Depending on your country, the Internet has been available for ten years or more, and for individuals—at least in the developed world—it has since become ingrained in psyches as an essential commodity, akin to access to fixed-line telephony, electricity and potable water. For a growing number, the Internet is essential for work, for a greater number it is the first port of call for problem solving and information (Wiki and online Yellow pages come to mind) or getting things done (banking, finding out timetables for travel, etc). Most governments, too, now take the Internet as a key component of infrastructure, crucial to a nation's future socio-economic potential.

What governments may do with the Internet is another matter. A decade's experience and use of the service has enabled a growing number of governments to manhandle the potential dangers of hacking, fraud and privacy as a means to tighten the screws on their own control of access, and of their nationals' use of it. This is rightly opposed by the users themselves, over half of whom surveyed for the BBC believing that no government should be empowered to regulate the Internet.

In Europe, the 'three strikes rule' threatens to become more fashionable, following measures first proposed in France: there, the Création et Internet Bill failed in 2009 when France's Conseil Constitutionnel ruled that it leaned too much to 'guilty until proven innocent' and that it threatened major sanctions (Internet disconnection and a national blacklist on access) without judicial oversight. Nevertheless, the government shoehorned the Bill a second time, which this month came before the National Assembly for debate.

The Bill proposes that the scheme be administered by a newly formed group called HADOPI. ISPs notified about alleged file-sharing would be required to send an e-mail to the customer involved, a registered letter at the second alleged offence and, for a third offence, terminate access for up to a year. A database managed by HADOPI could presumably prevent blocked users from switching ISPs.

Italy looks like adopting a similar approach. Having in 2009 sued the Swedish The Pirate Bay site and attempted to force ISPs to block access to its content, the more recent charging of Google executives with criminal charges resulting from YouTube content denotes a government leaning towards authoritarianism regarding the Internet. The Italian three-strikes proposal would be complemented by a requirement that all blogs register with the government.

In the UK, meanwhile, the government is pushing through its controversial Digital Economy Bill, which proposes empowering regulators to disconnect or slow down Internet connections of persistent illegal file-sharers. Amendments to the Bill passed this month at the report stage at the House of Lords before its third and final reading in the House of Commons, could in theory force sites such as YouTube which host copyright-infringing material to be blocked or forced offline. The UK's three-strikes rule is similar in its essentials to those of France and the UK, with disconnection following two warnings.

At the European Union level, the European Parliament was initially critical of the three-strikes schemes, largely due to the absence of judicial review. However, this month the Anti-Counterfeiting Trade Agreement (ACTA) was put forward for debate between the US, the EC, Japan, Switzerland, Australia, New Zealand, South Korea, Canada and Mexico. Aimed at preventing online counterfeiting, it threatens to punish ISPs for content delivered.

Polls show the sincerity of popular regard for a free Internet, and suggest that to tackle piracy other solutions than blocking ISPs and throwing citizens offline should be considered. Until they are considered, citizens should, as always, be vigilant about what their governments are legislating, lest they find themselves with a thoroughly policed Internet far removed from what they now know it to be.

Written by Paul Budde, Managing Director of Paul Budde Communication

Read full story: PC World

Most of the reaction has been from privacy advocates fearing that this is simply another way to kill anonymity on the Internet. Oh well… that's the usual set of reactions.

Now… the fun part is, a driver's license also shows that you have the competence to drive. So, Mundie seems to have been expressing the idea that it'd be great to train people in using the internet productively and safely, before actually letting them on the internet.

As Mundie put it —

"If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

Susan Brenner on CircleID did say something about K12 students having to display their licenses online having been trained in using the Internet safely and responsibly, and that licenses could be revoked for inappropriate use of the Internet.

She then went on about how a license wouldn't be very useful or effective in an open, unstructured internet.

If she'd googled back for some older history she'd have found that Mundie was simply channeling a trope that's over a decade old. It isn't something that he came up with all by himself.

The concept of an "internet driver's license" is an old usenet trope—dating back to the time when people spoke of an "eternal september" (referring to when, earlier, newbies would only come into usenet every september as the term opened in colleges, but after 1993 and aol, compuserve, juno etc, more and more people entirely new to the Internet kept coming in, in droves, exasperating the regulars on mailing lists and usenet groups). The concept of needing a driving license to use the internet was a running joke that dated back to the same period.

My good friend and maawg senior tech advisor Joe St.Sauver (of UOregon, EDUCAUSE, etc etc etc) put the need for a driver's license in a much more security aware context back in 2007 —

There's nothing inherently wrong with offering people a quick training course in using the internet safely and responsibly when selling them an internet connection. Several ISPs already distribute videos on install CDs and maintain support FAQs, online help forums etc.

The smaller ISPs (such as the community internet / freenet networks that are sadly dying out these days) used to reach out much more actively to their local userbase with face to face training courses. People new to the network in a university or a corporation routinely do receive a quick security briefing on safe and acceptable use of the Internet.

Yes - the concept of revoking an internet driver's license does seem unworkable, doesn't it?

There's something called a Walled Garden, that's quickly becoming established network security practice.

