Participate: Leave your comment at the bottom of this page.
On 18 October 2014 in New Delhi, following the conclusion of the India Conference on Cyber Security and Cyber Governance, The Hague Institute, together with the Stimson Center and the Observer Research Foundation, convened a group of high-level experts on cyber security and cyber governance for a consultation in connection with the work of the Commission on Global Security, Justice & Governance. The consultation was chaired by Dr. Jane Holl Lute – a Commissioner, and President and CEO of the Council on Cyber Security and Former U.S. Deputy-Secretary for Homeland Security.
Summary of the Discussion
Following an introduction on the Commission by Dr. Richard Ponzio, Head of the Global Governance Program at The Hague Institute for Global Justice, the Executive Director of the Center for Internet and Society – India, Mr. Sunil Abraham, presented the consultation’s opening remarks on the role of the state in facilitating the freedom of expression online and access to the Internet in the Global South.
The Freedom of Expression Online and the Role of the State
Deregulation and the Principle of Equivalence
Mr. Abraham highlighted the importance of deregulating speech online, and advocated adhering to the principle of equivalence when determining what limits to impose on the freedom of expression online (i.e. what is illegal offline should generally be illegal online, with new regulations specific to speech on the Internet being created only where no offline equivalent exists, e.g. spam). Mr. Abraham provided examples from the Global South of instances in which speech has been subject to stronger regulations offline than online (e.g. Malaysia), as well as instances in which laws promulgated prior to the advent of the Internet have encroached on the freedom of expression online (e.g. Thailand’s Lèse-majesté Law).
Laws Enabling the Freedom of Expression
Mr. Abraham emphasized that the state should focus on creating laws that enable, rather than constrain, the freedom of expression online. Laws limiting intermediary liability; ensuring the transparency of censorship procedures; allowing for the contestation of measures restricting free expression; and providing for legal remedy when that right is violated are examples of such enabling laws.
With regard to the role that the state should play in order to facilitate the freedom of expression online, Mr. Abraham underscored the importance of regulatory forbearance, defined by the International Telecommunications Union as “focusing regulation to where it is needed, and withdrawing regulation in those parts of the market where it is no longer necessary.” According to Mr. Abraham, regulation should be guided by the principles of necessity and proportionality.
Privacy Laws and Potential “Chilling Effects”
Mr. Abraham called attention to the fact that excessively stringent privacy regulation can create an unintended “chilling effect” on the freedom of expression online, as people engage in self-censorship to avoid infringing such laws.
Mr. Abraham also discussed the role of anonymity in protecting the freedom of expression online, referring to the case of South Korea, where the constitutional court ruled unanimously that it is unconstitutional to require people to authenticate their identity in order to post or comment on websites.
Mr. Abraham also highlighted the importance of streamlining Mutual Legal Assistance Treaty (MLAT) processes to ensure that requests for personal information are handled with due regard for individuals’ right to privacy.
Censorship and the “Streisand Effect”
Mr. Abraham also suggested that states should endeavor to counteract “bad speech,” or online content that a state does not condone, by producing “good speech,” or online content it does condone, rather than by resorting to censorship. This approach has the advantage of avoiding the “Streisand Effect,” whereby an attempt to censor information has the unintended consequence of publishing the information more widely.
Access to the Internet and the Role of the State
Mr. Abraham pointed out that an increase in submarine cables is a positive phenomenon, as it creates redundancy, thereby decreasing the risk of service disruption. As an example, he cited the Eastern Africa Submarine Cable System (EASSy), which is an undersea fibre optic cable system that connects countries in East Africa to Europe and North America, rendering reliance on satellite Internet access to provide voice and data services unnecessary.
Mr. Abraham also addressed the issue of domestic routing of domestic traffic or localization, which is facilitated primarily by Internet exchanges and domestic fibre. He discussed the possibility of creating a national intranet through the use of physically separate cable systems. The political and economic implications of creating such a system are significant, however, and must be considered carefully.
Sharing Backhaul and Expanding Access
Mr. Abraham also discussed India’s National Optical Fibre Network (NOFN) as an experiment in sharing backhaul (i.e. the transmission of data from decentralized points to a central point) in order to cope with limited network capacity while expanding access to underserved areas.
On the subject of net neutrality, Mr. Abraham noted that the understanding of net neutrality espoused by “doctrinaire” activists in the West is difficult to achieve in countries like India because of low penetration levels and the nature of wireless networks, which have never been neutral. Mr. Abraham made specific mention of “zero-rating” deals through which wireless operators currently give users preferential access to certain types of content (e.g. Facebook). While such deals – which are popular with low-income users in particular – contradict the principle of net neutrality, limited access may well be better than no access to the Internet at all.
Intellectual Property Rights Policy
Mr. Abraham described access to knowledge as a precondition for free speech and was critical of the intellectual property rights regime of the United States in this regard, stating that it does not allow for the exploitation of treaty flexibility.
