This Week at War: Google has more guts than the U.S. Government

Here is the latest edition of my column at Foreign Policy:

Topics include:

1) Google goes where the U.S. government has feared to tread,

2) Computers must take over counter-terrorism analysis.

Google goes where the U.S. government has feared to tread

In a dramatic statement posted on the company’s official blog this week, Google sparked a confrontation with the Chinese government that will likely end with the company exiting the Chinese market. Google’s statement all but accuses the Chinese government of “a highly sophisticated and targeted attack on our corporate infrastructure.” The Chinese government has long been suspected of directly performing, or facilitating proxies to perform, a wide range of cyberwarfare activities. Google’s forceful response against the Chinese government has gone further than the U.S. government, a daily large-scale victim of cyberattacks, has ever gone. The Pentagon’s forthcoming Quadrennial Defense Review will likely feature discussions concerning “high-end asymmetric threats” such as cyberwarfare; but ironically it is a private company that is taking action against the Chinese government, a leading high- end asymmetric threat. Finally, Google’s decision to likely abandon China could reveal a major crack in China’s authoritarian model for economic growth and development.

Google stated that the attacks targeted at least 20 other large companies and the email accounts used by prominent Chinese human rights activists. The company did not directly accuse the Chinese government of these attacks, but its response indicates that it believes the Chinese government is responsible. If Google thought the culprits were lone-wolf Chinese computer hobbyists or cybercriminals, one would think that their response would have called on the Chinese government to police lawless behavior. In this case, it has obviously concluded that it is the government itself that is lawless.

Google has shown the courage to name the villain and accept the consequences for doing so. This is more than the U.S. government has ever done, in spite of many years of regular cyberattacks from China and Russia. Belatedly, and only after Google had acted, Secretary of State Hillary Clinton issued a four-sentence statement calling on the Chinese government to explain its actions.

I agree with my FP colleague Blake Hounshell that this story will have long-lasting ramifications. Google’s break with the Chinese government exposes a crack in the Chinese government’s model for development. Western multinational corporations are the intermediaries through which China (like the other Asian successes) has obtained access to export markets.

Google had accepted the Chinese government’s terms regarding censorship. But this week, it decided that it would not be a branch of the regime’s internal security apparatus, a conduit for its global cyberwarfare operations, or a victim of its theft of intellectual property. Google’s management has apparently decided that such complicity would be too damaging to its reputation elsewhere in the world and that its reputation was more valuable than future profits from the Chinese market.

Google is walking away from a Chinese government whose business practices it considers out of control. This will show the way for other Western multinationals to stand up against the Chinese government’s social coercion, frequent non-protection of property rights, and outright theft of intellectual property. Following Google’s action, those Western firms that do business with the Chinese government will have to respond to tougher questions from their shareholders.

China’s future economic growth is dependent on the health of its relationships with Western firms, especially those with high intellectual property content. Google’s decision may show that China’s authoritarian growth model has reached a limit. And it may show the U.S. government how to get some courage of its own to fight the cyberwar, a war that is already underway.

Computers must take over counter-terrorism analysis

National Security Advisor James Jones predicted that the White House report on the Christmas Day attempt to bomb a flight from Amsterdam to Detroit would “shock” its readers. Jones was presumably referring to the report’s conclusion that U.S. counterterrorism analysts had access to all of the information they needed to prevent the suspect, Omar Farouk Abdulmutallab, from boarding the flight, but failed to search enough of the databases to which they had access and link together the information that would have revealed the threat.

Maybe what was really shocking to Jones was his discovery that the U.S. intelligence community’s computer software was not performing the “data mining” for terrorism threats that he assumed it was. The “Key Findings” from the White House report stated:

“Information sharing” does not appear to have contributed to this intelligence failure; relevant all-source analysts as well as watchlisting personnel who needed this information were not prevented from accessing it.

Information technology within the CT community did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information.

There was not a comprehensive or functioning process for tracking terrorist threat reporting and actions taken such that departments and agencies are held accountable for running down all leads associated with high visibility and high priority plotting efforts undertaken by alQa’ida and its allies, in particular against the U.S. Homeland.

In a Jan. 7 interview on the PBS Newshour, former White House counterterrorism officials Richard Clarke and Juan Carlos Zarate confirmed that the U.S. intelligence community still does not have computer software that comprehensively searches and correlates data from all of the relevant U.S. government terrorism databases.

Given the flood of “dots” that arrive daily into the intelligence community’s databases, computer automation is clearly the answer. The White House report recognized the hard work of the counterterrorism analysts who, the report says, have foiled many plots. But the Abdulmutallab incident shows what happens when a system relies on the endurance and judgment of an army of overworked human analysts — the bomber eventually gets through.

A software program performing the same routine as the analysts will not be a panacea. Its parameters will require constant adjustment which will cause many to wonder whether data mining is useful. However, 9/11 and the Abdulmutallab incident show that large-scale and systematic data management is very likely the largest part of protecting the homeland from terrorism. It’s been nearly nine years since the last catastrophic “connect the dots” failure. The fact that the intelligence community still is not fully cooperating on software solutions reveals an egregious management failure inside the government.