Imagine you had £45,000 in your bank account just last week. You've thought of a trip to Barbados or Maldives. But then you wake up this morning, you go to your bank app and what do you see?
Zero. Zero. Zero. Balance.
You've not been physically compromised by an armed robbery attack, but your world has changed in an instant. You go to your bank, they not only tell you they don't know what has happened to your money, they can't even find any data about you. Cyberspace is changing our world.
My name is Nenna Ifeanyi-Ajufo. I'm a professor of law and technology at the Leeds Law School of Leeds Beckett University, United Kingdom. But I was also privileged to serve as a delegate to the just concluded United Nations process that led to the development of the Cybercrime Treaty.
And often times during the process, I worried about the cybersecurity policies and what it meant for you and I in terms of our human rights, but also the sovereignty of digitally weaker states.
Firstly, I want to remind you that cyber threats are everywhere, not just in terms of the risk, but how they are impacting and changing our behaviours, impacting how we see our institutions and our trusts in governments. Secondly, I would like you to know what our governments and the big tech companies are doing about cybersecurity and how this impact our human rights and our freedom.
Finally, I would like us to know what we can do about cybersecurity so that we can take responsibility for our digital future, not just for ourselves, but for the future generation.
I call it the age of cyber threats. Statistics say that there are about 5 billion Internet users globally. Everything about you is intertwined with the Internet. Your name, your social life, your employment record.
If I asked how many people have an online dating profile, don't ask me. I wouldn't ask you. I'm sure a number of us, but that's not bad. Love is a beautiful thing, right? Of course, but then your photos, your location, your date of birth, all of these are online and cyber criminals are scrambling for your data.
Data is the new gold. The hackers, the cyber bullies, the cyber harassers. All they need is just Internet and a computer and that is it. On one side.
But I also worry what I call a new kind of warfare. Traditionally national security meant soldiers, warplanes, armoured tanks, guns. But now governments are fighting unseen armies. There is something interesting.
So Costa Rica has no military, they have no armed forces. And few years ago there was a launch of cyber attacks against Costa Rica. Sensitive information was stolen, government systems were compromised, and government websites were defaced.
The perpetrators asked for 10 million U.S. dollars in ransom for exchange so that they do not release those information. Now what happened to Costa Rica was they had to shut their systems. They were losing 30 million U.S. dollars every day. No bombs fell, no soldiers invaded, but your city is under attack.
It doesn't stop there. The cyber criminals can now even hack into systems and influence elections. A few years back we were told that the UK electoral systems had been compromised, but what was worrying was that it took a long time for it to be discovered.
We were told to be careful about unauthorised use of our data. You may ask then we need cybersecurity, of course, but why should we talk about it in this way?
Firstly, what are governments doing? Of course your security is the priority of the state. They have to secure your information, but are they just doing too much sometimes? Do you feel like just to leave you have to sacrifice your privacy?
What's your name? What's your date of birth? Where were you born? What was your last known address? What is your address?
What is your mother's name? What is your mother's maiden name? What is your father's name? Where was your father born?
Think about COVID, for example. We are at the mercy of the government sometimes, and it's difficult when you think about the fact that you have a right to privacy and you have a right to security. Do we hold them accountable or we just let our human rights go?
Sometimes I feel like a celebrity when I see the number of CCTV cameras all around me. Sometimes I wonder, is Brad Pitt by the corner? Is this Hollywood? But then I look, I see McDonald's and I remember I'm just at the Leeds train station.
But then I'm being pictured so many times. But that's not all. How about the big tech companies and what they are doing? Remember, to fight cybersecurity, we need technological innovations and so they are creating so much technology.
They need our data. They take our data so much, but what are they doing with the data? Sometimes our data are used for generative AI, this same technology. They perpetrate and enhance bias, marginalisation and sometimes discriminations, racial gender discrimination.
It's not just that. Are we also in a race against technology? Do you know how easy it is for AI systems to now create phishing emails, scam emails and the deep fake technologies that are a total replica of the reality?
So in one hand we are thinking of human cyber criminals perhaps do we also have tech cyber criminals? So what do we do?
The other question you may ask is what is all this about digital colonialism? How is it that cybersecurity can enhance the erosion of sovereignty? I will tell you how.
For cybersecurity, you need international cooperation. Remember, cyberspace is not tied to any geographically proximate location, and so which means we all need each other. A cyber criminal can launch an attack here in the UK and its effect could be felt in Mexico, Vietnam, Thailand, Australia, wherever.
But that's not it. All states are not digitally equal. So what it means is that we have to remember that most of the technology for cybersecurity comes from a handful of powerful states, the UK, Europe and China. It means that the digitally weaker states have to rely on the powerful countries for their cybersecurity infrastructure.
They inherit the tech vulnerabilities, the tech priorities and sometimes the inherent colonial mechanisms. While some countries can enjoy total sovereignty and ensure cybersecurity in their own terms, some other countries are subjected to external influence just to ensure cybersecurity.
And we continue to see a cybersecurity divide between the Global North and the Global South. So what do we do about cybersecurity? How do we ensure our freedoms, our liberties and protect the digitally weaker countries? Cybersecurity is a shared responsibility.
We are the first generation to be fully connected and so we cannot take cybersecurity for granted. That shared responsibility starts with you and I and our individual practises. As you walk down the road everyday, I want you to also think about your digital footsteps, your online footprints.
What are your individual practises? When you're asked to set up a password, do you just use your name and your birthday? When you have more than one e-mail, do you use the same passwords for all of them?
So let's create stronger passwords. Let's think of better authentication systems. The National Cybersecurity Centre has said to us, when you create passwords, think of three random words. Just imagine what difference that would make.
Install new softwares, update your software systems, backup your data as often as you can. It is very important to think before you click. Think about your privacy, think about the websites you visit.
I say this because your information is connected to that of your partners, your children and your family. We must also remind our governments that cybersecurity education must be prioritised, especially for the younger children. Cybersecurity education is as important as reading and writing.
When you eat dinner on the table and your little child is on that iPad, is he or she aware of the hygiene that follows with cybersecurity? And so we must think about digital literacy, cybersecurity literacy from the educational systems at a very young age.
We must also hold our governments accountable for cybersecurity policies and strategies. Cybersecurity must be about us. It is not just about national security, it is not just about a military approach. It must be people centred.
And so when they create cybersecurity policies, they should prioritise human rights, privacy and data ownership, but also the tech companies. We must think about them and hold them accountable when they create the systems, when they create the technologies, design, deploy them.
Security must not be an afterthought. In fact, we must push that security must be the initial thought and so the design and deployment of technology must be based on a security approach. Security by design, human rights by design, privacy by design.
And this is not about corporate social responsibility. It should be obligatory that they are ethical in their approach to designing technology. Again, maybe because I'm a professor, I'm biased. I always say research changes the world. You can do nothing without research.
If we must think of a digital future, we must think of enhancing research. As we continue to think about the future of our changing world, the choices we make today will determine the beauty or otherwise of our digital future.
And so global cooperation is important. When we talk about global cooperation, it has to be defined. There is digital inequality in the society and if we think about cybersecurity and we do not think about digital equality, then weaker countries will suffer.
We must think about digital inclusion and bridging the digital divide or else what we are doing is pushing digital dominance and digital colonialism.
If certain countries continue to totally rely on other powerful countries, let's create a better world. As our world is changing, let's take accountability and responsibility for the security of this changing world for ourselves and for our future generations.
Thank you very much.
