As the operator of the registry for the .CA top-level domain and the domain name system (DNS) infrastructure that supports it, I am uncomfortable, though not surprised, with the knowledge that a government is monitoring the activities of Internet users.
And while recent reports about the National Security Agency’s top-secret PRISM program actively monitoring Internet users in the United States and (by default) citizens of other countries – Canada included – are on the front page of newspapers around the world, Internet surveillance is not exactly new. It has been happening in one form or another since the early days of the commercial Internet in the mid-1990s.
However, the fact that online surveillance isn’t new does not: a) make it right, or b) mean that we shouldn’t do our best to make sure it doesn’t happen.
The Internet is far too important for us to become complacent. No other technological invention of the past millennium has had the social and economic effect that the Internet has had.
That said, for all of its complexity, the Internet is really driven by a series of transactions – either the exchange of information in personal communications or the exchange of technological/ informational communications at the DNS level. Those transactions work because there is a high degree of trust among the parties that operate the Internet.
Trust is the very foundation of the Internet.
Having an unknown, unauthorized party access to what is essentially private communications erodes that trust, and with it, the very foundation of what makes the Internet work. I believe eroding that trust – and with it the tremendous social and economic benefit the Internet brings – is too high a price to pay for national security.
It reminds me of this quote from Benjamin Franklin: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.”
There is one way to protect ourselves, to some degree, from having our data fall under the jurisdiction of a foreign country. We must ensure more of it travels to its destination via Canadian routes.
Many Canadians may not realize that much of Canada’s domestic Internet traffic flows outside of the country. This is simply the way the Internet works. For example, a single email can be broken down into thousands of data packets, and each packet will take the fastest and most efficient route to its destination where that email will be reassembled. The majority of the time, that route involves travel through another country.
In our case, this often means our confidential data travels through the U.S., and is subject to any surveillance and laws in that jurisdiction.
Historically, it was often more economical for Canadian Internet Service Providers to move domestic traffic over established international links. Canada’s Internet is therefore heavily reliant on foreign infrastructure, and as a result, much of our Internet traffic flows through other countries.
In light of programs like the NSA’s PRISM, I do not believe this is acceptable any longer. It is time for Canada to repatriate its Internet traffic to the best extent possible, given the distributed nature of the DNS.
In my informed opinion, to do this will require more Internet Exchange Points, or IXPs, in Canada. IXPs are large data switches that allow Internet users in the same geographic area to connect directly with each other. An IXP allows local network traffic to take shorter, faster paths between member networks, ensuring more of that traffic remains local. Canada currently has fewer than five IXPs, well below the numbers our international counterparts have (the U.S., for example, has more than 80).
By building a robust Canadian Internet infrastructure, including a nation-wide fabric of IXPs, we can ensure more Canadian traffic stays in Canada, and is therefore only subject to Canadian law. We will also ensure that the trust that underlies the Internet in Canada remains strong, and we can continue to reap the benefits the Internet offers.
A couple of weeks ago, the International Telecommunication Union (ITU) hosted the World Telecommunication and Policy Forum (WTPF), a high-level exchange of views on information and communication technology (ICT) related policy issues (read ‘Internet’).
You may recall that I tend to get a tad suspicious whenever the ITU talks about anything Internet related. To date I haven’t been proven wrong – the fact is the ITU is looking to extend its reach over the Internet.
Unfortunately, once again there was a proposal – this time from Brazil – put forward at the WTPF that would result in the ITU exerting some control over the Internet. Titled “Opinion on the Role of Government in the Multistakeholder Framework for Internet Governance,” this proposal received support among more than a handful of member states (including Russia, India, Iran, and Argentina, among many others). It’s worth noting that most developed nations, Canada included, did not support Brazil’s proposal.
On the surface, it looks like the typical scenario of ITU members doing their best to wrestle control of the Internet from the U.S.-based ICANN, and in part it is. However, I believe there’s more to the picture than meets the eye.
