The Government’s Cybercrime Legislation Amendment Bill is now headed for the Senate after passing the House of Representatives this week; at that point it will become clear whether the Government is minded to offer amendments to address the tripartisan recommendations of the Cyber Safety Committee on fixing some of the more egregious problems of overreach in the bill, or whether the Opposition, as it did with the recent extension of ASIO’s espionage powers, is happy to wave it through as is.
Regardless, this is a good point to take stock of where governments, including but not limited to the Australian government, have indicated they want to see internet regulation go, because 2011 has for a number of reasons seen a long series of attacks on the internet from a variety of sources.
There is now a definite “closing of the frontier” moment for the internet — or at least that’s what many of the world’s biggest corporation and governments of both democratic and repressive stripe would like us to believe is inevitable. That was certainly the tone adopted by Nicolas Sarkozy in May at his “eG8” gathering of gatekeepers to talk about how to civilize the internet.
“You are not a parallel universe, freed from the rule of law,” Sarkozy — who presides over an internet regulatory regime even more draconian that US lawmakers have tried to concoct — railed. In short, the days of the online Wild West are over: time for governments to move in, round up the bandits and rustlers and impose law and order so that families and communities can grow there.
So what would the “civilized internet” look like? We now have a clearer idea.
1. Seamless cross-border law enforcement
For a decade law enforcement, intelligence and national security agencies have played catch-up with the cross-border nature of the internet and the capacity for information to move beyond their jurisdiction. The American approach has always been more freewheeling; perhaps because US institutions of government are more politicised than those of Westminster-based countries, they have less sense of restraint about acting beyond their strict legal remit. That hasn’t been the case in Australia, where agencies like ASIO have insisting on their remits being expanded to facilitate their activities.
But agencies of different countries, particularly like-minded ones like the Anglophone governments (who form a cybercrime “quintet”), are working more closely together on cyber security issues. Legislation to widen the range of targets for espionage, first to non-state actors, and now to virtually anyone perceived as a threat, has been put in place as part of the War on Terror, and the mechanisms by which targets can be monitored have been expanded to address the shift from telecommunications to online communications.
The European Convention on Cybercrime — which the Cybercrime bill is intended to enable Australia to accede to — will strengthen the seamlessness by enabling foreign governments to require the preservation of and gain access to user data and the content of people’s online and telecommunications activity.
This catch-up to the borderlessness of the internet is likely to in time be matched by an effort by legal systems to do the same. The first stirrings of this have emerged in 2011 – the US Department of Homeland Security demanded the extradition of a British youth charged with running a site linked to filesharing. As the sole superpower, the Americans have a natural sense of extraterritoriality toward the rest of us, one that vassal state governments like Australia’s are usually happy to accommodate. But expect, in time, governments to consult on how their legal systems, not just their agencies, can work cooperatively to prevent the internet from being used to circumvent legal restrictions within a country.
English judges who have railed at how social media have been used to breach superinjunctions, for example, would be only too happy to try to extend their reach offshore — recall Ryan Giggs and his lawyers successfully filed a suit against Twitter, based in San Francisco and registered in Delaware, earlier this year, before discontinuing it in the face of a social media onslaught.
2. Shutting down the internet for security purposes
The demonstration effect of the Arab Spring is clear — shutting down the internet and mobile services can be an effective technique in disrupting the capacity of people to organise and coordinate protest action. David Cameron caught on in the wake of the London riots, proposing that access to social media somehow be blocked if it is going to be used to organise civil unrest, although overnight his government seemed to back away from it after meetings with social media companies.
But within hours of the Cameron announcement, the San Francisco rail operator BART showed that it too had learnt the lesson, shutting down access to wireless and mobile services (apparently without bothering to tell service providers) when it feared a demonstration was being planned over the killing of a passenger by its security staff. Internet shutdowns such as these are more easily carried out when responsibility for them is diffused across government agencies and private sector infrastructure providers, allowing governments themselves to reject direct responsibility for them. Expect this tool to be deployed more frequently against protesters.
3. An end to online anonymity
There’s a strong union of interests between governments and some of the biggest internet-based corporations on ending online anonymity both for security purposes and to maximise the potential to monetise personal data. The end of anonymity will be sold as a necessary national security and crime prevention measure, while the likes of Google, Facebook, political parties and marketing companies mine personal data to maximise revenues or construct political campaigns.
Part of the pitch will be a deliberate confusion of a range of threats — cyber crime, hacking and cracking, state and commercial espionage and online activism — and the need to protect against them. The “civilized internet” would be devoid of pseudonyms, except for those who can afford to invest in strong anonymisation tools — or those allowed anonymity by governments. Which leads us to…
4. The manufactured social space
While real people won’t have anonymity, virtual people will – corporations and government will invest significant resources in manufacturing online identities in an effort to influence social media. This began as simple astroturfing and sockpuppeting by companies, but governments have begun to understand the importance of not just monitoring closely, but influencing the social space where key political debates are now occurring.
The US Defense Department has moved to “weaponise” sockpuppets, contracting for software to allow military operators to control up to ten online accounts at once with the intention of influencing online debate. When this was revealed, they hastened to assure that such systems would only be used outside the United States, influencing debates elsewhere.
A complement to this is the US policy of openly supporting internet freedom outside the US by funding anonymisation software, “internet in a suitcase” systems and other tools to protect online activists from surveillance or, ironically, internet switch-off. These systems are inevitably targeted at régimes not supported by the US, like Iran and China, with the result that (rather like the Reagan Administration supporting Solidarity in Poland while working to crush American unions) online anonymity becomes a tool of foreign policy rather than a critical component of the right to free speech.
5. The online surveillance state
In the same way that widespread CCTV systems would once have been regarded as an Orwellian intrusion but are now accepted with little demur, expect routine, rather than occasional, online surveillance to become the norm. Such surveillance might be conducted by your own government, or by others: the US’s Romas/COIN program is a huge Defense Department contract to monitor online and mobile communications of users in Arab countries, but then the US Government also spies on its own population via the largest internet service providers like AT&T, and both shields and provides immunity to those companies in doing so.
Middle Eastern countries routinely make use of western-designed software that enables them to monitor the online and mobile activities of dissidents. This week’s revelation that Nokia Siemens provided software to the Bahraini Government that allowed monitoring of mobile usage subsequently used in the torture of a dissident is only the latest in a series of revelations about the implication of western technology companies in human rights abuses — but it’s all right, because Nokia Siemens insists it has a “human rights policy”.
6. ISPs as law enforcers
The civilized internet will also strongly rely on internet service providers to act as enforcers for corporate and government control, usually as part of a deal to preserve their “safe harbour” status (a deal that, like Darth Vader’s deal with Lando in Empire Strikes Back, gets progressively worse once struck). The copyright industry, the world’s most powerful industry after the arms industry with deep ties to government and the media, has been increasingly successful in its push to require ISPs to enforce the copyright regulatory systems that used to be the responsibility of the industry itself to enforce, via “three strikes” systems and requirements to hand over user data.
A similar approach has been adopted by security and law enforcement agencies and underlies the Australian Cybercrime bill — imposing significant data retention and storage requirements on ISPs regardless of the cost or practicality of implementing them. There’s a virtuous circle here for governments and corporations — the more costs can be loaded onto ISPs, the more the internet service industry moves toward oligopoly as smaller providers are unable to compete, and the more readily deals can be struck with the remaining large providers.
Thus would the frontier be closed, with your online identity closely matched to your real-world identity, reduced to just another consumer, employee and law-abiding citizen, enjoying the fruits of corporate civilization.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.