Like this article? rabble is reader-supported journalism. Chip in to keep stories like these coming.
Canada was the birthplace and physical and intellectual home of Marshall McLuhan (1911-1980), undoubtedly a pioneering thinker about media, technology, and communications. I must admit that I side with philosopher Dwight Macdonald who argued that McLuhan’s “aphoristic” style clouded some of his undoubtedly valuable work with rhetorical vagueness. [Somewhere in the heavens I expect that McLuhan is thundering, as he did in his cameo appearance in Woody Allen’s film Annie Hall, “You know nothing of my work” — a critique which may indeed be valid.]
One observation of McLuhan’s that I think is undoubtedly correct, however, is that every medium exerts a “gravitational” pull on cognition, which has complex effects on a person’s understand of events, which in turn affects social organization.
Oral communications, written language, the printing press, visual arts, performing arts, radio, moving pictures and television all exert an influence not only on what we think, but also on how we think it. The linear or non-linear aspects of a medium, the degree to which it engages the reader/listener/viewer and the amount of individual interpretive space that it leaves them, are more than incidental to the message that is being conveyed, but can layer onto that message a host of values and preconceptions that can be every bit as important as the content of the message itself. I’m not sure that the medium is always the message, but there certainly is no message without a medium.
All of this brings me to cyberspace. Although McLuhan, who died a decade before the invention of the World Wide Web, is sometimes credited with prophesying its creation in his 1962 book, The Gutenberg Galaxy:
“The next medium, whatever it is — it may be the extension of consciousness — will include television as its content, not as its environment, and will transform television into an art form. A computer as a research and communication instrument could enhance retrieval, obsolesce mass library organization, retrieve the individual’s encyclopedic function and flip into a private line to speedily tailored data of a saleable kind.”
I see this a rather fanciful interpretation, much as one can find support for many propositions in McLuhan’s voluminous works. However, the Internet, the World Wide Web and the vast array of content and functionality that have come into existence in the last several decades, certainly provide a fascinating extension to McLuhan’s theses on the meanings of media. As moveable type and the Gutenberg printing press undoubtedly revolutionized the world in the fifteenth century, so too has cyberspace indelibly affected everything from consciousness to commerce in the twenty-first century. And one of the most perceptive thinkers and analysts of this brave new cyber world is Rafal Rohozinski.
Rohozinski is a Canadian expert in the fields of information security, cyber warfare, and the globalization of armed violence. He is the co-founder and CEO of SecDev and a fellow of the SecDev Foundation who has studied emerging trends in cyber warfare and patterns of Internet censorship worldwide. He was a principal investigator examining the Chinese Ghostnet cyber-espionage network and a contributor to the publications that examined the emergence of complex information controls in OSCE states, including an analysis of strategic cyber-war dimensions of the Russian-Georgian conflict. Rohozinski’s research focuses on the nexus of social and technological networks. He has developed pioneering approaches to the study of the telegeography of conflict zones, and fusion methodology, which tracks cyber-spies through cyberspace.
At a meeting of the Halifax International Security Forum I had an opportunity to discuss not only issues of cyber security, but larger questions of the governance of cyberspace and where and how this complex new cyber medium will evolve.
Christopher G. Majka: Many people are familiar with the concept of cyber-security as it pertains to their home computers. Others may have some idea of security as it relates to commercial and state issues. Some may also be familiar with Distributed Denial of Service (DDS) attacks. Can you briefly give a sense of what the range of concerns are?
Rafal Rohozinski: Well, I think they are rather broad. And the reason for that is because cyberspace has become the centre of gravity of pretty well everything that we do. Increasingly what we do as individuals, for example in terms of our privacy data or our health information data, is stored online. Increasingly our social lives are lived online. We meet friends, we join communities, and we interact with people whom we’ve never met through platforms in which we surrender part of our privacy in return for the utility of using them.
Increasingly this domain is also core to the functioning of government. Public services are now delivered, moderated, and mediated through communications. Commerce, both national and global, runs (via communications). In short, (cyberspace) has become critical infrastructure for the twenty-first century in ways that perhaps surpasses any other kind of infrastructure.
