[IRP] Fwd: For the Records: Main SOP session
Thu Sep 16 15:21:29 EEST 2010
I would like to share EFF statement prepared for the main session on
Security, Openness and Privacy. Regards, Katitza
IGF 2010 Main Session on Security, Openness and Privacy_
Contribution of Kevin S. Bankston
Senior Staff Attorney
The Electronic Frontier Foundation
Thank you for allowing me to represent the views of the Electronic
Frontier Foundation in this important dialogue on Security, Openness,
and---the focus of my comments---Privacy.
When considering avenues for international cooperation in maintaining
cybersecurity, EFF proceeds from one overriding premise: that
fundamental liberties---in particular, the right to privacy and the
right to free expression, including the right to speak
anonymously---must not be sacrificed on the alter of security.
Freedom and openness, by their very nature, carry risk. A perfectly
secured network is a perfectly controlled network, and is by definition
not open or free. A perfectly secured network is also a frank
impossibility, and EFF fears that in attempting to achieve that
impossible goal we may surrender the values of openness and innovation
that the Internet both enables and thrives upon, and that in seeking to
establish an architecture that facilitates the security of the internet,
we will instead unwittingly build an architecture that enables tyranny.
Put another way, cybersecurity must not be allowed to become a pretext
for authoritarian control of the network environment. I recognize that I
am using strong words, but I do use them purposefully.
Of most concern to EFF is what we perceive to be a current over-emphasis
in cybersecurity discussions on the need for increased monitoring and
control of network traffic, with a renewed focus on direct governmental
involvement in such monitoring and control. This is represented in my
country, the United States, by recent legislative proposals that would
grant our President broad and undefined powers to declare and respond to
a cybersecurity emergencies, including the power to order the
disconnection of Internet facilities that he deems to be critical
infrastructure---you have likely heard this referred to as the "Internet
kill switch" ---and that would grant the government vague and expansive
new authority to obtain from Internet providers user information that is
deemed relevant to that emergency.
Granting governments such powers over our networks, in addition to
posing an unprecedented threat to privacy and the freedom of expression,
seems an overreaction when there are much more straightforward measures
that would not risk collateral damage to the rights of every Internet
user. Rather than focusing on securing the network---requiring vast new
expenditures from service providers that already operate on razor thin
margins, while also risking the freedoms of millions---we think that
there must be instead renewed focus on protecting the end-points in the
network, by addressing the software vulnerabilities and poor security
implementations that are the root cause of our problems.
We and the countless other millions that rely on the Internet should not
have to tolerate new restrictions on free speech or surrender our
privacy because software providers build insecure software, or because
those who run that software fail to use it correctly. Put simply and
frankly, it would be dangerously shortsighted to invite our governments
to exercise more control over the Internet simply because someone
forgets to patch their Windows installation. We do not address telephone
and mail fraud by allowing the government to listen to any phone call or
open any piece of mail; we deal with them by arming those who may be
targeted with the knowledge and tools they need to defend themselves, by
strictly enforcing the law against wrongdoers that we succeed in
discovering, and by working to mitigate the damage when we fail. The
internet should not and must not be treated differently, or else we risk
destroying the very thing we seek to protect.
Thank you very much for your time, and I look forward to a continuing
dialogue on these critical issues.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IRP