Collaboration

A CTO analysis: Hillary Clinton's speech on Internet freedom

CTO Bob Gourley talks about what technologists IT pros should focus on in light of the Secretary of State's speech.

On January 21, 2010, Secretary of State Hillary Clinton delivered a speech on the topic of Internet freedom.

This is a very good presentation of policy worth a complete read by all, but I looked through it for statements indicating what we technologists should focus on. I tried to find the phrases indicating what the Secretary was saying the U.S. should or will do, since that should drive many other government actions and should help technologists think through what we may be asked to do/support.

Key points of this speech include:

  • "We stand for a single internet where all of humanity has equal access to knowledge and ideas."
  • "We believe it's critical that its users are assured certain basic freedoms. Freedom of expression is first among them. This freedom is no longer defined solely by whether citizens can go into the town square and criticize their government without fear of retribution. Blogs, emails, social networks, and text messages have opened up new forums for exchanging ideas, and created new targets for censorship. "
  • "We do not tolerate those who incite others to violence."
  • "Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities."
  • "These challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes."
  • "We must work to advance the freedom of worship online just as we do in other areas of life."
  • "States, terrorists, and those who would act as their proxies must know that the United States will protect our networks."
  • "Countries or individuals that engage in cyber attacks should face consequences and international condemnation."
  • "The freedom to connect -- the idea that governments should not prevent people from connecting to the internet, to websites, or to each other. "

My first general thought upon reviewing those compelling actions is -- "I'm on board!" It is good getting policy guidance from the Secretary of State on this. It is fine, of course, for academics and citizens to scrutinize those and offer opinions and thoughts and argue. That is just the nature of democracy. But we lack so much official vision in the cyber domain I'm going to default toward following the leader here, at least for now. My hope is that we can all pull behind the Secretary of State and others and execute on these goals (but, hey, give me time and I may decide to mount some arguments for change... just for now I think it is best to salute and follow).

My second general thought is that the Internet was not designed to be a platform to enable any of those actions. Oh boy, that is going to make it tough. And since there is huge lock-in on the current standards and design we are not going to be able to simply build a new Internet with new design criteria and then switch everyone to that. Nope, we are going to have to find ways to change the fabric of the current Internet to make it possible to achieve these objectives.

Some other nontechnical thoughts I think relevant to follow-on work:

  • Meeting these goals will require connection to "all of humanity." That piece is more achievable than it may sound. There are already 4B cell phones active in the globe for about 6B people. So we are two-thirds of the way there. This will require much more infrastructure work, but we can do this. And in places where ground-based infrastructure is not possible then space-based access is also possible (maybe via Cisco's IRIS?).
  • We must have ways to protect anonymity of good people, but not allow anonymity of bad people. This is going to be much harder to do than it is to say. I believe a structure could be put in place, with massive engineering, where all people are given some means to stay anonymous, but when a certain key is applied, their cloak can be peeled back. Hmmm. Who wants to keep those keys?
  • The U.S. is now on the record saying we will protect our networks. How, I wonder, will we do that? This is not the first time this question has been asked. I know many great thinkers have been noodling over that one for a long lone time and that one is also easier said than done. I know we can engineer in more security and have heard of some powerful ideas on how to do it. But we have to move the ideas to action quick. And we need to do that not just for the federal government but for the entire U.S. infrastructure.

Who can make these goals real?

The many technologists who design and field components of the modern Internet come together in multiple forums, many of which are key standards bodies. Any significant redesign of Internet functionality is going to be done by collegial coordination in standards bodies. A short list of standards bodies is here.

A few standards bodies particularly relevant to designing security into the Internet fabric are:

  • ANSI -- American National Standards Institute
  • IEEE -- Institute of Electrical and Electronics Engineers
  • IETF -- Internet Engineering Task Force
  • ISO -- International Organization for Standardization
  • ITU -- The International Telecommunication Union

----ITU-R -- ITU Radiocommunications Sector (formerly known as CCIR)

----ITU-T -- ITU Telecommunications Sector (formerly known as CCITT)

----ITU-D -- ITU Telecom Development (formerly known as BDT)

  • OMA -- Open Mobile Alliance

Another key body is ICAAN -- Internet Corporation for Assigned Names and Numbers.

