Last year’s Internet Governance Forum in Baku, Azerbaijan proved controversial due to the choice of host. This year’s event, in Bali, Indonesia was bound to be contentious, after Edward Snowden’s leaks on the US’s PRISM programme. PRISM and TEMPORA (the UK system of mass surveillance) were a lightening rod for general discontent from activists who feel an increasing sense of ill ease over the state of internet freedom. Many of the sessions were bad-tempered affairs with civil society rounding on the perceived complacency of government officials from democracies who refused to state their opposition to mass state surveillance in clear enough terms.
US rep use the phrase “alleged US intelligence practices” and then continue by saying: “everyone does it” #IGF2013SV#IGF2013
At an event hosted by the Global Network Initiative, Index on Censorship, andPakistan’s Centre for Social and Policy Analysis, a US government official was heckled by the audience when he attempted to justify PRISM as an anti-terrorism measure. Of particular concern for delegates was a sense that PRISM is now being used by less democratic and authoritarian states to justify their own surveillance systems. The Chinese were quick to point out the ‘double standards’ of the US at this workshop, following it with appalling doublespeak to gloss over their poor domestic record on human rights violations. A point I challenged them on in no uncertain terms.
WOW China is actually lecturing the US on #prism THIS IS SO DEPRESSING #igf2013
Participants in the workshop from across the globe from Pakistan to South Africa stated their concern that a race to the bottom is beginning with new surveillance capacities being debated in countries such as Russia, New Zealand and the UK. Other areas of concern at the workshop included the increasing use of filters at ISP level (in particular in Indonesia where a significant number of ISPs are adopting filtering) and the pressure now felt by Telcos from states who are imposing burdensome requirements to filter content. One worrying prospect is that the ITU will succumb to a push to ensure Telcos do not distribute ‘blasphemous’ content which could lead to the full Balkanisation of the internet.
Although the outlook is bleak, civil society is pushing back at corporations and governments. Bytes for All in Pakistan has done impressive work in chronicling censored online content. A number of coalitions strengthened at the IGF with closer co-operation between international NGOs to take on mass state surveillance. This weekend, a number of US NGOs will rally in Washington DC against the PRISM programme with thousands expected to take to the streets. Index on Censorship’s #DontSpyOnMe petition of 7,000 signatures was this week sent to Lithuanian President Dalia Grybauskaitė, who currently hold the Presidency of the Council of the EU, and Herman van Rompuy, President of the European Council. The EU heeded our calls to discuss mass surveillance at the Council of Ministers meeting – a big success. The pressure on corporations is being felt too, Telcos came under particular fire for their willingness to install surveillance equipment in their networks. Yet, many are beginning to speak publicly over the pressures they feel from states and the need for transparency so their users are at least aware of the surveillance they may be subject to and so can adjust their behaviour accordingly. Meanwhile, Google launched new tools to illustrate the threats the internet faces. The Digital Attack Map is a realtime website displays DDOS attacks and where they originate from – useful in tracking attacks on civil society websites from state-run or criminal botnets. Google also launched a project to provide free, secure web hosting for internet activists under attack.
One of the strengths of the IGF is the broadness of the workshop programme. From the challenges felt by the disabled online, minority rights online, through to bridging the ‘digital divide’ between the rich and poor both internationally and internally within even wealthier countries, the IGF covered a significant amount of ground. Yet, one of the big challenges to the IGF is how to engage a wider section of civil society. While the IGF was better attended by delegates from South-East Asia, fewer delegates from Europe and the Middle East were visible during this IGF. This remains a challenge to the organisers, with too much interaction from those physically present at the conference and too little from the many remote participants, many of whom couldn’t afford the air fare to Bali but have much to contribute. Bridging this divide will be important in the future.
The tone of this IGF was set by the Snowden revelations. The US and other Western democracies were on the back foot, in stark contrast to their confident promotion of net freedom in Baku. Without openess, increased transparency and an end to mass surveillance it’s hard to see how they will regain their moral authority, leaving a huge vacuum at the heart of these debates. A vacuum that others – in particular China – are willing to fill. The battle to keep the multistakeholder, open internet free from top-down state interference is on-going. The IGF should give once confident advocates of net freedom serious pause for thought.
Just days before the United Nation’s led Internet Governance Forum in Indonesia, India, held its own – and first of its kind – conference on cyber governance and cyber security.
