Cybersecurity Dangers of Repealing Net NeutralityPublished November 30, 2017 by Karen Walsh • 3 min read
Although discussions of the upcoming net neutrality repeal abound on the internet, the cybersecurity dangers of repealing net neutrality are less easy to find. Pundits for the repeal argue that it will strengthen the security stance by lessening DDoS attacks. Pundits against the repeal argue that net neutrality is necessary for free information to flow.
The reality is that repealing net neutrality places your customers’ information at risk, regardless of your compliance stance.
Why do proponents argue against the cybersecurity dangers of repealing net neutrality in terms of DDoS attacks?
DDoS attacks are effective because it’s hard to identify which servers are being targeted. Proponents of net neutrality’s repeal bang this drum all day long.
The reality is that narrowing the field of potential targets makes it easier for hackers to find weaknesses.
What are the inherent cybsersecurity dangers of repealing net neutrality?
Presently, companies utilize HTTPS for their websites as well as Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to protect information. The nontechnical short story here is that protecting a site’s visitors means browsers and applications have to ensure that customers are appropriately validating certificates to protect themselves.
TLS requires people browsing to authenticate themselves through code. Called a TLS Handshake, the process basically requires one computer to send a “hello” message that gets verified on the server, encrypted, and then authenticated with a “hello” from the server back to the original computer.
The cybersecurity dangers of repealing net neutrality problem lies in people’s lack of education on security. Think about the number of times that you’ve gotten an error message about an outdated certificate when logging into a WiFi network or a website. If you’re still clicking through because you’ve used the website before, you’re putting information at risk.
Repealing net neutrality would lead people into a false sense of safety because only a few providers could manage the ensuing traffic. If one provider is compromised, the average internet user would likely assume that their device is to blame or that the certificate doesn’t matter. That creates potential for a huge breach.
There’s a lot of technical information out there about end-to-end encryption. The short story: locks at both ends don’t necessarily protect you from people who tunnel in from below.
If your business is like many others out there, you’re installing firewalls and antivirus software to be in compliance with the standards governing your industry. You’re also tracking your updates to make sure that you’re using the most updated software and protecting your customers to build their trust for your brand.
What does the research show about how end-to-end encryption is not protecting against the cybsersecurity dangers of repealing net neutrality?
The research indicates that security products may actually weaken your ability to protect customers. Though they try to keep up with malicious actors, these products are unable to close the security gaps efficiently. Trying to keep up with the ongoing monitoring required by compliance and trying to staying up to date with security patches is only one way to protect information, and it is not enough in isolation. Repealing net neutrality makes this even more difficult.
Imagine the internet as a physical highway with tolls. Imagine that the only way on or off that highway is to pay a toll. No one likes tolls, so part of the population will try to find an alternative. End-to-end encryption acts as the toll at the on and off ramps of the internet highway.
Everyone who has ever tried to avoid a toll has taken backroads and gone the long way. The internet works the same way, and this is how DDoS service attacks work. If one or two side roads get shut down, it messes with only a portion of the daily travel network.
Most people who travel toll highways regularly use some kind of electronic identification card such as FastPass. In many areas of the country, cameras now scan license plate numbers and later send payment requests. This means that all toll highways are collecting personal information, in the same way that internet providers collect information about what people search for and buy.
Imagine a coordinated attack at a series of toll booths. Armed men get out of cars, holding the toll booth workers at gunpoint. They now have access to the toll computers and can access all the data inside.
Just as net neutrality allows a few broadband providers to throttle speed, it also allows those who would steal information to gain easier access to important data. By simply attacking a single endpoint or digging underneath the highway to coordinate an armed attack against toll booth workers, those malicious attackers can now gain access to information that we would all prefer remained private.
Net neutrality protects people’s rights. Small businesses don’t have the means to share their products when they need to pay a premium for the visibility of their content. More importantly, however, net neutrality protects information safety, privacy, and information by diversifying the endpoint vulnerabilities.