Ronald Deibert's Remarks at the 2013 IGF High Level Leader’s Meeting
Internet Governance Forum 2013
High Level Leaders Meeting
21 October 2013 in Bali, Indonesia
Mr. Chairman, fellow delegates, thank you very much.
On behalf of the Citizen Lab and the Cyber Stewards Network I am honoured and delighted to be participating in the High Level Leaders Meeting at this year’s IGF in Bali.
I am going to begin my presentation with the “E” word.
No, not “Ethics.” “Edward.”
Yes, that’s right Edward Snowden.
I know in bringing up his name I am making many in this room uncomfortable.
It makes governments uncomfortable, for obvious reasons.
It makes the private sector uncomfortable too. Data we entrust to private companies, that we assumed were protected based on the terms of service we sign with them, have, it turns out, routinely been shared with third parties without our consent.
How often this goes on, among other companies, and in other parts of the world without user consent is an open question that we at the Citizen Lab intend to explore.
We have to talk about Edward Snowden’s revelations. It is the elephant in the room. Everyone is wondering what impact these revelations will have: on forums like the IGF, on standard setting bodies like the IETF, and on Internet governance broadly.
We are clearly at a watershed moment.
My fear is that the reactions to these revelations are, in the short term, going to make matters worse. They will have a negative impact, I fear, for openness, human rights, and even for international security — as governments detach and seek to insulate themselves from the global network.
I worry that arguments for a “clean,” “healthy,” or even “ethical” Internet will be used in practice to stifle free expression and access to information.
I worry that what started out as a globally distributed network will be slowly subsumed and swallowed up by a system of nationalized controls.
Although I applaud efforts by governments to build confidence measures and norms in cyberspace, I worry that these processes will result in a condominium of the lowest common denominator, as long as they are processes undertaken behind closed doors and without the full participation of civil society.
I worry most of all about an escalating arms race in cyberspace, serviced by a growing market for censorship, surveillance, and computer network attack products and services that are directed by governments not only at each other, but also at their own citizens and at dissidents at home and abroad.
Capabilities are being put in the hands of policymakers they never before imagined: deep packet inspection, cell phone tracking, social network monitoring, that are being used to identify, isolate, and arrest civil society.
I fear the market for what some are calling “digital arms” — unconstrained as it is — will now explode as cyber security demands grow and governments seek to build their own signals intelligence programs.
What to do?
Some of my colleagues in civil society feel that citizens should “take the Internet back” — bypass or ignore governments and private companies altogether because they can no longer be trusted.
Not only is this impossible, it is undesirable.
Without organized government, without the rule of law, the very rights we cherish would quickly diminish in a Hobbesian world of might makes right.
Instead, I believe that civil society needs to put forward a security strategy for cyberspace from the starting point of human rights and the rule of law.
We have to begin by asking: security for whom? security for what?
Part of that process must involve a reasonable and open discussion about the rule of law enforcement and intelligence agencies in the world of Big Data and the Internet of Things.
At the very time that we are turning our digital lives inside out, entrusting our thoughts, actions, and intimate conversations to private companies, we are delegating power and authority to secure this space to some of the world’s most secretive and unaccountable national security agencies.
To be clear, law enforcement and intelligence agencies are essential to the protection of commerce, rights, and governance. But wholesale surveillance without independent judicial oversight is incompatible with liberal democracy and human rights.
Furthermore, we have to give meaning in the real world to the idea of “multi-stakeholderism.” The term is mouthed so often by those who do not practice what they preach that it has become an empty euphemism.
Finally, we have to lift the lid on the Internet and subject it from the bottom to the top, from the code all the way up to forums like this, subject them all to proper oversight, transparency, accountability, and legal restraint.
The Internet is ours — all of ours. It is what we collectively make of it. We need to remember that before it slips through our grasp.