Rights Wire

The Human Rights Blog of the Leitner Center for International Law and Justice


Leave a comment

Hindustan Zindabad: stifling freedom of expression in the world’s largest democracy

By Jennifer Li

IMG_1162

Student members of the left-wing All India Students’ Association (AISA) shouting the slogan “Inquilab Zindabad,” or “long live the revolution.”

“Hindustan Zindabad!” Long live India! I first heard this Hindi phrase as I sat among thousands of Indians under the long shadow of Delhi’s historic Red Fort last August, listening to Prime Minister Narendra Modi deliver his annual Independence Day speech. I have also heard these words chanted at kabbadi tournaments by Indians who seemingly cheered on no particular team and yet every team, impassioned but neutral spectators to the ancient Indian contact sport which, to the untrained eye, demands equal skill in holding one’s breath and playing a more aggressive version of Red Rover. Most recently, I have heard this slogan shouted by students and professors who marched down the streets of central Delhi, condemning the government of a nation in which they have conveyed, in just two words, not merely great pride, but also tremendous expectation.

On Feb. 12, 2016, the president of the student union at Delhi’s Jawaharlal Nehru University (JNU), Kanhaiya Kumar, was arrested and charged with sedition under Indian Penal Code (IPC) Section 124A, a colonial-era law originally used by the British government to quell Indian nationalism – and try Gandhi – and IPC Section 120B, a criminal conspiracy statute. The charges were based on anti-national speeches that Kumar had allegedly made during a student event on campus marking the controversial 2013 execution of Afzal Guru, a Kashmiri separatist convicted of plotting a deadly 2001 attack on India’s parliament.

The government’s reaction to the arrest has done little to quell accusations that the arrests of Kumar and a former Delhi University professor, S.A.R. Geelani, were politically motivated. The day before Kumar’s arrest, India’s Minister of Home Affairs, Rajnath Singh, warned via Twitter, “If anyone shouts anti India slogan & challenges nation’s sovereignty & integrity while living in India, they will not be tolerated or spared.” Days later, as Kumar was escorted to his first court appearance, a member of the Delhi state legislature and the Bharatiya Janata Party (BJP), OP Sharma, along with some forty lawyers attired in the telltale black and white, were filmed kicking and punching not just Kumar, but also journalists, students and professors. BJP party spokesman Sudhanshu Trivedi has condoned Sharma’s statement that “there is nothing wrong in beating up or even killing someone shouting slogans in favor of Pakistan.”

IMG_1273

Members of the National Federation of Indian Women (NFIW) joined student protestors in the two kilometer march from Mandi House to Jantar Mantar in central Delhi on February 18, 2016.

To many, the most recent arrests represent just one more example of an alarming trend of government-sanctioned crackdowns on academic freedom and freedom of expression and dissent. Universities, in particular, have been in the crosshairs of the BJP, Modi’s right-wing, Hindu nationalist party. Kumar’s arrest came just weeks after the suicide of Rohith Vemula, a Ph.D. student at the University of Hyderabad (HCU) who hanged himself from a ceiling fan after being discriminated against for his status as a Dalit, one of the lowest castes in Hindu society. As with Kumar’s arrest, Vemula’s death was well-publicized and sparked public outrage at the government and the educational institutions that have become puppets of the political machinations of the current administration.

In the months leading up to Vemula’s suicide, the university had revoked his stipend and housing after he condemned members of Akhil Bharatiya Vidyarthi Parishad (ABVP), a right-wing student organization, which, like most student unions in India, is affiliated with a powerful political party – in this case, the Rashtriya Swayamsevak Sangh (RSS). The RSS is the Hindu nationalist, paramilitary arm of the BJP; together, the two groups have helped align the definition of Hindu nationalism with that of Hindu fundamentalism. In what seemed to be a further demonstration of the BJP’s growing influence on universities, the Vice-Chancellor of HCU, P. Appa Rao, reportedly suspended Vemula and four other students after BJP government officials forwarded him a letter by members of the ABVP, accusing Vemula and others of engaging in “castiest, extremist and anti-national” activities. India’s National Human Rights Commission is now investigating “emergency-like” events at the university during the week of March 21, when student protestors allegedly vandalized Rao’s office upon his return from personal leave. The university administration reportedly responded by shutting down access to food, water and the Internet, and closing campus to journalists and politicians. Meanwhile, university officials allowed the police to raid campus and arrest dozens of students and professors. Video has since emerged online of instances of police brutality against student protestors.

