An elite international group dedicated to preserving the Internet's free and unfettered qualities is calling for "a new global social compact" to counter the growing threats of digital spying and large-scale data theft.
"It is now essential that governments, collaborating with all other stakeholders, take steps to build confidence that the right to privacy of all people is respected on the Internet," said a report released Wednesday by the Global Commission on Internet Governance, an independent body led by former Swedish prime minister Carl Bildt and whose members include former U.S. Homeland Security secretary Michael Chertoff and Angel Gurría, secretary-general of the Organization for Economic Co-operation and Development.
The report by the commission – formed a year ago by two independent think tanks, Chatham House of the U.K. and Waterloo, Ont.-based Centre for International Governance Innovation – is intended to influence an ongoing global debate about how to counter the threats of an increasingly interconnected world. Data thieves have consistently kept ahead of companies and governments in ferreting out confidential data, while government-sponsored cyberspying has been exposed as a widespread practice. Meanwhile, many individuals are still not heeding basic warnings for how to protect themselves online from data raiders. A report this week by Verizon Enterprise Solutions found nearly one in four people open "phishing" messages intended to trick them into revealing confidential information such as their passwords, while one in nine click on attachments inside the e-mails that can wreak havoc on their computer systems.
The Internet governance commission calls in its report for governments to ensure "fundamental human rights, including privacy and personal data protection" are protected online and that any data snooping by authorities be done "for purposes that are openly specified in advance, authorized by law…and consistent with the principles of necessity and proportionality."
"The report reflects a consensus that it's very important that we not break the internet," said Mr. Chertoff in an interview. "Obviously there are security issues that are legitimate, and it's also important to continue to preserve elements of privacy and human rights, and we have to be able to reconcile those in a way that doesn't [result in] every country [creating] its own internet."
But cybersecurity experts said that while the commission's report adds another credible voice to the debate, its impact may be limited.
"This a very good and overdue first step at establishing international norms around a topic that has seen technology rapidly outpace policy," said Ray Boisvert, former assistant director of intelligence with the Canadian Security Intelligence Service in an e-mail. "Do I believe it will be immediately or wholly successful? No. The import of the internet, from commercial value to security and defence interests, and within a hyper competitive, globalized world, makes it almost impossible for nation states to place 'interests' behind this most needed application of the principles outlined in the text." Mr. Boisvert also took issue with the report's recommendation promoting end-to-end encryption of data, saying "if we accept that threat actors are already disproportionately taking advantage of the Internet, then we must also recognize that we need to always have ways to ensure lawful access to data – the same way we had to figure out how to legalize wiretaps forty years ago."
Avivah Litan, a Washington-based cybersecurity analyst with technology research firm Gartner, said the report "seems to me to be a paper exercise in futility. The only way to ensure privacy and security on the Internet is to control access to it and that's not in the cards unless you are in a country like China or Iran. It's always good to raise awareness on this subject but this commission needs to be practical about what it can accomplish."