Posts Tagged ‘Internet security’
IGF participants broke into three different rooms to discuss three different, possible potential-future scenarios for the Internet in 2025. In this session, the brief description given to the discussants noted that “Government Prevails” scenario imagines a future affected by man-made and natural challenges and disasters – wars, civil strife, an aging world and interventionist governments. This scenario assumes that while “the ICT industry, media companies and NGOs” are the leading players on the Internet stage today [some people might disagree with this assumption], by 2025 governments and inter-governmental organizations will have come to rule the Internet as a result of actions taken to protect particular interests from negative exposure.
Details of the session:
A small group of Internet stakeholders from various sectors met to discuss the Government Prevails potential-future scenario at the Internet Governance Forum-USA 2011 at Georgetown University Law Center.
This scenario sets up a closed-off future for the Internet. You can read the one-page PDF used to launch this discussion here:
The potential future drivers of change people were asked to consider included:
- Manmade and natural disasters push governments to exert more control over Internet resources.
- Changes in the Domain Name System force intergovernmental organizations to impose new global regulatory regimes.
- Networked image sensing through devices such as Kinect and GPS are used to identify and track people, with positive and negative effects, but the net result is a global surveillance culture.
- Governments limit bandwidth for video conferencing when they find revenues for hotels, airlines and other travel-related economic entities in sharp decline.
- Lawsuits and other developments cause governments to create blacklists of websites prohibited from Internet access.
- Anonymity on the Internet is brought to an end as a response to viruses, worms and credit card fraud and user authentication is required.
- Governments take every opportunity to coordinate and consolidate power under various mandates for global solutions and by 2025 governments and law enforcement are deeply embedded in all aspects of the Internet.
NetChoice Executive Director Steve DelBianco began the session by sharing the drivers of this future and what the Internet might look like in 2025.
“The scenario at its key is an attempt to be provocative about a potential future,” said DelBianco, who emphasized this session was supposed to search for what could be plausible and to develop opinions on the possible benefits and disadvantages of a future and what could be done to mitigate its impact.
“Is this the George Orwell scenario where it is a question of not whether but when?” Roseman said.
Although there was a list of questions the leaders intended to discuss, the session quickly turned into a running debate, bouncing from topic to topic as the participants introduced them. Two main themes quickly emerged.
The first was the conflict between security versus privacy.
Carl Szabo cited the situation in London, where hundreds of security cameras were added to city streets with the intention of reducing crime. The result was criminals adapting to the increased surveillance by wearing hooded sweatshirts.
“As we give away these rights and privileges for alleged increased security, it’s not necessarily going to return with security,” he said.
Slava Cherkasov, with the United Nations, brought up the recent case of Brooklyn boy Leiby Kletzky, who was allegedly abducted, murdered and dismembered by a stranger, Levi Aron. In that case, it was a security camera outside a dentist’s office that led to Aron’s arrest, confession and the recovery of the boy’s body within an hour of viewing the footage.
Judith Hellerstein, with the D.C. Internet Society, said that government use of data is acceptable when there is an understanding about privacy and intent.
“You also have to sort of figure out how governments are going to use that technology in hand,” she said.
In the scenario, an issue was introduced, based on reality, where pictures of protesting crowds were tagged, allowing for the identification of people at the scene of a potential crime.
Elon University student Ronda Ataalla expressed concern over limiting tagging in photographs, because it was a limit on expression.
But David McGuire of 463 Communications reminded the room that civil liberties traditionally don’t poll well.
“Free speech isn’t there to protect the speech we all like,” he said.
DelBianco expanded the tagging issue to raise the issue of “vigilante justice,” people using debatably privacy-violating practices to identify people they consider wrong-doers, and brought up Senate Bill 242 in California, which would alter the way social networks create default privacy settings for users. This bill was narrowly defeated 19 to 17 June 2.
Chris Martin with the USCIB talked about how not all companies are interested in using their technology for ill or personal gains, listing Google and their withholding of the use of facial recognition technology to protect people’s privacy.
This subject is also related to the second main discussion topic: the government versus industry and the private sector.
Covington questioned Martin about whether he saw governments developing that same facial recognition technology, as described in the scenario, and using it to monitor citizens.
“Some,” was his reply, before adding that all Internet governance was about maximizing good and minimizing evil.
There was then a brief discussion about the Patriot Act and relinquishing civil liberties online in the circumstances of a national emergency. Who decides when the emergency has passed?
