How to resist authoritarian regimes on the Internet
Disconnected? Woman at a Beijing Internet cafe, July 2011
Im Chi Yin / The New York Times / Redux
Hmm, still have to precede the "note of the translator." The found text seemed to me curious and debatable. The only edits in the text are bolds. I allowed myself to express my personal attitude in tags.
The era of the Internet was full of high hopes. The authoritarian regimes that have faced the choice of whether to become part of the new global communications system or stay overboard will choose to connect to it. Arguing further with pink glasses: the streams of new information and ideas from the “outside world” will inevitably push development towards economic openness and political liberalization. In fact, something completely opposite happened. Instead of spreading democratic values and liberal ideals, the Internet has become the basis of espionage of authoritarian states around the world. Modes in China, Russia, etc. used the infrastructure of the Internet to build their own national networks. At the same time, they erected technical and legislative barriers to be able to restrict their citizens' access to certain resources and to impede the access of Western companies to their digital markets.
But despite the fact that Washington and Brussels are lamenting for plans to split the Internet, the last thing Beijing and Moscow want is to be on their own networks and cut off from the global Internet. After all, they need access to the Internet to steal intellectual property, spread propaganda, interfere with elections in other countries and be able to threaten critical infrastructure in competing countries. China and Russia ideally would like to create the Internet anew - according to its own patterns and make the world play by their repressive rules. But they could not do this - instead, they intensified their efforts to tightly control external access to their markets, limit the ability of their citizens to access the Internet and exploit vulnerabilities that inevitably result from digital freedom and Western openness.
The United States, its allies and partners should stop worrying about the risk of authoritarian regimes splitting the Internet. Instead, they should separate it themselves , creating a digital unit within which information, services and products can move freely, excluding countries that do not respect freedom of expression or privacy, are engaged in subversive activities or provide safe havens for cybercriminals. In such a system, countries that adopt the concept of a truly free and reliable Internet will support and expand the benefits of connectivity, and countries opposed to this concept will not be able to harm it. The goal should be a digital version of the Schengen Agreement , which protects the free movement of people, goods and services in Europe. 26 Schengen countries adhere to such a set of rules and compliance mechanisms; uninsulated countries.
Such arrangements are necessary to maintain a free and open Internet. Washington needs to form a coalition that brings together Internet users, companies and countries around democratic values, respect for the rule of law and fair digital trade: The Free Internet League . Instead of allowing states that do not share these values to have unhindered access to the Internet and Western digital markets and technology, the US-led coalition should establish the conditions under which non-members can stay connected and establish barriers that limit the valuable data that they can get, and the harm they can do. The league will not raise the digital iron curtain; at least at the initial stage, most of the Internet traffic will continue to be transferred between its participants and “outside”, and the league will primarily block companies and organizations that contribute to cybercrime and contribute to it, and not entire countries. Governments that mainly accept the ideas of an open, tolerant, and democratic Internet will have an incentive to improve their enforcement efforts to join the league and provide reliable communications for their companies and citizens. Of course, authoritarian regimes in China, Russia, and other countries are likely to continue to reject this vision. Instead of asking and pleading with such governments to act well, the United States and its allies must now establish the law: follow the rules or be cut off.
The End to Dreams of an Internet Without Borders
When the Obama administration launched its International Cyberspace Strategy in 2011, it introduced the global Internet, which will be “open, interoperable, secure, and reliable.” At the same time, China and Russia insisted on applying their own rules on the Internet. Beijing, for example, wanted any criticism of the Chinese government that was illegal within China to be banned on US websites. Moscow, for its part, was dodgingly searching for the equivalent of arms control treaties in cyberspace while building up its own offensive cyber attacks. In the long run, China and Russia would still like to influence the global Internet. But they see great value in creating their closed networks and using the openness of the West for their own benefit.
Obama’s strategy warned that “an alternative to global openness and interoperability is the fragmented Internet, where a significant portion of the world's population will be denied access to complex applications and valuable content due to the political interests of several countries.” Despite Washington’s efforts to prevent this result, this is exactly what we have come to now. And the Trump administration has done very little to change US strategy. President Donald Trump's national cyber strategy, released in September 2018, calls for an “open, interoperable, reliable and secure Internet,” thereby repeating the mantra of President Barack Obama’s strategy, occasionally swapping the words “safe” and “reliable.”