If you think about Canada as a country that was initially forged from sea to sea to sea, by rail and later by air and after that by television, cyberspace has really become the medium through which the lifeblood of Canada now flows. So cyber-security has become everybody’s issue. The problem is that it has emerged so quickly in ways that tie together social and technological functions, that we really have a gap between the importance of this critical infrastructure, and the maturity of policymakers and all of us in order to be able to address it in a way that preserves the fundamental rights that exist between citizens and states, that took hundreds of years to negotiate and are a social contract.
CGM: In your report, Canada and Cyberspace: Key Issues and Challenges you wrote that “Cybercrime costs the Canadian economy some $100 billion per year” and “Canadian carriers detect over 125 million cyber attacks per hour in the country.” These are simply phenomenal numbers. Are these 125 million attacks attempted phishing and advance fee fraud scams or do these include more serious things?
RR: The data came from a Bell Canada study that was done for the government of Canada. Bell Canada sits on top of approximately 90 per cent of the Internet as we recognize it in the country, which means that its perspective in terms of being able to detect events is far greater than anybody’s, including the government itself. So, when we talk about the scale and number of attacks, these are signatures of what Bell Canada can detect as being technical attacks. When there is a compromise of a computer, penetrations into corporate, government, or other kinds of networks. Or “beaconing,” which means viruses or malware talking from the computers that they have infected back to command and control servers. That is essentially what (these numbers represent).
But when we are talking about the costs of cyber crime we are talking about both the actual losses to individuals as well as the amount of time and resources and effort that has to be put into place to remediate security events that happen on an ongoing basis by governments, banks, corporations, and individuals. Mind you those figures were from 2012. They have now risen exponentially as penetration of these resources has expanded in Canada.
CGM: That’s simply astonishing. I can scarcely wrap my head around such numbers. Related to that, most people probably have little or no idea how cyberspace is presently governed. Can you give a brief overview of that “voluntary, diffuse, and multi-stakeholder process”? What are its strengths and weaknesses from the perspectives of governance and security?
RR: It’s an interesting question because the governance of cyberspace is really a consequence of how this network came into being. Let’s not forget that a mere 25 years ago, for most people, the Internet was a blinking green cursor on their CRT screen that they may have had access to if they worked in a University. So, when this network was put into place, it essentially scaled from a university-type network to something that now encompasses two-thirds of humanity.
In some respects, the governance structure that was set up for it was meant to replicate what was working on a local scale. Telecom carriers never really recognized the Internet until probably late in the 2000s. Which means that they treated the Internet as an overlay. They rented the facilities for someone else to run the Internet. What that meant was that the Internet avoided entirely the international agreements through the ITU (International Telecommunication Union) that governed telecommunications as a whole. So what we had was a kind of communal “kumbaya,” hippy-like governance structure, making the Internet scale exponentially to take on something that is now a major provider of services globally.
What made the Internet work quite well was that it had diffuse governance structure. Some people will say that it is a great example of a multi-stakeholder process where there is a kind of natural leveling because people crowd-source decisions. That’s true to a point, however, it’s also true that there have been key individuals who have made that system work. Those individuals are now starting to come to the end of their careers, both in terms of their lifespan and their productivity. And it’s a question whether or not, all other things being equal, that multi-stakeholder process will actually keep working in the absence of those key individuals within it.
What we’ve seen in the last five years is that governments have come to recognize that the Internet is actually a national resource. If it is something that carries the commerce of the nation, if critical infrastructure is dependent on it, then perhaps the rules that we have should be rules that conform to national institutions. In other words institutions that are accountable, electable, have recourse, and so forth. And we’ve seen that starting to come into play, where most governments, with the exception of the USA and some European states, have started saying that the governance of the Internet has to be brought into the framework of the nation-state system in order to give us predictability over this domain. It’s great that it has grown thus far, but at this stage of the game governments need to take over.
There’s an interesting analogy: in the early part of the last century when automobiles were first introduced into the roadways of the United Kingdom, who was responsible for the governance of driving?
CGM: I’ve no idea.
RR: The automobile association. Because driver’s associations were seen to have the expert knowledge to judge and deem what the rules of the road should be. Now, at this stage of the game, I doubt that you would have any government that would say that drivers should be determining the rules of the road. So I think that moving from the multi-stakeholder process towards more predictable forms of governance is actually a natural form of evolution. One that is being propelled faster now as a result of the (Edward) Snowden disclosures, which I think have raised even higher the understanding at the nation-state level that the Internet is a critical strategic resource.
