The Internet Is at a Crossroads: We Have a Choice to Make

As we look around at a rapidly changing world that is shaped more and more by the digital domain, we see an Internet that faces many challenges. We see an Internet at a crossroads, where we have critical choices to make about its evolution in the years to come.

Those choices will determine whether we continue to benefit from an Internet that opens up a world of opportunity for everyone online, or whether we grow more fearful of it as a negative influence on our lives.  People’s hopes and fears about the Internet today are dividing us and its future.

The notion of hope and progress has defined our view of the Internet since its inception. Its own growth has taken it from obscure computer-to-computer connections to a social and economic powerhouse. It is the platform on which young people and an ever-growing number of women can invent their own futures. Small enterprises and communities all over the world are using digital tools to mobilize and empower themselves to access new markets, grow their economies and provide vital services to their citizens.

Of course, we must see the adoption of the Internet for what it is: a reflection of everything in society itself.

In light of growing sentiment that the Internet is fueling social and cultural divisions, there are legitimate concerns around the safety and security of life on the Internet. I discuss these themes in an article published this week as part of the launch of an edition of the Journal of Cyber Policy produced in a partnership between Chatham House and the Internet Society. To mark the occasion, we are also hosting a livestreamed panel discussion in partnership with Chatham House entitled “Do we still trust the Internet?” Here, we will explore concerns around the ‘securitization’ of the Internet, where a focus on national security and political control is usurping the notion of a “people-centric” Internet for everyone.

To solve these fundamental issues we need new models to address the challenges. My view is that the answers lie in the principles that have defined the Internet to date. These include: openness, global connectedness, trustworthiness, transparency, collaboration and inclusion. These values should remain at the forefront of the Internet and the policies that shape it.

We have already done much of the work and the thinking that puts these values at the heart of the Internet’s future. The global Internet community has called for collaborative decision-making: the multistakeholder model that has been used in the organizations and policies that built the Internet. And this is exactly the context in which much of the global Internet community will come together next week at the Internet Governance Forum in Geneva. I look forward to the gathering of this engaged and energized global community.

It is an important time to talk about how we can turn thinking into reality. We have an opportunity to explore how we can expand the collaborative decision-making model, how we can do more, say more and move beyond the confines of discussion to put the mechanisms, policies and practices in place that will shape the future of the Internet.

Above all, we can reaffirm our commitment to an Internet that is truly for everyone by making choices that take us toward opportunity, not toward fear.


Image credit: Veni Markovski on Flickr CC BY NC

The post The Internet Is at a Crossroads: We Have a Choice to Make appeared first on Internet Society.

Internet Society

Together We Can Reduce Barriers

Accessibility is human right.

People with disabilities want and need to use the Internet just like everyone else, but what can we do to reduce barriers? Especially when one billion people globally have a disability, with 80% living in developing countries.

But accessibility doesn’t just happen. Policymakers, program managers, and technical experts need to incorporate it into their work right from the start – and we need champions for accessibility to make it happen.

Everyone in the Internet community can contribute to reducing barriers! People working with policy, programs, communications, and education can incorporate accessibility.

 

It doesn’t just start with websites. While this type of access is crucial, we can go even further – accessible interfaces for the Internet of Things or phone apps are just two examples.

In addition, organizations can offer a more inclusive approach with:

  • Learning programs and packages (content and delivery)
  • Communications programs – websites, online conferencing, discussion forums, printed material
  • Policy development – has a policy position been considered in terms of its effects on people with disability?

Want to learn more about what you can do to make the Internet accessible for all? Read the W3C Introduction to Web Accessibility, and learn about the DAISY Consortium and the Dynamic Coalition on Access and Disability, two organizations working to ensure equal access to information and knowledge.

The Internet Society strives towards a future where “The Internet is for Everyone”. Visit the Accessibility Toolkit page to learn how every person in the Internet community can contribute to a more accessible Internet.

Learn how you, too, can help shape tomorrow!

The post Together We Can Reduce Barriers appeared first on Internet Society.

Internet Society

Another BGP Routing Incident Highlights an Internet Without Checkpoints

Yesterday, there were two BGP routing incidents in which several high-profile sites (Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games) were rerouted to a previously unused Russian AS. The incidents only lasted about three minutes each, but demonstrated once again the lack of routing controls like those called for in MANRS that could have prevented this from happening.

As reported in BGPmon’s blog post on 12 December 12,

“…our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.”

