The Internet is a mixed blessing. It connects us to the world, and the world to us. That's good. And that's bad. Like any tool, it can be used or misused. The security industry worries about the misuse part: cybercrime, and so-called cyber warfare, where nations use the tools of crime to attack their citizens, or one another.
How worried is it? If RSA Security's reaction is any indication, extremely. During his keynote address at the recent RSA Security conference, RSA chairman Art Coviello issued a call to action, a kind of Internet manifesto, offering up four principles for nations to adopt. Nations should:
- Renounce the use of cyber weapons, and the use of the Internet for waging war.
- Cooperate internationally in the investigation, apprehension and prosecution of cyber criminals.
- Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected around the world.
- Respect, and ensure the privacy of all individuals.
They’re all motherhood and apple pie type aspirations, to be sure, but Coviello went on to explain why he feels each principle is important today.
"The genie is out of the bottle on the use of cyber weaponry," he said, "and unlike nuclear weapons, cyber weapons are easily propagated and can be turned on the developer. We must have the same abhorrence to cyber war as we do nuclear and chemical war."
In that, he’s right. Once malware — the most common form of cyber attack — is in the wild, it’s difficult to control. Hackers on the other side can grab it, analyse it, and pervert it to attack its creator. And, since no software is perfect, a tiny bug can have huge consequences. We only have to remember the Morris worm, a student project that took down the early Internet because of a software error, to appreciate the risks. Our own cyber weapons could easily turn around and bite us.
The second tenet is equally valid. Cooperation in hunting down and dealing with cyber criminals is in everyone’s best interest (except the crooks’). Coviello noted, "the only ones deriving advantage from governments trying to gain advantage over one another on the Internet are the criminals; criminals who grow bolder by the day. Our lack of immediate, consistent and sustained cooperation, globally, gives them the equivalent of safe havens."
Police forces work together where they can, but they’re often handicapped by antiquated legislation and by unenlightened politicians. If nations are serious about combatting crime of any sort, they need to work together to enable their law enforcement agencies. It’s no different in the cyber world.
Since the whole world revolves around commerce, it makes sense that one part of the manifesto should deal with the subject. Said Coviello, "The benefits to all of us from productivity improvements in commerce, research, and communication are too valuable to not achieve agreement on the rule of law. Rule of law must rule!"
OK, that’s a little redundant. But he has a point. Law, particularly international law, needs to catch up with our current e-reality. Copyright, patents, and other laws around protection of and use of intellectual property are still firmly rooted in the 19th century. E-commerce rules need to be codified for the protection and prosperity of all.
Finally, Coviello addressed what is probably the most contentious issue in the online world: privacy. He said, "Our personal information has become the true currency of the digital age and while it is important that we are not exploited, it is even more important that our fundamental freedoms are protected. But with our personal freedom comes responsibility."
He went on, "Governments have a duty to create and enforce a balance. A balance that embraces individual rights and collective security. A balance based on a fair governance model and transparency. As to governments themselves, let me quote one of the US founding fathers, James Madison, "the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself." Openness and transparency will be paramount."
That may be the trickiest issue of all. Governments and citizens frequently have different ideas about privacy; indeed, different departments of a government don’t even agree. And with today’s propensity to exchange one’s personal information for access to services, privacy is frequently merely an illusion.
Unfortunately, that opens the door to criminal activity as well as excessive government snoopiness. The naÃ¯ve user is inadvertently contributing to the problem. And that means we need education. Just as children are taught how to safely cross the street, consumers need to be taught how to safely navigate the cyber-pathways. We can’t rely on Big Brother; we are ultimately responsible for our own cyber safety.