Written by Nur Atiqah Binti Azrein, Siriracha Kaeoyong, Ramma Nisar, Rounok Jahan Khan, Afiq Rahimi, Phyo Thiri Lwin, Guntur Ramadhan (Edited by Jenna Fung & Phyo Thiri Lwin)
“ Human rights are not privileges conferred by the government. They are every human being’s enlightenment by virtue of its humanity.” Mother Teresa
Human rights mean every human has the freedom to live their life according to their will. Everybody is born free. They have a right to express their feelings in different ways: art, writing, etc. In the 21st century everything is digitalized and advanced but in these things, human freedom seems to blur in various ways. There is a lack of Digital privacy in the form of financial and browsing data.
Cyberwar in Vietnam
Cyberwar is usually waged against government and military networks in order to disrupt, destroy, or deny their use. Cyberwar should not be confused with the terrorist use of cyberspace or with cyberespionage or cybercrime. Even though similar tactics are used in all four types of activities, it is a misinterpretation to define them all as cyberwar. Some states that have engaged in cyberwar may also have engaged in disruptive activities such as cyberespionage, but such activities in themselves do not constitute cyberwar. (Thomas, 2022). There are two types of cyberwar attacks, mainly espionage, monitoring other countries to steal secrets, and also sabotage, the government organizations must determine sensitive information and the risk if it is compromised. (“What is Cyber Warfare Types, Examples & Mitigation Imperva”, 2022)
Vietnam was the fourth biggest source of credential stuffing last year. There was a sophisticated strike where hackers used specialized software to launch multiple automatic attempts to log into a website or app using stolen usernames and passwords. (“What Is Cyber Warfare? | Fortinet”, 2022) This is according to cloud services provider Akamai. The APT32 group is believed to be working on behalf of the Vietnamese government. (Johnson, 2022)
Cyberattacks use a variety of vectors, both technological and organizational. They seek out vulnerabilities in any of the entities that comprise cyberspace. Moura found that certain types of attacks were more likely to originate from certain nations or regions. Ordinary spam primarily originates in India and Vietnam, while the largest concentration of spammers per Internet address is in Nigeria. Moura argues that analyzing where malicious hosts are concentrated could enhance prediction of future attacks. 3. It is inevitable that the date and time should specifically occur for cyber war. Yet, it is mentioned that statistics showed an increasing trend of cyberattack incidents on information systems in Vietnam in the context of agencies and units strongly promoting digital transformation.
To some smaller countries, the use of DDoS attacks is a much cheaper option than conventional warfare tools against an enemy possessing greater resources in terms of weapons, money, and troops. Imagine a drone, not only intercepted but also then re-routed back towards its originator. The easy transition from cyber criminality to cyberwarriors for hire suggests that reliance on a strict delineation between the two activities. Cybercrime and cyberattacks may, in the long run, lead to increased cyberattacks.
In 2021, the Authority of Information Security recorded issued warnings about and guided the handling of more than 9700 attacks on cyberspace, an increase of around 43 percent from the previous year. Last year, the attackers took advantage of the COVID-19 epidemic to spread fake news and create more forms of phishing attacks to steal money. The leaking of personal information was also common.
Besides the loss of customer data, Vietnamese SMEs suffering cyber incidents also lost employee data, financial information, and sensitive business information, among others. In addition, 61 percent admitted that cyberattacks have hurt their reputation. Cisco’s study also found that while SMEs in Vietnam are worried about cyberattacks, they are taking steps to improve their cybersecurity.
Vietnam, in fact, has been ranked as the third-worst in the world for its cybersecurity, behind Algeria and Indonesia, ranked at positions one and two respectively for their poor scores. The issue at hand is whether or not the cyber war has affected much in terms of its economical and digital growth. Vietnam tries to take the efforts regarding this issue through Vietnam’s Cyber Legislation.
After all, while governance and law come out of the cultural bedrock of a society, it has opportunities to evolve with the changing times. It can be seen as increasingly repressive when it is held in comparison to another, a fact which matters very much at this digitally-fast juncture in history. The populations of different countries are able to create comparisons from active positions of knowledge, of their respective polarities, thanks to the very mechanism that is potentially being restricted.
With restriction, other comes a backlash. development of a new and highly tech-savvy, mid-level affluent youth population could be seen to be a problem when this population is faced with internal restrictions and censorship when they are aware that this is not globally the norm. The levels of Vietnamese spoken in hacker forums and on the dark web appears to have risen significantly in recent times.
Recent tension between global social media and the governance of Vietnam has heightened and the number of requests by the national administration to media giants like Facebook has increased significantly. Alongside requests for the removal of material from social media, there are discussions about the responsibility these giants have to keep lines of communication open between potentially opposing views, adding to the possibility of beneficial dialogue.