I believe the driver behind Brazil’s proposal is actually rooted in the Governmental Advisory Committee’s (GAC) communiqué (PDF) coming out of the ICANN meeting in Beijing.
In Beijing, the GAC issued consensus advice on two proposed generic top-level domains, .africa (from DotConnectAfrica) and .gcc (for Middle Eastern Internet users). It did not do so on two other potential ‘geographic’ domain names, .patagonia and .amazon, for which there are also multiple proposals.
Rumour has it that it was the U.S. members of the GAC that did not go along with the rest of the GAC members, who believed that the geographic proposal for these domain names should be approved. As I understand it, the U.S. instead sided with the trademark holders of the domains in question, resulting in non-consensus advice.
Keep in mind, the ICANN Board has to treat consensus advice from the GAC differently from other advice. They either have to accept the advice, or explain why the advice was not accepted. This gives consensus advice more weight than non-consensus advice, where the ICANN Board can accept it or not, and not have to give any explanation.
Will the trademark holders win these gTLDs? Only time will tell. But, is it possible that the Brazilian proposal at the WTPF was retaliation against the U.S. for it not supporting its gTLD proposals at the GAC?
I believe it is.
What we are witnessing, in my opinion, is the gTLD debate boiling over into the ITU. And I believe this to be a dangerous precedent. The ICANN and ITU worlds are now interrelated.
This entire situation, however, foreshadows what the world of Internet governance would look like if the Internet were governed with a multi-lateral model instead of a multi-stakeholder one; where member states act in their own best interest (as it appears both Brazil and the U.S. are), instead of the best interest of the Internet.
As I’ve said before, the multi-stakeholder model is a big part of the reason the Internet has been so successful. That’s because the people and organizations that stand to benefit from its success are at the table when decisions about how it develops are made. Therefore, acting in the best interest of the Internet IS acting in your own best interest under the multi-stakeholder model.
We are all aware of how the multi-lateral governance model can get bogged down in this ‘eye for an eye’ diplomacy. It doesn’t help anybody, least of all the free and open Internet.
Yesterday, Websense released its third annual Canadian Cybercrime Report Card, and the findings are not encouraging. Cyber-criminal activity is on the rise in Canada and it’s becoming more sophisticated.
Let’s be clear about one thing – the Websense report does not refer to .CA. It is referring to websites hosted in Canada. As the registry for the .CA top-level domain, security is our top priority at CIRA. The brand values for .CA we promote – safe, secure, trusted – are words we live by every day. And we work hard to ensure the safety and security of .CA.
Websense’s report raises a number of troubling points. Canada now ranks tenth in the world for websites hosting malware (that’s up 25 per cent over last year). There is good news, sort of. There has been a 67 per cent decrease in phishing sites hosted in Canada in the past year. Unfortunately, even with this decrease, we still rank tenth in the world. Most disturbing is the fact that there has been an 83 per cent increase in hosting advanced malware. This advanced malware is highly sophisticated and is used to target and steal corporate data.
Why has Canada become a destination for malware hosting?
The authors of the report posit that the bad actors, those that are creating the malware, do not want their malicious plans to be predictable (like they would be if they were hosted in Russia of China). Rather, Canada is considered safe and therefore trusted. Their success rates are higher if the malware originates from a trusted server in Canada than in other parts of the world.
You can access the full report here (PDF).
What does the report mean for us who live and breathe in the Internet ecosystem? Canada is not immune to malicious activity online. In fact, Canada is increasingly becoming a host for malware. While I am less than pleased that so much criminal activity is hosted within our own borders, what bothers me the most is the fact that some bad actors are taking advantage of our reputation as a safe place to host websites
Clearly, we all need to do more. The security of the Internet is the responsibility of those who use it just as much as it is for governments, registries like CIRA, and other Internet stakeholders.
