Change of heart on Cyber Security Part 1
Information Security and Public Key Infrastructure Conference is almost over, and there is one thing it has done to me; it has changed me from being an opponent of governments’ regulation of cyber content by whatever means to a proponent of the need to enact and implement proactive legislation geared towards protecting the public against cyber attacks. This is why:
Imagine a government that offers 100% of its services online. That’s part of it. Imagine the same country has 100% private firms offering 100% of their services online. Such an imaginary country won’t need missiles and tankers to destroy completely, one will only need to shut down her networks. Such a country is actually not an imaginary country, there are a number of countries that have made interesting progress in connectivity and online service delivery that we could safely assume fear cyber attacks that threats of nuclear warfare. One such country is Estonia.
Almost everyone in Estonia has a mobile phone majority of which are connected to the Internet. 75% of homes have access to computers which are connected online, and together with other gadgets Estonia has 80% Internet penetration. Estonia also plans to provide every home in the country with Internet access at crazy speed of 100 Mbps.
It is also interesting to note that Estonians do their banking transactions electronically 99% of the time. The government proceedings are done electronically, schools deliver electronic content ranging from class room sessions to delivery of results to parents, business and company name registration takes only 20 minutes thanks to the system being online, and a number of other critical activities ranging from legal, general business transactions to general elections are done online.
In countries such as Estonia, it is not just the communication gadgets that are connected to the Internet but also cars, fridges, ovens, airplanes, trains, and numerous other devices. Statements by the IT world have it that it is a matter of time before every single object on the planet is connected to the Internet. UK for instance is thinking of connecting several objects from all TVs to plants in the field from 2017. What these mean is that gadgets and the networks they are connected to must be protected.
What would happen if they are not protected? As alluded to, the economies of connected countries would collapse faster than they would have if military attack was initiated. Before this realization nations have been fearful of a third world war involving biological, chemical and nuclear weapons; all these seem as child play in a world where virtually every item feasible is connected to the Internet. A successful hack to the Internet will lead to collapse of the world economy and probably sent the human race prior to the industrialization age, faster.
Everyone seem to agree with the need to have stringent security measures against cyber attacks, but the model for implementing the measures is what divides us into two main categories; there are those who have rooted for the adoption of technical solutions alone e.g. strong antiviruses, properly configured firewalls, intense awareness on all possible methods attackers use to gain access to gadgets and data etc then there are those who are on the opinion that a stringent legal framework that control how information is shared and the type of information to be shared is the first step to ensuring cyber security prevails. The latter group have been scourged by the former due to privacy, confidentiality, and secrecy concerns.
Legal frameworks are the works of governments, and we do not want governments to control the way the general public want to interact with one another. We are right. As Africans we live in countries where government have denied the public the freedom of expression. People have been tortured for reasons meager reasons such as calling the President demeaning names or failed to address them as a god. For these reasons, a good number of innocent citizens in Africa have been thrown into maximum prisons to be forgotten in oblivion. This to a large extent create fear whenever we hear that governments want to take control of the cyber space.
There are countries that are still under such archaic regimes not only in Africa but also in Asia and the Middle East. When it comes to Cyber content, a country like Kenya that has enjoyed the freedom of expression for a while has witnessed occasions where bloggers have been harassed based on the content they shared online. The government wrath has been unleashed on a few despite the absence of clear legal framework that define government’s action on content shared online. How frequent will bloggers and everyone else who speaks online visit the police cells and the courts of law when a legal framework controlling cyber content is in place? What will this mean to the general human right of freedom of speech? One would say that the law would be fair enough just as it has been fair on spoken and traditionally written speeches.
But the governments are not just worried about the content shared publicly online. They are also worried about private communication that happen between individuals via emails, Facebook inboxes, Twitter DMs, chat platforms, mobile phone messages, and a number of privately owned accounts. The government reasons that the bad guys including the terrorists use the same platforms to organize attacks either virtually or physically. If the government would therefore be in a position to access every private communication then it will be in a better position to protect the nation against attacks. The question here would be, how safe will you and I be online if the government has access to my private communication given that some of the communication involves secrets of my business transactions, family affairs, and side but legal affairs?
Tomorrow is the final day of the conference. At the end of the conference I will provide the rationalization of the above predicament and the need for us all to support our governments in adopting properly instituted legal framework in Change of heart on Cyber Security Part 2. Stay tuned.