A recent article in the Wired UK edition reported that most of the Internet infrastructure management organizations are seeking to break free of any U.S. management and control. According to the article in Wired, "ICANN, the Internet Engineering Task Force, the Internet Architecture Board, the World Wide Web Consortium, the Internet Society and all five of the regional Internet address registries have vowed to break their associations with the U.S. government."
For many people who have been involved in the internet for a long time, this is a sad state of affairs, as most of these organizations were initially started and funded by the U.S. government. However, information made public by Edward Snowden and other leaks have undermined the trust the rest of the world has in the U.S. managing such an important asset as the Internet.
In addition to breaking free of U.S. control, many countries have announced plans for secure Internet communications in order to be free of NSA and other spying. Of course, this begs the question if any type of encryption or security is truly a way to stop the NSA and similar agencies from accessing your electronic communications and data. If the basic encryption algorithms that we relied upon are subject to cracking by NSA, is any so-called secure system truly secure?
That is not really the issue, though. The true issue is the impact of this anti-U.S. movement on the U.S. tech and Internet industries. I am reminded of my time selling infosec solutions to the U.S. government. It amazed me back then that so many government agencies and departments had an unwritten rule it seemed about buying Israeli security technology. The feeling was that somehow the Israeli Mossad had a backdoor into Israeli technology. I believe the same thing will now be happening with U.S. technology.
Foreign governments and international customers are going to be wary of U.S.-based technology for fear that the U.S. government has a built-in back door to these technologies. Yes, we can be arrogant and say that if you are not going to use Apple, Microsoft or Google because you suspect they cooperate with the U.S. government, you are not going to find anything comparable to use. But that won't last long. The market abhors a vacuum. New non-U.S. companies will spring up to offer solutions in their place. Plus what about companies that don't have the market clout of Microsoft, Apple and Google?
In a competitive environment, the fact that one company is U.S.-based with all that it now entails and one is not may be all that is needed to tip the scales to the non-U.S. company. This could be a real disadvantage for U.S.-based companies. It could even force them to move or establish a more international presence.
The cost to our economy of this could be huge. The Internet is no longer a U.S.-dominated market, either. I remember starting Internet companies and the logic was to start in the U.S., as 80% of Internet business was in the U.S. That, of course, changed long ago, and the scales tipped where the rest of the world outweighed the U.S. alone. This trend is only going to accelerate as some areas like South America and Africa accelerate their Internet presence.
South America seems to be a particular hotbed of anti-U.S. Internet fervor. The President of Brazil denounced our spying at the UN and cancelled a trip to the U.S. over allegations that the U.S. government monitored her and her government's electronic communications. Brazil also announced a new plan for a "secure" email system to counter U.S. spying. Of course, as I said earlier, who knows how secure their email really can be if the NSA wanted it. The meeting that the Wired article referenced was actually in Uruguay, also in South America.
I don't know how much economic support the U.S. government provides to these Internet governing bodies and just how capable they are of actually breaking free of any U.S. control. It used to be they could talk all they want but they were economically dependent. I don't think that is the case anymore.
What I do know is that we will be paying the price for this whole mess for a long time to come.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.