[discuss] we need to fix what may be broken

Wed Apr 16 02:59:42 UTC 2014

Dear Carlos

You list an impressive set of issues that need fixing, and of course 
these are only illustrative of the larger issue - that technical and 
business decisions about the Internet have become so important to our 
societies today that there needs to be some way to incorporate public 
interest in them.... Perhaps, a formal way to do so, but you may have 
different ideas...

I will certainly like to know, having described the problem so well, 
what do you suggest as a remedy, or even the directions towards a 
possible one. The draft netmundial document to me does certainly not 
open up any such direction, much less bring up a remedy... Isnt these 
kind the key global Internet governance issues that people seek 
resolution of, and not trite statements that the Netmundial doc is full 
of, although, at another level, I would say, hardly innocent ones, but 
lets not get into that.

So, basically, how are we moving towards fixing what so convincingly 
show needs fixing?

(And I hope this falls in the category of 'good comments' that you were 
expecting :) )

Thanks and best regards
parminder

On Wednesday 16 April 2014 03:17 AM, Carlos A. Afonso wrote:
> Dear people,
>
> I recall our discussions with folks in the so-called "technical
> community" between IGFs 2006 and 2007, in which the mantra "do not fix
> what is not broken" was used to convince us all that management of the
> logical infrastructure of the net should not be even considered as an
> Internet governance topic in the IGF dialogues (and this with the IGF
> prohibited from making recommendations). Thanks to pressure from sectors
> of civil society and the government of Brazil (host to the 2007 IGF), we
> finally managed to insert the theme in the IGF agenda, but it had to go
> under the disguise of "critical Internet resources".
>
> A bit more than six years passed, and what we see? Relevant and
> frightening examples of the frailty of the current "governance" or
> coordination model of the network -- mostly in the expert hands
> basically of the I* group of entities and forums, which goes beyond just
> names, numbers and protocols, and badly in need of fixing (and I assume
> that the fix in general will involve more than just technical
> coordination measures):
>
> - The net was revealed as incredibly vulnerable by the revelations on
> NSA surveillance, and we discovered that the NIST was at cahoots with
> the NSA in "backdooring" the cryptographic systems.
>
> - The IPv6 transition was literally abandoned by Icann. This on the one
> hand is good, since I am one of the people who defend the
> decentralization of Iana functions, and the RIRs structure works
> technically quite well. But they cannot carry alone the burden of the
> political/economic aspects of this transition. A more assertive Icann
> (and other stances, such as the ITU pressuring their clients, the big
> telcos, and equipment manufacturers taking the transition really
> seriously) would have helped avoid this situation of crisis in the
> addressing system (just read the situation papers and strong alerts by
> Geoff Huston), which by the way increases vulnerability of the net with
> improvised concoctions such as CGNAT and so on.
>
> - The OpenSSL memory leak bug was sitting in our servers for years, to
> the joy of NSA and similar peeking folks, and this is an open source
> system maintained by the "technical community" -- supposedly, open
> source code is there to be verified, double-checked etc, particularly
> such a key security element of the net; there is nothing more disruptive
> of the net security that we know of since the net became so pervasive
> worldwide; I operate a very small non-profit Web service and am
> horrified by the implications of this failure to verify the code.
> Literally no one could know how far their servers' data have been
> compromised after Heartbleed was sitting there for so many years -- and
> who knows how many servers are still in need of patching.
>
> - Now Yahoo decides unilaterally to implement an email verification
> feature (DMARC) which is still in beta, affects all its users, and even
> the implementation they did is not clear, as Miles Fidelman verified,
> and I quote: "They knowingly did massive damage, published some
> suggestions on how to mitigate that damage - using a capability defined
> in the spec. that they deployed - then say "we don't support that"."
>
> - And there are signs that Gmail may be taking unilateral measures as
> well (not clear yet what is being done), as suspected recently by Lauren
> Weinstein.
>
> In the last two cases, there is a caveat -- they are free, opt-in
> services, no one is required to use them to be on the net. But hundreds
> of millions of users rely on their services, and these users are
> basically "voluntary shareholders" of them, as the profiling of their
> presence adds revenue to the respective companies -- but they are a
> special kind of shareholders whose share just earns them unlimited mail
> and social net services' use in exchange for their profiling. Someone
> described these users as "products", which also makes some sense. And
> the central fact is that these unilateral measures (using features which
> the "technical community" describes as still beta) impact on hundreds of
> thousands of email and listserv services worldwide, even on their own
> users (!), and their response seems to be "this is what we are doing,
> sorry".
>
> The OpenSSL failure is so incredibly disruptive that some entities who
> have Web sites in our servers are happy they never used SSL -- their
> argument is: "if I had SSL, it would attract peekers thinking that,
> well, this site uses SSL so there may be something worth mining there...
> and it is easy to mine!"
>
> Frankly, there are things scarily broken in this "governance" or
> coordination system (and let us recall that coordination does not
> necessarily mean centralization), and I hope NETmundial will provide an
> opportunity to dialogue on what to do. It is the billions of Internet
> users who are expecting us to do something better.
>
> fraternal regards
>
> --c.a.
> Carlos A. Afonso
> [writing in my personal capacity only]
>
>
> _______________________________________________
> discuss mailing list
> discuss at 1net.org
> http://1net-mail.1net.org/mailman/listinfo/discuss
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://1net-mail.1net.org/pipermail/discuss/attachments/20140416/2dc012bb/attachment.html>