Cybersecurity and Privacy Must Both Be Fundamental Rights
Marietje Schaake, President of the CyberPeace Institute and Philip Reitinger, President and CEO of the Global Cyber Alliance call for global cooperation to enhance internet security and privacy rights for everyone.
During the pandemic, hundreds of millions of people are working and learning from home to minimize spread of the coronavirus. Business owners and their employees, teachers and students, artists and audiences, all connect mostly online now. Whether by email, chat or video conferencing, more than ever the entire world depends on digital communications. While it is hard to imagine navigating lockdowns without access to the Internet, we must not be naïve about the side effects. The increased risk stemming from more hours spent online on additional devices and apps is inviting criminals and hostile states to take advantage, especially of vulnerable communities. Revamping the push for global privacy and security protections is now more urgent than ever.
Long before the pandemic, activists called attention to treating access to the Internet as a human right. Guaranteed access is increasingly important to meet the UN’s Sustainable Development Goals. Add to that the enjoyment of other human rights such as freedom of expression, access to information as well as free assembly: they all have growing online components. The UN General Assembly has passed resolutions to that effect for more than a decade. However, Internet access without security and privacy protections can undermine the Internet’s potential and do more harm than good. In 2016, the UN Human Rights Council urged all States to secure the Internet to protect human rights “…so that [the Internet] can continue to be a vibrant force that generates economic, social and cultural development.” Internet access must not only be available, but secure and private.
These days, billions of people are much more vulnerable by being online. Working and learning remotely means less effective protection and support.
Removed from security protocols and protected servers, and without support from professional network security experts, criminals and adversary states are smelling opportunities. This is illustrated by the number of reports received by the FBI’s Internet Crime Complaint Center, which grew three to four times in recent months. Worse yet, attackers have not spared hospitals and health facilities. Governments have declared that “cyber operations against healthcare facilities are unlawful and unacceptable ” with limited effect. Now it is time to act decisively, to improve resilience and accountability. Prevention is the best starting point, and that starts with significant improvements to privacy and security protections.
But instead cyber insecurity continues to grow as a result of systemic under-investment and mis-investment. As noted by the White House National Economic Council in 2018, “…weak cybersecurity carries a cost not only to the firm itself but also to the broader economy[.]” Similarly, the collective harms of failing to protect on an individual and national level is staggering. When one country or one company fails to ensure online security and privacy, the entire world becomes less secure and less free. Even though the G8 group of nations declared more than 20 years ago that “[t]here must be no safe havens for those who abuse information technologies,” the world has failed to achieve that goal.
Furthermore, weak global cybersecurity harms vulnerable populations most, as they lack the resources and expertise to implement preventive solutions.
In the developing world, Internet access and bandwidth are growing at a far greater pace than cybersecurity capability. Civil society organizations working to defend fundamental rights are particularly vulnerable to cyberattacks. Human rights organizations often hold sensitive data related to the communities they serve; a breach of the data can put lives directly at risk. As the recent experience of the humanitarian organization Roots of Peace powerfully illustrates, when human rights entities are attacked and suffer financial losses or a data breach, they often must divert scarce resources — meaning that they may be unable to provide critical services and protections as a result. Roots of Peace is like many entities that the CyberPeace Institute aims to assist in defending against and recovering from cyberattacks that ultimately harm most the vulnerable people they serve.
Nor can we stand still on privacy, although it is already considered a fundamental right. Privacy protections tend to focus on ensuring individual rights are respected. It is essential to keep improving existing safeguards, and to ensure laws are updated globally. Additionally, adding security requirements to the human rights agenda will go a long way towards both individual and societal resilience.
With skyrocketing dependence on the Internet and increased exposure to threats, we must address the systemic causes that affect most aspects of life and populations globally. Global cooperation is needed to deploy a more secure Internet, particularly in developing countries.
By enhancing Internet security as well as privacy rights for everyone, we can ensure all people can safely communicate and congregate digitally with greater confidence. Removing the economic and technical barriers by providing free, easy-to-use, and multilingual tools and services helps provide baseline cybersecurity and privacy by default. The best example may be “protective DNS” services like Quad9 that can provide enterprise-class cybersecurity protection to anyone while protecting privacy at the same time. Standards and regulations are then needed in many cases to raise the bar.
By identifying the most vulnerable people, businesses sectors, and geographies, and supporting those typically overlooked by for-profit organizations, we drive better protection using security approaches that work at the scale of the Internet, like free tools and secure configurations that are turned on by default. The coronavirus has shown that the failure to protect the most vulnerable populations, impacts wider communities. The same can be said for the lack of privacy and security protections of the Internet access we lean in. It is time to treat these related crises, with a strong global push, to ensure privacy and security are guaranteed for all.
Marietje Schaake is the President of the CyberPeace Institute and the International Policy Director at Stanford University’s Cyber Policy Center. She has served as a Member of the European Parliament where she focused on trade, foreign affairs, and technology policies (2009–2019).
Philip Reitinger is the President and CEO of the Global Cyber Alliance. He has held senior positions in the U.S. government and the private sector including at the Department of Homeland Security, Department of Defense, Department of Justice, Microsoft, and Sony.
The CyberPeace Institute is an independent, non-profit organization with the mission to enhance the stability of cyberspace. It does so by supporting vulnerable communities, analysing attacks collaboratively, and advancing responsible behaviour in cyberspace.
© Copyright: The CyberPeace Institute