Home / Blogs

Global Technical Internet Related Issues That Need Fixing

Paul Budde

Given its engineering background, many positive contributions can be made by the engineering community in the broader ICT world to assist in addressing some of the broader internet issues, often addressed within the more limited telecoms environment.. Of course some of this is already happening; however much more work would be needed to strengthen the technical foundations of the internet. Just as an example, the type of issues that could be addressed by a broader ICT engineering foundation could include, for instance:

  • providing strong encryption on all websites — 2048 bit keys
  • producing a list of compromised devices or code that has known vulnerabilities in it and work towards a mandated level of security
  • assisting the ITU in driving certificate transparency efforts and obtaining the support of all the member countries on this issue
  • developing encrypted SIP or VoIP that in general could be mandated across all providers

The above listed issues however, now all face the NSA and other spy agent's requests demanding back door access and access to the various software codes. Lessons learned from the current spying fallout means that the industry will need to insist that this will have to be organised within strict regulatory environments.

Another example of where the broader ICT industry can assist in internet related issues is privacy. The greater the public concern about privacy, the greater the opportunity to do something positive to protect privacy on a bilateral or multilateral basis.

The industry would also be greatly assisted if taxes, tariffs and monopoly control of undersea and inter-country fibre transport networks were removed, in order to stimulate the construction of new fibre routes that do not pass through the United States.

Interestingly, while the current NSA developments have alerted countries who depend on the USA for their internet transport, this situation originated not just because the bulk of internet traffic came from the USA — or because organisations were forced to transit through this country — but more particularly due to the level of competition that exists in that country, which was achieved through market liberalisation. Many countries, especially the developing economies, had and many still have highly restrictive and regulated markets that resulted in very high telecoms charges. Because of that high level of international infrastructure competition in the USA it was generally cheaper to move telecoms traffic through the US rather than develop links that were independent of that country, or use international links from other countries.

This does not have to be the case but it would require significant pro-competitive regulatory changes in many of the countries involved. (I refer here to my comments above about the lack of industry transformation in the telecoms world).

By Paul Budde, Managing Director of Paul Budde Communication. Paul is also a contributor of the Paul Budde Communication blog located here.

Related topics: Internet Governance, Policy & Regulation, Security, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Nothing much to do on your list... jeroen  –  Dec 02, 2013 3:39 AM PST

> providing strong encryption on all websites — 2048 bit keys

The keystrength matters little if one cannot trust the root authorities.
Note that every nationstate and large corporation has a root certificate and thus can generate any certificate and claim to be anything they want.

One has to check the fingerprint of the certificate to be sure it really is the cert on the server that you want.

And then, even if that matches, even if you have 2048 bits crypto, how sure are you that the crypto is correct (there are very few crypto folks who really understand crypto), then that that is properly implemented (very few people who know crypto and code) and more importantly: that that is actually running on the device you are using? :) The set of people who can verify that is equal to not even on.

> producing a list of compromised devices or code that has known vulnerabilities in it and work towards a mandated level of security

This is a near impossible task as one can never index which software runs where and thus which devices are compromised; next to the fact that software versions might differ and then might have different patches which might mean that the version is not vulnerable as the vendor already fixed it.

CVE (http://cve.mitre.org/) "solves" this in some way but it can never solve it completely, especially not in the way you state it.

Backdoors can always be present, 0-days are typically not fixed yet, thus the least one can do is keep all software up-to-date (and hope nobody sneaked something bad in there).

Note also that there are billions of devices out there; current fun one: Android, which is a very fragmented bunch of code that never gets updated on those devices. 70% of the market apparently is Android based though. For a fun one: http://www.engadget.com/2013/11/29/text-message-exploit-can-force-your-nexus-phone-to-reboot

> assisting the ITU in driving certificate transparency efforts and obtaining the support of all the member countries on this issue

What does the ITU have to do with the Internet? Let the ITU stick to their telephone lines and slowly disappear please, they would just slow down any effort to make things better.

> developing encrypted SIP or VoIP that in general could be mandated across all providers

SIP/TLS, SRTP and ZRTP already exist, are deployed and are in heavy use.
Except for ZRTP most of these protocols are freely available.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

3 Questions to Ask Your DNS Host About DDoS

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sponsored Topics

Afilias

DNSSEC

Sponsored by
Afilias
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Verisign

Security

Sponsored by
Verisign