On July 3rd, 2011, a transit officer of San Francisco’s Bay Area Rapid Transit (BART) service fatally shot Charles Blair Hill, a 45 year old transient who allegedly threatened the officers with a knife. On July 22, BART officials released a video of the shooting causing uproar from several residents and civil liberties groups over the escalation of force.
Up to this point, the story is uninteresting as it reflects the normal discourse on the intersection of citizens’ rights and the state’s responsibility to provide security. What happened next is very serious and worthy of discussion.
On 12 August, in the wake of the London Riots and upon hearing reports of civil protests in San Francisco, BART officials implemented temporary population control measures to shut down cell phone services from 4pm to 7pm in order to deter potential mass rioting and maintain law and order. To a counter-insurgent, these tactics seem reasonable within areas that lack control of the state, but they are highly questionable in a democratic society that treasures individual freedoms and protection.
BART’s actions, if taken to the courts, may test the limits of the state’s ability to implement population control measures when potentially threatened. These limits, in and of themselves, are a slippery slope that must be treaded lightly.
On 14 August, the internet group “Anonymous” conducted retaliation against BART hacking into their website, changing the logo, and releasing personal contact information of hundreds of the site’s users. This counter-attack is a direct assault on the state challenging its authority and control.
In this age of Information, are we entering a time when any individual with a grievance can shut down government services? How and should the state react to such attacks? The events in San Francisco over the last week may provide a good case study to test and analyze the threat of cyber-terror.
Comments
Mike- good article but...........the term is 'populace control' as in 'populace and resource control'. Not 'population control'.
You will attract less haters this way. When I taught this stuff it was always a challenge to delineate the differences between the two terms. It's like the difference between 'deficit' and 'debt'. Low information voters (forum lurkers) will focus on what they know, and what they know is usually less than they realize.
tom k
On the top of the validity of comparing Iran and Egypt to San Francisco, my concern is that the differences are ones of scale rather than type. If the geographic area in which social media-aided dissent can occur expands--or is portrayed to have expanded--so does the shutdown of communications.
The caveat that "we'd only use it in emergencies" is not a comfort. If all you have is an emergency-only response, then every situation starts looking like an emergency. IF there was more in the toolbox than just cutting off communications, then reserving that for real emergencies would be workable. But right now the toolbox for this sort of thing seems otherwise bare.
Regarding government surveillance of public media communications, that does seem pretty reasonable to me. I don't see how someone posting to Twitter has any possible reasonable expectation of privacy. I don't think the same applies to directly personal communications, though. You can watch my Twitter feed, but reading my text messages, or my exchanges on Pidgin, or my Blackberry Messenger communications should absolutely require a warrant.
Personally I find it a bit of a stretch when folks compare a localized cellular network shutdown limited to the subway stations to the nation wide shut downs in Iran and Egypt. Additionally the intent for the shut downs were different (although the governments of Iran and Egypt may differ on this point), the intent in San Fran was locally targeted, for a specific time, based on intelligence to protect the public and maintain good order, safety and function of the subway system. The intent of the cellular/social media network shutdown in Egypt and Iran was nation wide and its intent went well beyond public order and safety. On the other hand, it does seem appropriate to ask if our government has the right to monitor conversations on public media? If it is public, why not? Shouldn't a responsible democratic government listen to its citizens? If they're communicating on social media, sharing information intending to be public, then what is the argument against this?
Does the government have a right to disrupt planned protests, with the caveat that the protests are believed to be dangerous to the public or potentially damaging to private and public property? If the government had reason to believe that the protests would be violent and the authorities' actions were taken to protect the public would you consider the actions out of bounds?
Under the freedom of speech right, should the government allow protesters to organize chaos on social media, or should they seek to disrupt it? This isn't license to disrupt every planned protest just because is convenient to do so, but rather to protect the public if it is believed to be endangered. While I seriously doubt the protests in San Francisco would have been as violent and damaging as they were in Seattle (Battle of Seattle) or in London recently, if the officials had intelligence indicating that they would be, then disrupting their communications to me seems appropriate. After the recent events in London I'm sure authorities are concerned (correctly or not). Shift the debate to the violent flash mobs in Philidelpha (sp?), where youth groups and gangss are using cell phones, blackberries, and social media to organize gangs to commit hate crimes (black on white) or rob stores. Should the government authorities simply stand by and allow this to happen because they don't want to interfere with free speech, or should they disrupt their communications to protect innocent civilians who are and will be victims if it is allowed to continue? Before you answer, make it personal, assume it is your family and your property that that the government could have protected if they acted.
