The Many Vulnerabilities of an Open Internet

1.  Is an "Open Internet" defined like an "open market?"

A major confusion about what an "Open Internet" means comes from what Chairman Genachowski said: "The fifth principle is one of non-discrimination -- stating that broadband providers cannot discriminate against particular content or applications." 

• The speech's explicit language implies that the FCC's non-discrimination definition could be absolute, like it is in the current Markey-Eshoo Bill (HR 3458), in that it is not a qualified-term as all non-discrimination provisions have been since 1934 as... "unjust or unreasonable discrimination" or "undue or unreasonable preferences... predjudice, or disadvantage." [Bold added]


• Surely the FCC can't be interpreting the FCC's Title I authority that the FCC has authority to impose a non-discrimination requirement for unregulated broadband information services that is more strict than the strictest non-discrimination requirement for regulated telecom services that is already in Title I section 10 and in Title II section 202.


• Surely that extreme absolute can't be the case because that would imply that the FCC intends to regulate Internet transmissions for the first time much more restictively than any communications transmissions have been regulated the last 75 years. 


• Surely a "free and open Internet" means what the language implies, a competition-driven unrestricted Internet, not a euphemism for disguising a new regulator-driven, hyper-restricted Internet that proactively discriminates in favor of applications at the expense of networks. 


• Surely the FCC can't be interpreting the FCC's Title I authority to empower the FCC to restrict the business practices of competitive companies more strictly than the business practices of monopoly companies ever were. 


• Surely the FCC cannot be interpreting the FCC's Title I authority to regulate broadband companies that are not common carriers (cable, wireless, and satellite), as common carriers, when the law explicitly has always treated them differently even if they are "all paths to the same Internet."  


• Surely the FCC cannot interpret constitutional due process and equal protection to allow the preemptive and selective restriction and punishment of hundreds of broadband companies (that the FCC Chairman implictily acknowleged have done nothing wrong), based on just two official problems the FCC has found in several years of oversight, and also based on the FCC's Broadband Policy Statement which explictly applies to more than just broadband providers: "consumers are entitled to competition among network providers, application and service providers and content providers."   

3.  Is an "Open Internet" defined to be un-protected, unguarded, or vulnerable to attack?

In describing the FCC's new purpose in preserving an "Open Internet," Chairman Genachowski was largely silent on whether an "Open Internet" would be a "safe Internet" or a "secure Internet."

• The only reference to Internet safety and security in Chairman Genachowski's ~4000 word speech was: the non-discrimination "principle will not constrain efforts to ensure a safe, secure, spam-free Internet experience, or to enforce the law. It is vital that illegal conduct be curtailed on the Internet." 


• Apparently there was no place in the positive definition of an "Open Internet" for the concept of cyber-security because it was not mentioned at all as a problem or threat to the Internet.


• It is noteworthy, that a speech about "preserving a free and open Internet" made no mention at all of President Obama's important declarations on cyber-security and cyber-security threats in his cybersecurity address 5-29-09.


• President Obama said:
  
  
  
  • "This new approach starts at the top, with this commitment from me:  From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be:  as a strategic national asset.  Protecting this infrastructure will be a national security priority.  We will ensure that these networks are secure, trustworthy and resilient.  We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage."
  
  
  • "In short, America's economic prosperity in the 21st century will depend on cybersecurity." ..."It's about the privacy and economic security of American families." "...this is also a matter of public safety and national security."  


• Remarkably, FCC Chairman Genachowski's speech about "Preserving a Free and Open Internet: a Platform for Innovation, Opportunity, and Prosperity" did not consider raging cyber-crime and rapidly-escalating cyber terrorism threats to the reliable operation of the Internet, our financial system, and our electrical grid, to be mentioned as a danger to the Open Internet and American opportunity and prosperity -- or to be worthy of the FCC's internet policy attention.


• Also remarkable was that the only mention of a "danger" in Chairman Genachowski's "Open Internet" speech was:
  
  
  
  • The concern about "a dangerous retreat from the core principle of openness -- the freedom to innovate without permission..." and that    
  
  
  • "This is not about protecting the Internet from imaginary dangers."

Surely the FCC's definitions of an "Open Internet," "net neutrality" and a non-discrimination Fifth principle will not effectively define broadband providers as the greatest threat and danger to an Open Internet and its users -- a greater threat and danger than cyber-criminals or cyber-terrorists.

Surely, the FCC does not see the potential for anti-competitive discrimination that harms innovation as a bigger danger to consumers and a more important problem to address than the real, pervasive every day cyber-security threat of viruses, worms, malware, cyber-crime, identity theft, cyber-stalking, fraud, denial of service attacks, bot-net zombie networks, etc.

Surely the FCC will be explicit in caring if the Internet is reliably available and operational so that the Internet can be free and open and can enable innovation, opportunity and prosperity.

Surely the FCC will be explicit that it understands some things are more important than others and that without meeting physical, security, and social Internet needs first, aspirational needs like openness tautologically cannot be met. (See my post: "A Maslow's Internet Heirarchy of Needs? Will the Internet have priorities or be a priority-less Internet?") 

Surely if competitive broadband providers' business models are truly not viewed as a danger to users but as an essential part of the cybersecurity solution, the non discrimination "Fifth Principle" definition should make it explicit that nothing in that principle should be interpreted to hinder network operators' ability to manage, protect and safeguard their networks and customers from the full and evolving spectrum of unforeseen cyber-security risks and harms.

• Surely any new regulation definitions to fulfill its new found purpose of preserving an "Open Internet" must square with the FCC's 75-year-old  purposes Congress authorized for the FCC from Title I section 1: "...for the purpose of the national defense, for the purpose of promoting safety of life and property..."


• Surely any new FCC Open Internet regulatory definitions will comport with, agree with, and stay within the bounds of existing longstanding FCC statutory authority and precedent.    

Given that Chairman Genachowski's speech focused a good bit on the history of Internet openness as a design principle, it is relevant to share the security assessment of an "Open Internet" -- from the perspective of Vint Cerf, the renowned actual co-designer of the Internet's end-to-end protocol.

• In an interview with the Guardian, Mr. Cerf shared his candid assessment of the many security vulnerabilities of an Open Internet:
  
  
  
  • "It's every man for himself," he says, grinning. "In the end, it seems every machine has to defend itself. The internet was designed that way."
  
  
  • "...every machine that can be compromised is a potential hazard. A machine that was OK yesterday is certainly not OK today: it may have ingested an infected memory stick...."
  
  
  • "My bias right now tends to be 'It's every man for himself' - you need to be suspicious whether you're inside the trusted cloud or not, and when it fails, the house of cards tends to collapse." 

Given Mr. Cerf's blunt assessment of the security problems inherent at the edge of an end-to-end architecture of the "Open Internet," there are many security threats: malware, viruses, worms, trojans, denial of service attacks, etc., which require reasonable network management to defend against.