A blog on why norms matter online

My photo

I'm a Post-Doc Fellow at the Cluster of Excellence "Normative Orders" of the University of Frankfurt and lecturer at the Institute of International Law of the University of Graz, Austria. I've studied international law in Graz, Geneva and at Harvard Law School. I enjoy thinking and writing about Internet Governance and discussing and shaping the future of the Internet

Saturday, August 25, 2012

A victory for online anonymity in South Korea and for freedom of expression globally

Just as temple guards in Seoul, South Korea's
Constitutional Court has acted as a guard to the
rights of Internet users, by upholding anonymitity.
(c) Kettemann 2012


As the Korea JoongAng Daily, as well as Jurist, the Verge, WSJ and Heise.de report, South Korea's Constitutional Court has ruled, on 23 August, that the South Korean law on real name use on the Internet is illegal. 

The Constitutional Court  ruled that that is was unconstitutional to ask users, under the terms of a 2007 law, to verify their true identities and use their real names when posting in Internet message boards with more than 100,000 users a day. That would amount to prior restraint and was thus unconstitutional. 

The Court said that "expressions under anonymity or pseudonym allow (people) to voice criticism on majority opinion without giving into external pressure." Though anonymity has negative side effects, "it should be strongly protected for its constitutional value."

The verdict striking down 
Article 44 (5) of the Act on Promotion of Information and Communications Network Utilization and Data Protection was unanimous. 

As the   Korea JoongAng Daily reports
"In its ruling, the court said restricting freedom of expression can only be allowed when it has a clear effect on the public interest. “After the system was introduced, there was no meaningful decline in the number of illegal postings,” the ruling said. “Instead, users fled to Internet sites operated from overseas. It also created discrimination against service providers at home and favored those overseas. Taking these circumstances into account, it is hard to say that the system is serving the public interest.”"

Further, the Court identified concerns that the real names of people would be stolen due to security problems of  websites storing that information. 

This is good step, especially for South Koreans. 

As I have written previously
"recent reports by the Electronic Frontier Foundation and the Economist show even a democratic country such South Korea has been actively using references to taboo words as tools to curtail freedom of speech. The Economist particularly criticized the "supposedly independent KoreaCommunications Standards Commission [that] has had the remit [since 2008] topromote a “sound and friendly communications environment”.
"Sound and friendly" doesn't bode well for freedom of speech. Andindeed, a recent NYTimes article found that using curse words in South Korea can get you censored quite easily."
As the European Court of Human Rights ruled in Handyside v. UK it is not sound and friendly communicative acts that needprotection, but those that shock, offend and disturb. 
In a similar vein, the German quality daily FAZ recently published a comment by Peter Leppelt entitled "Anonymity online: Don't fear Freedom" in which he argued that the arguments against using real names are more weighty. 

The possibility to be anonymous online leads creativity, culture and development. The Internet, he argues, offers a "great opportunity to allow [...] anarchy and anonymity, use their burgeoningn creativity, but continue to live settled lives".
 
Thinking of a more  human rights-based approach to anonymity, I was reminded of Robert Bodle from the College of Mount St. Joseph who sat with me on a panel at the 2011 GigaNet symposion during the IGF in Nairobi. He wrote and presented an  excellent paper entitled "Upholding online anonymity in Internet governance. Affordances, ethical frameworks, and regulatory practices" in which he argued convincingly that  
"anonymity in networked digital communications is indispensable as an enabler of other inalienable rights, including informational privacy and freedom of expression."
Anonymity is also important for the involvement of all in multistakeholder-based Internet Governance processes. As Bodle concludes,
"The attributes of anonymity, including minimal accountability, disinhibition, and deindividuation, can encourage robust political speech, provide safety from reprisal, permit the freedom to speak freely, and create a strong sense of group identity. Anonymity can serve the multi-stakeholder model of Internet governance well by encouraging the full involvement of all, including marginalized and vulnerable populations, political dissidents, whistleblowers, and other private citizens who wish to participate without surveillance, data retention, repression, or other infringements on personal autonomy, privacy, and freedom of expression."



Thursday, August 23, 2012

Why the Internet is not a dark and scary place


(cc) Couple with a young female 
Booh. 

No, wait, actually there is no reason to be afraid. 

Though many policy-makers, traditional media sources, and large parts of the population believe, the Internet is not a dark and scary place. 

