Internet Engineering Task Force
Vancouver, B.C., Canada
Internet security has been a focus this week for the more than 1100 engineers and technologists from around the world gathered at the 88th meeting of the Internet Engineering Task Force (IETF). As the Internet’s premier standards organization responsible for developing the foundation of services and technologies used billions of times every day, IETF participants are rethinking approaches to security across a wide range of technical areas.
“Ensuring the global Internet is a trusted platform for billions of users is a core and ongoing concern for the IETF community. Discussions over the past few months, including many in the more than 100 working group sessions this week, are carefully and systematically reviewing Internet security and exploring ways to improve privacy and other aspects of security for different applications,” said Jari Arkko, Chair of the IETF. “Internet security has many facets, and the IETF is focused on ensuring that the technical Internet protocols that it develops provide a strong foundation for privacy and security.”
“The Internet has been turned into a giant surveillance machine,” said Bruce Schneier, who spoke at the meeting’s technical plenary. “This is not just about any particular country or individual action. We need to work broadly to fix the problems of today and tomorrow.”
“At the IETF technical plenary, participants agreed that the current situation of pervasive surveillance represents an attack on the Internet,” said Stephen Farrell, one of the IETF’s two Security Area Directors. “While there are challenges isolating the specific areas of attack that IETF protocols can mitigate, all of the working groups that considered the topic have started planning to address the threat using IETF tools that can mitigate aspects of the problem.”
The Internet depends upon standards developed in an open and transparent manner. Openness allows any interested party to participate, review, critique, or question the work of others. Transparency provides visibility into all steps of the process and appropriate audit trails for inspection. Broad consensus, after review from a wide range of interests and perspectives, fosters agreement on the resulting standards.
“The IETF is taking steps to develop the technical specifications to improve the privacy and security of the Internet,” said Russ Housley, the Chair of Internet Architecture Board. “However, others need to take on the non-technical aspects that are part of a comprehensive response to mass surveillance on the Internet.”
In nearly 30 years, the IETF has published more than 4500 documents that describe standards for the fundamental technologies and widely used services on today’s global Internet. IETF participation is open to any interested individual and includes experts from industry, academia, and government from across the globe. While the work of the IETF mainly takes place online to reduce barriers to participation, its in-person meetings bring together participants three times each year at locations around the world.