If there's a computer on a network (whether an office network, or a large ISP's DSL pool) that's infected and emitting malicious traffic, it can be detected, and once detected, moved into what is called a "walled garden"—a safe area or sandbox from where the user can only access the ISP helpdesk pages, windows update and antivirus update servers, till such time as he clears up the infection on his PC and either automatically releases himself from the walled garden by clicking a button (which can happen the first two or three times) or calling the ISP's helpdesk to let him out.

Several large DSL networks have already implemented this, and MAAWG has a best practice document that recommends it, along with other measures to mitigate botnet infections on a ISP network.

Two documents from the OECD and the ITU put this into context, discussing the threat posed by malware, and the political/administrative, technical and social measures needed to mitigate it. They both cite the MAAWG best practice documents, by the way.

I'll conclude by saying that a lot of this is simply to protect the ISP's users from the personal consequences (ID theft, phishing etc) of an infection on their PCs, as well as to protect the ISP's other users as well as the internet at large from the malicious traffic emitted by malware.

Note to some people reading this: Thank you. Yes, I've heard the Ben Franklin quote about sacrificing liberty for safety. I've also heard the Pastor Neimoller quote about "first they came for ..." (though I always think people who use that quote have automatically lost their argument, having violated Godwin's Law by comparing the other side to the Nazis). I'll still stand by what I said. Thank you.

Written by Suresh Ramasubramanian, Head, Antispam Operations

Read full story: Telegraph.co.uk

Third, and perhaps most importantly, the Google/China situation is really complex and multi-faceted, and it's been difficult keeping all of the issues straight. Some issues raised by Google's announcement include:

• cybersecurity, both corporate and personal
• political and industrial espionage
• suppression of political speech, especially of dissidents
• censorship of search engine results and the likelihood that censorial efforts can succeed on the Internet
• "cyber-imperialism," i.e., exporting US norms about Internet law to other countries
• economic protectionism and whether US companies compete with local Chinese companies on a level playing field
• geopolitical and trade relationships between two world nuclear superpowers

Heady stuff! It would make a good summer blockbuster movie.

Although most folks have lauded Google for its principled stand against China's censorship, I'm not 100% clear that Google's decision is entirely selfless. First, as has been noted frequently, Google has not been making inroads against local search leader Baidu. Further, the deck may be stacked against Google in changing that situation, due perhaps to economic protectionism from the Chinese government. Second, in a point that has gotten less attention, some members of Congress (most notably Rep. Christopher Smith) have repeatedly jawboned Google and other Internet companies to curtail their support of the Chinese government (see, e.g., the Global Online Freedom Act). Google might have rationally concluded that voluntarily cutting China loose could abate Congress' interest in regulating its international operations, which might ultimately avoid profit-degrading domestic regulations.

On that point, I fear that we may hold duplicitous expectations when US Internet companies go global. If a US Internet company wants to successfully compete in a foreign market, it must open a local office and build a localized versions of their services reflecting local legal requirements. Inevitably, these localized versions will be more speech restrictive than the US version of the service. Foreign laws don't have the First Amendment, 47 USC 230 or (in most cases) even a weak safe harbor like 17 USC 512, plus local cultural norms may tolerate unpopular speech less than we do. So what should a US service provider do when trying to expand internationally? It has a few options, none of them particularly attractive:

• It can skip unreasonably censorious markets altogether, like Google proposes to do in China.
• It can comply with local laws, even though that runs counter to US laws and norms.
• It can ignore local laws, which is typically not a successful plan. In extreme cases, it can lead to local company executives going to jail.
• It can try to change the local country's laws to be more like ours, either through direct advocacy or by asking the US government to pressure the local government. We routinely use trade negotiations to do this; for example, we have successfully exported our copyright laws this way. But countries usually aren't thrilled to have the US tell them what their laws should be.

Now, I don't support China's efforts to censor search results or suppress political dissent. I understand the arguments that free speech is such a basic human right, like freedom from torture, that we simply won't tolerate any other local choice. However, we already implicitly accept that Internet companies routinely engage in some types of legally compelled or motivated speech restrictions in other countries when they localize their services—perhaps not to the degree exercised by China, but nevertheless more than we would allow in the US. (I note that China might factually dispute this claim because it claims to have an "open" Internet, although the reports I've seen suggest this claim is embarrassingly disingenuous). I recognize that I'm making a slippery slope argument about what government-mandated censorship we'll tolerate from US Internet companies, but I think we should acknowledge the slippery slope before we categorically reject search engines' efforts to comply with China's rules.

If Google ultimately exits China, it would leave Baidu as the search engine market kingpin. This raises another issue I haven't seen fully discussed. I'm going to assume for a moment that Google is a superior search engine to Baidu. (I've never used Baidu, so I have never actually compared the two). Knocking Google out of the Chinese market does two things. First, per my assumption, it takes the better information resource away from Chinese consumers. Second, by reducing competitive pressures on Baidu, quasi-monopolist Baidu is more likely to reduce R&D and service improvements.

If my predicate assumptions are correct, in the long run US consumers will have a consistently superior search tool compared to Chinese consumers. (I also assume China will keep interfering with Chinese consumers' access to Google.com and that superior market entrants won't overtake Baidu). Over time, China may hinder its overall long-term global competitiveness due to an inferior information infrastructure. Perhaps this assertion is overly stylized, but I think effective information resources—such as good search engines—are necessary to maintain healthy economic markets and to enable cutting-edge R&D. Thus, the Chinese government should view losing Google as a Chinese search engine competitor as a long-term detriment.

