Background Paper


Rex Hughes, “The Contest of the Cyber Commons,” Background Paper for Securing the Cyber Commons: A Global Dialogue March 27-28, 2011, The Munk School of Global Affairs, University of Toronto

Excerpt: On March 27-28, thought leaders from business, government, and the academy will gather at the new Canada Centre for Global Security Studies in the University of Toronto Munk School of Global Affairs to discuss the intersection of world order with cyberspace. Although, a mere science fiction term coined slightly over a quarter of a century ago by North American writer William Gibson, cyberspace is becoming a defining element of the 21st international affairs–
especially, as it pertains to economic and military domains.

Liberation and Control: Contesting Cyberspace


Ron Deibert, and Rafal Rohozinski. “Liberation vs Control: The Future of Cyberspace.” Journal of Democracy 24.1 (2010): 43-57.

Summary: Among theorists of new information and communication technologies, there is a persistent tension between those who see them as technologies of liberation, and those who see them as technologies of control. We argue that the dichotomy itself is misleading, suggesting a basic opposition between forces of light and forces of darkness. In fact, the situation is much more complex and needs to be qualified. Rather than seeing technologies in oppositional terms, as either “empty” vessels to be filled by human intent, or powerful forces imbued with some kind of agency that no one can withstand, technologies are complex and continuously evolving manifestations of social forces of a particular time and place. Once created, technologies in turn shape and limit the prospects for human communication and interaction in a constantly iterative manner. This dynamic is especially evident in the case of cyberspace, a domain of intense competition, one which creates an ever-changing matrix of opportunities and constraints for social forces and ideas. Social forces and ideas, in turn, are imbued with alternative rationalities which collide with each other and affect the structure of the communications environment. Unless the characteristics of cyberspace change radically in the near future, and global human culture grows monolithic, linking technological properties to a single social outcome, like liberation or control, is highly dubious.

Larry Diamond, “Liberation Technology.” Journal of Democracy 21.3 (2010): 69-83.

Summary: The Internet, mobile phones, and other forms of “liberation technology” enable citizens to express opinions, mobilize protests, and expand the horizons of freedom. Autocratic governments are also learning to master these technologies, however. Ultimately, the contest between democrats and autocrats will depend not just on technology, but on political organization and strategy.

Evgeny Morozov. “Freedom.gov: Why Washington’s Support for Online Democracy is the Worst Thing Ever to Happen to the Internet.” Foreign Policy 184 (2011).

Excerpt: “The Internet is far too valuable to become an agent of Washington’s digital diplomats. The idea that the U.S. government can advance the cause of Internet freedom by loudly affirming its commitment to it — especially when it hypocritically attempts to shut down projects like WikiLeaks — is delusional. The best way to promote the goals behind the Internet Freedom Agenda may be not to have an agenda at all”.


Commerce and Control: Economics of the Cyber Commons


Global Network Initiative. Principles on Freedom of Expression and Privacy (2008).


Excerpt: “These Principles on Freedom of Expression and Privacy (“the Principles”) have been developed by companies, investors, civil society organizations and academics (collectively “the participants”). Information and Communications Technology (ICT) companies have the responsibility to respect and protect the freedom of expression and privacy rights of their users. ICT has the potential to enable the exchange of ideas and access to information in a way that supports economic opportunity, advances knowledge and improves quality of life. The collaboration between the ICT industry, investors, civil society organizations, academics and other stakeholders can strengthen efforts to work with governments to advance freedom of expression and privacy globally. For these reasons, these Principles and their accompanying Implementation Guidelines establish a framework to provide direction and guidance to the ICT industry and its stakeholders in protecting and advancing the enjoyment of human rights globally”.

Global Network Initiative. Inaugural Report (2010).


Summary: “The report focuses on the emerging trends related to freedom of expression and privacy issues online in the two years since GNI was launched; the work of the current three member companies to implement GNI’s Principles and the vision and work for GNI in the future”.

Colin M. Maclay. “Protecting Privacy and Expression Online: Can the Global Network Initiative Embrace the Character of the Net?.” In Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace, edited by Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain, 87-108. Cambridge: MIT University Press, 2010.

