Tech

How to protect the open internet against its worst attackers

Opinion China and Russia have been colluding to try to get a Chinese Internet protocol, New IP, adopted as a global standard. It’s needed, they say, to improve quality of service guarantees. (Oh, and by the way, it also lets countries take complete control of their national networks, adding user registration requirements and shutting off interoperability.)

Oh, China. Oh, Russia. Why not just say you can’t trust your citizens and you need the tools to suppress information and dissent? But no, the long term policy of China in particular is to use standards bodies – in this case, the UN and the ITU – to pull a Trojan horse (or some rider legislation) and sneak in the bad stuff under the fig leaf of technical necessity.

It didn’t work this time, like it didn’t in when China tried repeatedly (see here, here, and here) to get a Wi-Fi “security and privacy” add-on, WAPI, in through the ISO and IEEE standardization process.

It turns out that a Trojan horse is quite recognizable, even to network engineers, and WAPI was repeatedly thrown out for not working very well and having mystery chunks in it. China got very upset, citing unethical and amoral Western protectionism veering on racism, and everyone moved swiftly on as if nothing had ever happened.

We don’t know whether New IP will be similarly forgotten. That Russia and China were trying to get it in by taking control of the ITU and then restructuring the standards process shows three things.

  1. They recognize that the process is not gameable as is,
  2. they haven’t given up,
  3. and they now see subverting governance as the best way forward.

Indeed, internet governance is under constant evolving attack, much like the technical protocols, hardware and software of the infrastructure itself. It’s not just state governments at it. Noted rootkit installer Sony Music is currently trying to use the law to force small DNS provider Quad9 to ban hosts that infringe copyright. If successful, the push will be on to frighten bigger outfits into compliance. Doubtless the ultimate aim is to take a civil infraction already equipped with remedies, and get it into criminal law. To hell with the rest of us.

Protecting governance is political, thus protecting the internet is political. That means engaging people and getting them to care enough to act in their own interests. That’s notoriously hard, even on matters far less abstruse than internet governance. It’d be nice to think we could just leave politicians to act with sanity, awareness and vision, but the evidence is that they see technology as built and run by pixies and elves, and if we wish really, really hard anything is possible. People it has to be. Now, how to get them signed up.

People take best care of a thing when they own it. So, one way forward is to answer the question “Who owns the internet?” It’s as much of a poser as “Who owns the environment?” Individual components are easy to pin down: datacenters, national and international fiber, ISPs, all are owned in the same way as anything else. But they’re not the internet. The internet is also data and apps and everything that people do on it.

The question is well-answered in a new lecture of the same name by Gresham College Professor of IT Dr Victoria Baines. After a swift canter through the technical, legal, national and transnational nature of the beast, she concludes that the ownership belongs to everyone who uses it. There are some five billion of us using the net, the majority of humankind. Not even China would fancy those odds.

Dr Baines has been thoughtful for some time about what it means to be an internet user, and what ownership implies. It confers rights and responsibilities, freedoms and consequences. Ideas for making people aware of this abound – an internet driver’s license, perhaps, or a clear set of universal rules.

All have good and bad points. For those who already have an interest, there are great online resources from people like the Electronic Frontier Foundation. None of this is a good fit for all five billion. The Micronesian grandmother getting her first smartphone and the schoolkid sharing Tik Toks are owners on a par with any techbro billionaire or minister of technology.

There’s something missing, and it should be obvious. When you first own something, you get the thing itself and something else: the owner’s manual. Only it’s not obviously missing; however you first get access, via phone or laptop or PC, the hardware has its own instructions, the OS too, even if these days they’re most easily found on an online video. Those of us who’ve made our careers online, deep within the bowels of the monster, forget how weird the idea and details of “the internet” are to sane people. Nobody’s saying: “This is what it is, here’s how to take care of it.”

How do you write the Internet User’s Manual for all five billion? How do you get them to read it? People are smart. They know that on a practical front, cybersecurity and privacy matter. They know that there are behaviors online they should expect, others they should not, that there are entities who should help and enable them.

Find a way to demystify and communicate those ideas and make it all accessible, and a sense of ownership, of responsibility, of wanting more and knowing what to ask for, will follow. Saving the open internet and giving most of the world a better life online would be shenanigans of the most splendid sort. ®


Source link

Related Articles

Back to top button