Home / Blogs

Global Technical Internet Related Issues That Need Fixing

Paul Budde

Given its engineering background, many positive contributions can be made by the engineering community in the broader ICT world to assist in addressing some of the broader internet issues, often addressed within the more limited telecoms environment.. Of course some of this is already happening; however much more work would be needed to strengthen the technical foundations of the internet. Just as an example, the type of issues that could be addressed by a broader ICT engineering foundation could include, for instance:

  • providing strong encryption on all websites — 2048 bit keys
  • producing a list of compromised devices or code that has known vulnerabilities in it and work towards a mandated level of security
  • assisting the ITU in driving certificate transparency efforts and obtaining the support of all the member countries on this issue
  • developing encrypted SIP or VoIP that in general could be mandated across all providers

The above listed issues however, now all face the NSA and other spy agent's requests demanding back door access and access to the various software codes. Lessons learned from the current spying fallout means that the industry will need to insist that this will have to be organised within strict regulatory environments.

Another example of where the broader ICT industry can assist in internet related issues is privacy. The greater the public concern about privacy, the greater the opportunity to do something positive to protect privacy on a bilateral or multilateral basis.

The industry would also be greatly assisted if taxes, tariffs and monopoly control of undersea and inter-country fibre transport networks were removed, in order to stimulate the construction of new fibre routes that do not pass through the United States.

Interestingly, while the current NSA developments have alerted countries who depend on the USA for their internet transport, this situation originated not just because the bulk of internet traffic came from the USA — or because organisations were forced to transit through this country — but more particularly due to the level of competition that exists in that country, which was achieved through market liberalisation. Many countries, especially the developing economies, had and many still have highly restrictive and regulated markets that resulted in very high telecoms charges. Because of that high level of international infrastructure competition in the USA it was generally cheaper to move telecoms traffic through the US rather than develop links that were independent of that country, or use international links from other countries.

This does not have to be the case but it would require significant pro-competitive regulatory changes in many of the countries involved. (I refer here to my comments above about the lack of industry transformation in the telecoms world).

By Paul Budde, Managing Director of Paul Budde Communication. Paul is also a contributor of the Paul Budde Communication blog located here.

Related topics: Internet Governance, Policy & Regulation, Security, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Nothing much to do on your list... jeroen  –  Dec 02, 2013 4:39 AM PDT

> providing strong encryption on all websites — 2048 bit keys

The keystrength matters little if one cannot trust the root authorities.
Note that every nationstate and large corporation has a root certificate and thus can generate any certificate and claim to be anything they want.

One has to check the fingerprint of the certificate to be sure it really is the cert on the server that you want.

And then, even if that matches, even if you have 2048 bits crypto, how sure are you that the crypto is correct (there are very few crypto folks who really understand crypto), then that that is properly implemented (very few people who know crypto and code) and more importantly: that that is actually running on the device you are using? :) The set of people who can verify that is equal to not even on.

> producing a list of compromised devices or code that has known vulnerabilities in it and work towards a mandated level of security

This is a near impossible task as one can never index which software runs where and thus which devices are compromised; next to the fact that software versions might differ and then might have different patches which might mean that the version is not vulnerable as the vendor already fixed it.

CVE (http://cve.mitre.org/) "solves" this in some way but it can never solve it completely, especially not in the way you state it.

Backdoors can always be present, 0-days are typically not fixed yet, thus the least one can do is keep all software up-to-date (and hope nobody sneaked something bad in there).

Note also that there are billions of devices out there; current fun one: Android, which is a very fragmented bunch of code that never gets updated on those devices. 70% of the market apparently is Android based though. For a fun one: http://www.engadget.com/2013/11/29/text-message-exploit-can-force-your-nexus-phone-to-reboot

> assisting the ITU in driving certificate transparency efforts and obtaining the support of all the member countries on this issue

What does the ITU have to do with the Internet? Let the ITU stick to their telephone lines and slowly disappear please, they would just slow down any effort to make things better.

> developing encrypted SIP or VoIP that in general could be mandated across all providers

SIP/TLS, SRTP and ZRTP already exist, are deployed and are in heavy use.
Except for ZRTP most of these protocols are freely available.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

DotConnectAfrica's Expert Selected to Attend the Hague Institute of Global Justice

DotConnectAfrica Delegates Attend the KHRC Internet & Human Rights Breakfast Roundtable in Nairobi

Smokescreening: Data Theft Makes DDoS More Dangerous

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Sponsored Topics