Governing the Internet Commons

Recently, I’ve been watching a terrific series called America: The Story of Us(12 episodes)–from the History Channel.

It is a beautiful portrayal of the the founding and history of America.

One theme though that repeats again and again is that as a nation, we use the common resources and deplete them until near exhaustion.

The show portrays an America of lush forests with billions of trees that are chopped down for timber, herds of 30 million buffalo slaughtered for their hides, rollings plains of cotton for a thriving clothing industry that is over-planted, a huge whaling industry used for oil that is over-fished.

Unfortunately, as we know, the story is not just historical, but goes on to modern-day times, with fisheries depleted, whole species of animals hunted to extinction, energy resources furiously pumped and mined to a foreseen depletion, city streets turned into slushy slums, and national forests carelessly burned down, and more.

The point is what is called the “Tragedy of the Commons”–where items held in trust for everyone is misused, overused, and ultimately destroyed. With private property, people are caretakers with the incentive to maintain or raise the value to profit later. However, with common property, people grab whatever they can now, in order to profit from it before someone else gets it first.

This phenomenon was first laid out in the Torah (Bible) with a law for a “Shabbath Year” called Shmita mandating that people let fields (i.e agriculture) lie fallow for a full year every 7 years and similarly, the law of Jubilee (i.e. Yovel), that slaves be freed and loans forgiven every 50 years. I think that the idea is to regulate our personal consumption habits and return what the historical “commons” back to its normal state of freedom from exploitation.

This notion was echoed by ecologist Garrett Harden in the journal Science in 1968, where he described European herders overgrazing common land with their cows to maximize their short-term individual profits at the expense of longer-term term societal benefits. Harden suggested that regulation or privatization can help to solve the “Tragedy of the Commons.”

In the 21st century, we see the modern equivalent of the commons with the Internet, which is an open, shared networking resource for our computing and telecommunications.Without protection, we have the Wild West equivalent with things like spam, malware, and attacks proliferating–clogging up the network and causing disruptions and destruction, and where some people use more than their fair share

Here are some examples of the Tragedy of the Internet:

– Symantecreports that even with spam decreasing with the shutdown of spam-hosting sites, in 2011, it is still 70% of all emails.

– McAfeereports that malware peaked as of the first half of 2010, with 10 million new pieces.

– Kasperskyreports that web-based attacks were up to 580 million in 2010–8 times the amount of the previous year.

– Verizon Wirelessreports 3% of their users use 40% of their bandwidth.

If we value the Internet and want to continue using and enjoying it, then like with our other vital resources, we need to take care of it through effective governance and prudent resource management.

This means that we do the following:

1) Regulation–manage the appropriate use of the Internet through incentives and disincentives for people to behave civilly online. For example, if someone is abusing the system sending out millions or billions of spam messages, charge them for it!

2) Privatization–create ownership over the Internet. For example, do an Internet IPO and sell shares in it–so everyone can proverbially, own a piece of it and share financially in it’s success (or failures).

3) Security Administration–enhance security of the Internet through public and private partnership with new tools, methods, and advanced skills sets. This is the equivalent of sending out the constable or sheriff to patrol the commons and ensure people are doing the right thing, and if not then depending on who the violating actor(s) are take appropriate law enforcement or military action.

Only by managing the Internet Commons, can we protect this vital resource for all to use, enjoy, and even profit by.

(Source Photo: here)

Securing The Internet: A Historical Perspective

This week, I had the opportunity take a great class in Cyber Security / Information Assurance.

As part of the class, we had to do a team project and my part was to present a brief history of the Internet and how this best positions the Federal Government to take the lead in securing the Internet.

Here is my part of the presentation:

Good morning. I am Andy Blumenthal, and I am here to talk with you today about the wealth of historical experience that the U.S. Federal Government has with managing the Internet and why we are best positioned to govern the security of it in partnership with the private sector and international community.

As you’ll see on the timeline, the U.S. Government has played a major role in virtually every development with the Internet from inventing it, to building it, and to governing it, and it is therefore, best prepared to lead in securing it.

It all started with the invention of the Internet by the government.

Starting in 1957 with the Sputnik Crisis, where the Soviets leaped ahead of us in putting the first satellite in Earth’s orbit—this caused great fear in this country and ultimately led to a space and technology race between us and the Soviet Union.

As a result of this, in 1958, the U.S. Government established the Advanced Research Projects Agency (or ARPA) to advance our technology superiority and prevent any future technology surprises.

In 1962, ARPA created the Information Process Techniques Office (IPTO) for enhancing telecommunications for sharing ideas and computing resources.

Finally in 1964, the concept of the Internet was founded with the publication by RAND (on contract with the Air Force) of “On Distributed Communications,” which essentially invented the idea of a distributed computing network (i.e. the Internet) with packet switching and no single point of failure.  This was seen as critical in order to strengthen the U.S. telecomm infrastructure for survivability in the event of nuclear attack by the Soviets.

The Internet era was born!

The U.S. government then set out to build this great Internet.

In 1968, ARPA contracted for first 4 nodes of this network (for $563,000).

Then in 1982, after 8 years of anti-trust litigation, the U.S. government oversaw the breakup of AT&T into the Baby Bells in order to ensure competition, value, and innovation for the consumer.

In 1983, ARPANET split off MILNET, but continued to be linked to it through TCP/IP.

In 1987, the National Science Foundation (NSF) built a T1 “Internet Backbone” for NSFNET hooking up the nation’s five supercomputers for high-speed and high capacity transmission.

And in 1991, the National Research and Education Network (NREN, a specialized ISP) was funded for a five-year contract with $2 billion by Congress to upgrade the Internet backbone.

At this point, the Internet was well on its way!

But the U.S. government’s involvement did not end there, after inventing it and building it, we went on to effectively govern it.

In 2005, the Federal Communication Commission (FCC) issued the Internet Policy Statement (related to Net Neutrality) with principles to govern an open Internet—where consumers are entitled to choice of content, apps, devices, and service providers.

And now, most recently, in 2012, we have a proposed bill for the Cybersecurity Act to ensure that companies share cyber security information through government exchanges and that they meet critical infrastructure protection standards.

You see, the government understands the Internet, it’s architecture, it’s vulnerabilities, and has a long history with the Internet from its invention, to its building, and its governance.

It only makes sense for the government to take the lead in the security of the Internet and to balance this effectively with the principles for an open Internet.

Only the government can ensure that the private sector and our international partners have the incentives and disincentives to do what needs to be done to secure the Internet and thereby our critical infrastructure protection.

Thank you for your undivided attention, and now I will now turn it over to my colleague who will talk to you about the legal precedents for this.

(Source Graphic: Andy Blumenthal)

Cyberwar–Threat Level Severe

!This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic–Cybersecurity Threats to the United States.Some of the highlights from his statement:- America’s computers are under attack and every American is at risk.

– The attacks are real, stealthy, persistent, and can devastate our nation.

– Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.

– In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)

– It is not a matter of if, but whena Cyber Pearl Harbor will occur.  We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).

I believe we must address these threats and our vulnerabilities in at least five main ways:

1) Increase research and developmentfor new tools and techniques–both defensive and offensive–for fighting cyberwar.

2) Establish a regulatory frameworkwith meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.

3) Create a cybersecurity corpsof highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.

4) Prepare nationwide contingency plansfor the fallout of a cyberwar, if and when it should occur.

5) Create a clear policyfor preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur.

With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal–because the consequences can be just, if not more, deadly.