Why it is not, and why it is rather a source of innovation, was the key theme of a recent talk in Berlin by Ben Scott, Senior Advisor at the Open Technology Institute of the New America Foundation and former Internet policy advisor to Hillary Clinton's State Department.  

The talk was held in the framework of the Internet&Society Co:llaboratory's 6th initiative on Innovation in the digital ecosystem. (The 5th initiative, of which I was the thematic lead, was dedicated to human rights on the Internet. Have a look here for the online version of the final report). 

The initiative looks at key questions of harnessing the potential of the Internet for social innovation and economic growth, centrally: 

"How can we shape the ecosystem of our digital societies? 
Which institutions and approaches do we need, to foster societally valuable developments? 
How do we overcome borders on the internet and secure an open, functioning and inclusive internet ecosystem, which is more than just a business web, but a space for social and cultural evolution?"

Returning to Ben Scott and this ghostbusting: He has three key messages for us. 
  • Innovation is the creative response to destructive change.
  • To enable innovation, you have to know about your weak points. 
  • The Internet's culture is based on adaption and combination



His whole talk is available on  Co:lab's YouTube channel and is absolutely worth watching. 

I find it especially enlightening when he talks about the importance of coping with vulnerability, when innovating. There is no such thing as failsafe innovation. You try, and fail, and try, and fail (perhaps again and again) - and then you succeed. This culture of accepting failure is slow to emerge in some parts of Europe. 


But learning from mistakes is something that, as Ben Scott recounts, American diplomatic personnel also had to get used to. Before Wikileaks, his talks to US ambassadors on how decentralized networks of political actors would become active internationally, were met with limited interest. Julian Assange changed this. ("You were right", he says ambassadors later told him, "now make it stop".) 

But you can't make it stop. 


And this is why the Internet continues to be a dark and scary place for some, namely for traditionally-minded policy-makers wedded to national answers to what are actually international problems. 

It is high time to look seriously at he political and legal dimension of decentralized, transnational networks and thei impact on agenda-setting and policy-making. A first step could be to accept humanization as a paradigm of international law and international relations: a concept that reorients the international order towards the individuals and provides for a more nuanced position for states. 

A final lesson on innovation from a Silicon Valley bigwig? 

Ben Scott asked the successful technology enterpreneur how to create innovative technology policy.

His answer: "Go to breakfast!" (and talk to people from your network and ask them who they think you should, again, talk to, which lawyer to contact, which accountant to hire, which programmer to employ ...) 

It's dinner time in Austria, but the message still rings true. 

It is people who matter - when innovating, but also when making policies. And increasingly it is, in fact, the people, loosely organized in decentralized, transnational groups who  actually make the policy. 

Tuesday, August 21, 2012

As China calls for US to hand over "Internet control to the world", the world should call on Mr. Hu to tear down the Great Firewall

U.S. Secretary of State Hillary Rodham Clinton delivers remarks
at the Opening Session of the U.S.-China Strategic and
Economic Dialogue (May 9, 2011).
[State Department photo/ Public Domain]
It is difficult to hand over something (or someone) you don't really have in your power. 

The British cannot hand over Assange to the Swedish authorities because he is in the Ecuadorian embassy (which they will not, contrary to some wrong interpretations of a diplomatically unwisely worded letter) not attack.

Similarly, when China's English-speaking People's Daily Online told the US in a 18 August 2012 to "hand over Internet control to the world", the US could not really have done so. 

And wouldn't have wanted to (See the recent bill is US Congress confirming the "unequivocal policy of the United States to promote a global Internet free from government control and preserve and advance the multistakeholder model that governs the Internet today. ".) 

And shouldn't have wanted to.

What's at the core of the issue?

In a recent article, Rebecca MacKinnon who as CNN's former Beijing bureau chief truly understands the multiple dimensions of Chinese Internet (and media) policy provides an excellent review of the relationship of the US, the UN and the Internet, entitled "The United Nations and the Internet: It's Complicated" She sees a "battle [to be] brewing", but not one that should see any structural changes to happen.

Some governments, such as Russia and China, have been trying to argue for more control over the Internet for years and have raised questions of legitimacy of ICANN, historically an important actor, that regulates the domain name system and has some responsibility, under the recently prolonged so-called IANA functions, for the management of the way these addresses are saved on the root servers. 

