I've been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of "crypto zealots." He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet's protocols behind session level encryption as it possibly can. ... Has the IETF got it wrong? Is there a core of crypto zealots in the IETF that are pushing an extreme agenda about encryption? more
Black's Law Dictionary defines it as "the extraterritorial operation of laws; that is, their operation upon persons, rights or jural relations, existing beyond the limits of the enacting state, but still amenable to its laws. The term is used to indicate jurisdiction exercised by a nation in other countries, by treaty..." Extraterritoriality is also the most significant emerging development today in the law shaping virtual network architectures and services that includes OTT and NFV-SDN. more
The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative... The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order? more
One of the most profoundly disruptive developments occurring in the cyber security arena today is the headlong rush by a set of parties to ubiquitously implement extreme End-to-End (e2e) encryption for communication networks using essentially unbreakable encryption technology. A notable example is a new version of Transport Layer Security (TLS) known as version 1.3. The activity ensues largely in a single venue... more
Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more
I believe Mobile Information and Communications Technologies (ICTs) are and very well remain powerful and best-suited technologies that will help provide connectivity and digital access in a much faster and cheaper way for developing countries of the globe. Thus, they are to be leveraged within their most strategic and profitable functional or usage contexts. Mobile access technologies along with relevant innovations have formed a powerful springboard for the Internet to be significantly accelerated in terms of access, usage and penetration. more
Back in the early 2000s, several notable Internet researchers were predicting the death of the Internet. Based on the narrative, the Internet infrastructure had not been designed for the scale that was being projected at the time, supposedly leading to fatal security and scalability issues. Yet somehow the Internet industry has always found a way to dodge the bullet at the very last minute. more
If a national government wants to prevent certain kinds of Internet communication inside its borders, the costs can be extreme and success will never be more than partial. VPN and tunnel technologies will keep improving as long as there is demand, and filtering or blocking out every such technology will be a never-ending game of one-upmanship. Everyone knows and will always know that determined Internet users will find a way to get to what they want, but sometimes the symbolic message is more important than the operational results. more
"Net neutrality" is implicitly framed as a debate over how to deliver an equitable ration of quality to each broadband user and application. This is the wrong debate to have, since it is both technically impossible and economically unfair. We should instead be discussing how to create a transparent market for quality that is both achievable and fair. In this paper I propose an alternative approach that (potentially) meets the needs of both consumer advocates and free market proponents. more
Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more
Today in Indonesia, media leaders gathered at UNESCO's World Press Freedom Day event issued the "Jakarta Declaration" calling on governments of the world to recognize the importance of a free and independent media in creating "peaceful, just and inclusive societies". The declaration calls on governments to take steps to support the freedom of the press, and, in the midst of the many actions was this statement: Recognise the legitimacy of the use of encryption and anonymisation technologies more
The Internet Association -- lobbying organization for Internet giants like Google, Amazon and Netflix -- is adamant that it is necessary to apply of 1935 phone regulation (Title 2) to the Internet to assure that there are no premium "fast lanes", that all bits are treated equally, that Internet access providers (ISPs) do not prioritize their own content over content from competitors. more
In the December of last, Cuba singed a deal with Google to enable faster access to content served via its popular platforms such Gmail and YouTube. more
This week I'm going to Washington to argue against regulating Internet access as if it were phone service. Twenty years ago I was there for the same reason. My concern now as it was then is that such regulation will damage the economy and reduce opportunity by stifling innovation and protecting the current dominant players from the startups which would otherwise threaten them. more
My assertion is that the Internet Engineering Task Force (IETF) is an institution whose remit is coming to a natural end. This is the result of spectacular success, not failure. However, continuing along the present path risks turning that success into a serious act of wrongdoing. This will leave a social and political legacy that will tarnish the collaborative technical achievements that have been accumulated thus far. more