Inside the US-Anglo-French plan to civilize the Internet

Inside the US-Anglo-French plan to civilize the Internet

Get ready for international Internet regulation; top leaders from the US, UK, and France are making increasingly public statements about their plans to draft new rules that will make the ‘Net more secure and will crack down on copyright infringers. 

In a speech back on February 4, UK Foreign Secretary William Hague sounded a dire warning about the state of the ‘Net.

The intelligence reports I see as Foreign Secretary show that just one criminal computer programme can harvest over thirty gigabytes of stolen passwords and credit card details from over a hundred countries in a matter of days, causing millions of pounds worth of fraud…

Last year the national security interests of the UK were targeted in a deliberate attack on our defence industry. A malicious file posing as a report on a nuclear Trident missile was sent to a defence contractor by someone masquerading as an employee of another defence contractor. Good protective security meant that the email was detected and blocked, but its purpose was undoubtedly to steal information relating to our most sensitive defence projects.

And last month three of my staff were sent an e-mail, apparently from a British colleague outside the FCO, working on their region. The e-mail claimed to be about a forthcoming visit to the region and looked quite innocent. In fact it was from a hostile state intelligence agency and contained computer code embedded in the attached document that would have attacked their machine. Luckily, our systems identified it and stopped it from ever reaching my staff.

William Hague

The Wild West might make a romanticized setting for films, but when you’re on the receiving end of chaotic violence, you start longing for some law and order pretty quick. In his speech, Hague pledged that law and order was coming in the form of an “international agreement about norms in cyberspace.”

Such discussions have been ongoing for years, but in dilatory and fragmented fashion. Hague now wants to formalize and accelerate the discussions—”we need to get the ball rolling faster!”

To do that, the UK government launched a major international conference, unfortunately dubbed the “London International Cyber Conference,” to gather this November.

The goal is nothing less than “to discuss norms of acceptable behaviour in cyber-space” and “bringing countries together to explore mechanisms for giving such standards real political and diplomatic weight.”

The UK wants to begin the discussion with seven principles that will serve as the basis for these new international rules:

  • The need for governments to act proportionately in cyberspace and in accordance with national and international law
  • The need for everyone to have the ability—in terms of skills, technology, confidence and opportunity—to access cyberspace
  • The need for users of cyberspace to show tolerance and respect for diversity of language, culture and ideas
  • Ensuring that cyberspace remains open to innovation and the free flow of ideas, information, and expression
  • The need to respect individual rights of privacy and to provide proper protection to intellectual property
  • The need for us all to work collectively to tackle the threat from criminals acting online
  • The promotion of a competitive environment which ensures a fair return on investment in network, services, and content

And they have already found willing partners in both France and the United States.

Let’s get civilized

On May 25, as President Obama wrapped up a UK visit with Prime Minister David Cameron, the two issued a joint statement on the Internet calling for “rules of the road” in cyberspace. Both singled out the London International Cyber Conference as a key event at which “consensus” would be sought on such rules.

Both sides are deadly serious about policing the Internet. In October 2010, the UK issued the most recent draft of its National Security Strategy (PDF)—and “cyber attack” was the second most pressing security risk faced by the country after terrorism.

In May 2011, the US issued a cybersecurity policy document of its own which threatened even military retaliation. “When warranted, the United States will respond to hostile acts in cyberspace as we would any other threat to our country,” said the document.

This is music to the ears of French President Nicolas Sarkozy, who for years has called for a “civilized Internet.” Sarkozy had a world platform for his ideas when he pushed the creation of the e-G8 conference last month in Paris, which took place just before a major G8 summit in the French resort of Deauville.

In his e-G8 keynote, Sarkozy made clear that law and order and control would be coming to the Internet. “The universe that you represent is not a parallel universe which is free of rules of law or ethics or of any of the fundamental principles that must govern and do govern the social lives of our democratic states,” he told the techies in the audience. “[I am] calling for collective responsibility… What I am calling for is for everyone to be reasonable.”

(“Reasonable” in this case apparently means accepting the controversial French principle that people should have their Internet connection disrupted after three copyright violations using their account. This is not, it must be said, a universally shared view; a UN report just blasted the French approach.)

By the end of the week, the G8 countries had wrapped up their own separate event and issued a final statement concerning, in large part, the Internet.

The Internet is not some distinct sphere of action, said the statement, but just another part of the normal world of laws and regulations which demands that you wear a helmet when on a motorcycle. As such, the ‘Net must be “included in a broader framework: that of respect for the rule of law, human rights and fundamental freedoms, the protection of intellectual property rights, which inspire life in every democratic society for the benefit of all citizens… Both the framework and principles must receive the same protection, with the same guarantees, on the Internet as everywhere else.”

To make this happen, “action from all governments is needed through national policies, but also through the promotion of international cooperation,” especially when it comes to intellectual property.

That government action, the statement concluded, would begin at events over the next six months—including at the London International Cyber Conference.

The dreaded car analogy

Because the topic at issue here involves the Internet, Anderson’s (eponymous) Law applies, which holds that as the debate reaches increasing levels of public prominence, car analogies will flourish correspondingly. The fondness for such analogies goes way back to the hoary “information superhighway” trope of yore, but it pops up again every time some new Internet governance issue emerges into the public view (see: network neutrality).