Now, since domain names are words and are thus a good that knows (apart from some public policy-based exceptions) only artificial limits (those introduced by ICANN in the first place), one can questions the legitimacy of artificially making the market for domain names smaller and for introducing high entry fees (for new gTLDs, however). This is a point Milton L. Mueller makes it his 2002 book Ruling the Root (which is still very readable). But ICANN - by and large - works, and so does the domain name system.

Of course, the system is dominated by a US entity. This does not make China happy. But what are the  main points that the recent article in China People's Daily article makes? 

  • The Internet is increasingly important, but "governance mechanism for such an important international resource is still dominated by a private sector organization and a single country." (True, but the Internet is not worse off for it.)
  • The US retains "ultimate control over the global Internet, which enabled it to unilaterally close the Internet of another country. A suddenly paralyzed Internet would definitely cause huge social and economic losses to the country." (Theoretically true, but completely implausible.)
  • "The United States controls and owns all cyberspaces in the world, and other countries can only lease Internet addresses and domain names from the United States, leading to the U.S. hegemonic monopoly over the world’s Internet." (The US doesn't own "all cyberspaces in the world". There aren't different cyberspaces. What the article means is that ICANN regulates the attribution of domain names. Again, it's not quite the US, but a US-based company. The US DOC has exercised is supervisory function rather carefully in the past and has comitted to keeping the Internet open and multistakeholder-based. Just see the Obama/H. Clinton doctrine on Internet freedom.)
  • "The United States has taken advantage of its controlover the Internet to launch an invisible war against disobedient countries and to intimidate and threaten other countries." (Not true.)
  • "Ultimate control over the Internet has been an important tool for the United States to promote its power politics and hegemony worldwide, and any other country may fall victim to this." (Again, the US doesn't actually exercise ultimate control over the Internet. If it did, then China wouldn't be able to censor the web so effectively.)
  • "As a big country on the Internet, China opposes the U.S. unreasonable and unilateral management of the Internet, and seeks to work with the international community to build a new international Internet governance system." (The US has not behaved unreasonably  in the past. As is evident from China and Russia's proposal for an Internatioal Code of Conduct for Information Security, China's idea of an "international Internet governance system" would be one where countries would agree, per para. 3 of the Code, to cooperate to curb the dissemination of information undermining "other countries' political, economic and social stability, as well as their spiritual and cultural environment." Hello, censorship.
Summing up: some criticism is valid, but there is no better, more legitimate and more stable alternative than the current system. Most of the criticism, however, is politically motivated. 

As Internet architecture expert Wolfgang Kleinwächter pointed out there are now more than 150 anycast root server which makes the root server system much more reliable and have greatly reduced what the article calls the US hegemony. 

Importantly, there has also been a "moment of truth" as far as the control of the US government regarding publication of TLD zone files is concerned: the .xxx case. The US goverment was opposed to the publication and could have - theoretically - stopped it. But they didn't. (Read this interesting paper on policy issues regarding Internet domain names for Congress by Lennard G. Kruger of the Congressional Research Service for background information.). 

ICANN will never and can never meet the legitimacy requirements of a nation state. Because it is no nation state it shouldn't have to. Its role in Internet Governance can be legitimated through other avenues of legitimacy, including input, throughput and output legitimacy. 


Rather calling for an "internationalization" of DNS and root server management, we should use a functional approach that first asks what exactly the function of the regime needs to be (ensuring Internet integrity, stability and functionality in a process coherenent with (and outputs consoncant with) the Internet's core values, including the protection of human rights). How this functional approach can be applied to Internet Governance, is a topic that I'm broaching in my book The Future of Indivdiuals in International Law. Lessons from International Internet Law, which will be published later this year by Eleven International (Utrecht).

Internationalization is not always good. A treaty on DNS issues is not always the best option. Trust, accountability, rational legitimacy and distributed decentralized de facto control can serve just as well.


There's just one important exception when international oversight is really need. And China won't like it. 

It is the issue of human rights on the Internet (I have written extensively on the protection of human rights on the Internet before, on my blog [hereherehere] and in other media and forums [EJIL Talk!"Die Presse",jusPortal.at] and have lauded the Human Rights Council for making the significant step of conformign the technological neutrality of human rights protection regimes in the easy to remember phrase that "the same rights that people have offline must also be protected online")

 MacKinnon's article in Foreign Policy makes this point very clearly. Though we shouldn't 'hand over' control for the Internet to the UN, we should further internationalize human rights protection. 


