Skip to main content

Data protection as a means of defending intangible cultural assets

(Image credit: Image Credit: Shutterstock/Sergey Nivens)

Wartime destruction of tangible cultural assets is not a new concept. Throughout history, there are examples where the destruction of cultural property has been used to incite terror in a population as well as plundered for profit and/or war trophy. For example, in 2012, extremists seized the ancient city of Timbuktu, Mali also known as the “City of 333 Saints.” Extremists prohibited singing, dancing, and sports, while at the same time demolishing ancient manuscripts and mausoleums. Ironically, armed groups operating in Africa’s Sahel region “are not taking pictures of themselves [looting], like the Islamic State did in Syria. But everyone assumes they are involved. It’s happening right across Mali and Burkina Faso.”  Similarly, religious and archaeological sites, museums, and libraries have been attacked by various extremist groups in Egypt, Libya, Tunisia, and Yemen.

The world watched in horror during the expansion of the Islamic State of Iraq and Syria (ISIS) in 2014 as the terrorist organisation targeted World Heritage Sites, including the ancient cities of Hatra and Palmyra in Iraq and Syria. This terrorist organisation’s sensationalist targeting of cultural property was a means to catalyse violence against cultural pluralism and at the same time profit from looting priceless treasures from the cradle of civilisation. This systematic destruction of cultural property was not a consequence of military combat but rather an organised attack on peoples’ heritage.

These attacks on cultural property do not only leave a lasting impact on the history and identity of a society but also the trafficking of stolen antiquities has helped fund terrorist organisations. Traffickers who illegally transport antiquities across borders toward foreign markets are known to pay protection fees to extremist groups in Iraq, Syria and beyond. Between 2014 and 2015, ISIS issued licenses to explore new archaeological sites and sell stolen artefacts. A report by The Wall Street Journal stated that in 2015 trafficking in antiquities was ISIS’ “second-largest source of finance after oil (opens in new tab)”.

Fundamental ingredients of a healthy democracy

Turkey stepped up efforts to fight the trafficking of stolen antiquities from Syria and Iraq, which were most likely destined for the Western markets, shifting the traffickers' focus towards Southeast Asia, Thailand, and Russia. Unfortunately, given that there is a steady demand for such artefacts, organised crime has proved highly adaptive, thus creating a balloon effect in the international efforts to combat trafficking of cultural property.

After the infamous ISIS videos, where terrorists are seen destroying ancient sites and museums across Iraq and Syria and evidence that terrorists were heavily involved in the trafficking of cultural artefacts, it became clear that terrorists were destroying large objects and sites that they could not sell on the black market. Naturally, the sensationalist videos of cultural destruction gave them the headlines they craved to disseminate their ideology, while at the same time they promoted the looting and trafficking of cultural artefacts in the territories they controlled at the time. The US and its allies realised that the protection of cultural property was one of the key elements of a global anti-terrorist campaign. This is why President Trump's controversial tweets in January about targeting important Iranian cultural sites resulted in global shockwaves.

As unpredictable global events unfold, it is important to remember that cultural heritage can be tangible and intangible. In technologically advanced societies, retaliation to threats and war crimes could come in ways many countries may not be able mitigate.

Freedom, independence, privacy, freedom of speech, freedom of choice, equality, and a free market economy make up the fundamental ingredients of a healthy democracy and are key features of our intangible culture. These values do not exist in a vacuum but are curated through complex social, institutional, and legal networks. It is for this reason that we need to be aware that the landscape is changing and be prepared that future attacks could target our intangible culture to instil fear and create confusion.

State-sponsored attacks

Intangible cultural attacks could come in many forms including cyber-attacks, misinformation campaigns, infrastructural sabotage, surveillance of group behaviour, and critical infrastructure targeting. Given the gravity of Trump’s threat on Twitter, on January 6, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), which operates under the US Department of Homeland Security issued a warning to the cybersecurity community to be cautious of potential retaliation from Iran.

One of the main threats of an intangible attack is that it can be implemented by anyone who possesses the technical know-how. Additionally, Western governments should be prepared to see state-sponsored cyber-attacks from China, Iran, North Korea and Russia. The Centre for Strategic and International Incidents has highlighted over 100 significant state-sponsored cyber-incidents in 2019. The following are some notable examples:

  • In the run-up to Kim Jong Un and President Trumps’ historic summit in Hanoi, Vietnam, North Korean hackers had been involved in an 18-month long cyberwarfare against American and European organisations. The North Koreans targeted banks, utilities, and oil and gas companies. The cyber-attacks focused on engineers and executives as they had extensive access to the organisations’ computer systems and intellectual property.
  • In January this year, a leaked report dated September 20, 2019, revealed that the United Nations had covered up a breach of its IT systems by a high-level, most likely state-sponsored, hacking organisation.
  • More recently, there is credible evidence that state-sponsored attacks (most likely from China, North Korea, and Russia) are exploiting the coronavirus pandemic to attack individuals working from home. Messages posing as the US Centre for Disease Control and Prevention, the World Health Organisation, and other health agencies and research institutions, contain attachments with content titled ‘steps to keep you safe’, or ‘map of coronavirus cases around the world’.

The US is taking legal action in response to such state-backed attacks. During a hack into Equifax, one of America’s biggest credit reporting agencies, Chinese military hackers were able to steal information of around 145 million US citizens, including trade secrets and personal data. On February 10, 2020, the US government charged four members of the Chinese military responsible for this state-sponsored hack. The indictment suggests that the cyberattack was part of a concerted effort by the People’s Liberation Army and Chinese agencies to better target American officials. Having access to their financial status, and other sensitive information would allow a hacker to identify opportunities for blackmail or bribery.

Although the US is taking legal action against some of these attacks, the issue will not go away any time soon. In light of such events in the future, governments and private organisations alike must be ready for this modern warfare tactic that threatens our cultural values and weakens our democracies. We must reconceptualise the meaning of war in the digital age. Indiscriminate attacks on civilian and commercial infrastructure can be relatively simple to achieve and can have an immediate and devastating impact. A more systematic approach to security must be taken by organisations, which includes a robust security plan, training staff on the secure use of technology, identifying possible gaps, and imbedding a corporate culture that values privacy and data protection. In light of the coronavirus, organisations and states need to review their work from home policies and ensure that every security measure is taken to avoid misinformation, ransom, and theft of intellectual property.

Helga Turku, team lead, HewardMills  (opens in new tab)

Helga is a US attorney licensed in Florida and Washington, DC, now living in Germany. She has in-depth knowledge of US and EU data privacy laws gained through private practice and serving in the American court system. At HewardMills, she serves as team lead and has successfully advised clients across different jurisdictions on data protection compliance, transparency, and accountability.