Anti-Doxxing law in Hong Kong
In Hong Kong, it has reinforced its regulations against the “doxxing” of personal information in order to harass people, the latest step in a security effort that has alarmed tech companies in the Asian financial city. Doxing or doxxing is the act of publicly revealing previously private personal information about an individual or organization, usually via the internet. Supporters argue that the measure was long overdue in addressing a problem that has existed since the city’s large pro-democracy rallies in 2019. Anti-government protestors revealed the addresses of several policemen’s homes and children’s schools, resulting in threats. However, some technology firms are afraid that the regulation is so broad and ambiguous that it may impede operations in Hong Kong. Human rights and pro-democracy organizations are concerned that it will be used to suppress dissent. With the coming into effect of the Personal Data (Privacy) (Amendment) Ordinance 2021 (“Amendment Ordinance”) on 8 October 2021, a new anti-doxxing law is now in force in Hong Kong. (“Experts Fear New Hong Kong Doxxing Law Will Punish Opposition”, 2022)
In summary, there are 3 key aspects of the anti-doxxing law.
- Firstly, there are new penalties. The Amendment Ordinance introduces two new offenses of doxxing and corresponding penalties. It is now an offense to disclose any personal data without the data subject’s consent with an intent to cause harm to the data subject or any family member of the data subject. Depending on the severity of the offence, any person who commits the offense is punishable on conviction with: a fine at level 6 (i.e. HK$ 100,000) and imprisonment for 2 years; or a fine of HK$ 1,000,000 and imprisonment for 5 years if the disclosure causes harm to the data subject or any family member of the data subject. (Lai-ling, 2021)
- PCPD now has increased powers of investigation and prosecution. They are now empowered to conduct criminal investigations and institute prosecution for doxxing offenses. Among other things, the PCPD will be granted wide powers to access documents and information from any person, or require any person to answer questions or provide relevant materials to facilitate an investigation in relation to doxxing offenses. The PCPD may also, with a warrant, enter premises and seize any materials or devices on the premises which may be relevant to the investigation as well as decrypt any material stored in these devices.
- Extra-territorial effect of the anti-doxxing law. Besides the authority mentioned above, The PCPD is now empowered to serve cessation notices to operators of electronic platforms including websites and online applications (regardless of whether these operators are based in Hong Kong or outside Hong Kong) where personal data has been disclosed without the individual’s consent. The cessation notices will require the recipient of the notice to take steps to remove the doxxing content or restrict the disclosure of personal data which has been made. Failure to comply with the cessation notice is an offense. Persons contravening the offense will be liable, on thr first conviction, to a fine at level 5 (i.e. at HK$50,000) and to imprisonment for 2 years. The Personal Data (Privacy) (Amendment) Ordinance 2021 Implementation Guideline Companies that operate websites and other online platforms in Hong Kong also deal with posts that may constitute doxxing and therefore trigger the provisions under the Amended Ordinance. (Yiu, 2021)
The arguments on human rights pursuant to the anti-doxxing law are first, on the restrictions on human rights such as freedom of speech, expression, and right of an internet user in the digital aspect. This is supported by a statement made by a lawmaker, Ma Fung-Kwok where he described the amendments as a “delayed justice,” and “It was an extreme injustice”. On the other hand, introducing sanctions aimed at individuals is not aligned with global norms and trends,”. Also, technology companies might be tempted to “refrain from investing and offering their services in Hong Kong” as a result. (Bannister, 2022)
The new anti-doxxing measures are part of a series of moves that have limited what Hong Kong residents can say, do or post online, including the enactment of a national security law banning speech deemed secessionist and a system of vetting candidates for public office for patriotic behavior. The law criminalizes online behavior that involves unauthorized disclosure of personal data including names, identity card numbers, phone numbers, photos, and addresses even if the disclosure does not cause harm. Its aim, the government said is to “combat malicious doxxing acts that have become more rampant in recent years, so as to protect the personal data privacy of the general public.”’
Secondly, there is an infringement of privacy on human rights. Lowell Dittmer, professor of social science at the University of California Berkeley, slammed the law for its “unduly severe” penalties. The law “added to the repressive armory of the national security law with a measure disguised as protection of human dignity,” Dittmer wrote to VOA. Dittmer said the law could be used improperly to obtain people’s information. “In the course of enforcing [the law] in compliance with the national security law, the authorities will no doubt use every possible means of covert surveillance,” he said.
Dongsheng Zang, associate professor of law at the University of Washington, called the law “an overreaction” by the government. “The ordinance was enacted in the name of protecting privacy; but it may end up encroaching more people’s privacy, due to the broad powers granted to the Privacy Commissioner,” Zang wrote to VOA, referring to Hong Kong’s privacy commissioner for personal data, whose office oversees the implementation of, and compliance with, 1996 privacy legislation, and will be given new power to enforce the anti-doxxing law.
