Categories
Encryption Strengthening the Internet

Chapter Leaders Worldwide Make the Case for Strong Encryption

What makes a great leader? Earlier this year, 473 Chapter Members participated in the 2020 Chapters Training Program. The Internet Society kicked off the program with a lot of hope and excitement. This was an opportunity to harness the power of us – our global community – to incubate innovative ideas and tomorrow’s Internet leaders.

The program aimed to develop new community leaders to work with their Chapters, create local awareness of the Internet Society’s mission-driven work, and become involved in Action Plan projects, including Encryption.

Each time we share information on the Internet, we assume that only our selected recipients – and no one else – will receive and read it. But how can we be sure? Ursula Wyss of the Switzerland Chapter says, this is “where end-to-end encryption comes in, since it ensures that only you and those people who are intentionally included in the conversation can read the messages that are being exchanged. This is done by scrambling the message in a way that it can only be read by those who have the right encryption key to unscramble it. For everyone else, the messages remain scrambled.”

The Encryption Chapters Training Program was developed to equip Chapter Leaders with knowledge and tools to engage their members locally in an impactful and informed way. It included 139 trainees from 66 Chapters. They watched 10 videos and attended a two-hour training session with Internet Society staff and experts from the community, including Chapter Leaders from Germany, the U.S., Canada, India, Ghana, and Bolivia as well as partners such as Derechos Digitales.

Why Does Encryption Matter?

“With an escalation in hackings over the past decade, breaches in our private data are of ubiquitous meaning now more than ever and, for this, encryption is key,” writes Loide Uuzigo of the Namibia Chapter in “The Time For Encryption Is Now.

Encryption safeguards the personal security of billions of people and the national security of countries around the world. These are just a few examples of how:

Internet privacy concerns are real: Encryption helps protect your online privacy by turning personal information into “for your eyes only” messages, seen only by the parties it’s shared with.

Hacking is big money: Cybercrime is a global business, often run by multinational outfits. Many of the headline-making large-scale data breaches demonstrate that cybercriminals are often out to steal personal information for financial gain. End-to-end encryption, the most secure form of encryption, ensures that sensitive, confidential information transmitted by billions of people online every day remains confidential and out of the hands of criminals.

Online health and learning solutions rely on it: With people worldwide increasingly relying on telehealth and remote learning during a pandemic, encryption is a must. For instance, in the U.S. the Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to implement security features that help protect patients’ sensitive health information online.

Once armed with information, the Encryption Chapters Training Program trainees developed local initiatives to amplify awareness of the critical role encryption plays in our everyday lives. Here are a few of the submissions that stood out:

Encryption helps protect private information, sensitive data, and can enhance the security of communication between two parties,” says Theorose Elikplim Dzineku, an Internet Society Ghana Chapter Member. “Whereas the Internet proposes a host of ways to communicate with friends, co-workers, and complete strangers, it also allows third parties to intrude on those communications, as well as track online conversations and activities. Using encryption tools helps individuals keep communications secret and protect swapping activities of personal tales with a friend or transacting important business with a client.”

Says Rahabu Sakilali of Tanzania, “with the COVID-19 pandemic, virtual conferencing and social media became the go-to place to hold lessons, business meetings and sensitive discussions. Encryption makes the virtual platforms safe!  End-to-end encryption protects ourselves and our data. It also helps us be sure who we are communicating with, sign digital documents and ensure the recipient is authentic.”

Effective encryption is a foundation for us to build trust on the Internet”, states Josephine Nampala of the Uganda Internet Society Chapter. In fact, during the COVID-19 pandemic, end-to-end encryption’s got us covered. “With the social distancing that is required to control the pandemic, many enterprises are opting to operate remotely. As well, many people are trying so much to keep close to their loved ones through different online platforms.” In these situations, we need to be sensitive about our privacy online, and strong encryption is key for us to trust the Internet.

Many trainees shared Spanish-language resources, too. Highlights include this video from Oscar Danilo González Navarrete of the Nicaragua Chapter, a blog post from Fernando Manuel Morales Rodas of the Guatemala Chapter, which includes videos that explain Encryption in a simple way, and a blog post from Osvaldo Juan Encinas Moreno of the Venezuela Chapter, who highlights the importance of digital education for those in vulnerable groups.

These are only a few examples of how we all depend on encryption every day of our lives. Effective encryption is key to secure online communications, from financial transactions to healthcare. It is the foundation upon which a trustworthy Internet is built.

Got an interesting story about how encryption is a critical part of securing out day-to-day experiences safe online? We want to hear it! Write to us at encryption@isoc.org.

