Yesterday, the third annual RightsCon kicked off
in San Francisco. The conference brings together tech executives,
diplomats, policy advocates, and self-described cypherpunks who
sometimes double as security experts, to name a few. The goal is to
find ways in which the digital realm, which is ever more
encompassing and impacting daily life, can be used to protect and
expand the rights of people worldwide. Here are two highlights from
the first day of the conference:
1. Encryption won’t save us from surveillance, but it’s
better than regulation
Where do we stand in the battle against digital surveillance?
“If you imagine being a cypherpunk in the ’90s, and waking up right
now, you might actually think we won,” speculated Morgan
Marquis-Boire, a Senior Security and Technical Adviser at the
Citizen Lab (Marquis-Boire is also a Senior Security Engineer at
Google, but explicitly said he was not speaking in that capacity).
He pointed to the proliferation of the Tor Project, the encryption
of major operating systems, and the interpretation of HTTPS into
most browsers. But, the surveillance game has changed too.
While governments used to rely on their in-house capabilities,
the demand for surveillance has given rise to third party
cybersecurity companies like Narus, Amesys, and Blue Coat
Unfortunately, their technology ends up in the hands of repressive
regimes, who use it to find dissidents, infect them with malware,
and extract information about them and their allies. Last year,
Reports Without Borders declared Blue
Coat an “enemy of the Internet” for helping China, Russia,
Venezuela and others free speech-squelching capabilities.
Marquis-Boire was hesitant about regulatory efforts to do away
with these problems, noting that secret court systems, such as the
U.S. Foreign Intelligence Surveillance Court, could easily make
exceptions for themselves. Instead, he suggested engineering
solutions. Encryption “won’t save you,” but that “we need to start
engineering in a commercially resistant manner.” Marquis-Boire
explained that security engineers can develop encoding that’s so
complex and hard to crack, decrypting would be financially
unfeasible. He also pointed to opportunistic encryption, which can
secure communications between
2. Who governs the web? And more importantly
how?
Who governs the Internet? “This is a very important question,”
said Fadi Chehade, the CEO of the Internet Corporation for Assigned
Names and Numbers (ICANN), which plays a major role in internet
governance.
Speakers on a panel listed an alphabet soup of organizations
like ICANN, the Internet Architecture Board (IAB), the Internet
Engineering Task Force (IETF), the Internet Governance Forum (IGF),
which all play different roles, such overseeing domain space and IP
addresses, managing the engineering of the internet, and conducting
policy discussions.
A more important issue, though, is how they are held
accountable. After all, as Professor J.D. Ross of Syracuse
University writes, ongoing is a “15-year controversy over the U.S.
government’s special relationship to [ICANN].”
Betrand de La Chapelle of ICANN contended that the
“accountability mechanism of the representative-democratic system
is relatively weak for international issues,” and presented a
hypothetical crime in which an “Australian traveling in Peru, using
Yandex, to say something about a Chinese. What’s the jurisdiction
for that?” De La Chapelle suggested that this leaves the world in
“in a framework where you have to pile up accountability
mechanisms,” and that the best way to do so is through transparent
multistakeholder meetings, in which (ideally) anybody can
participate.
Particularly, next month the international community hopes to
address some of the issues around this next month at the Global
Multistakeholder Meeting on the Future of Internet Governance in
Brazil. The panel acknowledged that currently, those outside the
tech community–and even many within it–are unaware of Internet
governance and the ability to participate in it. One panelist
suggested a simple solution: making information public on
GoogleDocs and allowing anybody to comment on it as it is being
discussed.
from Hit & Run http://ift.tt/1f307it
via IFTTT