Ambassador Andrey V. Krutskikh,
Special Coordinator for Political Use of Information and Communication Technologies,
Ministry of Foreign Affairs, Russia
Dear Ladies and Gentlemen,
First of all, I would like to express my gratitude to the organizing committee of our forum for the invitation to come here. In international political parlance, it has been known for a long time as ‘Davos of International Information Security’. Here, we can have a good opportunity of discussing this hot-spot and other top-priority issues in both a formal and informal setting.
I am awfully sorry that the founder and the organizer of this forum Vladislav Petrovich Sherstyuk has been unable to get here due to ill health. Thanks to his input and drive, the Russian national flag will be fluttering over this historical building in Garmisch-Partenkirchen during the entire week for the seventh year running. I hope that within a short while, Vladislav Petrovich will continue to benefit the cause of Russian and international information security (IIS).
In my speech, I would like to address the topic that has never before been presented in an explicit manner in Garmisch, that of a diplomatic or political ‘tug of war’ in the field of IIS. With a view to making my address as fair-minded as possible and less intense than normally coming from the political pulpit, I am speaking not in my official capacity, like most of you sitting here, but as an expert in my academic field.
My speech will include an epigraph, a ‘horrible’ introduction and, basically, the main part.
As an epigraph, I would like to quote the recent words of Press Secretary of the President of the Russian Federation (14.04.2013) D. Peskov, who stressed that «… the whole world situation calls for closer relations between Russia and America.» This issue has a larger scope than the responsibility of these nations for global stability. The United States was the first nation that we brought up with the issue of policing IIS when Russia made it the subject and the object of the global publicity back in
1998. Unfortunately, today we are facing each other across the opposite sides of the diplomatic and political ‘tug of war’ on a range of points and views in this area.
Please note that this doesn’t imply that the role played by the other nations is immaterial. On the contrary, it is critically important. We encourage the involvement of the entire international community in discussions and decision- making relating to the use of information and communication technologies (ICT). There is even the appropriate term, sounding extremely awkward in the Russian language multi-stake participation model in the negotiation process, i.e. with participation of Governments, non-government bodies, civil society, business, and even individual users. Without well-coordinated interaction of all these actors, it is difficult to develop a way of using ICT that, relying on the specific nature of these technologies, would eliminate the still existing safe havens for cyber-criminals, cyber-terrorists and other hostile uses of ICT, which would make redundant international cooperation in the field of IIB.
Given the global nature of ICT, I believe that no matter what negotiations are underway on IIS, including at regional level, these should take into account the position of other nations, such as China and the remaining BRICS members (echoing the Russian approach on essential points), members of the EU and developing nations. Regional and bilateral cooperation measures produced in the field of IIS should not make anyone suspicious and should play one region against another.
And there is yet another argument for picking the epigraph. At times, I am used to hearing at international meeting venues on IIS, the use of ICT. Some of Washington’s closest partners deliver the message: reach agreement the United States and we will keep our part of the bargain. Well, it will be working, as great Andrei Gromyko once said, «towards building a policy with that thing in mind».
Now we are moving onto the ‘horrible’ introduction. I will say in advance that I will use what I am going to say as a hyperbole so as to add more clarity to my thoughts. Those journalists and participants in official negotiations attending this meeting know that I am a practiced hand in using all kinds of comparisons and analogies that sometimes help get more insight into processes ongoing in the political and international area.
Let us for a moment imagine that those who are sitting here, are the ‘bad guys’, ‘drug cartel lords,’ with global ambitions to extend our ‘goods’ all over the planet. What systematic macro level decision approach are we going to put into use? I can vision it in the following way.
1) First of all, we will try to convince the world that drugs are only for the benefit of mankind, that life is impossible without them and, therefore, what is needed is completely free access to them.
2) In order to ensure that everyone can use them, i.e. ‘get hooked on our needle’, it is necessary to build an appropriate technical and methodological capacity.
3) So that, as the saying goes, we would have everything and we wouldn’t be liable be for it, our activities should be legalized, i.e. we should adopt appropriate domestic and international laws. The main thing is to substitute the principle of the prohibiting illegal activities for our principle whereby their victims can, on an individual basis, raise complaints with our global cartel in isolated cases.
