|
Given its engineering background, many positive contributions can be made by the engineering community in the broader ICT world to assist in addressing some of the broader internet issues, often addressed within the more limited telecoms environment.. Of course some of this is already happening; however much more work would be needed to strengthen the technical foundations of the internet. Just as an example, the type of issues that could be addressed by a broader ICT engineering foundation could include, for instance:
The above listed issues however, now all face the NSA and other spy agent’s requests demanding back door access and access to the various software codes. Lessons learned from the current spying fallout means that the industry will need to insist that this will have to be organised within strict regulatory environments.
Another example of where the broader ICT industry can assist in internet related issues is privacy. The greater the public concern about privacy, the greater the opportunity to do something positive to protect privacy on a bilateral or multilateral basis.
The industry would also be greatly assisted if taxes, tariffs and monopoly control of undersea and inter-country fibre transport networks were removed, in order to stimulate the construction of new fibre routes that do not pass through the United States.
Interestingly, while the current NSA developments have alerted countries who depend on the USA for their internet transport, this situation originated not just because the bulk of internet traffic came from the USA—or because organisations were forced to transit through this country—but more particularly due to the level of competition that exists in that country, which was achieved through market liberalisation. Many countries, especially the developing economies, had and many still have highly restrictive and regulated markets that resulted in very high telecoms charges. Because of that high level of international infrastructure competition in the USA it was generally cheaper to move telecoms traffic through the US rather than develop links that were independent of that country, or use international links from other countries.
This does not have to be the case but it would require significant pro-competitive regulatory changes in many of the countries involved. (I refer here to my comments above about the lack of industry transformation in the telecoms world).
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byCSC
Sponsored byRadix
Sponsored byWhoisXML API
> providing strong encryption on all websites — 2048 bit keys
The keystrength matters little if one cannot trust the root authorities.
Note that every nationstate and large corporation has a root certificate and thus can generate any certificate and claim to be anything they want.
One has to check the fingerprint of the certificate to be sure it really is the cert on the server that you want.
And then, even if that matches, even if you have 2048 bits crypto, how sure are you that the crypto is correct (there are very few crypto folks who really understand crypto), then that that is properly implemented (very few people who know crypto and code) and more importantly: that that is actually running on the device you are using? :) The set of people who can verify that is equal to not even on.
> producing a list of compromised devices or code that has known vulnerabilities in it and work towards a mandated level of security
This is a near impossible task as one can never index which software runs where and thus which devices are compromised; next to the fact that software versions might differ and then might have different patches which might mean that the version is not vulnerable as the vendor already fixed it.
CVE (http://cve.mitre.org/) “solves” this in some way but it can never solve it completely, especially not in the way you state it.
Backdoors can always be present, 0-days are typically not fixed yet, thus the least one can do is keep all software up-to-date (and hope nobody sneaked something bad in there).
Note also that there are billions of devices out there; current fun one: Android, which is a very fragmented bunch of code that never gets updated on those devices. 70% of the market apparently is Android based though. For a fun one: http://www.engadget.com/2013/11/29/text-message-exploit-can-force-your-nexus-phone-to-reboot
> assisting the ITU in driving certificate transparency efforts and obtaining the support of all the member countries on this issue
What does the ITU have to do with the Internet? Let the ITU stick to their telephone lines and slowly disappear please, they would just slow down any effort to make things better.
> developing encrypted SIP or VoIP that in general could be mandated across all providers
SIP/TLS, SRTP and ZRTP already exist, are deployed and are in heavy use.
Except for ZRTP most of these protocols are freely available.