Given the government’s growing intolerance of dissent, it is no surprise that the community at JNU, a prestigious public university that is perhaps as well known for its leftist student activism as it is for its superlative academic scholarship, responded quickly and forcefully in asserting not only its support for Kumar, but also academic freedom and freedom of expression. Students organized demonstrations and protest marches. Professors and guest lecturers held teach-ins to packed audiences, lecturing on the meaning of nationalism, the importance of freedom of expression and the power of dissent. The arrests have also triggered condemnation from international scholars, including Noam Chomsky and Judith Butler, who have expressed their solidarity with JNU students. And at a recent academic conference, I sat frustrated with dozens of other American researchers and scholars as we struggled to find a way to express our support for the students’ fundamental rights to freedom of expression without jeopardizing our own presence in our host country. These fears are perhaps not unfounded. Last week, as she applied to extend her visa, a friend who teaches English to middle school students in Delhi was asked by the Foreigner Regional Registration Office if she had any affiliations with JNU.

IMG_1262

Students expressed support for Umar Khalid, a JNU student who surrendered himself to arrest days later on February 24, 2016, and charged with sedition alongside JNU Student Union President Kanhaiya Kumar.

Reactions from those outside India’s academic circles have been more restrained. “They shouldn’t support terrorism and be against India. It’s their own fault,” one young woman told me when I asked how she felt about Mr. Kumar’s arrest. A friend’s landlord also expressed frustration at the protests, albeit for different reasons. “We [the taxpayers] pay for them to go to school. And this is how they thank us?” he complained, apparently objecting not to the substance of the protests, but to the very fact of the students’ right to protest.

What is clear is that Kumar’s arrest has renewed debate about the preservation of the sedition law, which some argue, in its current form, leaves room for excessive checks on freedom of expression. Even so, India’s Supreme Court has ruled that seditious speech may be punished only if there is an “incitement” to – as distinct from mere advocacy of – violence or public disorder. Incitement to violence or “imminent lawless action” is a necessary element to seditious speech, and, as Lawrence Liang, co-founder of India’s Alternative Law Forum, explained, “[m]ere words and phrases by themselves, no matter how distasteful, do not amount to a criminal offence unless this condition is met.” Given Kumar’s political, rather than incendiary, speech, the charges are construed by many to be without merit.  On March 2, 20 days after his arrest, Kanhaiya Kumar was granted bail by the Delhi High Court, but not before his alleged offense was analogized as an “infected limb.” Of the student activism that give rise to the alleged offenses, Justice Pratibha Rani observed, “I consider this as a kind of infection … which needs to be controlled/cured before it becomes an epidemic. Whenever some infection is spread in a limb, effort is made to cure the same by giving antibiotics orally … [s]ometimes it may require surgical intervention also. However, if the infection results in infecting the limb to the extent that it becomes gangrene, amputation is the only treatment.”

Weeks earlier, shortly after he was kicked and punched outside the courthouse by lawyers and lawmakers, Kumar had said in a statement, “I am an Indian. I have full faith in the Constitution as well as the judiciary of the country.”

Hindustan Zindabad.

 

Above is a short compilation of raw video taken at a protest march in New Delhi on February 18, 2016. The march was attended by thousands of students, professors and other supporters across India protesting the arrest of JNU student Kanhaiya Kumar.

Jennifer Li is a 2015 alumnae of Fordham Law School. She is currently a Fulbright Scholar in India.

The views expressed in this post remain those of the individual author and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School, Fordham University or any other organization.

Photos and videos courtesy of Jennifer Li.

Advertisements


Leave a comment

Using technology to fight terrorism and ensure human rights (part 2 of 2)

By Shruti Banerjee

Recent terrorist attacks in San Bernardino, Brussels and South Carolina have led government officials to increase pressure on major tech companies to take greater measures to help security agencies monitor terrorist activities. This has led to a vigorous debate on the issues of corporate responsibility, individual privacy rights and the government’s ability to monitor terrorist activities. This is the second post in a two-part series about technology, terrorism and human rights. This post will analyze the various positions in this debate, and consider the how the government and tech companies can work together to effectively combat the root causes of radicalization and terrorism while still upholding fundamental human rights.

THE ENCRYPTION DEBATE

With the rise of internet communications, terrorist groups have been using email, messaging applications, online forums and other internet tools to recruit members and plan attacks. Many government officials have firmly argued that tech companies must take greater measures to provide security agencies with data that will help them monitor this extremist activity.

But even if many companies wanted to comply, private messaging systems such as WhatsApp and iMessage automatically encrypt messages, meaning that they are secretly encoded and cannot be read without a key. Thus, companies cannot turn over messages to law enforcement because they have no mechanism of retrieving them. This predicament has sparked a fierce debate over how to monitor and combat terrorist activities on the internet. Many officials argue that tech companies there should create a backdoor—a way for a “secure” system to be accessed through coding or other vulnerabilities—in various applications for law enforcement officials to use when investigating criminal activity.

However, critics, including many leading figures in the tech industry, caution that creating a backdoor to encrypted applications may open a whole new can of worms. Tech companies point out that if any backdoor exists, hackers will eventually find it and reduce data security for all individuals. The BBC notes that if major companies were required by law to introduce back doors, terrorists would simply utilize other platforms, such as free add-on applications that automatically encrypt messages. This would make gathering information even more difficult for security agencies. A backdoor would leave services for innocent individuals far less secure, while dangerous people would be operating on systems that are even harder to gain access to. Furthermore, tech companies such as Microsoft, Google, Apple and Yahoo vowed to protect the privacy of their users from government surveillance by making encryption a default option after the NSA surveillance scandal in the US and UK. Opening up a backdoor would backslide on their promise and endanger individuals’ right privacy on the internet.