So, what's next? I don't know, but I expect to see follow-on action to be coordinated across the federal government and to see continued action on making these policies real.

45 comments
brubelg
brubelg

Enjoyed the piece! PS small typo in ICANN

FatNGristle
FatNGristle

I haven't read the speech, but of the 'key points' Bob listed, I'm in agreement with a surprising number of them given my differences with Mrs. Clinton. Point 2, however, talks about protecting the freedom of expression, yet point 3 talks about squelching incitation. What does she mean? If incitation is expression, that's a very dangerous statement, #3. It seems that those who get violent, are looking for incitement. We all have varying degrees of incitability to resentment, anger, fury or violence, some of it legitimate.

vickaprili
vickaprili

I believe that people have a right to protect their networks, expensive infrastructure and the information of their customers and clients. They should not be impacted on in a negative way if connected to the Internet.

Webb4343
Webb4343

Anonymity has a downside in that it allows anyone, a disgruntled employee, an ex-wife, an angry customer or even a business competator to make devestating accusations. This has already occurred on blogs and business rating sites. The accused cannot effectively respond with no knowledge of the Who, What, Where or When. If specific accusations are made against a specific target anonymity should not be allowed.

petlon
petlon

Holy cow man! "for now I think it is best to salute and follow"? Have you no experience with government? Agree to painful oversight now, and you'll only get more later, not less. Nor will it get any less painful. The road is littered with the carcasses of discarded freedoms. Don't let the internet join the pile. Leave it in private hands and keep the bureaucracy out of it.

richdemars
richdemars

What great arrogance the current government of the USA has to tell others in the world to live. And they should be condemned for wasting US citizens tax dollars on such concerns of non-US citizens.

MDLarsen
MDLarsen

Why do you care what Hillary says? You should watch Susan Crawford or read the proposed Cyber Security Act of 2009 (http://cdt.org/security/CYBERSEC4.pdf). How about Julius Genachowski the probable next top Telecom Regulator. What does he think? Hillary? She's only a distraction.

bmcduffee
bmcduffee

Protecting the network comes down to each individual or organization taking responsibility for their piece. Businesses must be made to realize they have a duty to protect their networks and their customers information, perhaps under severe civil penalty if that is what it takes to make them wake up and take decisive (and often expensive) action. At least this would be a significant beginning to protecting the network.

tmcclure
tmcclure

It is important to remember that internet access is a privately owned commodity in a free market. The government has no claim to it. I have no desire to live in a police state where my activities could be monitored for the good of the public safety. History has shown this sort of government power is always abused.

jacartaya
jacartaya

The goal to "protect anonymity of good people, but not allow anonymity of bad people" sounds really hard to implement: How do you separate "good" from "bad" people? A more modest goal of allowing everyone to have anonymity for some actions, and not for other actions, appears to be easier.

MartyL
MartyL

I like Hillary. I really do. She's likable. I've liked her since Fleetwood Mac played for her and Bill to dance. But she's a politician first and last and I do not see anywhere that she could have acquired the requisite credentials to speak with authority about the internet or how access to it should be managed.

FatNGristle
FatNGristle

I think we need to own up to our actions and words. Anonymity is a warm damp room for our moldy character defects. What we need is identity protection. Many people confuse the two, but what is as risk is not me being found out for what we think/say/do, but someone else saying/doing on our behalf, typically to our detriment. A great many things can and have been done to protect identity, but ultimately if it can be digitally secured, it can be breached. Finger (unreproducable) Fingerprint image (potentially reproducable) Fingerpring digital scan (potentially reproducable & decodable) Retinal scan (not functional for blood-shot heavy drinkers and therefore congressionally impractical)

