Featured

As Trump Dampens US’s Internet Freedom Agenda, the Race to Cyber Supremacy Reaches New Levels

Although cyberspace is important for economic growth, countries must also have supremacy in it through their ability to navigate it for intelligence gathering and cyberwarfare.

Freedom of expression has assumed new contours in cyberspace. Credit: Reuters

Chris Painter, a cybersecurity coordinator in the US Department of State since 2011, stepped down in the third week of July when the Trump administration decided to close the state department’s Office of the Coordinator for Cyber Issues, and move it to the Bureau of Economic and Business Affairs. This marked the jettisoning of cyber issues from cyber diplomacy – something which the Obama administration had established with strong belief in their importance in contemporary world since the emergence of the cyberspace as an engine of economic growth.

In its diplomatic efforts, through this office, the US state department wanted the cyberspace to be used for free flow of information across borders, promotion of democracy, freedom of expression, and human rights – in what was collectively referred to as the Internet freedom agenda. The US signed agreements with several countries for cyber cooperation to share information on cyber incidents, vulnerabilities, new attack vectors, forensics etc to enhance peaceful uses for growth of economies. The zenith of this diplomacy was the signing of an agreement with China, in 2015, to stop economic espionage for intellectual property, to not attack critical information infrastructures such as banking, electricity generation and distribution. Not surprising that some two dozen Democrats promptly urged US secretary of state Rex Tillerson on July 21 to keep the state department’s cyber division citing the reduction in espionage of US industry as a direct outcome of this agreement. With the world getting more interconnected, they argued cyber diplomacy would assume greater importance.

David Fidler, on the other hand, in a blog post titled ‘US Cyber Diplomacy Requires More than an Office,’ argues that downgrading of cyber in foreign policy of the Trump administration was clear from the “White House’s refusal to confront Russia’s cyber interference in the 2016 election, and instead, express a desire to establish a joint cybersecurity unit with Russia, is also consistent with the administration’s marginalisation of the State Department in its ‘America First’ foreign policy.” He further writes that the basic objectives that Barack Obama wanted to achieve by making cyber part of its diplomacy, as stated in its International Strategy for Cyberspace, made little progress because in reality “Internet freedom has declined around the world, privacy is increasingly under threat, and the free flow of information has become more endangered.”

It is interesting to learn that the CIA has recently reported that espionage by China continues unabated, notwithstanding the agreement that was negotiated by the cyber coordinator in 2015. An article published in the Washington Post quotes Michael Collins, deputy assistant director and head of the agency’s East Asia Mission Centre, as saying, “We know the Chinese are very active in targeting our government, US industry and those of our partners through cyberespionage.”

According to him, countering or mitigating the Chinese cyberattacks will require an “all-of-government, all-of-country approach to pushing back against it.” This is in contrast to the earlier reports of  cybersecurity experts, including FireEye that Beijing’s espionage and information theft had significantly decreased as a result of the 2015 US-China agreement. It seems the bilateral agreement emanating from cyber diplomacy, as part of the core work of the state department, has not delivered the promised outcome. Indeed it could not have, since cyber security is linked to national security as countries are increasingly dependent on cyberspace, which is being increasingly exploited by countries to gather intelligence on others. This will likely continue notwithstanding any agreements that maybe signed.

Promoting democracy

The US has taken upon itself to promote democracy in countries around the world. The last couple of decades have witnessed interference in domestic affairs of some countries, by powerful nations, in the name of democracy, in total disregard for the Westphalian model that brooks no attack on sovereignty of a nation. Kosovo, earlier a part of Serbia, was bombed by NATO forces in 1999, and carved out as a separate state. The US and the UK attacked Iraq in 2003, while Russia attacked Georgia in 2008. The 2011 Libyan civil war is attributed to US instigation – it used social media in cyberspace as a tool to destabilise the then government. Is a state’s ability to govern compromised by interference through cyberspace, in violation of the Westphalian model? Can democracy, as a new human right, be exported under the garb of freedom of expression to destabilise nations? Such violations have been seen in Egypt, Syria and Georgia.

