ON July 15, Indonesia announced a partial ban on Telegram, which swiftly responded by shutting down the channels reported by the Indonesian government. The ban seemed a culmination of the governments frustration over Telegrams silence on complaints about channels used to recruit Indonesians into militant groups.

The application was confirmed by Indonesias National Police chief General Tito Karnavian as one of the means to receive terror-related materials in the recent stabbing of two police officers at a mosque in Jakarta. Yet, it is perhaps the lack of reciprocation from Telegram on complaints made since last year, which may have escalated tensions in the spheres of governance in cyberspace.

Telegram is not the first application caught in a skirmish with states over national security concerns. Conflict between the government and private sector occurs due to the structure of the Internet, which is not designed to keep cyberspace secure from threats to networks or discriminate against the transfer of information.

A network for a small community back then, the Internet was created with the presumed understanding that actors belonged in a close circle and were essentially benevolent. However, the expansion of cybersphere in the 1990s migrated more than 50 million users online.

In December 2000, an ITU report estimated that there were four million Malaysian users online and last year, the figure grew to 21 million.

The greater integration of cybersphere in daily life increases the surface for cyberattacks. In 2015, CyberSecurity Malaysia recorded 1,714 incidents, but the first quarter of last year registered 2,470 incidents.

The private sector drives Internet patronage, with technology giants such as Google, Microsoft and Facebook providing essential services for Internet users. The technology communitys large footprint online translates offline and impinges on traditional roles in the security architecture. The governments role as a user of such services presents difficulties to the states responsibility as the protector of the population.

Chinas cyber laws passed last year bring data centres to Chinese soil, where corporations are required to host data locally. This places control over data within the regulations of China, thus empowering the state to secure information systems. However, this is not the case with other nations, as Indonesias situation with Telegram illustrates. States have to work with private companies to ensure the experience online and offline is protected.

Yet, harmonisation can be an uphill climb, especially where interests do not align. The widely broadcasted legal kerfuffle between Apple and the United States Federal Bureau of Investigation (FBI) stemmed from the FBIs request to unlock an iPhone belonging to the San Bernardino shooter in 2015. The FBIs concern relates to strong encryption that prohibits authorities from solving cases to stop terrorist attacks swiftly. The FBIs request was for Apple to provide a backdoor to Apples programmes in the interest of national security. Apple declined the request on the grounds of data privacy.

That cyberspace provides an avenue to air grievances outside the control of governments was addressed in the United Nations Human Rights Committee general comment No. 34 following the Arab uprisings in 2011. Encryption and anonymity are attached to the concept of freedom of expression, which is most important to end users.

Corporations, programmers and data centres that are suddenly called to play the role of honest brokers may experience difficulties in suiting up as participants in security. National security issues are not their initial trade, and perspectives on national security may differ in accordance to locality terrorism, its definitions and its amplification is only one national security concern. Additionally, parts of Asia where national security is seen as the sole responsibility of the state may not have the institutional knowledge and mechanisms of a multi-stakeholder system. If there is little trust between stakeholders, there can be suspicion on the part of the private sector towards the intention of states, as the Apple versus FBI case suggests.

Roles and responsibility should link cybersecurity players and authorities in a smooth system online and offline. The fear of over-regulation or being caught amid a political fight may lose private sector interest to participate.

However, failure to construct a healthy ecosystem may affect the direction of policies. While the WannaCry ransomware affected more than 230,000 computers in more than 150 countries, the Malaysian Communications and Multimedia Commission did not receive a single report, though this is not because there were no incidents in Malaysia. LGMS, a cybersecurity firm in Malaysia, found WannaCry in at least 10 devices. In the current threat to cybersphere, there is tremendous pressure for the fledgling environment of information sharing between stakeholders in Malaysia to mature rapidly.

The National Cyber Coordination and Command Centre (NC4) was formed with the intention of coordinating cooperation between public and private sectors. Yet, NC4 was created for cyber threats of national proportions and may not be the platform of outreach needed for threats not limited to cybersphere.

Details of the cybersecurity bill passed by Deputy Prime Minister Datuk Seri Dr Ahmad Zahid Hamidi to Attorney-General Tan Sri Mohamed Apandi Ali are still pending, but one hopes it addresses the gaps in the ecosystem and aims to remedy them.

With the private sector expected to play a large role in providing cybersecurity services, there has to be mechanisms that ensure national security is fortified without sacrificing private sector innovation. After the Telegram debacle, cyberspace users need the giants to play well together for a safe experience online and offline.

**The writer is an analyst on foreign policy and security studies at the Institute of Strategic and International Studies Malaysia

Visit link:

Cybersecurity ecosystem of tomorrow - New Straits Times Online