View gallery

IFIP statement on intentional weakening of security and trust mechanisms in ICT and the Internet by government agencies and other major actors

Raymond Morel

Profile

Friends

Friends of

Blog

Files

Pages

Raymond Morel

Raymond Morel
3804 days ago

From International Federation for Information Processing  (IFIP)

•  The leading multinational, apolitical organization in Information &  
Communications Technologies and Sciences.
•  Recognized by United Nations and other world bodies.
•  Represents IT Societies from 56 countries/regions, covering five continents with a total membership of over half a million.
•  Links more than 3500 scientists from Academia & Industry. Over 100 Working Groups and 13 Technical Committees.                                  
                                                     

                                                                         http://www.ifip.org/
                                                   

IFIP statement on intentional weakening of security and trust mechanisms in ICT

and the Internet by government agencies and other major actors

(motion accepted by the IFIP General Assembly members, e-voting on the 14th of November 2013)

IFIP has followed the recent reports about security weaknesses in ICT (Information and

Communication Technology) and the Internet with great concern. There is reason to believe that

major practical pillars of trust in the Internet, e.g. the trustworthiness of relevant communication

nodes and the security of cryptographic implementations in the web such as SSL, are being

intentionally weakened in a systematic way at the behest of government organizations and other

major actors in the field. This is endangering and undermining the fabric of the Internet and the

Information Society, and contradicts the claim of those actors to be trusted with e.g. sensitive

personal information. Moreover, any deliberately introduced weakening or backdoor is equally

exploitable by (ostensibly) legitimate and illegitimate third parties alike.

 

We know that we do not live in a perfect world: Technology is never perfect and has too many

inherent weaknesses anyway, while its complexity makes it hard to find errors and detect attacks.

However, the scale and dimension of intentional weakening of ICT infrastructures and protection

mechanisms by actors, who claim to be trustworthy, is astonishing and disturbing. It has undermined

many trust assumptions, and has also unnecessarily endangered the security of infrastructures and

systems that could be of better quality even by today’s state of the art.

 

This means we must now be specifically critical, whenever we get answers such as “Trust us” instead

of thorough and open explanations of the described attacks. The same requirement to be critical

holds for any ICT functionality and assurance. Any different behavior multiplies the risk that lowering

of trust in ICT and the Internet may turn into a loss of trust in the ICT profession itself.

 

As IFIP members and ICT professionals we know that we will need to be more critical, and to work

harder for steps towards the goal of ICT systems that users can safely trust in with the protection of

their data. Based on experience the most important aspects are:

• A stop on government-sponsored measures that are intentionally weakening the security
  mechanism of ICT and internet technologies;
• Open and frank descriptions, explanations, and discussions of current and future weaknesses,
  e.g. on the steps that have been taken to prevent illegitimate exploitation, and a pause,
  while the implications of the weaknesses become better understood;
• An open trust infrastructure, that resists dominati on by major players;
• Transparency of ICT and the related infrastructures and operation procedures, .e.g. if the risk
  calculation employed says that the cost of the increase in fraud is worth the increase in security;
• Implementation of protection mechanisms that users can really control;
• An infrastructure of independent institutions to assess the security and reliability of complex ICT.

 Interested parties are invited to get in touch with IFIP (mailto:ifip@ifip.org).

« I welcome such initiatives from IFIP. They no doubt contribute to the basic objectives of IFIP and will demonstrate to outside that we are really in phase with the fast development of the society.
I sincerely hope the motion will pass and suggest that, immediately after its approval, a wide publicity be made in as many Newspapers and professional Journals as possible.
IFIP must continue to be the leader in all ICT areas and such actions are basic for its future leadership. »

Comment from Prof. P.-A. Bobillier, past IFIP President

                                                                       during the e-voting ending on 14th of November 2013

 

 « The reports about security weaknesses in ICT and the Internet and the subsequent discussions about trust mechanisms and trusted parties have motivated IFIP to issue a statement on the topic. IFIP with its diverse international structure of around 50 member societies is not the body that issues statements on current issues lightheartedly, but the seriousness of the issue led to a clear statement, accepted by it's General Assembly. IFIP realizes that such a statement can only be the beginning of work on the issues and will seek cooperation between it's technical bodies and it's member societies to do this work, wherever possible also with other interested parties. »
                                                                                             Comment ot the top of IFIP after the vote

                                                                                                                         End of November 2013

Download this