Towards a broken future of Internet

Internet, which initially started as a DARPA experiment is [still] under the indirect control of USA government through ICANN despite several objections from Europe as well as IBSA. This worked when most users were from the western world with notable exception of China and few minor quirks. But in past few decades, not only the governments around the world are putting more controls but also the internet users (as well as enterprises) are fighting back against US control. In this blog post, I will describe the main threats to existence of (current form of) Internet.

First, lets see a few incidents from the past –

Targeted Cyber attacks

Incident 1: Operation Shady RAT, 70 organizations across 14 nations (from USA to India) fell down to targeted intrusions (probably) by a state actor, the operation started in 2006 and continued till 2011.

Incident 2Operation Ghostnet, primarily targeted Tibetan government in exile  (in India) but computers at embassies and foreign ministeries of many other governments were compromised as well.

Incident 3: Stuxnet was designed to target a particular configuration of centrifuges at Natanz who operational capacity dropped by 30 percent in 2010. Clearly, the aim was to (at least) slow down Iran’s uranium enrichment. Given the sophistication of Stuxnet (which exploited 4 zero-day vulnerabilities), it is believed to be the work of a state actor. A year later, a similar malware duqu has emerged.

Incident 4: Byzantine Hades has targeted 760 companies with the alleged aim of industrial espionage.

Censorship

Incident 1: SOPA and PIPA are designed for pro-active blacklisting of domain names which are alleged to be serving copyright infringing content, thus, if domain registered by european national (with no link to US at all) can be removed from DNS registry just on the basis of one legal notice, of course, european parliament is not happy about it. Laws like this threatens the existence of Internet as we see it today.

Incident 2: An english national, who is running a travel agency in Spain, had his websites taken down by his american registrar after receiving a notice from american government that his sites were helping americans evade travel restrictions to Cuba.

Incident 3: Owner of a popular music hosting domain had his site seized for over a year (even though seizure legally are restricted to 60 days) for intellectual property infringement till US government ultimately realized that music was being released on the site by the actual copyright holders.

Incident 4: Indian Parliament considers a new Information Technology Act calling for ban on uploading of blasphemous and controversial content.

Incident 5: Fearing civilan uprising and with the aim of creating a halal network, Iran is working towards creating a national network disconnected from the Internet. The efforts looks credible since they are working on in-house hardware (network gears) as well as software (search engine).

Surveillance

More and more governments are opting for digital surveillance sometimes by framing laws, sometimes in a more blatant illegal fashion.

Incident: Multiple attempts were made in Iran for getting fake certificates for major websites (primarily to do man-in-the-middle attack on dissidents), first on 15th March 2011, an Iranian patriot compromised a Registration Authority of Comodo, which is a root Certificate Authority(CA) to issue fake certificates for major sites (which were revoked quickly), two months later, Dutch CA DigiNotar was breached and fake certificates were issued which were used for ~ 2 months before revocation.

Several companies in USA have engaged in selling technology to oppressive regimes in Syria, Myanmar, China etc. for cyber surveillance of citizens. But lets not forget, internet was not primarily designed with national boundaries in mind, therefore, its not uncommon for these countries to spy on traffic of neighboring countries flowing through them (un)intentionally. As it happened in case of Pakistan’s block of YouTube which went much beyond its national boundaries or when a big chunk of international traffic went through China due to [mis]configuration at the end of China Telecom.

Fearing the dangers of spying, USA government does not wants its data to be located in datacenters outside USA, the same law has been enacted by Europe and we should expect other governments to follow soon (if they ever purchase cloud storage).

Privacy

Privacy on internet was not a major issue till user-generated content (or more specifically social networks) became mainstream. Controlled primarily from United States, they fumbled several times in Europe. Following are a few notable incidents –

Incident  1: A group of students upload a video showing bullying of a mentally challenged boy on videos sharing site, the Italian court convicts three executives of the company for privacy violations.

Incident 2: A social networking company launches face recognition (with out-out settings) and is fined by German government for not making it opt-in.

Incident 3: US courts order a micro blogging company to supply account data of a Parliamentarian of Iceland, of course, Iceland is not happy about this.

Incident 4: A search engine company is ordered by French courts to remove defamatory contents about an individual (the contents were generated based on the court cases going against him), of course, the cases are still available online.

And Europeans Union is working on tougher data protection laws for the companies to access its internal market.

Protectionism

As initially mentioned, the Internet today is virtually divided into two halves – China and rest of the world (RoW). One can actually see that this not only enables censorship but encourages protectionism. While RoW has one dominant search engine(google), one dominant social network(Facebook), one dominant micro-blogging site(Twitter) and one dominant video-sharing platform(YouTube), most of these are either banned in China or have very small market share. Baidu being the search engine, Renren being the social network, youku being video-uploading and weibo being micro-blogging site. While protectionist policies usually don’t work in long run, they do give short term immediate gains and necessary protection to local companies. And this might encourage EU or Arab-world to follow this route.

While The current tussle is primarily between USA and Europe (and in some cases USA and China), going by demographic trends and rate of Internet adoption, it is easy to see that in near future, we are going to have two more major players namely Middle East (with technical know-how supplied by Iran) and India. Clash among these five major players over above issues will certainly threaten the existence of unified Internet as we see today and lest the above issues are resolved, we are going to end up with a form of Internet much different from what we currently have.