The NSA skeletons keep tumbling out of the cupboard.
Not only were the Brazilian and Mexican Presidents’ – Dilma Roussef’s and Felipe Calderón’s – emails and phones hacked, NSA had targeted the French President Francois Hollande and the German Chancellor Angela Merkel as well. None of these leaders threatened the security of the US or were linked to “terrorists”. Der Spiegel reported that on Mexico, “In the space of a single year, according to the internal documents, this operation produced 260 classified reports that allowed US politicians to conduct successful talks on political issues and to plan international investments.” In other words, help on international negotiations and investment decisions for US companies. As we also know, NSA has also broken into the secure servers of Brazilian Department of Mines and Petrobas, the Brazilian national oil company. President Dilma, in her tough UN speech, termed this break-in as nothing but “industrial espionage”.
Along with breaking into the emails of senior political and other government figures, NSA has also been conducting massive eavesdropping operations on the citizens of countries such as France, Germany and Spain. President Hollande and Chancellor Merkel might have forgiven the NSA for conducting such intrusive surveillance on its citizens, except for the disclosure that their personal phones were tapped as well. It is also now known that the US Embassy in Germany was central to bugging of Merkel’s phone in cooperation with GCHQ’s (UK’s equivalent of the NSA) listening station in Mentworth Hill.
The US has responded by claiming that it is the French and Spanish intelligence agencies that collected this data of its citizens and shared it with the NSA. As the thieves fall out, now blaming each other, Snowden’s services to the world in exposing the global surveillance state of the US and its allies cannot be understated.
In all this global anger on the US surveillance, India’s response has been almost apologetic. Even the information that its Prime Minister, its mission in Washington and its UN diplomats were targets of spying has produced only a muted reaction. Neither has the information that 6.2 billion DNRs (Dialled Number Records) were collected by NSA from the Indian network in the month of March alone produced any response. This puts India among the five highest targeted countries and is a much higher number than for France and Spain causing a huge uproar there. This number of records cannot be collected without the active participation of some of the telecom operators in the Indian network. The question is which ones or which one?
In Brazil – according to O Globo’s reports – one of the leading American telecom companies helped the NSA to break into the Brazilian and the larger South American network. With two American companies offering data services in India and one UK company owning one of the major private telecom operators, all of whom are known to be in partnership with NSA and GCHQ, this is a very important question. Particularly, as the current Government of India ministers and senior officials believe that the private telecom companies are our first line of defence in cyber security. Has the Government of India thought that they could already be playing offence for NSA and GCHQ and would therefore be really poor defenders of Indian cyber security?
NSA’s tapping into the global telecom network has been greatly helped by the dominance of the US Internet companies, such as Google, Facebook, Twitter, Microsoft, Yahoo, Amazon, etc. This has allowed the NSA gathering of global citizens’ data on an unprecedented level. It is the ability to take all data transmission of the telecommunications network and collate it with the data gathered from the Internet giants that give NSA its unprecedented ability to spy on the world. More than 80% of the world’s data and voice transmission is either to or passes through the US, giving NSA unrivalled access. As is now amply clear, data held by the US companies are subject to US laws and offer no protection except for US citizens.
Cyber security is not limited to surveillance alone. As the attack on Iran centrifuges in Busher showed, it can result in physical damages to plant and equipment. Such attacks can take down a country’s grid, water and sewage systems, cause flooding by opening dam gates and even set in motion a Bhopal or Fukushima like disaster. One of the most significant aspect of the Snowden disclosures which has not attracted adequate attention are the cyber attack targets that Obama has authorised — Presidential Policy Directive 20. Such a directive implies that foreign networks have been penetrated and their security systems already compromised; vital infrastructure of other countries have been pre-targeted and waits only a command to trigger a cyber attack. The US has blocked all attempts to initiate a cyber war treaty arguing that such a treaty is not enforceable while going ahead with its cyber war preparations. This radically increases the risk of triggering an arms race in cyber space and fracturing the Internet.
Internet Infrastructure and Ecosystem
US control over the Internet is exercised in a variety of ways – through control of the infrastructure on which the Internet operates, through the dominance of US companies over the Internet services and its ecosystem, as well as through a control of governance, oversight and standard setting institutions. All of this combine to ensure the hegemony of the US over the Internet. .
