Hardly a day goes by without a cybercrime story.
Whether it’s a break-in discovered at an organization, the release of a new virus, police arresting an online child pornography ring or Anonymous striking back at authority, the Internet seems increasingly more like a dangerous place for users rather than a repository for information and services.
A two-day conference for Internet experts at the University of Toronto that started Sunday on what is called stewardship of the Internet will ask what can be done. Specifically, it asks ‘Who has responsibility for cyberspace, should it be controlled – and if so, by whom?’
“Pressure is building towards a ‘constitutional moment,” says the Web page of the conference.” Major governments have begun to debate what should be the ‘rules of the road’ for cyberspace, but agreement appears far off.”
The conference is the second annual forum on Internet security hosted by the Munk School of Global Affairs. This year’s international speakers include the head of the FBI’s cyber division, a member of Public Safety Canada’s cyber security directorate, academics, privacy specialists as well as officials from Microsoft Corp. and Google.
Sunday’s opening session is open to reporters, but Monday’s session is closed for more open discussion on case studies.
(To read papers commissioned by the conference on the concept of Internet stewardship, click here)
Among the panellists at Monday’s session on policing the Internet will be Jeff Brueggeman, vice-president of public policy and deputy chief privacy officer at American telecom carrier AT&T.
“Cyber security issues are extremely important to government,” he said this week. “Both in the U.S. and Canada we’re seeing a lot of discussion about how to improve public-private partnerships on cybersecurity.”
For his part, it will provide an opportunity to discuss AT&T’s that governments around the world should support work done by carriers and security companies while still having the flexibility to deal with rapidly changing threats.
“Our chief security officer made the interesting point last week that that if you try and establish regulations that forces everyone to the point using the same type of security and tools you’d actually be playing defence in a very predictable way and you’ll make it easier for those who to break in and cause harm. So our message has been we need to work together with government, but have the flexibility to respond to new threats.”
Not everyone agrees. Some police forces and military officers think there has to be intervention before the Internet becomes completely unmanageable – or a theatre for cyberwar (if it isn’t already).
There is also the clash between those who want an open Internet and those who want powers to enforce copyright on intellectual property.
Not surprisingly, AT&T isn’t one of those calling for more government intervention. There are many organizations that can handle pieces of Internet security, Brueggeman said from Costa Rica, where he was attending the annual meeting of International Corporation for Assigned Names and Numbers, (ICANN). One issue being discussed there is how to increase security for domain names, like .ca and .com.
“What we’re saying is we need to get the technical people working together, we need government to be thinking about the right policies, but we can do that without creating a new regulatory structure to regulate the Internet by taking advantage of the strength of the Internet: it’s very flexible and can change rapidly. You have a lot of experts already working on these issues.”
At the recent RSA conference, one security executive quietly expressed despair that corporate Internet systems can be secured. “What I hear from my chief security officer is somewhat different from that,” Brueggeman replied. “There are always new threats and so there’s no one thing you can do to keep yourself completely safe, but there are lot of things we can do to keep a step ahead of the bad guys and be proactive.”
“We think the type of technical discussions we’re having at the University of Toronto is a great example of a more productive way to go that proposals that some kind of centralized control of the Internet would actually make us safer.”
Closed door sessions will also discuss whether there should be limits to dissent on the Internet and whether the military has a strategic stake in being a steward of an open cyberspace.