Trump's strategy is based on the need to expand the freedom of the Internet, which it defines as “the exercise of human rights and fundamental freedoms on the Internet, such as freedom of expression, association, peaceful assembly, religion or belief, and the right to privacy on the Internet.” Although this is a worthy goal, it ignores the reality that in many countries where citizens do not use these rights “offline”, and especially on the Internet, the Internet is no longer a safe haven, but rather a tool of repression. Regimes in China and other countries use artificial intelligence to help them better monitor their people and learn how to connect video surveillance cameras, financial transactions and transportation systems to create huge databases with information about the activities of individual citizens. The Chinese army of Internet censors, numbering two million people, is training to collect data for inclusion in the planned system of counting "social loans" , which will allow you to evaluate each resident of China and assign rewards and penalties for actions committed both on the Internet and offline. The so-called Great Firewall of China, which prohibits people in the country from accessing online materials that the Chinese Communist Party considers inappropriate, has become a model for other authoritarian regimes. According to Freedom House, Chinese officials have conducted training in developing Internet surveillance systems with colleagues in 36 countries. In 18 countries, China has helped build such networks.
Near the Beijing Beijing office the day after the announcement of the company's plans to leave the Chinese market, January 2010
Gilles Sabrie / The New York Tim es / Redux
Using “numbers” as a lever
How can the United States and its allies limit the damage that authoritarian regimes can do to the Internet, and also prevent these regimes from using the Internet to suppress dissent? There were proposals to instruct the World Trade Organization or the UN to establish clear rules to ensure the free flow of information and data. But any such plan would be stillborn, since in order to obtain approval it would have to enlist the support of those very countries whose malicious activity it had set its sights on. Only by creating a block of countries within which data can be transmitted, and by denying access to other states, can Western countries gain any leverage to change the behavior of the “bad” Internet.
The Schengen zone of Europe offers a real model in which people and goods move freely, without passing through customs and immigration control. As soon as a person enters the zone through the border post of one country, he or she can gain access to any other country without having to go through other customs or immigration checks. (There are some exceptions, and a number of countries have introduced limited border checks after the migrant crisis in 2015.) The zone creation agreement became part of EU legislation in 1999; in the end, non-EU states of Iceland, Liechtenstein, Norway and Switzerland also joined. The agreement excluded Ireland and the UK at their request.
Joining the Schengen area is associated with three requirements that can serve as a model for a digital agreement. First, member states must issue single visas and ensure reliable security at their external borders. Secondly, they must show that they are able to coordinate with law enforcement agencies in other member countries. And thirdly, they should use a common system to track the entrances and exits to the zone. The agreement establishes rules governing cross-border surveillance and the conditions under which authorities can prosecute suspects in hot pursuit across borders. It also allows extradition of criminal suspects between Member States.
The agreement creates clear incentives for collaboration and openness. Any European country that wants its citizens to have the right to travel, work or live anywhere in the EU must bring its border control into line with Schengen standards. Four EU members - Bulgaria, Croatia, Cyprus and Romania - were not allowed into the Schengen area, partly because they did not meet these standards. Bulgaria and Romania, however, are in the process of improving border controls so that they can join. In other words, incentives work.
But such incentives are absent in all attempts to unite the international community to combat cybercrime, economic espionage and other problems of the digital age. The most successful of these efforts, the Council of Europe Convention on Cybercrime (also known as the Budapest Convention), defines all reasonable actions that states must take to combat cybercrime. It provides model laws, improved coordination mechanisms and simplified extradition procedures. Sixty-one countries have ratified the treaty. However, it is difficult to find advocates for the Budapest Convention because it did not work: it does not provide any real benefits for accession or any real consequences for the failure to fulfill the obligations it creates.
For the Free Internet League to work, this trap must be avoided. The most effective way to bring countries into line with league requirements is to threaten them with refusing products and services from companies such as Amazon, Facebook, Google and Microsoft, and block their companies from accessing the wallets of hundreds of millions of consumers in the US and Europe. The League will not block all traffic from non-participants - just like the Schengen zone does not block all goods and services from non-members. On the one hand, the ability to intelligently filter out all malicious traffic at the national level is not available to technology today. Moreover, this will require governments to be able to decrypt traffic, which will do more harm to security than help it and violate privacy and civil liberties. But the league will ban products and services from companies and organizations that are known to contribute to cybercrime in non-member countries, and also block traffic from violating the rules of Internet service providers in non-member states.
