Digital in danger

The world’s digital heritage is in danger, with serious gaps in in its protection, particularly during times of war or conflict.

The concept of destroying cultural assets isn’t new. Throughout history, warfare has damaged and destroyed assets vital to a nation’s cultural heritage and to its national identity. What’s new is that these artefacts are now digital, and becoming more so.

The physical destruction of archives, monuments, artwork and other cultural assets can be a by-product or a specific tactic of war. And while immediate physical damage is often very clear, the damage done to a nation’s identity—its history and cultural memory—can be irreparable.

While these attacks are easily seen, attacks on digital cultural heritage—the stories, the websites, the histories, the digital evidence of a nation—are less obvious, and the objects arguably more vulnerable. And it may not occur only during a time of obvious physical conflict, but during nation state against nation state conflict in cyberspace.

In Syria, ISIS was successful in not only causing incomprehensible destruction and devastation to entire cities and its citizens, but also in severely damaging or destroying key historical sites such as the World Heritage–listed site Palmyra, as well as the shrine commemorating the 1915 Armenian genocide.

Similarly, the city of Mosul in Iraq has been completely devastated. Many of its libraries, museums, mosques and churches were deliberately attacked by ISIS, both to steal and traffic cultural assets and as a means of cultural terrorism. A report by RASHID to the UN special rapporteur on cultural rights recounts the intentional and systematic nature of ISIS attacks on cultural heritage and the consequences for national identity and human rights.

While there are a number of conventions and charters aimed at protecting cultural heritage, there’s little in the way of similar protection for digital heritage.

UNESCO is the main international body that aims to protect cultural heritage threatened by armed conflict. Three UN conventions mandate the protection of cultural heritage in a variety of forms—tangible, intangible and natural.

The 2016 Abu Dhabi Declaration on heritage at risk in armed conflict was adopted at the end of the International Conference for Safeguarding Cultural Heritage in Conflict Areas. It calls for two measures to safeguard cultural heritage: an international fund to protect endangered sites and a network of safe havens where artefacts could be stored temporarily if a state can’t protect them during a conflict.

The International Committee of the Blue Shield, the cultural equivalent of the Red Cross, also protects and rescues cultural heritage in armed conflict, emergencies and natural disasters. And the International Council on Monuments and Sites is a global non-governmental organisation that researches and advocates for the conservation of architectural and archaeological heritage, as well as being an advisory body to the World Heritage Committee on the implementation of the UNESCO World Heritage Convention.

These international frameworks and organisations place immense value on cultural heritage. We need to ask the question, where are similar conventions and organisations for digital heritage? And are there measures in place that actively seek to protect digital heritage?

Government websites and classified government data are already the target of cyberattacks, often for the purpose of espionage. The motivations can be politically, socially, religiously or economically fuelled and there’s no shortage of examples, most recently the attacks on the German government. The Council on Foreign Relations documents such cyberattacks, showing that digital assets are vulnerable and can be subject to manipulation and exploitation. Digital cultural assets haven’t escaped the hit list. In 2014 Sony was hacked and confidential documents and data from its internal network were distributed online.

The 2003 UNESCO Charter on the Preservation of Digital Heritage is one international framework covering the threat of losing digital heritage—not from attack, but from technological malfunctions and obsolescence.

UNESCO’s Memory of the World program aims to protect the world’s documentary heritage, preserving and providing access to manuscripts, political constitutions, maps, photographs and religious texts. It acknowledged the emergence of digital heritage and incorporated a digital component in 2016. Its Persist program, which promotes the sustainability of digital information for future generations, calls upon governments, memory institutions and the ICT industry to develop best practice on the preservation of digital heritage.

Additionally, the Vancouver Declaration, created during the Memory of the World in the Digital Age: Digitization and Preservation conference in 2012, focuses on the accessibility, preservation, authenticity, reliability and accuracy of digital materials.

There’s a clear drive to preserve digital information for the future, but the overlap with protection doesn’t seem to be enshrined in international frameworks.

Within the private sector there have been attempts to push for global cyber conventions. Most notable is Microsoft’s call for a Digital Geneva Convention. And the recent Charter of Trust released by nine global companies outlines three key principles for a secure digital world: protecting the data and assets of individuals and businesses; preventing damage from people, business and infrastructure; and increasing trust in a connected and digital world.

In the international community, the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security has produced reports outlining the importance of improving dialogue and collaboration on cybersecurity issues. Despite the fact that international law applies to cyberspace, only 20 of the 193 UN member states are members of the experts group.

One of the few frameworks that addresses cyber warfare is outlined in the Tallinn manual 2.0 on the international law applicable to cyber operations. The manual argues that international laws governing armed conflict, human rights law, peace and security—including protection of cultural assets—can be applied to the cyber domain. That provides legitimate grounds for a state to respond to cyberattacks and to violations of international law in cyberspace.

A cyberattack is a legitimate form of warfare. Digital archival cultural and political records are legitimate sources of national identity. Without protection, these records could be lost forever. So, any state attack, cyber or physical, that destroys or severely compromises assets central to our national digital heritage and identity could be considered an act of war.