[IRP] Fwd: For the Records: Main SOP session

[Katitza Rodriguez]

Greetings,

I would like to share EFF statement prepared for the main session on 
Security, Openness and Privacy. Regards, Katitza


_
IGF 2010 Main Session on Security, Openness and Privacy_

Contribution of Kevin S. Bankston

Senior Staff Attorney

The Electronic Frontier Foundation

Thank you for allowing me to represent the views of the Electronic 
Frontier Foundation in this important dialogue on Security, Openness, 
and---the focus of my comments---Privacy.

When considering avenues for international cooperation in maintaining 
cybersecurity, EFF proceeds from one overriding premise: that 
fundamental liberties---in particular, the right to privacy and the 
right to free expression, including the right to speak 
anonymously---must not be sacrificed on the alter of security.

Freedom and openness, by their very nature, carry risk. A perfectly 
secured network is a perfectly controlled network, and is by definition 
not open or free. A perfectly secured network is also a frank 
impossibility, and EFF fears that in attempting to achieve that 
impossible goal we may surrender the values of openness and innovation 
that the Internet both enables and thrives upon, and that in seeking to 
establish an architecture that facilitates the security of the internet, 
we will instead unwittingly build an architecture that enables tyranny. 
Put another way, cybersecurity must not be allowed to become a pretext 
for authoritarian control of the network environment. I recognize that I 
am using strong words, but I do use them purposefully.

Of most concern to EFF is what we perceive to be a current over-emphasis 
in cybersecurity discussions on the need for increased monitoring and 
control of network traffic, with a renewed focus on direct governmental 
involvement in such monitoring and control. This is represented in my 
country, the United States, by recent legislative proposals that would 
grant our President broad and undefined powers to declare and respond to 
a cybersecurity emergencies, including the power to order the 
disconnection of Internet facilities that he deems to be critical 
infrastructure---you have likely heard this referred to as the "Internet 
kill switch" ---and that would grant the government vague and expansive 
new authority to obtain from Internet providers user information that is 
deemed relevant to that emergency.

Granting governments such powers over our networks, in addition to 
posing an unprecedented threat to privacy and the freedom of expression, 
seems an overreaction when there are much more straightforward measures 
that would not risk collateral damage to the rights of every Internet 
user. Rather than focusing on securing the network---requiring vast new 
expenditures from service providers that already operate on razor thin 
margins, while also risking the freedoms of millions---we think that 
there must be instead renewed focus on protecting the end-points in the 
network, by addressing the software vulnerabilities and poor security 
implementations that are the root cause of our problems.

We and the countless other millions that rely on the Internet should not 
have to tolerate new restrictions on free speech or surrender our 
privacy because software providers build insecure software, or because 
those who run that software fail to use it correctly. Put simply and 
frankly, it would be dangerously shortsighted to invite our governments 
to exercise more control over the Internet simply because someone 
forgets to patch their Windows installation. We do not address telephone 
and mail fraud by allowing the government to listen to any phone call or 
open any piece of mail; we deal with them by arming those who may be 
targeted with the knowledge and tools they need to defend themselves, by 
strictly enforcing the law against wrongdoers that we succeed in 
discovering, and by working to mitigate the damage when we fail. The 
internet should not and must not be treated differently, or else we risk 
destroying the very thing we seek to protect.

Thank you very much for your time, and I look forward to a continuing 
dialogue on these critical issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20100916/8b66ad46/attachment-0001.htm>