A Human Rights Approach to U.S. Cybersecurity Strategy

After the Trump administration's apparent disregard for human rights over the past four years, President Joe Biden and his administration aim to strongly defend them. During his campaign, Biden stated, "When I am president, human rights will be at the core of U.S. foreign policy." The confirmation hearing of Antony Blinken, Biden’s secretary of state, solidified this as a goal. As the former vice chair of the board of Human Rights First, Blinken was a suitable choice to bring this vision to fruition. In the hearing, Blinken committed to working on strengthening multilateral efforts to defend human rights. This human rights approach to foreign policy should extend to cyberspace and state responses to cybersecurity.

With more and more examples of cyberattacks orchestrated by state actors, cyberwarfare and espionage are becoming critical issues for policymakers and military leaders worldwide. Notions of national security and how to best address cyber threats have dominated cybersecurity. After the SolarWinds hack was publicly acknowledged in December 2020, then-President-elect Joe Biden said he intended to make cybersecurity "a top priority." He added, "We have to be able to innovate, to reimagine our defenses against growing threats in new realms like cyberspace." This strategy, although justified, is also incomplete. Response to emerging cybersecurity issues, including threats, should not merely focus on building cyber defensive and offensive capabilities. Cybersecurity policies need to take seriously the human rights of individual users by putting people's empowerment and well-being at their center. Weaponizing a heavily populated civilian space has enormous implications for human rights. Individuals around the world are frequently at risk of human rights violations related to cyberspace.

The recent developments of Internet censorship tools and Edward Snowden's disclosures about the National Security Agency's global surveillance vividly demonstrate how Internet freedom, anonymity, and data protection are vulnerable. Government surveillance violates privacy and results in other rights violations, especially for human rights activists and journalists. The United Arab Emirates used hackers to gather evidence to convict Emirati activist Ahmed Mansoor who publicly condemned the country's involvement in Yemen, the treatment of migrant workers, and its crackdown on opposition voices. Jamal Khashoggi, a Saudi Journalist, was brutally executed in Turkey after hackers gathered information on his activities. Therefore, cybersecurity should expand its focus beyond merely addressing the security threats against the state and the private sector to put individual rights at its center.

Over the past years, there have been attempts at the national and international levels to address human rights concerns in cyberspace. Several cybersecurity laws and measures have been taken by individual countries, which could harm online speech and freedom of expression. China, Russia, and Vietnam have instrumentalized cybersecurity concerns, expanded their control over the Internet, and further restricted rights. Saudi Arabia has used its Anti-Cyber Crime Law to crack down on online speech and freedom of expression. International treaties to regulate state and non-state actors' behavior and establish human rights norms in cyberspace are essential for safeguarding human rights in this realm.

The Biden administration should lead the way for developing norms and codes of conduct, signing international treaties, and imposing regulations. It should lead efforts to establish treaties focusing on creating global human rights standards of conduct in cyberspace, especially when considering best cybersecurity practices. The treaties should also come with enforcement mechanisms to hold states and non-state actors accountable for violating these rights. However, these efforts to reinforce human rights best practices will only be successful if developed multilaterally. The administration should consult with all stakeholders, including the private sector, academia, and civil society. Consultation with civil society is essential for a human rights-centered approach. Through work with underprivileged and underrepresented populations, civil society is better equipped to understand top-down cybersecurity policies' human rights implications. The realm is also better equipped to provide suggestions for best practices.

A genuine human rights approach to foreign policy should also extend to Internet governance and U.S. efforts to secure cyberspace. As I highlighted earlier, framing the protection of human rights in cyberspace as a national security issue, while necessary, can also be problematic due to potential abuse. The Biden administration should promote a human-centric approach addressing digital human rights violations, Internet freedom, and data privacy to its cybersecurity agenda.

Dr. Anwar Mhajne is a Carnegie New Leader and an assistant professor in the Department of Political Science at Stonehill College. Her Twitter handle is @mhajneam and her website is https://www.anwarmhajne.com. This essay does not necessarily reflect the views of Carnegie Council.