MacKinnon  writes:

"Here's where the United Nations is actually useful. While it is clearly the wrong organization to coordinate Internet standards and regulations, the world body has played an essential function in establishing a human rights framework for Internet policymaking on a global scale. Thanks in no small part to U.N. human rights-focused institutions, a global consensus is growing that the Internet's development must be grounded in the principles enshrined in a set of global human rights agreements, including the Universal Declaration of Human Rights and its two associated covenants."


But China's position is ambiguous.

They don't actually want Internet governance to be internationalized, but rather nationalized. The UN, where China has a voice (and the Security Council where it has veto powers) are only means to the end of increasing control. 


Calling for an end to US control does not actually mean that it is Chineses policy to accept international standards on Intenret regulation. Otherwise, they would have long ago accepted global human rights standards. The Great Firewall of China tells a different story.

This is, in face a litmus test for the regime.

Rather than calling on the "US [to] hand over Internet control to the world" what Chinese media should call for is for "China [to] hand over Internet control to its people."

If they do that, then we can talk about internationalization.


So here's my call: Mr. Hu, tear down this Firewall. 

Thursday, August 16, 2012

As "f-bombs" and "sexting" are included in the Merriam-Webster, taboo words are still used as pretexts to online censorship (part 2)


A second article,celebrating the inclusion of the "f-bomb" in the Merriam-Webster(though the author would have probably found little to celebrate), is quiteremarkable in two ways. First, it deals with the very salient topic ofregulating vulgarity through law and makes an important contribution tounderstanding the challenges freedom of expression is facing - in offline andonline scenario. Second, it looks at a taboo word. And calls the word by itsname. Thus the author reflects on, and breaks, the taboo - making reading thearticles something of a guilty pleasure. Not a feeling that many law reviewarticles evoke, I gather.

I am talking about Christopher M. Fairman's articleentitled Fuck that was published in 

Fairman himself notes in a comment his paper that he had been interestedin the topic for quite some time, but had only recently - having reached a secure position in academia - found the courage to challenge thetaboo. 

He writes: 

"Several of my colleagues counseled me that Iwould never be able to get this piece published unless I altered thetitle. Whether it reflects courage or folly on the part of theeditorial board of this law review, I am grateful for their support in mydecision to use the word still viewed through the lens of taboo by so manyothers. I am well aware that I risk offending some readers. I view this asmy duty. As my former professor Sandy Levinson recentlyexplained, “Teachers in particular may be guilty of evading part of theirown responsibilities if they become too fastidious in ‘avoiding . . .words that shock.’” Sanford Levinson, The Pedagogy of the First Amendment:Why Teaching About Freedom of Speech Raises Unique (andPerhaps Insurmountable) Problems for Conscientious Teachers and TheirStudents, 52 UCLA L. REV. 1359, 1360 (2005). Discussing offensive speechrequires that one be willing to breach standard norms and run the “risk ofoffending. I think it is as simple as that.” Id. at 1390. On thismatter, I cannot agree more with Professor Levinson." (1711-12)

And I agree with Mr. Fairman. 

We all haveresponsibilities for the words we employ and for their protection. It isessential to study in the future how taboo language is used as a pretext tocurb freedom of speech in some countries. 

As recent reports by the Electronic Frontier Foundation and the Economist show even a democratic country such South Korea has been activelyusing references to taboo words as tools to curtail freedom of speech. TheEconomist particularly criticized the "supposedly independent KoreaCommunications Standards Commission [that] has had the remit [since 2008] topromote a “sound and friendly communications environment”.

"Sound and friendly" doesn't bode well for freedom of speech. Andindeed, a recent
 NYTimes article foundthat using curse words in South Korea can get you censored quite easily. 

As the European Court of Human Rights ruled in Handyside v. UK it is not sound and friendly communicative acts that needprotection, but those that shock, offend and disturb. 

In this light, breaking taboos can be a goodthing. 

Or as Mr. Fairman puts it his almost poetic lastline of his article:
"Fuck must be set free." 

As "f-bombs" and "sexting" are included in the Merriam-Webster, taboo words are still used as pretexts to online censorship (part 1)

The BBC and the Huffington Post report that the Merriam-Webster's Collegiate Dictionary has added a  number of interesting words to is latest printed edition, thus signifiying their entry into common usage.

These include "F-Bombs" and "sexting", both of which are already included in the online version of America's equivalent to the German Duden or the British English's Oxford English Dictionary.

