Digital Policy

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. Just let me banya with the FSB in peace. The U.S Senate is looking to shut out Kaspersky from bidding on U.S. military contracts, triggering an angry response from Russia. The move comes amid renewed scrutiny of the Russian cybersecurity company, which has been accused for years of being too cozy with Russian intelligence services. In an attempt to assuage U.S. concerns of a back door in its products, the Associate Press reports that Kaspersky has offered to let the U.S. government audit its source code. However, that probably won't change much given that many in the U.S. intelligence community have stated on the record that they don't trust Eugene Kaspersky and his company. Kaspersky's defenders point out that accusations of "ties" with Russian intelligence ring hollow given the number of former NSA and CIA officials who work for Symantec, FireEye, and Crowdstrike. 2. Is this to protect us or spy on us? Privacy International is accusing the Kenyan government of using recent cybersecurity investments as a cover to increase surveillance on opposition groups in the lead up to next month's elections. The country's intelligence service has been developing two projects--the Network Early Warning System and the National Intrusion Detection and Prevention System--aimed at improving the country's threat detection and incident response capabilities. Privacy International and Kenya's main opposition party argue that the monitoring capabilities of both programs could make domestic surveillance easier and that they lack a clear legislative framework. The Privacy International report coincides with Kenyan communications authority's publication of regulations for political or election-related content on social media. According to the New York Times, countries in the region have resorted to cutting off social media access during elections, and the Kenyan opposition fears that the government could do that same to increase its odds of staying in power.  3. Sorry Apple, you're going to have to do better than that. Vice is reporting that Apple's new bug bounty program is struggling to get off the ground. After years of criticism, Apple finally launched a bug bounty program last summer, where hackers can sell hardware and software flaws they find in Apple products to the company instead of selling them on the open market. However, it would seem that Apple's ceiling price for a bug ($200,000) is less than what the market is willing to sell it for. Apple bug hunters can sell some iOS vulnerabilities for over a million dollars to the right buyer, such as an intelligence agency or a company that sells surveillance and forensics software, like Cellbrite, NSO Group, and Gamma. If Apple really wants to crack down on the vulnerability market for its products, it's going to have to pay up.

CEOs and their boards of directors should pay more attention to the cybersecurity risks that could devastate their business.

This week: NotPetya, Canada orders Google to take down search results, and Facebook's algorithm for removing hate speech.

U.S. tech firms have always found the European market a tricky one to navigate. Germany's new social media law is the latest challenge they will have to overcome.

This week: the Obama administration's struggle in responding to Russia's cyber operations in the 2016 election, new laws in Canada and Germany, Mexican spying, and a data embassy for Estonia.

This week: the actors behind the 2016 blackout in Eastern Ukraine, internet censorship in Africa, North Korea, and modernizing NAFTA.

Guest contributor Milton Mueller examines whether a global and interconnected internet is truly under threat of being "Balkanized."

