28 October 2013

Cyberwar lawyers endorse sovereignty

A major work on the application of public international law to the Internet supports the emerging picture that geographic sovereign borders apply to the Internet.

Earlier this year at Chatham House, I attended the London book launch of The Tallinn Manual on the International Law Applicable to Cyber Warfare (Schmitt, Michael, ed.; Cambridge University Press, 2013). This is a fascinating work written by an independent group of expert international lawyers at the invitation of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia.

20 October 2013

Online "smuggling"

In the many years that I have spoken to audiences about Internet Border enforcement, I always enjoy receiving the comment from an audience member that usually goes something like this: "But these enforcement efforts are not effective. I can simply use [a VPN] / [a proxy server] / [the TOR network] / [whatever] to get around the restriction."

I often congratulate the person who makes this comment on having become a successful "Internet smuggler" - someone who breaches a border control for their own purposes. If the mood in the room is especially light, I might even suggest that the person in question probably also knows ways of hiding contraband in their luggage to evade discovery by border officials who otherwise would stop it from entering the country.

14 October 2013

The Babel Fish Paradox

The Hitchhikers Guide to the Galaxy radio, book, and film franchise by the late Douglas Adams is one of the greatest works of science fiction comedy ever created. Part of what makes the series so wonderful is Adams' willingness to satirise social and political issues. One well-known but sometimes overlooked bit in Hitchhikers helps to illuminate an important point about the future of Internet Borders: the "Babel fish".

(Stick with me here. I promise to bring it home.)

11 October 2013

UK cyber defence force

As part of the increasing trend of enforcing State sovereignty online, I note with interest the recent announcement that the UK Ministry of Defence is planning to expand its cyber defence capability by recruiting expert reservists to a Joint Cyber Reserve Unit. The BBC reported the story HERE on 29 September 2013.

I find articles like this interesting because of the (unstated) assumption that there is a delineated British cyberspace that requires defending. Of course I happen to agree with this. It's so obvious that the journalist does not need to explain it. As we look more closely at the idea, we discover that it's not cyberspace (as such) that needs defending - it's the real world infrastructure and people who rely upon it that are being defended.

I do wonder, though, how many journalists will continue to write articles next week and next month about the so-called "borderless" nature of the Internet.

As a final thought for today, I believe that comparisons with "airspace" remain useful when thinking about this subject. We don't talk about the "borderless" nature of airspace - these days we instinctively understand that sovereign states patrol and exercise authority over a given bit of airspace. We also understand that airspace is simply a medium that can be used as a path to damage a state unless that state is able to exercise effective control of that space.

7 October 2013

BBC World Service interview

Now that I have decided to renew my activity on this blog, I remembered that I was interviewed about the Internet Border thesis by BBC World Service Radio last year. The programme that interviewed me is called "One Planet", and they did a very thought-provoking piece about our Bordered World on 23 April 2012. You can hear the programme by CLICKING HERE.

The entire programme is only 17 and one-half minutes long, but if you want to skip directly to the Internet discussion then advance to about 13:00 for the intro. (I get the last word.)

Here is a bit more explanation about my (rather down-beat) comment at the end. I do not believe that the ease of communication provided by the Internet will necessarily lead the world to a single unified global set of shared rules and values. Although there has been a lot of good and effective work to harmonise our global views of important policy issues (especially in the age of the UN), many differences remain and will not be resolved soon. Furthermore, many of these differences can be measured and defined by the geographic borders of sovereign states. While the Internet may aid our understanding of one another, it will not (on its own) lead us to a state of global agreement about fundamental questions of right and wrong. No media, on its own, can do that.

6 October 2013

We're half way there

In 2008, I was invited by my academic colleagues at the Information Security Group, Royal Holloway University of London to speak to a gathering of alumni from our information security graduate degree programme. Having provided 10 years' worth of lectures about the application of the law to the Internet, the challenge was to summarise where I thought we were "now" (in 2008). My lecture presented this conclusion: "The Cyberspace Frontier is Closed".

One of the core themes I presented that day was the idea of a "de-globalising" Internet in which geographic borders are being enforced with increasing regularity. When I say that borders are "enforced" I'm not just talking about direct enforcement by sovereign states. I'm just as much referring to the process of border delineation and enforcement by private parties who find it in their own best interests to shape content or condition access based upon end user geolocation.

It may not have been in that lecture, but about that time I made the following claims about the development path of so-called cloud services:

  1. Due to regulatory and commercial pressures, the geolocation of cloud service offerings will continue to increase in importance.
  2. As customers begin to understand regulatory and commercial pressures, they will increasingly demand that their cloud service providers geographically segregate data and infrastructure, and the ability to exercise control over same.
  3. Customers will increasingly demand this geolocation assurance in service level agreements.
  4. PREDICTION: Any major cloud service provider must be able to provide such assurances within 10 years or they will be out of business (2008+10 = 2018).
When I made this prediction, I was prompted generally by many factors. These include the resurgence of the sovereign state within the international system as a reflection of differing social and community standards (including language differences), as well as the continuing desire of multinational businesses to segment marketplaces. I was not really thinking (too much) about the impact of sovereign state intelligence gathering activity, and I had no idea that a guy hiding out at an international airport would shine a light on practices that also caused people to stop and think about "where" their cloud is located. But they are (in my opinion) all a part of the same meta-trend.

So, it's 2013. We're half way to 2018. How do people feel now about my prediction from 2008? Will it remain possible for cloud service providers to remain truly global and "borderless" in nature? Or will they (as I predicted five years ago) increasingly be forced into a business model that demonstrates that location of, and control over, data is limited by geography?