PRISM, Internet Exchange Points and Canada

As the operator of the registry for the .CA top-level domain and the domain name system (DNS) infrastructure that supports it, I am uncomfortable, though not surprised, with the knowledge that a government is monitoring the activities of Internet users.

And while recent reports about the National Security Agency’s top-secret PRISM program actively monitoring Internet users in the United States and (by default) citizens of other countries – Canada included – are on the front page of newspapers around the world, Internet surveillance is not exactly new. It has been happening in one form or another since the early days of the commercial Internet in the mid-1990s.

However, the fact that online surveillance isn’t new does not: a) make it right, or b) mean that we shouldn’t do our best to make sure it doesn’t happen.

The Internet is far too important for us to become complacent. No other technological invention of the past millennium has had the social and economic effect that the Internet has had.

That said, for all of its complexity, the Internet is really driven by a series of transactions – either the exchange of information in personal communications or the exchange of technological/ informational communications at the DNS level. Those transactions work because there is a high degree of trust among the parties that operate the Internet.

Trust is the very foundation of the Internet.

Having an unknown, unauthorized party access to what is essentially private communications erodes that trust, and with it, the very foundation of what makes the Internet work. I believe eroding that trust – and with it the tremendous social and economic benefit the Internet brings – is too high a price to pay for national security.

It reminds me of this quote from Benjamin Franklin: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.”

There is one way to protect ourselves, to some degree, from having our data fall under the jurisdiction of a foreign country. We must ensure more of it travels to its destination via Canadian routes.

Many Canadians may not realize that much of Canada’s domestic Internet traffic flows outside of the country. This is simply the way the Internet works. For example, a single email can be broken down into thousands of data packets, and each packet will take the fastest and most efficient route to its destination where that email will be reassembled. The majority of the time, that route involves travel through another country.

In our case, this often means our confidential data travels through the U.S., and is subject to any surveillance and laws in that jurisdiction.

Historically, it was often more economical for Canadian Internet Service Providers to move domestic traffic over established international links. Canada’s Internet is therefore heavily reliant on foreign infrastructure, and as a result, much of our Internet traffic flows through other countries.

In light of programs like the NSA’s PRISM, I do not believe this is acceptable any longer. It is time for Canada to repatriate its Internet traffic to the best extent possible, given the distributed nature of the DNS.

In my informed opinion, to do this will require more Internet Exchange Points, or IXPs, in Canada. IXPs are large data switches that allow Internet users in the same geographic area to connect directly with each other. An IXP allows local network traffic to take shorter, faster paths between member networks, ensuring more of that traffic remains local. Canada currently has fewer than five IXPs, well below the numbers our international counterparts have (the U.S., for example, has more than 80).

By building a robust Canadian Internet infrastructure, including a nation-wide fabric of IXPs, we can ensure more Canadian traffic stays in Canada, and is therefore only subject to Canadian law. We will also ensure that the trust that underlies the Internet in Canada remains strong, and we can continue to reap the benefits the Internet offers.

Worlds colliding

Internet governanceNo Comments

A couple of weeks ago, the International Telecommunication Union (ITU) hosted the World Telecommunication and Policy Forum (WTPF), a high-level exchange of views on information and communication technology (ICT) related policy issues (read ‘Internet’).

You may recall that I tend to get a tad suspicious whenever the ITU talks about anything Internet related. To date I haven’t been proven wrong – the fact is the ITU is looking to extend its reach over the Internet.

Unfortunately, once again there was a proposal – this time from Brazil – put forward at the WTPF that would result in the ITU exerting some control over the Internet. Titled “Opinion on the Role of Government in the Multistakeholder Framework for Internet Governance,” this proposal received support among more than a handful of member states (including Russia, India, Iran, and Argentina, among many others). It’s worth noting that most developed nations, Canada included, did not support Brazil’s proposal.

On the surface, it looks like the typical scenario of ITU members doing their best to wrestle control of the Internet from the U.S.-based ICANN, and in part it is. However, I believe there’s more to the picture than meets the eye.

I believe the driver behind Brazil’s proposal is actually rooted in the Governmental Advisory Committee’s (GAC) communiqué (PDF) coming out of the ICANN meeting in Beijing.