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. Hackers are misunderstood because they're artists. Russian President Vladimir Putin hinted that "patriotic hackers" based in Russia could have played a role in the hacking of last year's U.S. election. In an interview with Russian reporters in St. Petersburg, Putin said that hackers "are like artists" that pick their victims based on how they feel "when they wake up in the morning" and their understanding of "interstate relations." Previously, Kremlin officials had consistently denied that Russia had anything to do with the compromise of the Democratic National Committee (DNC) and other entities. This new line of defense could allow the Kremlin to distance itself from allegations of Russian election meddling if evidence surfaces of links between members of the Trump campaign, Russia's sizeable hacker underground, and the hacking of the DNC. Putin's remarks came a few days before the Intercept published a leaked National Security Agency report asserting that Russian hackers, in the three months leading up to the election, spoofed emails to local government officials to gain access their voting systems’ software. 2. Cyber sovereignty in the United Kingdom. In response to the London Bridge terrorist attack, British Prime Minister Theresa May called for international agreements to “regulate cyberspace to prevent the spread of extremist and terrorism planning.” May argued that the internet provided a safe space for terrorists to spread their ideology and coordinate attacks. It is unclear how May will reach her goal. As the New York Times points out, the country's recent Investigatory Powers Act already gives law enforcement and intelligence agencies vast authority to monitor Britons' communications, some of which with minimal judicial oversight. Moreover, Facebook and other social media companies do not want terrorist content on their platforms either, given that it's clearly bad for business and are under significant pressure in the United Kingdom and elsewhere to take it down quickly. Finally, it is hard for May to advocate for cyberspace regulation when her own Foreign Office views China's approach to cyber sovereignty skeptically or argues against new cyber treaties. 3. Hackers-for-hire fuel cyber intrigue in the Middle East. Behind the scenes cyber intrigue has played a prominent role in this ongoing standoff between Qatar and Gulf Cooperation Council (GCC) countries, led by Saudi Arabia and the United Arab Emirates, who decided to cut off diplomatic relations, travel, and trade with Qatar early this week. The dispute is believed to have been sparked by a story that appeared on Qatari state media in which the emir of Qatar was quoted criticizing neighbors and commending Iran. The news article appears to be a fake planted by hackers—raising the question, who planted the story and why? According an Federal Bureau of Investigation official quoted in the New York Times, Russian hackers-for-hire are the likely culprits, some of whom have a history of freelancing for Gulf states, suggesting the hacking is part of an ongoing disinformation campaign that has shadowed the diplomatic dispute between Qatar and its neighbors. 4. Fixing mutual legal assistance in Europe. In an interview with Reuters, European Justice Commissioner Vera Jourova said that the European Union will consider three proposals to improve law enforcement's ability to gather evidence from online service providers in the course a criminal investigation. Currently, obtaining digital evidence across borders can be long and cumbersome, and the EU's proposed reforms would speed up the process, known as mutual legal assistance. The reforms under consideration include allowing one member state to directly request evidence from a provider located in another member state and requiring service providers in Europe to comply with member state requests for assistance. The reforms could undoubtedly help European law enforcement when the data sought is located in the EU, but much of the data generally requested from Facebook, Google, and others is located in the United States--beyond the reach of the proposed rules and its own separate can of worms. Jourova anticipates to propose the new rules sometime in early 2018.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. French Cyber Chief Warns of Permanent War in Cyberspace. In a wide-ranging interview, Guillaume Poupard, the head of the French cyber defense agency, ANSSI, warned that cyberspace is approaching a state of “permanent war” between states, criminals and extremist. Poupard’s warning echoes remarks made by National Security Agency Director Adm. Michael Rogers, who recently commented before the Senate Armed Services Committee that states are resorted to “cyber effects” as a means of “maintain[ing] the initiatives just short of war.” Poupard's interview comes shortly after Russian affiliated APT28 allegedly dumped emails from the presidential campaign of Emmanuel Macron. On alleged Russian interference in the election, however, Poupard responded cautiously. “To say ‘Macron Leaks’ was APT28, I’m absolutely incapable today of doing that,” he said. Poupard contrasted the commonplace methods used to hack the Macron campaign emails from the highly sophisticated means employed in the cyberattack on TV5 Monde in 2015, which used “very specific tool” attributed to APT28. 2. It’s Finally Here! China’s long awaited Cybersecurity Law went into effect this week. The legislation marks the culmination of a multi-year  effort to secure China's domestic networks, which gained urgency after the Snowden documents revealed the extent to which U.S. intelligence had penetrated foreign networks. Successive drafts of the law have riled foreign internet and tech companies. In particular, the law’s strong data localization provisions and requirement that technology and internet products in critical industries be ‘secure and controllable’ will likely disadvantage foreign companies, raising the cost of operating in China and exposing their data and intellectual property to industrial espionage. However, as the law goes into effect, the biggest issue for foreign companies is how little they know about the law. Indeed, the law is a “keystone in an arch” – more of a rough sketch than a concise plan – and many details of the law’s most consequential provisions have yet to be released. While Chinese officials offered an eleventh-hour reprieve to foreign companies by delaying the implementation of a controversial cross-border data transfer provision, there’s a sense among foreign companies that the Cybersecurity Law is all-around bad news. 3. Phish Tweeting? Tweet Phishing?The New York Times reported that defense officials and cybersecurity experts are increasingly worried about malicious files buried in URLs sent over social media. Traditionally, cybersecurity training warns users to think twice before opening a link in a suspicious email. This method of transmitting harmful files, known as “spear phishing,” is one of the most common ways of breaching cyber defenses. However, the threat of spear phishing is no longer limited to emails. As Time reported, Russians hackers sent tailored messages with malicious links to 10,000 Twitter users during the 2016 presidential election. Facebook said in a recent white paper that the company was using a detection system to warn and educate users about spear phishing attempts. 4. Intrigue in South East Asia. On May 14, the Intercept and Washington Post reported on transcripts of a call between U.S. President Trump and his Philippines counterpart Rodrigo, which leaked to the media. The reports focused on Trump’s effusive compliments of Duterte and unusual disclosure of the location of a U.S. nuclear submarine. However, as the Cyber Scoop reported this week, there’s more to the story. The leaked transcripts appear to be the work of APT32, a unit attributed to the Vietnamese government. Vietnam has been concerned about Duterte’s warm relationship with China and stated willingness to negotiate a bilateral settlement to the South China Sea dispute, which could hurt Vietnamese interests. The leaked documents, which also include notes from a private conversation between Duterte and Chinese President Xi Jinping, could signal a broader Vietnamese cyber-espionage campaign against the Duterte government.

