Should we fear the power of government over the Internet?

Governments around the world are tracking their citizens’ activities online.[1] They can use all sorts of techniques, like automated data-mining (i.e. via trawling your Facebook and Twitter accounts) and deep packet inspection of each electronic message sent (i.e. intercepting and reading your email). All these methods are violations of important principles.

The automated data-mining violates the principle that people shouldn’t be investigated by their governments unless there is warrant for it (so there is reasonable suspicion that they have been involved in a crime). Also, data mining creates many false positives, leading to citizens being thoroughly investigated without probable cause.[2]  Deep packet inspection violates people’s fundamental right to secrecy of correspondence, which is a violation of privacy.

The problem with these government policies is that they’re hard to control – even in democracies: much of the spying is done by intelligence agencies, which are often able to evade democratic control on account of the need for secrecy rather than transparency.[3]   

[1] Reporters Without Borders, Enemies of the internet, 2012 and Kingsley, Britain won’t be the only country snooping on people’s internet use, 2012

[2] US Researchers Decide Spying On Citizens Is Bad, 2008

[3] Electronic Frontier Foundation, ‘NSA Spying’.

‘Spying on the internet’ is nothing different from a normal police investigation

Obviously, governments also use the internet and social media to investigate suspects. But when they’re doing this, they’re only using information that’s publicly available online. The technical term for this is ‘OSINT’, which stands for ‘Open Source Intelligence’, which means that it’s the kind of information that anyone with access to Google and a lot of spare time could have found.[1]

When police investigations turn up more severe suspicions, then more extreme methods can be used to obtain evidence if needed, sometimes even actively asking hackers for help.[2]

But methods like these are not necessarily bad: their disadvantages in use have to be weighed against their significant benefits. And governments are doing this, as is for example shown in Canada’s ‘Technical Assistance for Law Enforcement in the 21st Century Act’: governments try to extend the principles of due process and probable cause to the internet, but at the same time they need to be able to defend their citizens from harm.[3]

[1] Wikipedia, ‘Open source intelligence’, 2012.

[2] ‘NSA chief seeks help from hackers’, 2012

[3] ‘Technical Assistance for Law Enforcement in the 21st Century Act’, 2012

Governments are trying to control what citizens can and can’t say online and what they can and can’t access. This can vary from France and Germany requiring Google to suppress Nazism in search results[1] to the Great Firewall of China, where the Chinese government almost fully controls what’s said and seen on the internet and has an army of censors.[2]

This type of internet censorship is bad because citizens should have freedom of speech and uninhibited access to information,[3] a right so fundamental that we have enshrined it in the Universal Declaration of Human Rights[4] and reaffirmed by the participants of the World Summit on the Information Society in 2003.[5]

[1] Zittrain and Edelman, Localized Google search result exclusions, 2005

[2] Internet censorship in China, 2010

[3] Free Speech Debate, 2012

[4] article 19, Universal Declaration of Human Rights

[5] Declaration of Principles, article 4, 2003

As in the offline world, free speech isn’t unlimited

Even in free societies, free speech isn’t always free. Free speech can be demeaning and hurtful to certain people or can even incite hatred and violence.[1] The first reason is why, under internet libel law, Internet Service Providers (ISPs) are asked to remove defamatory material and blogs take to moderating their comments more,[2] and the second is why Germany and France have outlawed Holocaust denial and Nazism.

As in the previous arguments, accountable governments are attempting to strike a balance between free speech and where this can harm others.[3] A carefully struck balance between rights in the offline world shouldn’t have to be abolished, just because we’re now in the online world.[4]

[1] Waldron, ‘The harm of hate Speech’, 2012

[2] Alibhai-Brown, ‘Freedom of speech can’t be unlimited’, 2009.

[3] Minister: The UK “emphatically” supports free speech online but there are limits, 2012

[4] Schellekens, “What holds off-line, also holds on-line?”, 2006

Large companies have an active interest in shaping the structure of the internet. One example of this is the Stop Online Piracy-Act (SOPA),[1] wherein U.S.-based music and movie companies proposed that they themselves would be able to police copyright infringements against websites that are hosted outside of the United States.[2]

The phenomenon whereby companies succeed in shaping government policies according to their own wishes is called ‘regulatory capture’. Another example from the telecommunications industry is the lobby effort by several large corporations, who have succeeded in eroding consumer protection in their favour.[3] If the government wouldn’t have been involved in regulating the internet in the first place, big companies wouldn’t have had any incentive to attempt regulatory capture.