Szabo and others questioned if the government was even the right organization to take over in the event of a disaster.
“It’s much easier to say, ‘Let them deal with it so I don’t have to,’ but the question is, ‘Will they do it better?’” he said.
Cherkasov said not necessarily, mentioning that when Haiti was struck by the severe earthquake in January 2010, it took two weeks for government organizations to develop a database to search for missing people, but in Japan in March 2011, it took Google only 90 minutes to come up with the same technology. He then returned to the security camera situation, concluding that citizens were the first line of response and information in a disaster scenario.
“There will always be maybe an ebb and a flow but it’s the power of the people that will ultimately be able to create that balance,” Roseman said. “But it’s going to have to be a proactive effort to get and keep that balance.”
Roseman also said one of the benefits of the industrial and private sector was an ability to use funds more freely than the government, which, presumably, does operate on a limited budget.
“When you have governments and the private sector and industry working together, you generate a lot more money and opportunity to drive change,” she said.
McGuire, though, expressed concern that industry and the private sector have some misconceptions about the power of the Internet, believing that it is too powerful for any law or government to cut it down. He said many, including those in the area of Silicon Valley, Calif., think the Internet will always be able to circumvent policy.
Most session participants seemed to agree that the potential scenario was troubling.
“It makes me want to move to somewhere where there are more sheep than humans,” joked Covington.
But Brett Berlin, of George Mason University, said that the Internet, and the choices that are made about governing it, are ultimately people-driven decisions, reminding the rest of the room that technology works for people and not the other way around.
“If we are foolish enough to think that open Internet will fundamentally allow us to be better, we are making a mistake.”
– Rachel Southmayd
This panel, moderated by Robert Guerra of Freedom House, focused on critical Internet resources and how to ensure that the underlying principles that have led to the Internet’s success persist in the face of security challenges. These principles include openness (open standards, open technologies), accessibility transparency, bottom-up decision-making, cooperation and multi-stakeholder engagement. Key to implementing these principles is also a broadened understanding of the role of the infrastructure providers, such as global and national Internet services/connectivity providers who build and operate the backbones and edge networks. The panel was also expected to address some of the implications for the implementation of DNSSEC and IPv6 on a national basis that contribute to the security and resiliency of CIR on a global basis.
Details of the session:
The Internet’s success well into the future may be largely dependent on how it responds and reacts to increasing security challenges, according to panelists in a critical Internet resources workshop at the IGF-USA conference July 21 in Washington, D.C.
The Internet continues to evolve. It is also growing, as it becomes accessible to billions more people. The major challenge of our generation is to make the Internet more secure while continuing to promote openness, accessibility, transparency, bottom-up decision-making, cooperation and multistakeholder engagement. It is important that organizations continue to retain these values as much as possible as they react to cybersecurity and cybertrust issues.
Panelists at this workshop included:
- Moderator Robert Guerra, Freedom House
- Trent Adams, outreach specialist for the Internet Society
- Matt Larson, vice president of DNS research for VeriSign
- Steve Ryan, counsel to the American Registry for Internet Numbers
- Patrick Jones, senior manager of continuity and risk management for ICANN
- Jeff Brueggeman, vice president for public policy for AT&T
Panelists all expressed a desire to continue to engage in multifaceted talks because a single governmental entity is not the solution; it takes many people working together. As Brueggeman put it, there’s no “silver bullet” for the issue of Internet security.
“What we do on a day-to-day basis is ensure that those conversations take place,” Adams said. “The (critical Internet) resource is not a thing you can touch. You have this mesh of interconnected components that is the critical resource. You can’t pull one of those components out. Everyone must be around that table.”
So what’s the solution? The answer to that question is still a little unclear because Internet service providers and other organizations are often reactive to issues. Brueggeman said it’s time to embrace a forward-thinking approach.
“Things can get complicated when you’re reacting to an attack,” he said. “The best way to deal with these things is to try to think about them up front. How do we detect and prevent rather than react after the fact? How can we have more cooperative information sharing before attacks to try to prevent them and have the best information we can?”
Ryan stressed, though, that not all government is bad. He said citizens and organizations need to think “carefully about what the role of the government is.” But still, there should be a symbiotic relationship.