Corinne Cath is a doctoral student at the Oxford Internet Institute and the Alan Turing Institute. You can follow her at @C__Cath. The African Network Information Center (AFRINIC) – the technical non-for-profit organization responsible for allocating and registering internet number resources, including Internet Protocol (IP) addresses – is considering a proposal that would deny IP addresses to governments that order internet shutdowns. In a statement, the authors of the proposed AFRINIC policy said: “While the authors of this policy acknowledge that what is proposed is draconian in nature, we feel that the time has come for action to be taken, rather than just bland statements that have shown to have little or no effect.” This move comes after the Cameroonian government shut down the internet in its Anglophone regions for several months. Broadly speaking, governments are increasingly displaying an adversarial stance towards the Internet and hitting the internet ‘kill switch’ during periods of upheaval or political dissent. Human rights organizations tracking internet shutdowns found that in 2016 there were over 50 shutdowns, more than double the number of 2015. Although the AFRINIC proposal is unlikely to be adopted in its original form, the proposal raises the question of how technical actors should respond to repressive government practices. Various political entities, including the United Nations and multiple NGOs, condemn internet shutdowns. While these political actors cannot prevent countries from turning off the connection, technical actors, like AFRINIC, have the power to at least make African governments think twice before taking such measures. Since African governments are dependent upon AFRINIC for IP addresses, if AFRINIC stops providing them, the impact would be felt immediately, stifling both the digital economy and growth of local networks. The internet has brought about a fundamental change in which actors are expected to shoulder what responsibility, for which public interest issues. Specifically, the power of technical internet actors to enter political debates is changing as the internet becomes essential to the basic functioning of society. Still, blocking certain governments from essential internet resources – like IP addresses – is an unprecedented act, and not without risk or controversy. Two concerns stand out, in particular: first, should a technical organization take on such a political role? Second, would the proposed policy undermine the overall technical stability of the internet? AFRINIC is not the only technical actor grappling with these issues. In recent years, various technical organizations – including the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Engineering Task Force (IETF), and the Institute of Electrical and Electronics Engineers (IEEE) – have worked on defining their responsibility to respect human rights. Their approaches vary, both in substance and effectiveness. Some technical organizations lean heavily on Corporate Social Responsibilities (CSR) schemes, others on the UN Sustainable Development Goals (SDGs), and still others apply the UN Guiding Principles on Business and Human Rights (UNGPs) to their work. These latter principles have the advantage of being squarely rooted in international human rights law. They provide technical actors with clear guidelines for understanding and mitigating potential negative impacts their work might have on human rights. Whether technical actors like it or not, they can no longer ignore that their work has an impact on public interest issues such as human rights. This brings us back to AFRINIC. Considering the responsibility of technical actors towards human rights in the Internet Age, the proposed AFRINIC policy can be considered a positive development. It presents a very real and actionable sanction to prevent governments from hitting the internet ‘kill-switch’. However, at the same time, it’s worth considering the risk and consequences of withholding IP addresses. Should we really allow technical actors to hold critical Internet resources hostage when they disagree with certain political decisions? We can all get behind condemning Internet shutdowns, but what if technical actors take action on contentious issues, like copyright or law enforcement’s use of the Internet? Do we really want technical actors to play a deciding role in these kinds of debates? There’s also the question of a striking a balanced response. Because the internet is a network-of-networks, what happens in one locality will impact the entirety of the net. If a technical response or sanction is not measured, technical actors run the risk of responding in a way that is equally bad, or worse, for internet access than the policy they are trying to fight. Before taking dire (but perhaps necessary) steps to prevent governments from enacting internet shutdown policies, technical actors like AFRINIC should undertake an impact assessment of how their own policies to prevent shutdowns impact both the ability of individual African end-users to access the internet and the technical stability of the internet. The UNGPs provide a strong method for doing such impact assessments as they relate to the human rights questions underlying internet access. A good impact assessment for technical stability remains to be formulated and could benefit from further research. One thing is clear. The thorny questions surrounding the responsibility of technical actors and how they should react to repressive political decisions will continue to surface as the internet becomes increasingly integrated with our society. The AFRINIC proposal is a logical step towards providing an answer, but runs the risk of overshooting its target at the expense of everyday internet users.  

