WikiLeaks Omitted from the US International Cybersecurity Strategy

The United States officially launched its international cybersecurity strategy in a White House event on Monday, May 16. Secretary of State Hillary Clinton joined by the following administration officials: John Brennan, the president’s counterterrorism and homeland security adviser; Howard Schmidt, White House cybersecurity coordinator; Attorney General Eric Holder; Secretaries Janet Napolitano of Homeland Security and Gary Locke of Commerce; and Defense Deputy Secretary William Lynn.

The presentation of the cyber security presented several principles, outlined the approach the US intends to take in the further development of cyber security protections, and indicated how the US might use the Internet to preserve its status as a superpower in the world.

Featured during the presentation were seven principles, which appear in the framework: economic engagement, protecting networks, law enforcement, military cooperation, multi-stakeholder Internet governance, international development and Internet freedom. Within the presentation, Clinton sought to explain that cyber crime, Internet freedom and network security could no longer be “disparate stovepipe discussions.”

At no time during the launch of the strategy was WikiLeaks mentioned. Not even Clinton bothered to mention it, despite the fact that she heads a State Department that had their department’s classified information leaked and published by media organizations and continue to have new information published each day.

Yochai Benkler, faculty co-director of the Berkman Center for Internet and Society, has detailed the following:

Four years after its first document release, in 2010, Wikileaks became the center of an international storm surrounding the role of the individual in the networked public sphere. It forces us to ask us how comfortable we are with the actual shape of democratization created by the Internet. The freedom that the Internet provides to networked individuals and cooperative associations to speak their minds and organize around their causes has been deployed over the past decade to develop new networked models of the fourth estate. These models circumvent the social and organizational frameworks of traditional media, which played a large role in framing the balance between freedom and responsibility of the press. At the same time, the Wikileaks episode forces us to confront the fact that the members of the networked fourth estate turn out to be both more susceptible to new forms of attack than those of the old, and to possess different sources of resilience in the face of these attacks. In particular, commercial owners of the critical infrastructures of the networked environment can deny service to controversial speakers, and some appear to be willing to do so at a mere whiff of public controversy. The United States government, in turn, can use this vulnerability to bring to bear new kinds of pressure on undesired disclosures in extralegal partnership with these private infrastructure providers.

This development in the world of the Internet was apparently something US officials, who developed the strategy, felt they did not need to explicitly address. (And that might have something to do with the answer to the question, “Who benefits from this strategy?”)

A document outlining the strategy can be read in its entirety.

The strategy makes it clear: the US wishes for the world to know it intends to work in cooperation with other countries all over the world so that nations can realize their “potential for greater prosperity and security.” It frames cyber security as an “obligation” that government and societies “must take on willingly, to ensure that innovation continues to flourish, drive markets and improve lives.” And, the strategy pledges to confront issues of cyber security in ways “consistent with the principles” the US holds dear: “free speech and association, privacy and the free flow of information.”

Through this strategy, the US intends to work toward the achievement of the following goal:

The United States will work internationally to promote an open, interoperable, secure and reliable information and communications infrastructure in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace.

What might this international cooperation on cyber security and the Internet look like? Released US State Embassy cables likely provide a preview.

The US developed a concern over Internet piracy in Spain in 2008. 08MADRID843 reveals the US identified seven sites by downloads and complained that Spain needed to stop waiting for other countries. The US applied pressure to Spain on behalf of American commerce that wanted the country to strengthen their defense of intellectual property. This led Spain to announce an Inter-Ministerial Commission that would lay the groundwork for legislation against illegal Internet downloads, the Law of Sustainable Economy.

Cables from the US embassy in Wellington, New Zealand, revealed the US also pressured New Zealand to pass an Internet file sharing law, the Copyright (Infringing File Sharing) Amendment Bill. One cable indicates the US bankrolled local lobbying efforts led by the Recording Industry Association of New Zealand (RIANZ) and the Australasian Mechanical Copyright Owners Society (AMCOS). At least $533,000 was paid for “enforcement operations and seizures, with percentages or numerical targets reset annually” and for reports submitted by the International Federation of the Phonographic Industry (IFPI) detailing “contributions to IP protection and enforcement methodology.”

Secret government cables from Sweden show how negotiations on the Anti-Counterfeiting Trade Agreement (ACTA), an agreement that aimed “to set a ‘gold standard’ for intellectual property rights enforcement among a small number of like-minded countries,” was thought to be negotiated with too much secrecy. The cables feature “a top intellectual property official in Italy” explaining to the US “”the level of confidentiality in these ACTA negotiations has been set at a higher level than is customary for non-security agreements” and adding that it was “impossible for member states to conduct necessary consultations with IPR stakeholders and legislatures under this level of confidentiality.”

