Happy Birthday! The World Wide Web turned 25 in March, and now has over 40% of the global population using it. But celebrations seem to be somewhat muted by the Panopticon realities of network spying that have become apparent in recent months. Everyone is doing it: governments, corporations, infrastructure operators, hackers, criminals, even equipment and software vendors. Besides the garden-variety threat of malware, targeted attacks are now pretty much a day-to-day affair. Sophisticated attacks by government agencies targeting specific individuals and organizations involved in criminal or violent politics have ben replaced by indiscriminate data tapping. Our use of social media, our location, our cloud-stored data and the rest of our online activates are being monitored, hacked, stored, and disseminated by millions of ‘data diggers’ across the globe.
Back doors are pre-installed in security software, encryption algorithms have ‘designed-in’ flaws (especially alarming are the efforts by the US NSA and Britain’s GCHQ to undermine encryption and security tools), and carriers have special rooms for government representatives to siphon off any data they want. More worrying from a business perspective, government bugging activities are merging with corporate espionage, such as in the case of the NSA’s Blackpearl program, which also extricates data from private networks belonging to energy and financial companies.
We are even seeing common words being redefined to allay our security concerns. According to the US Dept. of Defense, information is considered to have been “collected” only after it has been “received for use by an employee of a DoD regulations intelligence component”. Data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form. So government agencies everywhere (no reason to think other spy agencies don’t have the same twist) can intercept and store communications in database, then have an algorithm search them for key words and analyse the metadata without ever considering the communications “collected.”
Dark times indeed — so what’s the fallout?
Anecdotally, European business users are moving their data off US cloud provider sites on the back of EU recommendations. The EU is considering dropping its data safe-harbor agreement with the US, and the German Chancellor — a bug victim herself — is exploring the feasibility of a more closed European data infrastructure.
Rather than attempting to fence ourselves in, mirroring the Great Chinese Firewall, we must consider global ‘rules of engagement’ for nation states on the web — not that all business is ‘war’, but cyber-warfare is a reality in the Middle-East and Asian wars. Global concerns need to be addressed globally, rather than falling back on regional or national strategies that inevitably reduce the overall value of the World Wide Web for everyone.
It is well-understood that the first step in a reconciliation process following a civil war is acknowledging the atrocities committed. Certainly the US, which is arguably the biggest Internet spy, has been dragged through the global court of public opinion and forced to admit to a range of indiscriminate spying activities. Similar debates have been conducted in most other democracies across the globe. So maintaining a government cult-of-denial is no longer a viable option.
The creator of the World Wide Web, Tim Berners-Lee, suggests the creation of a global charter, championed in “the web we want” initiative, which calls on people to generate a digital bill of rights in each country, enshrining the principles of privacy, free speech, and responsible anonymity. A truly global Internet also requires the US to cede control of the Internet Assigned Numbers Authority (IANA) that is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. It also needs to address the financial imbalance between infrastructure providers and Over-The-Top content providers in order to ensure that the infrastructure can expand to handle the continued growth of traffic volumes, and reach the remaining 60% of the global population.
The Internet with the World Wide Web has shown amazing resilience in its formative years, especially through its call for active participation and contribution. There is no single legal framework governing the Internet, the most important ‘rules’ specified by the IETF (the Internet Engineering Task Force) are denoted RFCs ‘Requests For Comments”. No, a wider range of requests need to be answered.