Balancing National Security Concerns and Freedom on the Internet

Introduction:

Internet governance continues to be a contentious issue in the contemporary world. The primary challenge with enforcing any law or regulation on the internet comes from it being completely virtual and because there are no borders like we have in the physical world. But almost all major incidents in this ‘cyberspace’ have almost always had real-world repercussions. Because of this, the internet remains without any kind of content moderation, which is not ideal and can have major consequences. Therefore, internet governance continues to be more important than ever with each passing day.

Estonian Cyber Attacks:

Take the case of what happened in Estonia in 2007 with the Bronze Soldier statue. For Russian speakers in Estonia, it represented the USSR’s victory over Nazism. However, the ethnic Estonians perceived the statue to be an unwelcome reminder of Soviet oppression. The Estonian government decided to move the statue from the city center to the outskirts, which did not sit well with Russians everywhere.The state witnessed rioting for two consecutive nights. In response to the statue’s removal, Estonia became the victim to a major cyber attack on the 27th of April which ended up crippling banks, media and government services.

This proved to be a watershed moment for Estonia as they understood just how malicious and crippling a cyber attack can be. What makes the situation worse when dealing with such attacks is that it is not easy to identify the attacker as you would in traditional methods of warfare. It was fairly obvious that the attacks were of Russian origins, seeing how the movement of the statue could potentially trigger such a response from them. A large number of the attacks were traced back to Internet Protocol addresses in Russia, along with many online forums containing instructions in Russia for launching the attack. However, Moscow continues to deny that they participated. The incident proved to be a crucial moment for Estonia and other nations, underscoring the importance of cybersecurity and the need to build stronger network infrastructure. Following the attack, NATO and EU member countries started to create courses of action in the case of a cyber breach and even deemed appropriate punishments for states that indulge in cyber warfare. This is just one instance of many cyber attacks in recent years.

Chinese Cyber Policy:

Another interesting case study when it comes to the realm of governance in cyberspace is China. Unlike other nations who realized the dangers of virtual warfare too late, China has taken a very aggressive approach to securing their network, which bears a resemblance to their foreign policy. In fact, their approach moves away from just securing the internet and instead focuses on the concept of ‘cyber sovereignty.’ China also houses the world's largest online population, with over 1.5 billion users, so it becomes imperative that some form of regulation is implemented. Their approach is also a result of wanting to counter Western influence in cyberspace and be more independent. With most key players such as Google, Apple and Microsoft all being of American origins, it becomes clear why China has such a comprehensive cyber policy. The Great Firewall in China acts to block certain IP addresses and websites starting from the 90’s. In addition to extreme filtering, they also only allow government-approved VPNs to function in the state, which users usually rely on to access banned content.

Apple takes a stand against the American Government:

China’s cyber policy stands apart from that of the Western bloc which has a relatively unregulated approach to cyberspace. Although, the lack of an overly comprehensive policy does not necessarily mean that the government has no legal say in the virtual realm. For instance, in 2016, the US magistrate ordered Apple to create software that would allow them to access the iPhone of a suspect in the December 2015 San Bernardino shooting. Apple CEO Tim Cook refused the government’s demand to create an iPhone “backdoor,” citing privacy risks for users. This incident shows how a country that supposedly wants an unregulated cyberspace did not hesitate to abuse power to potentially create a dangerous piece of software. The creation of such software would ironically be equivalent to following in the footsteps of China’s authoritarian internet regime.

What is the right approach?

So far, we have looked at the cyber attacks in Estonia, China’s harsh cyber policy and the FBI’s attempts to break into an iPhone. It becomes clear that there is a lack of clarity about the stance that governments and other stakeholders want to take on regulating activities in the virtual realm. On one hand, we can see countries block websites, monitor the flow of data, and give out harsh punishments for anything that they deem unideal in their cyberspace. At the same time, others support the idea of an open internet until a major incident occurs. How can we control threats while ensuring user safety? There seems to be an overwhelming leaning toward having a multistakeholder approach when it comes to Internet governance.

This approach initially came about as a legacy of the internet from its initial phases of development. Since the internet used to be something that was relatively unregulated, a multistakeholder approach seems to be the ideal way to regulate the larger cyberspace. But the fundamental problem with this mode of governance is that there can be too many stakeholders (private and government) with different priorities. This can lead to a lot of confusion and perhaps even make simple problems complex to solve. For example, a lot of companies continued to use Windows XP, even after its support ended in 2014. This led to a lot of computers being left vulnerable to WannaCry attacks in 2017, when the solution was to just update the software on time. Another thing we need to account for is that cyberspace evolves much faster than legislation, which is why we need a proactive approach to its regulation. Therefore, the most ideal way is to modify the multistakeholder approach.

The Estonian cyber attacks highlight the importance of having proper cybersecurity measures, while China showcases the effectiveness of having comprehensive cyber policies. The American case is an example of how we also need to protect individual rights in cyberspace incidents. An effective mode of governance would be to empower governments to have more power while also ensuring transparency and accountability to avoid any notion of authoritarianism in regulating cyberspace.