One final procedural point. Google sparked a global verbal spat between two nuclear superpowers through a single blog post. Talk about the power of blogging! Google's decision to post a confrontational blog post may have helped get the US administration on board but simultaneously reduced Google's ability to negotiate with the Chinese government. I'm no expert in diplomacy or Chinese cultural norms, but my reading of Google's post is that its double-barreled accusations of government-sponsored hacking (which Google has not conclusively proved) and censorship left the Chinese government with few options to save face. Thus, Google effectively forced the Chinese government to take a hard line and reject most proposed compromises. I trust Google knew what it was doing and decided that was the right course of action, but in my opinion Google's approach has pre-determined the final outcome.

Written by Eric Goldman, Associate Professor, Santa Clara University School of Law

The speech wasn't an isolated event, of course. Thanks to the flexibility and political savvy of a gifted Secretary and the prior experience and skills of her staff, the State Department has been rolling out great talking points and technology-focused actions from the beginning of the administration.

Yes, Secy. Clinton had to say that she was worried about anonymous speech, about IP piracy, and about cybersecurity. She had to point to existing committees and efforts, like the Global Internet Freedom Task Force and the Global Network Initiative, which won't necessarily be meaningful to ordinary Americans. She didn't announce a particular enforcement initiative. This is all about persuasion and words, not definitive actions.

Words are important, though, and you could hear US leadership in what the Secretary had to say.

• "We stand for a single internet where all of humanity has equal access to knowledge and ideas."
• "These actions [electronic barriers, censorship, privacy violations] contravene the Universal Declaration on Human Rights."
• "In many cases, the internet, mobile phones, and other connection technologies can do for economic growth what the green revolution did for agriculture. You can now generate significant yields from very modest inputs."
• "Unfettered access to search engine technology is so important."
• "Countries that censor news and information must recognize that, from an economic standpoint, there is no distinction between censoring political speech and commercial speech. . . . countries that restrict free access to information or violate the basic rights of internet users risk walling themselves off from the progress of the next century."
• "The internet is a network that magnifies the power and potential of all other[ networks]."

This kind of rhetoric takes courage. We could be deferring to China's sovereign authority to manage its own ISPs in its very large and attractive market. We could be thinking wistfully of our own ability to wage economic war and differentiate the treatment of information online. We could be embarrassed about our own privacy failures and worry about the hypocrises that will continue to be revealed.

It's better, though, to say that we stand for "internet freedom" as a country. That's memorable, worthwhile, actionable, and human.

Written by Susan Crawford, Professor, University of Michigan Law School

Self-interest is a complicated thing, and isn't only financial. I personally know quite a number of Googlers working in various locations around the world, some at fairly high levels. I get the sense that the emotional well-being of Google's founders, and many others with decision-making power throughout the company, is quite wrapped up in their belief in Google as a force for good in the world. Whether that belief is completely or only partially delusional is an open question. (Ken Auletta's new book on Google provides some useful insight on that front.) But let's be honest with ourselves. How many people on the planet do anything for 100% selfless reasons?

If having a free, open and just society depends on purity of motive, God help us all.

If executives at companies like Google conclude that it's in their self-interest to take a public stand against censorship and unlawful surveillance, and do things that contribute to freedom of information and openness, that is a good thing, whatever their deepest and truest motivations—which probably require years of psychoanalysis for even them to understand, at any rate.

Sure, we can trash Google for not being run by a bunch of Mother Theresas. We can further trash the U.S. government because its support for global Internet freedom involves more pragmatism - and perhaps even a certain amount of hypocrisy and cynicism—than the high-falutin rhetoric suggests. In so doing we will not be factually wrong. But if we're interested in accomplishing anything beyond clever snark that boosts web traffic and sells books, that topic gets uninteresting pretty quickly. Having noted the obvious, the question I'm more interested in is: What should concerned netizens who want a more free and open global Internet do now?

I've got a suggestion: Why don't we focus on figuring out how to maximize the incentives for a lot more CEO's and government leaders around the world to support a free and open global Internet—for selfish reasons? Reasons like brand reputation, market share, long-term profit, voter support, political legitimacy, economic competitiveness, and geopolitical influence?

If you look at many of Google's recent statements, activities, and legal disputes that are un-related to China or even to authoritarian countries for that matter, a picture emerges about how the company perceives its long-term interests. Take for example a long memo to Google employees titled "The meaning of open” posted on the Google Policy Blog on December 21st 2009 by Jonathan Rosenberg, Senior Vice President for Product Management. He writes:

Closed systems are well-defined and profitable, but only for those who control them. Open systems are chaotic and profitable, but only for those who understand them well and move faster than everyone else. Closed systems grow quickly while open systems evolve more slowly, so placing your bets on open requires the optimism, will, and means to think long term. Fortunately, at Google we have all three of these.

He concludes:

Open will win. It will win on the Internet and will then cascade across many walks of life: The future of government is transparency. The future of commerce is information symmetry. The future of culture is freedom. The future of science and medicine is collaboration. The future of entertainment is participation. Each of these futures depends on an open Internet.