[1] 112^th Congress, ‘H.R.3261 – Stop Online Piracy Act’

[2] Post, ‘SOPA and the Future of Internet Governance’, 2012

[3] Kushnick, ‘ALEC, Tech and the Telecom Wars: Killing America's Telecom Utilities’, 2012

With the government as final decision-maker, at least the citizens and consumers have some say

Regulatory capture does sometimes happen and when it does, it’s bad. But the risk of regulatory capture isn’t a sufficient argument to keep the government away from regulating the internet, because governments can also protect citizens and consumers from big companies.

An example is the net neutrality debate. Content providers could have started paying Internet Service Providers (ISPs) to have their websites load faster than any other website (paid prioritization). Entertainment companies that also provide internet are currently being investigated for not allowing their competitors in the entertainment segment access to their network as internet provider.[1] This threatens the freedom of choice of the consumer, which is why governments have stepped in to ensure that companies aren’t allowed favour some websites.[2] If the government wouldn’t have been involved in regulating the internet, it couldn’t have stood up for consumers’ and citizens’ rights like this.

[1] DOJ Realizes That Comcast & Time Warner Are Trying To Prop Up Cable By Holding Back Hulu & Netflix, 2012

[2] Voskamp, ‘GOP Attempt to Overturn FCC’s Net Neutrality Rules Fails in Senate’, 2011

Governments around the world are tracking their citizens’ activities online.[1] They can use all sorts of techniques, like automated data-mining (i.e. via trawling your Facebook and Twitter accounts) and deep packet inspection of each electronic message sent (i.e. intercepting and reading your email). All these methods are violations of important principles.

The automated data-mining violates the principle that people shouldn’t be investigated by their governments unless there is warrant for it (so there is reasonable suspicion that they have been involved in a crime). Also, data mining creates many false positives, leading to citizens being thoroughly investigated without probable cause.[2]  Deep packet inspection violates people’s fundamental right to secrecy of correspondence, which is a violation of privacy.

The problem with these government policies is that they’re hard to control – even in democracies: much of the spying is done by intelligence agencies, which are often able to evade democratic control on account of the need for secrecy rather than transparency.[3]   

[1] Reporters Without Borders, Enemies of the internet, 2012 and Kingsley, Britain won’t be the only country snooping on people’s internet use, 2012

[2] US Researchers Decide Spying On Citizens Is Bad, 2008

[3] Electronic Frontier Foundation, ‘NSA Spying’.

‘Spying on the internet’ is nothing different from a normal police investigation

Obviously, governments also use the internet and social media to investigate suspects. But when they’re doing this, they’re only using information that’s publicly available online. The technical term for this is ‘OSINT’, which stands for ‘Open Source Intelligence’, which means that it’s the kind of information that anyone with access to Google and a lot of spare time could have found.[1]

When police investigations turn up more severe suspicions, then more extreme methods can be used to obtain evidence if needed, sometimes even actively asking hackers for help.[2]

But methods like these are not necessarily bad: their disadvantages in use have to be weighed against their significant benefits. And governments are doing this, as is for example shown in Canada’s ‘Technical Assistance for Law Enforcement in the 21st Century Act’: governments try to extend the principles of due process and probable cause to the internet, but at the same time they need to be able to defend their citizens from harm.[3]

[1] Wikipedia, ‘Open source intelligence’, 2012.

[2] ‘NSA chief seeks help from hackers’, 2012

[3] ‘Technical Assistance for Law Enforcement in the 21st Century Act’, 2012

Governments are trying to control what citizens can and can’t say online and what they can and can’t access. This can vary from France and Germany requiring Google to suppress Nazism in search results[1] to the Great Firewall of China, where the Chinese government almost fully controls what’s said and seen on the internet and has an army of censors.[2]

This type of internet censorship is bad because citizens should have freedom of speech and uninhibited access to information,[3] a right so fundamental that we have enshrined it in the Universal Declaration of Human Rights[4] and reaffirmed by the participants of the World Summit on the Information Society in 2003.[5]

[1] Zittrain and Edelman, Localized Google search result exclusions, 2005

[2] Internet censorship in China, 2010

[3] Free Speech Debate, 2012

[4] article 19, Universal Declaration of Human Rights

[5] Declaration of Principles, article 4, 2003

As in the offline world, free speech isn’t unlimited

Even in free societies, free speech isn’t always free. Free speech can be demeaning and hurtful to certain people or can even incite hatred and violence.[1] The first reason is why, under internet libel law, Internet Service Providers (ISPs) are asked to remove defamatory material and blogs take to moderating their comments more,[2] and the second is why Germany and France have outlawed Holocaust denial and Nazism.

As in the previous arguments, accountable governments are attempting to strike a balance between free speech and where this can harm others.[3] A carefully struck balance between rights in the offline world shouldn’t have to be abolished, just because we’re now in the online world.[4]

[1] Waldron, ‘The harm of hate Speech’, 2012

[2] Alibhai-Brown, ‘Freedom of speech can’t be unlimited’, 2009.

