Access is celebrating International Human Rights Day by bringing you a series of blog posts covering the next big digital rights challenges. The fundamental freedoms of Expression, Privacy, Association, Conscience, along with a number of others, were codified through the Universal Declaration of Human Rights, which was signed 66 years ago this week.
Human rights are universal, interrelated, interdependent, and indivisible: We must protect each one to enjoy them all. With rights under attack all around the world, Access is taking this week to recognize the Universal Declaration for setting global human rights standards.
Global conversations on cybersecurity, particularly in the west, have been largely focused on securing critical infrastructure. This nation-state-level focus has, perhaps unsurprisingly, implicated the military in defending a country’s national borders and national infrastructure, with “cyber” now joining air, land, sea, and space as a 5th domain of military warfare.
There’s a new arms race over offensive capabilities and the demarcation of national boundaries in an internet designed to be borderless. In one surveillance revelation, the NSA expressed fear that disclosure of its programs would limit its ability to “exploit foreign adversary cyberspace.” In other words, they were worried about their capacity to conduct offensive cyber operations.
As with traditional war, countries are splitting into factions. China and Russia are expected to sign a treaty early next year expanding their use of joint cyber operations. Governments are intentionally introducing vulnerabilities into commonly used software and hardware, hoarding zero-day exploits instead of patching them (President Obama’s own review group recommended instead a policy of patching zero-days), and calling for the development of “national internets.” Such tactics and institutions run counter to the principles of openness, transparency, and decentralization that are the heart of the internet’s design.
Despite astronomical increases in cyber spending globally, the focus is rarely on the individual, and we’re increasingly seeing direct harm to users—data breaches revealing sensitive personal information, tools for expression going dark, widespread malware undermining the security of our devices and at times, the internet itself being shut off. This trend toward securitization and militarization threatens the internet as we know it and undermines the web as a revolutionary platform for the realization of the human rights protected by the Universal Declaration of Human Rights.
Even with increased government attention on cybersecurity, user security and privacy is at greater risk than ever before. Often military and civilian data are stored on the same servers, so the line between a military and civilian target becomes blurred. Countries utilize cyber weapon’s capabilities to target civilians, in contravention of human rights and humanitarian law. Analyses of cyber tactics demonstrate this risk to users. Symantec recently revealed an advanced Stuxnet-like piece of malware, likely controlled by a major Western nation, named Regin to conduct targeted operations in Russia, Saudi Arabia, Pakistan, and a number of other countries. Nearly 50% of the malicious code’s targets are private individuals and small businesses.
We need to change the way we think about cybersecurity. The following solutions promote an open and secure internet, protective of user rights.
- Development of a user-up cyber paradigm: Cybersecurity must be holistic, instead of a focus on military capability, countries need to promote protections at all layers of the internet stack, from the individual user device to the infrastructure we all depend on.
- Increased multistakeholder involvement in international cyber policy setting fora: Stakeholders from civil society, business, and government should coordinate to promote the holistic, user-up approach in lieu of a military, closed method of formulating cyber policy.
- Cyber leadership from civilian agencies: Civilian agencies can create positive incentives to coordinate between government and the private sector and work directly with other governments.
- Greater use of Mutual Legal Assistance Treaties (MLATs) and other methods of constructive international collaboration: MLATs create a clear and consistent legal process for sharing evidence between jurisdictions, lessening the need for hostile cyber attacks.
An open and free internet cannot operate within a militaristic paradigm. We must preserve human rights, protect users, and keep the internet as a tool for innovation, expression, and freedom. To maintain the spirit of the Universal Declaration of Human Rights in the digital age, nations must now advance a user-focused approach to cybersecurity.