Cryptopolitik and the Darknet

“Cryptopolitik and the Darknet,” with Daniel Moore, Survival, 2016, February/March, vol 57, iss 1, 7–38, DOI 10.1080/00396338.2016.1142085

Encryption policy is becoming a crucial test of the values of liberal democracy in the twenty-first century. The trigger is a dilemma: the power of ciphers protects citizens when they read, bank and shop online — and the power of ciphers protects foreign spies, terrorists and criminals when they pry, plot and steal. Encryption bears directly on today’s two top threats, militant extremism and computer-network breaches — yet it enables prosperity and privacy. Should the state limit and regulate the fast-growing use of cryptography? If so, how?

[…] Crypto systems are not politically neutral; they embody political choices. In some cases, the costs incurred by establishing a specific cryptographically enabled service may outweigh the benefits. We test and establish this argument by critically assessing one of the most sophisticated and controversial encryption platforms today: the Tor Project. If there is a line that demarcates liberal from illiberal cryptographic architectures, it runs right through Tor. To be more precise, it runs right through hidden services.

Read more

Technical annex and discussion on Tor Hidden Services (requires Tor Browser) at http://35oktenzdrt2v4o5.onion

On Altmetric

Launched at IISS on 3 February.

Covered in Motherboard, TelegraphSüddeutsche Zeitung, Tecmundo, Fars, BBC Newsday, Naked Security, Schneier on Security, BBC 5 Live, BBC World Service, Sky News, Die Zeit, Herald Sun, The Telegraph (Australia), Quartz, Nextgov, more

Attributing Cyber Attacks

“Attributing Cyber Attacks,” with Ben Buchanan, Journal of Strategic Studies, 2015, February, vol 39, iss 1, p. 4-37, DOI:10.1080/01402390.2014.977382

q-cnWho did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? — This article argues that attribution is what states make of it. To show how, we introduce the Q Model: designed to explain, guide, and improve the making of attribution.

Read more

In Japanese: Thomas Rid and Ben Buchanan (translated by Motohiro Tsuchiya), “Cyber Kogeki wo Okonau no ha Dare ka (Attributing Cyber Attacks),” Senryaku Kenkyu (Journal of Strategic Studies), 18, 2016, 59-98. (Japanese PDF)

In Chinese: translated by a government-affiliated entity in Beijing (Chinese PDF).

On Google Scholar
On Altmetric

Coverage and mentions by QuartzTIME, Heise, Telegraph, Bruce Schneier, Eugene Kaspersky, Richard Bejtlich (before the Permanent Select Committee on Intelligence in the US House of Representatives).

Launched at RUSI in London on 11 February 2015.

Briefed at the US Department of Defense, OSD, and a PLA workshop in Beijing, among others.