Transcript Securitizing the Internet – Political Economy Analysis

“Securitizing” the Internet –
A Socio-Political Analysis
Oxford Internet Institute
Summer Doctorate Program
July 2004
Nimrod Kozlovski
[email protected]
Post-Doc Associate, Yale CS
Department, PORTIA Project
“Securitizing” the Internet –
A Socio- Political Analysis



Brief
Background
introduction
The internet model of communication
The political economy of Information - the
Internet model – type of discourse
Security on the Internet (TCP/IP-based network)
 Survivability and take-over resistance –
through redundancy and distributed system
 (Lack of) security with TCP/IP



Integrity
Confidentiality
Availability (information availability vs. node/
server availability)
…

Attacks on the Internet



Layers of attack – physical, logical,
semantic
Targets – integrity, confidentiality,
availability
Methods of attack –


Intrusion – Hacking, Defacement, Spoofing,
Malicious code
Disruption – Dos, DDos, Hijacking, Rerouting
…

Security responses




Technological
Social/ Business
Legal
CyberCrime Law – towards securitization of
the internet



Cybercrime 1.0 – criminal legislation adaptation
Cybercrime 2.0 – procedural and evidentiary
Cybercrime 3.0 - the current battlefield


Negotiating the security theory
Policy choices for a communication medium
Negotiating the security theory

Security through obscurity/ confidentiality vs.
Security through openness





End to End design vs. In- network control
Security by diversity vs. Security by homogeneity
Peer security vs. Owners’ control


e.g. Code openness – choice in IP regimes (copyright
vs. patent); reverse engineering regulation
e.g. Vulnerabilities reporting requirements
e.g. port scanning; trespass
Zero Tolerance vs. Failures management

False positive/ False negative calibration
Security-informed policy choices for
the emerging virtual world







Notions of space vs. Notions of flow (of
information)
Identity playfulness vs. Controlling identity
Routing policy – Open road vs. Property rules
Downstream liability vs. No-liability (virtual
pollution laws)
Enforcement – Public vs. Self help
Service providers’ role – Liability vs. Immunity
{Fair information practices vs. Contractual
freedom}
Policy choices – the trends

Security-informed policy choices for the emerging
virtual world – the trends


Notions of space vs. Notions of flow (of information)
Identity playfulness vs. Controlling identity






e.g. Spoofing, names duplication
Routing policy – Open road vs. Property rules
Downstream liability vs. No-liability (virtual pollution laws)
Enforcement – Public vs. Self help (corporate – ISP, IP
owner, conditional)
Service providers’ role – Liability vs. Immunity (vis-à-vis user,
but regulated)
{Fair information practices vs. Contractual freedom}
Political economy in CyberCrime 3.0

Discussion – Cybercrime 3.0 – implications on
the political economy of information –
rethinking discourse dynamics and power




Who controls the design of the communication
process? What uses are possible? What and who
decides whether new applications and services will
be available?
Who can shut off the conversation? Control the
flow? Channel traffic? Favor speakers?
How is the topology of the social network
determined? (emergence or structured)
What determines how the user can be presented
in a conversation? Who defines who you are in a
conversation?

Further socio-political dimensions of
securitization implications




Innovation – what innovation enabled/
limited?
Cultural exploration
Social organization
Political mobilization
Towards normative security discourse

Discussion –





From security to securitization (See: Helen
Nissenbaum)
Security policy as a political discourse
Revealing the biases in security policy
Understanding the dynamics of regulation
Political economy analysis as normative
guidelines to securitization
Background slides to follow
The Internet Model for Communication
and Information Network

Internet Model Network










Open network
Decentralized
Parity among users
Interactive
Neutral among applications
Anonymous
Linked
Easy and cheap to use
Lack central control (and central failure point)
Inter-connected (to other systems, networks)

The discourse in an Internet Model Network





Vivid, robust and unmediated public discourse
from diverse and antagonistic sources
The Individual controls the type, mode and scope
of communication/ interaction
From consumers (of information) to producers and
distributors of information
Dynamic and modular modes of communication to
accommodate needs-tailored-communication
Emerging design of the network (social,
technological, information linkage)