In just one week, representatives of governments from all around the world will gather at the UN headquarters in New York for the 10-year Review of the World Summit on the Information Society, a.k.a. “WSIS+10”. We are very pleased to see the consensus forming that the principles of multi-stakeholder cooperation and engagement should be at the core of the Information Society. Moreover, consensus has emerged around a “post-2015” vision for how the Internet can be used to support the Sustainable Development Goals (SDGs) that will bring about a better future for us all. We are also pleased to see continued support for the Internet Governance Forum (IGF) as a key part of the multistakeholder future of the Internet. However, not all governments share this post-2015 vision that a partnership among all stakeholders is needed to achieve our collective goals. As our matrix analysis of recent comments on the draft document show, some are in fact actively opposed to it, particularly in the area of cybersecurity. There are many explanations for this disagreement, but at its core is a worldview of applying national solutions to global problems, and a misbelief that cooperation among a single stakeholder group (ex. governments) is sufficient to solve issues that require the expertise and commitment of all stakeholders. In short: it is a perspective of the past projected to the world of the future. In our view, raising the level of trust in the Internet through increasing both security and privacy is the critical imperative of our time. Embedded as the Internet Society is within the Internet’s technical community, we see the massive distributed denial-of-service (DDoS) attacks that are happening. We see the phishing and spam issues. We see large-scale pervasive surveillance and corporate and state espionage. And we see the erosion of trust that this is causing for end users, and the negative effect of these security threats on the economic development of countries. The challenge, as we have said many times before, is that “the Internet” is not one single entity where there can magically be a simple solution to make everything secure. If this was possible, it would have been done by now. The reality is that the Internet is a global “network of networks” comprised of tens of thousands of Internet service providers (ISPs) connecting together millions of individual home networks, data centers, WiFi networks and more - all of which interact with each other through the power of open Internet standards and many of which operate across national boundaries. Just as keeping burglars out of our own physical neighborhood requires each of us to lock the doors of our houses and keep a watch out, so, too, does keeping criminals and attackers out of our virtual neighborhoods require each of us to implement Internet security measures. We call this “Collaborative Security” and see this as a necessary approach for how we make the Internet more secure, particularly as the security threats are constantly evolving at a rapid pace. After the revelations of large-scale surveillance over the past few years, the technical community has focused a significant amount of energy on its role in this overall ecosystem. A prime example of this is the “Privacy and Security” program of the Internet Architecture Board (IAB). Recognizing that Internet security challenges are at an extremely large scale, and also that the Internet is composed of many different layers that act as building blocks for other layers, the IAB has undertaken an effort in three main areas:
- Internet-scale resilience – work to address the large DDoS attacks, route hijacking and other attacks.
- Confidentiality – work to address and mitigate surveillance.
- Trust – work on how to bring about a more trusted Internet
Image credit: Christiaan Colen on Flickr CC BY SA