Google is betting its global business success on an open Internet. If you look at Google's latest China move through the lens of global Internet policy trends and not just through the lens of Chinese politics, or China's relationship with the West, it makes a lot more sense. It makes sense from a business standpoint for Google not only to oppose censorship but to work actively against it, and do everything in their power to influence global policies, laws, and community practices that favor openness. In the past year they've gotten increasingly vocal about censorship—and not just in authoritarian countries like China. In this post Public Policy Director Bob Boorstin criticizes the Australian government's efforts to censor the Internet down under. Not far below that, you'll find a post on the Google Policy Blog from December 14th about an internal anti-censorship workshop at which Ron Diebert of the Open Net Initiative gave a presentation about the spread of Internet censorship all over the world. Also present at the workshop were some of the world's most accomplished "hacktivists" like Nart Villeneuve and Greg Walton, whose mission in life is to help Internet users around the world circumvent censorship and evade surveillance. Now that Google has changed its public stance in China, my friend and Global Voices co-founder Ethan Zuckerman is hopeful that Google will get much more actively and directly involved in supporting, developing, and even hosting the tools people need to get around censorship. "A Google-backed anticensorship system," he writes, "would be massively more powerful (and threatening!) than the systems we know about today."

In the United States, Google's policy positions are frequently aligned with free speech activists and the open source/free culture community—as they go head-to-head against traditional telcos and media companies in policy fights over copyright law, Net Neutrality, the evil secretive and scary ACTA trade agreement, and other issues. In Italy, for example, Google executives are facing criminal charges because the Italian government wants to hold Internet companies like Google more directly liable for what users do on their services, which encourages a global trend that would inevitably result in companies having to massively increase the extent to which they track, police and censor users—which in turn not only has serious implications for human rights and free expression but also drastically increases Internet companies' overhead, making their business model much less sustainable. This isn't just a problem in Italy. Worried about piracy, cyber-bullying, child porn, and other ills, courts and parliaments in democracies around the world have been moving to increase intermediary liability for Internet companies. Crimes need to be punished, I'm not saying they shouldn't, but this particular solution throws the baby out with the bathwater. The chances that increased intermediary liability will be conducive to free speech, human rights, or a free and open Internet are low to nill as this excellent paper by the Center for Democracy and Technology explains. Which is why both Google and free speech activists oppose intermediary liability. Are we so naive as to think Google is acting altruistically? No. Intermediary liability hurts their business model. But it's no less helpful to have a powerful corporate ally on this issue.

On privacy, however, Google's actions, statements, and policies are not as well aligned with civil liberties and human rights activists. Just ask the Electronic Privacy Information Center which has filed lawsuits and official complaints with government regulators over how Google fails to adequately protect user privacy in cloud computing, Google Books, etc.

Then there was CEO Eric Schmidt's infamous comment on CNBC late last year: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." What a horrible, frightening thing to hear if you're a Chinese human rights activist who depends on GMail, Google Groups, and Google Docs—as many of them have been doing. Google's damage-control people emphasized that Schmidt was talking about the Patriot Act and that he did not mean to express disregard for privacy more generally. But it sure didn't come off that way, and raised a lot of very legitimate concerns about Google's attitude to privacy. Going public about the Chinese cyber-attacks and declaring a willingness to leave China if necessary in order to protect GMail users undoubtedly helps reverse the p.r. and public trust problems caused by Schmidt's remark—whether or not this manner of handling the situation actually makes GMail users more secure given that GMail servers have never been located in China (or was the attack aided by an inside job?).

Still, if Google's stand against Chinese government-sponsored attacks on GMail's most vulnerable users leads to measures that boost the security and privacy of Google's inadequately secured cloud-based services—which ironically may have been exacerbated by U.S. government back-door surveillance requirements under the Patriot Act—that is an excellent result. However if the result ends up being a general underwear bomber-style public freakout that results in the U.S. security establishment getting even broader license to pick over Google's user data, with even less judicial/congressional oversight and public accountability than is presently the case under FISA and the Patriot Act, then that will be a very bad thing for free speech, democracy, and ultimately a free and open global Internet. I am worried that the latter result is more likely, based on much of the rhetoric coming from American politicians and the tone of media coverage I've been seeing.

But the biggest problem with Google is not its intentions or the extent to which specific actions and policies align themselves with civil liberties lawyers, free expression groups and human rights activists. The biggest problem is how Google says they advocate a free and open Internet, positions themselves as global leaders of this cause, then says "trust us, we're good people, we're working in your interest." Then we're just supposed to trust them. When has that been a good idea in any other human governance situation and why exactly are we supposed to expect that to work for us in this case? Is Google really run by Vulcans and not humans or something?

Privacy activist Katitza Rodriguez put her finger on the problem in a recent e-mail exchange about the implications of Google's China move (which I quote with her permission): "Google's decision in China does not answer concerns in other countries about its growing domination of the Internet."

Jeff Jarvis, Siva Vaidhyanathan, and the New York Times have written in the past few days from different angles about how the Google has been playing a state-like role in this latest drama. Siva—who has a book coming out on Google called "The Googlization of Everything"—writes:

The Internet has enough diverse interests and players that it demands governance. No traditional state is in the position or willing to assume that role. So Google governs the Internet.

