Columns

Secret Surveillance Puts Internet Governance System at Risk

One year ago, many Internet users were engaged in a contentious debate over the question of who should govern the Internet. The debate pitted the current model led by a United States based organization known as the Internet Corporation for Assigned Names and Numbers (supported by the U.S.) against a government-led, United Nations-style model under which countries such as China and Russia could assert greater control over Internet governance.

The differences between the two approaches were never as stark as some portrayed since the current model grants the U.S. considerable contractual power over ICANN, but the fear of greater foreign government control over the Internet led to strong political opposition to UN involvement.

While supporters of the current model ultimately prevailed at a UN conference in Dubai last December where most Western democracies, including Canada, strongly rejected major Internet governance reforms, the issue was fundamentally about trust. Given that all governments have become more vocal about Internet matters, the debate was never over whether government would be involved, but rather about who the global Internet community trusted to lead on governance matters.

My weekly technology law column (Toronto Star version, homepage version) argues that the Internet governance choice was a relatively easy one at the time, but in recent weeks the revelations about widespread U.S. secret surveillance of the Internet may cause many to rethink their views. Starting with the first disclosures in early June about the collection of phone metadata, the past two months have been marked by a dizzying array of reports that reveal a massive U.S. surveillance infrastructure that covers the globe and seeks access to virtually all Internet-based communications.

The surveillance programs include phone metadata collection that captures information on billions of calls, access to data from Internet giants such as Google, Facebook, and Microsoft (which may even include user passwords), and the monitoring of Internet traffic through undersea cables around the world. Moreover, the surveillance activities involve the active co-operation of the same governments that support the U.S. on Internet governance, including the United Kingdom and Canada.

Not only do the surveillance programs themselves raise enormous privacy and civil liberties concerns, but oversight and review is conducted almost entirely in secret with little or no ability to guard against misuse. In fact, U.S. officials have now acknowledged providing inaccurate information on the programs to elected politicians, raising further questions about who is watching the watchers.

The surveillance programs have emerged as a contentious political issue in the U.S. and there are several reasons why the reverberations are likely to extend to the global Internet governance community.

First, the element of trust has been severely compromised. Supporters of the current Internet governance model frequently pointed to Internet surveillance and the lack of accountability within countries like China and Russia as evidence of the danger of a UN-led model. With the public now aware of the creation of a massive, secret U.S.-backed Internet surveillance program, the U.S. has ceded the moral high ground on the issue.

Second, as the scope of the surveillance becomes increasingly clear, many countries are likely to opt for a balkanized Internet in which they do not trust other countries with the security or privacy of their networked communications.  This could lead to new laws requiring companies to store their information domestically to counter surveillance of the data as it crosses borders or resides on computer servers located in the U.S. In fact, some may go further by resisting the interoperability of the Internet that we now take for granted.

Third, some of those same countries may demand similar levels of access to personal information from the Internet giants. This could create a “privacy race to the bottom”, where governments around the world create parallel surveillance programs, ensuring that online privacy and co-operative Internet governance is a thing of the past.

4 Comments

  1. Be careful of what you wish for?
    So the outcome of the USA trying to ‘secure’ the internet may lead to the opposite?

  2. Shawn H Corey says:

    Silly Politicians
    Any country can control their own internet by placing proxy servers at its borders to access the rest of the world. Internally routed messages stay internal and only those that access out-of-country sites go thru the proxy server. Every modern business has such a system; it is a simple matter to scale it up to a country.

  3. Alex Dumpfree says:

    Anxiety
    Things getting worse day by day.

  4. Computer Consultant
    I suspect the Canadian and US governments are NOW setting filtering on the Internet to block content from the impending strike on Syria. I’m a computer consultant, 100% of my clients have had outages, all using different service providers. Systematically, all instant messaging, emails, Twitter and many others services have also had outages that have been occurring for 1.5 weeks. None of which are offering reasons other than “We’re experiencing technical difficulties, and we’re working to resolve them.

    This IS too much of a co-incidence for my liking. Do you have any information on these outages? have you seen any giant providers experience unexplained outages where you are?