Categories
Encryption Strengthening the Internet

Don’t Forget Cybersecurity on Your Back-to-School List

This opinion piece was originally published in Dark Reading.

School systems don’t seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.

Schools are starting to reopen around the country – some physically, some virtually, and some a hybrid of the two. As a result, the remote learning requirement that was thrust upon schools when the pandemic forced closures earlier this year has reemerged. Presumably, lessons learned during the chaotic transition in the spring can be applied to make fall run more smoothly. But one item is critical to consider during this back to school season: Cybersecurity.

Before examining cybersecurity needs in school systems, it’s important to understand what’s at stake. On the surface, school systems don’t appear to be an attractive target, but they contain a significant amount of highly sensitive information, such as contact information, grades, health records, counselor interactions, and possibly parents’ financial records. In light of COVID-19 and increased remote connections, there is now even more data – including health status, contact tracing, and recordings of student participation online – housed in systems and therefore more privacy concerns than ever.

In recent years, schools have also seen an increase in debilitating ransomware attacks, even prompting an FBI alert this summer highlighting increased abuse of the Remote Desktop Protocol (RDP) to plant ransomware on school systems.

The security challenges are amplified by the move to more online learning and administration, specifically:

  • Systems that were designed to be accessed on internal networks now need remote access.
  • A wide variety of devices that were never connected to the school’s network now need regular access to services.
  • The type of access needed has expanded well beyond posting of class assignments online. It now includes everything from live classrooms to access to administrative tools and health services.

These additional requirements significantly expand the attack surface, compounding the risks. This brings a largely un-cybersecurity educated set of users into play, placing additional stress on school IT staff who are already typically stretched thin.

So, who is responsible to ensure that these systems and their users are safe? In this case, all layers of the ecosystem – vendors, school districts, and students/parents – have a role to play.

Vendors need to recognize the shift to remote use and provide appropriate built-in security.

School district staff need to choose tools that have appropriate security controls and establish strong cybersecurity practices for staff and students.

Students (and their parents) need to protect themselves and the school’s systems by practicing strong cyber hygiene.

Here are some practical guidelines for each group.

Vendors Need to Raise the Security Bar
To cover the full range of needs, there are many applications and websites for school district staff to consider – most of these apps, websites, and software products are developed primarily to deliver certain capabilities and levels of functionality and may not incorporate strong security practices. These include limiting access by type of account, encrypting communication and data at rest, offering multi-factor authentication (MFA) to limit illicit access, and securing data on hosted cloud platforms.

As usage continues to increase, vendors need to bolster the security of their products to prevent breaches and disruption of their services.

School Staff: The Critical Role
School district staff has the most critical role to play in ensuring proper levels of cybersecurity, as they’re responsible for making the choices regarding what tools to offer students and parents, as well as setting up the networks for teachers, students/parents, and administrators.

As with any enterprise, school district staff need to follow strong cybersecurity practices. In March, the Consortium for School Networking (CoSN) issued Cybersecurity Considerations in a COVID-19 World to provide guidance to staff on how to best protect their networks and users. The recommended best practices include guidelines related to classroom supervision, layered permissions, Web content filtering, encrypting data, and protecting devices.

In addition to adhering to CoSN’s guidelines, staff should carefully select which online learning tools to use, make cybersecurity part of the decision-making criteria when selecting digital tools, and not hesitate to demand stronger security capabilities from existing vendors.

Students and Parents: Empowering End Users
It’s critical that students and parents take concrete steps to empower themselves to be safer when engaging in remote learning online, as failure to properly secure their access can have negative side effects on both the school systems and systems used in their household, which likely include corporate systems in our new work-at-home world.

Though students and parents are at the mercy of the choice of tools made by the school, they can still practice good cyber hygiene by using strong passwords, enabling multi-factor authentication, changing default passwords on devices in the home to prevent illicit access, exercising care in sites they visit, and choosing strongly encrypted services for their personal use.

Given the massive increase in video conferencing use since the start of the pandemic, it’s also important for students and parents to make smart choices regarding those services. Mozilla released a guide to videoconferencing services, assessing them against minimum security guidelines, as part of their “*privacy not included” series. This is a valuable resource for students and parents.

Back to school 2020 will certainly be unique, as schools scramble to figure out how to provide education in the context of an ever-shifting coronavirus backdrop. With a continued shift to online learning, maintaining a strong focus on cybersecurity is more important than ever.