Aside from privacy and security concerns, the efficient use of these back doors would also be a challenge. While implementing a system that scanned every online message for extremist or terrorist keywords and hate speech is technically feasible, with approximately 1.3 billion internet users around the world, the number of cases that could be labeled as potential threats would be overwhelmingly high. This type of wide-scale reporting to authorities would be an immense undertaking for tech companies like Facebook, according to the BBC.

CURBING TERRORISM IN OTHER WAYS

Despite the impasse between the government and tech companies on the encryption debate, there are still a myriad of ways tech companies can and do cooperate with the government to help tackle terrorism. For example, Alan Woodward, a cybercrime consultant, says that encrypted messages can be useful in combating terrorist attacks because they still reveal metadata, such as information about who talked to whom and for how long. He explained that metadata was used to arrest the attackers who carried out the attacks in Paris in November 2015. Security agencies can use link analysis to figure out communication patterns and identify potential threats or sources of information.

Internet Protocol addresses (IP addresses), unique identifying numbers assigned to any devices connected to the internet, are also important in the fight against extremism and terrorism. Tracing the IP addresses of recruitment messages and their followers can help intelligence agencies determine the identities of supporters and potential recruits. Tech companies such as Google have complied with the government’s requests for IP address information and if tech companies continue to help track encrypted messages and IP addresses, they could contribute immensely to the fight for security.

When it comes to website content, tech companies could work to block, delete or monitor extremist and hateful content. Companies such as Google do not allow hateful content that incites violence or extremely “graphic or gratuitous” violent content on their platforms. This is usually taken to include violent videos of beheadings used by the Islamic State of Iraq and Syria (ISIS) as scare tactics and recruitment messages. However, since there is no algorithm that can prevent the uploading of violent or extremist content, companies are largely dependent on users to flag inappropriate content, which is typically removed within a few hours. Similarly, other tech companies do not have a mechanism to stop the creation of new extremist websites. While Europe is developing a police team specializing in monitoring ISIS terrorist activities and blocking jihadi sites online, developing a way to quickly delete or prevent the creation of these sites may be helpful. In instances when leaving websites or forums up may be helpful, tech companies and the government could work to monitor or infiltrate extremist groups to gather intelligence, as has already been done by Ghost Security Group, a hacker group committed to the fight against extremism.

HUMAN RIGHTS IMPLICATIONS

As human rights advocates have pointed out, if tech companies are pressured to lessen encryption, create backdoors for the government to investigate terrorist activities and hand over user data, it could be problematic for the basic privacy and free speech rights of many individuals. Many notable factors make it hard for the people to believe that turning over more data to the government will actually make society safer. Firstly, there has been significant mistrust of the government after the U.S. National Security Agency surveillance scandal was exposed by Edward Snowden. After this leak, governments around the world considered and passed pieces of legislation allowing for widespread surveillance of their populace. To address this issue, the United Nations General Assembly adopted resolution 68/167 in December 2013, which reaffirmed internet and technology users’ right to privacy in the digital age.

Secondly, even if the government is given users’ data, there is a good chance that they will not use it. Daryl Johnson, former Analyst at the U.S. Department of Homeland Security, pointed out that right-wing extremist groups were not being monitored effectively (or at all) in the U.S. despite the sharp increase in domestic terrorism carried out by right-wing groups. Right-wing terrorists, such as Dylann Roof and Timothy McVeigh, are known for leaving hateful online manifestos and plans of action. This information was public and the government had full access to it. Instances like these indicate that even if the government is granted access to personal information of individuals, there is no guarantee this data will be analyzed effectively and accurately.

Moreover, several national laws, such as the U.S. Patriot Act, already offer the government significant access to the online activities of individuals and have been criticized for their overreach and lack of privacy protection. After the Charlie Hebdo attacks, France passed a sweeping surveillance bill, similar to the U.S. Patriot Act, to which the U.N. Human Rights Council voiced serious concern for its lack of oversight. Prime Minister Manuel Valle responded to the passage of this bill by saying, “France now has a secure framework against terrorism.” The most recent attacks in Paris, which took place after this law went into effect, suggest that sweeping surveillance powers do not function as a “secure framework against terrorism.” Rather, tech companies and the government need to work together to create a safer system that helps monitor hate speech and terrorist recruitment methods while protecting individual privacy rights.

