A Shift in International Information Security: The Story of a Diplomatic Oxymoron

Gregory Asmolov, a PhD candidate in New Media, Innovation, and Literacy at the London School of Economics, uses the recent UN draft resolution “Developments in the Field of Information and Telecommunications in the Context of International Security” to examine shifts in international Internet regulation. On November 11, 2013 CGCS hosted a talk with Gregory where he used Russia as a case study to suggest exploring Internet regulation beyond specific measures suggested by government, such as new legislation or law enforcement that seeks to restrict Internet freedom.

Gregory Asmolov November 11, 2013: From the North Pole to WWW: Social and political construction of cyberspace and Internet regulation in Russia

The Past. Information security vs. cybersecurity: traditional disagreements.

Russia and the U.S. have historically had very different positions on international Internet regulation issues. Washington focuses on cybersecurity, Internet freedom, and limiting the field of regulation to technological infrastructure while Moscow’s position centers on the much broader information security. According to Russian information security scholar Oleg Demidov, Russia tends to focus on the regulation of state-to-state relationships in the information realm. The traditional western position, however, is more concerned with threats affiliated with individual actors, as well as with state actors that limit individuals’ freedom through cyberspace regulation[1].

Another point of debate is whether cybersecurity should be regulated by hard law or by soft law (set of norms without compulsory commitment). While many discussions take place in different international forums, the United Nations continues to be a major arena for Russia’s promotion of information security as a framework for international regulation. Russia, acts through the UN first committee in order to frame Internet regulation within the broader context of international security.[2] The U.S., however, frames cybersecurity-related regulation as “creation of global culture of cybersecurity” and promote its initiatives through the UN second committee.

The Present. New project of the UN resolution: Strategic shift.

On the one hand, traditional opposition to the Russian “information security” approach continues to be a major leitmotif in the Western position. At the WSIS in Dubai for example, Russia’s idea of the right of the state to control its national cyberzone was blocked. On the other hand, the international arena of Internet regulation is experiencing deep and strategic changes that make the position of Russia and its allies stronger. A recent document submitted by Russia to the first committee on October 18th 2013 illustrates the nature and the process of this shift. The draft resolution, titled “Developments in the Field of Information and Telecommunications in the Context of International Security” (A /C.1/68/L.37) therefore helps us explore the complexity of these changes, and discuss potential reasons linked to them.

Elena Chernenko, cybersecurity expert and Russian journalist from Kommersant newspaper, suggests that the new resolution was possible because of the Snowden NSA leaks. According to Chernenko, Russia benefited from the Snowden revelations as it showed that the U.S. actively used the technology to conduct global surveillance to advance its interests in other states. This exposed a double standard in Washington’s promotion of Internet Freedom. The “Stuxnet” case, in which cyber-attacks were conducted against targets that served some U.S. security interests, also contributed to the general increase in concerns about cyberspace as a potential field of combat.

In consequence, we are witnessing a global shift in positions related to international regulation of the Internet. The draft resolution illustrates the nature of this shift, as it garnered the support of actors previously in opposition, and includes contradicting arguments for both security and freedom.

First, the draft of the resolution presents a continuation of Russian efforts to frame the issue of Internet regulation within security considerations by embedding the topic within the UN first committee’s agenda. However, in comparison to similar documents, there is a substantial change in countries co-sponsoring the draft.  Argentina and Brazil, for example, joined members of the Shanghai Cooperation Organization (SCO) with their support. One may argue that pro-Russian Internet regulation is shifting from reliance on the SCO to the more powerful and global BRICS block.

The second remarkable characteristic of the resolution draft its mix of two very different Internet regulation agendas and narratives. On the one hand the text expresses concerns that, “[information] technologies and means can potentially be used for purposes that are inconsistent with the objectives of maintaining international stability and security and may adversely affect the integrity of the infrastructure of States to the detriment of their security in both civil and military fields.”[3] On the other hand, the text notes “the importance of respect for human rights and fundamental freedoms in the use of information and communications technologies”.

The first point follows the traditional Russian understanding of information technologies as potential weapons that can challenge state sovereignty by causing social and political instability. The second point, however, introduces the importance of Internet freedom and human rights as factors that should be considered when creating Internet regulation.  The latter is much closer to the U.S. position that has been introduced through the second committee. Viewing the Internet as a threat to security on civil field and at the same time underlying the importance of fundamental freedom looks like an example of political oxymoron. One may suggest that SCO countries are ready for this type of compromise and new system of balances between the demands of security and human rights, in order to expand the number of countries that support their position.

Argentina and Brazil’s support of the document is an additional achievement for Russia as the draft considers various regulative frameworks for information security, including linkages to concepts and international treaties. In short, the resolution provides a framework to put the Russian offer for cyber treaty on the UN agenda. This means that the regulation to be discussed is not only a set of norms, but also hard law that requires the commitment of all international actors.

The recent resolution therefore presents an interesting mix of agendas, and frames new coalitions that can support information security regulation and either oppose or force the U.S. to make its position more flexible. There are also some signs of shifts in the U.S.’s cybersecurity position, as concerns about information warfare and the necessity of cyber treaties become more dominant in U.S. officials’ narratives about international Internet regulation.

