A Cyber Security Strategy for Global Civil Society?

Last May I attended a talk by Ron Deibert, Director of Citizen Lab, part of the Munk School of Global Affairs, University of Toronto, at the annual Mesh Conference in Toronto. He talked about cyber crime having become one of the world’s largest growth sectors, with savvy young coders from poorer nations leading the way. Cyber crime, he explained, takes advantage of:

  • mobile networking and reliance on the web for our computing
  • lack of controls (i.e. regulation and legislation) internationally
  • proper security practices and policies not yet in place

Deibert has written a report for GISWatch (Global Information Society Watch) entitled Toward a Cyber Security Strategy for Global Civil Society? (December 2011) in which he explains the forces affecting cyberspace:

  • “The internet’s de facto and distributed regime of governance – largely informal and driven up to now by decisions of like-minded engineers – has come under massive stress as a function of the internet’s continuing rapid growth.”
  • “…there has been a vast growth in the developing world, as millions of new digital natives come online. With these new digital natives come new values and interests that in turn are affecting internet governance, as governments like China, Russia and India exercise their influence.”
  • Television, telephony and radio have been integrated into what we know as cyberspace to make one big communications system. “This paradigm shift has upset the principles, norms and rules of what used to be just the “internet”, with implications for freedom of speech and access to information.”
  • Transnational corporations are acting as gatekeepers. “Market considerations can easily outweigh privacy and other rights concerns, and have already made largely irrelevant so-called ‘end-to-end’ principles that once ensured network neutrality.”
  • “…the private sector is being pressured, compelled, and even incentivised to ‘police the internet’ by governments looking to download their growing cyberspace controls.” He points to the proposed “Omnibus Crime Bill” (Bill C-10, Safe Streets and Communities Act) in Canada as an example of a government requiring ISPs and telecommunications companies to “retain user data, process the data in ways that make it amenable to law enforcement and intelligence, and then share that data with law enforcement representatives – all without judicial oversight.”

He states that “the securitisation of cyberspace – a transformation of the domain into a matter of national security – is perhaps the most important factor shaping the global communications ecosystem today.” Cyberspace is now affecting national security, and has brought with it a whole new set of products, services and policy around cyber securitisation.

He says it is also affecting Internet censorship, and this will become an increasing threat to civic networks that are interested in open data. The threats are real, he insists, so if civic networks want to see their interests maintained on the Internet, they must get involved in helping to find “grassroots” solutions to the Internet’s security problems before governments dominate with their interests only:

Civic networks need to be at the forefront of security solutions that preserve cyberspace as an open commons of information, protect privacy by design, and shore up access to information and freedom of speech, while at the same time address the growing vulnerabilities that have produced a massive explosion in cyber crime and security breaches.

He states that civic networks–like large corporations–are transnational in scope, and are therefore well placed to bring public pressure to bear on the private sector. He also explains:

Part of the civic strategy must also include a serious engagement with law enforcement – another traditional anathema for civil society. Law enforcement agencies are often stigmatised as the Orwellian bogeymen of internet freedom (and in places like Belarus, Uzbekistan and Burma, they are), but the reality in the liberal democratic world is more complex. Many law enforcement agencies are overwhelmed with cyber crime, are understaffed, lack proper equipment and training, and have no incentives or structures to cooperate across borders. Instead of dealing with these shortcomings head on, politicians are opting for new “Patriot Act” powers that dilute civil liberties, place burdens on the private sector, and conjure up fears of a surveillance society. What law enforcement needs is not new powers, it needs new resources, capabilities, proper training and equipment. But alongside those new resources should be the highest standards of judicial oversight and public accountability. Civic networks can articulate the differences between powers and resources, and highlight the importance of public accountability to liberal democracy as an example to the rest of the world without alienating what could be an important natural ally.

I encourage you to read the full paper as this only gives a taste of Deibert’s full intention.

While this paper is a call to action to “civil networks” to step up to the plate, I wonder who these networks are specifically. Who will take up the call, who will lead the way? Other than the OpenNet initiative and the Electronic Frontier Foundation mentioned in the article, I don’t get a sense of exactly who is meant to carry this through. No doubt all of us as citizens, but I expect it will take a lot of coordination.

Photo credit: Binary Code 2 by Flaivoloka, from stock.xchng.



  1. David Collier-Brown

    In Canada, the current legislation is directed at user identification and surveillance, and completely misses the need for traffic analysis and notification mechanisms to deal with the criminal’s “bot-nets”. It’s best suited to winkling out deeply hidden spies, not dealing with cyber-criminals, which suggests that the government may also be lacking a cyber security strategy (;-))

    [The GTA Linux User Group (GTALUG) board is researching this, amid growing concern in the community.]

  2. Hi Dave: Thank you for pointing out the GTALUG. Not sure if I am surprised about our government’s lack of cyber security strategy. And things only look worse in the US with the lack of Internet knowledge of law makers.