Cyber Security and Emerging Threats Katherine Todd Society, Culture, and Security

Cybercrime and Security in our Digital Society

Recent multilateral efforts bring international law into cyberspace.

We are living in an increasingly digitized world. The internet, and its online environment known as cyberspace, have been around for decades now. The invention of the World Wide Web in 1989, however, revolutionized internet technologies and allowed for the creation of the websites people have come to know and love today. 

Internet use, and the number of uses for the internet, have rapidly expanded in the last three decades. In 1990, only half of one percent of the world’s population used the Web, in contrast to the 46% of the globe that used it in 2016. In Canada, only 29.4% of citizens had access to the Web in 1997, but in 2020 the proportion of Canadians using the Web increased to an astonishing 92%. So, why has there been this skyrocketing use? There has been a growing number of uses for the Web, such as e-commerce, social media, online maps, e-banking and more. The invention of the smartphone in 2007 accelerated the shift away from more traditional brick-and-mortar shopping, in-person communication, banking, etc., by allowing people to have convenient access to all of these applications virtually all of the time. 

Society and people’s daily habits have incrementally but fundamentally changed since the advent of the Web. Instead of reading the daily newspaper, now people check their Twitter feeds and online news websites. When people need to look up information, they tend to Google a question instead of going to a local library. Rather than going to the mall to buy clothes or books, someone can buy whatever they need on Amazon or other retailers’ websites and have items shipped to their home within days. When depositing a cheque or filing taxes, people rarely go to the bank or their accountant anymore. Most of these everyday activities are now performed online by people who often give little thought to whether their web history, searches, payment, banking, or tax information are actually safe in cyberspace.

This shift to spending more time online and using the Web as a tool for more facets of our life, however convenient or enjoyable it may be, does have a sinister side to it. When people make an account on websites like Google or Facebook, these sites collect user’s data and sell it to other companies. Governments use the internet to surveil their populations, and those of other countries. Cybercrimes, which include a variety of online misdeeds, have increasingly become a problem as well. From cyberattacks on government and corporate websites and data, to spam emails that prey on unknowing individuals, cybercrimes have become an insidious part of cyberspace.

Cybercrime is now an elaborate global industry with its own underground economy where stolen data is traded for profit. These criminal activities can threaten public safety as well as national and economic security. Due to the networked nature of the internet, cybercriminals can be located anywhere and attack their victims at any time. These criminals can be state-sponsored or independent actors. Since cybercrimes occur across borders, no single country can independently stop them. Instead, the international community must work together and coordinate an appropriate response.

Just last month, Canada announced that it, as part of a UN working group with other countries, is seeking to create a normative framework that defines what responsible state behaviour is in cyberspace. This multilateral effort aims to apply international laws to cyberspace; these international laws include the UN Charter, customary international law, and the obligations countries have to respect the sovereignty of other states. This means that countries would be required to refrain from meddling in the internal affairs of other states and targeting other governments’ websites, networks, or data. This proposed framework is voluntary and offers states guidance on how they should act online.

The application of international law in cyberspace is a path toward governing the internet globally to prohibit, require, and permit specific actions by states. International law is used this way to govern issues like climate change and arms control, where countries have drafted treaties to tackle significant international issues. The intention behind applying these laws is to enhance global security and stability. 

Various countries and organizations have affirmed that existing international law applies to the internet, but they have not dictated how. Although current international laws do not provide specific rules for how countries must act in cyberspace, the framework announced last month is a step in that direction. 

There are, however, two main critiques that can be levied against this new scheme. The first is that it will only apply international laws to state actors. As a result, individuals who commit cyber crimes will still be outside the purview of the agreement, leaving citizens and governments vulnerable to future attacks. The second detraction is that countries will have to abide by this framework voluntarily. The downside to the elective nature of this compact is that countries can easily opt-out of being regulated, rendering the agreed-upon laws largely unenforceable. Moreover, if countries continue to use the internet to meddle in each other’s affairs and infringe upon each other’s sovereignty, conflict is inevitable.

With the increasing use of the internet, especially during COVID-19 when many people switched to working or studying from home, society has become profoundly more digital. Unfortunately, cybercrimes have become commonplace in this digital landscape, putting individuals’ personal security and states’ national security at risk. 

Governments need to recognize the digitalization of society, its associated risks, and adapt their laws accordingly. The UN working group’s recently-announced framework is a step in the right direction, but more action is needed to rein in cybercrime. Countries need to come together to regulate themselves and their citizens to ensure that cybercrime is prohibited, and its perpetrators indicted, across the globe.

Photo: Image of desktop and laptop side by side via @domenicoloia on Unsplash, May 30, 2017, https://unsplash.com/photos/EhTcC9sYXsw

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Katherine E. Todd
Katherine E. Todd is a Junior Research Fellow at the NATO Association of Canada, a Master of Public Policy Candidate at the University of Toronto’s Munk School, and a Sub-Lieutenant in the Royal Canadian Naval Reserves. In 2022, Katherine was the host of a podcast called Voice Above where she’s interviewed expert guests about current affairs, a delegate at the Oxford Diplomacy and Geopolitics Forum and North American and Arctic Defense Security Network’s Emerging Leaders Week, and a journalist for the Varsity Newspaper’s Comment, Arts and Culture, and Features sections. In May 2022, she graduated with high distinction from the University of Toronto with a Bachelor of Arts with honours, specializing in political science and minoring in public law. Upon graduation she was awarded with the prize for top political science graduate, the Department of Political Science Leadership Award, and the University of Toronto's undergraduate Award of Excellence (the John H. Moss Scholarship). Katherine's research interests are in Quebec-Canada relations, nationalism and populism, migration studies, privacy and property rights, security, and public policy for emerging technologies. You can connect with Katherine at todd.ke@outlook.com or https://www.linkedin.com/in/kate-e-todd/.