FatNGristle
FatNGristle

That's very interesting, not just on the corporate level. If you don't maintain the brakes on your car and it causes damage, you're liable for it. You didn't have to own that car. If you choose to use a computer on the internet and you don't maintain anti-virus software and you're computer causes damage, should you be liable for it? I guess the better analogy is if you don't put an alarm system on your car and someone steals it and does damage, are you liable? So the first scenario (brakes) is closer to infrasture liability: Google sells SaaS and if they allow their infrastructure to fail, it causes a cascading failure in other systems. Or Verizon, or ... That is where money was collected and expectations not met. Obviously a debt exists. What of the second scenario? Do we have a responsibility when we use the internet to maintain our systems from the obvious attacks of malware? Do parents have an obligation to immunize? Do I have obligation to trim and consolidate my posts?

paul.willy
paul.willy

HIPAA for example requires health organizations to Look for Network security experts, but not necessarily hire them. This is the fundamental issue with responsibility. It allows corporations to be irresponsible. Now the supreme court allows corporations free speech to elect politicians that will allow them to be even more irresponsible. Paul

Al_nyc
Al_nyc

Without government intervention we would have corporations prioritizing traffic on "their" internet in order to make more money. Some of the large ISP's wanted to do just that.

SAStarling
SAStarling

tm, I agree with you wholeheartedly. What's that famous quote? "Government is not the solution to our problem; government is the problem."

tmcclure
tmcclure

Your solution is equally difficult. Who gets to deside what should be anonymous? And who would choose? The FBI or CIA? Some Privacy Csar? No thanks. As Ben Franklin once said; "Those who would sacrifice liberty for security deserve neither."

jfuller05
jfuller05

If the Government would just stay out of these kinds of things America would run much better. The role of Government is to provide defense for America.

Al_nyc
Al_nyc

The person with the keys to find out who is who is the one who will make the decision. That is the problem. Complete anonymity is the only way this will work.

jvacheresse
jvacheresse

Excellent point, as who would determine bad versus good? There are some applications that are repugnant and those applications should be aggressively restricted (e.g. inappropriate exploitation of children). But to extend "censorship" to the individual may lead to the same issues currently occuring within Asia in which a faceless/nameless bureaucrat is now deciding the good/bad as it applies to people. This to me is a very slippery slope and one which does not reconcile to the ideal of "freedom"!

Webb4343
Webb4343

I've known of Hillery since her husband ran for the Presidency. It was said that they met while dating the same girl. She has no credentials except as a lawyer and politician. Her only faith is in total government control of the serfs, excuse me, citizens.

vickaprili
vickaprili

Since the Internet is failing to regulate itself, then unfortunately it is necessary for Government to step in. Many people manage resources they know nothing about by managing those with the necessary skill sets. I think this has been a long time coming.If the Internet is left to its own devices for much longer, it will become useless as a vehicle for reliable business and communication.

MartyL
MartyL

Every time someone says, "An honest man has nothing to hide," the truth of the matter is that an honest man had better already have a good hiding place. Every Time.

dogknees
dogknees

If you are living in a country with a repressive government and you are working peacefully to bring about change, you will get locked up if you're found out. You can't assume the government will always be on the side of the majority. When it's not, you need anonimity to survive.

vickaprili
vickaprili

As one famous US TV judge has stated. "Only the guilty hide!"

tmcclure
tmcclure

Somehow I would find that hard to believe. Users will shop around for the service they want. I know I do. ISP's who do not offer what customers want will loose buisness. Look how internet service has improved. All because of competiton. Now look at Europe as an alternative. The ISP's are very regulated. Most Europeans don't enjoy broadband, but are stuck with dial up.

FatNGristle
FatNGristle

I think Reagan was great for our country and liked his politics, but that quote gets splattered all over out of context. The government is the problem in some circumstances. Eliminating the government will not solve very many problems and would increase a large number of them.

dogknees
dogknees

What about a means of exchange(usually known as money). You haven't got much of a society without money.

