UNA-NCA Snapshots
Published in

UNA-NCA Snapshots

Reexamining Cyber Security in the Context of Human Rights

By Neval Mulaomerovic, SDG Research Assistant & Advocacy Fellow

In a 2017 statement to the UN General Assembly, Secretary-General of the UN António Guterres attention to the escalation of cyber security threats, highlighting how “cyber war was now more able to disrupt relations between States, as well as the structures and systems of modern life.” Since his address, the COVID-19 pandemic — having forced jobs and schooling online — has highlighted the increasingly dominant of the internet in everyday life, and with it comes heightened concerns regarding cyber security in the international sphere.

In response to growing attention toward cyberspace, the UN Human Rights Council Article 19 of the Universal Declaration of Human Rights (UDHR), which discusses rights to free opinion and expression. The amendment the addition of the “promotion, protection, and enjoyment of human rights on the Internet” and 15 other recommendations related to internet access. Despite fervent from nations such as Russia, China, and Saudi Arabia, the amendment was approved. Yet, since the UN carries no enforcement capabilities with the UDHR, it is simply a recommendation which many nations have thus far , restricting citizens’ information and media access through censorship and internet shutdowns.

With more staff working from home and networks transitioning to remote operations, the Internet of Things (IoT) — the expanding system of wireless technologies with the ability to covertly collect and transfer data — is simultaneously more salient and more vulnerable. In fact, the COVID-19 pandemic has seen a new of cyber attacks on governments, corporations, and infrastructure projects. The World Health Organization (WHO) alone a fivefold increase in cases, with one cyber attack resulting in the release of 450 active WHO credentials and passwords. Though cyber criminals have away from individuals as their targets, the wider population is by no means immune from the effects of large-scale attacks — particularly with regards to public health and safety — as industrial systems managing water supply, electricity, and healthcare are an increasingly common of cyber incidents.

Ukraine was to two cyber attacks in 2015 and 2016, assumed to be connected, which targeted power infrastructure. The 2015 attack 225,000 people in western Ukraine without power while the 2016 attack cut one-fifth of the capital city Kiev’s power consumption. Additionally, a ransomware virus in 2017 affecting over 70 countries the United Kingdom’s National Health Service. The cyber attack in 20,000 cancelled appointments and forced five hospitals to divert ambulances due to an inability to handle emergency cases. As more sectors become digitized, they increasingly vulnerable to such attacks, which can evidently cause the widespread loss of critical services.

International humanitarian organizations are similarly on digital information systems, which include high volumes of sensitive information ranging from financial accounts to the personal information of aid recipients. Cyber criminals may with humanitarian organizations with the goal of targeting particular groups, such as minorities or marginalized people, serviced by the organization. In addition to using account information to commit insurance fraud or identity theft, cyber criminals may also target humanitarian organizations as a gateway to government networks. For example, hackers the Satellite Sentinel Project, an early warning and humanitarian response nonprofit, to gain access to satellite feeds of villages along the border between Sudan and South Sudan, after which attacks on the villages 20 percent.

Nation-Level Cyberwarfare Attacks by Target. In just the first three months of the year, high-level attacks were reported against a range of sectors globally. These figures include those recorded by the . In reality, the numbers are likely to be higher as not all attacks will be reported, due to being too sensitive, or not actually being detected by defence systems.

Beyond allowing third-parties to threaten individual privacy, widespread digital dependence has new opportunities for governments to weaponize the Internet of Things. American leadership has placed significant attention on the dangers foreign governments present to domestic security in the form of election-tampering and data mining. However, governments themselves can pose a threat to their citizens and can compromise their rights in the interest of national security. The rise of cyber crime worldwide has governments, particularly in Asia and the Middle East, to overextend their grip on the internet surveillance technologies, spyware, facial recognition, and financial monitoring on the basis of protecting state sovereignty or combating organized crime. Unfortunately, these tools are commonly against civil society activists, political opponents, and government dissidents such as human rights activists and journalists. For example, the NSO Group, an Israeli cyber security firm, is of supplying the Saudi Arabian government with surveillance software to spy on the communications of journalist Jamal Khashoggi, a prominent critic of the Saudi government whose murder was by Saudi Crown Prince Mohammed bin Salman.

Moreover, without clear international standards on what qualifies as a cyber threat, states such as Israel and China have been able to implement preemptive surveillance policies. The Israeli Cyber Unit under a “predictive policing system” which monitors and censors social media accounts of Palestinian youth to search out potentially incendiary content, such as news reports of violence or political critiques. China has also systematically its Uighur Muslim population through smartphone hacking, citing rising fears over terrorism. These big-data programs have local governments the ability to remotely record conversations, track locations, and access devices’ data. The Chinese government ultimately uses reports of “suspicious” communications or travel histories to the arbitrary arrests and detentions of thousands of Uighurs, despite a lack of evidence of suspects committing or supporting extremist acts.

In response to the lack of a solid international framework for cyber security, the UN Group of Governmental Experts (GGE) published a series of establishing norms of online activity. The 2013 report international law and the UN Charter to cyberspace, calling on actors to honor state sovereignty and “develop confidence building measures to reduce the risk of conflict by increasing the predictability of state actions.” Building upon the 2013 standards, the 2015 report states to conduct cyber activities with attention to human rights and privacy and cooperatively share information with one another. No language explicitly bans cyber attacks, yet the 2015 report that states “should not conduct or knowingly support information and communications technology activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.”

Despite this progress, the international community’s debates on cyber security are still insufficient. States have thus far on cyber security in terms of international humanitarian law, which is only applicable during times of armed conflict. However, states frequently cyber attacks during peacetime to preemptively build intelligence or express grievances without necessarily escalating to conflict. International human rights law, which applies regardless of peace or conflict, would more enforceable measures regarding the protection of free speech and privacy rights. Whether acting at home or abroad, states commonly cyber issues as a tradeoff between privacy and safety. Yet, cyber security and human rights are inexorably , encompassing not only personal privacy but also matters of public welfare. With still no universal consensus on how to define cyber security, the for an inclusive framework that takes human rights into account is all the more critical.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store