Tag: Governance

Categories
Quotations

2013.2.5

The totalizers would happily follow Johnson in seeking answers to questions such as “So what does the Internet want?”—as if the Internet were a living thing with its own agenda and its own rights. Cue a recent Al Jazeera column: “The internet is not territory to be conquered, but life to be preserved and allowed to evolve freely. … From understanding the internet as a life form that is in part human, it follows that the internet itself has rights.”13 That is the kind of crazy talk to be avoided. The particularizers would not invoke “the Internet” to embark on a quixotic attempt to re-make democratic politics; but the totalizers, in their quasi-religious belief, would do so gladly.

A good account of the Internet would never need to mention that dreadful word at all. This stringent requirement might uproot most of our Internet thinkers from the plateau of banal and erroneous generalizations where they have resided for the last two decades; after all, it is the very notion of “the Internet” that has allowed them to stay there for so long. Now that Internet-centrism is not just a style of thought but also an excuse for a naïve and damaging political ideology, the costs of letting its corrosive influence go unnoticed have become too high.

Evgeny Morozov, a Review of Future Perfect: The Case for Progress in a Networked Age
Categories
Quotations

2013.2.4

Privacy is not simply an individual right or civil liberty; it is a vital component of the social contract between Canadians and their government. Without privacy, without protective boundaries between government and citizens, trust begins to erode. Good governance requires mutual trust between state and citizen. Otherwise, alienation and a sense of inequality begin to spread, circumstances under which no program for public scrutiny can be tenable or effective in the long term. Where citizen trust hits a low point, in fact, such security measures may be undermined, ignored, circumvented – or in the most egregious cases – passively or actively resisted.

Office of the Privacy Commissioner of Canada, “A Matter of Trust: Integrating Privacy and Public Safety in the 21st Century
Categories
Quotations

2013.1.29

The actors that represent the majority of users today, stakeholders from the South, the developing world, and the non-English segments of the net, will do more to shape the future of cyberspace than any discussions at the Pentagon or in policy circles in North America and Europe. To understand how and in what ways cyberspace will be characterized in years to come we need to think beyond the beltway, beyond Silicon Valley, and into the streets of Shanghai, Nairobi, and Tehran. The contests occurring in those spaces deserve our attention today, if for no other reason than that they provide a glimpse of the types of global issues that will drive cyberspace governance in the future.

Ronald Deibert and Rafal Rohozinski, “Contesting Cyberspace and the Coming Crisis of Authority”
Categories
Links

Recommended Reading: Security Authority Collapse

Axel Arnbak and Nico van Ejik have a thought provoking paper about regulating systematic vulnerabilities in the HTTPS value chain. They focus on constitutional values to establish a baseline to measure regulation against; it’s a clever move that offers a good lens to critique legislative efforts mean to regulate SSL. The paper is here, and the full abstract is below:

Hypertext Transfer Protocol Secure (‘HTTPS’) has evolved into the de facto standard for secure web browsing. Through the certificate-based authentication protocol, web services and internet users protect valuable communications and transactions against interception and alteration by cybercriminals, governments and business. In only one decade, it has facilitated trust in a thriving global E-Commerce economy, while every internet user has come to depend on HTTPS for social, political and economic activities on the internet.

Recent breaches and malpractices at several Certificate Authorities (CA’s) have led to a collapse of trust in these central mediators of HTTPS communications as they revealed ‘fundamental weaknesses in the design of HTTPS’ (ENISA 2011). In particular, the breach at Dutch CA Diginotar shows how a successful attack on one of the 650 Certificate Authorities across 54 jurisdictions enables attackers to create false SSL-certificates for any given website or service. Moreover, Diginotar kept the breach silent. So for 90 days, web browsers continued to trust Diginotar certificates, enabling attackers to intercept the communications of 300.000 Iranians. In its aftermath, Dutch public authorities overtook operations at Diginotar and convinced Microsoft to delay updates to its market-leading web browser to ensure ‘the continuity of the internet’. These bold interventions lacked a legitimate basis.

