CTO Bob Gourley talks about what technologists IT pros should focus on in light of the Secretary of State's speech.
On January 21, 2010, Secretary of State Hillary Clinton delivered a speech on the topic of Internet freedom.
This is a very good presentation of policy worth a complete read by all, but I looked through it for statements indicating what we technologists should focus on. I tried to find the phrases indicating what the Secretary was saying the U.S. should or will do, since that should drive many other government actions and should help technologists think through what we may be asked to do/support.
Key points of this speech include:
- "We stand for a single internet where all of humanity has equal access to knowledge and ideas."
- "We believe it's critical that its users are assured certain basic freedoms. Freedom of expression is first among them. This freedom is no longer defined solely by whether citizens can go into the town square and criticize their government without fear of retribution. Blogs, emails, social networks, and text messages have opened up new forums for exchanging ideas, and created new targets for censorship. "
- "We do not tolerate those who incite others to violence."
- "Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities."
- "These challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes."
- "We must work to advance the freedom of worship online just as we do in other areas of life."
- "States, terrorists, and those who would act as their proxies must know that the United States will protect our networks."
- "Countries or individuals that engage in cyber attacks should face consequences and international condemnation."
- "The freedom to connect -- the idea that governments should not prevent people from connecting to the internet, to websites, or to each other. "
My first general thought upon reviewing those compelling actions is -- "I'm on board!" It is good getting policy guidance from the Secretary of State on this. It is fine, of course, for academics and citizens to scrutinize those and offer opinions and thoughts and argue. That is just the nature of democracy. But we lack so much official vision in the cyber domain I'm going to default toward following the leader here, at least for now. My hope is that we can all pull behind the Secretary of State and others and execute on these goals (but, hey, give me time and I may decide to mount some arguments for change... just for now I think it is best to salute and follow).
My second general thought is that the Internet was not designed to be a platform to enable any of those actions. Oh boy, that is going to make it tough. And since there is huge lock-in on the current standards and design we are not going to be able to simply build a new Internet with new design criteria and then switch everyone to that. Nope, we are going to have to find ways to change the fabric of the current Internet to make it possible to achieve these objectives.
Some other nontechnical thoughts I think relevant to follow-on work:
- Meeting these goals will require connection to "all of humanity." That piece is more achievable than it may sound. There are already 4B cell phones active in the globe for about 6B people. So we are two-thirds of the way there. This will require much more infrastructure work, but we can do this. And in places where ground-based infrastructure is not possible then space-based access is also possible (maybe via Cisco's IRIS?).
- We must have ways to protect anonymity of good people, but not allow anonymity of bad people. This is going to be much harder to do than it is to say. I believe a structure could be put in place, with massive engineering, where all people are given some means to stay anonymous, but when a certain key is applied, their cloak can be peeled back. Hmmm. Who wants to keep those keys?
- The U.S. is now on the record saying we will protect our networks. How, I wonder, will we do that? This is not the first time this question has been asked. I know many great thinkers have been noodling over that one for a long lone time and that one is also easier said than done. I know we can engineer in more security and have heard of some powerful ideas on how to do it. But we have to move the ideas to action quick. And we need to do that not just for the federal government but for the entire U.S. infrastructure.
Who can make these goals real?
The many technologists who design and field components of the modern Internet come together in multiple forums, many of which are key standards bodies. Any significant redesign of Internet functionality is going to be done by collegial coordination in standards bodies. A short list of standards bodies is here.
A few standards bodies particularly relevant to designing security into the Internet fabric are:
- ANSI -- American National Standards Institute
- IEEE -- Institute of Electrical and Electronics Engineers
- IETF -- Internet Engineering Task Force
- ISO -- International Organization for Standardization
- ITU -- The International Telecommunication Union
----ITU-R -- ITU Radiocommunications Sector (formerly known as CCIR)
----ITU-T -- ITU Telecommunications Sector (formerly known as CCITT)
----ITU-D -- ITU Telecom Development (formerly known as BDT)
- OMA -- Open Mobile Alliance
Another key body is ICAAN -- Internet Corporation for Assigned Names and Numbers.So, what's next? I don't know, but I expect to see follow-on action to be coordinated across the federal government and to see continued action on making these policies real.