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. WannaCry: Assessing the Damage. Countries are still reeling from a ransomware attack that compromised companies, banks, hospitals, and university networks around the world using a Microsoft Windows exploit. The media is calling WannaCry the biggest cyber attack to date, and cybersecurity experts and government officials are still assessing the damage. Countries like China and Russia where software piracy is rampant were particularly hard hit, since computers using unlicensed copies of Windows were not prompted to download an emergency update that patched the vulnerability. In the United States, some officials declared a cautious victory on Friday, saying that “aggressive” efforts to push patches and strong “blocking mechanism” defending federal government systems helped the United States avoid the worst of WannaCry. In addition, the U.S. unintentionally benefited from a stroke of luck: Last Friday, while Americans were still sleeping, a British cybersecurity researcher found a “kill switch” in the ransomware’s code, buying time for U.S.-based computers to install the patch. While the worst of WannaCry might be over, the Shadow Brokers, a group responsible for dumping the NSA hacking tools used in WannaCry, promised to leak more stolen exploits and data on a monthly basis. Meanwhile, there is some evidence that the actor behind WannaCry is the same North Korean-sponsored hacking group behind the 2014 Sony Picture hack. 2. ...And the Blame Game Begins. When the WannaCry ransomware worm fanned across the web last Friday, fingers immediately pointed towards the NSA, which originally developed and used the exploit for intelligence gathering. Microsoft President Brad Smith led the charge, calling WannaCry a “wake-up call” for governments and blasted the NSA for stockpiling vulnerabilities. Around the world, government officials vented against the NSA. Chinese state-media even chimed in, comparing WannaCry to the terrorist hacking in Die Hard 4, and blaming the US for developing the exploits in the first place. Microsoft did not escape blame either. Despite patching the vulnerability in Windows a month before the Shadow Brokers published the hacking tools online, Microsoft resisted providing the patch for free to older versions of the operating system, which would’ve immunized many computers from the WannaCry attack. While the company ultimately relented, providing the patch to machines using unsupported versions of Windows last Friday, Microsoft still requires users of older systems to subscribe to a “custom” support service that can cost up to $1000 a year per a device for the latest updates. In Congress, the WannaCry attack prompted a rare bipartisan effort to reign in how the NSA uses software vulnerabilities. The PATCH Act would update the opaque vulnerabilities equities process (VEP) with a legal framework and review board to decide when vulnerabilities are disclosed. The bill received praise from experts, the private-sector, civil liberties groups. 3. Welcome to the Big Leagues. A new FireEye report says that OceanLotus, or APT32, is “aligned with Vietnamese government interests,” making Vietnam one of the first small countries to harness large-scale cyber espionage for state objectives. The report documents how APT32 targeted private sector companies, media outlets, dissidents, and governments across Europe and Asia since 2014. The Vietnamese government appears to use hacking to silence dissent, keep tabs on companies, as well as counter its bigger neighbor, China. APT32 was first identified by Chinese cybersecurity firm Qihoo360 in 2014 in connection with the hacking pf state-owned companies working in the South China Sea, where China and Vietnam have a territorial dispute. 4. Is Great Britain Next? U.K. politicians are raising the alarm that Russia might interfere in the country’s upcoming election. In an interview on Wednesday, U.K. Foreign Minister Boris Johnson said there’s a “realistic possibility” of Kremlin meddling in the U.K. election. In addition, GCHQ’s National Cyber Security Centre (NCSC) issued guidance this week on how candidates and politicians can defend themselves against hackers. Whether or not Russia has an interest in swinging the election outcome, Kremlin influence has become synonymous with information operations. Russian state-sponsored hackers most recently dumped email from Emmanuel Macron’s campaign on the eve of the French presidential election. Meanwhile, the U.S. is still picking apart the details of Russia's information operation to influence the outcome of the 2016 presidential race.