Make sure your anti-virus software on your computer is up-to-date. Always install operating system updates. Don’t open attachments in emails if you don’t know the sender. For more tips on how to stay safe online, check out these tip- sheets we developed with the Ottawa-based MediaSmarts.
At CIRA, we will continue to ensure .CA remains one of the safest top-level domains in the world. That work includes partnering with other organizations (like we did with the DNSChanger virus) and implementing measures to make the .CA registry even more secure.
We do important work at CIRA. Our work supports Canada’s piece of the global Internet – the .CA domain space.
The CIRA Board of Directors is responsible for setting the policies and strategies that guide our work in managing that space on behalf of Canadians. That means they help define the heart of the Canadian Internet.
This year, four directors will be elected to the Board, and all .CA Members are eligible to vote.
We’ll be posting the final list of candidates running for the Board of Directors on September 9, and voting will commence on September 16.
Why am I blogging about this now?
Because there are a few steps in the process between now and the voting phase, and .CA Members play a critical role throughout that process. We’ve developed an interactive ‘roadmap’ of our election to help explain the process.
For this year’s election, I am asking you to do two things.
First, if you are a Member, make sure you vote in September. If you are not a Member, you only have until August 26 to become one and be eligible to vote. We recommend you get your membership application in sooner so you can participate in every stage of the election. Membership is free. All you need is a .CA domain name. Stay tuned to this blog – and your email if you are a .CA Member – for updates as the election process progresses.
Second, talk to your family and your colleagues about becoming a Member and voting. As a nation, we are increasingly spending more of our time in the online world, it is more important than ever to make sure that Canada’s digital identity is strong, and that we all participate in building trusted Canadian values online.
You can help by casting your ballot in the CIRA Board of Directors election.
Today is International Girls in Information and Communication Technology (ICT) Day, a day set aside to encourage girls and women to consider careers in ‘tech’. It’s no surprise that women are under-represented in the ICT sector. Many theories have been put forward as to why.
In Canada, about 25 per cent of the ICT workforce are women. This number hasn’t changed much in the past decade, which means we have a lot of work to do.
In terms of overall numbers, CIRA appears to be doing well with regard to employing women. Currently, 40 per cent of our staff is female. However, that number declines to 28 per cent when we just count our Development and Operations Teams.
Personally, I’d like to see that number much higher.
To learn more about what it’s like working in ICT for women, I spoke with a couple of CIRA’s female employees. Below is what they told me, in their own words. Please share these stories with young women that you think can benefit from reading them.
Anne-Marie Walton, Application Developer
Why did you choose a career in technology?
I never thought I would have a career in IT. I wasn’t exposed to computers very much when I was young so I was scared of using computers.
I first discovered IT in university. I wasn’t happy with my major, which was geology, and a friend suggested I try a few courses in computer science. I tried a few courses and loved them so much that I decided to switch my major to computer science. I’m so happy I did!
What is it like working in a male dominated field?
Sometimes it’s challenging. Some people are not very accepting of women in this field. On the other hand, there are some people who are fantastically happy to see women represented in the field. You just learn to be tolerant of people who haven’t entered the current century and try not to take anything too personally.
Any advice for young women who might be considering a career in technology?
If you love working in the IT environment, don’t let the fact that it is a male dominated field stop you from pursuing it.
Why do you love working in IT?
I love the fact that it’s constantly changing. There are always new problems to solve. It’s challenging and interesting.
Irena Zamboni, Quality Assurance Specialist
Why did you choose a career in technology?
I did a survey in high school about what areas you are good at. It came back as math, science and business.
Engineering was one of those fields that I knew would open doors. It never dawned on me that software was a career.
I did an undergrad in electrical engineering and a Masters in biomedical engineering. During this time, I had a job doing software testing. I really enjoyed troubleshooting software.
You use a lot of critical thinking. No one day of the job is the same. I’m pretty social, and being that it’s a job that works with a lot of other departments in an organization, I really enjoyed that.