Internationalization/Localization: Language Technologies
Mr. Abraham also suggested that investing in English-language content and technologies may be more cost-effective than balkanizing the Internet through language localization.
Several experts at the consultation provided constructive feedback on Mr. Abraham’s presentation.
Key inputs included:
Dr. Sherif Hashem (Vice-President for Cyber Security, National Telecommunication Regulatory Authority, Egypt) concurred with Mr. Abraham’s concerns regarding the dangers of excessive regulatory intervention by the government, citing the pressures faced by Egypt’s government to ban websites and applications that offended the sensibilities of a vocal minority.
Dr. John Mallery (Research Scientist, MIT) noted that since the vast majority of new users in the Global South will access the Internet through their mobile phones, mobile security should be a top priority for the private sector as well as governments. He emphasized that basic cyber hygiene education is a necessary part of any strategy to enhance access.
Sean Kanuck (National Intelligence Office for Cyber Issues, Office of the Director of National Intelligence, USA) posed the question whether the human right to the freedom of expression trumps national standards and regulations/sovereignty. In response to this question, Sash Jayawardane (Researcher, The Hague Institute) pointed out that we have moved beyond the conceptualization of sovereignty as an absolute – there are limits to the limits that nation states can impose on their citizens’ exercise of their human, civil and political rights. The Johannesburg Principles on National Security, Freedom of Expression and Access to Information articulate the limits to the restrictions states can impose on the freedom of expression in the interests of national security and provide excellent guidance on how to balance these competing imperatives.
Dr. Patryk Pawlak (Senior Analyst, European Union Institute for Security Studies) emphasized that the Commission should explicitly state the developmental benefits of Internet access and cyber security, and noted that the role of the Internet in the UN’s sustainable development agenda remains underexplored. He called particular attention to the role of capacity-building in expanding Internet access in a secure manner.
In a similar vein, Roel van der Veen (Academic Advisor, NL Ministry of Foreign Affairs) noted that the Commission must provide conceptual clarification of how Internet access and freedom of expression relate to its understanding of “security” and “justice,” as well as how these two core concepts can be reconciled. Sash Jayawardane responded that these questions are addressed in the theoretical portion of the background paper on The Role of the State in Facilitating Internet Access and Protecting the Freedom of Expression Online in the Global South.
This session focused on cyber security and featured opening remarks on “A Global South Perspective on Cyber Governance and Cyber Security in the 21st Century” by Former Deputy National Security Advisor of India, Ambassador Latha Reddy, as well as a keynote address by Commissioner Dr. Jane Holl Lute.
A Global South Perspective on Cyber Governance and Cyber Security in the 21st Century
Cyber Security Policymaking and “Responsible Sovereignty”
Amb. Reddy observed that there is currently too little focus on cyber security policies (as opposed to technologies), noting that cyber security has the ability to drive economic growth and societal change, particularly in light of the mobile revolution.
With regard to the Global South, Amb. Reddy elaborated on the notion of “responsible sovereignty,” which includes enhancing access to allow more people to benefit from the digital economy; investing in technology and national cyber infrastructure, while utilizing global infrastructure; ensuring a voice for the Global South in transparent and fair global cyber governance structures; creating a safe and stable cyber ecosystem, including the protection of critical infrastructure; and investing in the education of the end-user.
Amb. Reddy expressed that the time had come for India to make a second quantum growth leap, exploiting its position as a global hub for cyber security products and personnel. She emphasized that cyber security measures must be incorporated into state governance systems through the creation of national, state and local CERTs. Additionally, basic cyber security training must be provided to law enforcement and judicial officials, and clear processes/mechanisms for reporting cyber-crime must be put in place. Capacity building must be prioritized and Centers of Excellence created in order to support smaller, innovative groups at the local level.
The Future of Cyber Governance: Hybrid Systems and Sectoral Agreements
Reflecting on the future of cyber governance, Amb. Reddy embraced a multistakeholder model, which recognizes governments as important stakeholders. She expressed that hybrid systems of governance and international agreements focused on specific cyber security and governance issues (as opposed to a single, comprehensive international agreement) are likely to be the way forward in this domain.
This statement echoed the conclusions drawn by the experts on the panel entitled “Norms of Cyberspace” at the India Conference on Cyber Security and Cyber Governance, which highlighted the importance of recognizing the limits imposed by geopolitics when designing cyber governance approaches; adopting a piecemeal or sectoral approach to consensus-building (i.e. focusing on issues that are both narrow in scope and on which there is already some consensus); and pursuing opportunities for bilateral or regional cooperation on cyber governance issues. The panel emphasized that pragmatism must ultimately prevail and that enforceable rules will eventually emerge from sustained state practice.
