Marietje Schaake, a member of the European Parliament often credited as one of the most tech savvy (and, yes, a regular Techdirt reader
) has penned an excellent article, In defense of digital freedom
. It's well worth a read, even if it covers many things that regular readers of the site will be familiar with. The key point it makes, however, is that we shouldn't be frightened by all the "cyberwar" FUD out there, which is designed to get us to give up our ideals on internet freedom. It discusses how much hype there is around "cyber" everything, nearly all of it trying to scare people. She admits that there are real threats, but those driving the discussion seem to have little interest in parsing them out from the hype and bluster. She notes that, in this rush for new laws, we seem to ignore that existing infrastructure can actually handle most of the actual problems.
The good news is that we don’t need ‘cyber democracy’ to guarantee ‘cyber security’. In most cases the foundations for resilience are already in our existing laws and regulations. Technologies are an essential part of our daily lives, businesses, education, cultural experiences and political engagement. As a result, resilience and defense need to be integrated and mainstreamed to strengthen both freedom and security.
[....] To prevent fear, hype and incident-driven policies and practices, knowledge, transparency and accountability are needed. Let us not make ‘cyber’ into something completely different, alien or spacy. But rather, let us focus on integrating technological developments in a way that allows us to preserve core (constitutional) principles, democratic oversight, and digital freedoms as essentials in our open societies.
She also notes that much of the hype may be driven by companies and politicians who benefit from such hype, driving new business to companies and passing new laws that give politicians more power. But, she notes, if we make policy based on those two drivers, internet freedom will certainly be put at risk. The unintended consequences are pretty clear:
US government has stated that American made, lawful intercept technologies, have come back as a boomerang when they were used against US interests by actors in third countries.
Other companies, such as Area Spa from Italy designed a monitoring centre, and had people on the ground in Syria helping the Assad government succeed in anti-democratic or even criminal behaviour by helping the crackdown against peaceful dissidents and demonstrators.
One key point she makes is that we need to have a fact-based, careful look at the issues, in which we avoid conflating very, very different things (i.e., random hacking with "war").
To avoid a slippery slope, clear distinctions between various crimes and threats are needed. Economic damage as a result of criminal activity should render a different response than a state-led attack posing national security threats. Yet, at the moment, at least in the public debate, the distinction between various cyber threats is very unclear. Uncertainly can make people feel vulnerable, while it is internet users and citizens that need to be informed and empowered. We need to build resilient and educated societies instead of installing fear.
States also need to prioritise in their partnerships, and look for consistency of actions by different government departments. Recently, the United States chose to sign a bilateral agreement with Russia on combatting Intellectual Property Rights infringements. The agreed cooperation seems in direct contradiction with objectives of the State Department in the field of internet freedom. In Russia, a newly adopted law gives the state the authority to use Deep Packet Inspections in internet traffic.
There's a lot
more in the piece as well, and I think many of our readers will find it quite interesting. It's always nice to know that there are some elected officials in the world are trying to base key policy decisions, including those around internet freedom, on reality rather than fear and hype.