[3] Minister: The UK “emphatically” supports free speech online but there are limits, 2012

[4] Schellekens, “What holds off-line, also holds on-line?”, 2006

Large companies have an active interest in shaping the structure of the internet. One example of this is the Stop Online Piracy-Act (SOPA),[1] wherein U.S.-based music and movie companies proposed that they themselves would be able to police copyright infringements against websites that are hosted outside of the United States.[2]

The phenomenon whereby companies succeed in shaping government policies according to their own wishes is called ‘regulatory capture’. Another example from the telecommunications industry is the lobby effort by several large corporations, who have succeeded in eroding consumer protection in their favour.[3] If the government wouldn’t have been involved in regulating the internet in the first place, big companies wouldn’t have had any incentive to attempt regulatory capture.

[1] 112^th Congress, ‘H.R.3261 – Stop Online Piracy Act’

[2] Post, ‘SOPA and the Future of Internet Governance’, 2012

[3] Kushnick, ‘ALEC, Tech and the Telecom Wars: Killing America's Telecom Utilities’, 2012

With the government as final decision-maker, at least the citizens and consumers have some say

Regulatory capture does sometimes happen and when it does, it’s bad. But the risk of regulatory capture isn’t a sufficient argument to keep the government away from regulating the internet, because governments can also protect citizens and consumers from big companies.

An example is the net neutrality debate. Content providers could have started paying Internet Service Providers (ISPs) to have their websites load faster than any other website (paid prioritization). Entertainment companies that also provide internet are currently being investigated for not allowing their competitors in the entertainment segment access to their network as internet provider.[1] This threatens the freedom of choice of the consumer, which is why governments have stepped in to ensure that companies aren’t allowed favour some websites.[2] If the government wouldn’t have been involved in regulating the internet, it couldn’t have stood up for consumers’ and citizens’ rights like this.

[1] DOJ Realizes That Comcast & Time Warner Are Trying To Prop Up Cable By Holding Back Hulu & Netflix, 2012

[2] Voskamp, ‘GOP Attempt to Overturn FCC’s Net Neutrality Rules Fails in Senate’, 2011

Citizens, corporations, and public organizations face several security threats when online: critical infrastructure systems can be hacked, like the energy transport system,[1] citizens can fall victim to identity theft,[2] and phishing,[3] whereby hackers gain access to bank accounts or other sensitive information. Specifically, it seems that the public sector is attacked the most.[4]

In response to cyber-threats like these, many governments have set up Computer Emergency Response Teams (CERTs), Incident Response and Security Teams (IRTs), or Computer Security and Incident Response Teams (CSIRT; the fact that we haven’t settled on a fitting acronym yet shows how much it is still a novel phenomenon): agencies that warn citizens and organizations alike when a new threat emerges and provides a platform for (the exchange of) expertise in methods of preventing cyber-threats and exchanging information on possible perpetrators of such threats.  Oftentimes, these (inter)governmental agencies provide a place where private CSIRTs can also cooperate and exchange information.[5]

These agencies provide a similar function online as the regular police provides offline: by sharing information and warnings against threats, they create a safer world.

[1] ‘At Risk: Hacking Critical Infrastructure’. 2012.

[2] ‘Identity theft on the rise’. 2010.

[3] ‘Phishing websites reach all-time high’. 2012.

[4] ‘Public sector most targeted by cyber attacks’. 2012.

[5] see for example the About Us page of the US-CERT or the About the NCSC page of the Dutch CERT

Internet regulation isn’t an effective and legitimate means to create a safe internet

Setting up CERTs aren’t an effective means to create a safer internet, because most of the threats are a result of ‘social engineering’, which means that hackers use social cues to con people into believing frauds. People usually fall for this because of their own gullibility and naïveté, like in Nigerian email scams.[1] The most effective means of combating these threats is to educate citizens directly, the FBI already does this with Nigerian email scams.[2] People and corporations are primarily responsible for their own actions, which includes taking care of their own internet security by obtaining anti-virus software, and which also includes corporations making sure their websites are safe to use or else face liability charges if they turn out not to be.

Moreover, CERTs are illegitimate. They are illegitimate because they facilitate the sharing of information on specific persons across private and public organizations and because they are hard to control democratically. For example: the US-CERT is an agency residing under the department of Homeland Security. Through the sharing of information with private parties, these private parties, unwittingly, run the risk of becoming one of the government’s watch dogs. Moreover, this sharing of information is hard to control democratically: much of the information could be classified as secret, which means that citizens have no way of verifying whether public and private organizations are complying with data sharing regulations.

[1] Plumer, ‘Why Nigerian email scams are so crude and obvious’. 2012.

