Google gripe shows Ottawa’s cybersecurity ‘vacuum’

Published in CTV News

“The Google attacks were taken extremely seriously — more than just an incident of potential industrial espionage but a major body blow to the American political system,” said Ronald Deibert, a cybersecurity expert at the University of Toronto..

Google gripe shows Ottawa’s cybersecurity ‘vacuum’
original article here

Ian Munroe, News Staff

Updated: Sun. Mar. 7 2010 7:43 AM ET

For nearly two months, Internet users in China have been waiting anxiously to find out whether the world’s largest online search engine will close in their country.

As ecologist Xiong Zhenqin told the journal Nature recently: “Research without Google would be like life without electricity.”

The Internet giant announced in January it was reassessing whether to continue its operations in China, where 384 million people surf the Web under tight government controls.

Google discovered that hackers had broken into its popular Gmail application. The attacks appeared to originate from mainland China. The culprits were looking for information about Chinese human rights activists and that suggested government involvement, Google alleged.

Citing concerns over security, human rights and freedom of speech, the California-based company said it would either find a way to stop censoring its search results in China or leave.

Whether Google and Beijing are in negotiations is unclear, but the company has made no public decision on the matter. Meanwhile the cyber attacks, which Google said hit at least 20 other firms, have reverberated through Washington.

The U.S. National Security Agency probed where the hackers were based, tracing the attacks to servers in Taiwan, then reportedly to a pair of Chinese schools. U.S. Secretary of State Hillary Clinton also demanded that Chinese authorities conduct a thorough and transparent investigation.

“The Google attacks were taken extremely seriously — more than just an incident of potential industrial espionage but a major body blow to the American political system,” said Ronald Deibert, a cybersecurity expert at the University of Toronto.

Deibert is one of the people Google has been soliciting advice from in its dealings with China. He delivered a presentation about the rise of cyberspace control at Google’s headquarters a week before the company uncovered the hack. And officials informed him of their discovery before they went public.

Deibert told the hackers went one step further than was widely reported, ostensibly trying to access directories of data that Google collects, as required by U.S. national security laws.

The company tapped Deibert’s expertise after he co-wrote a 2009 study into cyber attacks against the office of the Dalai Lama. Researchers uncovered an extensive online spy network dubbed GhostNet that they traced back to China. It had compromised 1,295 computers across 103 countries — including some in Canada.

Domestic appeal

Deibert says Canada needs to confront the issues of censorship and government intrigue on the Web that incidents like the Google hack raise.

In a paper published on Feb. 22 by the Canadian International Council think-tank, he called on Ottawa to develop a cyberspace strategy that includes:

* Fixing Canadian laws that foreign governments could use to justify controlling the Web, such as with content filtering or online surveillance
* Scrutinizing whether Canadian technology exports are being used by foreign governments to restrict Internet access
* Encouraging “arms control in cyberspace” by, for example, proposing a UN treaty to make the Web more open and peaceful

The idea of “arms control” may seem extreme, but governments have started using the Internet to help them wage war.

During the 2008 conflict in Georgia, hackers took down key government websites in the capital of Tbilisi while Russian tanks rolled across the border. Military powers including France, Israel and the U.S. have adopted such cyberwar tactics as part of their defence policies.

The Internet is “entering a dangerous and chaotic phase, essentially a cyber-arms race,” Deibert said, and that’s led to spiralling computer espionage and computer network attacks.

“We need at least some government to stand up and say ‘how are we going to restrain this?'”

Policy ‘vacuum’

Stephen Harper’s Conservative government pledged, in this week’s throne speech, to create a cybersecurity strategy that would protect Canada’s “digital infrastructure.”

So far, however, there has been a “surprising vacuum in Canadian policy around cyberspace generally,” Deibert says.

Ottawa has been considering legislation on the issue. “The Investigative Powers of the 21st Century Act” was tabled last June. It proposed that Internet service providers be required to hand over data and personal information about their customers to police. But the bill hadn’t become law by the time Parliament was prorogued.

The federal government’s existing cybersecurity efforts are organized around Public Safety Canada. For example, CSIS and the RCMP’s technological crime unit probe Web-based threats or attacks and report to Public Safety.

The department is also “leading cross-government efforts to produce a cybersecurity strategy,” David Charbonneau, a spokesperson for Public Safety Canada, told by email.

The strategy will incorporate input from private companies and foreign governments, Charbonneau wrote, “and will build on significant efforts that have been underway.”

Meanwhile south of the border, U.S. President Barack Obama appointed a White House cybersecurity co-ordinator in January. The U.S. Department of Homeland Security created a similar position in 2005, and Washington unveiled a national cybersecurity plan in 2008.

As governments in North America and elsewhere develop policies on cyberspace, they’re influencing how the Internet will evolve.

“The dominant trend right now is the growing militarization of cyberspace,” Deibert said. “That leads down a path towards islands of territorialized Internet that are not connected to each other.”

“Another path I’d prefer to see is one where there’s perhaps a treaty articulated by countries of the world that lays out basic principles for how cyberspace should be governed,” he added. “Hopefully that would be in an open, public way.”

For the time being, efforts to keep the World Wide Web peaceful and open are centring on China, which passed a new round of Internet controls last week.

Without an international cyberspace treaty, the U.S. government is considering whether to lodge a complaint about China’s online censorship with the World Trade Organization.

But China isn’t alone. The list of countries where Internet censorship has become a hot-button issue has grown to include democracies like Germany, France and Australia.

original article here