WHAT WE CAN DO

It is clear that reactionary measures will not prevent future terrorist attacks. U.S. Government forces killed Osama Bin Laden, but now has to contend with ISIS. Hundreds of jihadist sites and accounts have been shut down, just to see more accounts opened. The U.S. and France passed bills granting the government sweeping surveillance powers, which did not prevent the most recent attacks in Paris and San Bernardino. While we focus on foreign terrorist threats, right-wing extremist groups are allowed to organize with almost no oversight and consequences. Effectively combating terrorism will require a two-pronged approach: (1) the government must attack the root of the problem by understanding the socioeconomic conditions which create terrorist breeding grounds, promote recruitment and allow for certain threats to go overlooked; and (2) the government and tech companies must find a way to work together to enhance security and stop hateful speech while simultaneously protecting privacy and free speech rights.

David Mair, a cyber-terrorism researcher at Swansea University, told the BBC that poverty, social exclusion and a lack of positive role models for young Muslim men all drive radicalization. Tackling these core issues will help the West overcome credibility issues with potential extremist recruits and engage individuals in more meaningful ways. He explained that extremist groups are reaching out to alienated young men in the West and offering them an opportunity to join a brotherhood in Syria where they can fit in. Mair argued that this propaganda can be countered by demonstrating why life under ISIS is not utopian and how the religious arguments made by these extremist groups are false. The government must also act to counter the drastic increase in hate crimes against Muslims after the Paris attacks. These bias crimes further exacerbate racial and religious tensions, and promote further radicalization instead of combating the root of the problem.

In line with these actions, spreading truthful facts and thwarting hate speech is also necessary in combating terrorism. After a recent attack on a Planned Parenthood, the Governor of Colorado noted that it was time to tone down the rhetoric that “is inflaming people to the point where they can’t stand it, and they go out and they lose connection with reality in some way and commit these acts of unthinkable violence.” We must do more to monitor and stop right-wing extremism and hate speech that incites violence.

Responding with force after lives have been lost is a reactionary measure that will not eradicate the root of the problem. Our methods to combat terrorism have been failing, and we need to start attacking terrorism comprehensively, from implementing new ways to track terrorist activity online to preventing radicalization and the socioeconomic conditions that foster terrorist breeding grounds. Tech companies and the government can also work together to implement creative mechanisms that monitor important data and thwart hate or extremist speech. If tech companies keep moving in a socially-responsible direction and the government begins to effectively and accurately analyze the data they have, then the internet can become a powerful tool in preventing future terrorist attacks in a rights-respecting way. This type of private-public partnership, coupled with policies promoting education, health care, economic stability and human rights, will be the only effective way to prevent terrorism.

Shruti Banerjee is a 2L at Fordham Law School.

The views expressed in this post remain those of the individual author and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School, Fordham University or any other organization.

Photo Credit: Yuri Samoilov/Creative Commons


Leave a comment

Exploring the links between technology, terrorism and human rights (part 1 of 2)

By Shruti Banerjee

The recent terrorist attacks in Belgium and France as well as the rise of right-wing violence in the U.S. have raised many questions about the role tech companies and internet service providers play in monitoring terrorist recruitment and activities. While some terrorists, such as Dylann Roof, who shot nine African-Americans in a South Carolina church, leave blatant manifestos online , others, such as the Islamic State in Iraq and Syria (ISIS) and right-wing groups in Europe, use the internet in more nuanced ways to recruit members and plan attacks. To effectively prevent terrorist activity we need to examine each of these methods.

This is the first in a two-part series about technology, terrorism and human rights. This post will explore how the internet has been used by terrorist groups to recruit members and plan attacks. A second post will discuss the corporate responsibility of tech companies in national security and human rights issues. It will also explore how people are using the internet to combat terrorism and how we can continue to prevent radicalization leading to attacks.

ONLINE RADICALIZATION AND RECRUITMENT

Understanding how technology has transformed the way we communicate is particularly important in an era when internet communication and mass messaging have been used as tools by militant organizations such as ISIS and domestic right-wing terrorist groups to promote their message and recruit new members.

Recruitment methods used by extremist Islamic groups are more nuanced and refined than blatant proclamations to support terrorist organizations. David Mair, a cyber-terrorism researcher at Swansea University, collaborated with the University of Massachusetts’ Center for Terrorism and Security Studies to analyze jihadist messages in online terrorist magazines. He notes there are key differences in ideology that drove messaging – most notably between the Islamic State and Al-Qaeda: while ISIS’ propaganda promotes the creation of a state governed by Sharia law, Al-Qaeda’s message typically focuses on jihad against oppressive western nations and promoting individuals to act alone in planning and executing attacks. These recruitment and attack planning methods are fundamentally different and require separate countering strategies, Mair said.

