Professional Documents
Culture Documents
A Guide For Policy-Makers: Edition 03
A Guide For Policy-Makers: Edition 03
EDITION 03
How the internet works How encryption works How governance works
PAGE 3 PAGE 6 PAGE 22
This booklet is intended to provide policy-makers
PAGE 6 ENCRYPTION
PRIVACY IN A PUBLIC NETWORK
PAGE 14 PEER‑TO‑PEER
FROM ME TO YOU, WITH NO ONE IN THE MIDDLE
The Internet is a global system of all devices use the same “language” or
interconnected computer networks. protocol, namely the Internet Protocol (IP), a
“single market” with no physical, technical
When two or more electronic devices (e.g.
or national barriers. It forms the basis for
computers) are connected so that they can
all other systems of communication on the
communicate, they become part of a network.
Internet.
The Internet consists of a world-wide
interconnection of such networks, belonging Sending any communication over the Internet
to companies, governments and individuals, using the Internet Protocol is quite like
allowing all of the devices connected to these sending the pages of a book by post in lots
networks to communicate with each other. of different envelopes. All of the envelopes
use the same sender address and the same
In order to communicate, computers need
destination address. Even if some envelopes
to be able to understand each other. On the
are transported by ship and others by air,
Internet, communication is possible because
the envelopes all eventually arrive at their
A DIGITAL ADDRESS
01 Due to shortages in the current generation of IP addresses, it is for example. The current shortages are being addressed by the
increasingly common, particularly in business networks, for IP roll-out of IPv6 addresses.
addresses to be shared – by all of the computers in one office,
1. sender requests
public key from recipient
4. recipient decrypts
data with his/her private key
How can a user send a sensitive message to protect when encrypting a message is its
so that it remains secure from prying eyes? integrity (i.e. the completeness of the file) –
If you send a letter, it could be intercepted, otherwise the message can be manipulated,
opened, read and then closed without without even knowing the encryption key.
leaving a trace. A telephone call can be Most respected encryption tools will do that
wiretapped. for you automatically.
Rapid development of cryptography started The following image demonstrates the stages
in 20th century together with development of of public key encryption – this works on the
computing technologies. Computers allowed basis of a pair of keys – one public and one
not only much faster encryption of electronic private:
messages, but also much faster cracking of
1.The sender requests a copy of this public
encryption keys used so far.
key.
Encryption is not a silver bullet and doesn’t
2.Using the appropriate software, the sender
guarantee total confidentiality. A frequent
encrypts the message using the recipient’s
technique to bypass encryption is to capture
public key.
the message before it even gets encrypted
– for example by a stealth Trojan horse 3.The message is sent.
program installed on sender’s computer that
4.The recipient decrypts the message by
will monitor all keys pressed on the keyboard
using the public key and the private key
or even in the victim’s mobile telephone.
together.
Another attribute you almost always need
When you put a website on the Internet, specifically for our website to retrieve it.
it will be reachable via the numerical IP
The system for looking up a domain name
address of the web server hosting it (at time
works on the basis of a hierarchy. When
of writing, EDRi.org’s address is 217.72.179.7,
you type http://edri.org, your computer
for example). IP addresses are, however, not
first connects with a server to ask for the
easy to remember for humans. Using them to
address. 02 The default DNS server is usually
identify online resources is also not practical
run by your Internet provider, but it is possible
as services on the Internet occasionally have
to use a different one.
to move to a new IP address (if they change
service providers, for example). If somebody has recently accessed http://
edri.org, the DNS server will “remember”
As the use of IP addresses for websites is
the details and provide you with the correct
neither practical nor user friendly, “domain
IP address. If not, it will refer the query to
names” (such as edri.org) were created. The
a higher level of authority, where the same
global Domain Name System works a little
process is followed. At the highest level of
like a phonebook for the Internet.
authority are 13 “root servers” that ultimately
If you know the domain name of the website collect together DNS servers. The 13 root
you want to visit, the Domain Name System is servers are very robust and have huge
used – invisibly and automatically – to find the capacity. They have so much capacity that
corresponding IP address of the web server they continued to work efficiently even when
where the website can be found. So, when you under major attacks (so-called “distributed
type http://edri.org, your computer identifies denial of service” attacks).
this as being 217.72.179.7 and sends a request
The World-Wide Web is built on HTTP, a specification (HTML5 being the most recent),
relatively young protocol (language) that the HTML development process is continuous
is built on top of the Internet Protocol (IP). and open to participation. Once the standards
HTTP stands for HyperText Transfer Protocol, have been set, there is no licence or fee
and was designed to download so-called for using HTML. The advantage is that all
hypertext documents (what are now known available computer systems understand the
as “web pages”) and to send some basic instructions in HTML in the same way – so
information back to the web server. anyone can use the language (for free) and
be sure that every device will display the
Web pages are created using the formatting
web page in the same way. The Web (and
language HTML, (HyperText Markup
the world) would be far poorer if people had
Language). The rules of this language are
to pay to develop pages in the languages of
set by the World Wide Web Consortium
different types of computer.
