*pwn: slang for hacking into and taking control of another computer.   https://en.wikipedia.org/wiki/Pwn

Advanced Persistent Threat: The Need for A New Vigilance

It is the common fate of the indolent to see their rights become a prey to the active.  The condition upon which God hath given liberty to man is eternal vigilance; which condition if he break, servitude is at once the consequence of his crime and the punishment of his guilt.  -- John Philpot Curran, "Speech On the Right of Election" (1790)

"Big Money", in its various forms, has invested centuries probing for vulnerabilities in our systems of government, developing increasingly sophisticated and effective exploits that have ultimately given large moneyed interests unprecedented sway over every office of power.  While conscientious leaders have given us occasional patches, such as anti-trust law, industry regulations, and even the odd Constitutional amendment, Big Money always seems to find new ways to bypass and undermine these protections.  This is because Big Money's business model includes as its norm, the investment of time and resources towards corrupting government wherever it is advantageous to do so, regardless of any harm done to the the public interest.  By contrast, government's management model is to get on with the work of governing and only intermittently attend to these threats.

That is: government has an underdeveloped and inadequate threat model regarding the behaviour of Big Money, and is therefore unable to stand up for good governance and protect it from the influences of Big Money.

Because so many vulnerabilities are long left unpatched, and because Big Money gets increasingly better at exploiting vulnerabilities, the outcome is inevitable -- and indeed that outcome has arrived: Big Money has pwned* government. Big Money has re-programmed and re-tasked government and its massive resources to do their will.

Government is now aligned and tuned primarily towards maximizing profits and power for large moneyed interests, regardless of the costs and harms to the citizenry, to the environment and to future generations.

In the terminology of software security: Big Money has become an Advanced Persistent Threat.  It is not an overstatement to say that it now has the tools, resources and intention to infiltrate, conquer and command every office of government.  It has been doing exactly this, it has mostly succeeded, and it will continue to do this until there is no office of government left unpwned, and further still, until there are no uncorrupted footholds left from which to mount a counteroffensive.  

Aside from terminology, there are other useful concepts to borrow from the realm of software security which can help us define the threat, map out its nature and tactics in all their complexity, and devise countermeasures and new protections to clean the system and prevent new infiltrations.

One of the most important concepts to apply here is a dynamic threat model. That is: any successful system of countermeasures must account for the fact that the tactics and methods used by Big Money:
a) vary over time,
b) vary depending on context,
c) vary depending on the nature of the vulnerability, and, most importantly,
d) adapt to attempts to patch a vulnerability.

This concept differs from a more traditional notion of vigilance against corrupting forces, in scale, speed and flexibility, but not in type.

U.S. President Andrew Jackson's paraphrasing of Curran's quote, "eternal vigilance by the people is the price of liberty" is as true today as it was in 1837 or in 1790.  But with a bigger and more complex government, and with the modern and dynamic capacities of Big Money to infiltrate government, the task of vigilance is harder than ever before.

This is why we need new tools to undo existing infiltrations by Big Money, and prevent new ones. For these new tools to work, we also need more widespread and robust opportunities for the public to:
a) monitor the activities of government, and
b) be heard when government veers too far from the public interest. 
Such tools are challenging to develop and we hope to do our part by offering an evolving Model Legislation, designed for these tasks.

*pwn: slang for hacking into and taking control of another computer.   https://en.wikipedia.org/wiki/Pwn


© 2014 The Centre for Public Oversight