In Beijing, the GAC issued consensus advice on two proposed generic top-level domains, .africa (from DotConnectAfrica) and .gcc (for Middle Eastern Internet users). It did not do so on two other potential ‘geographic’ domain names, .patagonia and .amazon, for which there are also multiple proposals.

Rumour has it that it was the U.S. members of the GAC that did not go along with the rest of the GAC members, who believed that the geographic proposal for these domain names should be approved. As I understand it, the U.S. instead sided with the trademark holders of the domains in question, resulting in non-consensus advice.

Keep in mind, the ICANN Board has to treat consensus advice from the GAC differently from other advice. They either have to accept the advice, or explain why the advice was not accepted. This gives consensus advice more weight than non-consensus advice, where the ICANN Board can accept it or not, and not have to give any explanation.

Will the trademark holders win these gTLDs? Only time will tell. But, is it possible that the Brazilian proposal at the WTPF was retaliation against the U.S. for it not supporting its gTLD proposals at the GAC?

I believe it is.

What we are witnessing, in my opinion, is the gTLD debate boiling over into the ITU. And I believe this to be a dangerous precedent. The ICANN and ITU worlds are now interrelated.

This entire situation, however, foreshadows what the world of Internet governance would look like if the Internet were governed with a multi-lateral model instead of a multi-stakeholder one; where member states act in their own best interest (as it appears both Brazil and the U.S. are), instead of the best interest of the Internet.

As I’ve said before, the multi-stakeholder model is a big part of the reason the Internet has been so successful. That’s because the people and organizations that stand to benefit from its success are at the table when decisions about how it develops are made. Therefore, acting in the best interest of the Internet IS acting in your own best interest under the multi-stakeholder model.

We are all aware of how the multi-lateral governance model can get bogged down in this ‘eye for an eye’ diplomacy. It doesn’t help anybody, least of all the free and open Internet.



Cyber-crime in Canada

TechnologyOne Comment

Yesterday, Websense released its third annual Canadian Cybercrime Report Card, and the findings are not encouraging. Cyber-criminal activity is on the rise in Canada and it’s becoming more sophisticated.

Let’s be clear about one thing – the Websense report does not refer to .CA. It is referring to websites hosted in Canada. As the registry for the .CA top-level domain, security is our top priority at CIRA. The brand values for .CA we promote – safe, secure, trusted – are words we live by every day. And we work hard to ensure the safety and security of .CA.

Websense’s report raises a number of troubling points. Canada now ranks tenth in the world for websites hosting malware (that’s up 25 per cent over last year). There is good news, sort of. There has been a 67 per cent decrease in phishing sites hosted in Canada in the past year. Unfortunately, even with this decrease, we still rank tenth in the world. Most disturbing is the fact that there has been an 83 per cent increase in hosting advanced malware. This advanced malware is highly sophisticated and is used to target and steal corporate data.

Why has Canada become a destination for malware hosting?

The authors of the report posit that the bad actors, those that are creating the malware, do not want their malicious plans to be predictable (like they would be if they were hosted in Russia of China). Rather, Canada is considered safe and therefore trusted. Their success rates are higher if the malware originates from a trusted server in Canada than in other parts of the world.

You can access the full report here (PDF).

What does the report mean for us who live and breathe in the Internet ecosystem? Canada is not immune to malicious activity online. In fact, Canada is increasingly becoming a host for malware. While I am less than pleased that so much criminal activity is hosted within our own borders, what bothers me the most is the fact that some bad actors are taking advantage of our reputation as a safe place to host websites

Clearly, we all need to do more. The security of the Internet is the responsibility of those who use it just as much as it is for governments, registries like CIRA, and other Internet stakeholders.

Make sure your anti-virus software on your computer is up-to-date. Always install operating system updates. Don’t open attachments in emails if you don’t know the sender. For more tips on how to stay safe online, check out these tip- sheets we developed with the Ottawa-based MediaSmarts.

At CIRA, we will continue to ensure .CA remains one of the safest top-level domains in the world. That work includes partnering with other organizations (like we did with the DNSChanger virus) and implementing measures to make the .CA registry even more secure.