Modern field guide to security and privacy

Net neutrality could hinder efforts to safeguard Web, worry security experts

Some security experts are concerned that newly adopted net neutrality rules will limit broadband providers' abilities to limit malicious traffic and spam, thus slowing down progress toward a safer Internet.

Pablo Martinez Monsivais/AP
Federal Communications Commission chairman Tom Wheeler pushed for stronger net neutrality rules. After the agency voted Thursday to approve net neutrality, security experts worried the decision could hurt Internet providers abilities to limit spam and malicious traffic.

Some security experts worry Thursday’s net neutrality ruling could limit broadband providers when it comes to rooting out malicious Internet traffic. 

In a decision welcomed by consumer advocates, tech companies, and digital rights groups, the Federal Communications Commission voted by a 3-2 margin to begin classifying broadband as a utility. 

In essence, the ruling classifies Internet service providers, or ISPs, as public utilities such as phone companies. It prohibits providers from creating Internet "fast lanes" to deliver any Web content faster for a fee – or slowing down traffic based on content. 

But problems may arise if ISPs start equating net neutrality with “common carrier” status, says John Pescatore, director of emerging security threats at the SANS Institute in Bethesda, Md.

Phone companies still operate under common carrier status and are prohibited form treating calls differently based on where they come from, who is calling, or what might be said on the call. As common carriers, phone companies are prohibited from looking into the content of what they transport.

The downside is that phone companies do nothing to filter out bad or annoying calls. It took a separate law to get them to allow a Do Not Call List, Mr. Pescatore says.  

“Net neutrality has not been defined the same way,” he says. “But it is likely the ISPs will treat it that way and make absolutely no progress toward filtering out bad stuff before it reaches the end user,” he says.

Unless the FCC specifically dictates that ISPs must take specific measures to control bad traffic, net neutrality could slow down some of the progress providers have made ensuring a safer Internet, says Pescatore.

While net neutrality supporters view Thursday's ruling as vital to ensuring a free and open Internet, much depends on how the rules are interpreted, says John Bambenek, founder of Bambenek Consulting, a cybersecurity firm in Champaign, Ill.

For instance, he says, there is a potential the rules could create gray areas with regard to the use of certain traffic inspection tools used by providers to filter out malicious traffic and spam. Anything that would impose a ban on traffic throttling without accommodating provisions for handling spam or botnet traffic could create a problem for users, Mr. Bambenek says.

The reality is that not every bit of traffic that flows on the Internet is equal, he says. For instance, a lot of content that is malicious or spam can often consume a disproportionate amount of network resources. An indiscriminate ban on traffic throttling without clear language accommodating these issues could result in a less secure Internet, he said.

“My concern is that the FCC doesn’t understand these technical nuances well enough to avoid collateral damage," says Bambanek. “There is a lack of real understanding of how this thing works.”

Those types of concerns about net neutrality aren't new, and many of its most ardent supporters have tended to dismiss the security concerns associated with open internet provisions. 

“While ISPs could use [net neutrality rules] as an excuse to become lax when it comes to security, they were under no obligation to do anything regarding security before they were reclassified, either,” says Jeremy Gillula, staff technologist at the Electronic Frontier Foundation. “They could use it as an excuse, but it would be just that, an excuse."

In addition, the general understanding is that the new rules do provide for reasonable network management, including for security. Gillula says there’s little reason to believe that broadband companies will be forbidden from making their networks secure.

“With that said," says Gillula, "I'm not sure many people would want ISPs looking at the contents of their packets in the name of filtering out bad stuff.”

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.