Muslim extremists have used various types of subtle propaganda to recruit members, such as promoting news stories of Western oppression and disguising extremist sites as religious sites. In an interview with the BBC, Sajid, a 16-year-old student in London whose brother was radicalized discusses how he was almost radicalized too. He opened a fake twitter account to learn more about ISIS after his brother left for Syria to join them. He told BBC over an encrypted chat application that he was surprised that no one in ISIS actually told him to support ISIS or move to Syria. The process of radicalization happened when he watched videos and encountered messages about Sunni oppression. This propaganda is used to incite anger in its viewers and create a community. Sajid said he caught himself becoming “heart-hardened” by this propaganda, but was eventually able to reject ISIS’s message. “After reading about Shia crimes against local Sunnis, I remember watching a video of an execution of an Iraqi soldier and thinking, ‘Good.’ This shocked me afterwards…I questioned my conscience, and my results were that I did not support ISIS with my heart at all,” Sajid said in the interview.

This type of subtle propaganda makes it more difficult to discern and dissuade potential recruits because actual news of attacks can be used as propaganda. Since it would pose a freedom of speech issue to censor these types of news stories, governments have a hard time cracking down on radicalization and recruitment. Monitoring and curbing extremist propaganda becomes even more complicated when it comes to religious messages aimed at recruiting young women and men. Extremists target young adults through websites posing as educational in nature, Sara Khan, Director at the anti-extremist group Inspire, explained to BBC News in an interview. Youth innocently searching for information about their faith can be unaware they have stumbled across extremist groups, Khan said. These recruitment sites often utilize religious language to convince the reader that their view is the proper interpretation of Islam. They exploit religion to recruit youth who have not learned much about their faith and cannot critically analyze the extremist interpretation.

Xenophobia in western countries and promises of a utopian state are other tools used by terrorists to recruit members from the west, Qari Asim, Senior Imam at Makkah Mosque in the United Kingdom, said in an interview with BBC. He recently visited Calais, a make-shift refugee camp in France, and met refugees who fled ISIS-controlled regions. These refugees explained that some young Muslims are leaving Britain to join ISIS because they didn’t feel like they belonged in England. According to Asim, ISIS is running a “sophisticated media strategy” to promote an anti-establishment view that appeals to many young people. He and his group are actively trying to prevent recruitment by utilizing social media strategies to engage with young people and spread truthful messages exposing the unpleasant realities of life under ISIS and combating xenophobia in the west.

Right-wing terrorist groups in Europe and the United States have used similar nuanced methods to spread their propaganda. Right-wing groups use the internet and technology to recruit members, create “virtual communities,” organize demonstrations and campaigns and promote violence. Like religious extremist organizations, these groups are targeting the youth and using the anonymity of the internet as cover. Essentially, they are trying to gain support by promoting “distorted accounts of social circumstances” on the internet, according to a report by the domestic intelligence service of Germany, Bundesamt für Verfassungsschutz (BfV). This report goes on to explain that controversial topics, such as immigration policy, are covered from an ideological point of view, making the intentions of the extremist less obvious to many readers.

Furthermore, right-wing extremist groups are often allowed to organize and disseminate their propaganda without much push-back from the government. In fact, the U.S. government has tended to focus on foreign terrorist threats, despite how domestic terrorism has killed more Americans since 9/11. Especially in the U.S., there is virtually no monitoring of right-wing extremist groups. The wide availability of this right-wing extremist propaganda and manifestos on the internet has led to radicalization and even attacks, such as Benjamin Smith’s shooting spree targeting minorities in Illinois and Indiana in 1999.

MASKING THEIR TRACKS

Extremists are cautious about internet security while using social media, blogs and video sites to recruit members and mobilize. ISIS militants avoid using high-profile communication companies, such as iMessage or WhatsApp, Peter Sommer, a digital forensics expert, told the BBC. Rather, terrorists efficiently find systems that offer its users simple ways to use encryption, a way of encoding messages so that only authorized people can read them, Sommer said. BfV reported that right-wing extremist circles have also started offering internet “security trainings” to teach others how to encrypt data.

Similarly, jihadi bulletin boards are filled with posts about free application add-ons to encrypt messages, Alan Woodward, a security expert, told the BBC. These encrypted messages pose a large hurdle for government agencies trying to monitor extremist activities and prevent attacks. The availability of encrypted systems makes the government security agencies crackdown “absolutely pointless” because terrorist are using off the record protocol, providing them end-to-end encryption, Woodward explained. This means that it is incredibly difficult for anyone, including tech companies providing these services, to intercept and decode the message.

Going after big tech firms would not entirely solve the problem, Woodward said, because even if these companies stopped providing off the record protocol, there are numerous sites providing free add-ons to encrypt messages. Since these encrypted messages are significantly harder to monitor than open manifestos, this has led to a contentious debate between tech companies who provide these services and the government who needs to stop terrorist activities about the responsibility of private companies in the fight against terrorism.

CONCLUSION

From New York to Bombay and Paris to Beirut, we can all fall victim to the devastation caused by terrorism, which poses a significant threat to security, stability and human rights. Our socioeconomic status and borders cannot protect us, leaving us all united under a common threat. The pervasiveness of this threat makes it even more important to understand how we can effectively stop it. This could mean countering the various recruitment methods used by extremist groups or urging the government and tech companies to work together to monitor terrorist activities on the internet. The second post in this series will discuss the debate between tech firms and the government over access to encrypted messages, privacy concerns and collaborative, rights-respecting solutions to some issues posed by terrorism.

