The New Digital Dark Side

Eric Schmidt and Jared Cohen, authors of The New Digital Age, acknowledge that “technology doesn't just help the good guys pushing for democratic reform—it can also provide powerful new tools for dictators to suppress dissent."

Schmidt and Cohen aren’t the only ones worrying about technology’s dark side: US technology companies and regulators, too, are grappling with increasingly complex questions concerning digital censorship, privacy, surveillance and the export of these technologies to repressive countries. But concerns about the potential misuses of this technology should not be limited to authoritarian regimes.  Domestically, the U.S. is still struggling with digital surveillance and the implications of big data, and has yet to find a balance between security and protection of our civil liberties. Understanding the link between our domestic and foreign policies will be critical as we attempt to create frameworks to harness the potential of these new technologies while minimizing their harms.

Digital tools can transform the way ordinary citizens organize and communicate while living under repressive regimes. But the Green Revolution in Iran and Arab Spring also brought issues of government censorship and surveillance to the forefront. After the regimes in Egypt and Tunisia fell, for example, details emerged about the extensive censorship and surveillance systems those governments had built to control how citizens accessed the Internet within their borders. What’s more, much of the technology they used had been produced and sold by companies based in the United States and Europe.

Despite increased awareness, the problem has grown in the past few years. In January, researchers revealed that they had found devices produced by Blue Coat, a company based in California, in a number of repressive countries around the world (including several subject to US and UN sanctions). One of the primary uses for Blue Coat hardware is to filter and monitor individuals’ activity on the Internet—which is why it’s particularly concerning when it shows up in countries that have been named as “enemies of the Internet.”

Former Secretary of State Hillary Clinton first declared that Internet Freedom would be a major component of U.S. foreign policy nearly a year before the Arab Spring began. Since then, there has been a relatively strong bipartisan show of support in the U.S. for the Internet freedom agenda.

For example, the idea of the “electronic curtain” being drawn around Iran—where the government controls much of the infrastructure and allows Iranian citizens only filtered and monitored access to the Internet—draws outrage from both sides of the aisle in Congress. Policymakers even tried to address Internet freedom concerns in the Iranian and Syrian sanctions regulations by carving out exemptions for certain communications software vital to the work of democracy and human rights activists and imposing additional penalties on individuals companies providing information technology that could be used to restrict speech or monitor citizens. Proposed legislation like the Global Online Freedom Act raises the question of whether additional measures are needed to control the export of these technologies to countries that are not sanctioned but have a demonstrated history of digital surveillance linked to human rights abuses.

These concerns about technology and freedom abroad grow more relevant every day, but they are often divorced from (and even at odds with) concerns about protecting domestic civil liberties and privacy on the Internet. Even as Western governments express concerns regarding widespread digital surveillance and promote internet freedom abroad, Americans policymakers are advancing new policy proposals that would gravely erode legal privacy protections.

Take, for example, the Cyber Information Sharing and Protection Act (CISPA), which passed the House this April. CISPA, originally introduced in late 2011, would allow for seamless information sharing of user data and communications between private companies and the government. It aims to make it easier for governments to investigate cyber threats and preempt cyber attacks. However, CISPA has been widely criticized for its lack of civil liberty and user privacy protections: In addition to allowing warrantless surveillance of digital communications and absolving technology providers from any harm that results from misusing private user data, CISPA overrides all existing laws that protect user privacy, including the privacy protections that distinguish the United States from the repressive regimes like Iran and Syria. Due to these shortcomings, the White House has issued a veto threat, stating that it will not allow CISPA to pass unless these major concerns are addressed.

“One of our core concerns is that unless people fight for privacy, they will lose it in countries which have no history of concern over privacy,” Schmidt noted in a recent interview with NPR. However, these concerns regarding privacy, security, and surveillance are often limited to the Global South. “In the Western world,” Schmidt asserts, “the governments will ultimately figure out a balance.” Legal systems in the US and other developed nations are arguably more robust than those of repressive regimes. However, the past decade has exposed legal shortcomings in here in the U.S.: Government legislation and regulation are not keeping pace with the privacy and security concerns raised by new technology. Recent attempts to reform the Electronic Communications Privacy Act (ECPA) highlight the extent of the gap between the law and technology: technology companies and advocacy groups are currently grappling with how to update 28-year-old law that governs how the government can access citizens’ emails.

This ambiguity is especially relevant given the growing uncertainty surrounding corporate surveillance in the United States. In a recent article, security expert Bruce Schneier describes how popular social networking sites, search engines, web platforms, and mobile apps are collecting an unprecedented amount of private user information. Although regulators acknowledge this phenomenon, important questions remain unanswered: to what extent should users be made aware of the tracking, and what tools should they have to control their digital profiles? What mechanisms should govern data sharing between third party data brokers and the government? In the face of such uncertainty, it seems presumptuous to assume that US lawmakers will instinctively find the perfect balance between civil liberties, security, and privacy.

States will undoubtedly follow different processes to address privacy and security concerns, but given the borderless nature of digital platforms, technology policymakers and advocates in the US ought to more explicitly consider the links between domestic and international privacy and surveillance issues. Absent regulatory and legal frameworks that strike a balance between privacy and security at home, it will become increasingly difficult for the United States to credibly distinguish between the good and dark side of the digital revolution abroad.

This post originally appeared on In The Tank, a blog from the New America Foundation.