Online Safety

Evidence mounts that the real problem on the Internet is not that the Internet is not open enough, but that it is not as safe/secure as it needs to be.

• See the Washington Post article today: "Data breaches are up almost 50%, affecting records of 35.7 million people."
  • "...annual statistics mask the extent of the problem; many businesses fail to report data breaches."
• See ZDNet's Dana Blankenhorn's article: "The Biggest Threat to Open source in 2009" -- which spotlights the dirty little secret that open source projects don't have an update process, the fundamental method to address, patch or fix new Internet/software security problems in a timely and effective manner.
  • As Mr. Blankenhorn highlights: "There is no longer any doubt that hackers and malware writers are going after open source projects as they once went after Windows. Vulnerabilities are being found, discovered, created, exchanged. The best protection against vulnerabilities is to keep software updated, but most open source lacks update services." 
• Also see Mr. Blankenhorn's earlier piece: "Which open source projects are most secure?" where he notes that Yahoo had one project in the top ten, but Google had none of the most secure open source software projects.

I consider one of the most troublesome aspects of the broader "open" movement for an Open Internet, net neutrality, free culture, and unauthorized tracking online, is the core Internet ethos that one should "ask for forgiveness, not permission." This ethos also goes by "innovation without permission."

This perverse Internet ethos can turn true Internet freedom on its head in that it self-servingly justifies one unilaterally usurping the freedom of others -- their freedom from harm, freedom of privacy, or freedom of safety.

• In other words, it is an irresponsible ethos where one can do whatever one wants on the Internet, and if people object, just ask for forgiveness and stop doing it. 

The problem is that the proverbial bell can't be un-rung on the Internet because with caching and the viral nature of linking, once a harm or an invasion of privacy is done on the Internet -- it can't fully be undone. 

• This ethos can be looked at as self-licensing to do whatever one wants, without regard to potential damage or harm.

One of the highest profile and recent manifestations of this "ask for forgiveness not permission" ethos is Google's Streetview effort. 

"A 'Cyber Katrina' is inevitable" according to George Foresman, a former Undersecretary  for Preparedness at the Department of Homeland Security.

I strongly urge you to read an outstanding, sobering and succinct post by USA Today's Byron Acohido: "Cyber Katrina is upon us" which:

• concludes "Cyber threats are accelerating;"
• highlights 8 "proof points" from respected Internet security sources that highlight "a continual increase in malicious and criminal activity on the Internet."

Byron Acohido adds:

• "Given these gloomy metrics, is there any reason to hope this cyber cyclone can be subdued? Vint Cerf, the man most often referred to as the father of the Internet, painted a dark scenario in this recent Guardian interview. When it comes to Internet security, “it’s every man for himself. . .in the end it seems every machine has to defend itself.”

Kudos to Byron Acohido and Jon Swartz for their tenacious and continuous focus on this under-reported, but critically important Internet issue -- and for their excellent book on the real and shocking gaps in everyday Internet security: Zero Day Threat.    

WSJ columnist Gordon Cravitz rightfully focuses in this week's  column on the fact that "Internet attacks are a real and growing problem."

• Cravitz notes "...that system of open protocols brings the enormous benefits of the Web to civilian life. But the Web has also become an open field for cyber warriors seeking to harm the U.S."
• He spotlights a new cybersecurity commission report  by CSIS that soberly concludes cybersecurity is a "battle we are losing."

Has the obsession for Internet "openness" resulted in turning a collective blind eye to cybersecurity? 

Building on my previous post: "Internet Co-designer: "It's every man for himself," the Internet's co-designer, Google's Vint Cerf, made a similarly ominous comment about the future of the Internet to the New York Times last week.

In John Markoff's outstanding front page NYT article: "Thieves winning online war, maybe on your computer" the Internet's co-designer painted a bleak portrait of the safety and security of the Internet going forward.  

• "Many Internet executives fear that basic trust in what has become the foundation of 21st century commerce is rapidly eroding."
• “There’s an increasing trend to depend on the Internet for a wide range of applications, many of them having to deal with financial institutions,” said Vinton G. Cerf, one of the original designers of the Internet, who is now Google’s “chief Internet evangelist.”"
• “The more we depend on these types of systems, the more vulnerable we become,” he said.

Other experts agree. As Mr. Markoff reported yesterday: a government/technology industry panel is pressing the new Administration in a new report to make cyber-security a high national security priority.