In the cables from Sweden is the assertion from a European Union top negotiator on ACTA, who tells the US embassy, “The secrecy issue has been very damaging to the negotiating climate in Sweden… The secrecy around the negotiations has led to the legitimacy of the whole process being questioned.” Critics wanted the process of developing the agreement to happen before a place for transparency like the WIPO, which could involve public interest groups. Cables from Japan show the US pushed back against the approach because of the fear that other nations wouldn’t support the restrictions it wanted included in the agreement.

Furthermore, US Trade Representative official wanted this to be a “a freestanding agreement, not related to any international grouping such as the G8 or OECD, which might make it more difficult to construct a high-standards agreement.” As described at Ars Technica, they wanted a “‘coalition of the willing’ bent on creating tough new enforcement rules that they would slowly seek to impose on other countries.”

“We should move as fast as possible and keep in mind that the intent of the agreement is to address the intellectual property rights problems of third-nations such as China, Russia and Brazil, not to negotiate the different interests of like-minded countries,” one Japanese Trade official notes.

Sweden is expected to play a central role in cyber warfare. The US has used Sweden, along with other countries, to map out the world’s digital infrastructure. Details on this mapping in the cables demonstrates what the US believes to be its “security zone” is the entire world.

Upon considering revelations in the cables, it is likely the implementation of any international cybersecurity strategy will not be open, fair or transparent. It will be cutthroat and conducted on behalf of US industry. And, diplomats will engage in squalid conduct and negotiations in order to make certain a specific agenda is implemented.

Sprinkled throughout the strategy are references to arenas in which the US might work to develop cyber security policy. Mentioned are the Organization of American States (OAS), Asian-Pacfic Economic Cooperation (APEC), the Association of Southeastern Asian Nations (ASEAN), the G8 and the United Nations. The Tunis Commitment of the World Summit on the Information Society and the Budapest Convention on Cybercrime both are mentioned as initiatives that might help inform how the US secures cyberspace in cooperation with other countries.

The Convention on Cybercrime is a treaty that was ratified in 2006 and is considered by the Electronic Frontier Foundation (EFF) to be one of the “worst Internet laws.” EFF wrote then the treaty would not just put “one bad Internet law into America’s lawbooks, but invite the enforcement of all the world’s worst Internet laws.”

The treaty requires that the U.S. government help enforce other countries’ “cybercrime” laws – even if the act being prosecuted is not illegal in the United States. That means that countries that have laws limiting free speech on the Net could oblige the F.B.I. to uncover the identities of anonymous U.S. critics, or monitor their communications on behalf of foreign governments. American ISPs would be obliged to obey other jurisdiction’s requests to log their users’ behavior without due process, or compensation.

In conclusion, the strategy portends a future where the language of open Internet advocates and freedom of speech activists is used and re-branded as an ideological weapon to advance purposes that have little to do with preserving the Internet and more to do with expanding America as a world power. If you read James Peck’s Ideal Illusions, this is what happened to the language of human rights.

The strategy will build America’s “soft power” in the world. It will seek to achieve desired outcomes through attraction rather than coercion in the same way Obama’s speech to the Muslim world aimed to repair the damage done between the US and Muslims during the Bush Administration era.

Also, this strategy asserts that there will be “rule of law” in cyberspace. It calls for the “rule of law” to be put in place “to prevent the risks of logging on from outweighing the benefits.” This is defined in the strategy as, “civil order in which fidelity to laws safeguards people and interests; brings stability to global markets; and holds malevolent actors to account internationally—both supports our national security and advances our common values.”

The strategy affords countries (presumably ones that support the strategy) the “right to self-defense.” This “right to self-defense” is the same right that nations like the US has exploited to justify wars like the pre-emptive war in Iraq. Will the world see this clause pushed into binding agreements and later used to justify cyber war on countries’ communications infrastructure?

The world has seen America purport to advance the “rule of law” offline. They have seen the US in the past decade create a “new normal” where individuals are shielded from accountability for engaging in warrantless wiretapping, torture, or rendition; state secrets are invoked to prevent transparency; detainees are denied habeas corpus; prisons like Guantanamo and Bagram (along with black prison sites that likely still exist) continue to hold detainees perhaps indefinitely; the right to target and kill U.S. civilians and bypass due process is asserted; and military commissions or “kangaroo courts” force detainees into Kafkaesque proceedings that make it nearly impossible to not be found guilty.

If this is what the “rule of law” looks like offline, what will any “rule of law” the US works to promote look like online?