The revision of the eIDAS Regulation initiated a discussion about who sets standards for safe web browsing via Qualified Website Authentication Certificates. Dr. Kim Nguyen, Managing Director of D-Trust (a company of the Bundesdruckerei Group), explains why European digital sovereignty is the better option.

Dr. Kim Nguyen is the Managing Director of D-Trust GmbH, a company of the Bundesdruckerei Group.

With Making Europe Fit for the Digital Age, the von der Leyen Commission has set us on the road to a new, digital era for the European Union. Digital technology has a profound impact on our lives, and if the EU aims to take its values and principles seriously Europe needs this change to work for citizens and businesses alike.

Real EU-sovereignty requires a sincere well-meant protection of its citizens. In this effort, two aspects are given a key role: The ability to verify digital content, URLs, and identities as well as the ability to set sovereign European standards.

Why are standards and their certification so important? Standards are representing quality, ensuring security, and building up trust. When you currently visit a website, your browser will display a lock icon. This indicates that you have established an encrypted connection to the digital destination you have accessed. This connection is secured via digital certificates.

However, only so-called Qualified Website Authentication Certificates (QWAC) provide transparency and confirm and provide the website providers secured identity for the user. They are in a way your defence against fraudulent sites and ill-intentioned actors. They establish the level of trust in a website, which is necessary for you to browse safely and securely because they guarantee that your personal information including sensitive data like credit card information is not only protected while being transmitted but does not fall into the wrong hands.

According to a 2018 study, the websites of the twenty largest online sellers in Germany alone have been illegally replicated more than 7.000 times. This example impressively demonstrates the threats for internet users as well as the necessity for website authentication mechanisms.

The question of who is responsible for setting standards for websites and who is supervising them has become a topic of heated debates. Given the experience in other sectors, like transport, pharmaceutical or finance, it should be quite obvious that standards are set and checked by neutral external supervisory bodies.

However, today, the browsers themselves set and check the security standards and are able to arbitrarily decide whether to display QWACs or not.

The EU Commission now intends to shift this decision-making power from the hands of international Big Tech companies to the democratically elected European regulators as well as to a governance system which consists of certification and audit bodies as well as national supervisory bodies including means and processes to deal with possible critical issues. Certain web service providers argue that they are defending consumer protection and offer safer solutions under their own responsibility.

While it is true that certain digital companies excel in their sectors and that it is easier for them to create certification schemes for their own browsers, this line of argument serves to conceal an important aspect: Such an approach would leave the question of standards and accountability entirely in their hands. These companies aim to essentially usurp the role of trust service providers and take on crucial internet security responsibilities on behalf of the European Union.

In a world of big tech companies and increasingly powerful authoritarian regimes outside of Europe, the question of who to trust in setting and controlling standards for the digital world becomes ever-more important. Why would we trust the largely intransparent internal processes of global companies without any external check more than our own democratic institutions? As European citizens, we should choose to be the ones to decide on who sets up and supervises these standards.

By setting standards on a European level, we can even avoid becoming dependent on a single government. European solutions might not be perfect, but EU-governance has been very well established over the years and can be further developed. The Commissions proposal for a revision of the eIDAS Regulation is in line with the European Unions ambition to strengthen its commitment to its values such as sovereignty, accountability, and transparency.

Contrary to what recent anti-QWACs campaigning has suggested, the standard setting of liberal democratic institutions is well established, has served Europe well for decades, and cannot at all be compared to the government overreach of non-democratic states like Kazakhstan. In line with democratic principles, the European standards should be developed in cooperation with technical experts from businesses, civil society, and government.

For a website verification to be trustworthy in Europe, European standards are needed. EU standards strengthen EU-sovereignty, and from EU-sovereignty follows that the spirit of EU-laws is upheld. EU-standards entail that we as European citizens, governments, and companies develop the basic rules for the digital world together. Joint events, that bring policy makers, business and civil society together such as the European Digital Identity Roundtable, can make important contributions in this process.

Besides, it means that other companies and institutions will need to follow standards developed by and for Europeans, thus giving us a competitive advantage. It also entails that online verification will rely on European actors. Relinquishing control over website certification will not aid the EU to become more sovereign or more democratic. Therefore, the EU should make use of its right for democratically legitimized representatives and civil servants to set standards that are in the interest of European citizens.

