The first official plenary session of the fourth annual Arab Internet Governance Forum covered the topic of Cybersecurity and Trust. Moez Chakchouk, chair of the session and CEO of the Tunisian Post, explained that blind trust comes before achieving cybersecurity, since we do not have all the necessary requirements to protect ourselves online.
The most important ideology, according to Chakchouk, is to preserve is the universal right to the freedom of expression, net access and privacy. Citizens using cybersecurity are hence building the freer future we are all working toward. Meanwhile, society and corporations must become more involved in cybersecurity debates in order to raise awareness and educate people about the issue.
Toni Issa, moderator and President and Founder of IPTEC Lebanon, said that we face many challenges in terms of free access to the internet, because of the different ways content can be used; on one hand lay human rights and freedom of expression and on the other patent and identity theft, not to mention confidentiality. There are many solutions that have been put forward to tackle such dilemmas, like for instance passing a common legislation for crime on a global level.
In addition, Faysal Bayouli, Director of International Cooperation, Tunisia, stated that his “interest in this conference [comes] from the reality that we live in, especially at this moment, with what the Arab region is going through and how it is affected” by internet freedom.
Quite a number of factors contribute, either directly or indirectly, to the failure to cybersecurity and trust. For example, data tampering, surveillance, data theft, falsifying information, and password-related threats are some of the darker facets of internet freedom. The protection of cybersecurity hence relies on confidentiality, integrity, and data availability, in order to achieve a safe cyberground, which all together increases trust globally and facilitates cyberwork.
Another speaker, Wassim El Hajjar, Lebanese Judge, began by stating that the Lebanese government has indeed formed an inclusive law, which has nonetheless not yet been passed by parliament. He added that since some countries require hard evidence for any infringement to be considered a crime, while others require that the crime violate their own laws, regardless of what it might be considered as in other countries, the issue of globalizing internet laws is more complicated than it seems. For instance, a judge in court may not be able to pass a ruling without enough concrete evidence, which can require the infringement of digital privacy all on its own. “As a judge, can I force someone to give me the password or encryption code to a program that they may not want to be accessed?”, asked El Hajjar. On a more practical level, the huge increase in the use of internet in the Arab world is not being met with strategies that set boundaries and ensure protection in order to compensate for the lack of equipment and other shortcomings.
Pierre Bonis, Deputy CEO of AFNIC France, focused on domain names. He started by asking the audience where they usually feel secure, and linked that back to domain names. His example illustrated the fact that trust and security are easier to build when we use localized domain names. When the user feels and knows that the internet and websites used are ruled locally, he knows that the point of entry is located nearby. In contrast, when he finds it difficult to access a certain website, he might use websites that are not at all secure. There is a balance to be found between security and trust on one hand, and the facility to use them on the other hand. When cybersecurity is espoused in France, they say “please update your computer” because it is the easiest thing a user can do. When we talk to the end user we say “patch everything you can do” and “don’t share your personal data: number, address, credit card number etc” unless it is safe in the URL bar.
Mongi Marzouk, VP Internet Governance and Digital Development at Orange France said that the internet is much more prone to problems than the rest of other telecommunication methods. The internet first has been used in the defense ministry then processed for other users.
Mohamad Malli, Chairman of IT department AOU Lebanon.
First, responsibility for cyber security is not restricted on one party, i think it is a top-down approach, starting from the government.
Second, if we were to look at the UK is has specialized two billion$ to fight the ISIS cyber attack who are seeking to recruit young individuals from the UK. The US considers that cybercrimes are enforcing a bad economy for example: some huge companies have lost a lot of money due to cyberattacks.
Therefore, it was said that it is very important to improve the youth’s experience in such fields when there is not enough space to raise awareness.