This repository has been archived on 2017-04-03. You can view files and clone it, but cannot push or open issues/pull-requests.
blog_post_tests/20120415142237.blog

33 lines
6.0 KiB
Plaintext

Open source warfare != open source software
<p>One of my commenters brought up John Robb, a former SpecOps pilot who has made a name for himself as a counter-terror theorist by writing about &#8220;open-source warfare&#8221;. Mutual acquaintances confirm what Robb&#8217;s own writings suggest, which is that his notions of open-source warfare are heavily influenced by what I have called the bazaar model of software development.</p>
<p>When I learned this in 2004 I attempted to begin a conversation with John Robb by email. The remainder of this post is my email to him &#8211; to which, for whatever reason, he never replied. I have edited the one link reference into a live link.</p>
<p><span id="more-4289"></span></p>
<p>A friend pointed me at <a href="http://globalguerrillas.typepad.com/globalguerrillas/2004/09/bazaar_dynamics.html">THE BAZAAR&#8217;S OPEN SOURCE PLATFORM</a>. I had been previously aware of the application of social network theory to counterinsurgency and half-expecting my work to show up in that conversation at some point, but this is the first time I actually know of it happening.</p>
<p>You analogy between terrorist networks and the open-source community is thought-provoking but, I think, flawed. The flaws are good news, as they offer guidance towards ways to disrupt and hinder terror networks.</p>
<p>There are at least four traits that make the the network of open-source hackers structurally different from the terror network.</p>
<p>1. Visibility is safe</p>
<p>The first difference is that the hacker network can be entirely visible without risk, but the terror network must remain almost entirely invisible (except at the edges, where it recruits through deniable cut-outs).</p>
<p>Thus, communication between terrorists is much riskier than it is between hackers. (There have already been some well-publicized incidents in which tapped cell-phone conversations led to portions of the terror network being rolled up.) This matters, because it means that every attempt at coordination has to be traded off against the probability that it will result in exposure. </p>
<p>You have already noticed that this tradeoff implies a maximum feasible network size. It also implies a minimum feasible action-reaction loop; the riskier communication is, the longer coordination at an acceptable risk level will take. (Thus Al-Quaeda&#8217;s observed pattern of long latency periods between attacks.)</p>
<p>2. Outcomes are easy to measure</p>
<p>Second, success is easier to measure for hackers than for terrorists. A program either runs and gives the expected output, or it doesn&#8217;t. Of course there are important kinds of programs for which you cannot predict the output, but it is usually possible to check that output for correctness by various means and be confident that you know whether or not it meets your objectives.</p>
<p>Terrorists have more difficulty measuring outcomes. Let&#8217;s take the Chechen separatists as an example: presuming their outcome is to break the Russians&#8217; will to fight in Chechnya, how are they to know whether the massacre at Beslan succeeded or not? </p>
<p>3. The cost of failure is low</p>
<p>There is very little downside risk in what hackers do. If aparticular way of writing a program fails, you throw it away and write a new one. Failure can be sad for individuals or project groups but does not threaten the network as a whole. </p>
<p>The terror network, on the other hand, can be badly damaged by the blowback from its actions. In the aftermath of the 9/11 attack, Al-Qaeda lost its base camps in Afghanistan, and state sponsorship of terrorism became covert rather than overt.</p>
<p>No analogous loss is really imaginable for hackers. They are protected partly by the fact that there are large demand sinks for what they do in the aboveground economy &#8212; our equivalent of state sponsorship is the Fortune 1000.</p>
<p>4. Attack methods are perfectly transmissible</p>
<p>When hackers successfully attack a problem, they produce an algorithm that can be cheaply replicated anywhere. Terrorists, on the other hand, rely on skills that are difficult to replicate (such as bomb-making) and materiel that isn&#8217;t easy to get (consider the relative cost of a personal computer versus an RPG).</p>
<p>The bazaar model will only work for terrorists insofar as they can suppress these differencies &#8212; e.g., be safely visible, measure outcomes, control the cost of failure, and transmit attack methods.</p>
<p>It follows that counterterror strategy must be aimed at amplifying these differences. Here&#8217;s how we can do that:</p>
<p>1. Make it more dangerous for terrorists to be visible.</p>
<p>Terrorists can afford to be visible only where either (a) no local authority can suppress them, or (b) they are sponsored by the strongest local authority. (It is immaterial whether the local authority is a nation-state; this analysis applies equally to Iran, pre-liberation Iraq and Somalia.)</p>
<p>Thus, raising the perceived risk from sponsoring terrorism will force terrorists to operate undercover, making their network less like a bazaar in both communication richness and action/reaction time.</p>
<p>2. Make it more difficult for terrorists to measure outcomes</p>
<p>The most effective step we could take towards this is probably for responsible news media to voluntarily stop covering individual terrorist attacks. Note that this would not be the same as denying or covering up the phenomenon; monthly aggregate statistics on terrorist attacks, for example, would suffice for purposes such as risk evaluation by commercial travelers.</p>
<p>Unfortunately, responsibility by the news media seems rather unlikely.</p>
<p>3. Make the cost of failure high</p>
<p>This can be best achieved by the traditional method of giving no quarter &#8212; killing terrorists swiftly and without mercy whenever they present targets by mounting an operation. </p>
<p>4. Make it more difficult to transmit attack methods.</p>
<p>This implies that disrupting terrorist training facilities should be a priority in counter-terror.</p>