APCNews interviews Alex Comninos on developing a cybersecurity agenda for civil society
By Shawna Finnegan for APCNews
BOGOTA, 16 May 2013
“While governments, militaries, intelligence agencies and the private sector are taking the lead in steering cybersecurity debate and policies, civil society needs to engage in cybersecurity on an equal footing.”
As part of its Internet Rights are Human Rights project, APC has released a new issue paper by Alex Comninos, “A cyber security agenda for civil society: what is at stake?”
For the release of this issue paper, Alex Comninos spoke with APC’s Shawna Finnegan about cybersecurity, ICTs for human security and conflict prevention, and the challenges faced by civil society.
Shawna Finnegan: Cybersecurity seems to be a source of great discussion and fear at the moment. Why do you think that is?
Alex Comninos: Cybersecurity can be quite complex to netizens without a technical background. This can lead many people, including the media, policy makers, and stakeholders from government, business and civil society, to take reports at face value. Cybersecurity issues may easily be be misinterpreted, misunderstood, misrepresented or misreported. Due to the relative anonymity afforded by the internet, it is hard to attribute responsibility or causation for cyber attacks and cyber incidents. In this environment, unsubstantiated claims can therefore spread quickly through policy debates.
SF: What is the most important cybersecurity concern, in your opinion?
AC: Articles about cybersecurity are generally quite exciting (or terrifying). But the real challenge to cybersecurity does not involve international terrorism, state sponsored espionage, or hackers on steroids. The problem lies in the source code of the software we use every day, whether this is the operating systems we use, the “apps” we run on our computing devices, our web browsers and the add-ons that make them run (e.g. Flash and Java), and the software used to build the websites that populate the internet. The real cybersecurity problem lies in software security.
SF: What role do you see for ICTs in human security and conflict prevention?
AC: Information and communications technologies can and should be used to enhance participatory mechanisms and response frameworks in a manner that protects civil, political and social rights. ICTs can also be used to improve coordination of different agencies and actors in conflict prevention and peacebuilding. While data sharing for conflict early warning and prevention should be encouraged, it is essential to keep in mind issues related to privacy, information security and operational security.
SF: How does this relate to a human rights perspective of ICTs?
AC: The internet and ICTs can be used to improve human security, but I think we must focus on human rights approaches to their use, rather than just the need to use them as tools for peace. There are a number of problems that can arise in the use of ICTs, and if the use of ICTs are not implemented properly, in a conflict sensitive and information security sensitive manner, they can introduced more security issues.
However I am not sure whether civil society in general have nuanced enough discourse to speak about the role of the internet from a human rights perspective in conflict prevention and peacebuilding. Lacking a cybersecurity agenda for civil society, and lacking a framework to link cybersecurity to information security, I think we have not much to work with.
SF: How is civil society discourse developing around ICTs for human security?
AC: I think it is important for civil society to carefully decide whether to bring issues onto national cybersecurity agendas, and whether or not these issues are dealt with better when they are on the national agendas of states. Civil society needs to consider the costs and benefits of “securitising” certain issues. Do the issues warrant the importance of national security status? Are they best dealt with through a national security or information security framework? Are they currently addressed by other government structures? Are there non-internet focused mechanisms or initiatives that are already dealing with these issues? Civil society needs to think carefully about when to securitise issues, and when not to securitise issues. Will the securitisation of issues enhance or marginalize civil society’s existing role?
Evidently we do need more ICT use in conflict prevention, and we do need to incorporate social media into it, we do need data sharing amongst UN agencies, government, military and civil society organisations, and as this is a matter of life and death (read: violence prevention) we need to deploy it as soon as possible.
I think an important question is what are the ends? What world do we arrive at, if all of this is successfully implemented? A world in which it is common order of business for our social media, and user generated content to be mined by conflict early warning and violence prevention initiatives, searched for possible inflammatory content, and then in the spirit of “open data” shared amongst governments, NGOs, security agencies, and their contracting corporations. What happens when we develop a conflict prevention culture that is integrated with social media? Is this surveillance then crowdsourced to general internet users?