No Barbed Wire Around the Internet
Published in Neue Zürcher Zeitung
(Switzerland) on 16 November 2013
by Eric Gujer (link to original)
(Switzerland) on 16 November 2013
by Eric Gujer (link to original)
Translated from
by Holly Bickerton.
Edited by Bora Mici.
From the carnage of World War I and trench warfare with its trenches and barbed wire, the French drew the conclusion that only cleverly designed fortifications offered protection from new attacks. They buried vast amounts of concrete in the ground along the border with Belgium and Germany and called the whole thing the Maginot Line. "On ne passe pas" — no entry — was the self-confident motto of the troops in the stronghold. However, the German Wehrmacht circumvented the system of bunkers with its efficient tank divisions and penetrated the barricades at their weak spots. The Line had no bearing on the course of World War II, but one thing became clear: You cannot win tomorrow's battles with yesterday's thinking. After the revelations about the National Security Agency’s extensive spying activities, many Europeans and also the Brazilian government are repeating mistakes of the past and facing the challenges of the future with age-old methods. They will build walls on the Internet, so that non-Americans can communicate securely with each another.
The Internet was originally developed to circumvent problems like destroyed communication networks in the event of war. Every data packet finds its own path. Therefore, national solutions can only be put up at the price of walling in oneself. Dictatorships like China propagandize digital self-sufficiency because they want to monitor and censor their citizens. Meanwhile, in Europe, there is growing support, not for the idea of sealing off the Internet, but for directing Internet traffic so that data is not sent across the Atlantic unnecessarily. National cloud solutions are being discussed. Brazil is going one step further: The government wants to force companies like Facebook to store data about Brazilians in Brazil. New infrastructure would have to be built to achieve this, which customers would have to pay for, or else the firms would probably shut down. Brazil would then unintentionally become an island.
The Enemies of Freedom Are Rejoicing
Until now, the Internet has been a place of relative freedom. Europe has resisted all attempts by Russia and China to limit this freedom with the argument of national security and sovereignty. Talks are taking place at the United Nations and the Organization for Security and Cooperation in Europe about Internet governance and the question of which rules apply online and who can set them. In this context, the debate about additional regulation is an evasive move for Moscow and Beijing. Many Europeans have the understandable desire to show the arrogant superpowers what they are capable of, but they must think carefully about whether they are acting out of wounded national pride in promoting initiatives that run counter to their previous policies and, in the worst case scenario, put up turnpikes all over the web. The Internet is chaotic and libertarian: Its appearance is due primarily to the wishes of its users. With every new rule, its character changes irrevocably.
This penchant for new Maginot Lines is also technologically questionable. Businesses are gradually realizing that computers cannot be made safer by sealing them off from their surroundings. The consultancy firm PwC conducted a study, which found that a company's own employees are responsible for the majority of its security breaches. The second largest risk factor is employees of suppliers and service partners. This is far more significant than external threats, such as hackers or prying competitors.
Computers everywhere today are always connected with one another: They need continual maintenance and third-party software. In case of doubt, the enemy will have quickly penetrated the carefully constructed fortress. Therefore, static protection that can prevent every threat is a mere fiction. It would be just as naive to suppose that spying could be avoided if the state ran much of the critical infrastructure itself. On the one hand, the public sector in Switzerland, as in many other countries, has often hardly been in a position to sensibly plan information technology projects. On the other hand, the state is also reliant on working with third parties, although domestic firms are not necessarily more secure than foreign firms. There can be a gateway for attackers lurking in every piece of software. Modern businesses are thus placing their bets on dynamic defense systems. They are constantly analyzing threats, testing their own weak spots and trying to channel and neutralize attacks.
Hopelessly Technologically Inferior
The calls are loud and clear for the state to provide subsidies for the European IT sector to make itself independent from America, but in a rapidly changing industry, this would only lead to ruined investments and the deceptive feeling that the state will sort out everything. Businesses and individuals must take responsibility; they must decide which data they save in which cloud and which emails they encrypt. Effort and patience can crack almost all codes, but since even the NSA does not have unlimited resources, it will be enough if as many users and in particular as many telecommunication firms as possible take precautions. In data security, there is no difference between the police who catch crooks and the honest citizens who sleep peacefully.
States can only actively defend themselves on the Internet: Digital barbed wire does not keep out spies. For this reason, we need modern intelligence services, but the country which has protested the loudest has taken little action so far. Until recently, the German intelligence service, the BND, only had 80 employees working in cybersecurity. At the same time, the chancellery of the prolific telephone user, Merkel, has forced the BND to assume a passive role by means of dozens of legal restrictions.