Image by Element5 Digital via Unsplash

Categories
About Internet Society

The Internet Society Welcomes the Comoros Chapter

We are excited to announce the new Internet Society Comoros Chapter! ISOC Comoros officially launched in July in front of an in-person and online audience at the Retaj Hotel.

Journalists joined several distinguished guests, including:

  • Dawit Bekele, Internet Society’s Regional Vice-President for Africa
  • Mohamed Said Abdallah Mchangama, President of the Federation of Comorian Consumers (FCC)
  • Amina Abdallah, Coordinator of the World Bank’s Phase 4 of the Regional Communications Infrastructure Program for Africa (RCIP-4)
  • Hamidou Mhoma, President of the Comorian ICT Association
  • Chamsoudine Soudjay, Secretary General of the Comorian ICT Association
  • Amroine Mouzaoui, Executive Secretary of the Comorian Movement for Entrepreneurs
  • Raymane Ali Matoir, Director of Human Resources of Telma Comores
  • Youssouf Abdoulmadjid, Chief Operating Officer of Comor’Lab
  • Moussa Abdallah Moumine, Coordinator of the General Inspectorate of National Education

Since the country’s very first connection to the Internet in July 1998, the Internet industry has continued to evolve, along with telecommunications. The country is beginning to benefit from the rise in competition in the ICT sector, and as such the establishment of ISOC Comoros brings an added dimension to the development, promotion, and use of the Internet for the greater good of the entire country.

The Internet is for everyone and it is shaped by the cooperation and the active participation of everyone. The idea of creating a Chapter in the Comoros came to us after we attended various international meetings. These raised the awareness of young Comorians, who see progress in various fields and share the same values regarding the use and importance of the Internet.

We are convinced that by partnering with all of the stakeholders in the development of the Internet locally, we will connect the unconnected and make the Internet a trusted and secure tool to boost the economic and social development of our country.

There were speeches throughout the ceremony, including an opening speech by the president of the new Chapter, Ali Hadji Mmadi, introductions of the members of the executive board, and an outline of the 2020 action plan. The president of the FCC defined the role and place of ISOC Comoros in the national ecosystem as well as the value of national expertise. Finally, Dawit Bekele gave the official launch speech to mark the beginning of the Chapter’s activities. Watch the ceremony!

ISOC Comoros is a nonprofit organization governed by Comorian law. It supports and promotes the open development, evolution, and use of the Internet for the benefit of all people in the Comoros. It endorses the mission of the Internet Society, and it supports its initiatives for the development of the Internet as a global technical infrastructure, a resource to enrich people’s lives, and a force for good in society.

The Chapter seeks to collaborate with all Internet development stakeholders in the country by helping to identify and resolve critical Internet issues. It is committed to a multistakeholder approach to ensure the participation of everyone in the development and governance of the Internet in the Comoros.

The new Chapter is ready to work with individuals and corporations in the Union of the Comoros to ensure that the Internet is open, secure, trustworthy, and affordable for everyone.

Follow ISOC Comoros on Facebook, Twitter or visit the website. Together, we can promote the development of the Internet and support the advancement of policies, standards, and the future growth of the Internet – in the Comoros and around the world.

Watch the official launch!

Categories
Community Networks Growing the Internet

The Digital Divide May Be News, But It’s Not New

This opinion piece was originally published in Morning Consult.

Low-income Americans; Black, Hispanic and Native Americans; the elderly; Americans with a high school education or less; and rural Americans are much more likely to be on the wrong side of the digital divide. Ours remains a nation where too many people, often our most vulnerable citizens, are unconnected or under-connected.

The digital divide may have made the news during the COVID-19 pandemic, but it isn’t new.

For much of the past quarter-century, Washington policymakers have ignored the digital divide. In more recent years, some public officials, for political reasons, have identified the digital divide as primarily a rural issue, noting that approximately 5 million rural American households can’t access broadband networks. In reality, the number of rural households that can’t access broadband is dwarfed by the roughly 20 million American households that can’t afford Internet access, and that number almost certainly has increased as a result of the pandemic.

Today, Washington finally seems willing to engage in addressing the digital divide. What we need now are not the patchwork solutions of the past, but a thoughtful, fully funded, comprehensive effort to ensure broadband connectivity for all Americans.

My colleagues and I at the U.S. Department of Commerce’s National Telecommunications and Information Administration identified the disparity in access to Internet technology in 1995 in “Falling Through the Net: Haves and Have-nots in Rural and Urban America.” In that report, we noted that several factors impacted access to technology: income, race, education, age, and geography.

