The head of a prominent human rights groups has warned that increased state involvement in cyberspace, including surveillance, censorship, propaganda campaigns and offensive cyber operations threatens the future of the Internet as much as endemic problems like cyber crime – part of a growing “dark side” to cyberspace.
Writing in the Penn State Journal of Law and International Affairs, Ronald Deibert, Director of Citizen Lab and Canada Centre for Global Security Studies said that threats to human rights and individual liberties come from a variety of states – from authoritarian regimes, to Latin American narco-states to liberal democracies in the West, as governments increasingly leverage the power of the Internet to monitor citizens’ behavior and impose limits on free expression.
Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, has played a key role in high-profile investigations of cyber espionage including the now-infamous Ghost Net attacks on the Dalai Lama and the Tibetan Government in Exile. The new paper warns of what Deibert calls “hidden contests and malicious threats” that are “growing like a disease from the inside-out.”
Sophisticated, global cyber criminal operations are part of that – thriving and innovating even as law enforcement struggles to pursue criminal organizations across international boundaries. Even more concerning are the ways in which “the worlds of cyber crime are blurring into acts of espionage, sabotage and even warfare,” he said.
State-sponsored espionage like the Ghost Net attacks are evidence that nation-states have learned from the cyber criminal underground – using methods that are “indistinguishable from those of cyber criminals.” “Many actors now see the growing underbelly of cyber crime as a strategic vector for the exercise of state-based and corporate espionage,” he wrote.
And, while conventional wisdom has long assumed authoritarian regimes would wither in the face of the unfettered access to information provided by the Internet, Deibert said that, in some cases, just the opposite is true. Regimes, including those in China, Syria, Vietnam and Iran “have successfully employed second and third generation control techniques to penetrate and immobilize opposition, cultivating a climate of fear and self-censorship,” he said.
Even in liberal democratic countries such as the U.S. and Western Europe, governments have sought to curtail expression online, in the name of protecting copyright or cracking down on pornography or hateful speech, he said. Governments have pushed private sector actors to collect data, while simultaneously relaxing judicial oversight of data sharing between intelligence agencies and law enforcement, the report warns.
What’s to be done? Deibert suggests handling the protection of online freedom differently than other international issues. Rather than Realpolitik and deference to traditional international relations, organizations with a stake in online security should use a model that is well adapted to the “core values and decentralized architecture” of cyberspace. A “distributed security” model that balances concepts like “mixture, division, and restraint”: balancing power among multiple actors, none of whom has ultimate authority. “Securing cyberspace requires a reinforcement of, rather than relaxation of restraint on power, including checks and balances on governments, law enforcement and intelligence agencies as well as the private sector,” he said.