For the Internet to work seamlessly, domain names, and numerical web addresses and network identifiers need to be unique. The management of this critical Internet resource is exercised by Internet Corporation for Assigned Names and Numbers (ICANN) a California-based non-profit company, under contract from the US Department of Commerce. The legal basis of the entire Internet naming and numbering system is derived from this single contract.
The US Department of Commerce has drawn up what it conceives is the policy that should exist for the Internet and has a veto on any decision of ICANN. Further, as part of this agreement, the most lucrative and common top-level domains – .com, .net, .org – are with US entities, also ensuring US legal jurisdiction over all such domains.
The US Department of Commerce and ICANN also control the root servers and the root zone file that comprise the essential part of the addressing system on the Internet. Of the 13 top level root name servers, 10 are based out of the US, with 2 in Europe and 1 in Japan and none in the developing countries. The root zone file is at the apex of a hierarchical domain name system – thereby the US government has complete control over this essential part of the Internet architecture.
The technical institutions – the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB), the ISOC, W3C – that set the technical standards and protocols for the Internet are all dominated by US governmental institutions and US corporations. The weakening of encryption standards by the NSA is a case in point. For example, recently, under pressure from the US media companies, W3C has accepted to discuss introducing DRM in HTML5 standards, showing again the influence of the US in setting standards that help their companies.
Image via presstv.ir
Global Internet Governance
The current internet governance paradigm derives from the contract that the US has with the US Department of commerce. All further mechanisms of governance is derived from voluntary contracts between ICANN, various other parties and between themselves. This is what the US called as “bottom-up governance” in its White Paper in 1998, embodying what still remains its vision of Internet governance.
There are two problems with contract based Internet governance. One is it has led to essentially privatization and corporatisation of the Internet; all the entities entering into such contracts are private companies. This is very much the way the US saw the Internet was to develop: it was to be developed primarily by private capital (read US capital) and without any other regulatory oversight, except of course the US Department of Commerce. The other is that contracts do not and cannot incorporate “human rights” or “sovereign rights” – the rights of either individuals or of nations. Any attempt to raise any such issues was seen by the US and its spokespersons as a threat to the freedom of expression on the Internet and a conspiracy of countries ranging from China to Saudi Arabia.
How can infrastructure needed by every country – for communications and commerce – operate under a contract from one particular government? The World Summit on the Information Society (WSIS) 2005 had raised this issue and identified the need for enhancing other governments’ role in Internet governance – Enhanced Cooperation – as can be seen from the Articles 68 and 69 in the Tunis Agenda.
The WSIS had identified the need for a more participatory structure for other governments, but no such structure has yet materialised. It is obvious that such a body would require a global treaty explicitly setting up such a structure and giving it specific jurisdiction and powers. The Internet Governance Forum that was set up after Tunis is a body which can only discuss various issues but take no binding measures.
Brazil initiated a process within IBSA for a different form of Internet governance. It developed into a Declaration in Tshwane, South Africa in October, 2011 for a multilateral, democratic and transparent Internet. It focussed on the “urgent need to operationalise the process of ‘Enhanced Cooperation’ mandated by the Tunis Agenda” of WSIS and setting up a multilateral body under the UN for Internet governance. At the 66th meeting of the UN General Assembly on October 26, 2011, India proposed the setting up of a new UN based body to act as a nodal governance agency of the Internet. However, none of these efforts were pursued very seriously by either IBSA or the three countries individually.
Post NSA revelations, things have changed radically. Brazil has already raised this issue and plans holding a major international conference in April, 2014. A number of the organizations connected to Internet governance – such as ICANN, IETF, IAB, the W3C, ISOC and the five regional Internet address registries – met in Uruguay on 7th October, 2013 and issued a statement distancing themselves from the US Government and its actions and calling for an “environment in which all stakeholders, including all governments, participate on an equal footing.”
While this is indeed welcome, the issue still remains that unless such a globalization of Internet governance takes place under a treaty based framework, the rights of people or of countries cannot be protected. Alternatively, International Telecom Union remains the only other international body that can take up these issues.