The difference today, however, is that broadband access has become critical to living life in our country. It is simply impossible to fully participate in society, particularly during a pandemic, without broadband access.

In 2020, 27 percent of elderly Americans don’t have broadband access. And 40 percent of small businesses in New York City are located in gigabit deserts and don’t have access to copious broadband networks.

As many as 30 percent of K-12 students, according to a report by Common Sense Media, don’t have the tools necessary to engage in remote learning. For many this will mean no continued learning during COVID-19 lockdowns.

And many of the 70 percent of residents on rural tribal lands who remain without access to fixed high-capacity broadband, according to The American Library Association, are unable to continue with their studies or job online.

How can we bridge the digital divide, thoughtfully and effectively?

Map availability and affordability

The Federal Communications Commission, and NTIA, in conjunction with state regulators, must find a way to accurately map broadband availability and affordability. You can’t fix what you don’t understand, and our regulators are flying blind when it comes to the true state of broadband connectivity in America today.

Redefine ‘broadband’

For some years the FCC has defined broadband as 25 megabytes per second down and 3 mps up. That standard was insufficient when it was adopted, and is now laughably outdated.

In a report I wrote for the incoming Obama administration in 2008, I called for a 100 mps national standard by 2010. Today, when video conferencing products such as Zoom are near essential tools for education, commerce, and entertainment, a low-bandwidth, asymmetrical standard is unacceptable.

The FCC must now update and modernize its definition of “broadband.” The starting point for any future broadband standard should be 100/100 mps, with an understanding it may take additional time for rural communities to reach that standard.

Modernize and adequately fund connectivity programs

The FCC’s Lifeline program, established during the Reagan era, provides subsidies to low-income families to enable connectivity to telecommunications devices. The current program’s provision of less than $10 per month for connecting one telecommunications device per household is far from adequate to enable meaningful connectivity.

Congress and the FCC must rethink and re-establish the program for the current broadband era.

Use public spaces to improve accessibility

In addition, there are three key things schools, libraries, and other public facilities could do to help reduce the digital divide and provide more equitable access to the Internet. The first two of which can be done immediately:

  1. Use schools and libraries as community WiFi hot spots. This requires a few things, all of which are possible right away: With relatively minimal funding, schools and libraries could place more outdoor access points on their facilities. This actively broadcasts the school or library’s WiFi signal to the local community so that students and – potentially – other community members can have access to Internet resources. The reach of outdoor, unlicensed WiFi is more limited than the other options below, but it can easily reach most of the block that the building is on.
  2.  Schools and libraries can help provide greater connectivity by providing WiFi hotspots to students, library patrons, and their families. There are a number of good options, not just from the main carriers, but from more education-focused providers like Kajeet, ENA, and Mobile Citizen.
  3. A final, more strategic solution that will take longer to implement but that holds significant promise for permanently resolving or reducing the homework gap: We should consider schools, libraries, and other institutions as anchor locations for true community-focused cellular Internet access.

Using either the Educational Broadband Services spectrum, or the Community Broadband Radio Services spectrum, schools, libraries, and other public facilities could provide secure, low-cost, and high capacity cellular wireless Internet to students (and other community members, potentially) across New York City.

Although the upfront costs of building out cellular data networks is more expensive than installing outdoor WiFi or purchasing hot spot plans, this solution would potentially cover much more of the city (indeed, all of it), and the long term total cost of ownership per student/community member is much, much less than paying ongoing fees for hot spot data plans.

We have a clear path toward full broadband connectivity. We can and should make connecting all Americans a national priority. We don’t have another quarter century to waste.


Image by bantersnaps via Unsplash

Categories
Technology

The Week in Internet News: U.S. Moves Closer to Banning Chinese Apps

Shopping for video: As U.S. President Donald Trump pushes for a ban of TikTok unless it’s sold by its Chinese owner, Walmart has joined Microsoft in a bid for the short-video sharing app, CNBC reports. TikTok is reportedly nearing an agreement to sell its U.S., Canadian, Australian, and New Zealand operations for $20 billion to $30 billion.

Boycotting an app ban: Another Chinese app that’s been targeted by Trump is WeChat, but the Chinese foreign ministry has suggested that consumers in the country could boycott Apple if the U.S. takes action against WeChat, The Straits Times says. Apple, as a large U.S. company, seems to be a convenient target for Chinese consumers.

An East/West split: As others have warned, an official with the U.K.’s National Cyber Security Centre has suggested that the Internet may split into a Western version and a Chinese-led Eastern version if Trump moves forward with a ban of Chinese apps, the Independent reports. A split could raise concerns about Western technology keeping up with the East, the official says.