Shruti Banerjee is a 2L at Fordham Law School.

The views expressed in this post remain those of the individual author and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School, Fordham University or any other organization.

Photo Credit: Bernardo R/Creative Commons


Leave a comment

“How I learned to stop worrying and love the Stuxnet”: U.S. and China seek common ground in regulating cyberwarfare

By Meric Sar

“Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you keep it a secret! Why didn’t you tell the world, EH?

Ambassador de Sadesky: It was to be announced at the Party Congress on Monday. As you know, the Premier loves surprises.”

Dr. Strangelove, 1964

Chinese President Xi Jingping’s recent visit to U.S. may be paving the way for the super powers to enter into a mutual arms control agreement in relation to cyberwarfare, the first of its kind. Considering cyberwarfare and its regulation have grave implications for freedom of expression, the right to privacy, net neutrality and security of persons, human rights advocates should keep a close eye on this development.

On Sept. 25, in a press conference, President Barack Obama and President Xi declared their governments’ mutual intent to establish greater cooperation in fighting cybercrime. They vowed to refrain in the future from harboring malicious cyberactivities targeting the other’s information and communication systems. Remarkably, the parties also declared their interest in exploring the prospect for an international code of conduct applicable to states in relation to cyberwarfare.

This comes after the world witnessed the rapid development of cyberwarfare methods in the last decades. The risks posed by cyberwarfare makes its disruptive potential perhaps only comparable to nuclear weapons. Indeed, the dependency on information and communication technologies at all levels of modern life—from the power grid to satellites, banking systems and medical facilities—makes a cyberapocalypse a scary possibility when governments are willing to spend vast resources on malicious technologies to gain the upper-hand in a wartime scenario.

“YOU SHALL NOT HACK YOUR NEIGHBOR!”

Although it is premature to talk about a conclusive agreement, the common agenda of the U.S. and China at the recent talks had three main points: (1) greater executive cooperation in information sharing; (2) a greater commitment in policing domestic perpetrators of cyberattacks and refraining from providing any support to these groups; (3) and developing an international code of conduct for states to follow in relation to the regulation of cyberwarfare.

Both countries are already on the way to creating an executive system for information sharing and mutual assistance in the investigation of cybercrimes concerning malicious activity identified by either side. Furthermore, they will establish a high-level joint dialogue mechanism with the involvement of the intelligence community, which will be charged with the monitoring and reviewing this system.

Moreover, both heads of state also declared their commitment to “making common effort to further identify and promote appropriate norms of state behavior in cyberspace within the international community,” and agreed to create a senior experts group to develop a framework with the July 2015 report of the U.N. Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International security in cyberspace in mind.

The U.N. experts report reflects a multilateral understanding on certain norms, the majority of which were proposed by the U.S. Some of these include that states should not knowingly damage each other’s critical infrastructure using cyberattacks, should not target each other’s cyber-emergency responders in case of an emergency, and should assist other nations investigating cyberattacks and cybercrimes launched from their territories.

THE COSTS OF CYBER-WARFARE

In its simplest form, a cyberattack is conducted for purposes of espionage with an aim to break into someone else’s IT system, most often with an aim to retrieve trade secrets and other confidential information. Although cyber-espionage may seem to be a simpler form of cyberwarfare, its asymmetrical nature makes it particularly troublesome for an economy like that of the U.S., which relies heavily on advanced technological know-how. A single act of cyber-intrusion may result in tremendous losses in the form of leaked trade secrets and intelligence. Often, the financial impact of the attack will greatly outweigh the marginal costs necessary to facilitate such an act, which can be orchestrated by few hackers with modest resources. Furthermore, using moderate technical measures, the source of a cyberespionage attack can easily be cloaked. An important characteristic of the internet in China is that telecommunications infrastructure enabling online access routes are mostly owned by the government. This makes it essential for U.S. to gain access to the monitoring capacities of the Chinese government to be able to investigate and punish cyberattacks by Chinese individuals targeting U.S.

According to the chief of the NSA, General Keith Alexander, the loss of industrial know-how and related intellectual property through cyber-espionage constitutes the “greatest transfer of wealth in history,” as U.S. companies reportedly lose about $250 billion per year through intellectual property theft, and $338 billion due to cybercrime in general. Recently, China was also identified by the F.B.I. as the chief suspect for various cyberattacks, which exposed sensitive personal information of millions of U.S. government employees. The massive scale of the economic loss and national security vulnerability associated with cyber-espionage originating from China makes it an utmost priority for Obama administration to pull China into a fair game.

