Tuesday , 22 August 2017
Breaking News

SXSW 2017: If the Internet Has a Kill Switch, We Are It

Image of SXSW panelists

Christopher Mondini of ICANN, Christian Dawson of the i2Coalition, Shane Tews of the American Enterprise Institute, and Matt Perault of Facebook gather to discuss the Internet’s vulnerabilities—and what we can do about them

Austin, Tx.—If you’ve ever wondered whether there is a single point of failure that could take the entire Internet down in one fell swoop, rest assured: experts (at least, experts participating in a panel discussion here at South by Southwest) say there is no such thing.

But even though the Internet does not possess a “kill switch”, so to speak, it does have plenty of vulnerabilities and limitations. Outages are commonplace, security is a perennial struggle, and governments can (and do) shut down access to specific services or even the entire Internet.

On Friday, the panel highlighted a range of limitations that still plague this network of networks and called for technically-minded people to participate in organizations such as ICANN to help improve resiliency, security, and connectivity.

Two recent events highlight some of the issues we face. In October, a botnet disrupted access to a range of services including Twitter and Netflix through distributed denial-of-service (DDoS) attacks on the Managed Domain Name System of internet services company Dyn. And just last week, an improperly inputted command took down a number of Amazon’s widely used AWS services.

As our networks grow with the Internet of Things, we could find ourselves more vulnerable to DDoS attacks, said Shane Tews of the American Enterprise Institute. “If we don’t have a good concept of how we’re going to be able to manage that traffic for good or for bad, that has to ability of being Dyn 100x,” Tews said. “There are people who do think that it was really just a shot across the bow as to what could be coming.”

Tews noted that there are changes afoot to try to make the system more secure. In 2010, the Domain Name System Security Extensions system was deployed. “The idea of domain name security…is basically to put a lock on a system that’s always been wide open,” Tews said, a holdover from the early days of the Internet when everyone knew one another. The master key for this system will be “rolled over”, or changed, for the first time in October.

“There are certain components of internet infrastructure that are not as resilient as others,” said Christian Dawson, executive director of the Internet Infrastructure Coalition, or i2Coalition. But he said challenges like attacks only serve to make the system more robust: “I don’t think it’s getting more risky. I think when people figure out how to push the right buttons to bring certain components down, it just makes us better at…realizing that taking the steps to get more resilience are necessary.”

The greatest stresses to the system are policies not technology, he said: “My issue always come down to the people, and that’s why we’re heavily involved in internet governance issues, making sure the right people are at the table so that people don’t make the wrong decisions because they don’t have the right information.”

“Almost all the challenges to the Internet are human,” Tews said, highlighting a YouTube censorship order in Pakistan in 2008 that ended up stretching well past the country’s borders.

The idea of vulnerability at the human level was echoed by Matt Perault, head of global policy development at Facebook. Perault started at the company the week that Egypt turned off access to the Internet for five days.

Recently, he said, such large-scale shutdowns seem to be less frequent, but in their place are smaller-scale “blocks”, such as shutting down access in a particular region of India while students there are taking exams.

This sort of interference doesn’t garner the headlines that Egypt’s shutdown did. But it adds up. A report (pdf) from the Brookings Institution last year that highlighted 81 short-term shutdowns between July 1, 2015 and June 30, 2016 concluded the outages together cost upwards of US $2.4 billion in gross domestic product.

“My main concern right now is [that we are] moving toward a world where there [are] increasingly sophisticated small-scale blocks,” Perault said. “I would assume that the thing we would be most scared of would be a government being able to turn off your access to one particular product for 15 minutes. Because the ability to do that on a large scale might impose enough friction into your ability to access certain services that it would change your relationship to the Internet, and it would be very hard to diagnose.”

Countries that do not make access to the Internet a priority are also a limitation, Tews said. “Even though it’s not a kill switch, it’s certainly a killjoy.”

Then there is the power sovereign countries can exercise to hinder, prevent, or monitor the exchange of information. “There’s been a lot of talk of Internet fragmentation,” said Christopher Mondini of ICANN. But he said even restrictive countries and governments agree “that the Internet should remain an interconnected system with just one addressing system, and that a platform of ICANN and its multi-stakeholder discussion should be supported to maintain the interconnectivity of all of the networks.”

Mondini said there are a number of organizations, such as the Internet Society and its Internet Engineering Task Force as well as network operator groups, by which individuals can participate in setting the Internet’s path going forward: “You can find your people, and you can get involved and shape the future of the Internet, which is pretty exciting.”

[“Source-spectrum”]