Internet Security

Free Press in its latest report: "Deep Packet Inspection: The end of the Internet as we know it?" continues to mischaracterize "reasonable network management" practices (that ensure quality of service and filter out harmful traffic like spam, viruses, and other malware) as bad practices and misuse of technology that threatens users' privacy and freedom of speech.   

It is inaccurate and unfair to mischaracterize reasonable network management this way.

The Free Press report uses a common analogy about "deep packet inspection" (DPI) technology. It analogizes that use of DPI technology by an ISP would be like the post office going beyond reading the address of a letter and looking inside the letter to read the private contents.

• This partial analogy is designed to lead people to believe that DPI is only a privacy-invading technology without any merit or useful function. 

Let's explore the letter and post office analogy more fairly and accurately.

The cybrastructure is everything that can be digitally connected to the Internet, and the cybrastructure is increasingly vulnerable to cyber attack from hackers, criminals, terrorists and other bad actors. The exploding growth in people, devices, information, and systems connected to the Internet, naturally creates an exponential increase in vulnerabilities that bad actors can exploit.  This makes cybersecurity an increasingly urgent priority. 

• Many think of cybersecurity as protecting users, organizations, computers, devices, and private/sensitive information, but it is much more. More and more, cybersecurity is about protecting critical systems too; our banking, capital markets, and e-payment systems; our electrical grid and utilities; our health care infrastructure; our public safety and military systems; etc. -- that all can be accessed or hacked by a wide variety users, organizations, computers, and devices. 
• The cybrastructure now is the vulnerable soft underbelly of our economy and society.   

Fortunately, the security and safety of the cybrastructure is finally getting the priority attention it deserves.   

How can free have a cost? Well a lot of different things are converging in Washington that could bring much more focus to -- "the costs of free" on the Internet.

• Last month's Revised Behavioral Advertising Principles from FTC Staff are largely about making more transparent the privacy "costs" of "free" Internet products and services funded by online behavioral advertising.
• This month's NYT news that House Internet Subcommittee Chairman Boucher now supports passage of new Internet privacy legislation requiring consumer "opt-in" permission in order to exploit consumer information, implicitly recognizes the substantial hidden privacy "cost" of behavioral advertising.
• This week's privacy and security-related complaint to the FTC filed by EPIC against Google's free cloud computing services, further brings to the forefront the hidden "costs" of free on the Internet.

What is likely to be the next Twitter, the hot micro-blogging web 2.0 app/phenomenon that lets Twitterers "tweet" to the world what they are doing at any given moment?

• To answer that important forward-looking question we need to extrapolate where current Web 2.0 social networking trends are taking us.

First, since Twitter only allows micro-messages of 140 characters or less (the length of my first sentence), the big trend must be "less is more."

This gave me an idea for a new Web 2.0 killer app: "Fritter."

Evidence continues to mount that the real problem on the Internet is that it is not as safe/secure as it needs to be -- not the popular neutralist myth that it is not open/neutral enough. (Parts: I, II, III)

• I would be surprised, if the succinct evidence that I have assembled below, does not deeply trouble the reader.  
• Moreover, it is also troubling that there is not more focus on the real and increasing problem of Internet safety/security because there is so much attention focused on making the Internet even more open and vulnerable than it already is.    

The Mounting Evidence of a Growing Internet Security Problem:

Please check out "Why I am against pure net Neutrality" by Adam O'Donnell a R&D engineer for Cloudmark.

Mr. O'Donnell understands that the extreme calls for no bit interference by many net neutrality proponents turns an irresponsible blind eye to the necessity of Internet security. 

The vision for a dumb pipe digital commons ill-serves Internet users because it bans smart network innovation at the core that could enable better internet security for all.

Evidence continues to mount that the real problem on the Internet is that it is not as safe/secure as it needs to be -- not the popular myth that it is not open/neutral enough. (See previous posts in this ongoing series here: Part I, Part II)

• It is a sad state of affairs when there is more media and public policy attention paid to addressing potential "open" Internet problems, than to the very real and increasing Internet safety/security problems.

More evidence on the seriousness of the Internet's growing security problem:

"The Online Shadow Economy: a billion dollar market for malware authors." MessageLabs White Paper

• "The shadow Internet economy is worth over $105 billion. Online crime is bigger than the global drug trade."
• "With little chance of being caught and so much money at stake, it is little wonder that "a huge number of people are involved""
• "...malware is going to get more common and more virulent..."

 "Corporations Are Inadvertently Becoming the No. 1 Security Threat to Their Own Customers, According to New IBM X-Force(R) Annual Report"

Evidence mounts that the real problem on the Internet, is not that it is not open/neutral enough, but that it is not as safe/secure as it needs to be. (Part I)

• Public policy priorities are really warped when there is so much discussion about addressing an unproven and potential net neutrality problem, and relatively little discussion about addressing the very real, serious and growing Internet safety/security problems.

Mounting evidence: 

"Cyber-Scams on the Uptick in downturn:" Wall Street Journal

• "Experts and law enforcement officials who track Internet crime say scams have intensified in the past six months as fraudsters take advantage of economic confusion and anxiety to target both consumers and businesses." 
  • "Cyber-assaults on many banks have doubled in the past six months in the U.S."     

"70 of Top 100 Web Sites Spread Malware" Information Week

• "That represents a 16% increase over the first half of 2008."

"Website infection rising, warns Websense" PortalIT News

Kudos to the group of Internet security experts who came up with the Top 25 coding flaws that lead to ~85% of all cyber-criminal activity on the Internet -- thanks for the heads up from Zero Day Threat and Byron Acohido's article in USA Today.

I look at this ~85-25 insight as the cyber-security community's version of the old 80-20 adage that 80% of effects come from 20% of the causes. 

• While the numbers are slightly off in this instance -- the concept is dead on. 
• If you want to get anything done in the real world, one has to use tried and true strategies like the 80-20 rule. 

To explain the rest of my mixed metaphor...