In July, the Asia Internet Coalition, an industry association whose members include major internet and technology companies, voiced its opposition to the doxxing measure in a strongly-worded statement.(Lindberg, 2022). “Subjecting intermediaries and their local subsidiaries to criminal investigations and prosecution for doxxing offenses under the proposed amendments is a completely disproportionate and unnecessary response to doxxing,” the group said. Here, we can infer that the anti-doxxing law has indirectly infringed the human rights of Hong Kong citizens as their privacy has been encroached upon.
The lesson learned from the above case studies is the importance of securing our rights online. It is vital for humans, especially in this generation of developing technology to know and understand their respective human rights online. Hence, from both of the case studies in Vietnam and Hong Kong, we can infer that when somebody knows their human rights, they will then be able to stand up for the right actions. This is to avoid people generally from being manipulated by the superior and higher power. On the other hand, the suggestion and solutions to solve the issues of human rights online are by sticking together and voicing out our disagreements through NGOs and organizations. Also, we could try to protest in peace such as through riots, or do campaigns to centralize the key points on why the certain imposition of law or actions are against and violate our human rights online.
The world needs to establish a set of principles to determine the proper conduct of governments regarding cyberconflicts. They would dictate how to properly attribute cyberattacks so that we know with confidence who is responsible, and they would guide how countries should respond. Perhaps most importantly, world leaders should create a framework of incentives and sanctions that encourage governments to stop destructive cyberattacks in the first place. Ideally, these principles would be enforced through a multilateral treaty, but given the disorder of the international system and the fact that countries don’t have a monopoly on the tools of cyberwar, such an approach seems unrealistic in the near future. But we can still take meaningful steps toward smaller, more tangible goals.
REFERENCES:
Bannister, A. (2022). Hong Kong’s anti-doxxing law comes into force despite human rights criticism. The Daily Swig | Cybersecurity news and views. Retrieved 1st December 2021, from https://portswigger.net/daily-swig/hong-kongs-anti-doxxing-law-comes-into-force-despite-human-rights-criticism.
Experts Fear New Hong Kong Doxxing Law Will Punish Opposition. VOA. (2022). Retrieved 31st December 2021, from https://www.voanews.com/a/experts-fear-new-hong-kong-doxxing-law-will-punish-opposition/6303205.html.
Johnson, K. (2022). | Security Magazine. Securitymagazine.com. Retrieved 16 February 2022, from https://www.securitymagazine.com/articles/96337-the-real-world-impacts-of-cyberattacks.
Lindberg, K. (2022). Bloomberg – Are you a robot?. Bloomberg.com. Retrieved 16 February 2022, fromhttps://www.bloomberg.com/news/articles/2021-09-29/hong-kong-passes-tougher-anti-doxxing-bill-that-spooked-big-tech.
Lai-ling, A. (2021). Hong Kong’s anti-doxxing law plugs privacy loophole, protects freedoms. South China Morning Post. Retrieved 16 February 2022, from https://www.scmp.com/comment/opinion/hong-kong/article/3155084/hong-kongs-anti-doxxing-law-plugs-privacy-loophole-and.
Thomas, J. (2022). Cyber warfare in Vietnam. The ASEAN Post | Your Gateway To Southeast Asia’s Economy. Retrieved 16 February 2022, from https://theaseanpost.com/article/cyber-warfare-vietnam.
What Is Cyber Warfare? | Fortinet. Fortinet. (2022). Retrieved 16 February 2022, from https://www.fortinet.com/resources/cyberglossary/cyber-warfare.
What is Cyber Warfare | Types, Examples & Mitigation | Imperva. Learning Center. (2022). Retrieved 16 February 2022, from https://www.imperva.com/learn/application-security/cyber-warfare/.
Yiu, P. (2021). Asia Pacific Hong Kong legislature passes controversial anti-doxxing privacy bill. Reuters. Retrieved 16 February 2022, from https://www.reuters.com/world/asia-pacific/hong-kong-legislature-passes-controversial-anti-doxxing-privacy-bill-2021-09-29/.
Cyber warfare in Vietnam. (n.d.). The ASEAN Post | Your Gateway to Southeast Asia’s Economy. Retrieved February 16, 2022, from https://theaseanpost.com/article/cyber-warfare-vietnam
Cyberwar: The What, When, Why, and How. (2017, June 29). IEEE Technology and Society. https://technologyandsociety.org/cyberwar-the-what-when-why-and-how/
Insight Report. (2019). http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf
Vietnam suffers the most Southeast Asia offline cyber attacks Q2 2019. (2019, August 9). KrASIA. https://kr-asia.com/vietnam-suffers-the-most-southeast-asia-offline-cyber-attacks-q2-2019VietnamPlus. (2022, January 18). Vietnam records nearly 1,400 cyberattacks in January | Videos | Vietnam+ (VietnamPlus). VietnamPlus. https://en.vietnamplus.vn/vietnam-records-nearly-1400-cyberattacks-in-january/221952.vnp