Spy vs. hacker: New Zealand’s government has turned to its intelligence agency to thwart a sustained, multi-day cyberattack on the NZX stock exchange, Bloomberg reports. Security intelligence firm Akamai has warned that extortionists claiming to be the Russian-linked hacking group Fancy Bear have been sending ransom letters to finance, travel, and e-commerce companies in the Asia-Pacific region, the U.S., and the U.K. These letters demand payments to stop attacks.

Troubled by tracking: Some Google engineers were “troubled” by the way the company secretly tracked the movements of people who didn’t want to be followed before a 2018 Associated Press investigation uncovered the surveillance, reports the Associated Press at Inquirer.net. The concerns were detailed in unsealed documents in a consumer fraud case filed by Arizona’s attorney general. “Location off should mean location off, not except for this case or that case,” one engineer wrote in an internal document.

More Internet for schools: An educational startup founded by a Harvard student is focused on bringing Internet access to students in countries where services are sparse, Bizjournals.com reports. Harvard student Shawn Shivdat was inspired to bring educational resources to his father’s home country of Guyana, in South America.

Read the Internet Society’s statement on the U.S. Clean Network Program.

Categories
Growing the Internet Infrastructure and Community Development

In South Asia an Online Training Course Equips Engineers for the Future

The Internet Society, in partnership with South Asia Network Operators Group (SANOG) recently concluded a five-week, hands-on training course for entry level network engineers and system administrators from South Asia. The online course Introduction to Network Operations, which took place from June 15 to July 19, prepared professionals to take advantage of the new opportunities created by the Internet. The training provided practical learning about UNIX/Linux, networking, and the Domain Name System (DNS) to over 40 participants from Research Education Networks (RENs), government institutions, network operators, universities, and private institutions. SANOG subject matter experts Thilina Pathirana from Sri Lanka and Gazi Zehadul Kabir from Bangladesh moderated via Moodle, an e-learning platform.

Skills and Knowledge for Digital Transformation

The course aimed to prepare young engineers for the future. The technical skills and hands-on knowledge enable them to build expertise to advance professionally in their chosen field of network and system administration. The course also served as a common platform for South Asia community members to actively interact, exchange knowledge, and learn from one another.

For participants, the course was a great learning experience. “It was the best online course I had yet,” said Afaq Ahmed from Pakistan. For young engineers Shreekar Tiwari from Nepal and Randhir Kanojia from India, the course provided practical experience and skills to lead digital transformation in the region.

Immediate Rewards

Deepthi Gunasekara, an engineer from Sri Lanka, excelled during the course. She was offered a job by the Lanka Education And Research Network (LEARN) in Sri Lanka. She is now an Assistant Engineer at LEARN, a National Research and Education Network (NREN) that not only interconnects educational and research institutions across the country, but provides network-related services.

“It was an excellent experience on learning and implementing DNS. Internet Society Network Operations course was very helpful for me, especially [as] it brought an opportunity to uplift my professional career [and earn] a new job,” said Deepthi.

Course moderator Gazi Zehadul Kabir, a member of the National Network Design Committee of Bangladesh, was thrilled to learn a freshly-mentored engineer got a job. He said the course enabled even greater interaction with course participants online. “The Internet Society brought a new era for us with this online course, where [we were] more closer to students,” said Gazi.

For more that 15 years he has been part of the South Asia technical community. He is happy to have this opportunity to pass on skills he curated over the years to young people. His wish is that the Internet Society should continue strengthening the capacity of the South Asia Internet community to take advantage of future opportunities.

Learn more about Introduction to Network Operations.


Image by Kimberly Farmer via Unsplash

Categories
About Internet Society

Reflecting on Three Years of Board Service and a Commitment to Quality Improvement

Departing Trustee Glenn McKnight looks back at his three years of service as a member of the Internet Society Board of Trustees.

During the past three years we have seen a tremendous amount of productive work by a functional and focused Internet Society Board of Trustees. This included not only the normal board and committee work, but also the extra efforts associated with the selection of a new CEO, creation of the Internet Society Foundation, and meeting the challenges of the proposed PIR/Ethos transaction.

It’s important to learn from these experiences, but it’s also important to focus on achievements and to reassert the core values of the Internet Society as a force of good in the Internet ecosystem. We see the Internet Society focusing its efforts with purposeful strategic direction lead by CEO Andrew Sullivan and his team. As a departing Trustee, I would like to see the Internet Society explore more opportunities for members to learn from one other, including “Meet the Board” to foster improved communication and a means to help teach the community about the role of the Board of Trustees.

