By Amie Didlo
Last week Russian hackers obtained the largest database of personal records in history with more than 1.2 billion user names and password combinations, and over 500 million email addresses during a security breach on a Milwaukee-based firm. The breach heightened claims that the skill and persistence of malicious activity has outstripped the technical and policy measures to combat them. By every measure, the assessment made by the Federal Foreign Office of Germany’s Commissioner for International Cyber Policy, Dirk Brenglemann, that this is the year of Internet governance is accurate. Since last summer, when Edward Snowden revealed to the world the covert policies and activities of the U.S. government’s National Security Agency (NSA), a steady stream of events have called into question the U.S. government’s demarcation between civil liberties and surveillance, as well as information security and how to address the issue of Internet governance; all meanwhile resulting in or exacerbating belabored foreign relations with numerous key states, including Germany, China, and Brazil.
In December 2013, 40 million credit card numbers and 70 million addresses, phone numbers, and other forms of personal identification were acquired during a breach on the retail store Target. Previously, perpetrators in Vietnam obtained 200 million personal records. Yet the protection of personal financial information is only one reason for increased calls of Internet security. Strained relations between our close NATO ally Germany took a turn for the worse last month when the German government expelled a U.S. Embassy official on charges of spying. Meanwhile, Brazil’s Chamber of Deputies passed that country’s Internet Framework bill - essentially an Internet bill of rights - in April of this year under increased pressure from constituents once NSA surveillance practices became known. In other words, individual users, the business sector, and world governments alike are now demanding international Internet regulatory codes of conduct.
While threats posed include compromised financial data, trade secrets, military commands, power stations, electrical grids, and communication networks, the scope of threat is predicted to increase as a result of more and more devices coming online, nearly 30 billion as ABI Research forecasts by 2020. Dubbed the “Internet of Things,” the demand for more intelligent and interconnected services will result in an incalculable array of commonplace smart objects. The vision that individuals will be able to use the same device – some of which are yet to be imagined, let alone in production – differently from one another reveals the great innovation and awe the Internet continues to inspire. Yet, by design, the Internet and the devices linked to it are intended to facilitate interconnectedness, not necessarily security, and this poses the problem of how to maintain and foster the Internet’s defining freedoms, allowing innovation and creativity to thrive there, to that of the need to protect from malevolent, if not disastrous, acts. These increasingly prevalent embedded tools possess what are referred to as zero-day vulnerabilities and these vulnerabilities permit hackers to access them remotely according to a report released by Hewlett Packard earlier this month, underscoring the public safety issue made my many in the security community.
These events and sentiments culminate in the establishment of many new multilateral bodies intended to address increased governance concerns. Examples include Brazilian-based NETmundial: Global Multistakeholder Meeting on the Future of Internet Governance; the Global Commission on Internet Governance, chaired by Carl Bildt, Sweden’s Minister of Foreign Affairs; and EastWest Institute’s three-year Global Cooperation in Cyberspace Initiative to name a few. These bodies are in addition to ICANN, the Internet Governance Forum, the UN Group of Governmental Experts on Transparency and Confideance-Building, and the International Telecommunication Union. Concurrently, Google’s announcement last month of its Project Zero initiative will likely put pressure on software manufacturers to more thoroughly review products for bugs and security breach opportunities before distribution. While is yet to be seen what agreements can be made among these governing bodies and what policy initiatives will transpire as a result of them, the challenge to create a safe, interconnected, and free Internet is ripe and imperative.
Amie Didlo is an Executive Office intern at the EastWest Institute's New York City office.