Summary: This chapter examines the context in which GNI has emerged, describes its structure and intentions, explores some concerns, and highlights some of the challenges GNI must address to fulfill its intended purpose. Issues that will impact success include the tensions among structure and flexibility, aspiration and practicality, and refining known approaches and creating new ones. While these considerations play into many elements of the initiative, they are particularly salient with respect to accountability and governance. I offer these thoughts as objectively as possible, recognizing my personal participation throughout the process, to support collective understanding of both this process and emerging institutional approaches to governance in the knowledge society.

Rebecca MacKinnon,. “Shi Tao, Yahoo!, and the Lessons for Corporate Social Responsibility.” Working paper presented at the International Conference on Information Technology and Social Responsibility, Chinese University, Hong Kong, December 2007.

Summary: In 2005, Chinese journalist Shi Tao was convicted and sentenced to ten years in prison for leaking state secrets abroad. Key evidence cited in Chinese court documents included information about Shi’s account supplied by Yahoo! to the Chinese State Security Bureau. Condemnation by human rights groups and investors, U.S. congressional hearings, a Hong Kong government investigation, and a U.S. lawsuit followed. This paper documents the core facts, events, issues and debates involved. The Shi Tao case highlights the complex challenges of corporate social responsibility for Internet and telecommunications companies: They are caught between demands of governments on one hand and rights of users on the other – not only in authoritarian countries such as China but in virtually all countries around the world. While there are no simple or quick solutions, Internet and telecoms companies seeking to establish trustworthy reputations across a global customer base cannot afford to ignore the human rights implications of their business practices. Users and investors have a right to demand that user rights be respected. If companies fail to respect user rights, the need to develop non-commercial, grassroots alternatives will become increasingly important if privacy and free expression are to be possible anywhere.


Google. Enabling Trade in the Era of Information Technologies:Breaking Down Barriers to the Free Flow of Information (White Paper). November 2010.

Summary: The transformative economic benefits of the Internet are under threat, as increasing numbers of governments move to impose onerous limits on information flow. The international community must take action to ensure the free flow of information online. Governments should honor existing international obligations including under the World Trade Organization (WTO) Agreement, prevent trade barriers created by information regulation, and develop new international rules that provide enhanced protection against these trade barriers of the 21st century. To realize the full potential of the Internet as a global marketplace and platform for innovation, policymakers in the United States, the European Union, and elsewhere should pursue three steps to break down barriers to free trade and Internet commerce: Focus on and publicly highlight as unfair trade barriers those practices by governments that restrict or disrupt the flow of online information services; Take appropriate action where government restrictions on the free flow of online information violate international trade rules; and Establish new international trade rules under bilateral, regional, and multilateral agreements that provide further assurances in favor of the free flow of information on the Internet. This is an ambitious but achievable agenda. It offers opportunities for the U.S. government to better align the nation’s trade priorities with the global economy and, in turn, create new jobs and export opportunities for the U.S. It can also provide concrete incentives for other governments to reduce or stop the restriction and disruption of information on the Internet.


Crime and Control: Balancing Privacy and Law Enforcement


Ron Deibert, and Rafal Rohozinski. “Tracking Koobface: Meet Koobface, Facebook’s Evil Doppelgänger.” Globe and Mail. November 12, 2010.


Excerpt: “Cybercrime thrives not just because of ingenuity and lawlessness, but because of social media opportunities. Koobface (an anagram of Facebook) succeeds by mimicking normal social networking behaviour. It is like a digital amoeba, living parasitically on our sharing habits. It leverages the most successful of all age-old criminal techniques – our readiness to extend trust – with our eagerness to click on links. We have become conditioned into a world of intense social interaction. We click on website addresses and documents like mice clicking on pellet dispensers. And it is that conditioned tendency that Koobface exploits with precision”.

International Telecommunication Union. “ITU Toolkit for Cybercrime Legislation.” (Draft Rev. 2010).


Summary: The Toolkit aims to provide countries with sample legislative language and reference materials that can assist in the establishment of harmonized cybercrime laws and procedural rules. The Sample Language provided in the Toolkit, while not a model law, was developed after a comprehensive analysis of the laws of developed nations and the Council of Europe (CoE) Convention on Cybercrime. The Toolkit language is consistent with these laws and is intended to serve as a guide for countries desiring to develop, draft, or modify their own cybercrime laws. The Toolkit is intended to advance the global harmonization of cybercrime laws by serving as a central resource to help legislators, attorneys, government officials, policy experts, and industry representatives around the globe move their countries toward a consistent legal framework that protects against the misuse of ICTs.

