Cybersecurity and Human Rights
What is Cybersecurity?
Cybersecurity has over 400 cybersecurity-related concepts that were catalogued by a variety of actors, including governments, businesses, international organizations, the technical community, and civil society. Cybersecurity threats affect the entire Internet ecosystem, including the physical infrastructure, software/hardware, and applications. It relates to the protection of information that we share and maintain online and in cyberspace, including communications, financial information, medical records, proprietary data, and more. Some of these threats have far more concerning impacts than shutting down a website or accessing data. It can have serious impacts on people's lives – from advocates, to journalists, to consumers.
Current debates around cybersecurity raise various issues, such as how to frame the policy discussion and how to differentiate it from cybersurveillance concerns. In order to create a balanced and constructive multistakeholder dialogue and action to deal with cybersecurity threats, there is an imperative need to ensure that human rights lie at the core of a balanced and comprehensive view of cybersecurity.
With this perspective in mind, Public Knowledge defines cybersecurity as the preservation – through policy, law, technology, best practices, cooperation, and education, both in the civilian and military fields – of the availability, confidentiality, and integrity of information and its underlying infrastructure, so as to preserve the security of networks and ultimately people both online as offline.
For a more detailed background and history, see our Cybersecurity and Human Rights Overview.
Impact of Cybersecurity on Human Rights
Cybersecurity laws and policies have a direct impact on human rights, particularly the right to privacy, freedom of expression, and the free flow of information. Policymakers have created several national policies with the intention of protecting the Internet and other information communication technologies (ICTs) systems against malicious actors. However, many of these policies are overly broad and ill-defined, and lack clear checks and balances or other democratic accountability mechanisms, which can lead to human rights abuses and can stifle innovation. For example, extreme cybersecurity laws can be used to censor dissidents, monitor communications, and criminalize online users for expressing their views.
Cybersecurity in the USA – Core Trends
According to the U.S. intelligence community’s 2015 “Worldwide Threat Assessment,” cyberthreats were listed as a top threat to U.S. national security. Over the years, Congress has introduced a number of cybersecurity bills, including the recent Cyber Intelligence Sharing and Protection Act (CISPA) and the Cybersecurity Information Sharing Act of 2015 (CISA), both of which have been strongly opposed by privacy advocates for promoting sweepingly broad authorizations to share user information between private companies and the U.S. government.
The debate around the use of encryption is another area of persistent struggle between
the preservation of human rights and the demand for greater security. Senior U.S. law enforcement officials, such as the director of the FBI, have called for “backdoors” and key escrow to circumvent encryption. In response, a group of security experts recently published a report arguing against encryption regulation, citing that it not only makes data more vulnerable to others, but that it can also harm innovation.
In 2015, the U.S. National Telecommunications and Information Administration’s Internet Policy Task Force sought comments from relevant U.S. agencies, as well as commercial, academic, and civil society sectors regarding cybersecurity topics that would benefit from a multistakeholder review and discussion. These submissions identified areas such as the importance of identifying security flaws and disclosing vulnerabilities, mitigating malware and botnet attacks, and the need to adopt standards around cybersecurity and the Internet of Things. Given the Internet’s borderless nature, these trends extend well beyond national dialogue and also serve as international concerns.
Cybersecurity Around the World – Core Trends
In 2014, the erosion of cybersecurity was identified as an emerging global trend. This can partially be attributed to the increase in data breaches and cyberattacks against companies, governments, and consumers, which have become much more sophisticated in recent years. Cyberattacks continue to be on the rise and it is estimated that they could potentially cost the global economy $3 trillion in productivity and growth by 2020 – a key area of concern for the digital economy.
Repressive laws, increased surveillance, and regulatory controls from governments such as China, Egypt, the United Kingdom, Canada, and France have also increased. Additionally, calls to ban security and anonymizing tools such as Tor have come from Russia, Pakistan, and Belarus. These varied policies and practices are changing the nature of the Internet and creating challenges regarding its technical and legal fragmentation.
Of particular note is the threat landscape in Latin America and the Caribbean, which is very different from other parts of the world. Online users’ lack of concern and awareness about the dangers of cybercrime and hacking has been feeding the high levels of cybercrime in the region. Efforts to address this problem from a governmental level are often restricted by a lack of resources to build capacity and a shortage of knowledge to implement cybersecurity policies.
In support of a governmental cybersecurity agenda and strategy development in Latin America, Public Knowledge is working with local civil society groups and experts for strategic development support, helping their coordination and local engagement in relevant local and global policy cybersecurity policymaking debates.
What is the Role of Civil Society?
While cybersecurity is not new, the issue has recently begun to dominate and drive Internet policy discussions. It is critical for civil society actors to deepen their knowledge and develop skills, including technical skills and understanding, to actively engage in policy discussions and measure appropriate responses. Civil society is uniquely positioned to advocate for cybersecurity policies based on a human rights approach and can play an important role by monitoring and documenting government and business practices, identifying knowledge gaps, and providing analysis to inform policies and relevant discussions.
In order to increase civil society’s engagement in shaping cybersecurity strategies and influencing regional and international norms, information sharing and collaboration with other stakeholders is key. Opportunities for collaboration and knowledge sharing can occur through international, multistakeholder fora, such as the Global Forum On Cyber Expertise that came out of the Global Cyber Space Conference, the Internet Governance Forum, the World Summit on Information Society, intergovernmental organizations such as the International Telecommunication Union, and technical groups like the Internet Engineering Task Force.
See here for a visualization of cybersecurity processes and events, which are necessary in order to help increase civil society’s participation in cybersecurity discussions.
What We Do
We are working to create an informed and collaborative community with the capacity to engage and influence cybersecurity debates, by supporting local engagement, conducting research, providing comprehensive analysis of governmental policies, and creating resources for the public. By developing knowledge and ultimately enhancing collaboration and dialogue between civil society and decision-makers, we aim to help create better and more effective cybersecurity policies that safeguard human rights.
As part of our Spanish-language online Open Internet Course, we have also developed educational resources on the connection between cybersecurity and human rights. As part of the preparations for the 2015 Global Conference on Cyberspace, we have developed the primer Cybersecurity and Human Rights Overview by Natalie Green and Carolina Rossini.
In collaboration with other civil society groups, and as part of a preparatory training program for the 2015 Global Conference on Cyberspace, an expert webinar series on cybersecurity and human rights to help maximize civil society’s engagement in broader cybersecurity policy debates and discussions was created. Here are the webinars:
- Webinar #1 – Human Rights and Cybersecurity presented by Tim Maurer, New America, Open Technology Institute
- Webinar #2 – The Technology Behind the Policy Debate presented by Niels ten Oever, Article 19
- Webinar #3 – Roles and Responsibilities presented by Myriam Dunn Cavelty, Center for Security Studies, ETH Zurich
- Webinar #4 – International Peace and Security presented by Vladimir Radunović, DiploFoundation
- Webinar #5 – Cybercrime presented by Tatiana Tropina, Max Planck Institute for Foreign and International Criminal Law (video unavailable), Powerpoint presentation | Summary
- Webinar #6 – Capacity-Building presented by Vladimir Radunović, DiploFoundation
- Webinar #7 – Privacy presented by Andrew Puddephatt, Global Partners Digital