Nani Jansen Reventlow is a human rights lawyer with Doughty Street Chambers in London and a Fellow at the Berkman Klein Center for Internet & Society at Harvard University. You can follow her @InterwebzNani. A court case in France might drastically change what information individuals can access online. The case is pending before the French Council of State—France’s highest court—and concerns a “right to be forgotten” dispute between Google and the French data protection authority, CNIL. In 2014, CNIL ordered Google to remove twenty-one links from its search results (a process known as delisting) based on a right to be forgotten claim of a French citizen. Under EU law, Europeans can petition a search engine to remove links about them if they believe the links refer to information that is “inaccurate, inadequate, irrelevant, or excessive.” Google implemented the delisting request by making the content inaccessible from all its European Union and European Free Trade Association domains, not only by removing the links from search results on local search sites (e.g., google.fr, google.de, google.ch), but also by blocking the links from search results to European users accessing non-European search sites, such as google.com. However, according to CNIL, this is not enough. CNIL argues the links have to be made unavailable not only in France and Europe, but worldwide. At the center of the dispute lies the question of jurisdiction and the basic premise that every country should regulate matters within its own borders, unless there are exceptional circumstances. Such exceptional circumstances in the offline world are matters that qualify as so-called peremptory norms of international law, issues on which there is a consensus amongst states, such as the obligation to prosecute piracy and the prohibition of slavery and torture. In the online world, there is consensus on the illegality of child pornography, and one might argue that there is a substantial degree of consensus in the field of copyright. There clearly is no such consensus, however, on the meaning of the “right to be forgotten.” Since the Court of Justice of the European Union handed down the Costeja decision establishing the concept in 2014, the scope and meaning of the right to be forgotten has been interpreted in vastly different manners by national courts. A right to be forgotten claim therefore does not provide sufficient legal basis for the data protection authority of one country to determine the accessibility of online content in another. In addition, there is a justified fear that condoning CNIL’s conduct will set a dangerous precedent by opening the door for national authorities worldwide to impose global restrictions on freedom of expression based on standards that are solely grounded in domestic law. There are examples abound of governments trying to police online content in an overly restrictive manner. Giving CNIL the green light will provide online censors convenient precedent to hide behind. In addition, it will create incentives for intermediaries to err on the side of caution when dealing with future delisting requests and make them inclined to accept requests that are overly broad in geographical scope, especially if they don't have the capacity or resources to challenge them. The sheer number of opinion pieces, critiques, and amicus briefs filed in the proceedings in France are a testament to this court case’s potential implications. This week, a coalition of eighteen organizations from the global South filed their submissions, arguing that CNIL’s order is an overly broad restriction of the right to freedom of expression that affects the rights of those seeking information beyond France's borders. This last point is poignantly illustrated by the presence of a number of interveners from francophone countries amongst the coalition. While CNIL’s efforts in protecting the interests of a French citizen may be well-intentioned, the Council of State should be mindful of the implications of its decision in this case, as they extend far beyond the individual who wants their information removed from the web. The internet's brilliance as a shared global resource lies in making content posted by a person in one place available—through a search engine of their choice—to everyone, everywhere, with an internet connection. If the French court is not careful, we may all soon wake up to find the internet an eerily empty place.