Daphne Gilbert, Ian R. Kerr, and Jena McGill. “The Medium and the Message: Personal Privacy and the Forced Marriage of Police and Telecommunications Providers.” Criminal Law Quarterly 51.4 (2007): 467-507.

Summary: Businesses and law enforcement agencies in Canada are increasingly interested in learning who is doing what online. Persistent client state http cookies, keystroke monitoring and a number of other surveillance technologies have been developed to gather data and otherwise track the movement of potential online customers. Many countries have enacted legislation that would require telecommunications service providers (TSPs) to build a communications infrastructure which would allow law enforcement agencies to gain access to the entirety of every telecommunication transmitted over their facilities. Canada is considering doing the same. This article investigates the changing role of TSPs from gatekeepers of privacy to active partners in the fight against cybercrime. The authors argue that the legislative approach provoked by the Council of Europe’s Convention on Cybercrime and soon to be adopted in Canada will lower the threshold of privacy protection and significantly alter the relationship between TSPs and individuals.

David S. Wall. “Policing Cybercrimes: Situating the Public Police in Networks of Security Within Cyberspace.” (Revised February 2011) Police Practice and Research 8.2 (2007): 183-205.


Summary: The Internet and the criminal behaviour it transforms (cybercrime) pose considerable challenges for order maintenance and law enforcement because Internet-related offending takes place within a global context while crime tends to be nationally defined. Policing cyber-crime is made all the more complex by the very nature of policing and security being networked and nodal and also because within this framework the public police play only a small part in the policing of the Internet. In this paper it is argued that the future of the public police role in policing the Internet is more than simply acquiring new knowledge and capacity, but it is about forging new relationships with the other nodes within the networks of Internet security. These relationships require a range of transformations to take place in order to enhance the effectiveness and legitimacy of the nodal architecture. It will then be argued that some of the contradictions faced by ‘the police’ are being reconciled by the gradual reconstitution of a neo-Peelian paradigm across a global span, which brings with it a range of instrumental and normative challenges.


War and Control: Deterrence and Arms Control in Cyberspace


Ron Deibert. “Arms Control in Cyberspace.” New York Times. May 29, 2009.


Excerpt: “President Barack Obama announced on Friday his plan to appoint a new cybersecurity official to coordinate federal efforts to defend vital government and private computer systems from the onslaught of cyberattacks by computer hackers. The administration also plans to create a new military cybercommand that would be able to conduct offensive operations on enemy computers as well as defensive warfare, though those details were not unveiled. Does this approach adequately address holes that exist in cybersecurity? How much focus should be placed on increasing the military’s cyberwarfare capabilities?”

James P. Farwell, and Rafal Rohozinski. “Stuxnet and the Future of Cyber War.” Survival 53:1 (2011): 23-40

Summary: The discovery in June 2010 that a cyber worm dubbed ‘Stuxnet’ had struck the Iranian nuclear facility at Natanz suggested that, for cyber war, the future is now. Yet more important is the political and strategic context in which new cyber threats are emerging, and the effects the worm has generated in this respect. Perhaps most striking is the confluence between cyber crime and state action. States are capitalising on technology whose development is driven by cyber crime, and perhaps outsourcing cyber attacks to non-attributable third parties, including criminal organisations. Cyber offers great potential for striking at enemies with less risk than using traditional military means. It is unclear how much the Stuxnet program cost, but it was almost certainly less than the cost of single fighter-bomber. Yet if damage from cyber attacks can be quickly repaired, careful strategic thought is required in comparing the cost and benefits of cyber versus traditional military attack. One important benefit of cyber attack may be its greater opportunity to achieve goals such as retarding the Iranian nuclear programme without causing the loss of life or injury to innocent civilians that air strikes would seem more likely to inflict. Nevertheless, cyber attacks do carry a risk of collateral damage, with a risk of political blowback if the attacking parties are identified. Difficulty in identifying a cyber attacker presents multiple headaches for responding. A key strategic risk in cyber attack, finally, lies in potential escalatory responses. Strategies for using cyber weapons like Stuxnet need to take into account that adversaries may attempt to turn them back against us.

