Chokepoints and censorship: Protecting the free flow of information on the Internet
When flying to Beijing, you’ll likely have to take multiple flights and pass through customs to get to your destination.
If you’re searching for a Beijing hotel and visit its Chinese website, your request also travels multiple legs through internet networks, entering and exiting the territories of various countries on its way to the Chinese network hosting the website.
And like customs and border patrol, there is a potential for governments to place digital filters on information allowed to pass through borders.
Stephanie Forrest, an Arizona State University professor of computer science, is studying the potential for these checkpoints to contribute to or hinder cybersecurity and internet freedom.
The geography of the internet
The internet is a patchwork of physical networks, that is, it is a network of networks. While it seems to operate like magic — data and communications traveling around the world at near-instantaneous speeds — internet traffic has to pass from physical network locations through physical lines to get to its destination.
We understand the real-world geography of countries and the routes across their borders very well, but we don’t have a full understanding of the routes data can take between the roughly 60,000 networks that make up the internet — or the potential for and practice of government-placed controls when that traffic crosses national borders.
Any network node that internet traffic passes through when it enters or exits a country’s internal networks is called a chokepoint, and these can have big implications for internet freedom and cybersecurity.
The number of potential network chokepoints in a country reflects how easily a government could tamper with internet traffic either for cybersecurity or for repressing the freedom of communication for a country’s citizens.
Forrest, ASU computer science doctoral student Kirtus Leyba and her ASU research team are working with University of New Mexico Professor Jedidiah R. Crandall and University of California, Riverside Professor Michalis Faloutsos to develop tools and models to determine the topography of the global internet and countries’ chokepoint potential.
In a $1.4 million National Science Foundation-funded project led by Crandall to measure internet chokepoints, Forrest is helping policymakers, cybersecurity researchers and free speech advocates address issues related to internet freedom and security by providing accurate data and analyses of chokepoints.
Wild West to “1984”
The internet began as a borderless, global interconnected network of networks, but it has increasingly become divided along national boundaries as the internet is wielded as an instrument of power and control by governments, and as a vector of attack on our increasingly connected world of the internet of things and autonomous applications.
“We are interested in measuring the extent to which the internet is evolving to reflect national boundaries, with relatively few border network nodes and lots of internal network nodes,” Forrest says.
While many countries are known to be restrictive about what information is allowed to pass through their networks, we lack a worldwide view of how the internet’s network structure is changing over time, especially in ways that enable censorship and surveillance.
For certain network nodes, data known as routing tables are publicly available, showing how certain nodes talk to certain other nodes. With enough such data and by using simulation methods, researchers can infer a wider structure of how internet traffic is routed. But there are gaps in our understanding.
In another aspect of the NSF project, Principal Investigator Crandall is developing what are called side channel methods for inferring which IP addresses can talk to certain other IP addresses when data about the nodes is not publicly available.
“No one else has collected data at this scale,” Forrest says. “China isn’t necessarily going to let us install programs to measure traffic and connectivity, so how do you measure what’s going on inside of China [and other places] where information is being censored? It’s quite a technical trick to figure out a good method that will let you understand what’s going on inside the country from the outside.”
Once Forrest’s team has data to fill in a more complete map of network nodes, they need the tools to map out international network structures and potential chokepoints.
“There’s an additional step of simulating where internet traffic will actually go [through the possible paths of network nodes], and we’ve created a large (1 terabyte) data set to enable this simulation. We use this dataset to quantify the chokepoint potential of any country,” Forrest says.
Forrest’s role in the project is to model and simulate the data to determine trends and to present data in ways that make it useful for non-computer scientists.
She has studied the past decade’s shifting potential for chokepoints among countries with more and less “free” internet network architectures to those that are more restrictive, ranging from the United States, France, Germany and the United Kingdom to China, Turkey, Egypt and Russia.
The calculated chokepoint potential over time correlates with countries’ Freedom of the Net scores — the extent to which governments restrict citizens’ rights online — and other independent measures of a country’s level of freedoms.
Models of chokepoint potential per country could also change over time correlating with events that cause countries to change their stance on how open the internet should be. For example, Forrest’s team found that Turkey’s chokepoint potential rose in the past couple years, which could be due to the government’s recent moves to censor the internet during a time of political and financial instability.
A foundation for data-driven cybersecurity policy
Seeing the chokepoint potential trends over time can provide clues for how countries may be implementing censorship, or how information is being intercepted and where. This, for example, helps internet freedom advocates create tools to help journalists avoid freedom of the press restrictions.
These models can potentially help policymakers make better decisions and help them understand trends in particular countries. When she spent a year working on cyberpolicy at the U.S. Department of State, Forrest says that studies like these would have been invaluable in preparing for international negotiations related to cyberpolicy.
“Our job is to develop methods for collecting the data, then collect the data and present it in a way that is even-handed and accessible to policy-makers,” says Forrest, who is also director of the ASU Biodesign Center for Biocomputing, Security and Society.
Currently, there’s little reliable data to help assess whether a cybersecurity policy decision is likely to have its intended effect, or to see if others are following international cybersecurity agreements.
“When a tax bill comes along, economists have models in place that they can run and projections they can make about likely impacts of specific proposals,” Forrest says. “We have very little ability to do that for cybersecurity, and we need large-scale data and models to do so. The data we collected for this project is just a start.”
By the time the NSF project ends in 2020, Forrest’s team will make their data sets and analysis tools publicly available for anyone to use.