Spaltet das Internet in Zwei Teile!
Freitag, 1. August 2014
Eine Übersetzung für diesen Text ist nicht verfügbar. Bitte wählen Sie die englische Version.
Most individuals want security; however, not only those do, but especially intelligence agencies and other
public authorities. Thereby it is a fact that governments have a role to play in the cyber world, which not
necessarily accords with nongovernmental actors.
The NSA for example always wanted security, but also to capture as much data as possible by definition. Listening »in« is what gets the agency a whole lot of intelligence and security today, and is also what results in tremendous data loss and insecurity for other actors, at the same time. Hence to achieve that aim the agency basically exploits flaws within the design of operating systems, applications run on top of these as well as the inherent protocols [1]. This brings us right to the most important infrastructure component employed in such tasks: the Internet; successor of the »ARPANET«, and a family of about 550+ protocols. Its important, underlying IP (Internet Protocol) suite was once created by the US DoD (Department of Defense), for address-identifying computer systems on a higher level, while providing high resilience against large-scale network outages.
The NSA for example always wanted security, but also to capture as much data as possible by definition. Listening »in« is what gets the agency a whole lot of intelligence and security today, and is also what results in tremendous data loss and insecurity for other actors, at the same time. Hence to achieve that aim the agency basically exploits flaws within the design of operating systems, applications run on top of these as well as the inherent protocols [1]. This brings us right to the most important infrastructure component employed in such tasks: the Internet; successor of the »ARPANET«, and a family of about 550+ protocols. Its important, underlying IP (Internet Protocol) suite was once created by the US DoD (Department of Defense), for address-identifying computer systems on a higher level, while providing high resilience against large-scale network outages.
The problem with that protocol suite, and thus with large parts of the known Internet itself, is though that it was
meant for communication among »friends«; meaning entities within the same or similar organizations like e.g.
the US military or the US intelligence community. The point however is that a) outside of that scope one may want
to hide who someone else is talking to, while also hiding the information in transit itself; and b) the
aforementioned, inherent design of the network and protocol stack is the primary problem of vulnerability to myriad
network attack. In the recent past both problems outlined hit hard on civilians, who also use and rely on that
infrastructure [2].
As a consequence some people argued that a major rewrite of protocols or a »network split« would be required to satisfy nowadays practical constraints of many entities, especially nongovernmental actors [3]. It can therefore be safely assumed that constantly mentioned things, like strong encryption for the security of individuals, corporations and public authorities by themselves, cannot be the definitive answer, when considering the design flaws of the Internet. And although some try to provide a reasoned debate on this important issue, the problems that accompany with focusing on encryption solely cannot be overlooked by nongovernmental bodies. The main problem is that it is hard to do encryption it in such a way as to get good results, for various reasons [4]. To make encryption effective, someone has to manage and maintain the systems; for example the way NSA does for DoD and, to a lesser extent, other parts of the government. However, even then the questions of anonymity and network resilience would still remain unanswered, especially for the private sector.
In July 2015 the UN appointed special correspondent for data protection Joseph Cannataci, during a Geneva conference. Months ago members of the human council decided they were in need of such a correspondent, also in the wake of the Snowden revelations and increased general protection violations of basic rights [5]. Since Mr. Cannataci is relatively free in setting his goals, he can be expected to focus on three distinct measures in the future. These include encryption, parallel Internet (sic!) and legal solutions to problems. Mr. Cannataci holds a LLD (Doctor of Laws) degree from the University of Malta and also is a so-called »Chartered Information Technology Professional«.
Given the problems, addressed especially by experts, we should therefore look into different approaches, like a redesign of the protocols, and/or preferably more global network splits. Some practical approaches have already been made in the past with military networks (»MILNET«/»DDN« vs. »ARPANET«) [6]. Taking such approaches into account, it is very likely that the Internet will also be physically separated into lots of more noticeable different parts subsequently; beyond the degree of separation seen with networks like »NIPRNet«/»SIPRNet«/»JWICS« vs. »Internet« nowadays. This may also solve some of the problems with individuals tampering with government as well as nongovernmental installations, and may make it easier to implement new technologies, within small Internet-alike networks, with reduced costs. Especially in the wake of an increased number of attacks, on critical infrastructures and components (e.g. German »KRITIS«), the latter sounds plausible [7]. Some governments and their federal agencies however may object, while feeling a loss of influence; they argue that more access to private communications and to the Internet as a whole, for the military and intelligence agencies, may seem prudent these days.
