The following text is copyright 2010 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Internet Freedom and Security

By: Scott Bradner

So far this has been a busy year in the area of Internet freedom and security.  First Google reported that it, along with a bunch of other major companies, had been hacked, and pointing the finger at China.  Then Secretary of State Hillary Rodham Clinton gave a few "Remarks on Internet Freedom" in which she pushed for one Internet, without barriers.  The Federal Trade Commission notified about 100 companies that some of their secrets had been exposed by employees who were running peer-to-peer software.  Finally the Internet security firm NetWitness said that it had figured out that 75 thousand computers at 2,500 companies had been compromised with the ZeuS Trojan starting in 2008.  Nope - not a good start to 2010, I would like to think that things will quiet down some for the rest of the year but it does not look like that will happen.

In early January Google announced that it had been hacked from China, that the hackers seemed to be after the gmail accounts of Chinese human rights activists, and that Google was going to review "feasibility of our business operations in China."  (http://googleblog.blogspot.com/2010/01/new-approach-to-china.html)  Well, that caused quite a splash.  Google's accusation fit so well with the general public perception of China's approach to the Internet that it was easy to assume that the hacking was directed by the Chinese government.

Secretary of State Hillary Rodham Clinton did not go quite so far as to accuse the Chinese government of complicity during her speech on Internet freedom, (http://www.state.gov/secretary/rm/2010/01/135519.htm) but she did call upon them to "conduct a thorough review" of the Google hacks and that the results of the review to be transparent.  Clinton's speech was quite a good one from the point of view of those of us who value the positive impact of the communication enabled by the Internet.  Properly, she did not hide the fact that communication over the Internet can be used for good (human rights activists) and evil (terrorists).  But she said that " this issue isn’t just about information freedom; it is about what kind of world we want and what kind of world we will inhabit. It’s about whether we live on a planet with one internet, one global community, and a common body of knowledge that benefits and unites us all, or a fragmented planet in which access to information and opportunity is dependent on where you live and the whims of censors."  She, clearly, was on the side of one Internet.

Meanwhile, ex NSA director Mike McConnell, writing in the Washington Post (http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR2010022502493.html) had a different take.   He said that " we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment -- who did it, from where, why and what was the result -- more manageable."  Repressive governments would love McConnell's Internet.  It would be easy for censors to have whims on his Internet.  But, not to worry, reengineering the Internet would be as easy as reengineering the world's highway system, if the highways were 90% owned by private companies (as the Internet is). 

Maybe companies that connect to the Internet need to be more careful (http://www.ftc.gov/opa/2010/02/p2palert.shtm and http://www.netwitness.com/resources/kneber.aspx) and, in particular, companies that sell computers that connect to the Internet need to actually make security a primary concern and post fixes to vulnerabilities a lot faster than they do now.  (http://www.guardian.co.uk/technology/askjack/2010/jan/22/microsoft-ie-patch-scandal and http://www.betanews.com/article/At-long-last-Apple-patches-its-Java-vulnerability/1245103188)

I'd rather Clinton's Internet than McConnell's, but I recognize that McConnell's seems attractive to those who only look at the security problem and ignore the freedom one.

disclaimer:  I did not ask the university if it would do away with freedom to get some, but not much, security -- I can guess the answer but, since it would be a guess, the above is my opinion.