It's Security, Stupid

Challenging the Notion That Security Costs Us Our Rights

by Mallory Knodel, Sacha van Geffen, Stefania Milan, and Camille Francois

Last March in San Francisco, experts in digital security and human rights convened a roundtable discussion on practical advice for advocating a human-centric approach to cybersecurity policy.  Participants included states, jcompanies, non-profits, and universities, namely Richard Arbeiter from the Canadian government's department on global affairs, Nico Sell from Wickr, Eileen Donahoe from Human Rights Watch, and Ron Deibert from Citizen Lab.  Bruce Schneier, another participant, summed up the panel very neatly when he quipped, "It's security, stupid."

The roundtable was put together by a working group of the Freedom Online Coalition, an international cyber policy incubator started by then U.S. Secretary of State Hillary Clinton in 2011.  This working group, "An Internet Free and Secure," is tasked with harmonizing human rights and cybersecurity.  While there is no shortage of criticism of the FOC since its inception, which has only grown over the years as some founding member states have been propagating "online freedom" by spying on the world, there still exists a concerted, multi-stakeholder effort to define policy making practices that put people before profits and power in the digital age.  This working group has developed a set of recommendations for policy makers in local, national, regional, and inter-governmental settings.

Those recommendations are built upon a fundamental rejection of the notion that security requires a sacrifice, however slight, of individual rights.  Indeed, it is precisely the opposite: that the ability to enjoy and exercise all rights such as the right to privacy or freedom of assembly is itself a measure of a secure society.  We can't have rights without cybersecurity.  But what good is security without our rights?  Rights and security are not antithetical; they are mutually reinforcing.  And we assert that cybersecurity policy at all levels, from protocol and standards setting to criminal law, can and must respect (and even strengthen!) human rights.

So why is this fundamental truth that rights and security are mutually reinforcing so hard to understand?  Looking closely at the dominant narrative - that we must give up our individual rights to become collectively safer - is a paradigm perpetuated mostly by government-industry partnerships that thrive on securitization.  It is no coincidence that at the dawn of the digital age we also see a dystopic reality in the near future.  With a global economic recession caused by Internet-enabled globalization and two-faced technocracies that promote innovation at home and endless war abroad, the rights versus security narrative fuels government power and corporate profits in nearly every setting.

What has, since the Snowden revelations, effectively been dubbed the Freedom "Over there" Coalition, is a classic example of technocratic hegemony.  Indeed we see gross violations of human rights in the Internet shutdowns of Africa and the censorship of Asia.  But the human rights righteousness of countries like the United States, Canada, and the United Kingdom, who nonetheless play important roles in the FOC's working groups, is not the takeaway for countries drafting cybersecurity policy.  It is the actions of these governments along with their domestic narratives of securitization that are being propagated around the world, then made affordable and efficient by aglobalized security industry that has been incubated in those same countries.

The FOC working group is actively dislodging the dominant narrative that pits rights against security by redefining cybersecurity with people at the center and by promoting a normative statement of policy recommendations for how cybersecurity policy should be written and implemented if it is to truly be secure, e.g. including the protection of human rights.  At The Eleventh HOPE, our working group (representing APC, GreenHost, the Data J Lab, and the Berkman Center) presented recommendations and discussed how technology experts can contribute to rights-respecting cybersecurity.

Return to $2600 Index