Fen Osler Hampson - Look Whos Watching, Revised Edition: Surveillance, Treachery and Trust Online

Look Whos

Watching

Look Whos

Watching

Surveillance_Treachery_and Trust_Online

Now with an Afterword

Fen Osler Hampson_and_Eric Jardine

First edition 2016 Centre for International Governance Innovation

Revised edition 2017 Centre for International Governance Innovation

ALL RIGHTS RESERVED. No part of this publication may be reproduced, stored in a retrieval system or transmitted by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher, application for which should be addressed to the Centre for International Governance Innovation, 67 Erb Street West, Waterloo, Ontario, Canada N2L 6C2 or .

ISBN 978-1-928096-30-6 (paperback)

ISBN 978-1-928096-19-1 (hardcover)

ISBN 978-1-928096-70-2 (ePUB, revised edition)

ISBN 978-1-928096-71-9 (ePDF, revised edition)

Published by the Centre for International Governance Innovation.

The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of the Centre for International Governance Innovation or its Board of Directors.

Care has been taken to trace ownership of copyright material contained in this book. The publisher will gladly receive any information that will enable it to rectify and reference or provide a credit line in future editions.

Cover design by Sara Moore.

Printed and bound in Canada, using 100% recycled stock, FSC certified.

Centre for International Governance Innovation and CIGI are registered trademarks.

67 Erb Street West

Waterloo, ON, Canada N2L 6C2

www.cigionline.org

Foreword

Trust as the Currency of Cyberspace

Trust no one is a well-worn adage in Internet security. But the phrase may not apply to contemporary cyberspace any more than it applies to the real world. Societies function on the basis of trust. Driving down a highway requires confidence that other travellers will follow basic safety conventions. Depositing a monthly paycheque requires faith in financial institutions and systems of government-backed insurance. Everyday functioning in society requires confidence in surgeons, spouses, babysitters, the food supply, energy systems and much more. The simple act of flying to Paris requires certitude in an entire ecosystem of trust in mechanics, materials and rivets, security screening personnel, pilots and air traffic control systems. So much of life is already predicated upon trust in systems that are unseen, behind the scenes and sometimes unknowable. So too it is with cyberspace. Trust has always been the scaffolding enabling Internet usage and investment, but its systems, like Internet infrastructure itself, have largely been running behind the scenes, assumed and unexamined by most users, until relatively recently. In Look Whos Watching, Fen Osler Hampson and Eric Jardine consider the many elements of trust enmeshed in the Internet ecosystem, how their erosion impacts ordinary peoples use and experience of the Internet the world over, and why we should all be concerned.

The world is now in the midst of contentious policy debates over the very nature of cyberspace. What are the implications of the increasing societal dependencies and risks in digital systems? What types of rights should be afforded to citizens online, and who decides? Several phenomena at the intersection of digital technologies and society highlight how trust issues are at the very heart of these questions. Citizens are increasingly concerned about expansive government surveillance. Even democracies might not allow for the possibility of private communication between people or will all reside in the constant shadow of invasive and indiscriminate state surveillance? Rising awareness of surveillance is accompanied by rising understanding that this level of invasive scrutiny is only possible because of ubiquitous privatized surveillance. Companies providing free social media services, email, Internet search functions and countless apps collect and aggregate data about users to support business models based on highly targeted online advertising. What should be the limits on these practices?

The problem of the Dark Web also looms large for society. This part of the Internet is not locatable via standard search engines and relies upon strong encryption and nearly impenetrable anonymizing tools such as The Onion Router (Tor) browser. These privacy-enhancing techniques are not intrinsically problematic, and indeed are advantageous in some contexts such as the employment of strong encryption for financial transactions or the use of anonymizing technologies to protect activist communication in repressive political environments. But as technologies shaping the Dark Web, they also mask some of the most nefarious types of social transactions imaginable, such as illegal markets in assassins, arms, drugs and child pornography. The media focus on the former Silk Road marketplace has attracted the attention and concern of Internet users around the world to the Dark Web.

At more visible layers of the Internet, a number of high-profile consumer data breaches have contributed to a loss of trust in digital infrastructure. These breaches, such as the hack of consumer data from large retail companies, affect people who dont even use the Internet but simply use credit cards to make retail transactions. Digital attacks bleed into areas such as personnel records, government data, retail transactions and, of course, financial records. Off-line and online worlds are no longer distinct, if they ever were. Internet outages, too, affect off-line worlds. The Internet is the infrastructure upon which all other infrastructures operate, so disruptions to its functioning create interruptions in the functioning of all businesses from the transportation sector to health care systems just as a power outage would. The recent spate of ransomware attacks crippling health systems illustrates these heightened dependencies and risks. The issue of trust online profoundly affects the material realities of everyday life.

More routinely, trust underpins the ability to make an everyday online commercial transaction or even to deliver data from point A to point B. Is a website actually what it appears to be, and who certifies this and how? How does a system authenticate a user? How does one network trust the Internet routes advertised as reachable through another network? The Internet began as a shared network among trusted users, but has been marked by constant change and increasing global complexity. Thus, protocols, systems of public key cryptography and security platforms have often trailed the heterogeneity of systems and the constant creative destruction of new technologies.

The seriousness of trust challenges will intensify as the Internet continues to transform from a communication and knowledge network linking people to a control network in which exponentially more objects than people cars, appliances, industrial sensors, medical devices will be connected. How much more important will trust in the Internet be when tens of billions of objects are online and real-world infrastructure is even more dependent upon the security and reliability of digital infrastructure? This question will become still more complicated as new forms of warfare bleed into online systems. The domains of warfare have already expanded from sea, air, land and space to cyberspace. In this environment, trust and the need for cooperation among nations will complicate questions of trust between Internet users; among citizens, the state and the private sector; and between Internet users and digitally connected objects.