During these three years, my work beyond the normal board work has also involved committee work, including volunteering on the Governance and Nominations committees. I was the Nomcom Chair for one of these years. During these years, I witnessed Board Chair Gonzalo Camarillo run Board meetings effectively and on schedule, encouraging a diversity of opinions on the issues we considered. Gonzalo, along with Sean Turner and Richard Barnes as Treasurers and John Levine as Secretary, were key individuals who did a lot of heavy lifting.

Moving forward from the Internet Society, I will be focused on ongoing work in the Internet Governance space, with the launch in September of the Virtual School of Internet Governance. It’s a Massive Open Online Courseware (MOOC) initiative for 400 students in the first year, with the first cohort of 100 students already registered. This free course is a major educational opportunity for Internet Society members, since it’s based upon the extensive taxonomy of the DC Coalition of Schools of Internet Governance and more.

I wish the entire Board (especially the incoming members) a smooth transition and productive years to come. If there is one thing we’ve learned this year, it’s that we need an open, globally-connected, secure, and trustworthy Internet now more than ever.

Categories
Mutually Agreed Norms for Routing Security (MANRS) Strengthening the Internet

The State of Routing Security at DNS Registries

The Domain Name System (DNS) is an important component of the Internet, but it was not designed with security in mind. In the last 20 years or so, much attention has been directed at improving its inherently insecure aspects.

This includes the deployment of DNS Security Extensions (DNSSEC) that enables cryptographic validation of DNS records, and more recently DNS-over-TLS and DNS-over-HTTPS, which encrypts DNS transactions between hosts and resolvers.

The DNS, though, is also dependent on the global routing system for sending DNS queries from resolvers to servers, and then returning the responses. The integrity of the routing system is, therefore, extremely important for ensuring DNS transactions are delivered efficiently to the correct destination. Yet, at present, few DNS registries are implementing Routing Public Key Infrastructure (RPKI), a public key infrastructure framework designed to secure the Internet’s routing infrastructure, specifically the Border Gateway Protocol (BGP).

A survey of 4,138 zones – that included 1,201 generic top-level domains (gTLDs), 308 country code top-level domains (ccTLDs), 271 reverse map zones, and 1,780 sub-ccTLD zones – showed a total of 6,910 route origins for the name servers that are serving these zones.

Yet, just 22% of these had valid Route Origin Authorisations (ROA), a digitally signed object that verifies an IP address block holder has authorized an AS (Autonomous System) to originate routes to that one or more prefixes within the address block.

Whilst the figures for the reverse map zones (53%) and ccTLD zones (34%) give evidence of deployment, they are significantly lower for the gTLD zones (11%). In fact, around 40% of TLDs have no ROA deployment at all, with 20% only having partial deployment.

These findings are discussed in more depth in “A Look at Route Origin Authorizations Deployment at DNS Registries” on the MANRS website. It is important to highlight an aspect of DNS security that has been somewhat overlooked.

If you’re interested in finding out more about why important routing security is so important, please also read our five-part Introduction to Routing Security.

Categories
Technology

The Week in Internet News: Facebook Bans Conspiracy Accounts

Ban hammer: Facebook has banned banned about 900 pages and groups and 1,500 ads tied to the conspiracy theory QAnon, NBC News reports. QAnon followers believe an anonymous, supposed government insider has warned them about a massive group of satanic cannibals and pedophiles inside the U.S. government. QAnon, militia movements, and violent movements tied to protests will no longer be allowed to buy ads on Facebook, the social media giant said.

That’s really fast: Researchers from University College London have been able to transmit data at 178 terabits per second, The Independent says. That speed is double the speed of any current system being used, and about 20 percent faster than the previous record. With that speed, an Internet user could download the entire Netflix library in just one second.

Cracks in the ‘Net: U.S. President Donald Trump’s campaign against Chinese services TikTok and WeChat could further fracture the Internet, the New York Times reports. “China and the United States once acted like opposites when it came to governing the internet … When President Donald Trump issued executive orders that could lead to a U.S. ban next month on two of the world’s most popular Chinese-made apps, TikTok and WeChat, the White House signaled a new willingness to adopt Beijing’s exclusionary tactics.”

Working around censorship: People in Belarus are using privacy apps to defeat a recent government Internet shutdown, DW.com reports. Many Belarusians turned to free anonymizing tools and virtual private networks like Telegram and Psiphon. Psiphon saw the number of regular daily users in Belarus go from 10,000 ahead of an Aug. 9 election to more than a million.

