Sovereignty in Cyberspace


Published on

Presentation by Ian Brown, Oxford Internet Institute in Indonesia Information Security Forum 2012

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • RSA:
  • Sovereignty in Cyberspace

    1. 1. Sovereignty inCyberspaceIan Brown, Oxford Internet Institute
    2. 2. Outline• Legitimacy in global governance• Three sites of global Internet governance • NSA: Pretty Good Privacy and encryption controls • WIPO: “The answer to the machine is in the machine” – copyright and Technological Protection Mechanisms • ICANN: the travelling governance circus• Technocracy vs democracy; realpolitik vs rhetoric• Regulating technology; technologising regulation
    3. 3. Legitimacy and Internetgovernance• Source, process or results-oriented? Mandates, accountability, consensus and technocracy• Constitutional review – whose constitution? US, ECHR, UDHR, IETF? Code as constitutional law• Rhetorical framing – ‘When I use a word, Humpty Dumpty said, in rather a scornful tone, `it means just what I choose it to mean – neither more nor less.
    4. 4. National Security Agency• Lead US Signals Intelligence and Cryptology agency• Multibillion $ budget• Highly secretive (No Such Agency 1952- 64)• Key driver of US and international policy on encryption
    5. 5. Encryption control timeline Matt Blaze 1978: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, 1990: PGP software released via 1993: Al Gore leads US Rivest/Shamir/Adleman: c = me Usenet. Author Phil Zimmerman attempts to mandate mod n; m = cd mod n pursued through courts for 3 years key escrow1976: New Directions 1977-: NSA attempts to ban publication 1992: AT&T announcein Cryptography, Diffie of cryptographic publications; to control DES phone& Hellman funding of cryptography research; and to ban export of cryptographic software
    6. 6. Encryption rhetoric• “They have computers, and they may have other weapons of mass destruction.” –AG Janet Reno (1998)• "Terrorists, drug traffickers and criminals have been able to exploit this huge vulnerability in our public safety matrix.” –FBI Director Louis Freeh (2002)• “Many people also choose to use readily available encryption programmes to encrypt their email, files, folders, documents and pictures. These same technologies are also used by terrorists, criminals and paedophiles to conceal their activities.” –Home Office (2009)
    7. 7. Encryption realpolitik• “Law enforcement is a protective shield for all the other governmental activities. You should use the right word – we’re talking about foreign intelligence… The Law enforcement is a smoke screen” –David Herson, SOGIS (1996)• “We steal [economic] secrets with espionage, with communications, with reconnaissance satellites” – James Woolsey, CIA (2002)• "Encryption is no more prevalent amongst terrorists than the general population. Al-Qaeda has used encryption, but less than commercial enterprises.” –Juliette Bird, NATO (2006)
    8. 8. Encryption control unravels 1996: IETF declares: “Cryptography is the most powerful single tool that users can use to secure the Internet. 1997: OECD rejects attempts to Knowingly making that tool weaker mandate key escrow in its threatens their ability to do so, and Guidelines for Cryptography has no proven benefit.” Policy1995: Netscape adds 1997: European Commissionencrypted links, enabling declares key escrow should be 2001: US essentiallye-commerce boom limited to that which is “absolutely abandons export controls necessary”
    9. 9. NSA summary• Encryption policy was driven by a small number of executive agency stakeholders (largely excluding legislators) with very little transparency, and widespread contention from Internet community – lack of source, process and results legitimacy• Differing stakeholder positions meant multilateral fora rejected US demands & bilateral negotiation failed• Effective regulation extremely difficult given global availability of cryptographic knowledge, programmers, distribution channel, open PC platform and user demand
    10. 10. WIPO• Part of UN system responsible for “developing a balanced and accessible international IP system, which rewards creativity, stimulates innovation and contributes to economic development while safeguarding the public interest”• Spent much of 1980s and 1990s “updating” global © treaties
    11. 11. © rhetoric• “the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” – Jack Valenti (1982)• “The answer to the machine is in the machine” –Charles Clark (1996)• “If we can find some way to [stop filesharing] without destroying their machines, wed be interested in hearing about that. If thats the only way, then Im all for destroying their machines.” – Senator Orrin Hatch (2003)
    12. 12. Technological ProtectionMeasuresWIPO Copyright Treaty §11“Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.”
    13. 13. Implementations• DMCA §1201: “No person shall circumvent a technological measure that effectively controls access to a work protected under this title”• EUCD §5: “Member States shall provide adequate legal protection against the circumvention of any effective technological measures”• Similar provisions in various US FTAs ever since• All mirror detailed US proposals to WIPO that were overruled during development of WCT