CGM: In your report you discuss the historic “openness” of cyberspace as a global inter-operable network of networks that enables unrestricted communication for users and how this has been central to its development. What are the risks to this open nature of the Internet that are posed by regulation, monitoring, and control for cyber-security purposes?
RR: I’m not sure that I would put the two things as polar opposites. The Internet grew, and it was able to grow in the way I described earlier, as an overlay system on telecommunications because what it did was allow for communications to happen irrespective of what the hardware or infrastructure level was underneath it. In other words, the Internet will work over radio frequencies, on wireless networks, and on copper wires and fibre optics because Internet protocols are built that way. So, openness is built into the fabric of the Internet in order to overcome incompatibility at the infrastructure level — it’s part of its DNA.
It also creates a critical security vulnerability because the Internet can route around problems — but so can the bad guys. It creates a channel for them to be able to do that. There is a growing understanding that we need to put some “speed limits,” “stop signs,” and “yield signs” on the Internet. Not to fundamentally alter its openness at the infrastructure level, but to build predictability into the system.
The challenge, of course, is that what unpredictability of the system may mean for Canadian networks, which may be fundamental security of these networks so that transactions aren’t thwarted and people aren’t bilked out of their bank accounts, may be very different when we are talking about repressive societies where access to content may be the regulation that is sought. And that’s one of the biggest problems on the international level in agreements on cyber-security. Because for some countries, like China for example, it’s the control of content that matters not necessarily controlling insecurity in the physical aspects of the network itself. And I think that debate — in other words how the openness or enclosure of cyberspace will be defined in terms of the security aspects, content, or access — that really threatens to thwart the normative standards of the Internet, which have been empowering individuals to access information.
Here I would switch to a more philosophical tack to say that if you look at the impact of the Internet over the last twenty years it has fundamentally propelled the greatest leap in enlightenment and empowerment in human history. More people are empowered through knowledge to change the local circumstances of their lives now than at any other stage in history.
I’ve spent a lot of my career — seventeen years — abroad, including in central Asia, Africa, the Middle East, and for me what has always been the most fascinating thing to see is just how, at the local level, the appropriation of technology has fundamentally changed the dynamics of social, political, and economic life.
Just to give you some examples, in Rwanda, the first country in the world where cell phones outnumber the number of land lines, there are communities located on the banks of Lake Kivu that are able to find out what the prices of their fish will be in Kigali and decide whether on that day they should send more or less fish to market.
CGM: And presumably therefore decide whether it is worth their while to go fishing or not.
RR: Yes. In Gaza I’ve seen young men and young women following each other down streets. I didn’t know why they were walking around that way until I saw that they were hunched over their cell phones, texting to one another. They were using the technology as a means of overcoming barriers between interaction between men and women. These are very significant things because they challenge institutional order in these societies, and that, I think is something not to be discounted.
So, if I look at the rationalization of what security on the Internet may bring in terms of negative consequences, it’s perhaps a slowing down of that process, which I think has been greatly positive. And when you look back at it from a historical perspective, it may be the second great enlightenment.
CGM: This connects to what some of my central concerns in this area are. Increasingly cyberspace is seen as a vital economic resource, not only in terms of online commerce, but also in regard to command and control systems that govern the electrical grid, airline control and communications, telephone and Internet traffic, and the activities in many other sectors of society and the economy.
However, cyberspace is also a vital democratic resource. Knowledge is power, and knowledge is disseminated through communications structures. The ability to freely communicate, assemble — in person or electronically — distribute your views, organize, and disseminate political visions are all rights that are zealously protected in the constitutions of most countries in the developed world, including Canada’s.
The economic and democratic dimensions of cyberspace are critical to the functioning of a balanced democracy. Indeed, we see in the case of authoritarian states like China, how cyberspace is rigidly regulated, monitored, and controlled, much to the detriment of open and democratic processes.
How do we strike a balance? How do we retain cyberspace as an open commons of benefit to all, rather than a series of gated communities that not only exclude processes deemed undesirable, but also variously imprison its denizens?