Nonetheless, we at ✛ΔO think, the potential security gain of a split of critical infrastructures from the Internet would outweigh the aforementioned loss of influence by far. We also think that more network splits, with dedicated network transition points, would most likely lead to a situation in which the presence of governmental agencies could solely be focused to certain transition points and targets, while reduced in other major parts of the (civil) Internet. That in turn would alleviate the situation for the general public, while still providing access for federal authorities to relevant parts of the Internet [8].
As a consequence some people argued that a major rewrite of protocols or a »network split« would be required to satisfy nowadays practical constraints of many entities, especially nongovernmental actors [3]. It can therefore be safely assumed that constantly mentioned things, like strong encryption for the security of individuals, corporations and public authorities by themselves, cannot be the definitive answer, when considering the design flaws of the Internet. And although some try to provide a reasoned debate on this important issue, the problems that accompany with focusing on encryption solely cannot be overlooked by nongovernmental bodies. The main problem is that it is hard to do encryption it in such a way as to get good results, for various reasons [4]. To make encryption effective, someone has to manage and maintain the systems; for example the way NSA does for DoD and, to a lesser extent, other parts of the government. However, even then the questions of anonymity and network resilience would still remain unanswered, especially for the private sector.
In July 2015 the UN appointed special correspondent for data protection Joseph Cannataci, during a Geneva conference. Months ago members of the human council decided they were in need of such a correspondent, also in the wake of the Snowden revelations and increased general protection violations of basic rights [5]. Since Mr. Cannataci is relatively free in setting his goals, he can be expected to focus on three distinct measures in the future. These include encryption, parallel Internet (sic!) and legal solutions to problems. Mr. Cannataci holds a LLD (Doctor of Laws) degree from the University of Malta and also is a so-called »Chartered Information Technology Professional«.
Given the problems, addressed especially by experts, we should therefore look into different approaches, like a redesign of the protocols, and/or preferably more global network splits. Some practical approaches have already been made in the past with military networks (»MILNET«/»DDN« vs. »ARPANET«) [6]. Taking such approaches into account, it is very likely that the Internet will also be physically separated into lots of more noticeable different parts subsequently; beyond the degree of separation seen with networks like »NIPRNet«/»SIPRNet«/»JWICS« vs. »Internet« nowadays. This may also solve some of the problems with individuals tampering with government as well as nongovernmental installations, and may make it easier to implement new technologies, within small Internet-alike networks, with reduced costs. Especially in the wake of an increased number of attacks, on critical infrastructures and components (e.g. German »KRITIS«), the latter sounds plausible [7]. Some governments and their federal agencies however may object, while feeling a loss of influence; they argue that more access to private communications and to the Internet as a whole, for the military and intelligence agencies, may seem prudent these days.
Nonetheless, we at ✛ΔO think, the potential security gain of a split of critical infrastructures from the Internet would outweigh the aforementioned loss of influence by far. We also think that more network splits, with dedicated network transition points, would most likely lead to a situation in which the presence of governmental agencies could solely be focused to certain transition points and targets, while reduced in other major parts of the (civil) Internet. That in turn would alleviate the situation for the general public, while still providing access for federal authorities to relevant parts of the Internet [8].
References:
- ↟ "[NSA] Tailored Access Operations - QUANTUM attacks"↗. Wikipedia / Elvey, et al. Retrieved 01 August 2015.
- ↟ "Net Of Insecurity - A flaw in the design"↗. The Washington Post / Nash Holdings LLC. / C. Timberg. Retrieved 01 August 2015.
- ↟ "Hacker News - Ask HN: If we could redesign [..]"↗. Y Combinator LLC. / Ask HN. Retrieved 01 August 2015.
- ↟ "Encryption is Not Enough"↗. Gizmo's Freeware / techsupportalert / Philip. Retrieved 01 August 2015.
- ↟ "United Nations - Privacy flag in the wind"↗. Zeit-Verlag G. B. Ltd. & Co. LP / M. Ermert. Retrieved 01 August 2015.
- ↟ "ARPANET Information Brochure NIC-50003"↗. U.S. DoD / DARPA DCA / P. Baran, L. Kleinrock. Retrieved 01 August 2015.
- ↟ "IT & CS - Cyber Security Strategy for Germany"↗. German Federal Ministry of the Interior. Retrieved 01 August 2015.
- ↟ "Tech Giants Issue Call for Limits on Govt. [..]"↗. Genius Media Group Inc. / E. Wyatt, C. C. Miller. Retrieved 01 August 2015.
Zuletzt aktualisiert (Samstag, 1. August 2015)