See the rest here:
Democratic EU Standards and the Global View on Safe Web Browsing - EURACTIV

Cyber-attacks are on the rise globally, with seriously negative implications for countries strategic, national, economic and social well-being.

A cyber-attack can be defined as an unauthorised attempt successful or not to infiltrate a computer or computer system for malicious purposes. Reasons for such attacks vary from financial gain to espionage, gathering strategic and national information and intelligence about an adversary. Such an adversary can be a nation state, a corporate entity or a private individual.

The authoritative international Cybercrime Magazine expects global cybercrime costs to grow by 15% a year over the next five years, reaching $10.5 trillion a year by 2025, reporting:

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.

A 2022 report by Surfshark, the Netherlands-based virtual private network (VPN) service company, lists the top 10 countries in the world in terms of cybercrime density. Cybercrime density is defined as the percentage of cyber victims per one million internet users. South Africa is number six on the list, with the UK, the US, Canada, Australia and Greece taking places one to five. The UK, therefore, has the highest cybercrime density. That means it has the most cybercrime. One reason for South Africas poor showing may lie in the fact that a 2020 Accenture report found the countrys internet users were inexperienced and less technically alert.

In May, a data leak at Transunion, a credit management company, reportedly compromised the personal information of 54 million South Africans. President Cyril Ramaphosa was among the victims.

In 2021 a successful cyber-attack on Transnet, the transport parastatal, brought container terminals to a standstill, disrupting imports and exports. This had massive strategic and economic implications.

Cybercriminals are increasingly moving from targeting enterprise systems to the end users the employees who operate computers and have access to the enterprises corporate data and network systems.

Poor cybersecurity awareness and training of end users is one reason cyber-attacks succeed in South Africa. In both the Transunion and Transnet attacks, unauthorised access was gained via end users.

Cyber-attacks are expected to grow in sophistication as criminals exploit such technologies as artificial intelligence. I am a cybersecurity expert and academic who has watched the growing problem of cyber-attacks in South Africa and internationally over the last 30 years. In my experience, five key ingredients need to be in place in the cybersecurity ecosystem to fight cybercrime in South Africa:

recognition of cybercrime as a governance issue

skilled practitioners and advisors

savvy citizens

public-private partnership

a dedicated national director of cybersecurity.

1. Fighting cybercrimes must be a governance issue

This is a core principle in all national and international good corporate governance practices. In private companies that role falls on the boards of directors and executive management. Its part of the oversight and code of conduct of top management.

For the government it means that the president and cabinet should be responsible for ensuring that the country is resilient against cyber-attacks.

2. Skilled cyber practitioners and advisors are vital

There is a dire need for cybersecurity capacity globally. South Africa is no exception.

This shortage is experienced both in government and in the private sector. South Africa needs a large number of cybersecurity practitioners and advisers to help users to identify and prevent cyber-attacks. These should ideally be available in all government institutions, including every municipality, hospital and school.

The skills shortage is being addressed by universities and private colleges, but this is but a drop in the ocean because the output is limited and takes several years to produce. The fact is that such cybersecurity practitioners do not necessarily all have to have university degrees. In the UK, for example, the governments National Cybersecurity Centre has a programme called CyberFirst, directed towards schools.

Such a programme could have significant benefits for South Africa, including providing jobs for talented young people who do not have the money or interest to pursue tertiary studies.

3. Citizens must be cybercrime savvy

All computer end users must be empowered to be cybercrime fighters to make the country, companies and other institutions more resilient.

Security is everyones job. Everyone from the entry-level to top management should know how to identify and report breaches so they can defend the enterprise.

New, more effective approaches must be found to make end users more aware of cyber risks and integrate them better into the enterprises cyber defences. One example of such a new approach can be modelled on the idea of a human firewall, where every end user understands that he or she is part of the cyber defence of the country or company, and acts in that way.

4. Public-private partnership is imperative

The government cannot fight cybercapture on its own. Most of the present cyber expertise lies in the private sector. The private sector is basically running a major part of South Africas critical information infrastructures such as for banks, internet service providers and cellphone service companies.

Public-private partnerships must be established as soon as possible to combat cybercrimes. This idea is already provided for in the original National Cybersecurity Policy Framework of 2013. But the political will from government to make it work seems missing and no such partnerships have really developed.

