---------- Forwarded message ----------
From:
Christian de Larrinaga <cdel@firsthand.net>
Date: Sun, Sep 15, 2013 at 4:52 PM
Subject: [Internet Policy] Take back the Internet
To: "
internetpolicy@elists.isoc.org" <
InternetPolicy@elists.isoc.org>
Bruce Schneier's latest cryptogram today has no surprises for this list
but he does call for IETF in Vancouver and engineers to stand up and
address the surveillance issues and treat the issue as an emergency.
Already
IETF has issued a statement
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/
ISOC has issued a statement
http://www.internetsociety.org/news/internet-society-responds-reports-us-government%E2%80%99s-circumvention-encryption-technology
The UK IGF meeting last week would not formally address surveillance in
the context of the revelations but it was made very clear from the floor
in a number of sessions that it is the elephant in the room for IGF Bali
and cannot be ignored.
http://www.livestream.com/internetsocietychapters/folder?dirId=740d3e4d-36c2-45be-a2f3-25f49ea3c6b4
Doing nothing in other words carrying on protocol development in the
same old way looks like complacency or even complicity now.
Christian
** *** ***** ******* *********** *************
Take Back the Internet
Government and industry have betrayed the Internet, and us.
By subverting the Internet at every level to make it a vast,
multi-layered and robust surveillance platform, the NSA has undermined a
fundamental social contract. The companies that build and manage our
Internet infrastructure, the companies that create and sell us our
hardware and software, or the companies that host our data: we can no
longer trust them to be ethical Internet stewards.
This is not the Internet the world needs, or the Internet its creators
envisioned. We need to take it back.
And by we, I mean the engineering community.
Yes, this is primarily a political problem, a policy matter that
requires political intervention.
But this is also an engineering problem, and there are several things
engineers can -- and should -- do.
One, we should expose. If you do not have a security clearance, and if
you have not received a National Security Letter, you are not bound by a
federal confidentially requirements or a gag order. If you have been
contacted by the NSA to subvert a product or protocol, you need to come
forward with your story. Your employer obligations don't cover illegal
or unethical activity. If you work with classified data and are truly
brave, expose what you know. We need whistleblowers.
We need to know how exactly how the NSA and other agencies are
subverting routers, switches, the Internet backbone, encryption
technologies and cloud systems. I already have five stories from people
like you, and I've just started collecting. I want 50. There's safety in
numbers, and this form of civil disobedience is the moral thing to do.
Two, we can design. We need to figure out how to re-engineer the
Internet to prevent this kind of wholesale spying. We need new
techniques to prevent communications intermediaries from leaking private
information.
We can make surveillance expensive again. In particular, we need open
protocols, open implementations, open systems -- these will be harder
for the NSA to subvert.
The Internet Engineering Task Force, the group that defines the
standards that make the Internet run, has a meeting planned for early
November in Vancouver. This group needs to dedicate its next meeting to
this task. This is an emergency, and demands an emergency response.
Three, we can influence governance. I have resisted saying this up to
now, and I am saddened to say it, but the US has proved to be an
unethical steward of the Internet. The UK is no better. The NSA's
actions are legitimizing the Internet abuses by China, Russia, Iran and
others. We need to figure out new means of Internet governance, ones
that makes it harder for powerful tech countries to monitor everything.
For example, we need to demand transparency, oversight, and
accountability from our governments and corporations.
Unfortunately, this is going play directly into the hands of
totalitarian governments that want to control their country's Internet
for even more extreme forms of surveillance. We need to figure out how
to prevent that, too. We need to avoid the mistakes of the International
Telecommunications Union, which has become a forum to legitimize bad
government behavior, and create truly international governance that
can't be dominated or abused by any one country.
Generations from now, when people look back on these early decades of
the Internet, I hope they will not be disappointed in us. We can ensure
that they don't only if each of us makes this a priority, and engages in
the debate. We have a moral duty to do this, and we have no time to lose.
Dismantling the surveillance state won't be easy. Has any country that
engaged in mass surveillance of its own citizens voluntarily given up
that capability? Has any mass surveillance country avoided becoming
totalitarian? Whatever happens, we're going to be breaking new ground.
Again, the politics of this is a bigger task than the engineering, but
the engineering is critical. We need to demand that real technologists
be involved in any key government decision making on these issues. We've
had enough of lawyers and politicians not fully understanding
technology; we need technologists at the table when we build tech policy.
To the engineers, I say this: we built the Internet, and some of us have
helped to subvert it. Now, those of us who love liberty have to fix it.
This essay originally appeared in the "Guardian."
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
The need for whistleblowers:
https://www.schneier.com/essay-429.html
The need for transparency, oversight, and accountability:
https://www.schneier.com/essay-435.html
Snowden's statement on the morality of his actions:
http://wikileaks.org/Statement-by-Edward-Snowden-to.html
This is presented as disagreeing with what I've written, but I agree
with it.
http://continuations.com/post/60444129080/disagreeing-with-bruce-schneier-more-crypto-is-not-the
or
http://tinyurl.com/kth88y5
A rebuttal to this essay:
http://americanscience.blogspot.com/2013/09/the-betrayal-of-internet-imaginaire_5253.html
**
_______________________________________________
To manage your ISOC subscriptions or unsubscribe,
please log into the ISOC Member Portal:
https://portal.isoc.org/
Then choose Interests & Subscriptions from the My Account menu.