    14. 14. TPM realpolitik• “Accurate, technological enforcement of the law of fair use is far beyond todays state of the art and may well remain so permanently” –Ed Felten (2003)• “Legal backing for the right of access is essential in the interests of social inclusion and equitable treatment of people with disabilities” –European Blind Union (2006)• “Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music
    15. 15. WIPO summary• Consensus reached on TPM policy in UN agency, but implementation was driven by US and EU IP/trade agencies with widespread contention from users of © works – limited process and results legitimacy• Effective regulation extremely difficult given global availability of TPM circumvention knowledge, programmers, distribution channel for code and unprotected works, existing insecure platforms (CDs), open PC platform and user demand
    16. 16. ICANN• Internet Corporation for Assigned Names and Numbers• Private, public-benefit Californian corp (1998) operating under agreement with US Department of Commerce• Manages DNS, IP address and port allocation
    17. 17. ICANN governance• Original attempts to elect board abandoned in 2002• Now focused on process and result legitimacy• “to ensure the stable and secure operation of the Internets unique identifier systems”
    18. 18. ICANN rhetoric• “Burdensome, bureaucratic oversight is out of place in an Internet structure that has worked so well for many around the globe.” – Condoleeza Rice (2005)• “No intergovernmental body should control the Internet, whether its the UN or any other.” – David Gross (2005)• “On Internet governance, three words tend to come to mind: lack of legitimacy. In our digital world, only one nation decides for all of us.” – Brazilian WSIS delegation (2005)
    19. 19. ICANN realpolitik• Internet governance is “definitely a travelling roadshow, if not a flying circus”-Markus Kummer (2004)• “The ITU version of [the Internet] blurs… boundaries and takes us a step backwards into a centrally controlled, centrally managed, ‘more than good enough’network— administered, of course, by the ITU.” –Ross Rader (2004)• "Using talking shop as a negative suggests communication is a bad thing” –Emily Taylor
    20. 20. ICANN summary• Source legitimacy still highly contentious – online board elections abandoned, relies on extreme consensus processes and result legitimacy – limited objectives have been achieved• Governance has just about held together, partly due to Internet community grudging acceptance of ICANN as least-worst solution. DNS alternatives are possible but so far unpopular
    21. 21. Comparison Encryption control Anti-circumvention Identifier managementPolicy Maintain intelligence and Maintain excludability of Maintain a stable andobjective law enforcement intercept information goods secure addressing system capabilityStakeholder SIGINT agencies, law Copyright holders, trade Registrants, registrars,s enforcement (US: NSA, and IP agencies, trademark holders NSC, DoJ), software cos consumer electronics firmsLegitimacy Source; little transparency Source, some process Multi-source, extreme process, resultFraming Terrorists, paedophiles Piracy is killing music Private-sector innovationSites COCOM/Wassenaar, WIPO, US-EU-Japan The travelling circus OECD, G8, special envoy coordination, FTAs, special 301 procedureCounter- Anti-Big Brother, US Defective by design, anti- Anti-democratic, US-framing business interests innovation, anti- dominated competitive, anti-fair useMain Open source software, 1st Open source software, Finding consensus acrosschallenges amendment, economic P2P networks, consumer extreme range of stake- espionage, consumer preferences, Apple market holders; legitimacy preferences, campaigners power, campaigners
    22. 22. Conclusions• Internet policy cycle takes decades, not years; it does not provide democratic panaceas nor trivial consensus• Multi-stakeholder forums can take better account of technocratic expertise and civil society than bilateral and multilateral fora, building process and results legitimacy• Internet, cryptography and PCs have acted as a powerful constraint on public and private sector power; network effects and sunk cost make change difficult – does some code have a constitutional quality?• Effective, legitimate global regulation of information is hard; technological regulation is even harder• The answer to the machine is often elsewhere
    23. 23. References• W. Diffie & S. Landau (1998) Privacy on the line, MIT Press• L. Lessig (1999) Code: and Other Laws of Cyberspace, Basic Books• P. Drahos with J. Braithwaite (2002) Information Feudalism, Earthscan• V. Mayer-Schönberger & M. Ziewitz (2007) Jefferson Rebuffed: The United States And The Future Of Internet Governance, Columbia Science & Technology Law Review 8, 188— 228• I. Brown (2007) The evolution of anti-circumvention law, International Review of Law, Computers & Technology 20(3) 239— 260• R. Weber & M. Grosz (2008) Legitimate governing of the Internet, In S. M. Kierkegaard (ed.), Synergies and Conflicts in Cyberlaw, 300—313• A. Adams & I. Brown (2009) Keep looking: the answer to the machine is elsewhere, Computers & Law 20(1)