The State Versus the Internet

Posted: October 16th, 2010 by Gadget42

by Paul Rosenberg, LRC

The power of the state has always rested on two pillars: Force and legitimacy. The Internet subverts them both. As for force, think about encrypted commerce, as for legitimacy (the more important part), think about the following:

This is all the result of the Internet, and all of it undermines the sanctity and urgency of the state. And since the operators of states are not stupid, they understand the threat and are moving aggressively to conquer the Internet.


By now most readers will be aware that governments world-wide are running mass surveillance operations. For example, it has been known for years that the American NSA has been scarfing up all the Internet and telephone traffic that AT&T could provide. Wired magazine did a story on this back in 2006, and many similar stories have surfaced. Are we really to believe that Verizon, Google, Yahoo, AOL and the rest have been heroically standing up to them all the years since?

And, by the way, just one of the NSA’s new facilities (and the true number of them is uncertain) is capable of storing ten years’ worth of world Internet traffic. It can also sort and search it.

Many readers will also understand that even independent Internet Service Providers have been brought into obedience by the various national law enforcement departments. With rare exceptions, the enforcers get whatever records they want, when they want them.

The important point here is that these steps have already been taken: The battles are over and the states have won. The ISPs are under control and states are copying, saving and sorting a large portion of the world’s Internet traffic.

One other step has been the conversion of Google from a clever new company to a major cog in the state’s apparatus. I won’t spend a lot of time on this, but you really should be aware of some recent quotes from Google’s boss, Eric Schmidt:

We can predict where you are going to go Tuesday morning.

Show us 14 photos of yourself and we can identify who you are. You think you don’t have 14 photos of yourself on the internet? You’ve got Facebook photos!

The only way to manage this is true transparency and no anonymity. In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a name service for people. Governments will demand it.

Yeah, it’s that bad. Google is aggressively positioning itself to end up owning the Internet, or at least a major share of it. But, that is a long story I will pass up for the moment.


For most of this article, I’ll focus on what states are doing now. I’ll pay special attention to the US, ironically enough, because more information surfaces there, and, of course, since they are at the head of the field. But do not let yourself think that the US is special in this regard – most of the others are doing the same things.

Also please bear in mind that we will be discussing things that are planned, but not yet finalized. Some of these plans may fail. But even if they do, the record indicates that substantially all failures will be followed with vigorous new attempts.


Just a few weeks ago, the New York Times broke the news that the White House, their “Internet Czar,” the FBI and others had a new plan to wiretap the Internet. It is expected to be in front of Congress next year. This plan would force every product and service provider to redesign their products to give governments a back-door, so they can listen in whenever they want. That means that Blackberry, iPhone, Facebook, Skype and everyone else has to redesign their products. It also means that smaller operations will have to fold up: very few of them can just dump their existing systems and crank out new ones. Only the large will remain, and only if they bow to the state.

When discussing the bill, various state officials reminded reporters that everything would be “lawful.” (Which ceased being a meaningful term quite a while back, IMO.) They also claimed that providers could still give their customers strong encryption. “They can promise strong encryption,” said the FBI’s General Counsel, Caproni, “They just need to figure out how they can provide us plain text.” So, the provider must decrypt for the FBI as well.

Once such a law is in place, no service is even nominally safe, and a great many are likely to simply close. But the big, politically-connected companies will remain.

Bear in mind that once the capability is in place for the US, everyone else will jump aboard, since “the ability is already there.” And, it will also ‘be there’ for lots of crooks, who always find ways to get their hands on useful information… like back-doors into all those Blackberries. Try to imagine what you could do with all that information.


This is a recent development that will almost certainly become law. The Protecting Cyberspace as a National Asset Act gives Obama, all who succeed him, and before long almost every other ruler on the planet, an Internet “kill switch.” And, yes, this can be done.

The bill relies for its “lawfulness” on a 76-year-old piece of legislation called The Communications Act of 1934, which gives the president power to cause “the closing of any facility or stations for wire communication” in a time of war. Can you see why talk of “cyber-war” came up at the same time as this bill?

Cyber-war – to digress for a moment – is still more of a meme than a reality. Stuxnet, for example, is spread primarily with USB sticks and attacks only special devices called PLCs, which are more intelligent-motor-starter than Internet terminal. That program had to have been built and tested on other PLCs, which was a completely different operation than writing an Internet Trojan. But, back to our new law…

This law would establish a White House Office for Cyberspace Policy and a National Center for Cybersecurity and Communications, which would work with private US companies to “create cybersecurity requirements for the electrical grid, telecommunications networks and other critical infrastructure.” Any operation of the Kill Switch would be limited to 120 days, but could, of course, by extended by Congress.

Note two things about this:

  1. The technical method of implementation is not in the bill, so it can be whatever “experts” decide.
  2. The requirements will be applied to “critical infrastructure.”