All of these have been questioned as infringements of state sovereignty, dictated by political and economic interests, even though the US and its allies justified support to ‘spontaneous’ uprisings on humanitarian grounds. These were in turn linked to the lack of democracy in the victim states, though over a period of time, temporary democracies, created from outside, gave way to worse forms of dictatorships. These examples make it clear that democracy as a human right cannot be championed by anyone, and least of all be propped up by external forces. The world has rejected such attempts of intervention through the cyberspace.

Transnational institutions – Internet governance

Globalisation has given rise to new transnational institutions, which form an international system that bypasses the Westphalian state. The Internet – a borderless global commons – led by the private sector, has given fillip to globalisation like never before. It has also given birth to non-state actors, including transnational institutions for global governance of the Internet.

Internet Corporation for Assigned Names and Numbers, a non-profit, incorporated in and operated under US laws, is a prime example. These private-sector-led transnational institutions champion the involvement of multiple stakeholders, including civil society, academia, standards bodies, multinational corporations and governments. Sovereign governments are but one of the cogs in the wheel of global governance of the Internet. They also have an impact on rights to privacy and trademarks. Freedom of expression is interpreted by these institutions according to the first amendment of the US constitution. Governments seem to lack control even when they feel that specific content, threatening national security, should be removed and they ought to know the identity of those uploading it. This has given rise to calls for data localisation or data nationalism.

Freedom of expression has assumed new contours in cyberspace. Most countries recognise that free expression has its limits, even though they may differ on what these limits are. Hate speech targeting individuals because of race, religion, gender or ethnicity; incitement to violence and defamation are treated as violations to free speech and expression. Content regulation has emerged as the most contentious issue, dividing nations in their stand on the newly emerged transnational institutions. Clearly, just one view of freedom of expression in cyberspace can not dominate. Even in the US, the Apple vs FBI case illustrates the tension between the state and the private sector, including the civil society. Obviously the cyber coordinator would find it odd to promote freedom of expression internationally.

State sovereignty in cyberspace

In the EWI Cybersecurity Summit at Stanford in 2013, Cai Mingzhao, Minister of the State Council Information Office of China, in his inaugural address said that, “To maintain cyber security, we need to show respect for sovereignty over cyberspace. The Internet is global, but at the same time it belongs to different countries. Sovereign states have primary responsibility for maintaining order in cyberspace. It thus follows that respect for national sovereignty over cyberspace is an important prerequisite for maintaining international cyber security.”

If anything, its position on national sovereignty over cyberspace has further toughened. In the first World Internet Conference in China, President Xi Jinping called for a “multifaceted, democratic, and transparent governance system for the international Internet.” In the second conference, showing desire of China to take over global policymaking role, held at Wuzhen in 2015, President Xi was more categorical when he said “No country should pursue cyber hegemony, interfere in other countries’ internal affairs, or engage in, connive at or support cyber activities that undermine other countries’ national security.” This is clearly aimed at the Internet freedom agenda of the US.

China is building legitimacy for such an international regime through the World Internet Conference, UN Group of Government Experts, ITU and other global forums. There are many democratic countries that view undue interference in their internal affairs by the US and its allies through the Internet freedom agenda. China may eventually find support for its approach. It is emerging as a powerful nation by investing heavily in ICT infrastructure development in Asia and Africa. Adam Segal, in a Hoover Institution essay ‘Chinese Cyber Diplomacy in a New Era of Uncertainty’, while underlining the centrality of cyber sovereignty in its diplomatic outreach, underscores the importance of its commercial IT diplomacy. The Chinese private companies Huawei, ZTE and its state companies like China Telecom, are making heavy investments in Africa and Asia to build telecom and information infrastructure, to connect them to China as part of the Belt and Road Initiative (BRI). In fact, fibre optic and e-government networks have been established in over 20 African countries; investments to the tune of $ 173.73 billion are planned as per the December 2016 Ministry of Industry and Information Technology document. China is also taking the lead in setting of 5G phone standards – in recent years it has sent the most number of experts to standard making international bodies.

Clearly, China aims to be a power in the cyberspace. It will be interesting to see the emergence of balance between legitimacy and power in the cyberspace.

Is Trump restoring state sovereignty?

