The COVID-19 pandemic has exacerbated existing problems in cyberspace but has not ushered in a new era of cyber policies to appear in 2021. Make no mistake – changes are coming.
December 14, 2020
History will remember 2020 as the year in which the COVID-19 pandemic caused death, illness, economic damage, and social disruption worldwide with once-in-a-century speed, scale, and severity. The pandemic affected every policy area, raising questions about how it could change policy making after the crisis ends. In terms of cyberspace, the pandemic exacerbated existing problems but has not transformed the political context sufficiently to permit a new era of more effective policies to appear in the post-pandemic world.
The pandemic deepened dependence on digital technologies and expanded opportunities for cybercrime and cyber espionage. Public health measures, such as lockdowns, produced a surge in online activities. The ability of tech companies and the internet to handle the demand underscored the remarkable capabilities that cyberspace provides. However, this crisis-induced dependence created an even more fertile field for cybercrime and cyber espionage, which, even before the pandemic, constituted serious threats. Pandemic-related incidents, such as criminal ransomware attacks on health facilities and cyber espionage against vaccine research-and-development efforts, garnered the most attention, but the online surge increased the incentives for criminals and intelligence agencies to exploit cyber vulnerabilities in all sectors of economic and political activity.
In public health and other contexts, online disinformation was a problem before COVID-19, but the pandemic seeded an “infodemic” that interfered with health responses and highlighted how ineffective pre-pandemic efforts to mitigate online disinformation had been. Disinformation damaged a tenet of effective pandemic response strategies, namely the authoritative provision of science-based, accurate, and timely information to the public. In addition to the fear COVID-19 created, the infodemic metastasized because the pandemic agitated geopolitical competition between China and the United States and inflamed partisan politics in the United States during an election year. Despite efforts by social media platforms to police pandemic-related information, disinformation proved politically potent amidst a deadly pathogenic event, which bodes ill for designing effective policies against disinformation after this outbreak.
According to Freedom House, internet freedom declined in 2019 for the ninth consecutive year. The pandemic has made things worse. In its 2020 report, Freedom House argued that the pandemic accelerated the decline in internet freedom by fueling digital repression as governments around the world used the crisis to restrict access to online information, spread disinformation, engage in censorship, expand surveillance powers, and embrace cyber sovereignty. In the decade prior to the COVID-19 outbreak, democracies failed to counter how digital authoritarianism was reshaping cyberspace. The pandemic did not create the internet freedom crisis, but it has created conditions that authoritarian governments have manipulated to ratchet their strategies into a stronger position, which increases the scale of the challenge democracies face after the coronavirus is controlled.
International Law and Norms in Cyberspace
The pandemic became another whetstone for sharpening the application of international law in cyberspace. For example, the Oxford Process on International Law Protections in Cyberspace—a global collaboration of international legal experts—issued statements on how international law on sovereignty, non-intervention, due diligence, human rights, and armed conflict protects the health-care sector and COVID-19 vaccine research, manufacture, and distribution from cyber operations conducted by state and non-state actors. However, during the pandemic, international law has not proved protective against cybercrime targeting health facilities, cyber espionage against vaccine research and development, government online disinformation campaigns, and the growth of digital repression. Nor has the pandemic become, as hoped, “an opportunity for like-minded states to further global cyber norms” as fragmentation and disagreement on cyber norm development continued in 2020.
Regulation of the Tech Industry
The surge of online activities during the pandemic connected to pre-coronavirus debates about regulation of the tech industry. COVID-19 hit as concerns about the power of the tech industry to stifle competition, violate privacy, and censor political speech were rising. With the pandemic driving more activities online, this microbial crisis fed into contentious discussions about regulating the tech industry through anti-trust law, new privacy rules, and limiting tech company immunity for online content provided by Section 230 of the Communications Decency Act. For example, as its market power in online commerce increased during the pandemic, Amazon came under heightened anti-trust scrutiny in the United States and the European Union. Interest in regulatory action might remain if the pandemic produces sustained changes in how individuals, companies, and governments use online services.
As this goes to press multiple efforts to reign in Social Media platforms, Google and others is making its way through the legal process via suits brought by the US Department of Justice, several individual states, the EU and pressure is being applied by President Trump in a threatened veto of the 2021 NDAA unless a rider is included making changes he demands about Section 230. Additionally, the full exposure of US IT systems is still being determined from the alleged Russian hacking. It will take months to determine. While Secretary of State Pompeo has been clear that he believes Russia was involved, no statement (tweet) other than deflection to the possibility of it being China has been made by POTUS.
The pandemic has broadly affected cyberspace policy, but the overall impact reveals that this health debacle has made long-standing problems worse and needed solutions harder to achieve. For sure, the pandemic is not over, so a comprehensive evaluation of its significance for cyberspace policy is not possible. Yet, we have seen enough to sense that the pandemic will not be a turning point for cyberspace policy on some of the most difficult problems confronting governments and societies in this political realm.