5. Have a dedicated national cybersecurity director

Cybersecurity experts and functionaries in the government and the private sector often operate in independent silos. Nobody has the required helicopter view and oversight of the status of cybercrime in the country.Not sharing scarce cybersecurity expertise between role players ends up in expensive duplication of expensive software systems and training, which could be more widely available.

South Africa needs a national bureaucrat, or national cybersecurity director to play an oversight role. The office must act as a single point of contact for all cyber-related matters in the country. The incumbent must be technically skilled in cyber matters, and have the trust of both government and private sector role players.

He or she must report directly to parliament something like Chapter 9 institutions, which strengthen the countrys democracy as provided under the constitution.The US, the UK and Rwanda have all created such a position or agency.

Read the rest here:
Five things South Africa must do to combat cybercrime - The Conversation

The UK Government has announced that network providers (e.g. broadband ISPs and mobile operators) will become subject to new regulations under the Telecommunications (Security) Act from 1st Oct 2022, which aside from restricting the use of Huawei, will also impose changes to make networks safer from cyberattack.

Just to recap. The TSA became law in November 2021 (full summary). The goal was to impose stronger legal duties on public telecoms providers to help defend their networks from cyber threats, which could cause network failure or the theft of sensitive data. Few could disagree with that desire, although politicians who tend not to fully understand how such networks work in the real-world are often terrible at getting technical rules right.

The new framework hands significant new powers to the Government and Ofcom, enabling them to intervene in how telecommunications companies run their business, manage supply chains, design and even operate networks. Fines of up to 10% of turnover or 100,000 a day will be issued against those that fail to meet the required standards, which would be a particularly big burden for smaller players.

Digital Infrastructure Minister, Matt Warman, said:

We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life.

We are ramping up protections for these vital networks by introducing one of the worlds toughest telecoms security regimes which secure our communications against current and future threats.

The related Code of Practice (CoP) for all this puts telecoms providers into three tiers, which are filtered according to size and importance to UK connectivity (i.e. the smallest players see softer regulation). Tier 1 providers are the biggest players (e.g. BT, Vodafone, Virgin Media / VMO2 etc.), while Tier 2 providers are medium-sized players (e.g. Hyperoptic, Zen Internet) and Tier 3 reflects the smallest companies (those that are not micro-entities).

One catch above is that some smaller providers may supply parts of networks and services owned by larger Tier 1 or Tier 2 providers. In that case, the regulations stipulate that where a provider acts as a third-party supplier to another provider, they must take security measures that are equivalent to those taken by the provider receiving their services.

Telecoms providers will be legally required to:

Protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed;

Protect tools which monitor and analyse their networks and services against access from hostile state actors;

Monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards; and

Take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.

The Government, which has been consulting on the implementation of all this since March 2022 (here), have today issued their response (here). Overall, there were 38 responses to the consultation, from public telecoms providers, industry trade bodies and telecoms suppliers etc. As a result of this, a number of changes have been made to the regulations, which may help to soften the blow a bit. Weve summarised some of them below.

Changes to the Regulations Post-Consultation

The draft code stipulated that providers should offer their customers a no-additional-cost replacement of customer premises equipment (e.g. broadband routers) supplied by that provider, once that equipment had gone out of third party support. But operators warned that the cost of doing this would be extreme. The Government have thus amended the draft code of practice to remove the suggestion that providers should replace CPE at no extra cost to the customer.

The implementation timeframes for Tier 1 providers are now aligned with the Tier 2 timeframes, with the exception of the timeframes for the most straightforward and least resource intensive measures. Tier 1 providers will, therefore, now be expected to:

implement the most straightforward and least resource intensive measures by 31 March 2024 implement relatively low complexity and low resource intensive measures by 31 March 2025 implement more complex and resource intensive measures by 31 March 2027 implement the most complex and resource intensive measures by 31 March 2028

This approach, said the Government, would ensure that all public providers are afforded appropriate time to implement measures while preserving the need for new security measures to be introduced as soon as is feasible. Previously they sought some implementation by 31st March 2023 and that, complained operators, would have been very costly and difficult to achieve.