“There’s become a sense in government policy circles, including in the most sophisticated, that somehow (the Internet) runs on its own and you can’t break it,” he said. “I have news for you: You can break it. We look at government as something that has an increasingly important role because the Internet has an increasingly important role in economies.”
Ryan continued by saying non-governmental organizations have a responsibility to work with governments and to educate the people who work in them. He and the other panelists agreed that an international governmental organization wouldn’t work, though, unless core Internet values are embraced and upheld. They said a set-up that would allow countries around the world to vote on how the Internet is governed would not be a favorable solution.
“Until we get it right,” Ryan said, “I think we’re muddling along rather well.”
DNS issues and DNSSEC
Larson spoke specifically about the security of the Domain Name System because he views the DNS as an absolutely critical Internet resource. “If you don’t have the DNS, you don’t have the Internet,” he noted. He said users can’t truly trust the DNS, though, which is a bit disconcerting because of its necessity.
He supports DNSSEC—Domain Name System Security Extensions—which give users digital signatures (origin authentication) and data integrity. “Once you have that, you can validate data and have a higher level of confidence that the data you’re getting back is valid,” Larson said.
(You can read more about DNSSEC here: http://en.wikipedia.org/wiki/Dnssec.)
He also said that DNSSEC makes DNS more trustworthy and critical to users as more applications—not just host names—depend on it. “We’re going to look back and realize it enabled a whole new class of applications to put information in the DNS,” Larson said. “Now you can trust the information coming out of the DNS.”
Going from IPv4 to a combination with IPv6
Ryan emphasized the importance of Internet Protocol version 6, IPv6, a new Internet layer protocol for packet switching that will allow a “gazillion numbers” vastly expanding the address space online. There is a rapidly decreasing pool of numbers left under IPv4. Ryan said the increased flexibility of IPv6 will allow for the continued growth of the Internet, but it won’t be a free-for-all.
“The numbers we have issued are not property,” he said. “We have a legal theory that’s embodied in every contract we’ve issued. They belong to community. If you’re not using them, you have to give them back. They are in essence an intangible, non-property interest, so over the next couple of years there will be some very interesting legal issues.”
ICANN in action
Jones said ICANN, which recently passed its 10-year milestone, has continued to work collaboratively with the community to take on major initiatives, such as the introduction of internationalized domain names in the root.
“We have taken requests from countries for internationalized country codes and approved 15,” Jones said.
“There’s a huge development in those regions of the world where you can now have domain names and an Internet that reflects their own languages and scripts. That will have an impact as discussion around critical Internet resources continues, especially in the IGF space.”
Physical critical resources
Brueggeman said AT&T has a broader perspective of critical Internet resources because the company is responsible for carrying Web traffic and for the underlying infrastructure, not just involved in issues tied to the DNS. He said the transition to IPv6 is daunting because it’s not backward-compatible. His main challenge has been in outreach efforts to customers.
“We have to deal with a lot of traffic that’s generated as we’re making changes to DNSSEC and IPv6,” he said. “In some cases, you might create some new security concerns, but overall both are important essential transitions.”
Brueggeman emphasized that multistakeholder discussions will be important in the coming years.
“We really need all of the parties who have the direct stake at the table to be part of the solution,” he said. “We need to have the resources handled in a way that promotes openness and promotes interoperability. There’s a huge policy risk of not managing these resources in a multistakeholder way.”
-by Colin Donohue, http://imaginingtheinternet.org
IGF-USA Scenario Discussion: Panelists, participants discuss future that puts Internet governance in hands of governments worldwide
IGF participants broke into three different rooms to discuss three different, possible potential-future scenarios for the Internet in 2020. In this session, the description given to the discussants was: Most of us assume that the ICT industry, media companies and NGOs will continue to be the leading players on the Internet stage, with governments playing just a supporting role. This scenario describes an alternate future, where citizens and industry worldwide demand that their governments take center stage to clean up an Internet that has become infected with dangerous content and criminal conduct.
Details of the session:
Panelists and gathered participants in a scenario session at IGF-USA 2010 in Washington, D.C., expressed discouragement about an Internet future that will quickly witness larger international governmental control that would ultimately remove power from the ICT industry, media companies and NGOs, who now continue to be the main controllers of the Internet.
“A scenario is not a prediction,” said panel moderator Steve DelBianco, the executive director of NetChoice Coalition. “It’s designed to be provocative, but plausible. It’s designed to challenge your assumptions.”
