Defending Common Sense in the 2013 Cybersecurity Debate

Responses - Stakeholder Technical & Academic Community

Xu Peixi, Associate Professor, Communication University of China

To comment on a timely article by Bruce Schneier, I shall attempt to deliver a few observations deriving mainly from the 2013 cybersecurity debate between China and the U.S. If I can succeed in asking the right question about this China–U.S. row, it would only make his thesis more convincing by complementing it with a fresh case study, but if I fail to do so, I ask to be for-given for running against some of his judgments. Among all the merits, Schneier’s conceptions – such as the quick vs. the strong, or “nimble distributed power” vs. “ponderous institutional power”, or metaphorically put, “Robin Hood” vs. “the Sheriff of Nottingham” – hold the key to many myths about the degree to which we are empowered by the Internet. He presents valu-able concepts such as the “security gap”, defined as a “time period where the nimble distributed power can make use of new technologies before the slow institutional power can make better use of those technologies”.

Xu Peixi is Associate Professor at Communication University of China, Beijing. He is also PhD candidate and researcher at the University of Tampere, Finland. His research interests include international communication, citizen participation, media and local administration and new media.

With the help of these concepts, we can distinguish between the early days of the Internet, when the citizens were winning, and what is happening right now, when governments and corporations are gaining the upper hand. Schneier’s text captures this exact dimension of momentum: the development of the Internet is about to repeat that of radio and TV, which was once char-acterized by a similar early period of optimism. The fight over broadcasting was over and political and commercial forces de-clared victory; however, the battles over the Internet are ongoing and we still have a slim chance of winning. The last para-graph of Mr. Schneier’s text lists a few mechanisms –legislatures, ITU, IGF – through which we need to engage in these de-bates to “to build tools that amplify what is good in each while suppressing the bad”.

As a civil society stakeholder from a developing country, I want to deliver my observation here in particular on how the bigger and stronger institutional powers represented by the U.S. and Google divert the attention of the global public by inventing, fabricating, or exaggerating the cybersecurity threats from other countries while the fact is that they are threatening, hacking, and harassing others. These games add much complicity to the Internet governance debate at global forums. And they have so far scored tremendous success in preventing the formation of a global solidarity among the global public. What should be a common cause against all institutional powers, both in the global North and global South, is skillfully framed by these super powers as a fight within their same species of institutional powers. Those powers like the U.S./Google – that is, themselves – are associated with positive words such as freedom, free flow, and innovation. Those powers like Iran/Russia/China/Saudi Arab/Africa/Huawei are often associated with negative words such as censorship, control, surveillance, and theft.

Before a young Edward Snowden spoke up, Google accused the Chinese government of accessing “the accounts of dozens of U.S., China, and Europe-based Gmail users”. The U.S. government accused the Chinese government of hacking into U.S. computer systems and stealing intellectual property from numerous American businesses. American politicians, from the bot-tom to the very top levels, were collectively engaged in a China-bashing campaign. A record number of American institutions, from the Justice Department to Congress and the Pentagon, spoke with one voice that was ruthlessly recycled by the commer-cial media. A powerful hurricane of curse and condemnation took shape and force. The topic had been pushed to such ex-tremes that some were discussing the imminent danger of state-sponsored Chinese hackers attacking American infrastructures, including telecommunications, power grids, airports, and nuclear facilities.

Mr. Edward Snowden then exposed the comprehensive espionage activities the U.S. had been conducting against China and other countries, with the willing and full cooperation from its information industry. American accusation fell flat on its face and the gigantic hammer highly lifted dropped on its own foot. To paraphrase Warren Buffett, when the tide goes out, you get to see who’s swimming naked. In the wake of this, I ask two questions. What do we do when the U.S. and Google, who mo-nopolize the core Internet resources and are located on the upper side of the river, are acting foul and doing evil (or at least acting inconsistently)? The question becomes more acute when the topic of cybersecurity is linked with national security and is being justified as a rationale to start physical wars. Then, naturally, we ask: to what degree is the concept of national sovereign-ty of the Westphalian System valuable or outdated?

The answers to these questions are hard to give, but the way we answer the questions with actions will bring us three scenarios for the future Internet. Scenario 1 is that the bigger institutional powers find it suitable and profitable to succeed in repackag-ing and selling a Cold War mentality to the public in the global North. In this case, national sovereignty would remain the best rationale for the global South to defend their interests inside and outside cyberspace and will hold its value in the global Inter-net governance forums. Scenario 2 is that the smaller, weaker institutional powers are forced or bribed to operate as the agents of globally more dominant ones. That is what is happening now. You may observe that the cybersecurity row between China and the U.S. was quickly brushed aside during the 5th China–U.S. Strategic and Economic Dialogue when the Chinese side agreed on a number of frameworks for a future investment treaty, which would mean more economic penetration of the Chi-nese market by American businesses, but Chinese businesses in the American market can be resisted using the rationale of national security. The China–U.S. relationship can be as good as a couple (China–America) or as bad as an enemy (anybody but China), depending on American business interests. The EU, if we categorize it as an institutional power, will remain dom-inated by the British position as a close ally of the U.S. and shy away from its initial public model of Internet governance, which should have succeeded now as a political compromise. This scenario would mean more solidarity of the institutional powers and more marginalization of the global public, and it is more likely to happen. Scenario 3 is what we are working for. That is, we, the distributed and fragmented powers with fewer resources but more moral legitimacy, will not stand by and watch the miraculously played out good cop vs. bad cop show presented by the institutional powers. We will take action to tame both the global and local feudal lords.

MIND-Multistakeholder Internet Dialog MIND stands for Multistakeholder Internet Dialogue. The discussion paper series is a platform for modern polemics in the field of internet governance. Each issue is structured around a central argument in form of a proposition of a well-known author, which is then commented by several actors from academia and the technical communities, the private sector, as well as civil society and government in form of replications. all MIND-publications