RR: I think this is not something that we are going to decide: this is something that the global populace is going to decide. Where I become quite an optimist about it is the fact that I think we are living through fairly revolutionary times. Most people living through revolutionary times would not actually recognize this. We have a tendency to look at the artifacts and focus on the anecdotes while not actually seeing the pattern that that is emerging.
I think the fundamental changes that we are now starting to see at the very, very local level, in terms of empowerment, are the ones that will trickle up to effect politics writ large over the next ten to fifteen years. This is going to create pressure against and for governments in terms of how cyberspace is governed. Let me give you an example.
In Africa only 20 per cent of people have access to bank accounts. Yet 50 per cent of the world’s online transactions happen in Africa. If you recognize that one of the essential markers of state power is the ability to set value on labour and goods — to regulate trade, to print money — yet in Africa that somehow has now escaped the gaze and the powers of the state. We’re talking about a very fundamental reorganization of powers between individuals and states. The question then, is what is the role of states in these kinds of contexts?
I would argue that we are living through an era of open empowerment when the ability of individuals to express agency — to do things — is scaling faster than the ability of rule-making bodies to make rules and institutions. If we look at what happened in the Arab world during the Arab Spring, that’s essentially what we saw. We saw mobilized, heavily networked populations being able to route around institutions of order far, far faster than those institutions were able to react. The very same tendencies that we saw there were also responsible for the atavistic violence that we saw on the streets of London in 2011 when clever youth gangs were able to use Blackberries to outmaneuver security forces and essentially create a distributed riot. We’re seeing the rise of new political actors, whether it’s the Occupy movement, or Anonymous, or LulzSec — these are the new politics.
Now, here’s the important thing. Currently, of those people connected to the Internet globally, two-thirds are under the age of 35. Fifty per cent are under the age of 25. These are young adults just entering into the most productive years of their lives. These are where the ambitions of childhood meet the very real institutional barriers on those ambitions. This is the generation that has the most to gain, as well as the most to lose, by not changing the circumstances in which they live. I think that is the greatest catalyst for change that we will see, because those young adults are going to become the leaders of tomorrow. They are going to take the experiences that they have now, of mobilizing through this technology — whether it’s through communities that bridge trust on Facebook; whether it’s through social movements that they’ve created on the streets; whether it’s through protests that are exercised through the net — these will fundamentally define the politics of the future.
Think about it this way: the generation that’s shaped the way that we do politics in this country, and in the West, over the last thirty years, was born out of the media revolution of the 1960s — “the whole world is watching.” That’s what you’re seeing now on the streets of London, Cairo, Rio de Janeiro, and elsewhere. So, to my mind, the tension isn’t so much, “How is the present system of governance going to change cyberspace?” Yes, it’s going to have an impact. It’s going to have an impact because of the fact that cyberspace, as opposed to any other domain of human action — land, air, sea, or space — is a synthetic domain. You can literally change its physical properties by adjusting the code. So, it’s possible to regulate it in ways that you can’t regulate other domains, at the very technical level. But, I think that whatever changes are going to be imposed from the top, by China, North Korea, Iran (or other such states) will come up against the very vibrant creativity of a technically empowered, highly-motivated young generation that can actually counter it. And who do counter it quite successfully. Either in the technical domain, by creating tools and software that overcome (barriers), or by mobilizing for political change.
CGM: And that lies at the heart of the concern: being able to maintain that youthful vitality and imagination as an essential feature of that synthetic domain.
RR: And that will be tough. Every revolution, someone once said, eats it’s own children. [Note: Coined by French journalist Jacques Mallet du Pan (1748-1800), who wrote, “A l’example de Saturne, la revolution dévore ses enfants.“] The conservatives of the 1990s and 2000s that sent us into wars in Iraq and Afghanistan were the counterculture of the 1960s. So political attitudes change even though the methods may be retained. People have different perspectives in different parts of their lives. What is open and empowering and vibrant in their youth, may actually be seen as a threat and a risk when they hit their 40s and 50s. So I wouldn’t say that the jury is necessarily in, in the sense of the new generation preserving the openness of cyberspace. I think these things are quite pendular. But I do think that for the foreseeable future, simply because we have this exponential growth of empowerment, which for the first time is global — not localized; it’s not just happening in one culture or society — that it will continue to be disruptive for far longer. Which means that the trajectories of change aren’t going to be nearly as deterministic as they may have been in the past. In other words, the global politics that’s being forged is not the politics of the United States as a result of the rise of media in the 1960s, but really something far, far larger.