Joakim Reiter is the former deputy secretary general of the UN Conference on Trade and Development. Trade, and its phenomenal expansion in the last two decades, has been decisive for lifting more than one billion people out of poverty. Yet, judging from the current debate on global trade, this basic fact seems to have been forgotten. Even some Western democracies, traditionally the biggest proponent of trade, seem increasingly lukewarm—in a few cases, reluctant—to keeping their borders open to goods and services. Trade skeptics argue the benefits of trade have not been equitable. They have a point. Though some consumers have benefited, large companies have gained the most from global integration, and account for the vast majority of world trade. Small and medium enterprises (SMEs), women and rural communities have often been less fortunate. However, the imbalance is not due to excessive globalization. On the contrary, those on the margins have not been able to benefit because they lack the capacity to fully participate in global trade. The internet and digital technologies are game-changers. Digital trade, or e-commerce as it is usually called, is growing rapidly. Estimates show that in 2015 it amounted to a staggering $22 trillion. Rich nations are leading the way, but others are not far behind. In China, over 400 million people participate in e-commerce—ten times more than in Germany. The value of all goods traded on China’s Alibaba has, in the last four quarters alone, been equivalent to the GDP of my home country Sweden. Far more companies, especially SMEs, have also become exporters through internet-based trade, almost accidentally. According to eBay, some 95 percent of the U.S.-based SMEs that sell their products on eBay’s platforms have ended up exporting their merchandise. Of these, the majority of SMEs exported their products to four or more continents. These companies have also faster growth and survival rate than the national average, even higher than for traditional exporting enterprises. The lack of borders on the internet makes it easier to overcome the many borders and other hurdles that still apply to physical trade. And this is true for trade between countries, and equally true for trade within countries, which matters a lot. Increased productivity and employment opportunities in rural areas though domestic trade creates more equitable societies, reduces unsustainable pressures for urbanization, and combats poverty. The former pig-farming village of Dong Feng in China is an excellent example. In 2006, a young village entrepreneur established an online store to sell furniture, inspired by Ikea. Within four years, furniture production had boomed and, with it, cotton refinement as well as three hardware stores, fifteen logistics and distribution companies and seven computer stores. Today, the village and its surroundings host no less than 400 online stores that sell merchandise within China and abroad, to a value of $50 million annually. What is more, e-commerce is already leaving its mark on global trade. Since the 2007 financial crisis, world trade has struggled to recover. In fact, if trade continues on its current trajectory for the next few years, this decade will have had the slowest pace of trade growth measured since World War II. There are, however, a few exceptions to this generally bleak picture. Business to consumer e-commerce is growing at double-digit rates and show no signs of slowing down. Thanks to internet-related trade, there is an enormous opportunity to make tomorrow’s trade more inclusive and to break the current pattern of slow overall trade growth. But there is much to do to fully tap this potential. The gaps between rich and poor citizens, communities and countries are still large when it comes to readiness for e-commerce. Whereas 70 percent of consumers in United Kingdom have bought things online, only 5 percent of consumers have done so in a number of emerging economies. And it is even less among consumers in the poorest countries. Countries should take a number of actions to build a business environment that better utilizes the internet and mobile communications, especially in rural communities and poorer countries. They should, among other things, adopt policies that foster competitive ICT-infrastructure, efficient payments solutions, modern customs, and adequate legislation on consumer protection and data. It is doable. And the good news is, when the right conditions are in place, leapfrogging is possible. M-Pesa, the mobile-based money transfer system, has succeeded to revolutionize financial inclusion, especially in Kenya. Digital solutions can bring significant benefits to far more people and far more cost-efficiently than in past. And the benefits are not limited to ICT-services, or even services at large, but also play a critical role for the future of manufacturing and agriculture. Global e-commerce is in its infancy, but it is already altering how countries trade with each other. It is making traditional hurdles such as geography, size and capital-endowments far less relevant for a country’s successful integration into world economy. It offers both new growth prospects and more inclusivity from trade. Putting serious efforts in unleashing its full potential is a no-brainer.

