gemini://tx.decrypt.fail/sec/20201228.gmi

date : December 28th, 2020

topic : Regulation of the Internet

tags : cyber, governance, security, privacy

Wow! I setup a gemini capsule, that was fun!

Now, let's dive into a really complicated topic with the first gemlog post - Internet regulation.

Let me start out with a disclaimer: I'm not a lawyer, nor do I have a lot of knowledge about the topic of state introduced regulation. Please take the below with a grain of salt. These are just my thoughts.

There are a lot of reasons for and against the regulation of the Internet. Most of these reasons depend on the way of regulation though. Collecting all traffic and deploying encryption backdoors are obviously two examples of regulation that the majority of people that I know, would not want to see.

If you are not working in Cybersecurity, you might not see any reason to regulate the Internet yet - Let me give you some reasons that I think should at least get us started to think about how things could be regulated without impacting people's freedom nor privacy.

Reasons that call for Internet regulation:

Surveillance Capitalism is eating up our privacy

Misinformation campaigns are eating away at our democracy

Internet connected devices are sold in insecure configurations

Small and large organizations (business + others) are forced to spend millions on Cybersecurity

Cyber wars between nation states are starting to create collateral damage in the real world

I believe the above problems are real problems that need to be solved and I also believe that the consumer won't be able to solve them by change of behavior alone.

However, there are a lot of pitfalls that we need to avoid when we start regulating the Internet - Here are some that come to mind immediately:

We do not want to replace surveillance capitalism with a surveillance state.

We do not want the state to control media.

Any form of technical controls in Internet protocols and/or encryption shall be avoided.

Meta data collection (like who talks to who) shall be avoided.

OK, there is a lot we want to achieve but also a lot we don't want to do. But what could we do?

I believe the state could introduce regulation that (de-)incentivizes the economic (capitalist) drivers behind the bad behavior we want to regulate away. Here are some examples that I can think of:

One could allow data owners to charge for the right to store their data.

One could make it illegal to pay ransom related to cyber attacks.

I am obviously not a politician and also don't have a lot of background in law or state introduced regulations. So don't take any of the above as gospel. These are just my thoughts, nothing more.

Alright, let's see if I can keep up filling this gemlog in the next couple of weeks/months/years.