Elon University

Main Session: Security, Openness and Privacy

IGF Egypt 2009 Logo

Challenges ahead outlined by expert panel

Session description: This main-hall session at IGF 2009 focused on the practical aspects of the coordination needed to secure the network (for instance to fight spam, malware and viruses) and their relationship to issues pertaining to openness, assuring the open architecture of the Internet. Among the issues discussed were: the economic and political advantages of respect for individual privacy; identity theft, identity fraud and information leaks; concerns tied to Web 2.0 and social networks; cloud computing and privacy (individuals’ control over their data and data retention); regulation of illegal web content; regulatory models for privacy; network neutrality; frameworks for freedom; ethical dimensions in ensuring the openness of the Internet.

Leading participants in the session were: Mark Rotenberg, executive director of the Electronic Privacy Information Center; Bruce Schneier, chief security technology officer, British Telecom; Joseph H. Alhadeff, vice president for global public policy and chief privacy officer, Oracle Corporation; Frank La Rue, UN special rapporteur on the Right to Freedom of Opinion; Cristine Hoepers, senior security analyst and general manager, CERT.br; Namita Malhotra, researcher, Alternative Law Forum, Bangalore, India; Alexander Seger, head of economic crime division, Directorate General of Human Rights and Legal Affairs, Council of Europe. Co-chairs were Jasna Matic, minister of telecommunications and information society for the government of Serbia; and Sherif Hashem, executive vice president of the Information Technology Industry Development Agency (ITIDA), Egypt.

Aiming for the future
November 16, 2009 – One of the highlights of this panel presentation came right about in the middle of the three-hour session, when moderator Marc Rotenberg of the Electronic Privacy Information Center asked everyone the question:

What do you see as the most important challenge to the future of the Internet?

Joseph Alhadeff, Oracle:
“The challenge is the concept of trust and how to establish it. What’s the language you use in these new media to assure it? What is the first step and how do you make those first steps? Groups are talking at each other, past each other or not even with each other. Without establishing trust and a dialogue we won’t get to the mechanisms that will be the way you optimize on the future.”

Cristine Hoepers, CERT.br:
“The challenge is to separate what is a valid security countermeasure that trying to pose as a security countermeasure just to restrict something or collect something. Making things secure can make things even worse.”

Namita Malhotra, Alternative Law Forum:
“The challenge for the Internet is the role that powerful corporate entities have started to play in terms of data aggregation and what they can do to the data and how they use it or sell it. Contextual integrity, data aggregation and powerful corporate entities are the challenge.”

IGF Audience 2009 Bruce Schneier, British Telecom:
“The challenge we face is balancing the interests of the powerful with everyone else. It is too easy with information on the Internet. The biggest challenge we face is recognizing that leverage and giving it not to the powerful or the concentrated but to the diffuse, to the people.”

Alexander Seger, Council of Europe:
“We have to talk about a person-focused approach to all of this. How can we assure the confidentiality, integrity and availability of computer data and systems? We have to find a way to handle this.”

Frank La Rue, UN:
“We have to have the human perspective of guaranteeing security and privacy to guarantee the openness and access to all – fundamentally to have a human rights perspective.”

Sherif Hashem, ITIDA, Egypt:
“We must focus on inclusion and empowerment of the society when we discuss issues related to security, openness and privacy. That will be a fundamental challenge.”

Jasna Matic, minister of telecommunications, Serbia:
“Absolute openness has created a situation that is entirely new to all of us, and the biggest danger is how to use this openness in order not to create more leverage for the already powerful ones.”

Rotenberg smiled easily in delight at the answers and said, “It seems our panel is mainly concerned about the rights of people. Watch out technology, we are looking at you!”

The discussion was opened earlier by Rotenberg, executive director of the Electronic Privacy Information Center with a round of general remarks from each panelist. Alhadeff, of Oracle Corporation, began by referring to the terms in the title of the discussion. “Security, openness and privacy: we have to look at these as components of trust,” he said. “I want to take one principle out of the OECD guidelines – in security there is a role for everyone to take that is appropriate to what they are doing in the context they are doing it. We have new ways in which individuals are using these services.”

He said accountability and transparency are two key concepts, and these along with security, openness and privacy are all related concepts.

