Professional Documents
Culture Documents
C R I T I C A L T H I N K I N G E X E R C I S E – T H E I N T E R N E T, “ A M E R I C A N
VALUES,”ANDSECURITY
In conventional thinking, one of the big reasons for our information security problems is that the
designers of the Internet did not build security in the underlying Internet technologies such as TCP and
IP. If only TCP and IP also incorporated security, we would have a much more secure information
infrastructure.
However, writing for the IEEE Security and Privacy magazine in 2011, Dan Geer, Chief
Information Security officer for In-Q-Tel, a non-profit venture capital fi rm for technologies that support
the CIA, stated that the developers of the Internet embedded their interpretations of “American values” in
the underlying Internet technologies. This is why IP, the Internet technology that transfers data across the
Internet, is “open, non-hierarchical, and self-organizing.” Once the data leaves your computer, you have
no control over how it is delivered to the destination. The protocol provides no mechanisms for
governments to impose restrictions on the flow of information on the Internet, other than restricting user
access to the Internet. Dan suggests that the Internet may also be a very successful American cultural
export, bringing openness and freedom of information wherever it is adopted.
Adopting this view, Dan believes that the lack of security in the underlying Internet protocols is a
strength, not a weakness. The Internet requires end users to take responsibility for their own security,
instead of relying on security provided by the fabric of the Internet. An Internet that does not take
responsibility for security also does not restrict any user from connecting to any other user, protecting the
users’ rights to freedom of association. A secure Internet could curtail this freedom in the name of
security, requiring permission from the Internet provider for access to a desired resource.
Reference
Geer , D.E. Jr. “ A time for choosing ,” IEEE Security and Privacy , January/ February 2011 , 96 – 95
CRITICALTHINKINGQUESTIONS
1. How could our information infrastructure been more secure if the underlying Internet incorporated
security technologies such as encryption?
2. How could the usability of the Internet been crippled if the underlying Internet technologies had
incorporated more security?
3. Based on your responses to these two questions, do you agree with Dan Geer ’s assessment that
leaving security to be the responsibility of end users is a good idea?