Community Networks Growing the Internet

Sovereignty Is More Than a Designation, It Is a Responsibility

The Internet can provide access to healthcare, education, and economic opportunity, but many indigenous communities face challenges to Internet access and inclusion. Brian Tagaban, Director of Government Policy at Sacred Wind Communications and former executive director of the Navajo Nation Telecommunication Regulatory Commission, is at RightsCon this week – the world’s leading conference on human rights in the digital age – to discuss the digital divide in indigenous communities in North America. He’s there as an Internet Society fellow and joined by other fellows Bill Murdoch, an IT specialist at the Manitoba First Nation School System and the First Nations Health & Social Secretariat of Manitoba, and Madeleine Redfern, the mayor of Iqaluit in Nunavut, Canada.

We spoke to Tagaban at the first Indigenous Connectivity Summit. The event was the start of a critical conversation about how indigenous communities can connect themselves to the Internet on their own terms. He detailed the time, diligence, and effort required to build a regulatory framework, and hoped that other Summit participants could “see how things are possible, celebrate success stories, share those success stories so that they can be built upon, and gain exposure to the political circumstances, social circumstances, geographic circumstances” that other communities faced. With Tagaban’s extensive experience with telecom regulation, he was hopeful that indigenous communities could develop their own effective and informed means of regulation.

“In my work with the Navajo Nation, I was privileged to travel the world, learning other regulatory regimes, exploring the concept of sovereignty. Sovereignty is more than a designation, it is a responsibility. When I was on an international stage, I realized that our nation, the Navajo Nation, is young. We’re infants in this game.”

“With a diligent effort, an honest effort, an effort that is conducive to your neighbors, you can have a regulatory regime that can meet the needs of your community.”

Closing the digital divide is a matter of global responsibility. We all must work together to bridge the digital divide and to foster an inclusive digital society. We must work together to #SwitchItOn.

Indigenous communities face unique challenges to Internet access and inclusion. Learn how you can support indigenous connectivity and save the date for the 2018 Indigenous Connectivity Summit, October 11-12 in Inuvik.

Building Trust Encryption Improving Technical Security

Encryption is key for a trusted Internet

One of the few regrets of Vint Cerf, who is often referred to as the ‘father of the Internet’, is the fact that encryption using public cryptography was not baked in the original ARPANET design. While the early Internet was meant to meet a number of requirements such as resilience and openness, encryption was not one of them. Some of this was because of the high cost associated with encryption, and some if it was for other reasons. This explains why encryption was only introduced at later stages when CPU and memory resources were more affordable.

And, after the revelations in recent years of surveillance, hacking, eavesdropping and leaking information, the need to have strong end-to-end encryption cannot be overstated. The rise of the Internet of Things has made those threats even more salient.

ISOC believes in a safer Internet that everyone trusts. If we don’t trust the Internet, we’re risking one of the world’s greatest tools for communication, economic growth, and endless positive opportunities we haven’t even thought of yet.

In an effort to make Internet access safer, ISOC is promoting good encryption practices on the infrastructure level through programs such as the Deploy360 program and through campaigns encouraging websites to turn on HTTPS by default and have DNSSEC compliance.

The proper use of encryption is critical to building that trust.

Knowing The Subtle Differences

Encrypted traffic going from one device to another generally passes through one or more intermediaries. If a message gets encrypted before leaving the device, Internet service provider and other gateways between the device and the platform would not be able to read it.

But some services are known to provide encryption that’s not end-to-end. This is because the data is decrypted on the intermediary servers before being encrypted again and sent to the target device. Some services assign the same private key for the sender and receiver. This is called ‘symmetric’ encryption, which is not a safe way of encrypting your data since it is possible that something, or someone, could read your stuff before it ends up at its destination.

Where You Can Find End-to-End

The good news is various software vendors are increasingly adopting end-to-end encryption. But It is tricky to know for sure which of those vendors are truly offering end-to-end encryption and which ones are not. The Guardian Project listed a number of mobile apps that have implemented end-to-end encryption. Or, if users are a bit more tech savvy, they could do the encryption themselves instead of relying on the vendor’s software. This is often done for email communication through Pretty Good Privacy (PGP) encryption, which is used by many cyber activists and techies. For instant messaging, Off-the-Record Messaging (OTR) is also widely used.

Any encryption is of little meaning if it is not strong enough to sustain brute attacks, which are becoming stronger because of faster processors and cheaper memory. To minimize risk from such attacks, private keys, as well as passcodes, should be sufficiently complex and long.

It’s Up To All Of Us

A safer Internet we trust is going to take all of us. Boosting the strength of encryption Internet users are using is key to preserve their online privacy.

Sometimes using encryption may very well be the difference between life and death for whistleblowers, activists and journalists who use the Internet to send confidential and sensitive information. In many countries under repressive regimes, protecting the confidentiality of data is critical for survival.

The Bottom Line

The bottom line is that Internet access with strong end-to-end encryption is critical in today’s world where cyber threats of all kinds are on the rise. The more of us who start to use encryption, the more trustworthy the Internet becomes since communication channels become safer.

Although we will not be able to turn back time to embed encryption in the original design of the Internet, we can continue working to make it a priority moving forward.

Join us at the Internet Society and let’s work for a safer Internet we can all trust.