Michael V. Hayden, “The Future of Things “Cyber.” Strategic Studies Quarterly 5.1 (2011): 3-7.

Excerpt: “US Cyber Command has been in existence for more than a year, and no one familiar with the command or its mission believes our current policy, law, or doctrine is adequate to our needs or our capabilities. Most disappointingly—the doctrinal, policy, and legal dilemmas we currently face remain unresolved even though they have been around for the better part of a decade. Now is the time to think about and force some issues that have been delayed too long. This edition of Strategic Studies Quarterly, therefore, could not be more timely as it surfaces questions, fosters debate, and builds understanding around a host of cyber questions. The issues are nearly limitless, and many others will emerge in these pages, but let me suggest a few that frequently come to the top of my own list”.

Rex Hughes, “A Treaty for Cyberspace.” International Affairs 86.2 (2010): 523-541.

Summary: In the wake of the crippling cyber attack on Estonia’s internet infrastructure in 2007, several world powers announced their intentions to deploy offensive capabilities in cyberspace. As cyberspace evolves from a technology enthusiast’s domain into a global economic and military ‘battlespace’, the likelihood of a major interstate cyber conflict increases significantly. The article discusses why now may be the time for international society to begin working towards ratification of a global cyber treaty. It begins by reviewing the converging forces responsible for making cyberspace a dynamic zone of political and economic competition among states. It then examines the central debates surrounding how the laws of armed conflict may or may not apply to cyber warfare. The article concludes by arguing that given proper political support, a multilateral cyber treaty could prove an effective international instrument in preventing cyberspace from becoming the default platform for states seeking to settle conflicts outside the reach of customary international law and diplomacy.

Martin Libicki, “Cyberwar as a Confidence Game.” Strategic Studies Quarterly 5.1 (2011): 132-146.

Excerpt: “Is cyberwar the twenty-first-century version of nuclear war? Readers of the Economist, whose 3–9 July 2010 cover portrayed a digitized nuclear explosion in the midst of a city, could be forgiven for thinking so. The takeaway was obvious: cyber weapons are now the latest class of strategic weapons, they can do enormous damage to societies, and the first recourse against this threat should be some sort of arms control. Otherwise, the bad old days of strategic confrontation would be back, but this time with scores of countries and no small number of nonstate actors, transnational criminal organizations, and a few overindulged high school students having the requisite capability to build weaponry that can bring life as we know it to a prompt halt. Such a scenario could happen, but to see cyber weapons as primarily strategic in the same way as nuclear weapons is quite misleading. A more plausible strategic rationale for the United States’ developing cyber weapons is to make other states think twice about going down the road toward network-centric warfare as the United States is doing, thereby extending its lead in this area. Cyber weapons do so by making other states—already lacking confidence in their ability to handle high technology—doubt that their systems will work correctly when called on, particularly if used against the United States or its friends. This logic is explained in three parts”.

Mike McConnell, “Mike McConnell on How to Win the Cyber-war We’re Losing.” The Washington Post. February 28, 2010.


Excerpt: “The United States is fighting a cyber-war today, and we are losing. It’s that simple. As the most wired nation on Earth, we offer the most targets of significance, yet our cyber-defenses are woefully lacking. The stakes are enormous. To the extent that the sprawling U.S. economy inhabits a common physical space, it is in our communications networks. If an enemy disrupted our financial and accounting transactions, our equities and bond markets or our retail commerce — or created confusion about the legitimacy of those transactions — chaos would result. Our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy as well. These battles are not hypothetical. Google’s networks were hacked in an attack that began in December and that the company said emanated from China. And recently the security firm NetWitness reported that more than 2,500 companies worldwide were compromised in a sophisticated attack launched in 2008 and aimed at proprietary corporate data. Indeed, the recent Cyber Shock Wave simulation revealed what those of us involved in national security policy have long feared: For all our war games and strategy documents focused on traditional warfare, we have yet to address the most basic questions about cyber-conflicts”.