Paul Vixie: Internet Privacy Is a “Moving, Multidimensional Target”
‘Is the solution to solving Internet privacy technological, social or political?’ This is the question the Internet Hall of Fame posed to inductee Paul Vixie in a conversation that – appropriately enough – coincided with Privacy Day January 28.
Dr. Vixie is no newcomer to the privacy issue. He is responsible for designing, implementing and deploying several DNS (Domain Name System) protocol extensions and applications that are used throughout the Internet today, including dynamic update, network reputation and BIND open-source software.
BIND in particular, which stands for Berkeley Internet Name Domain, is the most widely used DNS software on the Internet today. Vixie’s extensions allowed the DNS to scale beyond the original design and incorporate the first elements of security. (Among numerous other accomplishments, he also founded the first anti-spam non-profit, Mail Abuse Prevention System).
The simplicity of the question that we posed belies the complexity of the answer. As Dr. Vixie notes in his response, below, the privacy issue is a “moving, multidimensional target.” But he clearly outlines the multidimensional issues that must be addressed if our global society is to effectively protect the privacy of Internet users today and into the future.
Q: Do you think the solution to solving Internet privacy is technological, social or political?
A: Privacy for Internet users is a moving, multidimensional target. Many users simply do not care whether they are observed, on the mistaken basis that "governments and corporations already know all about me anyway," or worse: "I'm going to share everything on Facebook anyway so what's the difference?"
The difference is whether a user has a right to choose secrecy or whether that choice will be forced upon them, possibly without their knowledge. So, part of the solution is social: we must foster a broader understanding of human history and especially human subjugation, so that individuals can place their own lives in the context of history. This is the hardest part of fixing Internet privacy—getting people to care and to act.
There are of course technological problems as well. TLS (Transport Layer Security) is only as secure as the world's X.509 Certificate Authorities want it to be. It's trivial for any national government to set up a "man in the middle" proxy that decrypts and then re-encrypts a user's data for surveillance purposes. And because BGP (Border Gateway Protocol) is not secure, these proxies can be inserted almost anywhere in the Internet's topology—it doesn't require being "in the path."
The Internet Engineering Task Force (IETF) has launched a ‘Manhattan Project’ style effort to make perfect forward secrecy a low-cost default available to all Internet users of every and any skill level, but it's not clear if device makers and network operators are anxious to deploy that kind of technology. This is the hardest part of fixing Internet privacy…a lot of actors whose cooperation we would need have very different interests than the users themselves.
As we've seen from many public statements made by many public servants and world leaders, the role of government in a connected world is not generally and well agreed upon. Before the Internet, most citizens of most industrialized nations had a reasonable expectation that their private communications would not be subject to surveillance. But since private communications for peaceful purposes look the same—from the point of view of a surveillance operator—as private communications for criminal or seditious purposes, we lack a clear set of guidelines for what the government has to be able to see and what the government has to be prevented from seeing.
The controversy around intentional "regime change" plays into this—can we expect any government which is lacking international support to allow the rest of the world to help its citizens organize a revolution? Many otherwise educated and rational people expect so—they expect that national autonomy is a meat space matter, and that in cyberspace, nations don't matter and we are all citizens of the Internet itself. This is the hardest part of fixing Internet privacy—reaching broad based agreement on who should have it.
So, each of these areas is itself the hardest part of fixing Internet privacy. Don't shoot the messenger.