ASEAN cybersecurity pledge remains all talk

Despite a pledge to formulate measures against cyberterrorism and cyberattacks, countries in the Southeast Asian region have, so far, done little to actually implement any safeguards.

Emmanuel Lallana, executive director of the e-ASEAN Task force, made this claim during a forum held last week at the University of the Philippines. The forum dealt with the theme, “Constricting Cyberspace: Examining Internet Rights after 9-11.”

Lallana applauded a declaration to combat cyberterrorism signed by the 10 member-countries of the Association of Southeast Asian Nations (ASEAN) but complained that not much have been done since then.

At the end of the second ASEAN Telecommunication Ministerial Meeting that was held in Manila last month, all the ASEAN member-countries signed a declaration to fight cyberterrorism and ensure the security of ICT (information and communications technology) networks in the region.

“While there is already a formal commitment (to ensure network security across ASEAN), not much work has been done,” complained Lallana.

Under the Manila declaration, an ASEAN Network Security Coordinating Council will be set up to manage information and network security issues. A support group, composed of security experts, will also be formed to support the council and implement security measures.

Each ASEAN member also pledged to create national-level computer emergency response teams (CERTs) that will help prevent, detect and resolve security problems. These CERTs will then be linked to form an ASEAN-wide CERT.

Lallana explained that there has been no change in ASEAN policies despite the signing of the declaration against cyberterrorism. All of the member-nations are still focused on using the Internet for development causes.

He observed that almost all the ASEAN countries exercise some control over the Internet. Except for the Philippines, Singapore and Vietnam, most ASEAN countries, regardless of government structure, have put in place some measure of control on Internet content.

Lallana claimed these countries still try to put controls on the Internet knowing fully well that any Net-savvy 10-year-old can easily go around the measures that they have put in place.

Most ASEAN governments have no problems with their elite classes gaining access to the Internet, but most are concerned with giving Internet access to the masses.

Except for the Philippines, Singapore and Malaysia, ASEAN countries do not seem to have any strong commitment to popularize Internet access.

Singapore, which has the highest Internet penetration rate in the region, has 44 per cent of its population connected to the Net, Malaysia comes next with 14 per cent, followed by the Philippines with an over 6 per cent penetration rate. Indonesia, which has the biggest population in ASEAN, only has an Internet penetration rate of 1 per cent.

Lallana said there are urgent issues that must be resolved at the soonest possible time. One of these concerns improving Internet access, not just to ensure geographic balance, but also to ensure that both men and women are given equal access opportunities.

He suggested that the Philippines develop alternate modes of access such as using mobile phones, which are much cheaper than computers.

Lallana said another issue is the development of the capabilities of local citizens to enable them to use the network effectively. This could be done by integrating the teaching of Internet skills even in the elementary and high school curricula.

Local content must also be generated by each country, he said, to prevent harmful foreign ideas from being propagated among local Internet users.

A more complicated issue calls for setting in place legal and regulatory policies. In the Philippines, Lallana said there is certainly room for more regulatory rules, but what exactly should be regulated and how remain unanswered.

Lallana suggested that a framework should be used to guide policy formulation, so policy-makers do not just react to what people say the government should do.

The best way to come up with effective legislation is to look at four possible activity types as a guide, he said. These activities range from the dangerous (child pornography, misleading health care) to the fraudulent (hacking, deceitful business practice), to the unlawful and anarchaic (pornography, defamation, copyright violations), all the way to the inappropriate (harassment, hate sites).

For the longer term, Lallana said people can introduce innovations in the Internet, but they must not lose sight of the basic architecture of the network.

Quoting Lawrence Lessig, founder of the Standford Center for Internet and Society, Lallana emphasized that the Internet is an end-to-end network whose job is to transmit data without discriminating against any type of information. This neutrality allows the Internet to grow.

But as more innovations are introduced into this end-to end network, the basic architecture of the Internet is being threatened, he warned.

Broadband technologies, such as the asynchronous transfer mode (ATM) in particular, allow network operators to discriminate against certain types of data and set priorities. This discrimination will lead to the downfall of the Internet, Lallana said.

“This is dangerous because the moment you put in intelligence in the network, you can discriminate against certain uses, and, in effect, you’ll be putting in censorship and undermining innovation,” he said.