Did you have any role models that inspired you to enter the field?
My dad is a mechanical engineer and my mom is a teacher. I was big into Legos, so I think my parents noticed that side of me and encouraged it. I was also inquisitive and I like to use my hands.
In high school, I took a tech class and killed it. I was the only girl in the class and I got the highest mark. The guys were upset.
I didn’t know if I wanted to go into IT at the time, but I took that class to see what the field was about and what the options were.
What is it like working in a male dominated field?
I personally love it. I find guys easy to get along with.
I’m a bit of a tomboy. It never felt odd to be surrounded by more men than women.
I think the biggest thing is to see yourself outside of your gender. My parents never talked about engineering as male dominated, or nursing as female dominated. I just saw (myself in field) as part of the norm.
Any advice for young women who might be considering a career in technology?
Take everything that is available to you and at least try it. Don’t make up your mind about something without trying it. Don’t be afraid of making a change. Don’t do something that makes others happy. Do something that makes you happy.
This week marks an important milestone in the ongoing development of the Internet in Canada. At an event attended by dozens of partner organizations and government representatives, a new Internet Exchange Point (IXP) was launched in Montréal.
CIRA’s director of IT, Jacques Latour, represented CIRA at that event, as CIRA worked with a group of partners to establish the Montréal Internet Exchange, also known as QIX.
Réseau d’informations scientifiques du Québec (RISQ), Quebec’s non-profit scientific information network will operate QIX. Other partners included Fibrenoire, Cogeco Data Services, Metro Optic, RISQ, optic.ca, Groupe Teltech Inc., Cologix, and Google to create this IXP.
In June of last year, CIRA made public our work with interested community partners across Canada to facilitate the creation of more IXPs. QIX demonstrates that we are following through on that commitment and in the months to come, we will continue to work with partners in other cities in Canada, including in Winnipeg.
As I’ve explained in the past, creating more IXPs is fundamentally about making Canada’s Internet infrastructure more robust, secure and resilient and reducing the cost of access for all Canadians. This video from European Internet Exchange Association provides the best explanation I’ve seen about how IXPs work.
The benefits of IXPs are not inconsequential. It’s become old news that Canadians pay among the highest rates in the industrialized world for Internet speeds that are comparatively slow. There were only two IXPs in Canada previously. This has resulted in an inferior Internet infrastructure compared to Canada’s international counterparts. The U.S., by comparison, has 85 IXPs, and Sweden, a country of nine million people and an advanced Internet economy, has 12 IXPs.
Consider that the Internet, which today represents about three per cent of Canada’s GDP, is expected to account for as much as seven per cent by 2016. That equates to $75 billion, twice the size of the forestry industry, an industry upon which this country was built. It’s also larger than the tourism industry. It’s a dollar figure that represents high-value jobs in IT and other related industries. This is wealth that is created here in Canada and, to a great degree, remains here in Canada.
But as I said in February at the kick-off event for our 2013 Canadian Internet Forum, it isn’t just about the money. The Internet is the greatest driver of economic and social change the world has ever seen. Fundamentally it has become the great equalizer. It gives voice to the voiceless and creates opportunity for all.
It is for these reasons that we at CIRA consider the continued growth of Canada’s IXP fabric to be essential for the long-term stability and reliability of a domestic Internet; an Internet that is accessible and affordable to all Canadians; an Internet that will fuel our global competitiveness through the 21st century and beyond.
I had the opportunity to participate in a round table discussion with other ccTLD CEOs and Fadi Chehadé, the President and CEO of ICANN.
Chehadé called the roundtable to take the temperature of the ccTLD community with regard to the DNS ecosystem and developments in the DNS like gTLDs. In my opinion, it was a productive meeting and a step in the right direction toward building a stronger relationship between ccTLDs and ICANN.
However, in the past week Chehadé has come under fire for this meeting, and I feel a couple of criticisms leveled against Chehadé should be explored a little further.
Chehadé has been criticized for hosting a roundtable with a select group of ccTLD CEOs, and that the attendees represented ccTLDs from the developed world or larger ccTLDs. This simply isn’t true; Frederico Neves from NIC.br (Brazil) was there, as was Richard Wein from NIC.at (Austria, but not one of the largest ccTLDs), and representatives from Singapore and Costa Rica. It is also important to note that African ccTLDs CEOs were invited and indeed accepted Chehadé’s invitation, only to cancel a couple of days before the roundtable.
Let me be clear – I believe that, as the group that comprises the Internet governance world, we need to either ensure our criticisms are valid and based in reality, or put in place a formalized process to ensure we are acting in ways in which we can all agree.
That said, in the multi-stakeholder model, is it wrong to for the head of ICANN to have a conversation with a few selected people? Do we all have to attend? Does the list of attendees have to be in some way representative of the global ccTLD community (whether geographic, size, and so on)? Or is it fine in some situations? For example, if it is not a decision-making meeting? And what if all of the invitees (who meet pre-determined criteria for participation – see previous question) don’t attend? These are important questions.
The fact remains that the president of ICANN needs input from all stakeholders. Sometimes this input , and in gathering this input sometimes it is done formally and at other times in a less formal manner . . . both are acceptable and have their place in the multi-stakeholder model.
The Internet governance ecosystem is no longer the Wild West. Collectively, we govern an entity that has become the greatest driver of social and economic change in centuries. And, as we saw during the World Conference on International Telecommunications in December, the eyes of the world are on us.
Let’s have the discussion about process now, and free up our time for more important discussions. What do you think? I would like to hear your opinions on this issue.
Last Thursday, we hosted the 2013 Canadian Internet Forum (CIF) event in Ottawa.
The CIF is now in its third year, and I’m pleased with how quickly it is becoming one of the key Internet-related events in Canada. This year, nearly 400 people participated in the one-day event, either in-person or via webcast.
We created the CIF in 2009 in an effort to include Internet users in the discussion about how the Internet should develop. After all, the Internet has become such an important part of Canadians’ lives. To this end, we launched an online forum for Canadians to discuss Internet issues that are important to them. Our new forum is integrated with social networking sites like Twitter and Facebook – you can seamlessly comment on the forum using your social media identity, and share your activity on those networks as well.
This forum will be open year-round, and we will regularly report on the discussions, and present the findings to the United Nations-coordinated Internet Governance Forum this fall. You can get involved in the discussions at cif.cira.ca.
While we are working on posting video of the entire day’s proceedings, my update on Internet governance is available on our YouTube channel. In this presentation, I outlined the reasons why I believe it is so important for all Canadians to get involved in Internet governance. I believe we are at the beginnings of a fundamental shift in the way the Internet is governed, and I hope you will join us in preserving the Internet as the free and open entity we can all benefit from.
Please watch the video, and get involved by visiting our new online forum.
Earlier this week, Canadian Justice Minister Rob Nicholson announced the federal government will not proceed with Bill C-30. This bill, also known as the Protecting Children from Internet Predators Act, would have required Internet service providers to provide law enforcement agencies with access to their customers’ online communications without a warrant.
To say this bill was divisive is an understatement. When I first blogged about C-30 about a year ago, sparks were flying. Numerous civil liberties and rights groups were vocally opposed to the proposed legislation. Even Canada’s Privacy Commissioner, Jennifer Stoddart, weighed in on the debate, calling on the government to amend the bill to respect Canadians’ privacy rights. Opposition to the bill resulted in it being sent back to committee to be amended, and until yesterday, its future was uncertain.
I was pleased with the Minister’s reasoning for killing C-30. Nicolson cited public opposition to the bill as the reason the government will not proceed with it: “We have listened to the concerns of Canadians who have been very clear on this.”