Don’t hide the details: The former chief security officer at Uber has been charged with obstruction of justice for allegedly attempting to cover up a 2016 data breach that exposed the details of 57 million Uber drivers and passengers, the BBC reports. The executive is accused by the U.S. Department of Justice of taking “deliberate steps”  to stop the Federal Trade Commission from finding out about the breach.

Read the Internet Society Statement on the U.S. Clean Network Program.

Categories
Internet Way of Networking Strengthening the Internet

Mapping Intermediary Liability in Latin America

Thanks to our Chapters in Latin America, we now have a clearer map of the intermediary liability regulatory landscape across the region.

Intermediary liability answers the question, “Should Internet intermediaries (ISPs, web hosting and cloud services, social media platforms, etc.)  be liable for content posted or for actions performed by others, such as, for example, their users?”

The success of the Internet depends on intermediary liability regimes that protect Internet providers – by ensuring responsibility for user behavior is on the users themselves, not on the intermediaries upon which they rely (both at the infrastructure and content layers).

The way legal frameworks deal with intermediary liability around the world can impact the Internet way of networking in different ways.

In some countries, intermediary liability legislation is well known: the 1996 US Communications Decency Act (Section 230) and the Brazilian Internet Bill of Rights, for example. But in much of the world it is covered by other more general-purpose regulations, such as tort law, consumer protection law, and child protection law.

We asked our local community to help us map and monitor the current regimes that apply to Internet intermediaries in their countries, so that our work can ensure that policies and regulations related to the matter keep supporting a healthy foundation for the Internet.

The questionnaire we developed in partnership with Chapter leaders was responded to by people from 18 Latin American countries.[1] The responses generated country profiles with detailed descriptions of rules and regulations that can affect intermediary liability in Bolivia, Brazil, Colombia, Chile, the Dominican Republic, Ecuador, Mexico, and Venezuela.

The country profiles provide an up-to-date snapshot of the complex regulatory landscape. The majority of countries still rely on general administrative, civil, and criminal norms that apply more or less uniformly to Internet intermediaries.

Copyright regimes and editorial liability are commonly applied, even if they predate the Internet age. General telecommunications regulations can also comprise rules that apply to Internet intermediaries. Chile is a highlight due to its longstanding network neutrality rules, which impose penalties for intermediaries who interfere with the free flow of data at the infrastructure level.

Brazil is the only country among those listed above that has a specialized intermediary liability regime designed for Internet access providers and Internet application providers. The “Marco Civil” establishes exemptions to providers’ liability in relation to third-party content. Access providers are always exempt from liability for user content and behavior.

Our  mapping exercise is still underway. More country profiles produced by LAC Chapter members are expected for the upcoming months.

The process went beyond gathering up-to-date information. It has also helped us identify people who can promote and defend the importance of strong intermediary liability regimes for the Internet Way of Networking project in support of future community engagement and advocacy.

Based on what we have accomplished so far, we had some ideas on how the Internet Society can keep growing its knowledge base on intermediary liability – with the help of its global community. This could include:

  • Country or Chapter-level working groups to review and expand individual country profiles
  • Additional training and work to inspire and collaborate with other Chapters in the region
  • Additional activities and resources around the topic of intermediary liability
  • Replication of the process in other regions
  • Leveraging our community to serve as a valuable source of input to other mapping exercises, such as the World Intermediary Liability Map

Learn more about the Internet Way of Networking!


We would like to thank the following people for having committed their time and knowledge to help us with this collaborative effort: Roberto Zambrana Flores; Félix Fabian Espinoza Valencia; Flávio R. Wagner; Giovanna Michelato; Lorena Donoso Abarca; German M Fajardo Muriel; César Moliné; Alejandro Pisanty; Viviana Da Silva. Additionally, Nancy Quiros and Christian O’Flaherty contributed to this article.

We would also like to thank these people for their contributions: Graciela Mariani; Hector Ariel Manoff; José Ignacio Alvarez-Hamelin; R  Danton Nunes; Eric Alexander – Venturas; Jorge Augusto Ottoni Nobre de Oliveira; Leonardo Lins;   Miguel Medina; Willy Maurer; Mauricio Alarcón Salvador; Kelvin Atiencia; Ethel Monge de Kuri; Yesenia Granillo; Fernando Manuel Morales Rodas; Jose Anibal Silva de los Angeles; Ernesto Pineda; Sandy Karyna Palma Rodríguez;  Ana Laura Leon; Francisco Javier Huerta Gijón; Simon Perez C.; Haydee Almiron; Dra. Dámaris Mercado Martínez; Alicia Castillo; Eduardo Tomé and Jan Alvarado.