Continental European intelligence services are too weak to deter a technologically superior opponent such as the NSA. To change this would require investment and the willingness to enter into a debate about the surveillance state, for the ability to defend oneself is also the ability to attack, including a country's own citizens if necessary. More protection from snooping by other countries has serious side effects for the Internet and how we use it. A couple of extra fortresses are certainly not the solution. In the online world, you cannot overcome tomorrow's challenges with yesterday's thinking.
The Internet was originally developed to circumvent problems like destroyed communication networks in the event of war. Every data packet finds its own path. Therefore, national solutions can only be put up at the price of walling in oneself. Dictatorships like China propagandize digital self-sufficiency because they want to monitor and censor their citizens. Meanwhile, in Europe, there is growing support, not for the idea of sealing off the Internet, but for directing Internet traffic so that data is not sent across the Atlantic unnecessarily. National cloud solutions are being discussed. Brazil is going one step further: The government wants to force companies like Facebook to store data about Brazilians in Brazil. New infrastructure would have to be built to achieve this, which customers would have to pay for, or else the firms would probably shut down. Brazil would then unintentionally become an island.
The Enemies of Freedom Are Rejoicing
Until now, the Internet has been a place of relative freedom. Europe has resisted all attempts by Russia and China to limit this freedom with the argument of national security and sovereignty. Talks are taking place at the United Nations and the Organization for Security and Cooperation in Europe about Internet governance and the question of which rules apply online and who can set them. In this context, the debate about additional regulation is an evasive move for Moscow and Beijing. Many Europeans have the understandable desire to show the arrogant superpowers what they are capable of, but they must think carefully about whether they are acting out of wounded national pride in promoting initiatives that run counter to their previous policies and, in the worst case scenario, put up turnpikes all over the web. The Internet is chaotic and libertarian: Its appearance is due primarily to the wishes of its users. With every new rule, its character changes irrevocably.
This penchant for new Maginot Lines is also technologically questionable. Businesses are gradually realizing that computers cannot be made safer by sealing them off from their surroundings. The consultancy firm PwC conducted a study, which found that a company's own employees are responsible for the majority of its security breaches. The second largest risk factor is employees of suppliers and service partners. This is far more significant than external threats, such as hackers or prying competitors.
Computers everywhere today are always connected with one another: They need continual maintenance and third-party software. In case of doubt, the enemy will have quickly penetrated the carefully constructed fortress. Therefore, static protection that can prevent every threat is a mere fiction. It would be just as naive to suppose that spying could be avoided if the state ran much of the critical infrastructure itself. On the one hand, the public sector in Switzerland, as in many other countries, has often hardly been in a position to sensibly plan information technology projects. On the other hand, the state is also reliant on working with third parties, although domestic firms are not necessarily more secure than foreign firms. There can be a gateway for attackers lurking in every piece of software. Modern businesses are thus placing their bets on dynamic defense systems. They are constantly analyzing threats, testing their own weak spots and trying to channel and neutralize attacks.
Hopelessly Technologically Inferior
The calls are loud and clear for the state to provide subsidies for the European IT sector to make itself independent from America, but in a rapidly changing industry, this would only lead to ruined investments and the deceptive feeling that the state will sort out everything. Businesses and individuals must take responsibility; they must decide which data they save in which cloud and which emails they encrypt. Effort and patience can crack almost all codes, but since even the NSA does not have unlimited resources, it will be enough if as many users and in particular as many telecommunication firms as possible take precautions. In data security, there is no difference between the police who catch crooks and the honest citizens who sleep peacefully.
States can only actively defend themselves on the Internet: Digital barbed wire does not keep out spies. For this reason, we need modern intelligence services, but the country which has protested the loudest has taken little action so far. Until recently, the German intelligence service, the BND, only had 80 employees working in cybersecurity. At the same time, the chancellery of the prolific telephone user, Merkel, has forced the BND to assume a passive role by means of dozens of legal restrictions.
Continental European intelligence services are too weak to deter a technologically superior opponent such as the NSA. To change this would require investment and the willingness to enter into a debate about the surveillance state, for the ability to defend oneself is also the ability to attack, including a country's own citizens if necessary. More protection from snooping by other countries has serious side effects for the Internet and how we use it. A couple of extra fortresses are certainly not the solution. In the online world, you cannot overcome tomorrow's challenges with yesterday's thinking.