Internet SafetyAn International Perspective

Edmon Chung

2 Aspects of Internet Safety• Information Security– Computer Virus, Phishing, Cyber crime, etc.– Privacy, Identity theft, Cyber bullying, etc.

• Content– Obscene and Indecent Content, etc.– False information, rumor milling, etc.

Internet Governance• Broad Term:– coordination of technical standards– operation of critical infrastructure– ICT development / digital divide (inclusion)– regulation, and legislation– And others

• Internet governance is not restricted to the activities of governments.

Internet Governance (United Nations)• UN Millennium Declaration (and Development Goals)• World Summit on the Information Society (WSIS)– Geneva 2003 and Tunis 2005– Geneva Declaration of Principles

• http://www.itu.int/wsis/docs/geneva/official/dop.html– Geneva Plan of Action

• http://www.itu.int/wsis/docs/geneva/official/poa.html– Tunis Commitment

• http://www.itu.int/wsis/docs2/tunis/off/7.html– Tunis Agenda for the Information Society

• http://www.itu.int/wsis/docs2/tunis/off/6rev1.html

• Internet Governance Forum (IGF)• Multi-Stakeholder Approach– Tripartite: Government, Industry and Civil Society

World Summit (WSIS)• Building confidence and security in the use of ICTs– Strengthening the trust framework, including

information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs.

– It is necessary to prevent the use of information resources and technologies for criminal and terrorist purposes, while respecting human rights.

– Spam and cyber-security should be dealt with at appropriate national and international levels.

Confidence, Security & Stability

Perception is Reality

Cyber Criminals• Criminals are investing in infrastructure– They are building scalability– They are increasing security

• Distributed systems• Strong measurements• Good monitoring• Robust data collection

Distributed Infrastructure

• Global spam infrastructure• Spam Hosting Servers

Economies of Scale

• 40% of scams were hosted on the same infrastructure as spam

High Speed & High Performance

• Spam and phishing sites – come up within minutes– and go down within days

• Avg. time online for phishing site: 3.8 days• Max. time online for phishing site: 30 days

Phishing vs. Crime Ware Sites

The ROI on Phishing• The average Revenue per user (RPU)– 2005: $257– 2006: $1,244– 380% increase in revenue

• Global Phishing Revenues– ~$2.8 billion in 2006 (Gartner)– ~$3.2 billion in 2007 (Gartner)– ~$61 million per year (Microsoft)

• Strong business model combined with first-mover technology resulted in largest group making at least $150 million in 2006

Perception is Reality

Internet Safety (overdrive)• Obscene & Indecent content• False information• Rumor milling• Flaming

• Protecting Children

Recent Wave of Legislative Activities• 2008.09.29 – UK Council for Child Internet Safety

(UKCCIS) established• 2009.02.19 – US Internet Safety Act: ISPs, Wi-Fi to

keep logs for police• 2009.03.24 – Bill in Maryland to allow ISPs to

charge fee for households that opt to use parental control features.

• 2009.03.13 – Illinois schools grades 3-12 (=P3-F6) required to develop Internet safety curriculum

• 2009.03.16 – New Jersey passed package of bills targeting online sexual harassment and related electronic crimes.

ICANN (Domain Names)• ICANN– Internet Corporation for Assigned Names & Numbers– International body on Domain Name system (DNS)– Overseeing governance of DNS

• Cyber Security Constituency (Recently Proposed)– as Internet policies are developed at ICANN, the

interests of families, children, consumers, victims of cybercrime, religions and cultures become better represented. For the new technology society, we need carefully to craft mechanisms involving law and industry that balance unfettered free speech and anonymity with some protections against exploitation of the most vulnerable, the ability to address and reduce criminal activity, and . . . the right of Internet users to have choices in the nature of their access.

European Court of Human Rights• Freedom of expression constitutes one of the

essential foundations of [a democratic] society, one of the basic conditions for its progress and for the development of every man.... [I]t is applicable not only to ‘information’ or ‘ideas’ that are favourably received or regarded as inoffensive or as a matter of indifference, but also to those which offend, shock or disturb the State or any other sector of the population. Such are the demands of pluralism, tolerance and broadmindedness without which there is no ‘democratic society’.(10)

3 Waves of Obscenity Obsession• The printing press• Movies and video• The Internet

• It was often difficult to draw a sharp distinction between the suppression of published materials for moral reasons and for reasons of political control or repression– Encyclopædia Britannica

Moral Ethics OR Political Repression?

How bad is the Internet?

Internet Threat to Minors Overblown• "The risks minors face online are complex and

multifaceted and are in most cases not significantly different than those they face offline, and ... as they get older, minors themselves contribute to some of the problems"

• The biggest threats to children's safety online may come from other children, and that their own behavior could contribute to the trouble they encounter.

• "Minors are not equally at risk online," the report said. "Those who are most at risk often engage in risky behaviors and have difficulties in other parts of their lives."

Internet Safety Act Would Make Us Less Safe (ABC News)

• US Internet Safety Act (Proposed)– ISPs and Wifi providers to be required to store information

about your online activities for at least 2 years to enable law enforcement to use legal process to identify and track you down

• That stockpile [of data] would be a goldmine for exploitation

• Private Parties, Marketers Could Clamor for Access• Dangerous Global precedence for repressive regimes• Enforcing the Laws Already on the Books is sufficient• What’s next?• We must not let an emotional issue potentially

jeopardize the liberties of the citizenry and the privacy of their electronic communications.

Creative & Knowledge Economy• Richard Florida 3Ts:– Talent– Technology– Tolerance

• Canadian Law:– "it is a standard of tolerance, not taste … not what

Canadians think is right for themselves to see [but] what the community would [not] tolerate others being exposed to on the basis of the degree of harm that may flow from such exposure.”

Vint Cerf (Father of the Internet):Truth and the Internet

• The Internet… exposes truth to those who wish to see it. [But some] fear the Internet and its ability to make the truth known.

• …the power of the Internet is like a two-edged sword. It can also deliver misinformation and uncorroborated opinion with equal ease. The thoughtful and the thoughtless co-exist side by side in the Internet's electronic universe…

• There are no electronic filters that separate truth from fiction... We have but one tool to apply: critical thinking... We truly must think about what we see and hear. We must evaluate and select. We must choose our guides. What better lesson than this to teach our young children to prepare them for a new century of social, economic and technological change?

• Let us make a new Century resolution to teach our children to think more deeply about what they see and hear. That, more than any electronic filter, will build a foundation upon which truth can stand.

THANK YOUEdmon Chung edmon@isoc.hk