One could read this showdown (as I do) as a classic international power conflict between a major traditional state and a new, virtual state: the Googlenet.

Google is taking a risky stand to defend the Internet generally. This is what a weaker, threatened state would do.

Now, if I had to choose between the Chinese Communist Party as my government or Google as my government, I know in a heartbeat which one I'd choose. But that's like choosing between one king or another—you choose the one with the most benevolent behavior and cross your fingers. I would prefer something else completely.

Societies with the highest levels of freedom, openness, and justice aren't that way because their leaders as individuals are the most morally superior specimens out there - or because their citizens were born with higher proportions of goodness and lower proportions of evilness than people in other societies. They got that way thanks to institutions, mechanisms, and community standards designed to incentivize behavior that results in greater freedom, openness, and justice—however selfish powerful people's motives might be. This is why the most free, open and just societies are parliamentary democracies—not benevolent dictatorships, or theocracies, or dictatorships of the proletariat, or even patriarchal-bureaucratic autocracies run by wise elites schooled in the moral wisdom of ancient sages. Democracy assumes that power—even when held by the smartest and most well-intentioned people—always corrupts. Therefore power must never be absolute. It must always be constrained by strong public supervision and accountability mechanisms.

Along with a lot of other Internet and telecommunications companies, plus everybody who creates, hosts, or enables web content and applications, Google's wide range of popular services have built a new virtual place we've come to know as "cyberspace," into which global human activity now extends. Google administers or controls increasingly large parts of this space where a growing percentage of global Internet users' activities happen. Google's power over our freedom in cyberspace is government-like—with real implications for our physical freedom in "meatspace," as the China situation clearly illustrates.

Thus Google has social responsibilities of a government-like nature toward its "users," who might be better described as "inhabitants" or "citizens" of the part of cyberspace that Google controls. These responsibilities are different and more complex than the conventional social responsibilities of companies toward customers who buy their products and services. Google (and for that matter all Internet and telecommunications companies who create, enable, and control different parts of cyberspace) needs to be held to different standards of accountability, oversight, and consent-of-the-governed than the people from whom we buy tennis shoes or canned soup. The responsibility of a soup company not to poison me, and the shoe company's responsibility not to sell me a shoddy product that makes me twist my ankle, can be dealt with largely through government regulation and national law. Regulation by national governments alone cannot address Google's trans-national moral and social obligations—as creator and protector of a place where I spend hours every day working, playing, politicking, and conducting the most intimate details of my life—to respect and protect my human rights. That's because Google competes directly with national governments for my loyalty and trust. What's more, Google recognizes that my trust and loyalty—and thus its business—depend in part on its willingness to protect me from efforts by national governments to violate my human rights. (And there is no government that won't make such efforts if presented with the opportunity to get away with it.)

In any place where governance and rule-making happens—whether through software code or written laws enforced by police—inhabitants have a choice. We can be subjects who submit to governance without consent, or we can be citizens who grant and withhold consent—and who are ultimately responsible for whether the government we've consented to fosters an open, free and just society or not. We need to stop thinking of ourselves as mere users of a service and start thinking of ourselves of inhabitants of a place called the Internet. We are Netizens. Time to get more proactive about shaping the Internet's future—and pushing its most powerful players in the direction we want them to go.

Google, Yahoo, and Microsoft have taken a first step toward recognizing that they are fallible and require greater ethical oversight than shareholders, boards of directors, and markets alone can provide. Last year they helped launch the Global Network Initiative, a multistakeholder effort together with human rights groups, socially responsible investors, and academics, in which they've pledged to uphold basic principles on free expression and privacy, committed to independent evaluations, and agreed to public accountability mechanisms. (Disclosure: I am a founding member and on the GNI board.) It's hard to know at this point whether the GNI will succeed—it's still very much an early-stage experiment. But it's at least a recognition that new forms of public oversight, transparency and accountability are required to make sure that the companies who hold so much power over so many people's lives do not abuse this power. It's an early attempt to figure out what shape those mechanisms need to take.

In the past century many political leaders who have facilitated their countries' peaceful transition from authoritarianism to democracy have done so because they recognized that their legitimacy and power would be strengthened—not weakened—by public oversight, institutional checks-and-balances, and clear consent-of-the-governed. Similarly, Internet and telecommunications companies around the world should recognize that submitting to greater public oversight, and doing things that facilitate a free and open Internet, will ultimately be good for their own survival. They may have simply intended to provide a commercial product or service, but they have wound up collectively creating a place that they jointly own along with other companies and with everybody who creates Internet content, hosts a website, or creates and runs applications. The new social responsibilities and obligations that come along with this role may make them uncomfortable and they may try to reject them—as many have indeed been doing adamantly. But we need to figure out how to help them understand. More importantly, it's in our interest as netizens to figure out what carrots and sticks will be effective to get them to do right by us.

