Internet, which initially started as a DARPA experiment is [still] under the indirect control of USA government through ICANN despite several objections from Europe as well as IBSA. This worked when most users were from the western world with the notable exception of China and few minor quirks. But in the past few decades, not only the governments around the world are putting more controls but also the internet users (as well as enterprises) are fighting back against US control. In this blog post, I will describe the main threats to the existence of (current form of) Internet.
First, let’s see a few incidents from the past –
Incident 1: Operation Shady RAT, 70 organizations across 14 nations (from the USA to India) fell to targeted intrusions (probably) by a state actor, the operation started in 2006 and continued till 2011.
Incident 3: Stuxnet was designed to target a particular configuration of centrifuges at Natanz who operational capacity dropped by 30 percent in 2010. The aim was to (at least) slow down Iran’s uranium enrichment. Given the sophistication of Stuxnet (which exploited four zero-day vulnerabilities), it is believed to be the work of a state actor. A year later, a similar malware duqu has emerged.
Incident 4: Byzantine Hades has targeted 760 companies with the alleged aim of industrial espionage.
Incident 1: SOPA and PIPA are designed for pro-active blacklisting of domain names which are alleged to be serving infringing copyright content, thus, if domain registered by European national (with no link to the US at all) can be removed from DNS registry just on the basis of one legal notice, of course, European parliament is not happy about it. Laws like this threatens the existence of the Internet as we see it today.
Incident 2: An English national, who is running a travel agency in Spain, had his websites taken down by his American registrar after receiving a notice from the American government that his sites were helping Americans evade travel restrictions to Cuba.
Incident 3: Owner of popular music hosting domain had his site seized for over a year (even though seizure legally are restricted to 60 days) for intellectual property infringement till US government ultimately realized that music was being released on the site by the actual copyright holders.
Incident 4: Indian Parliament considers a new Information Technology Act was calling for a ban on the uploading of blasphemous and controversial content.
Incident 5: Fearing civilian uprising and with the aim of creating a halal network, Iran is working towards creating a national network disconnected from the Internet. The efforts look credible since they are working on in-house hardware (network gears) as well as software (search engine).
More and more governments are opting for digital surveillance sometimes by framing laws, sometimes in a more blatant illegal fashion.
Incident: Multiple attempts were made in Iran for getting fake certificates for major websites (primarily to do man-in-the-middle attack on dissidents), first on 15th March 2011, an Iranian patriot compromised a Registration Authority of Comodo, which is a root Certificate Authority(CA) to issue fake certificates for major sites (which were revoked quickly), two months later, Dutch CA DigiNotar was breached and fake certificates were issued which were used for ~ 2 months before revocation.
Several companies in the USA have engaged in selling technology to oppressive regimes in Syria, Myanmar, China, etc. for cyber surveillance of citizens. But let’s not forget, the Internet was not primarily designed with national boundaries in mind, therefore, it’s not uncommon for these countries to spy on traffic of neighboring countries flowing through them (un)intentionally, as it happened in case of Pakistan’s block of YouTube which went much beyond its national boundaries or when a big chunk of international traffic went through China due to [mis]configuration at the end of China Telecom.
Fearing the dangers of spying, USA government does not want its data to be located in data centers outside the USA, the same law has been enacted by Europe and we should expect other governments to follow soon (if they ever purchase cloud storage).
Privacy on the internet was not a major issue till user-generated content (or more specifically social networks) became mainstream. Controlled primarily from the United States, they fumbled several times in Europe. Following are a few notable incidents –
Incident 1: A group of students uploads a video showing bullying of a mentally challenged boy on videos sharing site, the Italian court convicts three executives of the company for privacy violations.
Incident 3: US courts order a microblogging company to supply account data of a Parliamentarian of Iceland, of course, Iceland is not happy about this.
Incident 4: A search engine company is ordered by French courts to remove defamatory contents about an individual (the contents were generated based on the court cases going against him), of course, the cases are still available online.
And the European Union is working on tougher data protection laws for the companies to access its internal market.
As initially mentioned, the Internet today is virtually divided into two halves – China and the rest of the world (RoW). One can see that this not only enables censorship but encourages protectionism. While RoW has one dominant search engine(google), one dominant social network(Facebook), one dominant micro-blogging site(Twitter) and one dominant video-sharing platform(YouTube), most of these are either banned in China or have a very small market share. Baidu is the search engine, Renren is the social network, Youku being video-uploading and Weibo being micro-blogging site. While protectionist policies usually don’t work in the long run, they do give immediate short-term gains and necessary protection to local companies. And this might encourage EU or Arab-world to follow this route.
While The current tussle is primarily between the USA and Europe (and in some cases USA and China), going by demographic trends and rate of Internet adoption, it is easy to see that in the near future, we are going to have two more major players namely Middle East (with technical know-how supplied by Iran) and India. The clash among these five major players over above issues will certainly threaten the existence of the unified Internet as we see today and lest the above issues are resolved, we are going to end up with a form of the Internet much different from what we currently have.