(W3C), and specify special markers to
indicate typograhy and layout properties. For This open and free character of HTML is
example, text in bold will have <b> before it essential to ensure compatibility of web
and </b> after it. pages across all sorts of devices: desktop
computers, mobile phones, tablets, laptops
While there are several versions of the
Webpages are published on machines known HTTPS adds encryption to this connection, so
as “web servers”. A web server is a computer that (in theory) only the end-user and the web
that can be found by its unique IP address server can decipher the information that is
(as described on page 5). Usually many going back-and-forth. This is based on trust:
domain names (such as www.edri.org and the web page publisher asks a trusted party
www.bitsoffreedom.nl) can be found at the to give them a strictly personal certificate,
same IP address because they are stored digitally signed to confirm the identity of
(“hosted”) on the same server. Thus, a the publisher; much like a wax seal used in
single web server with a unique IP address previous centuries to seal documents.
can host numerous websites. In the case of
When a user buys a new computer or installs
commercial web hosting companies, there
a new web browser, it comes with a standard
can be hundreds of unrelated websites on
set of trusted certificate authorities, a secure
one single web server. Attempts to “block”
list of entities from which the user will
individual websites on the basis of their IP
trust the certificates given out to web page
address have therefore always had disastrous
publishers. The weakness in this system is a
consequences for the unrelated pages on the
result of this default list: there are dozens on
same server.
this list. If just one of these entities turns out
In addition to HTTP, there is also a secure not to be trustworthy, users will be putting
variant called HTTPS. HTTP connections their trust in an unreliable service.
DNS
resolver
Request
location.eu
HELLO! HELLO!
INTERNET
Electronic mails, or e-mails, are messages e-mails by querying the earlier described
sent by one sender to one or more recipients. Domain Name System (DNS) information.
The transfer of these messages is handled This system also includes information about
using SMTP (Simple Mail Transfer Protocol) which servers are responsible for handling
which, like HTTP, is also built on the Internet emails for each domain. The domain can be
Protocol. extracted from the part of the recipient’s
email address that comes after the @-sign.
After composing an e-mail on a webmail site
or in an e-mail program, it is transferred to Once the message arrives at the e-mail
an outgoing e-mail server using SMTP. It will server that handles all e-mails for the
then be transferred from one e-mail server to recipient, it will remain there until the
another, again using SMTP, until it reaches its recipient deletes it. Some e-mail software
final destination mail server. will do this automatically as messages are
downloaded to the user’s PC or smartphone.
E-mail servers figure out where to send the
Data on the Internet is sent in “packets”, At some point you might decide to start a web
which are basically small blocks of data. server at your network to publish documents.
Each packet has a header that describes You would need to modify your firewall
its origin and destination (like an envelope settings to allow incoming service request,
with a sender and recipient address). This but only for the web service. But then, there
information allows the network equipment are numerous attacks against web servers
to determine the best path to send a packet that look quite innocent from firewall’s
at given moment. point of view. It is impossible to distinguish
legitimate packets from malicious ones based
Historically, network equipment only looked
just on origin and destination details.
at origin and destination information. But with
rapid increase of malicious activity network Network engineers soon realised that it
owners decided that they need to look at would be easier to detect attacks if the
more details of each packet to distinguish network equipment started looking a bit
“safe” packets from those being part of deeper into the packets. In theory it is easy
hacking or denial of service attacks. – the headers in packet are not “separated”
in any other way than logical definition of
For example, network security programs
boundaries. It’s just a matter of analysing
(“firewalls”) could initially only block a packet
a few next bytes than we were analysing
travelling from a specific origin, to a specific
so far e.g. for routing purposes. Or go even
destination and to a specific service. Using
deeper and look inside the block of data in the
these criteria you could block all incoming
packet.
service requests to your office’s network,
because you make no services available Devices that started doing that were initially
for general public. And you could still enjoy called Intrusion Prevention Systems (IPS)
all other services available on Internet by and soon these features were introduced
allowing service requests originating from into most network equipment. When it was
your office network. used to block hacking attacks, this caused no
controversy.
Peer-to-peer networks consist of devices providing content to many website users, for
(web servers or end user computers) example (one device communicating with
that participate on equal terms in a type many devices).
of communication. Each “peer” (i.e. each
On the Internet, peer-to-peer applications use
device) can communicate with other
peer-to-peer protocols that are based on the
peers and there is no distinction between
IP-protocol.
consumers and producers, clients and
servers, etc. It is simply many devices Peer-to-peer networks have a series of
communicating with many devices. particular advantages:
This is in contrast to the client-server or They have no single point of failure
one-to-many model where one computer because there are no centralised entities. In
serves requests of many clients – a website a one-to-many network, if the “one” fails, the
03 http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/
shared/Documents/Consultation/Opinions/2009/09-01-09_
ePricacy_2_EN.pdf
Navigation on the World Wide Web works follows every link on every page, indexes the
through hyperlinks (text or images which, linked pages and then follows the links on
when clicked on, will cause another website those pages, indexes them, and so on.
to be opened).