Clarifications were made to ensure security measures are targeted at the parts of networks most in need of protection, like new software tools that power 5G networks. In addition, its specifically noted that private networks are NOT in scope of the new security framework introduced by this Act.

Inclusion of further guidance on national resilience, security patching and legacy network protections, to help providers understand actions that need to be taken.

Despite the changes, it remains a reality that practically applying such rules to hugely complex national telecommunications networks, with global connectivity and supply chains to consider, will not be so easy (i.e. modern software, internet services and hardware is all produced with bits and pieces, as well as connectivity, from across the world). Much will also depend upon Ofcoms approach, which were still waiting to see (here).

The related Electronic Communications (Security Measures) Regulations will now be laid in Parliament for Parliamentary scrutiny under the negative procedure. It is intended that the regulations will subsequently come into force on 1st October 2022. On the same day as the regulations, the draft Telecommunications Security Code of Practice will also be laid in Parliament, in accordance with Section 105F of the Communications Act 2003. If neither House resolves against the draft code of practice within 40 sitting days, it will then be issued and published in final form.

Ofcom will regulate the new framework in accordance with its new functions under the Act to seek to ensure that public telecoms providers comply with their security duties. Ofcom has a clear remit to work with public telecoms providers to improve the security of their networks and services and monitor their compliance, including the power to request information.

The regulator is expected to begin this process in advance of the first implementation timeframes in the draft code of practice, which are set for completion by 31st March 2024. Ofcom will naturally produce its own procedural guidance on its approach to monitoring and enforcing industrys compliance with the security duties, and has consulted publicly on a draft of this.

Continued here:
New UK Telecoms and Internet Security Code to Go Live in October - ISPreview.co.uk

Instilling values of cyber hygiene at a young age is critical in countering cyber security threats, Sanjay Kumar Das, Joint Secretary (Department of IT and Electronics), Government of West Bengal, has said.

Speaking toDH on the sidelines of a cyber security congress organised by Infosec Foundation, a Kolkata-based not-for-profit, Das said a bottom-up approach is a way forward in addressing gaps in awareness of cyber hygiene practices, that facilitate cyber crimes.

He said states, including Karnataka, Andhra Pradesh and Telangana, are doing commendable work in tackling emerging cyber security challenges even as the technologies evolve at a staggering pace.

Speaking about the threats posed by unregulated digital loan apps and aggressive recovery methods, he said customers need to understand the importance of due diligence and ask themselves basic questions like Why is this loan being offered to me? before accepting the loans.

Also Read |Google report reveals Iranian hacker group updates malware to steal data from inboxes

We need to create awareness on these practices among students, from schools to colleges. The focus should be on addressing the cause, not the outcome. Fake loan apps are an outcome, he said.

Das said the Cyber Security Centre of Excellence under the IT and Electronics Department in West Bengal has been taking up awareness initiatives, including a comic book with stories around 12 common cyber crimes including matrimonial fraud, phishing, fake calls from banks and fake modelling offers.

Focus on new challenges

Cyber security experts discussed the challenges in complying with global internet security standards during sessions in the congress.

Sushobhan Mukherjee, chairman of Infosec Foundation, told DH that the congress was aimed at providing a platform for stakeholders including the governments, industry and the public to collaborate on solutions for cyber security challenges.

Duringa moderated session on Artificial Intelligence and Machine Learning applications in cyber security, experts underlined the effectiveness of AI systems in responding to malware and other forms of cyber aggression.

The session also saw the panelists caution users against developing a false sense of security with AI systems.

Here is the original post:
Early cyber hygiene adoption key in fighting security threats - Deccan Herald

In the global race for internet governance, freedom is the Wests strategic advantage. And yet, a recent report from the Council on Foreign Relations (CFR) declares provocatively that the era of the global internet is over. The reports evidence for this claim is an assertion that the past decade-plus of democratic investment in global internet freedom has failed, and it is therefore time for the United States to jettison the vision it has championed of a global, open, secure, and interoperable internet. The report argues that the United States should focus instead on responding to the geopolitically driven cyber activities of China and Russia, countries that position the internet as a cyber-military battlefield rather than a space designed to empower innovation and social progress. As CFRs Adam Segal writes in Lawfare, this is an intentional departure from the organizations 2013 report and reflects a sense of lost possibility and influence. Indeed, the world has changed. But moving the goalpost in by abandoning even the aspiration of protecting global human rights online, as the new report recommends, would be a strategic mistake. It would likely harm individuals living in repressive environments in the short term and hamper the ability of Western governments to advance shared goals of security and openness in the long term.