In a New York Times article, Peter Baker writes that “Mr Trump has dispensed with what he considers pointless moralising and preachy naivete…. playing down issues of human rights or democracy…… His “America First” approach focuses not on how other nations treat their people but on what they can do for the United States.” He further writes that Trump’s “foreign policy seems defined more by transactional nationalism….. Rather than spreading American values, his policy aims to guard American interests.”

Disbanding the office of the cyber coordinator in the state department appears to signal the end of Internet freedom agenda. The real question is whether the state department had mixed too many issues of its overall global diplomacy into the cyberspace agenda. Cyberspace is important for economic growth, but it is equally important for nations to have supremacy in it through their ability to navigate it for intelligence gathering and cyberwarfare. Cyberarms race has only accelerated in this period; cyberwarfare is no longer a distant possibility – it’s already upon us. By including freedom of expression, democracy and human rights in cyberspace, the US has weakened its objective of strengthening cyber for economic growth in countries, and controlling the narrative. Matters became worse when the US itself was found to be conducting espionage globally on all citizens, on an unprecedented scale, violating their privacy under the NSA programme in the name of counterterrorism, as revealed by Snowden in 2013.

In her remarks on Internet freedom in 2010, then secretary of state Hillary Clinton, while quoting Franklin D. Roosevelt’s speech of 1941, in which he talked of a world where, “all people enjoyed freedom of expression, freedom of worship, freedom from want and freedom from fear”, added a new freedom to this list – freedom to connect for exchange of ideas, to form communities of interest and use the Internet for commerce, banking, governance. But the world soon discovered that this freedom to connect comes at a very high price, namely, massive surveillance, which instils fear, instead of freedom from fear. In another speech, on the same subject, at the Hague in December 2011, Clinton lamented that states push plans for surveillance in the name of security. Although it was directed at states like China, Russia, Saudi Arabia and other countries in the Middle East, Snowden revealed that the US itself was (and continues to be) engaged in surveillance, in the name of homeland security.

It seems that all these years the state department has tried to chew more than it could (or should have) in its cyber diplomacy. The US global interests seem to have been compromised by linking freedom of expression, free flow of information, human rights and democracy to its international strategy in cyberspace as is apparent from the steps taken by China. Let these be tackled by other relevant global institutions. The race to supremacy in the cyberspace has reached new levels – if the Internet till recently was led by investments by the US companies, and their partners; funded and led by the US government, the next billions of users in Africa and Asia will be riding on the infrastructure created by the Chinese. Cyberspace will still be an engine of economic growth. It will also see continued militarisation. Cyber espionage and cyberwarfare will be ever more important. Cyberarms race continues to expand. The world will debate development of the norms of behaviour of states in the cyberspace, norms for mega multinationals to prevent misuse of data and to respect privacy of global citizens, prevention of cyberwarfare, promotion of peaceful uses of the cyberspace. This will be in several forums – both multilateral and multistakeholder. Focusing on these, instead of the Internet freedom agenda, likely will find resonance in all democratic countries. The Westphalian state may be morphing in cyberspace, but sovereignty is dear to nations. The Chinese are using soft power too. As Segal observes, “They [Chinese companies] may in the long term become norm entrepreneurs. Huawei, for example, has developed, with Microsoft and EastWest Institute, a buyers’s guide for governments and corporations on acquiring more secure ICT products and services.”

Trump administration appears to have dropped the Internet freedom agenda from its objectives as the section on ‘Internet Freedom Agenda’ contained in an earlier draft was dropped from the final cybersecurity order signed by the president on May 11. It signals respect for the Westphalian state sovereignty in the cyberspace. The US still has a chance to be the global policy leader by separating economic from military issues, and in setting up the norms of behaviour of states in the cyberspace. With China in a vantage position as noted above, it would be prudent for the US to work closely with India, besides its western allies, to engage China on the cyber part of its BRI initiative. India with the second largest Internet user base, strong IT industry, highly skilled workforce, several start-ups, innovation track record, vibrant democracy, strong legal regime and respect for international institutions is a natural partner in this long haul for democratic and equitable management of the cyberspace for peaceful use by all countries.

Kamlesh Bajaj is a Distinguished Fellow, EastWest Institute. He was the Founder CEO, Data Security Council of India; and Founder Director, CERT-In, Department of Electronics and Information Technology.