Priorities for the Global South
Amb. Reddy highlighted five cyber issues, which should be prioritized by the Global South in the near future:
- Harnessing cyber for responding to developmental needs and economic progress;
- Creating a safe and secure cyber ecosystem, including the protection of critical infrastructure;
- Investing in capacity building (hardware, software, user capabilities);
- Providing widespread access to technologies;
- Enhancing Global South voices in new cyber governance structures and fora.
Cyber Security, Justice & Governance
Why is Cyberspace Important and What Role for the State?
In her keynote address, Commissioner Holl Lute argued that the single most important factor that renders cyber security important is our reliance on the Internet. She elaborated on this point by referring to the social impact of the growth of the Internet, which she described as a “global cyber awakening.” Commissioner Holl Lute made three primary observations about the effect of the Internet on people, which have implications for the role of the state in cyberspace:
- We interact online principally as consumers, rather than citizens (with the exception of political events like the Arab Spring)
- Facebook, which has over a billion active users, knows its customers better than states (e.g. China, India) or religions (e.g. Christianity, Islam) with a comparable number of citizens/followers.
- The power that matters in cyberspace is the power to connect, not protect.
In this context, Commissioner Holl Lute posited that although states will continue to matter in the realm of cyberspace, they will matter differently, no longer being the sole providers of justice and/or security.
Commissioner Holl Lute observed that governments can be divided into three categories based on their approach to cyber security: those that are concerned with threats from outside their borders; those that are concerned with threats within their borders; and those that do not care about security threats and focus instead on economic development. Regardless of their security orientation, however, most governments do not take the issue of cyber security seriously enough. Furthermore, governments erroneously view cyber security as an intelligence issue, rather than a rule of law issue. Regarding the appropriate role of the state in cyberspace, Commissioner Holl Lute expressed that it should exist in the background, enabling its citizens to interact in cyberspace safely by creating threshold conditions of security, justice and well-being, while avoiding constant interference and policing.
Three Questions on the Future of Cyber Security, Justice, and Governance
Commissioner Holl Lute identified three questions critical to the future of cyber security and cyber governance:
- How do we design and build systems we trust from components we cannot trust?
- How do we ensure that the integrity (rather than privacy) of our information is secure?
- What will the role of government be?
These questions will be posed to the experts participating in an e-consultation on cyber issues for the Commission on Global Security, Justice & Governance in November 2014.
According to Commissioner Holl Lute, the primary focus of efforts to enhance cyber security should be on cyber hygiene. She stressed that proper cyber hygiene practices could help mitigate 80 – 90% of all known threats. Acknowledging that one-size does not fit all with regard to cyber security measures, Commissioner Holl Lute emphasized nonetheless that one approach fits most, i.e. proper cyber hygiene is a solution to the vast majority of cyber vulnerabilities in the world today.
Pavan Duggal (Advocate, Supreme Court of India) concurred with Commissioner Holl Lute’s observation that there exists a trust deficit in public institutions worldwide, and that states should view cyber security as a rule of law issue, rather than viewing it purely through a national security/intelligence lens.
This observation received further support from Anja Kovacs (Researcher, Internet Democracy Project), who underscored the importance of distinguishing between national security and human security/development and then deciding how best to balance these often competing interests. Ms. Kovacs referred to a report she co-authored, entitled “Reframing the debate: Cyber security, cyber surveillance and online human rights,” which takes “as its starting point a positive, rather than negative, approach to security that supports not only the right to privacy but, crucially, also the right to freedom of expression” [emphasis added]. Ms. Kovacs also highlighted the importance of literacy and awareness campaigns to ensure that people are better able to understand and claim the legal protections the law affords.
Echoing Amb. Reddy’s point about the need for clear processes/mechanisms for reporting cyber-crime, Mr. Singh (Journalist) raised the issue of justice in cyber space and observed that the average citizen should be better informed about what remedies are available for victims of injustices in cyberspace.
Dr. Patryk Pawlak (Senior Analyst, European Union Institute for Security Studies) encouraged the Commission to communicate clearly about the political, social and economic benefits of cyber security in order to make a sound case for why countries should invest in cyber security/cyber hygiene.
Mr. Parminder Jit Singh (Executive Director, IT for Change) inquired as to why the Commission’s thematic focus on cyber issues is titled “the cyber-economy.” He underscored the importance of examining carefully the conceptual underpinnings of this title, which to him suggests that cyber governance and cyber security are viewed primarily through an economic lens, rather than a socio-political one.
Dr. John Mallery (Research Scientist, MIT) introduced the concept of “composable security” and framed the role and responsibility of governments as restricted to addressing problems concerning public goods. The implications of this assertion are especially interesting in light of a panel discussion at the India Conference on Cyber Security and Cyber Governance, where experts posited that the Internet is not a global commons because most cyberspace resources are privately owned, and it is not possible to identify authorized and unauthorized users of cyberspace.