Sexting is defined by Merriam-Webster's online edition as the "the sending of sexually explicit messages or images by cell phone", and "f-bomb" as "the word fuck —used metaphorically as a euphemism".

To celebrate their inclusion by Merriam-Webster I would like to point readers to two articles on the two words that highlight both their disruptive potential in disource ("f-bombs") and life ("sexting") and take issue with some commonly held preconceptions on both topics.

I'll deal with "sexting" today and with the "f-bomb" tomorrow.


I have done some research on sexting for a 2010 paper at Harvard Law School that I later published in juridikum, a Austrian journal of legal critique as Matthias C. Kettemann, Taking Sexting Seriously: Should Europe Start Prosecuting "Sexters"?, juridikum 2010, 402 



In the article I compared strict US approaches to prosecuting teenage sexters with the European laisser-"sexter" approach to regulation. (At that time, there were practically no cases in Europe). I argued for a dignity-based approach to prosecuting texting that would exclude prosectutions of the active sexter, as had happeneds in some US jurisdictions. 

I argued that 
A dignitarian approach to prosecuting sexting also allows us to escape the problematic victim/no-victim dichotomy that poses a conceptual hurdle for addressing sexting cases within the parameters of the Supreme Court jurisprudence. Sexting has victims, but these victims are often - under current prosecutorial scenarios - the perpetrators, the (co-)producers and possessors of images depicting the sexual exploitation of children. Analyzing sexting in light of human dignity will allow us to substantiate my approach. (409)
I suggested that 
[l]egislators in the US should consider changing existing legislation which can be read as allowing for, and has been used in, the prosecution of sexters. Some of these changes, including the modification of criminal laws and the downgrading of sexting offense to misdemeanors, the use of affirmative defenses, and educational approaches, are already under way. A dignitarian approach, however, has not been undertaken by any state. This is unsurprising as the explicit recourse to human dignity is not instinct to the American legislative tradition. It could, however, serve as a source of inspiration and legitimation for the protection of teenagers from sexual (self-)exploitation.
[F]ollowing a "paternalistic instinct" in regulating what children can do with modern technological devices should not be frowned upon per se. The Latin roots of "paternalistic" simply mean "father"; in some circumstances the legislator needs to assume such a role. Though discredited in some areas of legislation, legislative action based on the precept to protect society’s weakest members from self-objectification through self-exploitation (thus from society’s pressures and from themselves) can be considered a legitimate exercise of the legislator. Similarly, American prosecutors should carefully consider whether bringing a case against teenagers involved in sexting does not run the danger of re-victimizing them further, especially in light of the long-term consequences of convictions for sex crimes. Europe’s legislators in general, and Austria’s and Germany’s in particular, need to consider adapting existing legislation against the sexual exploitation of children online to the challenges of information and communication technologies.
In particular, I would suggest the inclusion of a sub-section to § 207a of the Austrian Criminal Code and § 184c of the German Criminal Code that both criminalize acquiring and possessing pornographic depictions of minors. This sub-section could read: "Anyone who transmits an image containing [a pornographic depiction of a minor above the age of 14 as defined in the German and Austrian legislation] shall be punished by [a prison sentence not exceeding sentences imposed for acquisition of comparable images] if this violates the dignity of the person or persons depicted."
This formulation targets primarily the person who sends or re-sends an image that they have taken in circumstances violating the human dignity of the person depicted or received and who would otherwise be protected by per-se-bars to prosecution under existing legislation. While not immunizing from penal sanction the person depicted who sends a sext, the threshold is much higher, as the dignity of the person depicted needs to be more forcefully protected against third parties than against themselves. In all but a few extreme cases, the formulation thus avoids victimization through law and allows teenagers to express their sexuality by transmitting pictures of themselves without the fear of prosecution. By allowing for the prosecution of all senders "down the line", the formulation also protects the person depicted and serves as a strong disincentive for mass sexting and especially the potentially harmful resexting. By limiting the criminalization to acts of transmission and not of possession, the inadvertent recipient of a (mass) sext remains outside of the scope of penal sanctions.
In keeping with the strong European commitment to protecting children who are exceedingly active in online environments (from others and from themselves), Austrian and German prosecutors could then - sensibly and after careful consideration of the state’s duty to protect human dignity - consider bringing cases against sexters in scenarios with coercive elements."
I finally concluded 
"As information and communication technologies develop, new means of violation of one’s dignity and the dignity of others emerge. Pre-existing taboos are impacted by changing mores and human dignity is constantly in danger. In times when technologies impact laws, it is important to turn back to the basics. And there is no more basic, more fundamental, and yes: nobler responsibility for laws than to protect the dignity of the human being."
Readers interested in the influence of ICTs on the sexual behaviour of young people, can consult this recent study: Moreno MA, Whitehill JM. New Media, Old Risks: Toward an Understanding of the Relationships Between Online and Offline Health Behavior. Arch Pediatr Adolesc Med. Published online July 02, 2012. doi:10.1001/archpediatrics.2012.1320.