Encryption Human Rights Privacy

Join us at RightsCon 2016!

From 30 March to 1 April, San Francisco will be the world’s capital for discussions around freedom of expression, privacy, encryption, and many other issues related to rights in the digital environment.

Organized for the past few years by Access Now, RightsCon gathers human rights experts, business leaders, technologists, engineers, investors, activists, and government representatives to discuss hot issues related to the Internet and fundamental rights.

During this 2016 edition, key speakers will include Bruce Schneier, David Kaye, Edward Snowden and many more.

The Internet Society, while rooted in the community that creates the building blocks for the Internet to function, strongly believes that technology should be harnessed as a force of empowerment and as an enabler or rights. This is reflected in our continuous engagement in global dialogues at the intersection of the Internet and online freedoms, and in the partnerships we seek.

So what will the Internet Society be doing at RightsCon? We have have a few activities and engagements lined up:

… and much more.

We will communicate about our activities during the week on our social media channels, so don’t hesitate to keep a look there. You can keep up with the conference activities in general using the #RightsCon hashtag across social media.

You can also find information on our ISOC @ RightsCon event page about our specific activities and announcements.

We are looking forward to a great event and continuing our work to bring about an open, trusted Internet that is available to all – and where people have the same rights online that they do offline.  If you are there are RightsCon in San Francisco, please do find us and say hello!

P.S. For an understanding of the Internet Society’s views on the Internet and human rights, please read our policy brief on the topic.

Human Rights Internet Governance

Back from RightsCon Manila: trading freedoms for security?

In Asia – a region that at various points in its recent history has been a hotbed for civil unrest, secessionist movements and political instability – the line between national security and public interest can be difficult to draw.

A session organised by the Internet Society at the recently held RightsCon Southeast Asia in Manila shed some light on the perceived trade-offs between national security objectives and digital rights, in particular freedom of expression and privacy.

Mobile as the new frontline for Internet freedom

Insights shared on the panel highlighted how mobile seems to have become a new frontline for users’ push backs against perceived invasive security measures.

In South Korea, moves to oblige local texting app Kakaotalk to hand over the exchanges of activists speaking against the state’s response to last year’s ferryboat incident led to a mass exodus of users to other instant messaging platforms (such as privacy-focused app Telegram, which drew a reported 1.5 million new registrants in the days following the events in Korea). Consequently, Kakaotalk vowed never to hand over private information to authorities again and introduced opt-in encryption features for its customers.

Last year as well, the ‘umbrella revolution’ in Hong Kong – during which the government threatened to cut off data and mobile connectivity – led a large number of people to start using Firechat, a mesh networking mobile app allowing peer-to-peer communications without the need for Internet connection.

Fragility of online freedoms in the face of “national security”

In a region that does encounter legitimate external and internal security risks, moves to maintain peace and order, even at the price of privacy and freedom of expression, are quite frequent. But among legitimate aims, many civil society groups also argue that some online security measures in Asia are, more than anything, fundamentally designed to limit any threat to state instruments, interests and structures.

Irrespective of the motivations, Internet technical measures in the name of public order or national security often seem to overlook concepts of proportionality, rule of law, public accountability or transparency.

In Pakistan, the Peshawar school massacre in 2014 triggered a renewed vigour for the state to pursue a controversial cybercrime bill that has thus far shunned public input.

In Thailand, which last year experienced its 19th coup d’Etat since it became a constitutional monarchy in 1932, stricter restrictions on online speech were deemed necessary to prevent further violence from erupting among different faction supporters. Social media, which is extremely popular in Thailand (the country has about 24 million Facebook users), has frequently been the target of authorities willing to track down rumors or to monitor online activities.

Even in the Philippines, which enjoys a good level of Internet freedoms and has a high use of texting apps and social media, the visit of the Pope in January 2015 prompted the government to request telecoms to temporarily block network communications.

Strengthening proportionality

But perhaps more notable than these offensives are the checks and balances that citizens themselves assert, pointing to the importance of public sentiment and action in establishing boundaries to broad and sweeping security frameworks.

In Pakistan, amidst laws that forbid them, citizens continue to employ encryption and use virtual private networks.  Similarly, following widespread protests, the Thai government was forced to unblock Facebook in the country after less than an hour of it denying access to the site last year.

While they may be considered essential and legitimate in certain contexts, security provisions must always be accompanied by an equal measure of transparency and just regard for due process.

The discussion also underscored the necessity to engage with the private sector, on the grounds that overbroad security policies may not only disrupt business and escalate operational costs (both for pure players and companies relying on Internet access), but may also violate the trust placed on them by their customers.

Proportionality—an essential yet elusive concept—needs to be better applied to the assessment of technical measures used to achieve security goals. Non-government actors, including citizens, can and should play an important role in assisting national authorities on the trade-offs they may consider as they develop security policies.

Next steps

The insights shared during the RightsCon session will help us continue shaping our policy work in the region and globally.

Illustrations from the panelists also reinforced ISOC’s views on the importance of focusing on security approaches (broadly) that should be premised on trust and respect of fundamental rights and values. Security policies should protect opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.

If you are interested in learning more about our views on security and resilience, please view our paper on Internet security and resilience and our approach to cybersecurity policy.