Webb4343
Webb4343

Vikaprili, I think that your concerns are sincere but perhaps misplaced. I have been on the web since it consisted of bulletin boards and took 6-7 days for a response. Corporate stupidity is always a problem but government "help" is always worse.

vickaprili
vickaprili

Thanks for the heads up and will follow up for my own knowledge on the Australian angle.

tmcclure
tmcclure

I don't know about Australia, but in the USA it is a crime known as criminal trespass. In addition we have civil courts as well.

vickaprili
vickaprili

Just to clarify - After having my web server hacked 3 times in 12 months and detecting 3-4 attempted breaches per week, ongoing reliability and security is very much a concern to my business. Some form or regulation to stop this I believe is required apart from the ongoing measures which I now take.

santeewelding
santeewelding

Unsettling. Very unsettling. Which, I mean to say, that you are unsettling. Don't come near me.

Webb4343
Webb4343

There are no saints but evil we have in pleanty. To excuse evil because the rest of us are not perfect is foolish, not to mention suicidal.

Webb4343
Webb4343

Anyone over the age of ten years has things that they are ashamed of and wish to hide. Not necessarily illegal, but embarrassment over your first date, your first sexual experience, treatment for STD or depression as a few examples. Whenever I see the statement "nothing to hide" I believe it is an agent trying to suppress open expression.

Webb4343
Webb4343

Not deceptive or fraudlant, and Honest Lawyer. It may be different in Australia but in the U.S. half truths and deception are the norm. Hillary is a Lawyer. Hillary is the prototype advocate for government control. If you look around the world and throughout history you will see that the greatest threat to freedom is your own government.

vickaprili
vickaprili

That is a fair call - There are no saints.

dogknees
dogknees

I'd define it differently. A person who tells the truth so far as they believe it to be without exception or prevarication. It would of course include testifying against ones self in court. You aren't required to by law, but you certainly would if you were honest. Now, obviously there are few if any honest people, so lets stop pretending we are paragons of virtue and admit we all lie and we all expect others to lie to us. No one is perfect and no one is absolutely evil, we all fall in the middle somewhere.

vickaprili
vickaprili

This is the definition I was referring to. Not some urban myth or guesswork. honest - not disposed to cheat or defraud; not deceptive or fraudulent; "honest lawyers"; "honest reporting"

Webb4343
Webb4343

I agree fully, the technical expertise available to any government makes posting on the internet an act of folly. If they want you, they will find you. Send a letter or Email to Amnesty International or whomever and have them post it. Trust in anonymity is suicidal.

dogknees
dogknees

But we now have wireless internet where you aren't at a fixed point so none of that is relevant. You don't seriously believe the technology they use on CSI is real do you? If you are in a vehicle moving between cells as you work, it's very hard, verging on impossible, to locate you quickly enough to stop you. Are you seriously saying that a good hacker cannot remain anonymous online? That the "black-hats" aren't able to do their snooping anonymously? The examples you give might catch the average punter, but not the serious snoop/spy/... I also take issue with the implication that no one in Poland at that time had a PC the government didn't know about. Not one? Same as now, where every single PC in China is known about by the government? Rubbish. If the net is so useless to people opposing tyranical regimes, how come a lot of the underground literature in the soviet bloc before the wall came down was distributed on bulletin boards and on the early internet? It seemed to work well for them and is still working well for militant groups all over the world.

tmcclure
tmcclure

I'll trust people over government any day.

vickaprili
vickaprili

During my diploma training, I had a tech teacher that came from Poland and the communist regime. It was considered a crime against the state to own a computer and hence his move to Australia. Obtaining a computer would automatically make you an enemy of the state and anonymity attempts were eventually undermined by people talking (Friends of the state) Remaining anonymous in a client/server network where the requests are being made and initiated by web clients at a fixed point is impossible. There is enough technical smarts out there now to reveal all if someone really wanted or needed to know. One example being the logging capabilities which would be available in DSLAM equipment at a RAW data level. Bottom line is - if privacy is an issue or you are dealing with sensitive data, the Internet is not the way.I am fortunate enough not to live in a repressive regime.

tmcclure
tmcclure

To be more specific, government should have no role in regulating commerce. Its role is to enforce the rule of law and contracts. With all due respect, a classic example is the current economic mess we are in now; All created by government and crony capitalism (large corporations influencing government)

Editor's Picks