Finally, a note on the future of national governments in the Internet age. Over the last eight hundred years or so human society has seen sovereign leaders slowly come to recognize that sharing power with the people makes everybody stronger and more prosperous, and decreases the likelihood that the leaders themselves—or all their friends and family—will die defending themselves against violent revolution. We transitioned from countries run by kings and queens to countries run by presidents and prime ministers. It took a very long time for this recognition to happen in just a couple of countries and longer still for people to figure out how to implement the idea of "consent of the governed" in a relatively scaleable and sustainable way. Many more countries embraced this idea in the past century while others have failed to do so—or tried and failed, or claimed to be a "people's" government while actually being something else. The Internet and the penetration of cyberspace into the lives of a critical mass of people around the world has created a whole new layer of struggle over sovereignty, rights, and legitimacy.

I am not one of those people who believe that the Internet is going to eliminate the human need for geographically-based government. But I do believe that we're starting to enter a time when enlightened governments will slowly come to recognize that their legitimacy along with the well-being of the societies they govern will be improved if they figure out ways not just to peacefully coexist—but to share power with the global cyber-nation. Each has a duty to help us—citizens of both physical and cyber space—to keep the other's power in check. Both must submit to appropriate public oversight. Both must commit to high standards of transparency if they want our trust—which they require in order to be successful and powerful for the long haul. We're very far from figuring out how to make it all work. But it is in our own self-interest as netizens to be proactive in doing what we can to help companies and governments come to grips with what is, unavoidably, in their own long-term interest.

Got suggestions for what we might put into a Constitution for the Global Cyber-Nation? Please post your comments below or on RConversation.

Written by Rebecca MacKinnon, Open Society Fellow; Co-founder, GlobalVoicesOnline.org

It seems like there's a different headline story about Google every day lately, and there's a lot here that service providers should be paying attention to. The launch of Nexus One around CES earlier this month is especially important for all mobile operators as well as the handset vendors partnering with them. A few days later, we started hearing noise about Google Energy. While they have said little about this publicly, it has been a hot topic in utility circles, and I wrote about it last week wearing my Smart Grid hat on our portal.

Like the Internet, Google has become such a fluid company that it can find an entry point into practically any market, and maybe they're just trying to live up to the spirit of their name with all these seemingly unrelated ventures. I'm going to focus here on the China story, which has been a global topic this week for a variety of reasons, and I'll touch on the most carrier-centric ones here.

As we all know, Google is standing up to China, and threatening to pull out of that market on principle over the issue of Internet censorship. This is a very interesting showdown, and for once, it's not about money. Early on, Google—and others like Yahoo!—acquiesced to China's demands, allowing monitoring of Google activity in exchange for entry into this huge market. Well, Google has had enough, and we've got a digital Cold War brewing.

This brings me around to the title of this article—what business are you really in? I think it's a legitimate question for service providers to be asking these days. Am sure you know the classic example—McDonalds. When Ray Kroc asked this question to business students, they didn't hesitate to say it was the hamburger business. He quickly corrected them, explaining he certainly sells lots of those, but he's really in the real estate business.

Most people would say the U.S. Postal Service is in the business of delivering mail. Again, that is true, but I would argue they're really in the privacy business. It may seem quirky in this day and age, but there's still something sacrosanct about the mail. We open anything addressed to us in a heartbeat (well, the bills can wait), but you never open other's people's mail, right? You just don't do it on principle. If given a choice between keeping our mail totally private and getting it a few days slower, instead of faster service but possibly compromised for privacy, am sure we'd all prefer the former hands-down.

Well, there's a lot of that going on in China right now, and I think the stakes are pretty high. We all know the Beijing Olympics were a big mirage, and China may be more open than in the past, but it's still a highly controlled society. They would argue that their brand of state-run capitalism is more stable than our Wild West model, and there's some merit to this, but let's stay on message. I could go down this road a long way, but not here.

Openness is a bedrock principle of the Internet, and as desirable as this may sound, it does come with tradeoffs. We all know that the Web is used for evil as much as for good, and China has had its share of both. Their differences with Google are important, but the Internet's dark side has had other chapters coming from China, and I don't think we've seen the last of them. Do you remember Project GhostNet from last March? It was an incredible story, and lucky for me, it was exposed by a team of researchers here in Toronto. If you've forgotten or if this is news to you, I suggest you start with my blog post and connect the dots for yourself back to what's happening now with Google. Better yet, Google the term GhostNet—that will keep you busy for a while.

All of this is leading to my main point that privacy and the Internet are going in different directions. Some of this is a generational thing, as younger people are more willing to give up some privacy—or a lot of it—to stay connected with their world. Being connected today is more virtual than real, but that's reality.

I believe that service providers will increasingly need to manage privacy expectations for subscribers, and the Google/China issue is really drawing this into focus right now. The original Internet vision was global, with all of us interconnected under one cloud, so to speak. I suspect that China will not back down, and if Google walks, Baidu will totally own their domestic search market. Compared to what we're used to, China would then become a pretty closed market, and could well open the way for other like-minded countries such as Iran to follow this model. In that scenario, the Internet devolves into parallel universes, seriously diluting the intended concept. So much for the global village.

This sure sounds like the "islands of VoIP" scenario that exists in the enterprise space, and it's really not a good thing. The Internet is at its best when it's open, and for everyone to benefit, service providers have an important role to play in creating a balance between openness and meaningful privacy. As we're seeing in China, this is easier said than done, and in my mind, it's a wake-up call for the West, where freedom is of the utmost importance.

