There are several reasons why cyber security should be a central concern for the newly appointed U.N. High Commissioner for Human Rights.
First, a secure network is necessary for the continued operation of the internet, a communications medium that has greatly improved human rights conditions worldwide. The Internet has enabled unprecedented freedom of expression – global networks of bloggers and citizens from around the world have made important contributions through blogs, social media and other means. Marginalized groups have gained a voice; injustices have been better exposed; dialogue and debate have taken take place. The Internet has also allowed new forms of civic participation and political organization, enabling a virtual freedom of assembly and connecting actors across geographic space – it has greatly helped the work of human rights advocates around the world, and benefited innumerable social justice causes.
Maksim Kabakou/Shutterstock (All rights reserved)
Beyond the use that individuals can make of the Internet, entire industries and infrastructures rely on robust cyber security. If essential networks are compromised, destabilizing effects could jeopardize access to basic commodities such as water, food, and electricity. As the information economy grows in importance, threats to networks could result in human rights and humanitarian crises.
But it is not just for the security of systems and networks that the Commissioner should be concerned. Upholding human rights in the twenty first century will require securing the networks that enable them and preventing threats to individual liberties that arise in the name of cyber security.
Increasingly over the years, and undeniably in the aftermath of the Snowden revelations, we have seen that threats to human rights are frequently shrouded in the rhetoric of ‘securing the network.’ This rhetoric flows from an international doctrinal consensus that nations are at permanent risk of cyber war.
In the public debate, calls for cyber security measures are often reductive and fail to comprehend the various dynamics at play on the network. State-sponsored hacking, terrorism, ‘hacktivism,’ and petty cyber-crime are awkwardly gathered under an overbroad umbrella of cyber threats. In reality, each of these issues calls for widely different approaches. Unfortunately, we see that national cyber security concerns are often a cloak for attempts to monitor dissidents, inappropriately collect user data, or even compromise the security of the network in order to gain intelligence.
In a nutshell, ‘cyber security’ itself is often invoked as the reason to engage in mass surveillance, deny people’s right to encrypt their communications, and otherwise violate their privacy. All of these things make citizens less secure – especially in nations where there are not strong human rights guarantees.
Citizens deserve a positive right to cyber security, ensuring access to a strong, resilient, trustworthy and secure network
For the sake of cyber security, many states have gone to the extent of implementing a ‘net kill switch’, a means to shut off the Internet at the expense of all citizens relying on this medium for many critical aspects of their daily lives.
To restate: cyber security is key to the issues of human rights worldwide, both because offline rights are being exercised through the network—such as freedom of speech, assembly, or access to basic commodities—and because cyber security is often the justification used to limit and deny human rights. Some work has already been done to strengthen Human Rights online – for instance with the June 2014 Human Rights Council resolution on Internet and Human Rights which reaffirmed that the human rights people enjoy offline should also apply online. More needs to be done, and here are two suggestions for where to start: defining a positive cyber security right, and reshaping the debate around norms for cyber peace.
States have a national security concern in viewing cyber security as solely about policies and practices to eliminate threats. Yet citizens deserve a positive right to cyber security, ensuring access to a strong, resilient, trustworthy and secure network on all platforms. The High Commissioner should call for, and commit the Office of the High Commissioner for Human Rights to develop and define this positive right to cyber security.
It should also be on the agenda of the High Commissioner to further the development of the norms constraining states to respect this positive right to cyber security, and to not use this broad umbrella concern to impede the human right to privacy. A global effort to establish guidelines in this area, known as the Necessary and Proportionate principles, has paved the way for the Office to advance this work.
The High Commissioner should commit the Office, as part of its educational, advisory and informational mission, to re-shape the current debate on cyber security by placing human rights values, and principles at its core and refusing false and pervasive tradeoffs that threatens them, such as the widespread narrative that views privacy and security in opposition. Neither privacy nor security can be achieved in isolation; any stable arrangement should seek to ensure both.
The voice of the High Commissioner is also much needed to tame the pervasive rhetoric of cyber war, which needs to be complemented by a debate on how to build norms for cyber peace. Such norms will ensure that human rights principles and values are respected in peacetime when states deploy power over and through cyberspace. These norms will create the mutual trust needed between citizens, corporations and governments of the world in their common interactions in cyberspace.