When it comes to the renewed push for international ‘Net norms, car analogies must therefore be expected—and the Obama/Cameron call for “rules of the road” duly delivered. But it took Francis Maude, UK Minister for the Cabinet Office and Cyber Security, to upgrade this Reliant Robin of an analogy to a hulking black Range Rover in a June 1 speech.

A century ago, the invention of the motorcar spawned an age of mass travel—of freedom to explore, investigate, widen horizons and become intimate not just with one’s immediate locality, but with a whole world beyond. It transformed everything about our society, overwhelmingly for the better. It also, of course, brought road accidents, and to reduce them, a whole panoply of new rules and regulations. The superhighways of the Internet are similarly transformative for the good, but similarly need their speed cameras and crash barriers—not so as to stop people travelling, but to allow them to do so safely…

As for the early motorists, there’s still a long, long way to go, and all we can say for sure about the journey is that we will get to places that today we can’t even imagine. For that to happen, though, the highway needs rules and policing, not so as to restrict its use, but so as to keep it safe, reliable and open for all.

And he’s right. The tech community generally has a suspicion of technical law and regulation, but the near-Hobbesian nature of the current Internet cries out for more security and stability. 

The challenge, of course, is to regulate and legislate sensibly, proportionally, and in full public view. The danger is that governments, the defense/attack industry that feeds off them, and major corporations will instead gather in the corner to do the important talking about road rules, only to emerge with security regulations that look too much like surveillance, Internet censorship that threatens speech, and IP laws that put the Internet in a vice.

Auto accident

The “reasonable” “rules of the road” sought by US, UK, and French governments aren’t universally admired. Resistance will arise from countries which benefit from the current situation, especially when it comes to IP, where developed countries are huge exporters of content to the rest of the world.

Countries like Russia have little economic incentive to crack down hard on IP issues, unless it’s from threats such as not being allowed into the World Trade Organization (a threat that convinced Russia to break up a few years back).

Though enraging to copyright holders, such resistance to IP enforcement has always been a function of net IP importers; the US allowed wholesale reproduction of copyrighted British books for more than a century, which used to outrage writers like Charles Dickens. As law professor John Tehranian notes in his recent book Infringement Nation, “many of the same industries that now lobby heavily for strong intellectual property rights established themselves precisely because of their flagrant, unauthorized exploitation of the intellectual property of others.” Once such industries became established, of course, they lobbied hard for tough IP enforcement.

It’s therefore no surprise to see people like Russian President Dmitry Medvedev trolling his fellow world leaders after the G8 with comments like these, reported by Hong Kong’s International Business Times: “The [G8] declaration reflects an absolutely conservative position that intellectual property rights should be protected according to the existing conventions. No one questions that, but I have repeatedly stated that, unfortunately, those conventions were written 50 or almost 100 years ago, and they are unable to regulate the whole complex of relations between the copyright owner and users…. My colleagues have a more conservative opinion than is necessary at the moment. Or maybe they just don’t use the Internet and have little understanding of it.”

So what happens when the nations backing more Internet rules of the road find only limited international agreement? One solution is simply to forge a “coalition of the willing” and put up virtual fences around the countries willing to comply, blocking access to material that exists in the primeval chaos of, say, the Russian Internet.

Papers, please

This is the idea behind the PROTECT IP Act currently moving through the US Congress. It provides a way to block access to foreign sites that can’t easily be reached by the long arm of the law, often because they exist in countries where such services are legal or simply ignored.

The EU has considered something similar, putting up a “virtual Schengen border” (Schengen borders refer to EU country border crossings that are passport-controlled; once inside such a border crossing, wide freedom of movement is possible across EU countries without further passport checks).

A May presentation (PDF) to the EU on a “Single Secure European Cyberspace” (the presenter won’t even identify himself out of “privacy” concerns) talks about making ISPs into the “virtual ‘border crossing points’ at the EU’s computer technology and Internet ‘borders.'” The system would allow for both mandatory and “voluntary” blocks of websites; it’s explicitly targeted at child sex abuse, but such claims are often deployed by those actually intent on using such systems in other ways but lacking the courage to propose the full scope of their request outright.

A slide on Internet blocking in Europe

In this case, the end of the presentation actually admits that this is “only a first step” and that in the future, “it is possible to broaden the cooperation of the blocking process by involving other types of crimes (e.g. counterfeit medicines on the Internet).”

It’s presentations like this that led Chris Marsden, a University of Essex don, to write recently, “Expect the November London conference—which has no public website, naturally, as civil society will be vetted—to produce real web filtering proposals.”

Digital rights group EDRI is also worried. “With EU-level proposals and discussions on Internet blocking in the context of child abuse, gambling, copyright and now counterfeit medicines, it is far from surprising that the Council of Ministers is now discussing a harmonised ‘great Firewall of Europe’ for the ever-growing list of content that they wish to restrict access to,” it said in a statement.

Scrutiny and public involvement are badly needed over the next year, but so is level-headed thought; the temptation to fear-monger and demagogue—both by pro-regulation cyberwarfare types and antiregulation “hands off the ‘Net!” activists—can be powerful. Road rules can save lives; they just need to be crafted with wisdom, a strong appreciation for the often-fruitful chaos of the Internet, and a dose of humility.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: