In lieu of an abstract, here is a brief excerpt of the content:

8 From a news story “Desperate Botnet Battlers Call for an Internet Driver’s License”: “Internet-crime fighters from security companies, law enforcement agencies, banks and e-commerce sites huddled at a secretive conference last week to confer on new tactics in the war on cybercrime. . . . A few audience members argued seriously that computer users should have to take a test to get an Internet license, maintain botnet insurance and have their machines inspected for information-super highway worthiness.”1 The Internet’s “Security Problem” Security has become a generic watchword that signals the downside of the Internet’s openness and freedom. Security more often than not is associated with efforts to reassert hierarchy and control. If anything can reanimate the desire for the nation-state, for traditional government, surely it is the demand for security. In Internet governance, the term security now encompasses a host of problems, perhaps too many to fit properly under one word. It includes the fight against spam, viruses, and phishing. It applies to the more sinister threat of malware-infested computers organized into remote-controlled botnets that can be used to deliver spam or to execute denial of service attacks.2 It covers both unauthorized intrusion into private networks by outsiders and efforts by organizations to prevent insiders from stealing data, identities, and money. It refers to bugs in protocols and operating Security Governance on the Internet 1. Ryan Singel, “Desperate botnet battlers call for an Internet driver’s license,” Wired.com, June 4, 2007, http://www.wired.com/politics/security/news/2007/06/ bot_strategy. 2. Franklin et al. 2007; Turner 2008; van Eeten and Bauer 2008. 160 Chapter 8 systems on computers, mobile phones, and other devices that create opportunities for exploitation by clever programmers. It is also commonly used in connection with privacy rights and data protection. Somehow, all of these phenomena have come under the umbrella of Internet security discourse . But that is not all. The most challenging and expansive uses of the term come when Internet security is alleged to intersect with the military or political security of the state. The cyberattacks on Estonia and Georgia constituted realworld examples of this intersection. The Internet can indeed be used as a weapon, although its destructive force pales in comparison to missiles and tanks. Dire warnings about threats to “critical infrastructure” that might arise from cyberattacks are proliferating, often based on the flimsiest evidence .3 The drumbeat of fear provides a textbook example of what political scientists have called securitization. Securitization refers to speech acts that characterize some problem as an existential threat in a calculated attempt to justify extraordinary measures, such as the suspension of civil liberties or preemptive strikes.4 The Internet is being securitized.5 Reflecting the political mileage that securitization brings, even copyright protection and the control of illegal content are now redefined, by some, as security issues. Worse yet, there is a growing tendency to link the Internet’s security problems to the very properties that made it innovative and revolutionary in the first place. Jonathan Zittrain has contended that general-purpose computers and open networks foster not just innovation and freedom but also abuse and organized cybercrime. He worries that the Internet’s very success might push digital systems back to the model of locked-down devices and tethered, centrally controlled information appliances.6 Without question, security and securitization are becoming preeminent drivers of Internet governance. But where Zittrain and others understand both the problem and the solutions in terms of protocol designs, operating systems, and standards, this chapter argues that the real battle is being waged around institutions and organizational forms. If we look at how security is actually produced, we discover that most of the actual work is 3. Morozov (2009) picks apart an April 2009 Wall Street Journal article claiming that the U.S. electrical grid had been “penetrated by foreign spies,” noting that it quoted no attributable sources, named no utility companies, and mentioned only one actual cyberattack in Australia nine years ago that was conducted by an insider rather than an external hacker. 4. Waever 1997. 5. Deibert and Rohozinski 2009a. 6. Zittrain 2008, see especially chapter 5. [3.146.255.127] Project MUSE (2024-04-19 05:17 GMT) Security Governance on the Internet 161 done not by national states promulgating and enforcing public law, but by private actors in emergent forms of peer production, network organizations , and markets.7 Among states, the problem of cybersecurity intensifies...

Share