[1] Argentina, Bolívia, Brasil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Panama, Paraguay, Peru, Puerto Rico, República Dominicana, Uruguay, Venezuela.


Image by delfi de la Rua via Unsplash

Categories
Strengthening the Internet Time Security

Working Collaboratively to Improve Emerging Network Time Security Implementations

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly interact with rely on accurate time to function properly. Accurate time also provides an essential foundation for online security, and many security mechanisms, such as digital certificates used for Transport Layer Security (TLS), depend on accurate timekeeping. The Network Time Protocol (NTP) provides time synchronization for clocks on computer networks.

NTP’s security mechanisms were designed back in an era when most Internet traffic was trusted, and the risk of attack was unlikely. Due to the continued exponential expansion of the Internet, these mechanisms became outdated and needed to be redesigned. The Internet Engineering Task Force (IETF) has been working on a specification for Network Time Security (NTS) for several years now. This specification was approved by the Internet Engineering Steering Group (IESG) in March of this year and is currently in the RFC editing process for the final publication. Over the course of the last couple of years, there have been a series of NTS projects held as part of the IETF Hackathons. These projects have worked to identify mistakes and ambiguities in the specification and to test and improve interoperability between implementations.

Time Community Collaboration

Recently, as part of the IETF 108 virtual hackathon, there was another successful event in this series. Representatives from several organizations including chrony, Cloudflare, Netnod, Orolia, Ostfalia University of Applied Sciences, Physikalisch-Technische Bundesanstalt (PTB), and the Internet Society took part in the project on Network Time Security (NTS) in July 2020. By the end of the week, there were 13 installations of six different NTS server implementations. These server implementations were tested against five different client implementations showing improvements in the maturity and interoperability of both the client and server implementations of NTS.

Additionally, a key highlight from the effort was the contribution of the first NTS test tool. This tool was contributed by Miroslav Lichvar and checked an implementation’s adherence to the specification as well as performing some basic performance tests. A short presentation on the outcomes of the NTS project at the IETF 108 virtual Hackathon is available here

NTS Support

At this point, there are now two mainstream open source NTP implementations that have added NTS support: chrony and NTPsec. Additionally, there are open source NTS implementations from Netnod, Ostfalia, and Cloudflare. The Internet Society’s Time Security project is building a distributed testbed with some of these implementations to provide additional test and implementation opportunities for the wide community.

Find out more:


Image by Josh Redd via Unsplash

Categories
Community Networks Growing the Internet

Internet Society and the Association for Progressive Communications Enter into a Memorandum of Understanding

The Internet Society and the Association for Progressive Communications (APC) have entered into a Memorandum of Understanding (MoU) to work together on designing and deploying community networks, ensuring local connectivity initiatives achieve long-term sustainability, and other areas of joint interest.

APC is an international network of civil society organizations founded in 1990 dedicated to empowering and supporting people working for peace, human rights, development, and protection of the environment, through the strategic use of information and communication technologies (ICTs).

Both organizations have vast experience in growing the Internet through capacity building, advocating for ICT and infrastructure policies, and engaging local communities. This MoU updates and replaces a previous version. We are excited to further advance the work we’ve been doing together for nearly ten years.

The MoU lays out two key areas of joint interest:

  • Developing an enabling environment for communities and local entrepreneurs to solve their own connectivity challenges through design and deployment of community networks, training and capacity building efforts, and highlighting the benefits of connecting the unconnected.
  • Ensuring that local connectivity initiatives are able to reach long-term sustainability, support development opportunities, and contribute to meeting Sustainable Development Goals (SDGs) in relation to connectivity.

“There remains a profound connectivity gap in many parts of the world. Better connectivity and information exchange strengthens democratic processes, spurs economic growth, and enables sharing of culture and ideas. We’re thrilled to work with APC to help increase connectivity via community networks — networks developed by local communities, with local communities, for local communities,” said Jane Coffin, Senior Vice President, Internet Grow at the Internet Society.

“APC finds the relationship with the Internet Society to be very positive and collaborative on various aspects, and complementary in nature, having contributed critically to the advancement of the community network movement in recent years,” said a representative from APC.

Learn more about our work on Community Networks, or learn more about APC’s work.


Image from the Digital Empowerment Foundation’s Wireless Training Centre in Guna, India ©Atul Loke