The Rise of Cyber Repression

In this July 16, 2013 file photo, a woman walks by a sign at Cyber Terror Response Center of National Police Agency in Seoul, South Korea.

Ahn Young-joon/AP

AA Font size + Print

In this July 16, 2013 file photo, a woman walks by a sign at Cyber Terror Response Center of National Police Agency in Seoul, South Korea.

When even the New York Times is open to tinkering with the First Amendment, it’s time to look at the way groups and governments are shaping our online society.

Donald Trump calls for “closing that Internet up” due to the rise of Islamic extremism, Hillary Clinton says the same thing, just a bit more diplomatically, asking the great disrupters to go to work disrupting the so-called Islamic State. Given that it is impossible to shut down the Internet in the United States, even if Russian submarines were to cut transatlantic cables, this move by Trump to enter the arena of information security demonstrates one of the most pernicious challenges in our digital era: the rise of cyber repression. Even the New York Times is exploring challenging the First Amendment in the age of digital extremism, which suggests Trump’s ideas are not at all fringe.

While the actions of the Islamic State and other malicious actors online pose security problems, especially in their ability help recruit and promote offensive ideologies, the rush to react to this threat may harm civil liberties, or as Trump says “oh freedom of speech, freedom of speech.” The great hope of the Internet as a path to digital freedom has quickly given way to the reality of the structural control imposed by states on activists in cyberspace. The danger posed by digital threats is not severe enough to warrant a challenge the freedoms and liberties inherent in Western political ideologies.

There has been a precipitous rise in malicious hacking but it is not exhibited between states, rather it is from within them by governments seeking to maintain control over their populations. There is increasing utilization of cyber technology to silence dissent, often in direct contradiction with human rights law. The dramatic rise of digital control by the state is a development that has been relatively overlooked by both mainstream media and the United Nations compared to the concern exhibited for the as of yet mythical cyberwar.

The latest Citizen Lab report exposes the efforts of an espionage team named Packrat to silence dissent in Ecuador, Venezuela, and Argentina. The group used malware, phishing and disinformation, even going so far as to threaten an investigator looking into their activities. The scope, funding, and targets suggest this group is either directed or serves as a proxy for state interests.

Our future is not one of constant cyber war between countries, tracing dots as they bounce around the digital map between countries—but rather one of digital violence and repression directed at both internal and external enemies.

The story of Hacking Team, which made headlines earlier this year, also illustrates the ability of governments to use malicious code to target activists. Based in Italy, Hacking Team is an information technology company that sells intrusion and surveillance capabilities to governments, law enforcement agencies, and corporations. While it claims to not sell to governments with poor human rights records, evidence from a counter hack points to the contrary. Hacking Team software was found on the office computers of Mamfakinch, an award-winning Moroccan news website that is critical of the Moroccan government. The Hacking Team’s products have also surfaced in Ethiopia, a country notorious for its repression and strict governmental control over all channels of communications, as well as in Sudan, Bahrain and Saudi Arabia.

Digital tools clearly have as much potential for harm as good because governments, with their many resources, can leverage these tools to suppress dissent as described. As well, the ability of social media to facilitate rapid organization or protest, or to share video or photo footage is tremendous but not foolproof. Governments have been known to respond to digitally organized protests with traditional weapons. For example, agents of the Thai government killed dozens of protesters after the Red Shirt uprising, which was coordinated largely via Twitter. There are similar examples from Iran and Belarus.

This kind of digital repression may not seem as dire, dramatic, or tragic as other crimes that occur regularly against civilians, but it does constitute a human rights violation. This is largely based in Article 19 of the International Convention on Civil and Political Rights guarantees the “freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.”

The question then is, what must be done to help activism flourish and protect civil liberties? The first step should be collect better data to obtain a realistic picture of how and when cyber repression happens. Valeriano and Maness catalog attacks between states but now the focus must shift towards collecting data on domestic attacks perpetrated by states and their proxies. Data collection should start with defining a list of actions that constitute cyber repression, the perpetrator, target, degree of severity, goal of operation, and method of attack. This goes beyond Freedom on the Net‘s ranking of countries based on Internet openness or the former OpenNet Initiative’s measuring of information controls, instead we must catalog specific abuses and methods. Once this information is collected, like any human rights abuse, action can be taken. Parties cannot be credibly named and shamed without evidence.

Repression by digital means deserves attention and action. Our future is not one of constant cyber war between countries, tracing dots as they bounce around the digital map between countries, but rather one of digital violence and repression directed at both internal and external enemies. To address digital repression, we first need better awareness of the extent of the problem, followed by actions seeking to end the harm. This is a call for a control over the digital arms of repressive regimes, and the need to construct a digital society that even Russia, China, and the United States could agree to.

This post appears courtesy of CFR.org.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.