Cyber warfare and information warfare are undoubtedly in our midst. However, embracing the CFR reports narrative and changing the course of U.S. policy in response to the continued trajectory of attacks not only would undermine human rights, democracy, and the internet itself but also would empower governments like China and Russia that benefit most from the every country for itself approach to the digital world. Instead, the United States should recommit to its vision for internet freedom by articulating and demonstrating how democratic states can address complex cybersecurity threats and digital harms through innovative, collaborative, and democratic means.

The CFR report proposes three pillars for a new U.S. foreign policy. Notably, the specific proposals put forth in the report are not incompatible with internet freedom; but they fail toindividually or collectivelyeffectively replace it.

First, the report calls on the United States to confront reality and bring together allies and friends around a new vision for the internet, by prioritizing a trusted, protected international communication platform. Securing communications online is a worthy goal and one that can and should be developed collectively through multilateral mechanisms. But within the reports absolutist paradigm, this recommendation futhers an explicit us versus them dynamic on the international stage, declaring that some governments are sufficiently aligned with U.S. interests to be permitted into the club, while others will be excluded.

Putting aside the practical challenges of deciding who gets in and who stays out (for a taste of how messy this would get, look at the invitations to the 2021 U.S. Summit for Democracy), this approach is at odds with the globally interconnected infrastructure and protocols that make up the internet. The internet is a network of networks, and despite the advanced information controls imposed in some jurisdictions, its technical designincluding the critical Internet Protocol and Border Gateway Protocolare designed to maintain interconnection above all else. Separating countries into friends and enemies also, ironically, buttresses the long-standing goals of China, Russia, Iran, and other authoritarian regimes to center internet governance in cyber sovereignty rather than internationally protected human rights.

In a moment of historic expansion of internet connectivity, most governments around the world still havent firmly established their position on the spectrum between an authoritarian and freedom-centric approach to internet governance. If the United States, in particular, portrays the future of the internet as inevitably isolationist, it is as likely to push governments toward authoritarian models as it is to incentivize governments away from them. This could result in a potentially disastrous fait accompli that will likely imperil innovation, equity, economic growth, and human rights in the decades ahead.

A shift toward walling off countries with differing views not only would provide normative validation for existing national firewalls but also would abandon the people within those countries seeking to realize their rights. This would contradict the Biden administrations Presidential Initiative for the Democratic Renewal and the recent U.S.-led Declaration for the Future of the Internet, which provides a clear and compelling alternative by creating an opportunity to join for partners who actively support a future for the Internet that is open, free, global, interoperable, reliable, and secure without boxing other nations into choosing a side.

Second, the report calls for U.S. foreign policy to balance more targeted diplomatic and economic pressure and more disruptive cyber operations with self-imposed restraint among U.S. allies. It is possible to consistently promote a global open internet while increasing diplomatic, economic, and digital pressure to support that goal. Where tensions arise, such as when Ukraine asked the Internet Corporation for Assigned Names and Numbers to disconnect Russia from the global internet, the balance typically lies in favor of preserving the global internet. American policy can and should reinforce this.

In its pursuit of a more globally harmonized internet policy, the United States must complement its outreach to current allies and its response to current threats with greater engagement with the majority world. Businesses in these regions benefit from access to American capital, markets, and partners. Their governments can realize incredible benefits through joint economic programs and global digital flows, showing the merits of openness and freedom rather than oppression and manipulation.

Focusing primarily on increasing pressure on adversaries is likely to mean taking attention and resources away from direct support to and engagement with the myriad countries whose only existing option for stronger internet infrastructure has been, and remains, the acceptance of Chinese aid and its accompanying influence. China has invested massively around the world through the Belt and Road Initiative, including in global network infrastructure, creating debt and dependencies across a wide number of states. And Chinas narrative of control is likely attractive to governments seeking to expand their domestic authority both online and offline. But for every Myanmar-like setback, there is usually a Sri Lanka-like opportunity. The United States would be wise to continue investing in open internet policies that facilitate democratic turns and position itself to provide critical assistance to convert these moments into lasting, democratic change.

