W7y8w3

It is written so broadly it would allow companiesto hand over huge swaths of your data – includingemails and other communications records– to the government with no legal process whatsoever.It would hand intelligence agenciesanother legal authority to potentially secretlyre-interpret and exploit in private to carry outeven more surveillance on the American publicand citizens around the world. And even if youfind out a company violated your privacy byhanding over personal information it shouldn’thave, it would have immunity from lawsuits – aslong as it acted in “good faith”. It could amountto what many are calling a “backdoor wiretap”,where your personal information could end upbeing used for all sorts of purposes that havenothing to do with cybersecurity.Information sharing, while infringing our privacy, isalso a threat to cyber security: as more informationis shared with third parties, it becomes harder tosecure. Furthermore, surveillance is not a solutionto the problems of cyber security, as this report hasshown. If we want to meaningfully talk about interventionsin information sharing and cyber security,then we should talk about vulnerabilities. Ratherthan information about “threats” or about thepersonal lives of internet users being shared, informationabout vulnerabilities that affect our securityneed to be shared with all stakeholders – governments,developers, vendors and internet users – ina responsible manner, so that this information cannotbe hoarded and used to weaken all of our cybersecurity.From digital threat to digital emergencyFieke JansenHivos, the Digital Defenders Partnershipwww.digitaldefenders.orgIntroductionIn recent years there has been a crackdown oninternet freedom and increased targeting of thecommunication of journalists, bloggers, activistsand citizens. During times of social or political crisis,communication lines have been shut down andcritical forms of expression are met with censorship,harassment and arrests. Our communication is undersurveillance, intercepted and collected withoutour knowledge or active consent, and is used for theprofiling of people and spying on networks by governmentsand commercial companies. These actsof censorship and targeted surveillance are underminingour freedom of speech and our basic humanrights, and lead to digital emergencies for thosewho are targeted. In this fast-changing politicaland technological environment there is an urgentneed to understand the risks, protect those criticalinternet users who are being targeted, and exposesurveillance practices.Challenges, threats and digital emergencyThe first time people started uttering the term“digital emergency” was when former Egyptianpresident Hosni Mubarak pulled the internet killswitch during the protests in 2011, leaving Egyptwithout internet communication. 1 However, digitalemergencies are not only related to an internet killswitch: for the Digital Defenders Partnership 2 adigital emergency is an urgent need for assistancearising from digital threats to the security of an individualor organisation. A digital threat can includecyber attacks, vulnerabilities to communicationinfrastructure, unsafe data use, compromising ofdevices, stealing of equipment, legal proceedings1 AlJazeera. (2011, January 28). When Egypt turned offthe internet. AlJazeera. www.aljazeera.com/news/middleeast/2011/01/2011128796164380.html2 Digital Defenders Partnership, a programme that aims to mitigatedigital threats to human rights defenders, bloggers, journalistsand activists in internet repressive and transitional environments.https://digitaldefenders.orgor weak digital security practices. There are threelevels at which to distinguish digital attacks andcommunication surveillance that can lead to a digitalemergency: infrastructure, censoring of contentand profiling of people.InfrastructureCommunication is often referred to as the interactionthat happens between people, a stream of wordswhether they take place on- or offline. Yet very fewof us realise that all digital communication runs ona physical communications infrastructure that consistsof several “layers” made, owned or operatedby different commercial and state entities. The Opensystems interconnection model distinguishes sevendifferent layers in the internet architecture thatrange from the physical layer (e.g. copper and fibreoptical cables) up to the application layer (e.g. httpsand email protocol). 3 Depending on a state’s technicalcapabilities, access to the infrastructure, as wellas to service providers, surveillance and censorshipmethods may differ. In some cases a governmentcan engage in sea-cable tapping, which requiresdirect access to the physical infrastructure layer,or use an application layer exploit, where internetor mobile traffic is monitored through exploiting avulnerability in the transport layer encryption (https),as in the case of Heartbleed. 4 Partial networkinterference, called throttling, is also possible.The fact that infrastructure is made, owned oroperated by different entities makes our communicationvulnerable to censorship and surveillance.Since Mubarak pulled the internet kill switch in2011, other mobile and internet blackouts in Pakistan,Syria and other places have become morevisible. These usually take place in times of military,political or social unrest. 5, 63 https://en.wikipedia.org/wiki/OSI_model4 The Heartbleed bug. heartbleed.com5 Article 19 (2012). Pakistan: Government must stop ‘kill switch’tactics. Statement by Article 19. www.article19.org/resources.php/resource/3422/en/pakistan:-government-must-stop-%27killswitch%27-tactics6 Franceschi-Bicchierai, L. (2013, August 29). Does Syria Have anInternet Kill Switch? Mashable. www.mashable.com/2013/08/29/syria-internet-kill-switch40 / Global Information Society Watch Thematic reports / 41