The whole WikiLeaks story raised a few comments I want to briefly share.
First, I was amazed to see that the global organic protest for the WikiLeaks cause has led to tens (if not hundreds) of thousands voluntary downloads of the botnet malware to participate in the global DDoS attack against WikiLeaks opponents. To the best of my knowledge (please comment and correct if I’m wrong), this is the first time in security history that people around the globe deliberately infect themselves with malware to fight for a cause. This isn’t any innocent fact like a blog or a Facebook group gathering millions of supporters, we’re actually looking at a form of modern digital weapon having the potential to disrupt operations of billions of legitimate users with consequences that may go far beyond the somewhat “simple” unavailability of one service. In our services led economy, this is a major issue. Paradoxically many claim this to be some form of ethical hacking allowing the voices of the small and the under-represented to be “heard” in the name of transparency and freedom of information. In any case, never in the past has digital protesting had such a tool to cast their voices. How this whole story unfolds and what position governments will take will be highly interesting to follow. We may actually be at a historical turning point of the Internet. Will we one day remember the Internet before 2011 as B.W. (before WikiLeaks) ? Hopefully not. Feel free to jump in and comment…
The second point I couldn’t help thinking about in connection with the WikiLeaks issue is the whole debate about “responsibility” and Ethics. Corporate Social Responsibility (CSR) has been around for a while now. It is being taught in almost every business school and in specialized master programs. Likewise, Compliance issues have led to a growing importance of regulatory frameworks following many financial scandals such as Enron, Worldcom, Martha Stewart, etc. More recently, the issue of a global financial crisis emerged and kind of vanished without actually being really addressed. Would we even be talking about this if people were more responsible and accountable for their actions ? Would WikiLeaks have even existed ?
So, the point is the following : both issues mentioned above relate to problems that have become global in their very nature and for which traditional remedies and approaches cannot apply any more (territorially bound legislation, global treaties, UN, centralization).
Internet Governance and Net Neutrality will require new approaches. Maybe not as technological and / or legal as one may think. Responsibility and accountability might be part of the equation. Acknowledging and taking into account the human factor appears to be the most promising direction to address many such problems. Eventually, it could even prove to be a major source of Empowerment for people in their roles and duties. This is the exact point that led me to consider managing exceptions in information security which may sounds totally counterintuitive at first sight (at least from a traditional point of view), but holds a lot of value when assuming people are : free moral actors, responsible; and technology is used to help and empower them rather than something to be circumvented in order to get the job done.