Cybersecurity: Balancing security, openness, and privacy (WS31)

Event report

[Read more session reports and live updates from the 12th Internet Governance Forum]

This session focused on how to ensure openness and privacy while balancing cybersecurity issues. The session moderator, Mr Luis Martinez from the University of Mexico, introduced the background to the session, mentioning that policy responses and measures to attain cybersecurity sometime work against openness and privacy.  He mentioned that in many instances, governments have asked for ways to access users’ data or to surveil them to investigate crime. Sometimes encryption is seen by states as a hindrance to national security. It is therefore important that cybersecurity governance does not supersede other Internet governance issues. Cybersecurity mechanisms must not interfere with users’ ability to use the Internet to exercise rights to freedom of speech and privacy. On the other hand, users must answer the question of how much privacy and intimacy they are willing to sacrifice for greater security.

Ms Tatiana Tropina, Senior Researcher at the Max Planck Institute for Foreign and International Criminal Law, initiated the discussion, saying that her position on the session topic was somewhat unconventional.  She asked the community to let go of the concept of balancing security and privacy, and rather to adopt a human-centric approach to cybersecurity. With this approach, policy making and law drafting become easier. She emphasised that by securing networks or by providing cybersecurity, we are securing some random devices or random technologies, equipment, networks and infrastructure: ‘the focus of security should be people, should be humans’.

Mr Duncan Macintosh, CEO and Executive Director of APNIC Foundation, coming from the technical community of the Internet, mentioned that he represents not a different viewpoint but a diversity of viewpoints on the mentioned topic. He stressed the need for efficient training, capacity building, and education for various stakeholders to create a level playing field for efficient collaboration and dialogue. He mentioned that APNIC engages with law enforcement and government justice officials to ensure that they are kept abreast of technical, security, and privacy developments in the Internet ecosystem.

Mr Michael Oghia, a Belgrade-based Independent Consultant, Researcher, and Editor working within the Internet governance ecosystem, highlighted concerns about the limited engagement of law enforcement in such discussions. He stressed the need for increased discourse and collaboration between various stakeholders: ‘we are not going to accomplish much if we are not talking to each other’. He also mentioned that for a productive conclusion, it’s important that ‘trust is built between the various stakeholders.’

Mr Kai Rehnelt, CEO at SECLOUS GmbH, pointed to the lack of understanding of the Internet ecosystem as the main cause of mass surveillance on the part of the government. He said that we can reach a stable position of trust among the various stakeholders by increasing transparency and control. There is an increased need to return control to the individual, because individuals, as data owners, should decide what happens to their data. He emphasised that ‘we need a paradigm change in data privacy and how we handle this’. 

By Mohit Saraswat