While there is only one world power on the Internet, that situation will not last forever. The Internet’s underpinning technologies were mostly created in the US, the initial networks were based there and today the US hosts the majority of the most powerful Internet companies.
Although minor battles have been fought on Internet sovereignty for years, the de facto power that stems from the US for a long time seemed acceptable. But with the revelations — not even all following from Edward Snowden — about international mass surveillance by the US and its allies, it’s inevitable the gloves have had to come off.
In a replay of an imaginary Cold War nightmare scenario, Russia and China appear to have identified a common enemy. The nations are expected to sign a collaborative cybersecurity treaty to “oppose the use of IT and the Internet to interfere in the internal affairs of independent states”.
There has also been discussion in mainland Europe, particularly Germany, about “Schengen-routing”, which would keep Internet traffic away from the parts of the network where America’s National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) could easily snoop on them. Snowden has claimed that establishing a “European cloud” may not be effective, however.
Generally there are two main reasons for states to want to take control of the Internet: they want to defend against outsiders – and to defend against insiders.
The enemy outside
Effectively, the US still claims sovereignty over large parts of the Internet. This is not just de facto sovereignty based on the residence of large Internet companies and most cloud servers within the US. It is not even because the Snowden files have shown us that the NSA hoovers up most Internet traffic. In a recent court case it was established that US law enforcement agencies can demand data from US companies even when it is stored abroad (in this case, Microsoft servers based in Ireland).
The discrimination in NSA procedures and US law that treats US and non-US citizens differently (or worse) is also irksome.
Nor are US allies, chiefly Britain, innocent in this context. Unexplained spying by GCHQ abroad is well documented, with the claims of eavesdropping at climate change conferences the most recent. The explicit extension of the Regulation of Investigatory Powers Act 2000 introduced through this summer’s “emergency” Drip Act also plays a role. The act’s clause 4 allows the interception of communications even relating to activity outside the UK by persons and companies based outside the UK.
For countries such as Russia and China, the threat from outside is more acute given that both countries have problems with territorial conflicts. There have been reports of cyber attacks in both directions between Russia and Ukraine. And China has been suspected of carrying out man-in-the-middle attacks in order to spy on citizens using encrypted connections.
These countries have a greater need to take control. Russia, for example, has recently been reported to be investing US$500m to establish a cyber warfare division, for offensive and defensive operations.
The enemy within
When governments tighten their hold over the Internet within their own country, it’s normally a slippery slope towards the restriction of civil rights. The so-called “great firewall of China” is to restrict freedom of expression and access to information for the Chinese population — to control those within, not those without. Google played along with this by censoring search results within China until 2010, when they moved their operations to the slightly freer jurisdiction of Hong Kong.
Amnesty International has taken up cases of people persecuted for political use of the Internet in countries such as Bahrain, Azerbaijan and Egypt. North Korea has even gone as far as closing down all access to Twitter and Facebook.
On the other hand, Russia is close enough to Europe to not want to be painted as a politically repressive country. Instead Russia controls its Internet through more subtle means. For example, its compulsory identity verification for social networks is justified as a defence against identity theft. While many nations operate a blacklist to restrict access to child pornography sites and those distributing copyrighted material, the Russian government added some independent news sites to the list, allegedly to prevent unauthorised protests — and pages on social network VK were highlighted by public prosecutors as advocating terrorism.
However, with its recent explicit attacks on freedom of speech, it seems Russian authorities no longer feel especially restrained in exercising censorship. Putin’s claims to support online freedoms like any other democratic country sound a bit shrill taken alongside his description of the Internet as “a CIA project”.
Setting an example
Not that the UK emerges as a shining example in this respect. Dubious laws have been used to arrest a peer joining a demonstration — and years of spying on eminent historians by MI5 has just come to light. Meanwhile the police feel free to spy on journalists, prison staff listen in on MPs’ phone calls and intelligence agencies breach client-lawyer privilege. So it’s hard to swallow claims made by the home secretary, Theresa May, and GCHQ that efforts to improve mobile coverage and use encryption shouldn’t be allowed because of “security threats”.
Of course, with elections around the corner, the major parties in the UK are making promises about restoring civil rights and establishing safeguards and oversight. But it seems there’s been little progress towards David Cameron’s promises in 2009 to erode the “control state” his government inherited.
- Eerke Boiten is a senior lecturer in the School of Computing at the University of Kent and director of the university’s interdisciplinary Centre for Cyber Security Research
- This article was originally published on The Conversation.