Just imagine the “network of all networks,” the globe-spanning Internet, becoming a loose web of tightly guarded, nearly impermeable regional or even national networks. It seems antithetical to the mythology surrounding the Internet’s power and purpose. But ongoing revelations about the extensive surveillance activities of the U.S. National Security Agency (NSA) are pushing countries like Germany and Brazil to take concrete steps in that direction.
Within the 28-member European Union, Germany is taking the lead in pushing for measures to shield local Internet communications from foreign intelligence services. That should come as no surprise. For Germans from the formerly Communist-ruled part of the country, NSA spying sparks bitter memories of eavesdropping by the Stasi, the secret police agency of the former East Germany. Because of that history, Germany has one of the strictest data privacy regimes in the world. On more than one occasion, the country has forced Google and other Internet companies to amend their data collection and usage practices.
For German chancellor Angela Merkel, the revelations are particularly disturbing: The political leader, who grew up under Stasi scrutiny, has had to deal with allegations that her own mobile phone was tapped by the NSA. She’s not amused.
“Cybersecurity is no longer a niche topic but a top priority,” Deutsche Telekom CEO René Obermann told attendees of the Cyber Security Summit late last year, in Bonn. He noted that his company battles more than 800 000 attacks a day on its networks.
A number of policymakers in Berlin and the country’s network regulator back Deutsche Telekom’s efforts to tighten security through “national routing,” says Obermann. Essentially, the concept aims to handle data generated in Germany and destined for or used by local end users by means of fiber-optic cables, routing gear, and computers within the country. The aim is to avoid sending data packets through nodes in the United States and the United Kingdom. The operator, which already offers an encrypted “Made in Germany” e-mail service and cloud service, has also suggested expanding the idea to include all 26 countries participating in the borderless Schengen Area in Europe. Deutsche Telekom already carries much of the Internet traffic in Germany via reciprocal, or peering, agreements with ISPs, with the remainder handled by an array of operators, many of them foreign-owned.
The kind of segmenting of Internet communications Obermann is talking about would require operators to have two essential components: a national peering agreement that links the Internet networks of all the service providers; and a routing table, also known as a routing information base (RIB), that describes the topology of the networks. Routing tables maintained by the operators currently contain no instructions to keep in-country packets inside the country. The operators would also need their own German-specific routing protocols, which set down how the routers communicate with each other.
Deutsche Telekom claims it has the technology and know-how and needs just three more peering agreements to be able to provide such national routing. The operator, which is also open to the idea of forming a national routing entity, says more than two-thirds of its e-mail traffic is generated and terminated in Germany, and it is pushing parliamentarians to make the needed agreements mandatory.
European governments aren’t the only ones looking to break off from what they see as American control of the Internet. The Open Root Server Network (ORSN) is an alternative network of domain name servers—machines that translate the names of Web addresses into the numbers of Internet addresses. Originally established to counter the fact that most of the domain name servers were in the United States at the turn of the 21st century, it operated from 2002 to 2008, when an expansion of the domain name server system made it defunct. But following ex-NSA contractor Edward Snowden’s revelations about the agency’s spying, the ORSN has been revived. “We’re detached from a single country, like the U.S., which still controls” the Internet Corporation for Assigned Names and Numbers, says Markus Grundmann, one of the network’s founders and coordinators.
Beyond Europe, Brazil’s president, Dilma Rousseff, is one of the most outspoken heads of state to criticize NSA practices and take action. She is pushing legislation to force Internet companies such as Google and Facebook to store local data within the country’s borders. She also wants to build submarine cables that don’t route through the United States, set up domestic Internet exchange points, and create an encrypted national e-mail service.
International operators keen to implement some sort of national or regional routing are quick to point out that the practice already exists in the United States. Nationally generated and terminated traffic is prohibited from being routed over nodes outside the country. Foreign carriers with operations in the country must sign a compliance agreement.
But is a Brazilian lockdown or a German “Internetz,” as the local media are calling it, the answer to preventing state-sponsored spying and hacking? Many industry experts have their doubts.
“A balkanization of the Internet is not the solution and runs totally contrary to the basic principles of the Internet,” says Norbert Pohlmann, president of the German IT security association TeleTrust. He points to the Internet’s ability to take advantage of global cost and capacity opportunities to route traffic.
Leslie Daigle of the Internet Society writes that the Internet “was not designed to recognize national boundaries” but rather for resiliency, which is “achieved through diversity of infrastructure: Having multiple connections and different routes between key points ensures that traffic can route around network problems and nodes that are off the air because of technical, physical, or political interference, for example.”
That said, Pohlmann argues that the Internet community still needs “a common global infrastructure that ensures a high level of IT security, even if no one can guarantee 100 percent security.” He calls on users to rely on end-to-end encryption and virtual private networks, which would make spy-agency snooping difficult.
But Jacob Appelbaum, a developer of the Tor Project, warns that even secure systems like virtual private networks can be rendered useless through misuse of so-called backdoors. Backdoors are essentially software designs in networks that allow authorities to conduct “deep packet” inspection to monitor and intercept data. The European Telecommunications Standards Institute, for instance, works closely with operators, government, and law enforcement agencies to integrate surveillance capabilities into communications networks. But many operators are concerned about how access to the backdoor “keys” is regulated, and, in the case of some equipment vendors—notably China’s Huawei Technologies Co.—about whether secret backdoors are built into network systems without operators’ knowledge.
Deutsche Telekom’s Obermann acknowledges the problem. “We need strong and secure networks in Europe,” he says. “Maybe that means we need to make the technology ourselves, or that the technology we buy doesn’t provide backdoors.”
But don’t expect intelligence forces to ever give up trying to penetrate security systems, no matter how advanced they may be, cautions Neelie Kroes, vice president of the European Commission, which is responsible for Europe’s digital agenda. “Spying is the world’s second oldest profession,” she said in Bonn. “Let’s not be naive—it won’t ever stop. We just need to be able to protect ourselves better.”