CGM: You have pointed out in your writings that this contest is more than a protean struggle between liberation and control. That there are legitimate and important tasks such as the screening out of child pornography, spam, various kinds of cybercrime, cyber espionage, and hacking and cracking activities of all kinds.
There appears to be a relentless campaign on the part of China, and in particular the People’s Liberation Army Unit 61398 connected to the Chinese National Information Security Engineering Center, to steal commercial information of all kinds and to acquire intelligence on groups that oppose them, such as the Dalai Lama.
Also, as a result of Edward Snowden’s recent revelations we also know that the National Security Agency (NSA) in the United States has been collecting massive amounts of information (124.8 billion telephone data items and 97.1 billion computer items) on citizens in the United States, Canada, Germany, United Kingdom, France, and elsewhere.
What are we to make of this activity? When laws are routinely broken by everyone, how are we to distinguish between black and white hats? How can we differentiate between what are legitimate efforts to detect terrorism, protect sensitive information, and foil disruptive activities, from intrusions upon civil liberties and unwarranted intrusions into people’s lives? In trying to stop cyber warfare and malicious hackers, how do we avoid becoming Big Brother himself?
RR: Welcome to the new normal. [laughter] Welcome to the world of open empowerment where we have all these avenues for agency, whether it’s by individuals, corporations, or states, existing in the absence of rules and institutions that define how to contain them.
I think that although Edward Snowden will go down in some minds as a traitor, he will really be remembered as a catalyst for the beginning of a very, very important discussion, which is essentially how do we redraft the social contract between individuals and states — and everything that comes in between, corporations and others — within the new cyber era.
I think this is very important because in just about every other aspect of our lives, imperfectly or perfectly, we’ve come to an understanding of what constitutes individual rights and what constitutes community security. Things where we need to surrender part of our individual liberties for the common good. We haven’t really done that in cyberspace because of the fact that this domain has emerged so rapidly that essentially it’s been an opportunistic domain where corporations have defined the rules for themselves.
For example, when you say that the NSA collects vast amounts of information about individuals illegally. Well Google or Microsoft, for example, collect far more information about individuals legally. We surrender information legally, to bank account holders, to VISA credit card holders. So we have become ‘digi-fied’ and ‘data-fied’ in ways that are multiple and complex without really defining what are the sort of things that we want protected in this domain, and what are the things that we need to surrender. It’s tempting sometimes to see this in black and white terms as in individual liberties and libertarianism. I don’t think that it’s nearly as simple as that.
CGM: There has been in the past been a lot of focus on developing media literacy so as to allow people to understand and interpret the reportage being delivered to them. Perhaps we now need to develop an equal emphasis on fostering cyber literacy. For example, that posting information about yourself — any information — puts that out into the public domain in a way that can be exploited by anyone.
RR: You raise an interesting point. You care about this because for you that constitutes something that is an intrusion, that transgresses between you as a private being and you as a public being. Ask the same question of an 18-year-old and you’ll get a very different answer. That’s because there’s a utility function there. They are surrendering that information, which they don’t necessarily see as something that has to be kept private, as a fair exchange for the utility that they derive for being able to know the same about their peers, communities, and others.
I’ll tell you an interesting fact. We run a program on behalf of the United States government through their Department of Democracy, Rights, and Liberty that provides assistance to the Syrian opposition. What that means is that we provide them with tools so they can securely communicate in the war zone that is Syria.
And we did a really interesting study to see why people are actually using Facebook in Syria. Because right now according to most accounts including Facebook’s, of a population of around sixteen million, there are between three and four million Syrians registered on Facebook. It is actively being used by local coordinating communities, humanitarian groups — non-violent actors as well as violent actors. The interesting answers we got from our study were: “I met people on Facebook that I would never have been able to meet in real life. I made relationships that would have been impossible prior to the conflict.” That sense of community coming together, especially in a war zone where the physical barriers between groups are so hard to breach, it’s really powerful. And if it’s happening in Syria, how powerful is it in Canada in terms of forging community? That’s the utility function that I’m talking about.