With the support of the National Security Council Secretariat of the Government of India, the two-day conference was organized by private think-tank Observer Research Foundation and industry body, Federation of Indian Chambers of Commerce and Industry, (FICCI). Speakers were from a host of countries including Estonia, Germany, Belgium, Australia, Russia, Israel, and of course, India.
It was ironic, that in a post-Snowden world, buried under allegations of the extent of the NSA’s spying, US officials were unable to attend the conference due to their government’s shutdown. Instead, other views took center stage, and India also visibly demonstrated the various positions its stakeholders take around the questions of governance and security.
Right at the kickoff, India’s Minister for Communications and Technology, Kapil Sibal, challenged the question of sovereignty and jurisdiction in cyberspace. “If there is a cyber space violation and the subject matter is India because it impacts India, then India should have jurisdiction. For example, if I have an embassy in New York, then anything that happens in that embassy is Indian territory and there applies Indian Law.”
India has, over the last few years, flirted with the idea of an UN-lead internet governance structure, and subsequently backed away from it. Minister Sibal said that India believes in “complete freedom of the internet”, however, at the same time needs to acknowledge that along with cyber freedoms come cyber gangsters, and the state and its citizens need to be protected from them.
India, with its 860 million mobile subscriptions (although, the numbers of users would be lower than this figure) is looking more and more to the internet as a delivery platform of socio-economic programs and a tool to boost the economy. That the internet can raise GDP by 10% is a much favored figure for those who promote the internet for economic reasons. The fact is that as the remaining unconnected population of India begins to acquire net connections through desktops and smart phones, the government is increasingly looking at security and surveillance over the internet as a necessary and inevitable route. This also means that the government needs to rely on industry to help them with this gigantic task.
The possible synergy between businesses and government in India was a central theme for discussion; as industry bodies asked the government to invest in training more cyber security specialists and also start moving towards uniform security standards and protocols. In fact, Indian industry most certainly wants to be relived of the financial burden of training personnel, and to an extent, investment in security R&D, and is keen to partner with the government to achieve both ends. Indian industry is often in the news because it appears almost universally under prepared for cyber attacks, both from within the country and externally. Suggestions of a government-led cyber awareness program were made as well, with calls to allocate funds for these exercises in the budget.
However, as has been the case in India, the real source of friction still lies between civil society and the government over the question of surveillance and monitoring. In a session entitled ‘Privacy and National Security’; perhaps the only India-centric panel of the entire conference, the debate became overheated. The panel consisted of a senior police officer involved in surveillance, India’s director-general of CERT (Computer Emergency Response Team), a representative from the mobile industry and a privacy expert. The government official was pushed by civil society members and journalists to explain the workings of the Central Monitoring System, still very opaque to the public, and later the official definition of privacy. He did neither. Unsurprisingly, India is yet to really define what privacy is, leading to simultaneous furor in the room and twitter (#cyfy13) about why this hasn’t been done as yet.
The sense in the room was that surveillance, while necessary to protect citizens, is only really effective when it is conducted in a targeted manner. Mass surveillance leads to self-censorship and is, in the end, counter productive. The other bone of contention was the question of identity, with the government making arguments that verifiable cyber identity is a possible solution to cyber crime. However, other participants found the issue troubling, as anonymity is necessary for a number of reasons, including as we have seen around the world, political dissent.
Finally, panelists discussed how best to inculcate a multistakeholder approach when legislating the internet. It was pointed out more than once that the internet was a product of private enterprise, made on open standards and principles, but now governments are attempting to control this resource. However, while public calls for multistakeholderism were made for many reasons; human rights, protection of privacy and even to benefit business in the long run (as they would not risk being caught up in lengthy court cases in the future if they took civil society on board from the start), there was still an elephant in the room. Offline, many official participants wondered why Chatham House Rules were not observed, or why there were no closed-door meetings only for government officials. It was clear that much of the weighty – and honest – discussions still don’t involve the public. Perhaps not where the question of governance is, but certainly when the question of security is.
Ultimately, there are two broad outcomes of this conference. The first is that India has indicated its willingness to start shouldering discussions to do with the global cyberspace. The other is, as India’s National Security Advisor put it, — ““India has a national cybersecurity policy not a national cybersecurity strategy.” This is certainly a start to building a consensus for that strategy.