The report is correct in asserting that America must update its approach to cyber defense, including responses to cyberattacks at all levels of severity and foreign disinformation campaigns. But again, that can happen while also asserting that internet freedom is a universal goal and that a siloed internet is ultimately unsustainable and counterproductive for all nations.

Third, the report asserts that the United States needs to put its own proverbial house in order. This statement is entirely accurate. There is much work to be done to match the leadership of the European Union and construct a suitable American regulatory framework for privacy, data use, platform accountability, and other issues. The report is correct in highlighting the multiyear gap between Brussels and Washington on data protection in particular, and the consequences of this disconnect for global connectivity and commerce. But in seeking to close this gap, the how matters. U.S. legislative and regulatory efforts must serve, and not subordinate, American economic and social goals. In building the response to this challenge, the U.S. playbook must be clearly distinguishable from that of repressive states, or they will have won the ultimate war. The United States must return to its roots of global power online, which lie in openness and fostering a climate of innovation.

In sum, the CFR report seems to equate a free and global internet with anarchy at worst and naive insecurity at best. That is simply not true. Internet freedom posits a rights-centered and rules-based approach to internet governance. Necessary efforts that restrict rights are allowed under international human rights law, when they are clearly articulated, serve legitimate purposes, are proportionately tailored, and are accompanied by relevant accountability and transparency measures. These are the yardsticks against which future actions will continue to be measured, regardless of how the United States frames its cyber policy. They also happen to be the clearest principles policymakers and analysts can use to draw distinctions between authoritarian approaches and democratic ones.

So what? Does it matter whether the goal of foreign policy is a global, open, and free internetrecognizing the impossibility of a perfect end stateor instead a trusted, protected international communication platform among allies? Particularly when many of the same near-term tactics, and many of the recommendations in the CFR report, would likely be the same regardless of how the objectives and strategies are framed?

In fact, it does mattera lot. Governance of the digital world is perhaps the greatest geopolitical competition of our generation. The internets infrastructure is deeply and inherently interconnected and constantly evolving. Stasis and detente are not concepts that translate well in this space and cannot realistically serve as goals of U.S. policy, for better or worse. If the United States steps back in the fight for global internet freedom, other forces will most likely step up and continue to degrade it, exponentially expanding the scale and scope of repression and of harm to human rights.

Focusing on negatives also risks ignoring much of the value that the internet has created and continues to create. And the primary remaining value that the United States must prioritize is freedom. As one of us has argued previously, when compared to offline spaces, the internet continues to create significant opportunities for courageous, consequential, and U.S.-interest-aligned activities including independent journalism, accountability, and the protection of minority rights.

In all likelihood, this contrast in narratives is reflective of perspective and process. The CFR report is bereft of participation from civil society and digital rights activists, including those who have carried the torch of internet freedom in repressive environments. These stakeholders have the best perspective of internet repression, how it is experienced, and how to counter it. Their voices, undoubtedly, would have changed the report, which instead focuses on nation-state-level considerations and concerns. Unsurprisingly, the result is a framing of internet repression as a tactic of state powerwhich it is, but not solelyas well as a lack of appreciation of the full impact of internet freedom. Granular effort to help individuals realize their rights improves daily life around the world and contributes to organizing and building power that can challenge ossified authoritarian states and systems.

Centering internet-related foreign policy around freedom, rather than nation-state conflict, provides a strategic advantage in the long term as well as immediate benefits for the realization of human rights in repressive environments. Rather than choose isolation, the Biden administration should double down on the collaborative model that governs the internet, increase its investments in internet freedom, clarify U.S. domestic approaches while working to build alignment on internet policy around the world, and lead by example to show that openness and innovation build the best path to socioeconomic success.

Supporting the true nature of the internet as global, open, and free portrays the repressors of internet freedom as reactive, aberrant, fragile, and ultimately temporary. It is true that the walls of repression have grown taller. It is also true that those walls are filled with cracks. The United Statess best response is not to build walls of its own but, instead, to support the expansion of human rights and democratic norms to nations around the world as the global internet continues to grow and evolve.

The rest is here:
In Defense of the Global, Open Internet - Lawfare