Has Flame moved the battle for control over the Internet from Cold War to Hot War

Vanity Fair recently published a thought provoking article in which the planned ITU World Conference on International Telecommunications was seen as the start of World War 3: the fight for control of the Internet.

The current Internet governance regime (which I have called “a Cartel masquerading as anarchy) came about largely because the ITU gave up after the failure of X25 to provide effective standards for any-to-any packet switched communications. It left vacant the role of providing  an umbrella organisation for these to be developed and implemented. The vacuum was filled by a motley collection of self-appointed, semi-academic or US government groups such as the Internet Engineering Task Force, WC3 and ICANN.  

We are now living with the consequences. 

The Vanity Fair article takes a US-centric view and considers these in the context of SOPA , PIPA and the problems that 20th Century American lawyers and lobbyists created, when they turned Intellectual Property Rights from mechanisms to encourage, foster and protect creativity and innovation into a Wild West style “race to stake the land claim” followed by a legal gravy train in which law firms and collecting agencies commonly trouser considerably more in fees than R&D labs, authors or composers receive in royalties. 

The current ICANN programme to create Top level Domain names can be seen as another example of  that “first to file” mentality applied to the on-line world. No wonder so many ITU member states fear they will share the fate of the Indian Tribes of North America if they do not band together and find suitable allies.

 IPR is, however, only one of the battlefields.

Enhanced by Zemanta

The common dividing factor is whether the frameworks for theon-line world, including for inter-operability standards , rules of conduct andenforcement action should be determined by Governments  or by Industry. The papers for the WCIT arenot publicly available. The ITU is an inter-government body dating back to1865, taken over as part of the founding of the United Nations at a time whenall international communications was in the hands of government departments orregulated monopolies and its procedures reflect that age.

To quote the calling notice to a forthcoming discussionevent being organised by the UK chapter of the International Institute ofCommunications:  “Thepreparatory negotiations have seen a flurry of activities, claims and demands,on topics ranging from who will govern the architecture and ‘domain name’system of the Internet, to online content regulation, human rights, roaming, orgovernments setting telecom prices.

 ‘”Behindthese topics lie some very concrete issues: many countries still feel that theyneed to, and can only, rely on the UN system for many of their technical anddevelopment needs around ICT; a number of governments still extract significantrevenues from their incumbent telecom operators and many see as a threat – andcertainly as an unknown quantity – the changes in the dynamics of the ICT valuechain globally. This is whether because they are losing revenues due to modernrouting practices or believe that ‘the Internet is run by America’ andcertainly largely outside their control, making them all too vulnerable to suchthreats as spam and cyber-security attacks. The WCIT’s possible outcome ofbringing in more Internet supervision under a UN aegis therefore seemsappealing, bringing more certainty and levelling the playing field. If WCITdoes not achieve it, the ITU’s 2013 World Telecommunication/ICT Policy Forum(WTPF) or the 2014 – 2015 review of the UN World Summit on the InformationSociety (WSIS) – or the follow-up to the UK-led ‘Conference on Cyberspace’ ofNovember 2011 – could provide other platforms for governments to negotiate onthese topics. 

“At the other end of the spectrum, manyhave called for restraint ,pointing to the obvious and enormous social and economic benefits brought tothe world by the Internet thanks largely to its open, decentralized andmulti-stakeholder nature. More significantly perhaps, the ‘freedom of theInternet’, outside of governments’ control, has been widely praised for havingcatalyzed the ‘Arab Spring’ and other recent positive developments elsewhere inthe world. It is thus no wonder that a number of civil society groups, fromHuman Rights Watch to Reporters Without Borders, joined forces in May of thisyear, to demandmore transparency and participation in WCIT

We should, however stand back and look at the some of recentpublicity for Flame , including that which puts it intomore sobre technical context and  the public admission thatStuxnetwas indeed a US-led attack on Iran .Now add the case being made for the Interception ModernisationProgramme   in the UK and  previous publicity for attacks by others on USand UK Government establishments and you can put the UK Cyber Securitystrategy, with most of the £650 million for GCHQ and MoD, and exercises to attractand educate a new generation of cyberwarriors , into context. 

The processes that protect the identities of freedomfighters, dissidents, terrorists and pederasts also protect those ofelectronic  warfare teams who controlmany (perhaps even most)  of the worldsbotnets.  Publicity during the run up to the London Cyber Space security conference last year waslargely about criminal activities and those of “rogue states”. But arguably themost important discussions were those in closed session between those who run “our”and “their” covert cyber warfare operations about norms of engagement and the means of preventing state sabre-rattling from being confused withthe activities of “outsiders” operating without permission.

The words used were “international rules of the road”establishing “norms of acceptable behaviour”, “while  stopping short of a full treaty advocated bysome countries”.

The meaning was that those running “our” cyberwarfareoperations wanted to stop short of a Hague or Geneva Convention (boht back by Treaty), but still wanted routines tobetter identify which attacks are “criminal” or “terrorist” and which are”state sponsored” and to prevent demonstrations of capability and attacks onproxy states from escalating by mistake.

The Flame virus is not that new or sophisticated  but what is new is the publicity   it has given to the  ongoing cyberwar between the Israel  (and its allies and agents) and Iran (and itsallies and agents).  Similar tools arebeing used to help explore the files of defence contractors, pharmaceuticalcompanies and government agencies. But those using them have no wish topublicise their success. The security compromises at Diginotar and Global Payments both ran for months (perhaps years) before the former was publicised by the Iranians (who wanted the West to be humiliated by the knowledge they had been able to monitor the use of supposedly the secure webmail services used by their dissidents) and the scale offraud caused by the latter led to investigation by the main card operators.

A third dimension of conflict is the need to take effectiveaction against criminal malpractice over the Internet, in the knowledgethat  removing  the vulnerabilities that facilitate much ofthat malpractice will entail reducing anonymity and crippling the cyber warfarecapabilities of “our” side as well as theirs.

Can we trust an inter-government organisation like the ITUto take this dimension seriously? 

Equally, can we trust industry players whose main concernappears to be a mixture of advertising and royalty revenues based on selling our personal information and thecreativity of the past. 

The past attendance of industry players at InternetGovernance Forum events, national or international, indicates not.

Who do we trust least?

The only certainty is that the silent majority gets what itdeserves: ignored.

The problem is that well-informed debate requires bringingtogether communities with very different and equally entrenched prejudices,overlaid with partial (in more than one sense of the word) understandings ofhow the relevant technology, business, legal, regulatory and business  models work.

My own prejudice would be to leave it to market forces, using regulationonly to protect customers from the cartels that arise  when a market is left entirely to its owndevices and ensuring that the regulators are under democratic control, with no “commercialconfidentiality” for any of their dealings. But I also enjoyed watching the synchronisedswimming pigs immediately behind the Royal Barge in the River Pageant yesterday.