The global shifts illustrated by the recent draft will require compromises from all actors. The question, however, is what will these compromises look like? Will the new point of balance be closer to the protection of human rights or the sovereignty of states? Will the new structure of coalitions force the U.S. to change its position? Will the shift increase the role of U.N. and ITU in Internet regulation?  How will the new status quo around international Internet regulation look like? So far, these questions remain open. Right now, however, the details are not as important as the conceptual properties of this shift.

The Future. Internet regulation: the new structure of the battlefield.

In 1998 Tim Wu introduced how classical international relations theory could be applied to regulation of the Internet[4]. He argued that the realist position toward Internet regulation meant that “the power-maximizing state will let the Internet be free only insofar as doing so serves the state’s interest.” The liberal position, however, focused more on the normative framework and development of international institutions that can maintain the normative status quo.

The general development of offensive cyber capacities, as well as the NSA revelations, both increased the concerns of state actors and contributed to shift from liberal normative approaches to realist driven policies among the majority of actors including the U.S. The increasing domination of realists in the field of Internet regulation, however, has deeper roots.

The major struggle that can be associated with emergence of the new status quo around Internet regulation policy centers around how the role of the Internet is constructed. In her recent book, Professor Robin Mansell demonstrates how different ways of “imagining the Internet” can lead to significantly different policies regarding Internet regulation.[5]  Dr. Daniel McCarthy demonstrates how the apparatus of social construction of technology theory and the notion of technological closure can be applied to analysis of U.S. Internet related policy.[6] Eventually, while the struggle around Internet regulation looks like debates between realists and liberals, the major contest takes place around the point of “closure” that will be shared by majority of the state actors.

The following table suggests a simplified version of this hypothesis—mapping the position of different actors in in relation to a particular closure of the Internet. It should be noted that different organizations and departments within a state can promote different positions (e.g. the Department of Defense will be more focused on security and the State Department more on the Internet Freedom), but the influence of the specific organization/department on the general state’s policy can change.

Social construction-closure/Dominant actors in definition of consensus Focus on opportunities: Internet freedom Focus on threats: Internet security
State actors Will the U.S. still occupy this cell? Russia/ new coalitions/ ITU
Non-state actors NGOs, ICANN, networks of users, individuals Anti-virus corporations, think tanks

While state actors still differ in how they construct the role of the Internet, it appears that the “closure” is shifting from understanding the Internet as a technology that introduce a variety of opportunities (e.g contribute to liberalization, progress and democratization) to a technology that poses increased threats to security and stability. While Russia shared the latter “closure” from the outset, appears that more and more states adopting security and threat driven discourse.

The major nature of change is the shift in social and political construction of the information technology from the source of liberalization to the major source of international insecurity and instability. If this “closure” becomes dominant among the majority of international actors in international discussion, new advanced forms of Internet regulations are inevitable.

Additionally, increasing prominence of security driven discourse may lead to a significant change in the structure of debates around Internet regulation. While today we see that major disputes take place among states actors, as more states shift their position towards security “closure,” states’ main opposition may come from the side of non-state actors.

While the differences between states’ positions become less significant, a major gap between state and non-state actors will remain. Internet regulation will no longer be a contest between Russia and the U.S., but instead between the states driven by security considerations and a global network of individuals with alternative imaginations of the Internet. We should not expect that the U.S. and other western countries will be able and interested in protecting Internet freedom. This gap can be filled by the emergence of new non-state actors seeking to protect the current status quo around Internet regulation, as well as new bottom up protests from Internet users. It is going to be a long battle that will not take place in diplomatic forums, the UN, or cyberspace, but on the field of human imagination.

//Gregory Asmolov

 


[1] Демидов Олег, Обеспечение международной информационной безопасности и российские национальные интересы —Индекс Безопасности, № 1 (104), Том 19 p. 131, http://pircenter.org/articles/1110-obespechenie-mezhdunarodnoj-informacionnoj-bezopasnosti-i-rossijskie-nacionalnye-interesy

[2] In a last five years Russia introduced its view about information security in a number of comprehensive internal and international documents including “Basic Principles of the State Policy of the Russian Federation in the Field of International Information Security to 2020.”; the “Convention on International Information Security,” a project on the legal framework for international regulation that was presented in Yekaterinburg in 2011 and the “International Code of Conduct for Information Security” that was submitted to the UN by China, Russia, Tajikistan and Uzbekistan also in 2011.

[3] “Developments in the Field of Information and Telecommunications in the Context of International Security”

[4] Wu., T.S., Cyberspace sovereignty? – The Internet and the international system, Harvard Journal of Law and Technology. Volume 10, Number 3, 1997.

[5] Mansell, R., Imagining the Internet: Communication, Innovation, and Governance, Oxford University Press, 2013

[6] Daniel R. Mc Carthy, Open Networks and the Open Door: American Foreign Policy and the Narration of the Internet, Foreign Policy Analysis (2011) 7, 89–111

 

Featured Photo Credit:AttributionSome rights reserved by xlibber

Leave a Reply