[governance] CS strategic objectives in Internet governance

Norbert Bollow nb at bollow.ch
Thu Oct 31 13:53:49 EDT 2013


McTim <dogwallah at gmail.com> wrote:

> On Thu, Oct 31, 2013 at 6:53 AM, Norbert Bollow <nb at bollow.ch> wrote:
> 
> <snip>
> >
> > So I would say that for example a reform of ICANN's model of
> > accountability/oversight could be part of the agenda of the summit,
> > but only if this is done in the context of a broader “Internet
> > governance architecture” theme that also addresses the creation
> > of a mechanism to end the large-scale global privacy violations
> > committed by the NSA.
> 
> The only possible mechanism to do this is called strong encryption.

Yes -- or more precisely: Strong encryption, well-applied.

Google uses reasonably strong crypto when interfacing with end users.
That doesn't help against the NSA snooping directly on Google's
cloud as per the attached picture from the Snowden cache of documents.

When talking about better protecting (by means of encryption)
communications privacy on the Internet, we need to distinguish between 
communications content on one hand and on the other hand the
communications metadata that is essential for
- getting the communications content delivered to the right destination,
- convincing the recipient machine to accept the communication,
- providing an error notification to the sender if the communication
  was improperly addressed.

End-to-end encryption of communications content, without trying to
encrypt the metadata, is to a large extent a solved problem. We have
standardized mechanisms for this. The problem is just that these
mechanisms are not nearly widely enough used. This is in fact a problem
that governments could do a lot to address, without any need for an
international treaty. For example, how to use email encryption securely
could be made part of the obligatory curriculum of public schools,
courses could be made available free of charge to adults to allow them
to catch up on this, and after a transition period, it could be made a
requirement for personal email communication with government
institutions that the email must be encrypted.

The metadata privacy problem is of course more difficult. We don't have
good solutions in that area yet. It might help though when some
governments announce an intention to promote the use of such
technologies (e.g. in a similar manner to what I've proposed above for
content encryption) as soon as credible solutions based on open
standards become available.

> To think that governments will agree at a "Summit" (called for by a US
> non-profit and one gov't) to stop spying on their own people (and each
> others) seems fairly naive.

I agree.

However IMO it is not totally unrealistic though for a summit to result
(possibly among other outcomes) in some governments getting serious
about empowering their people and their companies to better protect
themselves against foreign spying - by technical means. I'm here not
talking about a treaty or any other form of “negotiating a stop to it”.

> Gov't will express outrage in public, but negotiating a stop to it in
> a UN summit with many years of prep work and negotiations would be a
> real stretch for them.  In a non-UN "summit" I think that is really
> unrealistic.

Yes.

> However, the press about their surveillance plans for the World Cup
> seem to suggest that even they wouldn't sign an int'l treaty limiting
> their ability to monitor communications.  Well they might sign it, but
> violate it anyway, as would many nation states IMHO.

Yes. A “treaty to stop spying” is not only not realistic to achieve, in
the current climate. There is also no reason to expect that such a
treaty would be effective.


Greetings,
Norbert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSA-Google-Cloud.jpg
Type: image/jpeg
Size: 53872 bytes
Desc: not available
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20131031/ffa0f48d/attachment.jpg>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list