The Authoritarian Surge into Cyberspace
July 14, 2015 | by Dean Jackson
In the early days of the Internet, it was difficult to imagine how authoritarian regimes could cope with such a powerful source of open information. Today, it is clear that this was a failure of the imagination. Every year since its first edition in 2011, Freedom House’s Freedom on the Net has observed declining Internet freedom, even as Internet penetration continues to expand in many authoritarian countries. Authoritarianism is alive, well, and increasingly active online.
Deibert draws on Citizen Lab analysis describing how authoritarian regimes restrict access to online information through technological, legal, and extralegal techniques. Deibert sorts these methods into three “generations” of information controls: the first generation consists of “defensive” techniques (like Internet filtering), the second includes legal measures extending information controls to the private sector, and the third uses “offensive” techniques (such as targeted cyberattacks on civil society).
Deibert notes that the first two generations are gaining wider acceptance in the international community, in part because they imitate state activities undertaken in the democratic world. Mass surveillance and Internet filtering, for example, are used by both democratic and authoritarian governments to prevent terror attacks and restrict access to pornography. However, in the absence of democratic accountability, such capabilities are often misused to suppress independent voices.
Deibert also suggests adding a fourth generation of information controls to the existing three: the growing influence of authoritarian regimes in Internet governance forums such as the International Telecommunications Union and the United Nations. Concerns about this “fourth generation” have been making headlines, especially since the U.S. government’s announcement that it plans to end its contract with the Internet Corporation for Assigned Names and Numbers (ICANN) and transfer oversight responsibilities to the international community prompted fears that authoritarian governments would gain undue influence over the “Internet’s address book.”
Despite concern over authoritarian efforts at the international level, Deibert warns that an underappreciated threat to Internet freedom comes from regional initiatives which are far less transparent and receive much less attention. For example, authoritarian regimes in the Shanghai Cooperation Organization, the Collective Security Treaty Organization, and the Gulf Cooperation Council have implemented agreements allowing for digital surveillance of civil society activists and extraterritorial arrest of political dissidents for their online activities. These violations of user rights are now facts-on-the-ground. Failure to challenge the legitimacy of these practices risks allowing them to become normalized as they spread from region to region.
This still leaves open the question of what is driving authoritarian innovation in cyberspace. Deibert identifies increased government emphasis on cybersecurity as one driver: cybercrime and terrorism are serious concerns, and governments have a legitimate interest in combatting them. Unfortunately, when democratic governments use mass surveillance and other tools to police cyberspace, it can have the effect of providing cover for authoritarian regimes to use similar techniques for repressive purposes—especially, as Deibert notes, since former NSA contractor Edward Snowden’s disclosure of US mass surveillance programs.
Second, Deibert observes that authoritarian demand for cybersecurity technology is often met by private firms based in the democratic world—a group that Reporters Without Borders (RSF) calls the “Corporate Enemies of the Internet.” Hacking Team, an Italian firm mentioned in the RSF report, is just one example: The Guardian reports that leaked internal documents suggest Hacking Team’s clients include the governments of “Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia, and the United Arab Emirates.” Deibert writes that “in a world where ‘Big Brother’ and ‘Big Data’ share so many of the same needs, the political economy of cybersecurity must be singled out as a major driver of resurgent authoritarianism in cyberspace.”
Given these powerful forces, it will be difficult to reverse the authoritarian surge in cyberspace. Deibert offers some possible solutions: for starters, he writes that the “political economy of cybersecurity” can be altered through stronger export controls, “smart sanctions,” and a monitoring system to detect abuses. Further, he recommends that cybersecurity trade fairs open their doors to civil society watchdogs who can help hold governments and the private sector accountable.
Similarly, Deibert suggests that opening regional cybersecurity initiatives to civil society participation could mitigate violations of user rights. This might seem unlikely to occur within some authoritarian-led intergovernmental organizations, but setting a normative expectation of civil society participation might help discredit the efforts of bad actors.
Deibert concludes with a final recommendation that society develop “models of cyberspace security that can show us how to prevent disruptions or threats to life and property without sacrificing liberties and rights.” This might restore democratic states to the moral high ground and remove oppressive regimes’ rhetorical cover, but developing such models will require confronting powerful vested interests and seriously examining the tradeoff between cybersecurity and Internet freedom. Doing so would be worth it: the Internet is far too important to cede to authoritarian control.