May 13, 2013 3:36:43 am
The existing international treaty,the Budapest Convention,focuses only on cybercrime.
The internet continues to expand its reach through innovative applications that are appearing in hundreds every day. With known vulnerabilities in the platforms,and the ever expanding cyberthreat landscape,cybercrimes are growing phenomenally. These include financial fraud and identity theft,which affect citizens and corporates globally the recent $45 million ATM heist reported in the media was conducted by criminals spread across 27 countries. There may be cyberattacks on critical information infrastructures such as banking,power distribution,air traffic control,as well as espionage. Current debate focuses on whether cyberspace is more a battleground for nations or yet another arena for traditional crimes.
Even though cyberspace is proving to be of vital importance for the economic growth of nations,the global discourse on international cooperation in cyberspace is dominated by the national security paradigm. It is acknowledged that cyberspace is a global commons,the fifth after sea,land,air and outer space. It must be navigated safely by countries for economic and social activities. But militaries must also navigate this global commons for national security. It is here that the discourse tends to get skewed,leading to differing views on cyberspace. If the intent is to gain military advantage,militarisation of cyberspace is essential. It is this view that has been dominant in the US,as is evident from the fact that cybersecurity is under the overall control of the national security advisor,not under the Department of Homeland Security. The US also declared that,if attacked,it would defend its fifth domain by resorting to proportionate attacks in any of the other four domains. The policy of deterrence is employed for cybersecurity,which is reminiscent of Cold War security.
Is the cyber threat being blown out of proportion in an attempt to continue the growing emphasis on militarising cybersecurity? The self-defence paradigm,flowing from the Law of Armed Conflict (LOAC),favours military solutions to cybersecurity. The use of Stuxnet malware against Iran was indeed a case of a nation-state using cyber weapons for destructive use. But the vast majority of cyberattacks are carried out by individuals for financial gain,which qualifies as espionage or theft no different from crimes in the physical world. The law governing cyberspace should,therefore,be the law governing economic rights and non-intervention,not the LOAC. A cyber treaty that demilitarises cyberspace and emphasises law enforcement cooperation will promote a safe internet. Improved international governance of the internet is an integral part of this cooperation. Russia and China have proposed treaties in the UN for increased information security,and for restricting the development of cyber weapons again driven by militarist thinking. The US,till recently,was not in favour of a global treaty restricting military use. North Korea,however,openly talks of cyberwarfare. While nation-states recognise that unilateral dominance of cyberspace is not possible,they continue the development of cyber weapons to gain advantage before a treaty takes shape.
The existing international treaty,the Budapest Convention,focuses only on cybercrime,seeks to harmonise national laws,improve investigative techniques and increase cooperation among nations. It establishes procedural laws and powers for effective investigations,for securing electronic evidence through search and seizure,for interception and international cooperation to share data. But countries may refuse to cooperate even after ratifying the treaty. It also allows a country to refuse assistance if it considers an act to be a political offence,or not an offence within the country. This is complicated by different conceptions of human rights and privacy concerns. No wonder the treaty is limited in scope and enforcement. It is viewed only as a symbolic legislation.
It is time all nation-states got together to create a new international cybercrime treaty,since the present convention cannot be modified by non-EU members even if they are signatories. The right forum for creating such a treaty is the UN Office on Drugs and Crimes. Matters of content regulation and freedom of speech,which could interfere in the internal affairs of nations through cyberspace,should be addressed. The world needs to think afresh on what cybersecurity is. The aim should be to resist militarisation of cyberspace in the interest of promoting the internet for peaceful use.
The writer is CEO,Data Security Council of India. He was the founder Director,CERT-In. Views are personal
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.