Technology in many ways has surpassed the framework of our constitution's intent for law and our standard rules of engagement in combat. It has also resulted in new social norms, some of which are disturbing and they need to be confronted, debated, and appropriate laws developed.
In my opinion (which is still forming) it seems appropriate and responsible for the government to take actions to protect the public from possible violent acts. It isn't appropriate to take action to interdict peaceful (to include loud and undesired) protests.
Mike,
I have been thinking about this very issue quite a bit lately. As I wrote on my blog, there is a lot of potential to create "accidental [cyber] guerrillas" in scenarios such as these: http://bit.ly/oMqlQg. The counterinsurgency lens is a valuable one to apply in this situation, but there needs to be a long, critical look at past domestic counterinsurgency efforts including those applied to the American Civil Rights Movement lest we create those accidental guerrillas or, on a strategic scale, undermine American security through suppressing liberties at the core of this country. In my piece, I also responded to a great blog post by security expert Robert Graham of Errata Security about hackers and the question of law and order: http://bit.ly/ovSnZT. He makes an interesting claim that even hackers who side on the rule of "law" may (and often do) resist forms of "order" or "law enforcement." This discussion of law and order in this light got me thinking about how this thinking might apply to insurgency outside of the "cyber" realm as well.
Best,
Erich
Mike, I'm a San Francisco Bay Area resident. The reactions by BART police, law enforcement efforts as well as protesters are all generating a great deal of controversy among my fellow residents.
One of my focuses has been on law enforcement efforts of the Islamic Republic of Iran. During the post 2009 presidential protests and riots, there occurred cell phone shutdowns that Secretary of State Clinton criticized on the grounds such moves violated human rights and hindered freedom. Ironic, we're now seeing it performed in my metro right here in the US.
Bear in mind, also, that the protesters and rioters in Iran also hacked into a number of Iranian government sites, performing similar acts of cyber terror that Anonymous is now performing in the US.
Over in the UK, we also saw their government shut down access to the social networking site Facebook during their country's recent rioting, an act which the UK and US governments assailed when Iran initiated such steps in 2009. Even current UK sentencing of rioters and social network agitators is in line with many of Iran's post-election sentencing for similar crimes.
If you remember, at the time of Iran's civil unrest and rioting, I recommended to readers of SWJ that a study of Iran's countermoves to cyber-terror and civil disorder would be useful in formulating potential future efforts by Western law enforcement agencies. Looking back, we didn't have to wait long for the West to catch up.
Mike,
Excellent post! I'm not a lawyer, so I can only argue from the common sense and what appears to be appropriate or not. First, the cell phone coverage was "only" shut down in the subway stations, which while public that does correlate to denying people their rights in my view. They could take the bus, taxi, personal vehicle, walk, or make a call prior to or after leaving the subway. Second, it appears like an appropriate measure (limited in duration and focused on the geographical area where trouble was anticipated) to ensure the safety of all concerned and allowing the smooth functioning the trains to get people to home and work on time. Contrast to having the intelligence and ignoring it, then I think it would be appropriate for those who were hurt or had loved ones killed in the riot to push a law suit against the city for not providing protection against a "known" threat. Third, it was an economical and non-offensive approach. I suppose an alternative would have been to flood the stations with police officers as a possible deterent, but since the trouble makers were looking for trouble, this probably would have just added fuel to the fire. From an outsider looking in this action appears to be appropriate and I actually hope other cities follow suit. Much better than enduring the chaos that London is undergoing.
You wrote, "In this age of Information, are we entering a time when any individual with a grievance can shut down government services? How and should the state react to such attacks? The events in San Francisco over the last week may provide a good case study to test and analyze the threat of cyber-terror."
While most of us are not fans of the generations of warfare, there is a concept that is at least superficially useful called 5th GW which addresses the superempowered individual. The increasing proliferation of technology, knowledge, and other means (money) to the global public contrasting with the increasing reliance on "smart" systems to control our infrastructure creates real vulnerabilities that can be targeted by hostile States, non-state networks, or individuals.
I have little faith in our national government to address this threat effectively. Instead they'll develop a huge bureaucracy with rules/ROE that severely limit its effectiveness. At least in the short run we'll be better served by private companies in the cyber defense business.