4) Since we have business rivals, then there can be in-fighting and wars between them. In order to avoid mutual destruction, we must agree on rules of engagement.
5) Ideally, it is important to ensure the profitability of our business in any case, and to this end, it is necessary to make a down payment for our services, i.e. to provide control over financial resources of every consumer.
All of these considerations underlie the strategic logic of carrying out our
criminal plans. Tactics and ideological wrappings of our activities can, surely, vary.
And, finally, the main part of my speech.
March was a hectic time full of various activities in the area of IIS – multilateral and bilateral negotiations. I would like to draw your attention to events that are of no great magnitude, although highly representative of the countries’ positions in the field of IIS. During March, two speeches were made, one in the beginning and the other in the end of March, by my American counterpart from the U.S. State Department Chris Painter. My speech was made at an interagency meeting as part of a congressional hearing.
What is interesting about these speeches? Without any collusion, both officials (our respective positions carry the same title) – coordinators on the political use of ICT – were speaking nearly the same professional language, on the same subject and using almost identically structured reports. All of this points to the fact that there is a common understanding of the problem at hand, related threats and the priority status of the IIS issue and that we ‘are in the same boat’ and there is growing awareness of the need to take joint action, and that none of us, alone or even together with the closest allies, are in a position to confront the adverse tsunami effects dubbed «the ICT revolution».
Were there any differences? Yes, there were! By way of a joke, I will say that that they were of syntactic nature. Where my colleague put a full stop, although he was speaking before me, I put a comma and made short additions. The reason I am specific on this point is that it is the essence of a political tug of war in numerous international negotiations through diplomatic channels.
First, both of us were making a case for the significance of Internet access in particular and ICT as whole being in nearly the same passionate way and almost in the same terms. The essence of these technologies lie in their global nature and accessibility. No one challenge this point of view. Probably, it can be acknowledged that the freedom to use ICT is one of the basic human rights. However, there are political ‘radicals’ who place this right above all other human rights. One finds it difficult to connect with such an extremist approach, as well as with the formal statement of this right of free access. The freedom without proper accountability can be the one-way street to anarchy and lawlessness; it poses a threat of being self-detrimental. No freedom of access should be granted to criminals, terrorists and aggressors. On appearance, it might look plain and clear. But anytime we intend to reflect this balance of freedom of and responsibility for the use of ICT in international documents, the tug of war of political controversies starts to tighten. You can mention the freedom whereas you can’t mention the responsibility. One notion is substituted for another: when nations exercise their right of sovereignty, they get vocal about censorship, in business relationships, etc.
This ‘tug of war’ is doubly counterproductive, since mankind has learned
to deal with the problem of giving the topic balanced treatment.
The famous International Covenant «On Civil and Political Rights» of December
19, 1966 explicitly states that the use of these rights carries with it special duties and responsibilities and may therefore be associated with some limitations: a) For respect of the rights or reputations of others b) For the protection of national security or of public order, or of public health or morals (Article 19).
Unfortunately, my counterpart made no mention whatsoever of responsibility for the use of ICT in his report. He puts the full-stop right away after the reference to freedom.
Second, fueled by the United States and some of its partners, the issue of building capacity is gaining more popularity in political discussions on the international arena related to IIS matters in the last year and a half. Attempts are made to include it in G8 documents or in the UN Forum on Cybercrime, i.e. virtually anywhere possible.
Who objects to covering the ‘digital gap’ and rendering appropriate technological assistance, especially to developing nations? Declarations alone will be of little use here. It is necessary and high time that this program should prepared in detail and doubts should be removed as to whether it would meet its objectives answering the questions that we are accustomed to hearing in bilateral consultations with other nations.
Many of them voice their concerns that such assistance could turn into technological neo-colonialism; becoming a disguised form of lobbying individual producers setting some discriminatory standards of technological development; attaching political conditions and adversely affecting their sovereignty.
