Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!
Ever since Internet access became widely
available to the public, questions regarding its governance and
administration have dogged both the public and private sector. On
one hand, there’s no question that the original Internet
“governing” body created community rules that established the
de-facto “government” of the Internet without any regard to
On the other hand, the Internet wouldn’t exist
without some type of organizational structure. The core Internet
protocols required standardization in order for data services to
work at all.
In December of 2004, former Central Intelligence
Agency (CIA) Director George Tenet gave a speech at an IT security
conference in Washington, DC, in which he advocated enacting
stronger security controls of the Internet to shore up its
vulnerabilities to potential terrorist attacks. Comparing the
Internet to the Wild West, Tenet argued that the “free and open
society” of the Net can pose a threat to national security.
While I can’t disagree with Tenet that the
Internet is not without risks, I do think that “free and open”
depends on your point of view. But more to the point, it’s
important to remember that the Internet is not a U.S.
Controlling the Internet isn’t the
responsibility of the United States, but you’d think George Tenet
thought it was. Since the formation of the Commercial Internet
eXchange (CIX) in March 1991, which opened up unrestricted
commercial Internet traffic, the U.S. government technically gave
up control of the Internet.
The free and open standard for TCP/IP made it
possible for Europe to quickly connect to the United States within
a year of CIX, and the rest of the world quickly followed.
When the Internet crosses into the realms of
countries connecting to it, as it often does, these nations can
maintain their rights within their borders as they see fit. So if
we accept that governments have a right to control what occurs
within their sovereign borders, then we could consider
circumventing Internet borders a crime.
However, Internet borders are technically
nothing more than designated blocks of IP addresses, which anyone
can block using firewalls. But it’s important to remember that the
free and open nature of the Internet doesn’t imply that countries
can’t enforce their own sets of rules regarding Internet activity
under their control.
So, while it’s perfectly understandable to call
for better security on the Internet–any reader of my columns
knows I’ll never argue for less security–any such
improvements shouldn’t arrive only at the discretion of the United
States. The Internet doesn’t belong to the United States, and any
concerns about national security shouldn’t override the sovereign
rights of other countries.
What Tenet fails to understand is that the free
and open exchange of information on the Internet is both an asset
and a weakness. And now that the Internet public includes the
entire world, there are indeed possibilities for problems that
endanger the national security of all countries–not just the