Either a configuration mistake or a malicious attack, it propagated quickly through the Internet without visible obstacles. This was one of almost 5000 route leaks and hijacks in 11 months of 2017. For comparison, network outages during the same period caused almost 8000 incidents (source: https://bgpstream.com/):

In practice, the efficacy of corrective actions strongly depends on the reliability and completeness of information related to expected routing announcements. And these qualities quickly deteriorate with every routing hop on the path. Meaning that the easiest and most effective way to prevent such incidents from a customer is by its direct transit provider. In the case of AS39523 – that is AS31133 (Megafon).The Internet is an interconnected system and its security is only as strong as its weakest link – the least secure network operator. But the concept of “defense in depth” is more applicable here: If a network emits a false routing announcement, there should be many chances to correct it.

Deploying the simple, low-cost, low-risk measures promoted by MANRS is vitally important for all network operators. Had Megafon implemented Action 1 “Prevent propagation of incorrect routing information,” the false announcements yesterday would have been stopped at the first hop. Had reliable data been available about what prefixes DV-LINK-AS is authorised to advertise, others could have prevented that too.

Is your network doing all it can to prevent incidents like this? Read the MANRS document, follow the Implementation Guide, and Join MANRS!

The post Another BGP Routing Incident Highlights an Internet Without Checkpoints appeared first on Internet Society.

Internet Society

Reflections from the Global Commission on the Stability of Cyberspace

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me it was clear that all parties see that the cyber diplomatic discussions on stability need to continue, but that it is not at all clear what the modalities of such discussion will be; it is not clear if there will ever be a 6th UN GGE or an alternative UN process.

So, how do we get to norms that may impact state and non-state behavior? Norms that can be supported by a large group of stakeholders – states, private sector, and technical, academic and civil society communities alike?

The Global Commission on the Stability of Cyberspace (a multistakeholder commission of experts) sets out to bring perspective by developing ‘proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace.’ In its meeting in Delhi, it converged on its concrete outcome: A call to protect the Public Core of the Internet.

It reads:

NON-INTERFERENCE WITH THE PUBLIC CORE

Without prejudice to their rights and obligations, state and non-state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.

This is a call that, I believe, can be prima facie respected by international law scholars, diplomats, negotiators, politicians, civil society members, and technologists alike. It recognizes a body of existing norms and agreements while it also unequivocally states: don’t mess with the public core of the Internet.

Many readers will rebut that this is a clear call, as the concept of public core of the Internet is not clearly defined. They have a point, but among the commissioners, it is well understood that the public core is a broad term that includes elements like Internet routing, the domain name system (DNS), certificates and trust, and communications cables. The associated protocol soup contains terms like BGP, DNS, PKI, and TLS. It is also well understood that we are not only talking about physical resources, like the routers themselves, but also about intangible aspects such as the state of the global routing table. More work will be done to refine and define the Public Core concept.

Creating a common understanding of global normative behaviour is a long and slow process where certain actors can become norm entrepreneurs. Not without pride, I believe that the GCSC, with the call for protection of the public core, is demonstrating norm entrepreneurship.  Or, as EFF’s Jeremy Malcolm observes in in his blog on Delhi’s cyber events: “The Call to Protect the Public Core of the Internet is not intended to be legally binding, but like Internet standards, it is hoped that it will acquire influence because the process by which it was developed was relatively thoughtful, inclusive, and balanced”, closing his blog with: “It doesn’t surprise us that a diverse, multi-stakeholder group of experts can actually produce more useful outcomes than a group of governments alone, and this could be taken as a lesson by the host of the next GCCS.”

I can’t write a better conclusion to this post.

Further reading

The Internet Society sponsors the GCSC and the author is one of its commissioners.

The post Reflections from the Global Commission on the Stability of Cyberspace appeared first on Internet Society.

Internet Society

Continuing David Vyorst’s Legacy: Recognizing the Next Generation of Open Internet Advocates

Last week we shared the sad news that David Vyorst, the Executive Director of the ISOC-DC chapter and an instrumental part of the North American Internet community, passed away.

The DC Chapter and the Internet Society are jointly establishing a fellowship award in David’s name. The fellowship will be awarded to a young person in a US-based chapter who has an innovative project or initiative for making a chapter more effective in advancing the values of a free and open Internet accessible by everyone.

You can visit the DC Chapter’s website to make a donation in David’s memory.

Photo credit: Glenn McKnight

The post Continuing David Vyorst’s Legacy: Recognizing the Next Generation of Open Internet Advocates appeared first on Internet Society.

Internet Society