A new fear is engulfing Switzerland and this time its about cyberspace.
True, the threat of ‘cyberwar’ and cyber-attacks is real and sometimes very difficult to prepare for. Recent events, like the hacking of political parties’ websites or the recent distributed denial-of-service attack (DDoS) on Postfinance, the bank hosting Julian Assange’s account, point to a future where sometimes crippling cyber-attacks are an all-too common occurrence.
The Swiss parliament recently passed a motion asking the government to develop the legal framework for responding to and defending against cyber-attacks. The government, however, is not really convinced that a legal basis to fight ‘cyberwars’ should be the priority and I agree with them.
A solid legal framework is certainly needed for cybercrime. But when it comes to cyber-attacks, having a legal framework is of no help. What legal measures could you take if someone launches a cyber-attack on your country, key industries or public figures? This also links up to the equally tricky debate about attribution in the case of such attacks. Who attacked and from where? Who is behind the attack and who should be held resonsible? Moreover, we still lack a clear definition of what a cyber-attack even is. Experts still disagree on this and I don’t think that the Swiss government will be able to break this definitional deadlock.
The legalization of cyberspace is generally speaking a dangerous trend. So far, no international treaties exist on the subject, and attempts to “nationalize” part of it by promulgating a national legal framework for hostile acts on the internet is creating borders and limits on a ‘global good’. The internet cannot be structured on the basis of national borders and it should remain so: common, shared, unlimited and open. Indeed, legalizing cyberspace from a national standpoint is not only inefficient; it also sets a dangerous trend for the fragmentation of cyberspace.
If every state starts to legalize the internet nationally, the prospect of needing a ‘cyberpassport’ or a ‘cybervisa’ to surf online suddenly becomes real (if still remote). I may exaggerate, but it would not surprise me at all if this was the case in 50 years from now. The wish to ‘control’ something as nebulous as cyberspace is strong and growing, but if we want to remain true to the character and meaning of the internet, we commit to allowing Swiss surfers access North Korean sites if they so wish. It is not for the government to deny them this right.
The defintion of cyber-attacks and ‘cyberwar’ and the legal framework for the response to such acts should come from a global body. An international convention on cyberspace is the only viable vehicle for legalizing the internet and thus bringing order to the potential chaos that cyber-attacks might and probably will sow in the future. But as long as UN member states and the Internet Governance Forum do not take real action, progress is unlikely. Whether this delay in the legalization of cyberspace is good or bad is another question. From an (informed) user’s perspective, I think that the less regulated, the better. And I know I’m not alone.