The Cyber Security Environment in Syria
The law Policies Perspective
In the early days, I thought that the Internet was not controlled by any authority. However, the truth is it is governed by the cooperation of many organizations. Moreover, the good planning of IP addresses, Domain Name System DNS are the results of such Internet Cyberspace management.
The Internet represents an interconnected network of networks which still needs more collaboration to deal with the most complicated issues for end-users such as identity theft, privacy protection and online censorship.
All these have brought awareness to security specialists, policy makers and other concerned parties. Although it is a complex technical area, it will not only be solved by technical administration, it also requires policies and a law framework. Therefore, I believe that applying a cyber-security law can be a good answer.
Protection of privacy remains a key concern for most Internet users in Syria. Although there exist laws in developed countries to investigate privacy intrusion, there is none in the Middle East and North African countries. As long as modern society’s democratic consolidation and economic prosperity depend on the internet, there should be a great deal of trust in the service providers and technology itself.
While a random internet user is connected to a public wireless in a library or internet café, he might get a pop-up window asking to replace a browser certificate for HTTPS site, receiving a phishing message. In a more silent and dangerous method, he may receive a fake IP for a site that he is trying to browse. This variety of attacks can lead to identity theft, stealing of email accounts or even the stealing of his/her bank account.
From a legal perspective, it is not easy to transcribe a modern cyber law from a developed country and modify it according to each of MENA country’s needs. There are questions that we need to discuss and answer. Do our countries have the qualified technical engineers needed to investigate such offenses? I have spent nine-year working in the biggest ISP in Syria and I can confirm that there are many professional technical individual experts.
Whilst, there is a lack of IG institutions that should be developing institutional frameworks and legal procedures for those experts. What are the current local parties and/or organizations that will play a significant role in this process in each country? I believe they have to be local and must communicate with local government in order to stimulate the debate on online Human Rights violations. They should set the path to building a more inclusive internet governance environment in Syria.
There is an urgent need to develop policy recommendations and policy advocacy to target the formulation of new legislative laws in Syria and the MENA region to guarantee a more secure internet cyber-space for the end-user inside Syria.
• Countries in MENA region should have and apply cyber-security laws in order to investigate and judge privacy intruders. As remarked before, technical security measurements will not put an end to such threats, they will only merely narrow the attacker’s chances to harm public institutions or the internet cyber-space. Setting policies and laws will show to attackers that there will be serious consequences.
Therefore, all IG members and interested persons should take part in these efforts of each country in order to organize ourselves and establish those parties that can formulate not only a cyber security law, but also other Internet policy drafts and participate in MENA IGFs to present our ideas to governments. Additionally, we have to attract IT engineers, law-consults, any current IG institutions and initiate the basic connection between governments and us.
In conclusion, IG members and other interested parties in the MENA region must cooperate with each other and local governments in order to stimulate a cyber-security law and develop other Internet policies in the future.
Laura De Nardis, The global war for internet governance, P-10-63, November 2014.
Kinan Alkhatib is a Syrian IT specialist, holder of a bachelor of information technology. In addition, he was the IT manager in the biggest ISP (Internet service provider) in Syria. He is currently residing in Egypt. He has been selected to be an HIVOS fellow in the third IGF (Internet governance forum) that took place in Beirut 2014.