RightsCon takes place later this month in Brussels. Since its inception in 2011, RightsCon has been one of the primary gatherings where human rights activists, politicians, technologists, scholars, and businesses discuss issues at the intersection between human rights promotion and the internet. Unlike previous iterations, the stakes for this year’s event are undeniably higher given the current disruptive political environment that threatens human rights in real space and cyberspace. Today, reading the RightsCon report from the 2016 meeting is surreal given what has transpired since. Brexit and Donald Trump’s election sent shock waves through the domestic politics of democracies, creating a tsunami of nationalism and populism in Europe and the United States dangerous to individual rights and international cooperation needed to protect rights globally. The post-coup crackdown in Turkey became emblematic of rising government repression around the world. In its report for 2016, Amnesty International argues “the world in 2016 became a darker and more unstable place.” Last year, “the idea of human dignity and equality,” asserts Amnesty International, came “under vigorous and relentless assault from narratives of blame, fear and scapegoating, propagated by those who sought to take or cling on to power at almost any cost.” This global assault involved repression of online speech and political activity. Freedom House concluded that 2016 marked the sixth consecutive year internet freedom has declined. Last year also witnessed governments, political parties, media entities and personalities, and individual leaders exploiting cyberspace to spread fear, deepen political divisions, incite intolerance, and disseminate false information. The “fake news” problem grew so bad that it became an urgent human rights challenge. The Russian “hack and leak” campaign during the U.S. election has alarm bells ringing about cyber-meddling in democratic elections, a development endangering the importance the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights assign to voting. Compounding these problems are fears that nationalism and populism in democracies threaten the liberal international order built after World War II. This angst usually focuses on risks President Trump’s “America First” strategy presents to the military and economic pillars of this order just as China and Russia challenge American influence. But weakening the order also bodes ill for human rights. According to Robert Kagan, the liberal order supports “universal principles of individual rights . . . over ethnic, racial, religious, national, or tribal differences.” As frustrated as human rights advocates get with the liberal order, its fracturing would be a human rights nightmare in real space and cyberspace. These seismic changes in domestic and international politics disrupt the contexts in which human rights problems must be addressed. The list of human rights issues in cyberspace was long and growing before the events of the latter half of 2016 and early 2017 unfolded. Earlier RightsCon meetings reflect the daunting challenges human rights activists, groups, and intergovernmental bodies faced in less poisonous and polarized political circumstances than prevail today. But, even in more benign circumstances, progress—if achieved at all—proved difficult and, at times, ephemeral. Controversies sparked by Edward Snowden’s disclosures, such as the threat government surveillance poses for online privacy, remain contentious because, in part, many governments have increased their surveillance powers. The constellation of human rights issues in cyberspace associated with Snowden’s actions now seems quaint compared to what RightsCon 2017 has to navigate. Most of those gathering in Brussels are hardwired for defiance in the face of threats to human rights. The most pressing questions target the United States and other democracies and seek answers about the direction of human rights policies in cyberspace. Experts have called on the Trump administration to support internet freedom. Drafts of a new executive order on cybersecurity contain language on internet freedom, but, as in many policy areas, finding consistency and concrete details in the administration’s approach to internet freedom is difficult. Any initiatives on internet freedom would have to accord with the administration’s overall approach to human rights. On that score, the America First strategy provides little basis for optimism that President Trump will develop a coherent approach on human rights and integrate it across U.S. foreign policy. The furor over the administration’s immigration actions suggests domestic fights over individual rights might overshadow international human rights issues in U.S. policy for the foreseeable future. So, with the United States distracted, perhaps it really matters that this year’s RightsCon is in Brussels because “the heart of European policymaking” is the best place for the “most impactful RightsCon yet.” The impact remains to be seen, but the multiplying dangers for human rights in cyberspace make the Brussels meeting the most important RightsCon yet.