“ZERO DAY” WARFARE

Although some commentators are skeptical about whether China can be trusted to honor its commitment to refrain from state-sponsored cyber-espionage, an international regime of stability with regards to cyberspace is equally indispensable for a country like China, especially considering its ever-growing reliance on information technology systems to be able to sustain its economic development. This is where “zero day” cyberwarfare, the exploitation of unpatched software vulnerabilities that cannot be defended against, poses disturbing risks for China. Thus, China may greatly benefit from stronger cooperation with U.S. authorities and their unmatched capabilities in cyberwarfare so that it can develop state-of-the-art defense mechanisms.

A “zero day” attack is a form of cyber-sabotage that exploits a previously unknown (or undisclosed) vulnerability in a computer application. Often the developer of the application may not be aware of a “zero day” vulnerability in the software or application that he or she has designed. It is known as a “zero day” vulnerability because once the flaw becomes known and exploited, the developer of the computer application has zero days to mitigate its exploitation.

Normally, when a cybersecurity expert reveals a “zero day” vulnerability in a particular software, he or she should communicate the vulnerability to the software’s developer so that the developer can devise a method to fix the vulnerability and protect its clients from abuse. Avoid doing this, and the unfixed vulnerability will render other computers installed with the same software prone to attack from criminal hackers, corporate spies and foreign intelligence agencies, who may have obtained the knowledge of the vulnerability through other means.

A cyberattack that uses “zero day” vulnerabilities of operating systems could seamlessly take down a whole factory or nuclear plant. The most famous computer virus using “zero day” exploits was discovered in 2010, and was given the name Stuxnet. Stuxnet is believed to originate from a secret collaboration between the U.S. and Israeli governments. It was designed to damage certain nuclear facilities in Iran by infiltrating the targeted computers at the facilities in an effort to curb Iran’s nuclear enrichment activities. The virus relies on previously unknown vulnerabilities of operating systems, and can spread across a computer network without notice, infecting all the computer systems it encounters. The virus stays dormant until it reaches its target computer, at which point it can be activated to disrupt the computer’s system without revealing itself to the victim. Reports claim that the concept for Stuxnet originated from the renowned cyber-strategist General James E. Cartwright, who was the head of the U.S. Strategic Command, the agency responsible for nuclear deterrence, under the Bush Administration.

“DON’T ASK, DON’T TELL!”

Disturbingly, for a long period of time the N.S.A. followed a deliberate “nobody but us” policy restricting its officers from disclosing any “zero day” software vulnerabilities they reveal in the software they are using. Under this policy, when a NSA employee uncovers a “zero day” vulnerability on a piece of software (e.g. in the current version of Microsoft Windows), he or she has to keep the information secret in order to afford U.S. authorities a security hole in the systems of its adversaries that are using similar software. This policy has given U.S. government considerable advantage in “zero day” warfare methods.

Although the U.S.’ “nobody but us” policy may sound like an effective strategy to secure the upper hand for “offensive” purposes, it is far from convincing as a policy for maintaining “security” at home. Instead of encouraging transparency and timely dissemination of information to stakeholders in public and private industries in order to tackle technological vulnerabilities in a coordinated fashion, the NSA’s strategy relies on obscurity and informational asymmetry, rendering the national security itself open to abuse by malicious insiders or hackers.

The advances of the U.S. in “zero day” cyberwarfare do not mean that the U.S. has the sole monopoly over such tools either. In fact, Stuxnet is open source technology—meaning that currently anyone can download the source code and modify it for their own purposes.

A BEHAVIORAL EQUILIBRIUM

The current state of cyber-affairs can be compared to the intense period of nuclear armament that preceded the Limited Nuclear Test Ban Treaty, the signing of which took 18 years following the Hiroshima disaster. Perhaps we are approaching a behavioral equilibrium for super-powers in a way resembling the logic of the Cold War. Considering the mounting current costs and future risks for both China and the U.S. posed by an unregulated cyberspace with irresponsible actors, there is a large incentive for establishing rules that are internationally respected.

Cyber-attacks do not only target governments and corporations. NGOs and activists are also regular targets of such attacks. However, U.S.-China discussions thus far have failed to address such non-commercial civilian concerns. An international treaty on cyberspace may be an important first step. However, without addressing important civil issues such as free speech and net neutrality, international cyberspace law will not go far from merely representing the “policing” concerns of governments and intellectual property corporations. We must be wary of such a scenario as it will likely cause the internet to lose its truly “international” character and result in the fragmentation of internet into “fiefdoms” behind national walls.

Meric Sar is a Staff Writer for Rights Wire.

The views expressed in this post remain those of the individual author and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School, Fordham University or any other organization.

Photo credit: Chris Robers/Defence Images


1 Comment

Reconciling freedom of expression and religion after the Charlie Hebdo attacks: France’s struggle for laïcité

By Marie-Cassandre Wavre

On January 11, millions of people throughout France and the world marched in an anti-terror unity rally in honor of the victims of the terrorist attacks against the French magazine Charlie Hebdo, in which 14 people were killed. Yemen’s al-Qaeda claimed responsibility for the deadly assault, saying it was “revenge for the honor of the Prophet.” Charlie Hebdo, a satirical magazine, is known for its controversial caricatures of the Prophet Muhammad, which is blasphemous in Islam. Before the attacks, however, the magazine was not very popular and was constantly sued for slander, libel and defamation. So what led so many people to proclaim, “Je suis Charlie”? It was freedom of expression.