Some members of the audience were skeptical that the scenario, as a whole, is plausible, but all agreed that if it became reality, it would be a frightening prospect. (Read the full description of the scenario here: http://api.ning.com/files/KeHnmv3O-PHbKeh0tKl8RaAjWl7S9siFVN8YEM6lN0ImimLqwuq6B2UlGNDtHBKp7MwNPjexPsur3DKlypEhgQ__/GlobalGovernmentfortheInternet.pdf)
DelBianco presented three converging forces that serve as drivers for the scenario:
- Consumers lose trust in online content and e-commerce.
- Businesses can no longer tolerate losses from fraud and lawsuits.
- Governments have successfully used electronic monitoring to thwart terrorist attacks.
As a result of those three forces, the scenario proposed the following about the Internet in 2020:
- Governments cooperate to oversee online content and e-commerce to a greater degree than ever before
- Government and businesses require biometric ID for online users
- Online publishers are now liable for user-generated content and conduct
- You need an “Online License” to use the Internet.
Janice Lachance, the chief executive officer of the Special Libraries Association and an invited panelist for the session, said she is anxious about the scenario’s potential to stem the openness of the Internet.
“I think this scenario gives us all a lot to think about,” Lachance said. “As someone who has an organization that’s concerned with the free flow of information and the access to information, I think that excessive government involvement raises red flags for us. It probably isn’t all bad, but if it’s certainly getting to the point that’s described here, I fear we will have a lot of consequences if you’re trying to do business.”
Walda Roseman, the founder of CompassRose International, said she thinks there’s a “rolling thunder” toward more governmental control because of the increasing security threats facing online users. A member of the audience agreed, saying the scenario is not so unlikely because it’s happening at lower levels already.
“All of these situations are going on, just not at a tipping point,” said the participant. “I don’t think this is necessarily avoidable. I think the focus should be on how to facilitate solutions, rather than to prevent something that currently exists.”
One possible solution, according to Roseman, is to rely on more and better intergovernmental cooperation. She said it’s necessary for countries to find ways to hold more cohesive and inclusive dialogues.
“Can we shape conclusions as a world as opposed to quickly avoid them?” Roseman said. “We’re seeing a lot of collaboration among governments, and the collaboration is not yet 100 percent on the cybersecurity issues, but it’s a different alliance there. We’re wanting intergovernmental organizations to make the policy decisions and a whole lot more than the policy decisions.”
Several audience members said they don’t foresee national governments getting together on the issue of Internet governance in the near future when they can’t even come to concrete conclusions on financial regulation or climate change, for example.
So if “some bizarre world government” isn’t created to handle the issue, as one participant said, then it will fall, most likely, to the local governmental level or the United Nations. Even then, there was some articulated concern that a governmental body simply can’t respond and react in a timely fashion to any problems that may arise.
“I’m concerned about notion of institutional competence,” said an audience member. “Does the government have the competence to run the Internet? I don’t think they have the expertise or the quickness to react.”
Markus Kummer, executive coordinator of the Internet Governance Forum, said that government shouldn’t shoulder all of the blame for ineffective policies.
“We need to avoid having a black-and-white picture of all government is bad and all the other institutions are good,” Kummer said. “I think it’s a little more complex than that. How do we find a fruitful cooperation among all the actors?”
No matter who might claim Internet governance, panelists and participants expressed concerns about the future of anonymity, security, openness and freedom of information on the Internet. They said it’s up to the people who work together through IGF to continue having conversations that could lead to a positive future. “Citizens and business have lost patience, and they need solutions,” DelBianco said. “If we don’t deliver, entities that discuss may be seen as not fast enough to solve problems. We need to show progress. Lots of organizations will have to start delivering results so we don’t get the result we don’t want. We need to avoid having the Exxon Valdez of Internet security.”
Two U.S. government employees who were part of the audience for the scenario said the United States needs to look carefully and closely at how it views and values the Internet to figure out what it truly wants and needs. “This is moving so much faster than we expected,” said a U.S. State Department participant. “Are we going to lose by maybe trying to be idealistic and assuming that everyone else is going to take on our same model? Maybe we need to get together as U.S. citizens and ask, ‘What do we absolutely want for our Internet, what do we want as a country?’ and get really clear on that so that when we start making foreign policy decisions we’re not compromising our values.”
-Colin Donohue, http://www.imaginingtheinternet.org