We’ll cover the concept of “critical infrastructure” first and talk about implementation below. In actual fact, the utilities that are designated as critical use the primary backbones of the Internet as the central portions of their “infrastructure.” (Backbones are the very largest Internet links.) To make things worse, a special electronic technique called Multi-Protocol Label Switching (MPLS) more or less pools many backbone fibers into one large virtual fiber. So, the ability to shut something down will involve control of the larger “virtual fiber,” not just a single “bad fiber.” And, of course, the NSA will be seeing to all of this.

The bill was unanimously approved in a Senate committee in June. The likely future is for Congress to wait until something “cyber” goes wrong, then to pass it while the fear and pressure are high.

In response, civil libertarians are certain to write strong letters.


As mentioned earlier, the precise methods of switching off parts of the Internet are not specified in legislation, but will be decided by “experts.” The likely way for them to do this is with an updated version of some primary Internet software called Border Gateway Protocol(BGP).

We often say that the Internet is decentralized, which is more or less true, but it is not atomized. There are perhaps a few thousand large units called Autonomous Systems (AS) that make-up the Internet, and they relate to each other with Border Gateway Protocols.

BGP is, essentially, a type of “handshake” protocol: I acknowledge you, do you acknowledge me? Who is connected beyond you? The problem with BGP is that it is not verifiable. This isn’t a big problem – as we know, the Internet works just fine nearly every day – but on rare occasion something does go wrong. From a controller’s standpoint, however, BGP is a huge problem, because it cannot be grasped at a single point.

Enter SecureBGP (BGPSEC) Under this scheme, key exchanges between border gateway routers are involved, to verify that the other router is who it says it is. The problem here is that someone will want to be the official key creator and holder… which means the state. And the US government is working very hard to build this. (They already have a domain name version called DNSSec.)

If the key certificate authority for BGPSEC is anything like SSL certificate authorizers, then each layer of key provider will control the keys below it. That means that specific servers or groups of servers can be disconnected from the Internet within minutes. But even if that type of hierarchy is not part of the code, it is close to certain that AS groups will comply with orders, especially if disobedience means they will be shut down entirely.

So, yes, the Internet Kill Switch will work, sorry to say.


There has been a great deal of action of late by the various copyright policing groups to clamp down hard. There are even proposals to void domain names for copyright violations. Think about this from the standpoint of a network provider: If someone on your network – without your permission or knowledge – shares the wrong file, your business could be shut down. As with many such things, this is a mere annoyance for the large company who can place a fast call to a Congressman they fund; but it would be death to the small operator who does not have a powerful politician in his debt. (We should probably call this Fascistic Creep.)

Not only are states involved in this type of policing, but large contractors are running mass surveillance operations to identify file-sharers as well. One big reason for this, of course, is that media companies are in trouble, and they are far too valuable to control-types to lose. Media and advertisers are, in the final analysis, both the creators and the insertion points for ideas and images into popular discourse – thoughts that are merely adopted, rather than vetted and considered. (Another longish discourse will be passed over at this point.)

“Three strikes” is the term used to described the disconnect process usually applied to these plans. It is based on the American legal concept of “three strikes and you’re out.” On the third offense, you are disconnected for good.


This is an idea that pops-up from time to time, most recently by Microsoft. The concept is that some group is given access to every private computer and can scan them all to assure that they are “sanitary.” If they are, they get access to the Internet, if not, they are cut off. Spend a moment thinking about the power that this would give the scanning authority.

Will this become law? Probably not now, but when fear is stoked after something bad happens? It could.


Cloud computing offers some attractive features, but is also involves a serious centralization of the Internet. Rather than having millions of intelligent nodes, it brings thousands at a time into single data centers – one large handle to grab, where there were formerly thousands of small ones.

And again, this gives power to the large and politically-connected and crushes the small and independent.

Centralizing the Internet would be a horrible thing in many ways, including for Systems Administrators, 80% of whom would probably be unnecessary in a strong cloud environment.


In the past few years, anti-crypto laws have returned (more in the UK and EU than in the US). Several people are already in jail for not divulging their crypto-keys. And, in what was primarily a publicity stunt, the NSA offered massive rewards to anyone who could break Skype. (Skype was already compliant with law enforcement orders.)

This is moving forward under the name of Source Telecom Surveillance. What will become of it is unknowable at this time.


Multiple avenues of controlling every Internet user are being pursued, and many of them are quite potent.

On another side, the consumer Internet is slowly turning into a thousand new, interactive TV channels. Most of the new applications are highly insecure, which means they are either monitored already or easily could be. In effect, people are plugging into the Matrix, one convenience at a time. I know that sounds hyper-dramatic, but I know of no better way to describe the situation.

At the end of the line, we end up with a Welfare State being replaced by a Security-Industrial Complex. It looks to feature some minimal layer of welfare, lots of entertainment, and lots of fear and enforcers. In other words, a lot like life in the late Roman Empire, but wired.


I leave all of this for your consideration. I have no master plan to offer you. But the enemies of the Internet are exercising both will and action. What are we doing?


Comments (1)


Leave a Reply