For example, imagine if Ukraine, a well-known safe haven for cybercriminals, were threatened with blocking access to services that its citizens, companies and the government are used to, and on which its technological development can largely depend. The Ukrainian government will face a strong incentive to finally toughly confront the cybercrime world that has developed within the borders of the country. Such measures are useless against China and Russia: in the end, the Chinese Communist Party and the Kremlin have already done everything possible to cut off their citizens from the global Internet. However, the goal of the Free Internet League is not to change the behavior of such “ideological” attackers, but to reduce the harm they cause and encourage countries such as Ukraine, Brazil, India to succeed in the fight against cybercrime.
Keeping the freedom of the Internet
The fundamental principle of the league will be to maintain freedom of speech on the Internet. Members, however, will be allowed to make exceptions on a case-by-case basis. For example, although the United States will not be forced to accept EU restrictions on freedom of speech, US companies will need to make reasonable efforts not to sell or display banned content to Internet users in Europe. This approach will largely consolidate the status quo. But it would also oblige Western countries to more formally fulfill the task of restricting states such as China from realizing the Orwellian vision of “information security,” insisting that certain forms of expression pose a threat to national security for them. For example, Beijing regularly sends requests to other governments to remove content hosted on servers on their territory that criticizes the Chinese regime or that discusses groups prohibited by the regime in China, such as Falun Gong. The United States rejects such requests, but others may be tempted to succumb, especially after China retaliated against US rejection by launching cyber attacks on material sources. The Internet Freedom League will provide an incentive for other countries to deny such demands from China: this will be contrary to the rules, and other member countries will help protect them from any retaliation.
The League will need a mechanism for monitoring its members' compliance with their rules. An effective tool for this can be the maintenance and publication of performance indicators for each participant. But a model for a more rigorous assessment can be found in the Financial Action Task Force, an anti-money laundering organization created by G-7 and the European Commission in 1989 and funded by its members. The 37 FATF member countries account for the majority of financial transactions in the world. Participants agree to adopt dozens of policies, including those that criminalize money laundering and terrorist financing, and require banks to conduct due diligence on their customers. Instead of hard central monitoring, the FATF uses a system by which each member in turn analyzes the efforts of the other and makes recommendations. Countries that do not comply with the required policies are placed on the so-called FATF “gray list”, which requires a more thorough study. Criminals can be blacklisted, requiring banks to start detailed checks that can slow down or even stop many transactions.
How can the Free Internet League prevent malicious activity in its member states? Again, there is a model of the international public health system. The League will create and fund an institution similar to the World Health Organization, which will identify vulnerable online systems, notify the owners of these systems and work to strengthen them (similar to the WHO global vaccination campaigns); detect and respond to emerging malware and botnets before they can cause extensive damage (equivalent to monitoring outbreaks of disease); and take responsibility for the response if prevention fails (equivalent to WHO response to pandemics). League members would also agree to refrain from conducting offensive cyber attacks against each other in peacetime. Such a promise, of course, will not prevent the United States or its allies from launching cyber attacks against rivals who will almost certainly remain outside the league, such as Iran.
Building barriers
The creation of a Free Internet League would require a fundamental change in thinking. The idea that connecting to the Internet ultimately transforms authoritarian regimes is a good wish. But this is not so, this will not happen. Unwillingness to accept this reality is the biggest obstacle to an alternative approach. However, over time it will become clear that the technological utopianism of the era of the emergence of the Internet is inappropriate in the modern world.
Western technology companies are likely to oppose the creation of the Free Internet League, as they work to appease China and gain access to the Chinese market because their supply chains are largely dependent on Chinese manufacturers. However, the costs of such firms will be partially offset by the fact that by cutting off China, the league will effectively protect them from competition on its part.
The Free Internet League, modeled on the Schengen zone, is the only way to secure the Internet from threats posed by authoritarian states and other "bad guys." Such a system will obviously be less global than the modern free Internet. But only by increasing the cost of malicious behavior, the United States and its friends can hope to reduce the danger of cybercrime and limit the damage that regimes such as in Beijing and Moscow can do to the Internet.
Authors:
RICHARD A. CLARKE is chairman and CEO of Good Harbor Security Risk Management. He served in the U.S. government as the president’s special adviser on cyberspace security, the president’s special assistant for global affairs, and the national coordinator for security and counter-terrorism.
ROB KNAKE is a Senior Fellow at the Council on Foreign Relations and a Senior Fellow at the Institute for Global Sustainability at Northeastern University. He was Director of Cyber Policy at the National Security Council from 2011 to 2015.