In just one week, representatives of governments from all around the world will gather at the UN headquarters in New York for the 10-year Review of the World Summit on the Information Society, a.k.a. “WSIS+10”. We are very pleased to see the consensus forming that the principles of multi-stakeholder cooperation and engagement should be at the core of the Information Society. Moreover, consensus has emerged around a “post-2015” vision for how the Internet can be used to support the Sustainable Development Goals (SDGs) that will bring about a better future for us all. We are also pleased to see continued support for the Internet Governance Forum (IGF) as a key part of the multistakeholder future of the Internet.
However, not all governments share this post-2015 vision that a partnership among all stakeholders is needed to achieve our collective goals. As our matrix analysis of recent comments on the draft document show, some are in fact actively opposed to it, particularly in the area of cybersecurity. There are many explanations for this disagreement, but at its core is a worldview of applying national solutions to global problems, and a misbelief that cooperation among a single stakeholder group (ex. governments) is sufficient to solve issues that require the expertise and commitment of all stakeholders. In short: it is a perspective of the past projected to the world of the future.
In our view, raising the level of trust in the Internet through increasing both security and privacy is the critical imperative of our time. Embedded as the Internet Society is within the Internet’s technical community, we see the massive distributed denial-of-service (DDoS) attacks that are happening. We see the phishing and spam issues. We see large-scale pervasive surveillance and corporate and state espionage. And we see the erosion of trust that this is causing for end users, and the negative effect of these security threats on the economic development of countries.
The challenge, as we have said many times before, is that “the Internet” is not one single entity where there can magically be a simple solution to make everything secure. If this was possible, it would have been done by now.
The reality is that the Internet is a global “network of networks” comprised of tens of thousands of Internet service providers (ISPs) connecting together millions of individual home networks, data centers, WiFi networks and more – all of which interact with each other through the power of open Internet standards and many of which operate across national boundaries. Just as keeping burglars out of our own physical neighborhood requires each of us to lock the doors of our houses and keep a watch out, so, too, does keeping criminals and attackers out of our virtual neighborhoods require each of us to implement Internet security measures. We call this “Collaborative Security” and see this as a necessary approach for how we make the Internet more secure, particularly as the security threats are constantly evolving at a rapid pace.
After the revelations of large-scale surveillance over the past few years, the technical community has focused a significant amount of energy on its role in this overall ecosystem. A prime example of this is the “Privacy and Security” program of the Internet Architecture Board (IAB). Recognizing that Internet security challenges are at an extremely large scale, and also that the Internet is composed of many different layers that act as building blocks for other layers, the IAB has undertaken an effort in three main areas:
- Internet-scale resilience – work to address the large DDoS attacks, route hijacking and other attacks.
- Confidentiality – work to address and mitigate surveillance.
- Trust – work on how to bring about a more trusted Internet
This work out of the IAB is also reflected in the many efforts of the individual working groups within the IETF and other standards organizations.
We’re already seeing the results in new versions of the TLS protocol, the increasing deployment of DNS security (DNSSEC), the increasing number of organizations signing on to efforts to increase routing security, and the many different individual developers who are making their applications and services more secure.
But most importantly we see a global Internet, operated and continuously evolving through a diverse eco-system of technologists, businesses, states, civil society, and most importantly its users. This open and inclusive nature of the Internet is the foundation of its strength, which has allowed it to bridge social and geographical divides. To ensure a secure, sustainable Internet we must harness this diversity and address the challenges ahead as one global community – not as rivals defined by national borders.
As we head toward the UN discussions next week, we seek a post-2015 Vision that recognizes this diversity and the importance of solving collective problems through collaborative solutions. It is important to note that we recognize that governments have a role to play in Internet security. In times of trouble, most citizens look to their governments to provide security and safety. But the Internet is a global multi-stakeholder community, and as such its stability can never be ensured only through a lens of national security.
For the Internet Society, promoting and restoring trust in the Internet is a critical component of our 2016 Action Plan and will be driving much of our activity over the next year. The technical community is already diving deep into the hard core technical work needed to make the Internet more secure.
However, securing the Internet cannot be done solely through technology, and we cannot solve this on our own. Ensuring an open, trusted Internet must involve all its stakeholders operating on all fronts, and as we head toward the WSIS+10 discussions next week, we look for governments to join us and all the other stakeholders in this critical work that we must do together to make the Internet more secure.
Image credit: Christiaan Colen on Flickr CC BY SA