I'm going steer clear of the Net Neutrality debate, but I have no doubt these current events will lead many subscribers in the West to ask questions about how much privacy they really do have, and how much they can really trust their service provider. Data mining techniques have become very sophisticated, and if used in the wrong way, are really no different than the censorship policies we're hearing about in China. Many questions here, and to me, it's a pivotal opportunity for service provider to think a little harder about the business they really are in.

Written by Jon Arnold, Principal, J Arnold & Associates

The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day.

Unlike my colleagues (save for the ones reporting), I rather not discuss this too much before more data is available.

Regardless of what really happened, which I hope we will know more on later, these things are clear:

1. Unlike GhostNet, which showed an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them—based on Ethos alone I'd like to think that when Google says China did it, they know. Although being a commercial company with their own agenda, I am saving final judgment.

2. The 0day disclosed here shows a higher level of sophistication, as well as m.o. which has been shown to be used by China in the past.

3. If this was China, which some recent talk seems to make ambiguous, but still likely; they would have more than just one weapon in their arsenal.

4. This incident has brought cyber security once again to the awareness of the public, in a way no other incident since Georgia has succeeded, and to political awareness in a way no incident since Estonia has done.

Update: Text corrected as per comment below.

Written by Gadi Evron, Security Strategist

There's been a lot of speculation about just why they pulled out. Some reports noted that Google has been losing market share to Baidu. Under those circumstances, cutting losses makes sense. Yahoo and many other Western companies have done that.

I don't think, though, that that's the whole story. Blaming China not for its rules, which the Chinese government defends, but for hacking is an entirely different kettle of fish. That is a move more or less guaranteed to raise the ire of Chinese government officials, and quite likely block the return of Google to China for a very long time. And, of course, there's no reason to think that if China has indeed been attacking Google, this will make it stop—quite the contrary, I suspect.

There is, I suppose, a line of reasoning that assumes that China will retaliate for the insult by blocking access to all of Google's services, including gmail; this in turn might mean less use of gmail by Chinese dissidents, which in turn would give the government less reason to hack Google. I don't buy it. There are lots of other reasons to hack. The Wall Street Journal says,

Much of the data stolen from Google was its "core source code," Mr. Mulvenon said. "If you have the source code, you can potentially figure out how to do Google hacks that get all kinds of interesting data." Among the data, would be the information needed to identify security flaws in Google's systems, he said.

Beyond that, the source code to much of Google's infrastructure has immense value, though I should add the caveat that running an operation of that scale requires a lot more than a code base. All in all, this looks like extremely rare case of a foreign company taking a stand on human rights. In fact, the Wall Street Journal unambiguously credits Sergei Page for the initiative.

The most interesting aspect of the whole affair, though, might be one of the ways the attacker got in. Matt Blaze pointed me at an article that states that the attackers abused the "lawful intercept systems"—the mechanism that Google uses to comply with subpoenas. If this is true, it represents another major abuse of such mechanisms, probably second only to the Athens Affair, where parties unknown used an analogous mechanism in a Greek cell phone switch to eavesdrop on some mobile phone calls in Athens.

Unfortunately, I can't say I'm surprised that such things can happen. My colleagues and I have been warning for years of the risks of schemes to ease government access. (There are a number of papers and essays on the subject on my web page.) The proper question is no longer whether or not lawful intercept schemes are dangerous; I think that question is now settled. Rather, we must ask this: are the dangers from lack of government access to nasty people's communications greater or less than the dangers from other nasty people abusing these self-same mechanisms? I don't think that that perspective has been adequately addressed.

Given that, another Google announcement—that they're turning on https by default for gmail users—is quite intriguing. Six months ago, I was one of the signatories on a letter that Christopher Soghoian drafted calling for just such an action. The official word is that https would not have prevented these attacks:

Sam Schillace, an engineering director at Google Apps, said the shift to default HTTPS was not prompted by the attacks and, to the best of his knowledge, would not have averted them. The move had been in the works for some six months, during which time Google engineers did extensive testing and made numerous technical fixes to enable a smooth transition.

However, the announcement itself was prompted by the attack news. "The Gmail team decided, why wait?" he said. "We want our users to be as safe as we can make them be."

Indeed, if the lawful intercept mechanism was on the plaintext side of the decryptor, the new defense would indeed not have helped. But there are many other threats to communications, and it's a lot easier for the Chinese government (or any other government) to tap communications on its own territory.

This is still a hot, breaking story, and I don't claim to know everything or even close to everything about it. I'm sure that more details will come out over the next few weeks. Brian Krebs has an excellent summary article posted; I hope he'll continue to update it. For the moment, though, my tentative conclusions are that genuine ethical concerns, possibly coupled with ire about the hacking, have led Google to take a step that may not be in their best long-term financial interests. Such behavior by corporations is rare but praiseworthy.

Update: I should have added - I do receive a small amount of research funding from Google. Virtually all of this money has gone towards student travel to conferences.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

This is a picture of people laying flowers and making a traditional bow of mourning in front of the Google sign outside Google's Beijing headquarters.