It’s difficult for different generations with different perspectives to share each other’s universe. As much as our generation has a role as the ‘greybeards’ to warn against the excesses of power one way or the other, whether it’s towards anarchism or towards formal institutionalism, the reality is that those new relationships, those new normative maps of the universe, will by furnished by that under-twenty-five generation for whom this is a living, breathing environment, far more than it is for us.
CGM: Undoubtedly so. Perhaps as figurative “greybeards” we have the responsibility to bring some perspective to this marketplace of ideas. Understanding what we give up in return for that utility.
RR: I think that is absolutely correct. If there’s a role for us “greybeards” it is to give that historical perspective, to perhaps give the judgment that only comes with age. Let’s remember that radio may have been a great thing in terms of empowering populations for a previous generation, but it was also responsible, in part, for the genocide in Rwanda. So, our role is to prevent the Rwandas of the future. The lapses of judgment that may throw us down the dark, deep rabbit hole. Whether it is eugenics or the use of mass media for genocide.
CGM: Remember Leni Riefenstahl.
RR: That’s where we can play a positive role. But the real practicalities, the new rules of this domain, they won’t be written by us.
CGM: Many thanks for your time.
As Rafal Rohozinski makes clear, there is little doubt that the advent of cyberspace has been and continues to be transformational, and in ways that are frequently unforeseen. Geographically decoupled communities of interest; real-time tactical and logistical organization of protests; E-commerce that spans the globe and provides virtually every good and service imaginable; vast archives of searchable information from the present and past; streaming video and massive multiplayer online role-playing games (MMORPGs); information systems related to telecommunications, defense, transportation, electricity, and virtually every other utility; national and corporate cyber-spying and counter-espionage; hackers, black-hats and white-hats or every kind; and almost unaccountably many other activities.
It is replete with almost every visionary and malignant possibility imaginable. One can see within it opportunities for an astonishing gamut of empowerment and agency, and also the pernicious loss of privacy, invasion by hackers and cyber-bullies, and loss of agency as the data of personal lives are bought and sold by corporate interests, ever able to better target more seductive advertising missives that brainwash obsessively-compulsively addicted cyber-serfs chained to their smartphones, existing bereft of life and friendship in the real world, and adrift in the miasma of the virtual. Do I overstate the concerns? Perhaps.
As a certifiable greybeard, my historical perspective includes hours spent in the basement of a computer sciences department, meticulously typing out Fortran code on a fantastically noisy cardpunch machine for an IBM 360 computer whose core memory — which I once saw during routine maintenance — consisted of unfathomably numerous tiny magnetized rings crisscrossed with ultra fine copper wires, which could change the value of a byte from “1” to “0”. The U.S. Department of Defense’s ARPANET did exist, but no one else was on any sort of computer network. When a colleague wanted to share a program with me he sent me a box of cards in the mail.
One generation further back, my father, who grew up in a rural Polish village following the First World War, recalled the first time an aeroplane flew over his town, the first car that drove through its streets, and the first radio that a neighbour purchased — which drew a sizeable and appreciative audience as people listened to evening broadcasts. He lived to see men stand on the moon and laptop computers.
As Rohozinski points out, the speed at which this medium has developed is astonishing, and this has left us with only very rudimentary guidelines with which to navigate this increasingly complex domain. We have centuries of civil, constitutional, and legislative law covering our interactions on land, sea and air; copyright law, hate propaganda legislation, constitutional and United Nations protections for freedom of speech, expression, and the press; licensing and regulation of television and radio airwaves on national and international levels, and many other instruments that capture activity of times and media past. However, we are still grasping at the issues of cyberspace and what principles should come into play in balancing competing interests in this domain — let alone developing the international agreements that can ensure these goals.
The socially transformative potential of cyberspace is remarkable, as is its commercial potential. It contains both empowering knowledge and useful information, as well as triviality, vitriol, and corrosive disinformation. Corporate capitalism will not hesitate to devour it, nor will unprincipled governments hesitate to exploit it to subvert the very freedoms it promises to deliver. If civil society is to reclaim the social, environmental, economic, and political commons from the myopic focus on profit of shareholder capitalism, we must not yield the cyberspace commons to forces that would control it for their own gain. Here’s to the next generation to accomplish this.
Like this article? rabble is reader-supported journalism. Chip in to keep stories like these coming.