April 8, 2011
Internet Freedom: A Time for Choosing
As the Internet becomes more important, the claims on it increase. Those claims cannot all be met. It is a time for choosing.
Defining the Internet as the sum of the design decisions that are now ubiquitously deployed, the Internet deeply embeds American values. Just as close examination of DNA explicates sources in bio-history, close examination of Internet's methods of communications does the same.
The Internet was built by academics, researchers, and hackers -- meaning that it embodies the (classically) liberal cum libertarian cultural interpretation of "American values," namely that it is open, non-hierarchical, self organizing, and leaves essentially no opportunities for governance beyond a few rules of how to keep two parties in communication over the wire. Anywhere the Internet appears, it brings those values with it (treating censorship as a delivery failure, say). Other cultures, other governments, know that these are our strengths and that we are dependent upon them, hence as they adopt the Internet they become dependent on those strengths and thus on our values. A greater challenge to sovereignty does not exist.
Most world governments have a very different relationship with their citizens from what the US has; our prioritization of free speech above competing values being a strikingly clear example. If the definition of freedom is simply "that which is not forbidden is permitted," then there is little room to argue whether free speech is or is not built into the design of the Internet. It is, per se.
Most governments see formal Standards as a tool of national policy, and for that precise reason most governments prefer the International Telecommunications Union (ITU). The meritocratic founders of the Internet Engineering Task Force (IETF) had a fundamentally American view and took a fundamentally American approach -- beginning with MIT Professor David Clark's Patrick-Henry-like remark: "We reject kings, presidents, and voting. We believe in rough consensus and running code."
To my mind, the most important technical decision ever made was that the security of the Internet was to be end-to-end. "End-to-end" is a generic technical term yet simple to explain: the Internet was built on the premise that two entities could connect themselves to each other and decide what they wanted to do. The network was a delivery vehicle, but the form, content, and security of the connection between the two ends was to be their own choice. End-to-end is a model where the terminal entities are smart and the network is dumb. This is completely (completely) different from a smart network with dumb terminal entities at the end of the wire.
No other design decision of the Internet comes close to the importance of it being an end-to-end design. With end-to-end, security is the choice of the terminal end-points, not something built into the fabric of the Internet itself. That is American values personified. It is the idea that accountability, not permission seeking, is the way a government curbs the misuse of freedoms, and, as accountability scales but permission seeking does not, accountability wins.
End-to-end security is the digital manifestation of the right of association and, in any case, is what enabled the Internet to become relevant in the first place. End-to-end does precisely what Peter Drucker told us to do: "Don't solve problems, create opportunities."
The provision of content from anywhere to anywhere, which is the very purpose of an internetwork, is a challenge to sovereignty.
America's Founders wanted no sovereign at all, and they devised a government that made the center all but powerless and the periphery fully able to thumb its nose at whatever it felt like. Much ink has been spilled on the frontier ethic versus the wishful policies favored by the comfortable urbanity of the welfare state, but the Internet's protocols have everything in common with the former and nothing in common with the latter.
America's Founders understood that the free man required the choice of with what degree of vigor to defend himself. That is a universal; America's Founders laid that down in the Second Amendment, just as did George Orwell in the English democratic socialist weekly "Tribune," when he said, "That rifle on the wall of the laborer's cottage or working class flat is the symbol of democracy. It is our job to see that it stays there." Were George Washington or George Orwell still among us, they would know that smart end-points and dumb networks are what freedom requires, that smart networks protecting dumb end-points breeds that compliant dependency.
US Supreme Court Justice Louis Brandeis, writing in 1928, defined privacy in this same American spirit, calling it "The right to be left alone -- the most comprehensive of rights, and the right most valued by civilized men." Not even governments threaten that definition as much as does consolidation in the telecommunications market (anti-freedom regulation and surveillance become easier the fewer the number of entities to regulate or to deputize as government's surveillers). Of course, for those countries that choose a government monopoly in telecommunications, freedom in the American sense cannot be lost as it never existed in the first place. The Internet's design rules presume many paths, not The One True Path leading to the only door in a Great Firewall of China or anywhere else.
On security as viewed by governments, many of them act consistently with a belief that all American Internet technology must somehow have been rigged to appear benign and open but actually to be a tool of American espionage, though, as everyone who cares to know knows, it is the US that is the preferred and predominant target of Internet-enabled espionage.
Countries seeking sovereignty in the Internet at large are thwarted by the Internet's structure, by the very communications protocols that carry American values. Countries wanting sovereignty in some piece of the Internet are asking that the Internet be fragmented.
The realist knows that global agreement on what policy to embed in the Internet fabric simply will never happen. Take cybercrime:
Cybersecurity failure is always involved and so one might imagine that the global community could agree on countermeasures. But BRIC (Brazil, Russia, India, China) dismisses the Council of Europe's Convention on Cybercrime as "unenforceable" and the US will sign only the Convention itself and not the sidebar Protocol hobbling free speech.
Benjamin Franklin voiced American values when he said "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." The Internet, for all its slop, delivers liberty in a way that Franklin would immediately call his own. All despots consolidate their power in the name of security. We, you and I, are at an inflection point in history. We have an Internet that has American values built in. There are many who want it otherwise, including the anti-American faction of the permanent American bureaucracy.
I write this literally staring at a broken fortune cookie on my dining room table which reads "Do not pray for safety; it is the most dangerous thing in the world." I ask you to do your part to keep policy -- everyone's policy -- out of Internet protocols. I speak as a security person but you must speak as whatever you are.
I, and you, can remind others that there comes a point where safety is not safe, a point one has passed as soon as one concludes that personal responsibility for Internet security is irrelevant and/or quaint. Had American values not been embedded in Internet protocols, we would not be having this conversation. If these protocols fall, many future conversations will never happen. Time is short, and the water rises.
Dan Geer is the Chief Information Security Officer for In-Q-Tel, the strategic investment arm of the US Intelligence Community. He has been present at the creation for much of the growing information infrastructure, has degrees in electrical engineering (MIT) and biostatistics (Harvard), has been national leader for his professional society, has several patents and books to his credit, and keeps his feet on the ground by running a farm.
Dan Geer is the Chief Information Security Officer for In-Q-Tel, the strategic investment arm of the US Intelligence Community. He has been present at the creation for much of the growing information infrastructure, has degrees in electrical engineering (MIT) and biostatistics (Harvard), has been national leader for his professional society, has several patents and books to his credit, and keeps his feet on the ground by running a farm.