees free software hackers, Deibert’s colleagues among them, as among the strongest defenders of digital civil liberties. They are technologists, yet they are also “the fiercest critics of the privacy violations and copyright policies of social network platforms like Facebook.” (