Proposer's Name: Ms. Isabel Skierka
Proposer's Organization: Digital Society Institute
Co-Proposer's Name: Mr. Sven Herpig
Co-Proposer's Organization: Stiftung Neue Verantwortung
Co-Organizers:
Isabel SKIERKA, Civil Society,Digital Society Institute
Sven HERPIG, Civil Society, Stiftung Neue Verantwortung
Session Format: Debate - 90 Min
Proposer:
Country: Germany
Stakeholder Group: Civil Society
Co-Proposer:
Country: Germany
Stakeholder Group: Civil Society
Speaker: Tatiana Tropina
Speaker: Zahid Jamil
Speaker: Maarten van Horenbeeck
Speaker: Msonza Natasha
Content of the Session:
This workshop will debate the motion „This house believes that governments should have authority, under certain circumstances, to ‘hack back’ devices which serve as attack tools in order to neutralize the threat posed to systems within their jurisdiction.”
Two teams of two speakers will each present statements favoring either very strict or loose safeguards concerning the motion. They will address government hacking, cyber security and related issues, such as civil liberties and human rights, encryption, technology vulnerability handling, and the future of internet security.
Consider the following cases:
- A peer-to-peer botnet consisting of hundreds of thousands of internet of things (IoT) devices is mounting unprecedented distributed denial of service (DDoS) attacks against critical infrastructure. They have already brought down a DNS service provider and threaten to attack hospital networks. The botnet can be rendered ineffective by remotely accessing and ‘hacking’ the IoT devices to make them unresponsive to the botnet malware.
- An online child pornography network is operating with Tor-hidden services in the dark net. The perpetrators’ identity and location are not known. The only way to identify them, break the child pornography network and put the perpetrators on trial is to indiscriminately and automatically install software on computers of all platform users worldwide through an unknown and unpatched exploit in the Tor browser bundle.
- A command and control server with an unknown location, probably on foreign territory, is spreading malware attacking critical infrastructure in a country.
These situations are not hypothetical. Similar cases have occurred over the past months and years, and will continue to occur in the future. In response to these new challenges, a growing number of governments are considering or already taking steps to authorize ‘hack backs’ by their law enforcement agencies (and the military) – albeit mostly under specific circumstances and with a warrant only. These steps are met with fierce resistance from experts, civil society, and politicians, who warn that the collateral damage in terms of security (e.g. through stockpiling of exploits) as well as a potential abuse of civil liberties and privacy through unauthorized access on individuals’ devices will outweigh any possible benefits.
Hence, the core question of this workshop is: should law enforcement agencies have the authority to hack back computer systems that pose a severe threat to individual and public safety, no matter where they are located, in order to protect their citizens’ and others’ security?
What would be the consequences for users, critical internet infrastructure operators and service providers, if governments start adopting rules allowing them to hack back more easily? Would this mean more or less collective security? What would it mean for international relations if governments across the world start hacking back without regard to jurisdictions? What could be an alternative?
AGENDA
5 minutes: The Chair introduces the speakers, context, and format of the debate. The Chair will pose the questions throughout the debate which each speaker has 4 minutes to respond to. The questions are provisional for now.
Question 1: Will an expanded practice of government hack backs result in more or less collective security?
16 minutes: Each of the four speakers has 3-4 minutes to respond to the question.
Question 2: Should governments refrain from expanding hack back authorizations and adopt alternative measures, if so, which ones?
16 minutes: Each of the four speakers has 3-4 minutes to respond to the question.
10 minutes: Speakers will respond to each other and specific points made throughout the debate. The Chair will facilitate the discussion.
20 minutes: The Chair opens the debate to all workshop participants. Participants can address questions to speakers which speakers have a maximum of 2 minutes to respond to. After 15 minutes, one speaker of each team will summarize the results in 1 or 2 minutes.
20 minutes: The Chair will open and moderate the debate among everyone. Each participant can make an intervention (original point or response) of a maximum of 2 minutes.
3 minutes: The Chair will briefly summarize and close the debate.
Relevance of the Session:
Cyber security is becoming an increasingly relevant Internet governance issue. Debates about 'hard' cyber security issues, including when governments launch computer based attacks against each other or third parties, have usually taken place behind closed doors. However, decisions about cyber security affect everyone, especially users, and the architecture of the internet as a whole. With this workshop, we aim to open up the debate about cyber security and specifically about the role of governments in the digital realm. We believe this debate is necessary in a multistakeholder format, as decisions taken about hacking today will affect the future online experience of every user on the internet, and the openness and security of the internet as a whole.
Tag 1: Cybersecurity
Tag 2: Human Rights
Tag 3: Cybersecurity Norms
Interventions:
The speakers will pair into two teams of two or three speakers each and present statements favoring either very strict or loose safeguards concerning the motion. All speakers are highly experienced in the field of cyber security and cross-border challenges for law enforcement, in particular, from their respective perspectives. The debate format allows speakers to frame their arguments as precisely and pointedly as possible from their respective perspective, but also keeping in mind more general aspects of the debate. Moreover, speakers will address both ‘pro’ and ‘contra’ aspects of the subject in question (expansion of government hacking authorities). Additional representatives from government or international organizations will be invited to join the debate.
The opening up of the debate after half of the workshop will ensure that speakers will actively discuss with workshop participants and be part of the broader debate.
Diversity:
The four speakers are renowned experts on cyber security, including human rights and technical security, and have written, spoken and consulted on this issue extensively. Coming from civil society, academia, the technical community and the private sector, and originating from Europe, Africa and Asia, they represent diversity in terms of stakeholder group and geography, as well as gender (with 2 female and 2 male speakers). Additional representatives particularly from government will be invited to join the debate.
Hence, the speakers will present diverse arguments and perspectives on the different and complex angles of the debate about government hack backs.
Onsite Moderator: Isabel Skierka
Online Moderator: David Krystof
Rapporteur: Lorena Jaume-Palasi
Online Participation:
The debate will be moderated by an on-site and by an online moderator. The event will also be promoted online in advance, including instructions on how to join the conversation remotely. The online moderator will ensure that online participants can directly communicate questions and statements to the Chair. The Chair will communicate via a laptop with internet connection. In the second part of the debate, every second or third question or intervention will come from a remote participant. The discussion will also be live-tweeted and remote participants can also join the discussion via Twitter.
Discussion facilitation:
The debate will be facilitated by the Chair of the debate. The Chair will first introduce the format, speakers and then actively moderate the debate. The Chair will also manage the allocated time among the two sides (see agenda). The first part of the workshop will be dedicated to a debate among speakers, inspired by the Oxford debating format. The second part of the debate will be ‘open floor’ among all participants of the workshop.
In the first part, speakers will answer to two questions, one after another and within pre-defined time slots of 3 to 4 minutes. Afterwards, the Chair will facilitate a 10 minute discussion among speakers in which they can respond to points made by the other teams in speeches of a maximum of 2 minutes. In the second section of the workshop, the debate will be opened to the floor. In the first 20 minutes of this part, workshop participants (on site and online) can address questions to speakers which speakers have a maximum of 2 minutes to respond to. During the last 20 minutes, the Chair will open and moderate the debat