Freedom of expression is one of the most important values in France, dating back to the French revolution of 1789. During the monarchy, the common practice of lettre de cachet—a letter signed by the king and closed with the royal seal that contained an order to arrest—allowed the King to imprison any person at will and without due process. It was usually used against political opponents of the regime who were “too loud,” and was one of the root causes of the revolution. Freedom of speech is now a constitutional right that protects “the pluralistic expression of opinions”

The implementation of this right is closely linked to the French tradition of secularism: laïcité. According to this version of secularism, which is strongly tied to French universalism, the particularities of individuals and groups are subjugated to the larger idea of the “Nation.” Therefore, all citizens are required to respect the neutrality of public space regardless of their religious or cultural background—the practice of religion being allowed only in the private sphere. Contrary to the United States’ communitarian policies and ideals that favor multiculturalism and the recognition of difference, French citizenship is intimately tied to acceptance of universalism. Rather than integration, assimilation is seen as the best way to protect human rights from the “tyranny of the minority.” Indeed, under the Ancien Régime, religion was often used to justify abusive power. For example, King Louis XIV was an absolute monarch because he was “the representative of God on Earth.” The French people believed that true democracy and freedom could only be achieved by completely separating the church from the state. Under the laïcité doctrine, no one can be barred from criticizing a religion or idea. This is why, although Charlie Hebdo was sued around 50 times in 22 years by many religious organizations, it was actually convicted less than ten times.

The controversial part of laïcité is that despite protecting free speech, it bars public displays of religion. In 2010, France passed a law making it illegal for anyone to cover their face in a public place, which de facto prevents Muslim women from wearing the burqa in public. For many, laïcité is seen an excuse to force Muslim immigrants to conform with French culture without regard for religious beliefs or cultural differences. Indeed, Catholicism is not as deeply affected by laïcité because many Christian traditions are part of the French national identity and culture. Nevertheless, in 1990, France adopted a law outlawing Holocaust denial. One might question the constitutionality of the law with regard to the laïcité principle since it obviously favors Judaism. However, French law clearly distinguishes between simple expressions of opinion and hate speech against a particular group. This limitation on free speech is permitted by international human rights law to protect national security. In other words, France protects individual rights and the people, but not their churches, doctrines or ideas. This had a rather confusing consequence when the French humorist Dieudonné was charged with “defending terrorism” after declaring “I feel like Charlie Coulibaly” (from the name of Amedy Coulibaly, who allegedly killed four hostages at a kosher supermarket and a policewoman following one of the Charlie Hebdo attacks).

French law is shaped by its history and traditions, but is still stuck in its past. France has one of the biggest Muslim populations in Europe (7.5 percent in 2010, according to the Pew Research Center), but laïcité laws directly affect their integration and religious rights. Furthermore, France’s Muslim population, which is mostly of North African origin, is deeply disenfranchised socioeconomically, causing resentment and lack of integration. The Kouachi brothers who carried out the Charlie Hebdo attacks were born, raised and marginalized in France. They belonged to a second generation of immigrants who criticize their parents for having denied their Muslim identity, which is sometimes seen as an acceptance of past colonial domination. Their alienation from French society and turn towards violence shows that France suffers from an important identity crisis. Many groups in France are discriminated against because of their race, ethnicity or religion while, at the same time, they have French citizenship and do not share the same history as their parents.

Overall, French Muslims are being more and more marginalized and geographically segregated. Many immigrants live in housing projects of the banlieues, where poverty, unemployment and crime rates are high. In this kind of environment, Islamic fundamentalist recruiters offer an alternative to drugs, marginalization and poverty. This increases social tensions which benefit far-right parties like the National Front, which openly promotes xenophobic policies.

There is an urgent need to promote cross-cultural integration and understanding through education and economic support. France’s laws on laïcité should be more flexible and compatible to allow for religious expression, even in public places. The prohibition of the veil in school, for example, is too aggressive towards Muslims. A first step towards solving the problem is to recognize the nature of the separation between the banlieues and the rest of France. The Kouachi brothers are the result of a society failing at integration and producing alienation. France does not need a law prohibiting caricatures of the Prophet Muhammad because freedom should not yield to extremism. But laïcité and freedom of speech do not mean the same thing. By tying the discussions about Charlie Hebdo with the issue of laïcité, France is evading a tougher debate about how to address the problems of integration. Liberty creates a responsibility to exercise freedom of expression in a more careful manner, respectful of religion and non-offensive, to avoid tearing apart a country that is already broken.

Marie-Cassandre Wavre is a French LL.M. student at Fordham Law School.

Photo credit: Olivier Ortelpa/Creative Commons