[2] FBI, ‘Nigerian letter or “419” fraud’.

The internet is a means of communication – therefore also a means of communication between criminals. And because it is global it creates global crime problems that need coordinated responses. One type of crime that has particularly become a problem on the internet is child sexual abuse material: the internet allows for an easy and anonymous distribution method which can even be secured by modern encryption methods.[1]

Governments can help fight this by requiring ISPs and mobile companies to track people’s internet histories, hand over data when requested, and allow police to get information from them without a search warrant, something which has been proposed by the Canadian government.[2] In Australia, the government even proposed mandatory filtering of all internet traffic by ISPs to automatically filter out all child sexual abuse material.[3]

Admittedly, these measures seem drastic – but in cases like these, or similar cases like terrorism, the harm prevented is more important.

[1] ‘Child Pornography on the Rise, Justice Department Reports’. 2010.

[2] ‘Current laws not focused enough to combat child porn online’. 2012.

[3] Mcmenamin, Bernadette, ‘Filters needed to battle child porn’. 2008.

Battling hideous crimes shouldn’t lead us to draconian and ineffective policies

Everyone is against child sexual abuse material. But in their drive to battle it, governments might go too far. For example, granting the police the right to search without (full) warrant is a harm to citizens’ basic right to privacy and freedom from unwarranted government surveillance.[1]

The automatic internet filtering and data retention are possibly an even worse infringement on basic civil liberties: it designates all internet traffic and therefore all internet using citizens as suspect, even before a crime has been committed. This overturns the important principle that people are presumed innocent until proven guilty.

Moreover, instead of the police and prosecution changing their behavior, internet filters hardwire these new assumptions into the architecture of the internet itself.[2] This means it is more all-pervasive and less noticeable, thus constituting an even worse violation.

These draconian measures might even seem worth it, until you realise they don’t work: blocking and filtering technology makes mistakes and can be circumvented easily.[3]

[1] ‘Online surveillance bill critics are siding with ‘child pornographers’: Vic Toews’. 2012.

[2] Lessig, ‘Code is Law’. 2000.

[3] ‘Why government internet filtering won’t work’. 2008.

As seen above, the internet has enabled many types of criminal behavior. But it has also enabled normal citizens to share files. Music, movie and game producers have difficulty operating in a market where their products get pirated immediately after release and spread for free instantaneously on a massive scale.  The internet enables violation of their right of ownership, gained through providing the hard work of creating a work of art, on a massive scale. Since it’s impractical to sue and fine each and every downloader, a more effective and less invasive policy would be government requiring Internet Service Providers to implement a graduated response policy, which has ISPs automatically monitor all internet traffic and fine their users when they engage in copyright violation. Something along these lines has already been tried in France, called HADOPI, which has succeeded in decreasing the downloading of unauthorized content.[1]

Apart from this, governments also need to think about how to translate everyday offline activities onto the internet. For example, when you file your tax report offline, you would sign it with your handwritten signature. The online variant would be a digital signature.[2] Developing and deploying a digital signature would enable citizens and corporations to do business, file their tax reports and pay their taxes online. 

[1] Crumley, ‘Why France’s Socialists Won’t Kill Sarkozy’s Internet Piracy Law’, 2012

[2] Wikipedia, ‘Digital Signatures’, 2012.

Government shouldn’t interfere with the internet economy

It almost never ends well when governments interfere with the internet economy. The graduated response policy against the unauthorized downloading of copyrighted content is one example: it violates the same principles as a filter against child sex abuse material, but it also doesn’t succeed in its’ goal of helping content businesses innovate their business models, which is why France is considering discontinuing it.[1] Also, other businesses are slowly replacing the old fashioned music-industry, showing that companies on the internet are fully able to survive and thrive by offering copyrighted content online.[2]

When governments do become active in the internet economy, they’re likely to run very high risks. IT projects are very likely to fail, run over budget and time,[3] especially when it concerns governments.[4] This means that governments shouldn’t be ‘going digital’ anytime soon, as the data governments handle is too sensitive. The case of digital signatures is a good example: when the provider of digital signatures for tax and business purposes, DigiNotar, was hacked, it not only comprised the security of Dutch-Iranian citizens,[5] but also hampered government communications.[6]

[1] ‘French anti-p2p agency Hadopi likely to get shut down’. 2012.

[2] Knopper, ‘The New Economics of the Music Industry’. 2011.

[3] Budzier and Flyvbjerg, ‘Why your IT project may be riskier than you think’. 2011.

[4] ‘Government IT Projects: How often is succes even an option?’. 2011.

[5] ‘Fake DigiNotar web certificate risk to Iranians’, 2011.

[6] ‘Dutch government unprepared for SSL hack, report says’, 2012.