recommended reading

U.S. should lead by example in free and open Internet, advocacy group says

The United States should look at its own policies before criticizing countries such as the United Arab Emirates for banning BlackBerry e-mail, Web and messaging services for security reasons, according to one digital rights advocacy group.

The United Arab Emirates is blocking BlackBerry services because local officials cannot monitor messages, which are encrypted and routed overseas, for illegal activity or abuse. Pakistan already has a similar ban in effect and other countries -- many in the Middle East -- have threatened to do the same.

The State Department recently said it would seek clarification on why the United Arab Emirates decided to block BlackBerry services. But Gwen Hinze, international director at the Electronic Frontier Foundation, noted U.S. officials cannot expect other countries to support a free and open Internet when federal laws at home require a degree of regulatory control over citizens' digital information for security and law enforcement purposes.

"It is going to become increasingly difficult for the U.S. government to put pressure on other countries to protect their citizens' civil liberties, and the free and open Internet while the U.S. does not lead by example," Hinze said, echoing an Aug. 2 statement by United Arab Emirates Ambassador to the United States Yousef Al Otaiba.

Hinze pointed to the 1994 Communications Assistance to Law Enforcement Act, which requires the U.S. telecommunications industry to design networks and devices to make wiretapping easier. European regulators followed the United States' lead.

"As a result, as we saw last year, the Nokia-Siemens mobile phone equipment sold to Iran likely incorporated interception capabilities now available to [the Iranian] government," she said. "In a previous misguided effort, for many years the U.S. government banned the export of cryptography technologies that we now recognize are vital for secure communication by dissidents in repressive countries."

Hinze acknowledged the United Arab Emirates' ban could have negative consequences, but said U.S. lawmakers and regulators should understand they are setting the tone through domestic regulations.

"In our increasingly networked world, blocking U.A.E. residents' access to [manufacturer Research in Motion's] e-mail, messaging, and Internet browsing services will restrict their ability to seek and impart information and risks, putting them at a significant disadvantage in the global knowledge economy," she said.

Key questions that must be addressed, Hinze added, include whether access to certain customers' data by the United Arab Emirates' law enforcement community could be attained through a judicial process, and whether access could lead to "dragnet surveillance and indiscriminate decrypting" of all communications.

"No doubt RIM understands that [the latter] would obliterate the reputation of trustworthiness upon which its business depends," she said.

"RIM cooperates with all governments with a consistent standard and the same degree of respect," the company said in a statement on Wednesday. "Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries are unfounded."

The statement also noted the BlackBerry was designed to preclude any party -- its manufacturer included -- from reading encrypted data.

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.