The speech launched the highly anticipated Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, a document with much to commend it. The US administration seems to have grasped the idea that security need not compromise human rights, a concept sorely lacking during the Bush years and, one might add, the New Labour years in the UK also. In particular, Obama had this to say:
Let me also be clear about what we will not do. Our pursuit of cybersecurity will not – I repeat, will not include – monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be – open and free.
I applaud the sentiment but the internet, through a combination of political and commercial interests, is demonstrably not open or free. I also doubt whether the security services will relinquish their eavesdropping privileges although the American public is at least afforded constitutional protection in such issues.
Obama’s tone was positive, well-intentioned and I have little doubt that here is a man who, at least in part, ‘gets it’. However, there is a fundamental flaw in the administration’s outlook. Take this passage in the speech:
It’s long been said that the revolutions in communications and information technology have given birth to a virtual world. But make no mistake: This world – cyberspace – is a world that we depend on every single day. It’s our hardware and our software, our desktops and laptops and cell phones and Blackberries that have become woven into every aspect of our lives.
It’s the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It’s the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history.
So cyberspace is real. And so are the risks that come with it.
Anyone spot what’s missing from this long list of the constituents of cyberspace? Yup – people. I have argued consistently that cyberspace is not a purely technological construct. It is as much made of people and politics as it is of hardware and software. No technology is in and of itself a material entity, as all technologies require human interaction – they are socially constructed in both their use and abuse.
Any strategy that fails to properly address the role of people in technology is doomed from the outset, whether it’s small business ‘fair use’ computer policies or national security considerations. Institutional definitions of cyberspace have consistently failed to recognise that cyberspace is not simply a strategic ‘domain’ like the sea or the air.
Talk of ‘cybercommands’ and ‘cyber strategy’ are bound to be unfit for purpose until authorities recognise that you and I are as much part of cyberspace as our computers and the infrastructure that links them.
My problem with the new US policy is not in its recommendations. For example, our recent ICSR report pre-empted Obama by recommending a renewed commitment to critical media literacy. It’s that its philosophical underpinning is deficient, not only in definition but also in perspective.
Whilst Obama refreshingly didn’t scaremonger about imminent Cybergeddon or an electronic ‘Pearl Harbor’, of which then Deputy Secretary of Defense John Hamre warned a congressional hearing in 1998, it is apparent that underlying Obama’s conciliatory rhetoric is an institutionalised discourse of ‘cyberspace as threat’. Whilst there are of course risks associated with any technology cyberspace itself is not the source of insecurity, people are.
It follows therefore that social problems should have primarily social solutions. Cybercrime is still a crime, and crime is human not technological. This does not mean that there are not technologies to be brought to bear on such issues, just that any countermeasures should not lose sight of the human element.
Cold War cybernetics did not result in society-wide man/machine interface and our globalised world similarly does not deserve the securitisation of the social worlds of cyberspace. I’m yet to be convinced that the new Cyberspace Policy Review is a bulwark against it.