It is important to ensure that the assistance in the capacity building program, should not, on one hand, become a cover for interference in the internal affairs of recipient countries, and that, on the other hand, it should not give additional muscle to the «digital Frankenstein» Ultimately, inflicting damage on donor countries; that obtained know-how should not be used for illegal or malicious purpose.
Third, in the fight against cybercrime, the United States and European Union are actively imposing the legal scheme of tackling criminal problems in the field of ICT by globalizing the famous Budapest Convention 2001 passed by the Council of Europe. Over 12 years, it has been signed by 49 nations and ratified by 39 nations. An overwhelming majority of nations, including Russia, are skeptical, if not suspicious of it, and are not going to join it.
In our view, this paper in essence «gives the green light» to interference in the internal affairs of other states and unauthorized access to their information space, ignoring their sovereignty in the information space. Also, the Convention is extremely outdated. According to experts, it treats as criminal only 9 instances of illegal use of ICT, while there are about 30 of them nowadays. It contains no concepts, such as cyber-terrorism or botnets, nor does it account for the realities of the legal systems in countries that are not included in the eligible, but very limited set of its original authors.
In order to combat on a global phenomenon such as cybercrime, it takes a rather highly partisan approach, meaning a general and contemporary document drafted under the UN framework with unqualified participation of all nations that would take into account every benefit of the Budapest convention and regional best practices and was not affected by their weaknesses and limitations.
Fourth, quite a stir is being raised over whether international law applies to modern military and political conflicts in the information space, or relating to the use of ICT. It is very much unclear, and inconsistent, because of the fact that the contemporary international law originated before the revolutionary breakthrough followed by the development and application of ICT and, accordingly, without regard to developments generated by this process.
From our perspective, rather than the formal declaration of the applicability principle, we should be looking at the principle of adapting international law to new phenomena in the information/digital environment. Unmodified application of old rules to new developments may cause the opposite effect. Perhaps politicians and lawyers must urgently take up the job of developing new rules of law and definitions.
The main thing is to grasp the following: we all stand for prevention and control of a cyber-war and therefore for its legitimization. Russia unreservedly supports the first option. The second option leads to the notorious concept dating to the 1960’s, the full swing of the Vietnam War, the so-called ‘limited nuclear war or nuclear escalation’ of armed conflicts, now applicable to the use of ICT.
For starters, one might think of cooperation on information security of critical infrastructures and the so-called confidence-building measures rather engaging in ‘a tug of war’ over the applicability of international law.
Fifth is the economic or financial side of IIS related to national security and social stability. It is known that the global and irreversible trend of economic development in the world is the migration of financial accounts to a virtual scheme of things and as a result complete removal of cash out of circulation.
It presents us with a challenging question – would the generally positive process of putting the economy on a non-cash basis lead to a new political super- goal which will be implemented according to the following formula: those who control the use of ICT, are in control of the financial flows and therefore, world politics? Will the next global redistribution of power within the oligarchic elite that ensures a position of superiority in the world economy prove to be a prelude to disasters, including those of a military and political nature, where mankind will be made to act as a martyr — as has repeatedly been the case throughout history?
Let me give a specific example to show how it will work out in practice. Since you’re all tired, I’ll do it in such a way as to put a smile on your faces. When I came in Garmisch on this occasion, my friends and I went to a nearby store to buy something to celebrate this event. Due to technical reasons, our credit cards were not accepted and we failed to buy something that we needed. Here we have an example of social instability fraught with political consequences, especially, if such disruptions in the global economy are caused at someone’s arbitrary will.
So, the simple conclusion is self-evident – the «asteroid» of our common global cyber-danger is on an approaching trajectory. We are losing time available to take political action for mutual protection. What needs to be done is stop pulling over the blanket or rope to your side and reach within a short span of time some specific international agreements on rules or principles of responsible behavior of states, on measures of trust in the information space, on prevention of an arms race, and on cyber confrontation that may put international peace and security to a very tough test.
This speech was delivered at the 7th Scientific conference of the International Research Consortium on Information Security, as part of the International Forum on «Partnership of state authorities, civil society and business community in ensuring international information security», held on 22-25 April 2013 in Garmisch-Partenkirchen, Germany. It is published on Digital.Report with an explicit permission from the conference organizers.