"Why can't we just switch it off?"
"Why can't we just switch it off?" asked a senior security official at a security conference Q&A a couple of years back. It was a reasonable question, but one my grandmother (c. 1892) might have asked! Perhaps more significant was the pitched battle that ensued between those whose virtual cup is always half empty, who seem to thrive on scaring the pants off us with horror stories that create fear, uncertainty and doubt, and those whose half full cup brims over with an optimistic moralistic froth. It's a pattern that has become more or less the norm at web conferences and in security blogs. There are no winners or losers in such battles because they are fought over opinions rather than facts.
Yet, one fact borne out by our experience of the web over the past two decades is just how resilient it can be. It can certainly be interrupted by etc. and cable breaks, but it can't be permanently broken because of the internet's inherent re-routing capabilities which are supported by an army of techies who maintain the massive bunch of wires / fibreoptics that join computers using
But perhaps more important is the fact that the Web is a triumph of co-creation, peer production and mass participation. It is the collective imagination of its users which generates the will to keep it going. It is precisely because of these special physical and human qualities, why those individuals, corporations and governments who have historically tried to impose their will over it have failed in their task. This tells me that the imposition of traditional control mechanisms over the web are doomed to failure and that we need to broaden security debates from the old law and order binaries (good guys/ bad guys) to reflect the way that the internet actually works.
In the field of , my main area of interest, for example, this new thinking tells us that the very technologies that create opportunities for cybercrimes can also be used to prevent and police them - though frameworks of accountability are required to make such actions legal. Another observation is that internet crime is by nature largely individualistic and, despite what many commentators say, resists the clutches of traditional organised crime as much as it does the state (police). Instead, we experience new forms of organised crime that is networked rather than socially embedded. Furthermore, most traditional forms of crime control fail conceptually when applied online because they frequently become interpreted as censorship and end up aggravating the general populace of honest web-users.
Until there is a broader realisation that the web is driven by a series of consensual norms that are now defining, amongst other things, citizenship, what is criminal or not, the many types of intellectual property that now exist, or even ideas about security and its solutions - norms that can come into conflict with those of 'the powerful' (Corporations, Government etc.) - then the advances that the web offers us will not progress.
The one fact that remains certain is that the internet's path will continue to be 'lit by the dark carnivorous glow of its own genius' (to paraphrase from his 1970s description of , who now lectures us about risk aversion in TV insurance adverts).
No, you can't switch it off, but you can perceivably switch people off, so let us strive not to do that.
Comment number 1.
At 27th Aug 2009, cyberissues wrote:If one is to take the narrow, technical definition, the ‘internet’ is a series of (essentially) peer-to-peer systems which communicate as defined by the TCP/IP protocol. So in this respect, as long as two or more systems are connected and not controlling, the internet exists. Assuming the broader definition of internet - the many layers and international free-flow of information and global access, it is therefore not unreasonable to assert that the internet (and web) as we perceive it could well be ‘switched off’ internationally. This may be achieved through denial of service attacks or cables being cut (the FLAG FEA, SMW4, and SMW3 lines as example last year . But more simply through political intervention.
The example which I cite is Turkey, where approximately 2,000 websites have now been blocked through the courts. This is achieved by banning ISPs from delivering certain content. And let us not forget the "Great Firewall of China". But what many people don’t realise is that the UK’s IWF provides a list of websites which are voluntarily opted in to by most ISPs. Similar services exist in other countries too. This societal desire to restrict content to users enforces the views of a few onto the many. Is this merely switching people off, or is it switching off nations to content?
Whilst China seems to be relaxing internet access controls, many (if not most) are increasing controls to access. We don’t live in a world of free information and access, we live in one which can be restricted nationally or completely switched off by ISPs, Governments or anyone with a good hacksaw.
Complain about this comment (Comment number 1)
Comment number 2.
At 27th Aug 2009, EnglishFolkfan wrote:My question to David Wall is what what about when vulnerabilities are found in website software by users & the website owners are notified of such and they fail to act on this.
I'm referring to a recent, ie this week, problem with Twitter. The original fault/vulnerability was found by two well respected Computer experts James Slater and David Naylor and highlighted by them in their Blog plus they contacted Twitter to hopefully initiate an immediate response and action to rectify the problem which is leaving Twitter account holders open to attack through their own computers. The story circulated widely in the computer geek world, on Twitter and was picked up by such media as TechCrunch and The Guardian.
I posted this information and links under the guest blog, Chris Anderson on privacy online, but perhaps this is a good place, I hope with the permission of the Dan Biddle & the rest of the team, to repeat the links:
Massive Twitter Cross-Site Scripting Vulnerability 25.08.09
and how Twitter reacted here:
Twitter Exploit Still Works 26.08.09 is an update and much clearer explanation of the problem details here:
TechCrunch report here:
The Guardian here:
The extensive comments made on the first three discussions make interesting reading especially those responding to the David Naylor posts and his replies to them.
Complain about this comment (Comment number 2)
Comment number 3.
At 27th Aug 2009, EnglishFolkfan wrote:US FCC chairman talks tough on network neutrality - ars technica - by Matthew Lasar August 26, 2009 9:53 AM CT
This article covers an interview with the FCC Chair Julius Genachowsk and his plans for defending consumers on the 'Net, come what may. He states "One thing I would say so that there is no confusion out there is that this FCC will support net neutrality and will enforce any violation of net neutrality principles".
The article goes on to describe the various Legal Acts being placed before the US courts and ongoing litigation as in the Comcast ISP case. The comments on the item give quite an interesting picture of some people's thinking on this. John Savard states "On the one hand, measures like those proposed in Britain, where ISPs would be required to determine if their customers are engaged in downloading copyrighted material, are inappropriate. It should be as hard to check what sites someone is visiting on the Internet, what files they are viewing or downloading, as it is to get a warrant to tap a telephone line."
I don't think I've heard anyone in the UK with the same powers as the FCC Chair speak out in defence of Net neutrality. Perhaps someone can enlighten me, please.
Complain about this comment (Comment number 3)
Comment number 4.
At 27th Aug 2009, jayfurneaux wrote:Want to kill the web? Take out the power sources.
Humanity had two all out world wars in the last century as well as a lot of nasty smaller ones. I doubt we've banished the spectre of warfare for good. Every society has an Achilles heel; ours is energy supply.
Complain about this comment (Comment number 4)