Are US Military “BOTNETs” Unconstitutional? Every other month we get someone in the US Military ranting about how “we need to go on the offensive,” “we need to build our own BOTNETs,” we need to be better than our enemies.” This expression of anxiety is understandable. It is an expression of frustration, where the people who are obligated to protect the US Constitution from “all enemies, foreign and domestic.” If cyber-criminals, patriotic Chinese, and terrorist can build BOTNETs, then the US Military should do the same. We can see this expressed in Col Charlie Williamson’s recent interview on BBC Radio 4 ( The Report – Ben Hammersley assesses the seriousness of cyber-attacks on international networks) and his past articles on the topic of going on the offensive (see Carpet bombing in cyberspace Why America needs a military botnet).
What is puzzling is how several key points are ignored by Col Williamson and others proponents of the US Military’s Cyber-Warfare exploration of a strategy. First, it is unconstitutional for the US Military to “quarter” a resource inside of a residence. The Third Amendment of the US Constitution states “No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.” A computer inside of someone’s home is “in” that home. Putting a US Military resource – the BOTNET – on that computer resource “without the consent of the Owner” would have a hard chance of standing up in a US Court. The 3rd Amendment is one of the least cited Amendment’s, but in this case, has a strong weight against a “Cyber-Warfighting” strategy which assumes that they can just violate the computer inside someone’s home. So if the US Military would like to violate the resources who they are obligated to protect, they need to get a law passed which would allow them to “quarter” their BOTs.
What is more disturbing is the shallow thinking some the analysis. For example, if a citizens computer is violated by hijacking malware, configured in a BOT, and used in an attack, that computer becomes a legitimate target. In the BBC Radio 4 interview, Col Williamson says “It may, in the right circumstance, be worthwhile and even fair for the US to hit a computer that is hitting us and stop it from harming us for an hour or days when that computer owner failed to take basic steps to protect us.” Col Williamson ignores the fact that most “protective” tools today do not stop a modern virus, worms, and other hijacking malware when they first appear on the Net. These violated computers do not have a viable defense – so one cannot assume that “it is all the citizen’s fault.” Even if it was, what gives the US Military the right to counter-attack the computer – knocking off all voice, video, and data to that home? What if that home needed to make a 911 call? What if that home had a telemedicine application connected to a hospital? Is this a legitimate use of US Military power against the citizens they are sworn to protect? Granted, the US Military could use computers in other countries. But, that is all part of cyber-warfare.
Note: Col Stephen Korns challenges many of the asserting that a US Military “BOTNET offensive” is empirically viable. In the article “Botnets outmaneuvered: Georgia’s cyberstrategy disproves cyberspace carpet-bombing theory,” Col Korns questions many of the assertions of Col Williamson. This was shot back with the article “The case for military botnets stands.” This rebuttal was really informative. It highlighted the foundational thinking on some of the legal argument for a “US Military BOTNET” on “An Assessment of International Legal Issues in Formation Operations” (May 1999) by the Department of Defense Office of General Counsel. The whole article has an underlying theme of a “National Network.” The problem is that there is no “US National Network.” The Global Telecommunications networks are so intertwined in the world that one would have a difficult time “nationally disconnecting” from the “Net” let alone find the “national border” to that network.
Bottom line, the Internet and Global Telecommunications are now ONE network. It is totally different from anything we’ve had in the past. While some military models might fit in a “cyber-war” strategy, most will be “square peg in round hole” techniques that do not fit, will not work, and result in collateral damage that causes harder to the warfighter than inflicting pain on the enemy.