Monday, August 13, 2012

Physical presence is necessary, argues German government - not quite convincingly - in online demonstration case

Do demonstrators need to leave their computer to be 
protected  by human rights law? Yes, says the German 
government.  (c) Kettemann  [Rome, 2011]
As I wrote here on 24 July 2012, German MPs from the Left party, have  asked the German government to provide information on the prosecution of teenagers who had participated, in June 2012, in a virtual protest action against the German music industry rights management company GEMA.
Summing up the questions I wrote that the 
MPs argued that the action was not "Computersabotage" (computer sabotage, as penalized by the German Criminal Code), but rather a „eine Protestaktion, die die Kriterien einer Onlinedemonstration erfüllt“ ["a protest, that meets the criteria for online demonstrations"]."

As Thomas Pany reports on heise.de, the German federal government has now responded in the negative: Though not all DDos attacks necessarily amount to crimes, only 'real' meetings are protected by the constitution's guarantee of freedom of assembly.
"Was die Frage des Versammlungsrechts angeht, so ist darauf hinzuweisen, dasseine Versammlung im Sinne von Artikel 8 des Grundgesetzes die gleichzeitigekörperliche Anwesenheit mehrerer Personen an einem Ort erfordert. MangelsKörperlichkeit sind virtuelle Versammlungen etwa im Internet daher im verfassungsrechtlichen Sinne keine „Versammlungen“."
The government thus interprets the Constitution to only protect assemblies characterized by the "simultaneous physical presence of a number of people at one place". Due to the lack of physicality virtual assemblies are not "assemblies" in the constitutionally protected sense.

But as Thomas Pany rightly argues, the federal government does not inform us why they are so sure that physical presence is necessary for a demonstration to be protected by the constitution. 

After all, we need to read national human rights clauses it in light of European and international human rights guarantees and the recent resolution of the HRC that calls on states to apply offline human rights to online environments.

Let us recall that Internet's central freedom - freedom of expression - is technologically neutral. Pursuant to Article 19 of the UDHR, expressions "through any media" are protected.

Further, Article 20 UDHR protects the righ to freedom of peaceful assembly. It knows no specific exceptions. It does not demand corporal presence.

Similarly, Article 21 of the ICCPR protects the "right of peaceful assembly". The article contains exceptions, but not related to the physicality of the protest:
"No restrictions may be placed on the exercise of this right other than those imposed in conformity with the law and which are necessary in a democratic society in the interests of national security or public safety, public order (ordre public), the protection of public health or morals or the protection of the rights and freedoms of others."
In aplying the similarly worded Article 11 of the ECHR, the European Court of Human Rights has protected the meeting of people to exchange or express views (cf. ECtHR 21 June1988 - Ärzte für das Leben/Austria). On a first glance, online meetings - targeted at exchanging views and expressing them - could also be protected. Though I will have to look some more into the questions of how 'organized' a distributed DoS action would have to be to meet this level.

To sum up: I would not be quite as sure as the German government is that freedom of assembly in the Internet age demands physical presence.

On a less serious note: Perhaps playing "A Physcial Presence" during online demonstrations might help?







Tuesday, August 7, 2012

For national cyber security strategies, a whole-of-nation approach works best

A new dawn for cyber security policies?
(c) Kettemann 2012


As written previously, I'll showcast some of the innovative research contained in the freshly published 2012 edition of Human Security Perspectives. Today, let's look at the role of states in developing cyber security.
In Internet Governance, and in online human rights protection, states continue to matter. And matter greatly. But it wasn't until the 1990s that states (and international organizations) decided to become involved in the regulation of the Internet. In 1996, as a reaction to this trend, John Perry Barlow published his Declaration of the Independence of Cyberspace and called upon the “Governments of the Industrial World, you weary giants of flesh and steel[,]” to leave cyberspace “alone”. “You are not welcome among us”, he wrote, “[y]ou have no sovereignty where we gather”.