The most important operation the search
Any Web author can link to any other online engine performs is making the match
content. Through the practice of linking between a user’s search query and the
all Internet users help with organising information in the index. Typically, the output
the information online into a Web of of this matching process is a ranked list of
interconnected resources. references . These hits normally consist of a
title, snippets of information and hyperlinks to
Importantly, the Web does not provide for a
the pages that the search engine’s technology
centralised index that keeps track of what is
has determined as possibly relevant.
available on the network. Search engines are
therefore the most important services to help Alongside the ‘organic results’ (i.e. the pages
meet the need of Internet users to navigate found by the search engine), commercial
the Internet more effectively. search engines place sponsored results
determined by a bidding process on keywords
There are different kinds of search engine
by marketeers. The matching process for
services. The most important search engine
organic results is complex and commercial
model is the crawler-based search engine.
search engines protect their precise ranking
This uses software (referred to as “crawlers” algorithms as trade secrets. The PageRank
or “spiders”) to look for what is available algorithm of Google is one of the most
online and systematically indexes this famous Web search ranking algorithms. It
content. The sophistication and effectiveness predicts the relevance of websites in the
of the crawler determines the size and index by analysing the linking structure on
the freshness of the index, which are both the Web (i.e. the types of pages that link to
important measures of a search engine’s that page).
quality. In simple terms, the spider/crawler
Other important techniques for better
WHERE WE MEET
Social media are fundamentally different 2. Blogs and microblogs (e.g. Twitter);
from regular media as they do not just give
3. Content communities (e.g. YouTube,
information, but interact with you while giving
Flickr), where users interact by sharing
you that information. The interaction can
and commenting on photos or videos;
be as simple as asking for your comments,
letting you vote on an article or “like” or 4. Social networking sites (e.g. Facebook,
“unlike” any action of other users. Each user Myspace, Hi5, google+), where users
is not just a spectator but part of the media, interact by adding friends, commenting
as other users can also read their comments on profiles, joining groups and having
or reviews. discussions;
People are getting used to having the 5. Virtual game worlds (e.g. World of
ability to react to what others write and to Warcraft);
express and show their own point of view.
6. Virtual social world (e.g. Second Life).
This enlarges the community involvement
in ongoing debates. Every year the number Protection, in particular privacy protection,
of social media users is increasing, so its of social media users is an important
influence is increasing and is becoming more topic. While users can usually choose to
and more powerful. share personal information or hide it, the
default settings and additional protection
Any website that invites visitors to interact
for children are subjects of considerable
with the site and with other visitors can be
controversy. Furthermore, certain sites, such
considered as part of social media. They can
as Facebook, have unilaterally changed their
be divided broadly into six different types:
users’ privacy settings already several times
in the past.
DIGITAL DEMOCRACY
The first attempts to define the term Governance. The forum, which already had
Internet Governance (IG) were made during 6 editions (between 2006 and 2011) triggered
the preparatory meetings for the United the organisation of similar national and
Nations World Summit on the Information regional fora (e.g EuroDIG –the pan-European
Society. dialogue on Internet governance). It is
important to outline that these fora do not
A first common-accepted definition was
function as decision-making bodies, but they
developed within the Working Group on
influence policies.
Internet Governance, a multi-stakeholder
group created by the UN Secretary General What does IG cover?
and was included in the Tunis Agenda for Infrastructure and standardisation;
Information Society:
Technical issues related to the running
“development and application by of the Internet: telecommunications
governments, the private sector and civil infrastructure, Internet standards and
society, in their respective roles, of shared services (e.g. Internet Protocol, Domain
principles, norms, rules, decision-making Name System), content and application
procedures, and programmes that shape the standards (e.g. HyperText Markup Language);
evolution and use of the Internet.”
Issues related to safeguarding the
This definition emphasises the multi- secure and stable operation of the Internet:
stakeholder approach in discussing Internet- cybersecurity, encryption, spam;
related policies: the participation of all actors,
in an open, transparent and accountable Legal issues: national and international
manner. legislation and regulations applicable to
Internet-related issues (e.g. copyright,
To achieve this goal, the Internet Governance cybercrime, privacy and data protection);
Forum was created as a multi-stakeholder
forum for discussions of public policy Economic issues: e-commerce, taxation,
issues related to key elements of Internet electronic signatures, e-payments;
With financial support This document is distributed under a Creative Commons 3.0 Licence
from the EU’s
http://creativecommons.org/licenses/by-nc-sa/3.0/
Fundamental Rights and
Citizenship Programme.