#DataLove: A new norm for data security?

By Erica ‘Diya’ Basu

Harlo Holmes, Director of Newsroom Digital Security at the Freedom of the Press Foundation, led a Digital Security Clinic on Friday, October 13 at American University’s School of Communication. The session was co-sponsored by AU’s Internet Governance Lab, the Center for Media & Social Impact and the Internet Society of Washington, DC.

AU SOC Associate Professor Aram Sinnreich opened the discussion by highlighting the fact that digital security is a cultural issue and called on the audience to embrace a social norm of #DataLove, placing people at the center of digital security discussions. Policy circles have tended to view digital security primarily through a binary lens, between the geopolitical exigencies of national sovereignty and security and the economic drivers of commercial profit and competitive edge.

Harlo grounded her discussion on a “Threat Modeling” tool to assess digital security vulnerabilities. A practical, four-part schema that individuals could use to not feel overwhelmed and gain control of what was at stake with one’s online information. Ask yourself four questions. What assets or what is it that I am protecting – passwords, personal information, emails, photographs, financial data? Who is the adversary, who am I protecting this information from – companies, hackers, social and professional enemies, governments? What resources do my adversaries have, to access this information – technical expertise, time, monetary resources? How far will I go and what are my abilities to protect my assets – gain information, invest in anti-malware software, use better authentication options? The sheer practicality of the model resonated well with the audience especially considering recent data breaches reported by Yahoo, Target, Equifax, and Whole Foods. And reports of stalking and cyberbullying incidents on social networking sites like Facebook and Twitter. We have either been victims ourselves or know of family and friends who have been affected by their data being stolen or whose identities were compromised on the Internet.

Harlo provided useful tips on managing one’s digital “assets,” like using pass-phrases instead of passwords, password manager software, two-factor authentication and physical USB keys to secure our online data. She encouraged the use of end-to-end encryption platforms like Signal and WhatsApp, and reminded the audience of the distinct kinds of phishing ploys that “adversaries” may use to access our devices and our data. 

Developing a culture of #DataLove may be the way forward as we navigate a hyper-networked world. Where our attitudes about digital security may often be at odds with our actions as we voluntarily and involuntarily leave larger and deeper digital footprints on the Internet. To this end, Harlo’s fourth question from the Threat Modeling tool was a telling one – how far will we go to protect our online assets and improve our digital security?

Check out the presentation below, which begins at the 22:42 minutes.

 

Advertisements

IGL Roundtable Presents Dr. Eric Novotny on “Circumventing Censorship with New Technologies”

On Friday, October 27th the Internet Governance Lab Roundtable Speaker Series will host Dr. Eric Novotny of American University’s School of International Service for a discussion on emerging information communication technologies designed to circumvent censorship and their impacts on freedom of expression and privacy online.

The event will take place from 2:30-4pm in SOC MCK 305.

As Dr. Novotny explains:

Censorship on the world wide web by governments continues to be a barrier and a threat to freedom of speech, ideas, and information. Regimes use various techniques such as IP blocking, DNS poisoning, and DPI to interfere with traffic among clients and servers. Almost all contemporary, operational circumvention technologies rely on network access and routing through proxies or bridges to obfuscate traffic between their client and an intended host.  Increasing capabilities are surfacing that will challenge the utility of such end-to-end proxy techniques.  Refraction routing is an emerging technique that takes an end-to-middle approach to the problem by building anti-censorship into the core of the Internet architecture.  This discussion introduces the general problem of circumvention technology and compares various ways that refraction routing can be implemented on the world wide web.  These techniques may provide significantly stronger resistance to common forms of blocking by repressive governments and also provide collateral cybersecurity benefits.  One method for implementing refraction routing has already been successfully field tested to overcome blocking and will be discussed.

All are welcome and we look forward to a lively discussion of the topic following Dr. Novotny’s presentation.

Orwell’s 1984 and the Contemporary Cyber Surveillance State

On Wednesday, October 18th, from 3-4:30 pm in Batelle-Tompkins Atrium, the American University Literature Department and the Internet Governance Lab will host a colloquium on Orwell’s 1984 and its relevance to the contemporary cyber context.

All sectors of the economy and society are now digitally mediated, made possible by the Faustian bargain of pervasive and privatized surveillance in which citizens relinquish personal data in exchange for free services. Authoritarian and democratic nation-states alike enact expansive surveillance, either for politically motivated censorship, identification of dissidents, or law enforcement and intelligence gathering. The same technologies that have provided unprecedented opportunities for creative expression, innovation, and free speech are used for all manner of social, political, and economic control. Modern flashpoints such as the Snowden NSA surveillance disclosures and Russia’s cybersecurity incursions and influence campaigns during the 2016 American presidential election have attracted greater public attention to longstanding tensions between cybersecurity and human rights. This panel will bring together experts in cyberpolitics and cybersecurity to examine Orwell’s 1984 through the lens of the contemporary cyber-surveillance state. How has the language of Orwell shaped/constructed modern cyber discourses? How do the modern surveillance state and underlying political tensions differ from Orwell’s dystopian vision? How would 1984 have been re-written in light of contemporary technological capabilities? Speakers include:

Moderator: Dr. Linda Voris
Professor in the Department of Literature
American University

Dr. Derrick Cogburn
Faculty Director, Internet Governance Lab at American University
Professor in the School of International Service

Dr. Laura DeNardis
Author of The Global War for Internet Governance (Yale University Press)
SOC Professor and Faculty Director, Internet Governance Lab at American University

Dr. Eric Novotny
Professor in the School of International Service
Faculty Fellow, Internet Governance Lab at American University

Colonel (Ret) Randolph Rosin
Faculty of the National Intelligence University
Internet Governance Lab Research Fellow

Internet Governance Lab hosts Data Hygiene Clinic on 10/13

On Friday, October 13th from 3-4:30pm, the Internet Governance Lab, in collaboration with the Freedom of the Press Foundation, the Center for Media and Social Impact, and the Washington, D.C. chapter of the Internet Society, will host a discussion providing practical steps students, faculty, and all members of the AU community can take to protect themselves from a variety of digital threats.

The event will take place in McKinley and is free and open to the public.

Facilitated by Harlo Holmes of Freedom of the Press, the event will address strategies for protecting data from hackers, how to spot and avoid phishing attempts, preventing corporate and state surveillance, and general best practices for securing users’ digital rights in what can feel like an ocean of constantly shifting threats.

We look forward to seeing you there.

 

Recap: Will the Internet Fragment? A Conversation with Milton Mueller

Following last week’s terror attacks in London, Prime Minister Theresa May stated unequivocally that “enough is enough,” adding that there is “far too much tolerance of extremism” in British society. In particular, Ms. May called out Internet companies to do more to shut down online “safe spaces,” suggesting that her government would look to broker “international agreements to regulate cyber space so that terrorists cannot plan online.”

What such international agreements might look like in practice is unclear, but according to Internet governance scholar Milton Mueller, Prime Minister May’s comments reflect a growing trend, in which nation-states are looking to assert a greater degree of control over global data flows.

“It is an attempt to fit the round peg of global communications into the square hole of territorial states,” explained Dr. Mueller on Tuesday at an event marking the release of his new book Will the Internet Fragment?: Sovereignty, Globalization, and Cyberspace. Hosted by New America’s Open Technology Institute, the event was moderated by Internet Governance Lab Co-Director Dr. Derrick Cogburn and featured Dr. Mueller in conversation with Rebecca MacKinnon, Director of the Ranking Digital Rights project at New America; Tim Mauer, Co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace; and Angela McKay, Senior Director of Cybersecurity Policy and Strategy at Microsoft. 

A video of the event is available here.

In answering the book’s title question, Dr. Mueller began the discussion by interrogating the concept of “fragmentation,” suggesting that the term “realignment” more precisely captures current efforts to assert notions of territorial sovereignty in cyberspace. In this way, Mueller’s remarks contextualized “efforts to set up gateways to filter content, using data localization to keep internet routing within state borders, and requiring governments and users to use local companies to store data” as attempts to “partition cyberspace in order to subordinate its [the Internet’s] control to sovereign states.”

“Governments are trying to have their cake and eat it too,” explained Rebecca MacKinnon, who’s 2012 book Consent of the Networked described new modes of Internet censorship and the ways in which private companies have assumed governance functions formerly reserved for nation-states. But as governments bemoan the inability to regulate content within their borders many of these same nation-states are happy to extend locally developed policies extraterritorially, explained Ms. MacKinnon, citing the Microsoft/Ireland case and efforts to apply the EU’s “right to be forgotten” globally as examples of this sort of extraterritorial extension.

These cases, along with Prime Minister May’s recent comments, help underscore the fact that efforts to realign the Internet to fit Westphalian notions of territorial sovereignty are no longer merely the Orwellian fantasies of authoritarian states but are gaining legitimacy in more democratic national contexts. In response to these trends, Mueller proposes “a liberation movement for cyberspace, in which we recognize that we’re creating a globally interconnected polity around the Internet,” suggesting that “perhaps it is time for this polity to assert its own identity and own authority and come up with global organizations for Internet governance.”

But as Tim Mauer pointed out, the prospects for such a liberation movement seem increasingly remote given large-scale structural changes to the existing liberal order. As geopolitical developments point towards a more neo-realist order, Mauer argued that we could expect to see more “contested forms of [Internet] governance” as opposed to international agreements and transnational consensus.

Meanwhile, Angela McKay of Microsoft presented several ways in which emerging technologies like the adoption of cloud computing and the Internet of Things might present challenges and opportunities for realignment. In particular, Ms. McKay highlighted cloud adoption as an example of a fundamental change in Internet architecture and the way its governed, with a more homogeneous set of firms managing a more diffuse, heterogeneous set of end-points. Conversely, with the growth of the Internet of Things, a new set of formerly non-technical industries will be thrust into Internet governance and information technology policy discussions, bringing with them a new set of norms, best-practices, and values that will alter the dynamics of existing private-public partnerships and require new modes of Internet governance going forward.