As I argue in my doctoral thesis (which I am preparing for printing these days) this was empirically untrue already in 1996, it is even more so today. States can exercise sovereignty over situations emerging in cyberspace and have consistently done so, albeit with varying degrees of situational and technological awareness, legal sense and political sensibility.

Rather than implementing adhoc national Internet policies, states should follow a comprehensive, human rights-based approach. How such an approach may look with regard to cyber security has been exemplified in the Human Security Perspectives by Gerhard Jandl of the Austrian Ministry of Foreign and International Affairs in his contribution on the Challenges of Cyber Security from a Government’s Perspective.
Looking at the recently published draft Austrian National Security Strategy and its implications for cyber security, he highlights that states should become active in regulating aspects of the Internet:
  • "When IT technology is used for criminal purposes [...]
  • When the Internet is used for the radicalization of people  [...]
  • When IT technology is used for so-called cyber attacks,that is for attacks on the very existence and fundamental safety of our countries, economies and societies"
Especially in the third case, "the state must see to it that its crucial networks are safe and resilient and must constantly update the relevant protection measures."

Jandl correctly summarizes that
"It is obvious that no single ministry or even single government agency can fulfill these tasks alone. A “whole-of-government” approach or, indeed, a “whole-of-nation” approach involving also private stakeholders is required. Furthermore, no single country can successfully act just by itself. International cooperation becomes more and more pivotal, including with relevant international organizations that play an ever increasing role."
He concludes by giving an overview of the interlinkages between Austrian and international regulatory initiatives regarding the Internet. For a neutral country, such as Austria, cooperation with NATO on cyber security matters is an interesting case. He underlines that Austria has been the first country to start cocoperating with NATO under the aegis of NATO’s newly established Emerging Security Challenges Division in late 2011.

In times of emerging challenges of international security, hearing what governments have to say very important. At the same time, heavy-handedness in regulation needs to be effectively countered. To avoid regulatory overreach, a multistakeholder-based discussion process geared towards elaborating - together with all stakeholders within a state, and with the necessary input from without - a national cyber security strategy seems like a very good idea. 

These strategies, as Jandl writes, have to be drafted using a whole-of-nation approach. 

Governments matter. But the Internet is too important to be left in their hands alone.



















Monday, August 6, 2012

From fMRI to cybersecurity: the 2012 edition of Human Security Perspectives identifies key human security challenges on the Internet

I am happy to announce that the  2012 edition of Human Security Perspectives, a peer-reviewed online journal on human security issues in a complex world, has just been published. 

The 2012 edition of the journal I am co-editing is dedicated to Human Security in the Information Society. 

The contributions look at a broad variety of topics, from cybersecurity to the role of the European Parliament, from human security and social media to the use of fMRI and human rights.

Human Security, the concept to which the journal is dedicated, is a broader, more political notion, than human rights and can support the process of operationalization of the commitments to online human rights. For an introduction into the relationship of human security in the information soicety, see the introductory contribution by Wolfgang Benedek.

My own contribution tries to connect the dots between the recent Human Rights Council resolution and human security. 

I conclude (on p. 169) 
that 

"[the Resolution] is not the end of the debate, neither is it the beginning. Rather, it is the end of the beginning (where the extent of human rights online was doubted by some states). Thanks to the Human Rights Council, we now have a clear yardstick against which future national and international policy-making bearing on Internet and human rights can be measured.
With the stage now set for the operationalization of the commitment to human rights online, the concept of human security in the information society, as discussed in the contributions in this volume will be immensely important to inform the interpretation of human rights online and to limit states. limits on online freedoms.
Concluding, the Human Rights Council Resolution was a boost for human rights as it pushes their protection further into the limelight of international discourse. It is in this process that the concept of human security in the information society plays an important informative role and will, in turn, be influenced by the evolution of Internet rights and principles. Thus, a human rights-based International Internet Law can solidify."
Most other contributions are longer versions of selected excellents presentations held at the 2012 Graz Workshop on the Future of Security that was dedicated to the same topic.

In the coming posts, I will discuss the ideas contained  in selected contributions in more depth, but for the time being, I encourage you to have a look at the new edition of HSP.

 Human Security Perspectives 2012 (1)





III The Impact of ICTs on Human Rights Protection Regimes

IV Recent Developments