While serving as the de facto standard for secure web browsing, in many ways the security of HTTPS is broken. Given our dependence on secure web browsing, the security of HTTPS has become a top priority in telecommunications policy. In June 2012, the European Commission proposed a new Regulation on eSignatures. As the HTTPS ecosystem is by and large unregulated across the world, the proposal presents a paradigm shift in the governance of HTTPS. This paper examines if, and if so, how the European regulatory framework should legitimately address the systemic vulnerabilities of the HTTPS ecosystem.

To this end, the HTTPS authentication model is conceptualised using actor-based value chain analysis and the systemic vulnerabilities of the HTTPS ecosystem are described through the lens of several landmark breaches. The paper then explores the rationales for regulatory intervention, discusses the EU eSignatures Regulation and abstracts from the EU proposal to develop general insights for HTTPS governance. Our findings should thus be relevant for anyone interested in HTTPS, cybersecurity and internet governance – both in Europe and abroad.

HTTPS governance apprises the incentive structure of the entire HTTPS authentication value chain, untangles the concept of information security and connects its balancing of public and private interests to underlying values, in particular constitutional rights such as privacy, communications secrecy and freedom of communication.

In the long term, a robust technical and policy overhaul must address the systemic weaknesses of HTTPS, as each CA is a single point of failure for the security of the entire ecosystem. On the short term, specific regulatory measures to be considered throughout the value chain may include proportional liability provisions, meaningful security breach notifications and internal security requirements, but both legitimacy and effectiveness will depend on the exact wording of the regulatory provisions.

The research finds that the EU eSignatures proposal lacks an integral vision on the HTTPS value chain and a coherent normative assessment of the underlying values of HTTPS governance. These omissions lead to sub-optimal provisions on liability, security requirements, security breach notifications and supervision in terms of legitimacy and addressing the systemic security vulnerabilities of the HTTPS ecosystem.

 

Categories
Writing

A Glimpse Into How ‘Normals’ Read the Internet

I use the term ‘normals’ in an utterly positive sense: Vanity Fair’s recent piece, titled “World War 3.0,” scatters enough truth through the article that it possesses a veneer of credibility while obfuscating falsehoods and myths. The result is that unsavvy readers will be left with conceptions the everything is peachy with ICANN (false), that the ITU is coming to take over the ‘net (false), that the Internet is boundary-less (false), that there are honest-to-God “good guys” (the disorderly folks) and villains (orderly organizations like states), and that loosening arms exports related to encryption is significantly linked to the theft of IP (arguably very false).

Unfortunately, there is enough truth scattered throughout the article that someone who isn’t familiar with the terrains of Internet security, governance, and IP policies could be easily drawn into an appealing and accessible narrative. It is precisely narratives like this that those of us familiar with Internet policies have to fervently oppose and correct, with a recognition that not correcting the record can promote serious misinformation leading to disastrous (or, at best, misguided) policy responses by the “bad guys” of the Internet (i.e. state actors).

The article is worth a read, though it may bring your blood to a boil. Regardless of its factual accuracy, however, I suspect that the piece can be read as how non-experts perceive the past decade or so of Internet policies and practices. As such it’s incredibly valuable for those of us in the trenches to get a better perspective on how our conflicts are seen publicly, if only to make out actions and processes that much clearer for the general citizenry.

Categories
Quotations

2012.5.15

… the relatively high profile of the WSIS has helped to redefine the internet policy agenda and create a greater awareness and understanding at many levels of the substantial breadth and magnitude of potential ICT4D impacts and of the key global issues of internet governance affecting attempts to spread as widely as possible the benefits tied to the internet’s use. The gain in understanding was highlighted by one experienced senior intentional official who commented that at the first Geneva event many people were not even sure what “the internet” meant and why it should be significant to them–let alone what a concept like “internet governance” signifies.

W. H. Dutton and M. Peltu. (2010). “The new politics of the internet: Multi-stakeholder policy-making and the internet technocracy,” in A. Chadwick and P. N. Howard (Eds.). The Routledge Handbook of Internet Politics. New York: Routledge.