Internet is the fabric of modern communication. Privacy and confidentiality are essential human rights - at the heart of both the UN Universal Declaration of Human Rights and the European Convention of Human Rights. People entrust their most private and intimate information to travel safely across the internet - to their loved ones, to journalists, politicians and lawmakers. Governments and businesses trust critical parts of their operations to the internet. The shocking revelations from whistle-blowers like Edward Snowden have made it very clear that this shared trust in the internet has been naive and undeserved, and that weak parts of the design of the internet have being systematically abused at a scale beyond comprehension. It has become very clear that the internet was - knowingly - kept incapable of handling the actual threats since the earliest days of the internet, which has put the world at risk. The ground work for pervasive surveillance now serves industrial espionage, cybercrime, and sabotage - and who knows what else. Technologies driven by data hunger rather than user needs have made the web unsafe.
The NGI initiative wants to create an Internet that deals with this severe crisis in the only way possible: move on and fix it. An internet that is non-partisan, and at its very core serves shared human values. NGI seeks to craft an internet that is resilient, trustworthy and sustainable. Part of that is preventing any systematic leaks of metadata and communication profiling of users. The following aspects related to NGI activities on confidentiality have so far been suggested and brought out by the NGI Interim Study report-
-
Routing Layer Confidentiality: The routing layer of TCP/IP Internet architecture is vulnerable against man-in-the-middle attack and passive observation. The communication pattern can be exposed even when common end-to-end encryption is used. There are known solutions to this vulnerability and need to be further investigated and developed for more confidentiality.
-
Naming System Hardening and Alternatives: The current Domain Name System (DNS) system is also vulnerable to leak user activities and behaviours to third parties. DNS is regularly used as a tool of censorship and in some cases surveillance. A dual strategy of hardening at the one end and shifting to fundamentally more secure solutions at the other is recommended.
-
Search and Discovery: One of the most problematic areas for confidentiality is search and discovery. Current search tools have shown that they leak a great deal of private information about users.
-
Provide end-user security transparency: Not every connection is the same. Users should be able to grasp the overall security situation of a specific connection.
-
Protecting users from malicious data observation: Passive observation of users by companies without their explicit knowledge and consent, which includes storing the complete browsing history of users, location data, media consumption, shopping behaviour, cross-device identification of users, stealth identification of other users in the vicinity, undisclosed audio streaming for off-site analysis, persistent identifiers, etc.
-
Develop new safe web standards: As security attacks like Rowhammer, Meltdown and Spectre prove, allowing to running unverified software on web pages poses a dire risk to the user. By standardising popular interaction patterns, users only have to passively declare the desired interaction, and do not have to bother the user with permission to run unverifiable scripts on a web page.
