UN Internet Governance Forum – Security, Openness and Privacy
29 September 2011, Nairobi, Kenya
Christine Runnegar, Senior Policy Advisor, Internet Society
The Internet has revolutionised communication, giving ever increasing numbers of individuals across the world the ability to communicate as part of a growing and vibrant global community. It has enabled non-linear content distribution and created the phenomena of distributed “crowd sourced” “peer reviewed” information and knowledge. An often cited example, and with good reason, is Wikipedia.org – self-titled – “the free encyclopaedia that anyone can edit”. Perhaps the Internet pioneers will remember the time when encyclopaedias were expensive and updated annually. We have entered the age of Information Egalitarianism. But, that does not mean it is perfect. More work is needed if we wish to embrace this objective globally.
Openness plays a key role – in obvious and sometimes less obvious ways. Continuing with our Wikipedia example, an academic study of contributions when access was blocked by one country showed that individual contributions significantly decreased from contributors outside the country. One author concluded this is because many contributors are motivated by the idea that people are watching. (It is important to emphasise that the contributions are voluntarily provided with the knowledge that the platform is open and observable. This does not mean Internet users want their activities and private communications to be monitored.) Another conclusion one may reasonably draw from this study is that blocking access in one country can also diminish the overall value of a public resource for the rest of the world.
Openness also has a technical dimension. It is that dimension that has enabled the development of the Internet we know today that has become so fundamental that access and prevention of access are now part of the human rights dialogue. Openness in the technical sense involves transparent Internet standards development where anyone can participate on an equal basis, and open non-proprietary protocols that anyone can implement. It provides more opportunity for diversity of thought. Openness is also the ability to develop and deploy Internet applications and services without “approval”. Closely aligned to openness is interoperability. These two features have enabled extraordinary creativity and exponential innovation. Openness in technical standards development has also played a role in enhancing security. DNSSEC, developed by the Internet Engineering Task Force, is one such example. OAuth, a Web Authentication Protocol, is another.
A trend that seems to be emerging is the resort to technical measures to solve legal, political or social problems. This is perhaps most apparent recently in relation to the protection of intellectual property online, but is not limited to this area. Altering the way technology functions to solve a non-technical problem carries inherent risks of collateral damage to the proper functioning of the underlying technology, security and privacy, as well as other potential side effects. DNS-filtering, for example, is incompatible with DNSSEC, runs the risk of collateral harm and drives services underground, thereby undermining the stability, reliability and global interoperability of the Internet. At the same time, it does not solve the problem, as it does not remove the content or all means by which it can be accessed.
In closing then, one of overarching challenges we still face is a lack of a shared global understanding of the borderless nature of the Internet and the related inter-dependent objectives of security, privacy, openness and user choice. The IGF, by its nature and format, is an ideal place to build this global understanding.
1. The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity. For example, a photo-sharing site that supports OAuth could allow its users to use a third-party printing Web site to print their private pictures, without allowing the printing site to gain full control of the user's account.” http://datatracker.ietf.org/wg/oauth/charter ↩