Last week I blogged about the rising power of the end user in shaping and influencing the development of the Internet. In that post, I said “The people who use the Internet – and there is about 2 billion of them – have a voice.” The death of bill C-30 is just another example of how powerful their voice can be.
As an aside, I’m sure Bill C-30 will be discussed at the Canadian Internet Forum (CIF) in a couple of weeks. The CIF is the place for Canadians to share their thoughts on the development, deployment and governance of the Internet in Canada. In fact, Jennifer Stoddart is this year’s keynote speaker. If you are interested in issues like bill C-30, I encourage you to join us at the CIF on February 28. The event is free, and if you are unable to attend in-person in Ottawa, it will be webcast.
On February 28, CIRA will host an important forum on the future of the Internet in Canada. This is our third CIF, and I’m comfortable in saying it is going to be bigger and better than ever.
Of course, that may have more to do with timing, than our planning skills (but I would say we definitely have a role in it!). The fact is, for an Internet governance geek like me, 2012 was nothing short of incredible:
- The year started off with the Stop Online Piracy Act (SOPA) in the United States, legislation that if passed, could have negatively affected the global Internet. A global public backlash resulted in the Bill getting dropped.
- In Canada, the Protecting Children from Internet Predators Act, or Bill C-30, drew a lot of attention to legislation and the Internet. Again, the Bill was sent back for revising after intense public pressure.
- ICANN, the organization at the heart of the Internet governance ecosystem, appointed a new CEO, Fadi Chehadé. His vision is to bring all stakeholders to the table for meaningful discussion to ensure that all global citizens can share an open Internet.
- And, in December the World Conference on Information Technology (WCIT-12) and the potential to have the Internet put under the control of the International Telecommunication Union (ITU) brought international Internet governance into the mainstream. In part due to international pressure, the majority of democratic nations refused to sign onto the agreement by the end of the conference.
- Let’s also not forget that 2012 was the year the Internet governance world came to Canada. In September we successfully hosted ICANN 45, one of the largest ICANN meetings in history, in Toronto. It was one of the best attended ICANN meetings to date, with incredible participation by Canadians.
These events are both emblematic of the nature of the Internet. With apologies to our friends south of the border, the Internet really for the people and by the people. It is a true bottom up, organic entity. The people who use the Internet – and there is more than a billion of them – have a voice.
These events are also an indication of what’s to come. The days of the decisions about the Internet getting made in closed or isolated rooms without public knowledge or participation are clearly over. The five events above all show the broader Internet community is ready to use its voice to influence the development of the Internet.
And, that’s exactly why we created the CIF. It is the forum for Canadians to discuss and debate the hot topics that help shape the Canadian Internet landscape, be it Internet security, policy, digital literacy, or any other topic. We bring together domestic and international Internet experts to discuss and debate the topics that help shape the Canadian Internet landscape, and engage you, the Canadian Internet user, in that debate.
This year, I am pleased to announce that the CIF will feature a keynote from Privacy Commissioner Jennifer Stoddart about privacy on the Internet landscape in Canada. We have also lined up some of the brightest minds in the Internet ecosystem in Canada for a couple of lively panel discussions.
A panel session on policy and governance will feature Steve Anderson from Openmedia.ca, Karen Mulberry from the Internet Society and Tim Denton from the CRTC. Journalist Shane Schick will join Matthew Johnson from MediaSmarts in a discussion about digital literacy. In the afternoon, Bill Woodcock from Packet Clearing House will present on the current issues in Internet security. And, we are planning an interesting interactive activity on cyber-security.
At the CIF, there is no ‘audience’. Just as we are all participants in the Internet sphere, we are all participants at the CIF. Everyone who attends has equal voice. The amount of time we allocate to discussion among the event participants has become a hallmark of the CIF, a fact I am particularly proud of.
Please, join us at the Canadian Internet Forum on February 28. If you are in Ottawa, you can join us in person by registering here. If you aren’t in Ottawa, you can still participate via webcast. Details for the webcast can be found here.