While attempts to disrupt Web broadcasts of Al-Jazeera may seem like a distant concern, they reflect the problems that should concern security professionals everywhere.
We may not agree with everything Al-Jazeera publishes, but we should defend to the death its right to publish it.
I'm willing to bet that the topic of security is going to be quite popular this year.
Now, I'm not talking about the word "security". I'm sure that its searched for using Google, but not that much. No, instead I'm referring to any and all of an inter-related universe of terms and concepts. In fact, I would go so far as to say that we are absolutely, completely obsessed with security. And, as with most obsessions, there's a bit of madness mixed in there as well.
The Ongoing Search for Information
The US is at war right now with Iraq. It is the inescapable news of the moment. The vast majority of Americans are getting their information about that war from TV, newspapers, and radio, as are the vast majority of folks in the Arab world. Many in both groups, however, are using the Internet to try to broaden the information they gather and process about the war.
The most popular and influential TV station among Arab speakers is Al-Jazeera, broadcast out of tiny Qatar in the Persian Gulf. In fact, Google Zeitgeist reports that "Al-Jazeera" was the most gaining search query during March 2003. I know that a topic has reached the "real world" zeitgeist when I hear it discussed in coffee shops, as I did today, when I overheard a group of eight college students talking about Al-Jazeera playing on a TV in a Moroccan restaurant in which they were dining the night before. If you're an American getting all his news from CNN, ABC, or FOX, and you want to know what people in the Middle East are watching, then Al-Jazeera is the source you want to check. You might not agree with everything you see - in fact, you might violently disagree with the slant of the programming - but it is good to be aware of what is being reported elsewhere.
Until recently, non-Arabic speakers could not do that because Al-Jazeera did not have a Web site available in English. This changed around the time the invasion of Iraq. On 24 March, Al-Jazeera unveiled a new Web site at http://english.aljazeera.net, where non-Arabic speakers could read its reportage and commentary, and view its images.
And then the war really started heating up.
Al-Jazeera is Now on the Air...Maybe Not
Since that moment - just a few weeks ago at the time of this writing - Al-Jazeera has faced quite a struggle. Its DNS was hijacked, so that visitors to the Web site were redirected to a Web page featuring an American flag and the words "Let Freedom Ring!" It was knocked offline due to a denial of service attack. Its inital hosting company, DataPipe, dropped the site, forcing it to move to Akamai. Finally, Akamai ended its hosting contract with Al-Jazeera, without offering a clear explanation. Since then, the news site is back on the Internet, providing its useful perspective on events in the Middle East.
The events above beg for some thoughtful evaluation. As security professionals, we should be concerned; as citizens, we should be troubled. If your response to Al-Jazeera's problems run along the lines of, "Well, they had it coming to them - they're anti-American," then I ask you to think about that statement. First, Al-Jazeera's perspective is a bit more nuanced that simple "anti-Americanism". To know this, however, you'd have to have access to their Web site.
Further, as security professional we need to realize what the takedown of a news site could mean. What if the "other side" wanted to keep the Middle East from hearing our country's point of view, and you were tasked with protecting the Web sites under your control against DoS? What if you heard, "Fox had it coming to them - after all, they're anti-Arab." Would you then be troubled by a site takedown? Or, as is more likely, what if your company?s competitors used the same rational to justify knocking your site offline?
So, How does this Affect You and Me?
As security professionals, our duty is to uphold data integrity and availability, and to make sure that systems can be accessed. If you're American, the principles of the First Amendment need to come into play as well. You might not agree with everything Al-Jazeera publishes, but their right to publish should not be endangered by electronic vigilantes. After all, you would ask the same protection for your company's Web site regardless of what your competitors may wish.
Some information must be kept confidential, whether by government, corporation, or individual, and it is the job of security pros to help safeguard that confidentiality. However, news and opinion, no matter how repugnant we may find it, is different. To report the secret movements of troops on the battlefield is criminal; to report on the war from a different perspective, however, is not. To paraphrase Voltaire, we may not agree with everything Al-Jazeera publishes, but we should defend to the death its right to publish it.
Security is often a black and white issue. Sometimes, however, it presents itself in shades of gray, and we have to wrestle with the best way to balance the primary security goals of integrity and availability against our larger values as Americans. I worry when the concept of "security" is mixed up with some pretty ugly behavior. It just doesn't fit in with my hopes for our zeitgeist.
Al Jazeera and the Net - free speech, but don't say that
Akamai as Censor
Update: Al-Jazeera's English-Language Web Site
Outages hit Arabic news site