Hoepers, with CERT.BR, deals daily on her job with people who have committed breaches and compromises. “Before we talk about privacy measures we need to know who we want to protect the general public from,” she said. “It is not easy to understand the risks today. The criminals are exploiting naive people. The technology makes that easier. Security by design and privacy by design is the issue. More people need to make policies.”

She said universities should begin training technology innovators to include an emphasis on security in their teaching. “More and more I see design is the problem,” she said. “We don’t have universities preparing people, so we have people who don’t understand what the problem is. It’s very expensive to make secure software because people need to do that from scratch because no one is teaching that. Companies need to come up with solutions and universities need to get up to speed. This won’t change quickly. How are we going to prepare the next generation of professionals to think about security when they are coming up with technology?”

Malhotra, a researcher with the Alternative Law Forum in Bangalore, India, acknowledged that privacy is in a different context in the age of modern individualism. “What is it that information technology has done?” she asked. “There is no limit to what can be recorded, there is no limit to the scope of analysis that can be done and this information may be stored virtually forever.”

Security expert Schneier, of British Telecom, said abundance and the low cost of collecting, processing and storing data is causing current challenges to privacy. “We have to realize as a society that we are producing much more data than ever before,” he said. “Computer-mediated processes produce data. E-mail takes the place of voice conversations… This data is often not owned by us, it might be owned by someone else or we may give them control of it, as in cloud computing. Thus a lot of data about us is not under our control.”

Schneier pointed out that as data storage is becoming cheaper, nearly becoming free, data processing is also cheaper and it’s becoming free. This means everyone who has a use for it finds, collects and uses data about us.

“We have to think of ourselves as having a data shadow that leaves data about us everywhere we go,” he warned. “The second point is that data has become a commodity. Users are not very sophisticated about technology and more packaged solutions like Gmail or Facebook are being presented to us. Moreover IT is becoming a utility. When you get a job you expect a desk, a stapler a phone and a computer. This is pushing the trend toward cloud computing. In this world, something that is very important is trust. We can no longer directly affect the security, the reliability of our data. We have to trust our providers. The real dilemma here is liberty versus control. Open government is a way toward greater liberty but conversly citizens with privacy is also a way to greater liberty.”

Seger, the head of the economic crime division for the Directorate General of Human Rights and Legal Affairs for the Council of Europe, said we do not have any global standards on data protection and privacy. “How can we ensure security while maintaining freedom expression and privacy?” he asked. “Cybercrime and threats to cybersecuity are real threats. How do we deal with these? On the criminal justice and law enforcement side we need to have cooperation, we need to carry out financial investigations, but most important all of this needs to be based on law. In the World Summit on the Information Society we have been told we must develop regulations in full recognition of human rights. There is good ground to work toward globally agreed-upon standards and codes that allow us all to cooperate. We need to be able to talk about security and fundamental rights.”

La Rue, UN special rapporteur on the Right to Freedom of Opinion, said we have to enhance communication, understanding and freedom of speech and engage in a new culture of peace. “All public documents must be put to the service of the public,” he said. “Access to information should not be limited. We should try to remember principles as we exercise these human rights. Number one is the principle of equity and justice. Communication facilities should be made accessible to all as an exercise to the right of all peoples under a nation.”

He condemned technology filtering and drew a round of applause. “We should not protect political positions of the state or even religions of a state,” he said.”I think this is crucial to the future of the world today.”

Some additional interesting direct quotes from the session:
Schneier: “Anonymity is a social good, a political good, an economic good – it is a fundamental property of the Internet.”

Bertrand de la Chapelle, representative to the Information Society from France: “Intimacy used to be what you did in your home. Now you are exposing a lot of that information voluntarily and it is just bringing new questions that have to be addressed. So how do you manage online intimacy?”

Malhotra: “It’s actually quite endearing that humans share so much information with each other. It’s a nice trait about us. But we do live in a world in which the state or corporate entities pick up on certain bits of information, and that information results in negative action.”

Related information can be found here:
InfoWorld column – Digital Tyranny in the UK? 

To view the UN video of this event, click here.

To view the UN transcript of this event, click here.

– Senior segment producer, Janna Anderson
Additional reporting by Andie Diemer, Eugene Daniel,
Shelley Russell, Drew Smith and Dan Anderson

Imagining the Internet report on IGF-Egypt 2009 home>

Internet Governance Forum official site>