The Rise of Cyber Repression

Donald Trump calls for “closing that Internet up” due to the rise of Islamic extremism, Hillary Clinton says the same thing, just a bit more diplomatically, asking the great disrupters to go to work disrupting the so-called Islamic State. Given that it is impossible to shut down the Internet in the United States, even if Russian submarines were to cut transatlantic cables, this move by Trump to enter the arena of information security demonstrates one of the most pernicious challenges in our digital era: the rise of cyber repression. Even the New York Times is exploring challenging the First Amendment in the age of digital extremism, which suggests Trump’s ideas are not at all fringe.

While the actions of the Islamic State and other malicious actors online pose security problems, especially in their ability help recruit and promote offensive ideologies, the rush to react to this threat may harm civil liberties, or as Trump says “oh freedom of speech, freedom of speech.” The great hope of the Internet as a path to digital freedom has quickly given way to the reality of the structural control imposed by states on activists in cyberspace. The danger posed by digital threats is not severe enough to warrant a challenge the freedoms and liberties inherent in Western political ideologies.

There has been a precipitous rise in malicious hacking but it is not exhibited between states, rather it is from within them by governments seeking to maintain control over their populations. There is increasing utilization of cyber technology to silence dissent, often in direct contradiction with human rights law. The dramatic rise of digital control by the state is a development that has been relatively overlooked by both mainstream media and the United Nations compared to the concern exhibited for the as of yet mythical cyberwar.

The latest Citizen Lab report exposes the efforts of an espionage team named Packrat to silence dissent in Ecuador, Venezuela, and Argentina. The group used malware, phishing and disinformation, even going so far as to threaten an investigator looking into their activities. The scope, funding, and targets suggest this group is either directed or serves as a proxy for state interests.

The story of Hacking Team, which made headlines earlier this year, also illustrates the ability of governments to use malicious code to target activists. Based in Italy, Hacking Team is an information technology company that sells intrusion and surveillance capabilities to governments, law enforcement agencies, and corporations. While it claims to not sell to governments with poor human rights records, evidence from a counter hack points to the contrary. Hacking Team software was found on the office computers of Mamfakinch, an award-winning Moroccan news website that is critical of the Moroccan government. The Hacking Team’s products have also surfaced in Ethiopia, a country notorious for its repression and strict governmental control over all channels of communications, as well as in Sudan, Bahrain and Saudi Arabia.

Digital tools clearly have as much potential for harm as good because governments, with their many resources, can leverage these tools to suppress dissent as described. As well, the ability of social media to facilitate rapid organization or protest, or to share video or photo footage is tremendous but not foolproof. Governments have been known to respond to digitally organized protests with traditional weapons. For example, agents of the Thai government killed dozens of protesters after the Red Shirt uprising, which was coordinated largely via Twitter. There are similar examples from Iran and Belarus.

This kind of digital repression may not seem as dire, dramatic, or tragic as other crimes that occur regularly against civilians, but it does constitute a human rights violation. This is largely based in Article 19 of the International Convention on Civil and Political Rights guarantees the “freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.”

The question then is, what must be done to help activism flourish and protect civil liberties? The first step should be collect better data to obtain a realistic picture of how and when cyber repression happens. Valeriano and Maness catalog attacks between states but now the focus must shift towards collecting data on domestic attacks perpetrated by states and their proxies. Data collection should start with defining a list of actions that constitute cyber repression, the perpetrator, target, degree of severity, goal of operation, and method of attack. This goes beyond Freedom on the Net‘s ranking of countries based on Internet openness or the former OpenNet Initiative’s measuring of information controls, instead we must catalog specific abuses and methods. Once this information is collected, like any human rights abuse, action can be taken. Parties cannot be credibly named and shamed without evidence.

Repression by digital means deserves attention and action. Our future is not one of constant cyber war between countries, tracing dots as they bounce around the digital map between countries, but rather one of digital violence and repression directed at both internal and external enemies. To address digital repression, we first need better awareness of the extent of the problem, followed by actions seeking to end the harm. This is a call for a control over the digital arms of repressive regimes, and the need to construct a digital society that even Russia, China, and the United States could agree to.

This post appears courtesy of CFR.org.