At Stockholm Internet Forum, Sweden’s collaboration with the US NSA on surveillance risks undermining its reputation as a defender of Internet Freedom.
(This article was first published on The Local.)
This week, for a third straight year, Sweden is hosting the Stockholm Internet Forum, bringing together 450 activists, experts and business representatives from over 90 countries for two days of discussions on “how freedom and openness on the internet can promote economic and social development worldwide”. Sweden’s Ministry of Foreign Affairs, its aid agency Sida, and .SE, the foundation responsible for Sweden’s Internet infrastructure, are sponsoring the event.
A year ago, it still felt necessary to justify why Internet freedom would be a topic worthy of an international forum. Not anymore — Edward Snowden took care of that in a spectacular fashion just a few weeks after last year’s conference, with his revelations of mass surveillance, targeted intrusions and cryptographic sabotage by the US in ways that far exceeded a legal mandate or stated aim.
Since then, the global repercussions of Snowden’s whistleblowing have placed Internet freedom squarely in the sights of mainstream media. And the balance of the debate has shifted, from censorship to a focus on privacy and surveillance — topics where the west’s record has proven far spottier. After Snowden, it’s clearer than ever that a citizen’s right to access and express ideas online is not complete without the defence of an equally important corollary: The right to privacy.
The theme of this year’s Stockholm Internet Forum has adapted to this new state of affairs: It’s “Internet — privacy, transparency, surveillance and control.” But even so, the forum is at a crossroads: How well it navigates three distinct challenges in the next few days and months will decide whether or not it can transition into a sustainable annual institution: These are 1) shifting national priorities, 2) international relevance, and 3) Sweden’s ability to continue projecting soft power among the cyber-activist civil society crowd.
The first challenge is a very possible change of government this coming September. Stockholm Internet Forum is the brainchild of foreign minister Carl Bildt’s longtime adviser Olof Ehrenkrona, who has crafted many of Sweden’s digital human rights initiatives over the past several years, and to whom credit is due for recognising early that Internet freedom is a defining issue of our time. The forum too has gained much of its prominence from Bildt’s sustained investment of his substantial international political capital in this project, but also from the government’s willingness to spend generously on gathering a highly dispersed bunch of people in Stockholm each year.
So the question becomes whether the Stockholm Internet Forum can survive the departure of these two men from the political stage. Behind the scenes, the talented team organising the forum should be able to move this project on to an institutional footing, but a new left-of center government come September might decide the project is an initiative by the right-of-center alliance, and wash its hands of it.
This would be a pity, if indeed the forum serves a genuine function. SIF does not exist in a vacuum: A growing number of global initiatives crowd the Internet governance landscape: The UN-sanctioned Internet Governance Forum aims to bring together all the major stakeholders in Internet governance — governments, corporations and civil society representatives. At the European level, EuroDIG fulfils a similar function. Brazil’s NETmundial conference, inaugurated a month ago as a direct result of Snowden’s leaks, also aims to forward a multi-stakeholder model for Internet governance focused on human rights. Like-minded governments talk to each other at the Freedom Online Conference, while more hard-nosed international telecommunications regulations are negotiated at intermittent ITU conferences. Non-governmental organisations compare best practices at Personal Democracy Forum in New York or Access’s RightsCon, while hackers congregate at venues such as the Chaos Communications Congress or Defcon… And this is just a fragmentary list.
Is there still room for SIF? Yes, and the reason why is hinted at in its list of participants: No other conference is so assiduous in championing the inclusion of civil society groups from the developing world and from authoritarian contexts — groups which otherwise do not have the independent means to take part in multi-stakeholder meetings. At SIF, these groups are able to build their networks to connect with the more established Internet governance stakeholders, which are also invited.
This unique role in broadening the reach of the conversation also plays to one of Sweden’s classic strengths — its ability to build and nurture networks of actors with aligned goals, based on its status as a soft-power superpower.
But herein lies the third challenge: Can Sweden maintain this reputation as a defender of Internet freedom among cyber-activists in the wake of documents leaked late last year by Snowden that reveal its signals intelligence agency collaborated with the NSA on a targeted hacking project?
The story, in short: Sweden’s signals intelligence agency FRA joined the NSA and the UK’s GCHQ in testing a man-in-the middle attack which aims to install malware on targeted foreign computer systems. By law, the FRA is only allowed to passively listen to cross-border signals, after gaining permission from a special court. Although the FRA possibly did not contribute to the intrusion part of the operation (instead forwarding promising signals as triggers for the others to act on) that is at best a case of following the letter of the law in order to blatantly flaunt it in spirit, in the guise of a collaborative effort.
This leak underscores how Sweden, like many other countries, practices a multifaceted approach to statecraft — from projecting soft power for the purpose of promoting human rights online, to secret cyber-security and defence operations rooted in realpolitik. These activities clearly tend to work at cross-purposes. It is important for the credibility of SIF that the organizers acknowledge this. Where to draw that line is very much a recurring topic of discussion at SIF, and as hosts Sweden should not be exempt from that scrutiny.
It has not gone unremarked that neither Snowden nor Glenn Greenwald or Laura Poitras, the journalists who first broke the story, will be attending SIF. It is important that the organisers acknowledge their work, even at the risk of bringing up FRA’s activities. Fortunately, there are ample opportunities for third parties to do so: As moderator, BBC HARDtalk presenter Stephen Sackur will have free reign to get to the heart of the matter, while a participant-led “unconference” is also set to converge on this issue.
Ideally, Sweden’s government would use SIF as a platform to demonstrate its own improving commitment to Internet freedom — for example, by publicly reporting aggregated data about the number of surveillance requests that are granted to FRA. And last year, Bildt became the first foreign minister to endorse a subset of ethical principles proposed by NGOs to constrain state surveillance. This year, why not announce an independent audit to see how well Sweden is complying? These are the kinds of concrete steps that would reassure participants at SIF that Sweden is indeed a committed proponent of Internet freedom, beginning at home.