Student Voices: Do We Need a Cyber Constitution?

While technology becomes progressively more convenient and more of us choose to store sensitive data on servers and electronic devices, hackers are also developing new and increasingly sophisticated tools for stealing that information and masking their tracks. Since I am a lowly undergraduate with no responsibilities of national importance, hackers would only get a few laughs at the YouTube history and embarrassing Facebook conversations on my computer. Still, extra precautions and common sense never hurt anybody. One must pay attention to the source before clicking on URLs and ignore spam mail along with its attachments. It is also important to secure passwords and to regularly update the operating system, browser, anti-virus and other critical software.

US Defense Secretary Panetta recently stated that cyber threat is an important danger to national security. I agree with his point particularly if the adversaries access important infrastructure and control facilities to cause physical damage, in ways like derailing trains or overtaking control of military weapons. Today, various attacks swarm in from around the globe, but the governments and the police are still largely restricted by their territorial borders.

As a constant user of online services, I got over the cringing thought of companies compiling a dossier on my life and habits. As long as we are on the Internet, we cannot avoid leaving something about us somewhere. Nevertheless, I strongly believe that each user has the right to know what information gets collected. Even more so, that companies should do their utmost to protect such data from unauthorized third parties including governments, unless presented with clear evidence of possible involvement in criminal activity of the user. In which case, I think the companies should first launch their own investigation before handing over that data. And it goes without saying that especially the developers of potentially dangerous technologies must devote even more resources to securing their network.

Cyber security so far has been maintained by ISPs, national CERTs, domain name registers, hosting companies, IT giants and internet security companies. Their collaboration extends across countries and they have power to punish the wrong-doers by removing them off of the Internet. In late November 2013, the news reported that Google and Microsoft joined forces to block child abuse searches. Another interesting project conducted by “Terre des Hommes”, a Dutch children’s rights organization, was also disclosed earlier that month. They created a CGI 10-year old girl from the Philippines called Sweetie to lure and identify child webcam sex tourists from around the world. Of the 20,000 sexual predators that unknowingly approached Sweetie in chat rooms, 1,000 were identified and their dossiers were handed over to the Interpol for further investigation.

The role of governments in this rising cyber war is controversial. They are stepping in to regulate the Internet as shown by the Convention on Cybercrime proposed in 2001. Already signed by 50 countries, it is the first international treaty that criminalizes actions on the Internet such as copyright infringement, fraud, child pornography, breaking into computer networks and hate crime. It enables governments to monitor and restrict online behavior, quite clearly trampling on freedom and putting the law at odds with democracy.

The idea of cyber law enforcement that can quickly mobilize foreign authorities under a shared jurisdiction to fight cyber crime is actually great, but only under certain conditions.

Firstly, the law enforcement needs to be independent of governments and companies, but have close ties with both. I see it as a union of smaller organizations responsible for various aspects of Internet usage that would monitor each other’s behavior to create an equal balance of power. The governing body as a whole should have the authority to monitor that all stakeholders – individual users, internet companies and governments – comply with the law. Such regulatory meetings would be attended by democratically elected leaders from each block, by which I mean that the Internet world should not be subdivided into politically determined segments that we call ‘countries,’ but rather into Internet constitution blocks.

This leads to the second condition: the need for an effective cyber constitution. For cultural, moral, religious or even parenting reasons, individual users feel differently about what should be considered their right and it is simply impossible to establish a one-size-fits-all constitution. Therefore, they should be able to choose which constitution they would like to be a part of. Some might opt for complete anonymity with somewhat limited possibilities. Others, like researchers who wish to access potentially dangerous information, would have to reveal their identities and be held accountable for its use. Companies would be monitored for their quality of service and transparency; and if it fits with the selected agreement, users can demand the data collected on them to be deleted.

Finally, there needs to be a clearly defined due process. As I understand, current laws allow governments to demand personal information about users of interest from foreign companies or ISPs, even if they operate under a different jurisdiction. Instances that allow this must be clearly defined, and at least for the moment be limited to serious crimes with clear evidence. Otherwise, powerful resources of member countries such as the US, face the danger of being abused and many companies would lose their trust on the international market.