Let’s take a brief trip back to the pre-Ed Snowden era, when those of us who warned that the United States was the biggest threat to online security on the planet were dismissed as “cyber anarchists” and conspiracy theorists.
Last December saw Anglophone countries refuse to sanction what was portrayed as an attempt by the International Telecommunications Union to take control of internet regulation, partly for the benefit of uncompetitive European telcos, and partly for the benefit of some of the world’s most repressive régimes.
As we now realise, the efforts of the US and faithful allies like the UK and Australia to block the ITU weren’t only or perhaps even mainly in favour of protecting the online rights of their citizens, but to safeguard their massive investment in global internet and telephone surveillance.
Now the ITU is back for another bite at the, um, cybercherry.
In a speech this week in (where else?) Geneva, ITU secretary-general Hamadoun Touré called for the establishment of a “global framework on securing cyberspace” in a “multilateral but also multi-stakeholder fashion”. Touré pitched the ITU’s IMPACT as an appropriate model for an “alliance against cyber threats”.
What’s IMPACT? It’s the ITU’s Malaysian-based cybersecurity arm. However, it is in effect boycotted by nearly every Western country — few European countries participate and no Anglophone countries. Nor does Russia.
If you read Touré’s speech, you’ll see a lot of familiar things from corporate and government cybersecurity spruikers. Like any good cybersecurity advocate, he invokes child abuse. He also quotes a stream of statistics on cybercrime, which are “alarming” and getting worse. And he says online rights are subordinate to security:
“And it is clearly essential to protect the right of the freedom of expression; the right to communicate; and the right to privacy. But we must recognize that none of these freedoms can exist without security — especially in the online world.”
And Touré’s only (faint) allusion to the Snowden revelations, which confirmed that the greatest threat online isn’t cybercriminals or hackers or $2 an hour denial of service vendors but the US government, was a reference to “major recent events, and the global debates they have sparked” which “demonstrate the challenges that are faced in finding the right balance between security and privacy.”
Like most cybersecurity spruikers, Touré’s statistics are demonstrably wrong or unevidenced (we’ve harped a lot on this issue). He claims there was a 30% rise in the number of “web attacks” between 2011 and 2012, then says the global cost of cybercrime was US$110 billion — the equivalent, he says, not particularly compellingly, of the GDP of a country like Bangladesh.
The source for the US$110 billion claim is a recent report by Norton, a cybersecurity vendor; the source for the 30% rise claim, Symantec, which owns Norton. The problem — well, one problem — is that the two figures are incompatible. What the Norton report won’t tell you is its 2012 iteration of the same report claimed the direct global cost of cybercrime was $114 billion. So, according to Norton itself, the cost of cybercrime fell by US$4 billion or 3.5% in 2012.
Oops.
Of course, the number of attacks could have increased by 30%, as Symantec claims; maybe they just got over 30% less rewarding. But that doesn’t fit the cyberhysteria narrative either. “Cybercriminals are becoming more skilled,” Touré insisted. Oh, and that original US$114 billion figure? It’s been debunked by Australian Patrick Gray.
But there’s a reason why the head of the ITU is parroting cybersecurity vendor data — it’s in bed with them. Two years ago, Touré signed a memorandum of understanding with Symantec to spruik the company’s reports; Touré now writes forewords for them. Touré said primly:
“As the effectiveness of advanced threats becomes more obvious, activist groups, corporations, and even governments will find themselves tempted to use similar approaches to achieve their goals.”
The only thing in the way, apparently, is the ITU’s proposed “global framework to secure cyberspace”.
All credit to Touré and the ITU: having failed to gain control of the internet, they’ve learnt from the best in their new effort — the very governments that stymied their first attempt.
You will find that the definition of cybercrime is always very vague in these type of reports. Security software vendors aren’t keen to tell you that their statistics include lots of estimates due to “known under-reporting”. They often include all credit card fraud, much of which happens in the physical world when wallets are nicked or post-boxes robbed. Unfortunately, this stuff gets quoted by governments and the press as though it were reliable and valid. It isn’t. It’s marketing.
….and as we inch towards this Brave New World….what then..who do we trust..or is that a nonword like all the other nonwords that we are not allowed to mention these days.
Like a thief in the night the changes to society have come and gone with but a rustle in the trees. And the plebs go about their business.