Why Technology, Not Geography, Is Key to Cybersecurity
SEOUL Once upon a time, two superpowers, the United States and the Soviet Union, held summits to reduce the danger of a nuclear war. Today, the summitry is between the U.S. and China, a large part of which is to reduce the dangers of confrontation and conflict in cyberspace.
The stakes could not be higher. How the world responds to the threat of cyberattacks will determine the extent to which future generations will be able to benefit from the digital era. In addition to the possibility of conflict, there is the danger that governments will overreact, erecting barriers to information that undermine the potential of the Internet.
In a way, we are already in a low-level continuous conflict in cyberspace. China is not the only country that is engaging, through direct or indirect state action, in massive cyber operations against other countries' political and economic structures. We are in the midst of one of those historic shifts when offensive technologies are cheaper and more powerful than defensive ones.
Clearly, there is a need for rules of the road in cyberspace, and perhaps cyber-power summitry the U.S. is the Internet technology leader, while China has the largest numbers of users is the first step in this direction. But the danger is not only political confrontation between states. Fear of loss of control within states is driving new data localization requirements and other new barriers that would ultimately fracture and even balkanize the Internet.
In Russia, the Kremlin clearly has its own reasons for stipulating despite the unavoidable economic cost that all data generated within the country be stored on Russian-based servers. But equally worrying are policies in the European Union that, in the name of defending citizens' privacy, are leading to the erection of barriers to the free flow of data.
How the world responds to the threat of cyberattacks will determine the extent to which future generations will be able to benefit from the digital era.
In some European countries, not least Germany, there seems to be a conviction that citizens' data will be safe only if it is stored on European soil, out of reach of, say, evil American spies. This simplistic philosophy also seems to have underpinned the European Court of Justice's recent decision invalidating the so-called Safe Harbour agreement, which facilitates the free flow of information across the Atlantic. As a result, the entire legal framework for these data transfers has been thrown into disarray.
Ensuring the protection and integrity of data is indeed a vital issue. But this has very little to do with where data are stored. Attackers based in China recently broke into the U.S. Office of Personnel Management and stole files with sensitive information on federal employees that compromised some 22 million people. Chinese and Russian hackers routinely penetrate secure industrial and government networks in the U.S. and Europe. And several countries are tapping underwater cables carrying the world's communications. So what problem does data localization actually solve?
The solution to privacy concerns lies not in data localization, but in the development of secure systems and the proper use of encryption. Data storage actually means the continuous transfer of data between users, with no regard for Westphalian borders. Security in the digital world is based on technology, not geography.
With the rapid development of global value chains, our economies are becoming increasingly dependent on the free flow of data across political borders. With the advent of new, global technologies such as blockchains continuously growing transaction databases used, for example, to sustain virtual currencies the notion of data localization becomes even more misguided.
The OECD has just issued a report highlighting how data-driven innovation will increasingly drive the economies of the future. Crucially, it stresses "the need to promote the 'openness' in the global data ecosystem and thus the free flow of data across nations, sectors, and organizations."
These principles are enshrined in the just-concluded Trans-Pacific Partnership, which will govern trade and investment among 12 Pacific Rim countries, including the U.S.. The rest of the world should follow suit.
The solution to privacy concerns lies not in data localization, but in the development of secure systems and the proper use of encryption.
Indeed, a huge global agenda of digital governance the new domain of diplomacy lies before us. It includes the establishment of formal and informal norms for state behavior, better legal mechanisms for addressing cross-border cybercrime, transparent national legislation for law enforcement and endorsement of the need for encryption to protect the integrity of data. In all of these areas and more efforts to deal with cybercrime and terrorism must not undermine the principles on which the Internet is built.
China will face a choice. Today, it talks about its so-called "One Belt, One Road" initiative to link its economy with those of Central Asia and Europe. But China's global future will be as dependent as everyone else's on One Net an open, free, dynamic and secure Internet.
Europe also faces some important choices. The EU must not allow a muddled understanding of digital realities to give rise to profoundly damaging digital protectionism. It must overcome the institutional barriers that make it seemingly impossible to forge a common position on external cyber policy. And it needs to take the foreign policy implications of its actions seriously: When EU countries talk about data localization, others do, too.
Finally, the U.S. needs to adapt as well. It must accept that it is no longer the only global cyberpower, and that its own behavior must comply with globally accepted norms to which all must adhere.
The Internet has already become the world's most important infrastructure. But this is only the beginning: soon it will be the infrastructure of all other infrastructures. Policies born of confusion, chaos and confrontation have no place in this new world of opportunities.
Image: https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQOQKf38g8MIvqkXgS323tYXc2z_LIRrAVRV7W20y4KQa4Lu1f3
VOCABULARY:
1. Compromise - cause to become vulnerable or function less effectively.
2. Geography - the nature and relative arrangement of places and physical features. (location)
3. Fracture - break or cause to break.
4. Infrastructure - the basic physical and organizational structures and facilities (e.g., buildings, roads, and power supplies) needed for the operation of a society or enterprise.
5. Localize - assign (something) to a particular place.
DISCUSSION:
1. How much of pertinent information do we keep in digital files these days?
2. Some people think that secrets and confidentiality were easier to keep when files were kept on paper. Do you agree? Why/why not?
3. Cyber-warfare is the new threat to countries and their adversaries, what do you think is the best way to avoid digital espionage?
4. The Internet is becoming the most important infrastructure. What is your interpretation of this sentence?