On the other hand, a short Chinese-language report in Sina.com's tech section is generating a long thread of comments from people who are unhappy about Google's announcement because they don't want to lose access to Google. Somebody has set up a website, http://www.googlebacktochina.com/ with a Chinese header that translates approximately as "Give me back my Google." Famous tech blogger Keso mourns that Google's retreat brings the Chinese Internet one step closer to being an Intranet. Sichuan-based dissident Ran Yunfei is also unhappy, likening Google's retreat to a dissident who leaves China compared to one who stays in China and toughs it out.

Another flag-waving constituency is thumbing its nose and saying good riddance.

Google's decision is clearly controversial even among those in China who spend a lot of time fighting censorship, and is devastating to many more who aren't in the habit of using circumvention tools or don't know how.

Google's decision was tough and is going to have a great deal of of difficult fallout. Still, based on what I know, I think Google has done the right thing. They are sending a very public message—which people in China are hearing—that the Chinese government's approach to Internet regulation is unacceptable and poisonous. They are living up to their "don't be evil" motto—much mocked of late—and living up to their commitments to free speech and privacy as a member of the Global Network Initiative.

Written by Rebecca MacKinnon, Open Society Fellow; Co-founder, GlobalVoicesOnline.org

Read full story: PC World

Other sources: (UPDATED Jan 15, 2010 8:41 AM PDT)
Google's about turn in China BBC, Jan.15.2010
Google attack part of widespread spying effort IDG News, Jan.13.2010
White House backs 'free Internet' in Google-China dispute AFP, Jan.13.2010
Could Google-China smackdown lead to WTO complaint? Brenden Kuerbis, Jan.13.2010

Top 10 Featured Blogs in 2009:

1. Yahoo, Gmail, Hotmail Compromised - But How?
   by Terry Zink - Oct 08, 2009
2. A Closer Look at Iran's State of Internet, Strange Transit Changes in Wake of Controversial Election
   by Jim Cowie - Jun 14, 2009
3. WiMAX vs. LTE
   by Paul Budde - Mar 10, 2009
4. China's "Green Dam Youth Escort" Software
   by Rebecca MacKinnon - Jun 08, 2009
5. Verizon Mandates IPv6 Support for Next-Gen Cell Phones
   by Derek Morr - Jun 09, 2009
6. Cloud Computing Types: Public Cloud, Hybrid Cloud, Private Cloud
   by Sam Johnston - Mar 06, 2009
7. Can't Connect… Won't Connect
   by Bill Thompson - May 13, 2009
8. The Cybersecurity Act of 2009
   by Steven Bellovin - Apr 13, 2009
9. Google AdSense Asks Publishers to Change Their Websites' Privacy Policy
   by Dhaval Doshi - Mar 13, 2009
10. YouTube's Fine - Analysts Don't Understand Internet Peering
    by Brough Turner - Apr 16, 2009

Top 10 News in 2009:

1. Network Solutions Under Large Scale DDoS Attack, Millions of Websites Potentially Unreachable
   Jan 23, 2009
2. U.S. General Reserves Right to Use Physical Force, Even Nuclear, in Response to Cyberattack
   May 13, 2009
3. Google Cloud Storage Coming Within Weeks
   May 20, 2009
4. Finland First Country to Make Broadband a Legal Right
   Oct 14, 2009
5. SPECIAL: Updates from the ICANN Meetings in Sydney
   Jun 26, 2009
6. Google Rolling Out Its Services Over IPv6
   Jan 08, 2009
7. ICANN's President and CEO Announces Resignation
   Mar 02, 2009
8. Iran's Internet Censorship Most Sophisticated in the World
   Jun 19, 2009
9. Comcast Unleashes Trial DNS Redirection in Select States
   Jul 09, 2009
10. Latest Cybersquatting Stats from WIPO
    Mar 16, 2009

Top 10 Industry News in 2009 by sponsored posts*:

1. Facebook Selects MarkMonitor Antifraud Solutions to Combat Malware
   by MarkMonitor - Apr 30, 2009
2. .ORG First Open Top-Level Domain to be Signed with DNSSEC
   by PIR - Jun 02, 2009
3. Perspectives from a Nonprofit Domain Name Registry on Navigating the Social Media Frontier
   by PIR - Apr 24, 2009
4. Expanding Internet Access Driving Software Piracy, Study Says
   by MarkMonitor - May 22, 2009
5. A Seemingly Overwhelming Number of Important Documents Released by ICANN
   by MarkMonitor - Jun 02, 2009
6. MarkMonitor AntiFraud Solutions Combine Proven Antiphishing and Expert Antimalware Capabalities
   by MarkMonitor - Mar 23, 2009
7. DNSstuff.com Offers Trusteer Rapport Product to Help Users Boost Their Defenses Against Online Fraud
   by DNSstuff - Mar 23, 2009
8. dotMobi Names AutoTrader.mobi as Millionth Site Tested by Acclaimed mobiReady Tool
   by dotMobi - May 20, 2009
9. IP Rights in Digital Environment Key Element of Proposed Treaty
   by MarkMonitor - Apr 15, 2009
10. COCC Partners with MarkMonitor for Anti-Phishing Services
    by MarkMonitor - Mar 18, 2009

* Featured news updates from CircleID's industry participants by more information here - see 'Dedicated Marketing Channel' section

Written by CircleID Reporter