London Bridge isn’t falling, but it seems that a “Great Firewall of Britain” might be going up. Ciaran Martin, CEO of United Kingdom’s new cybersecurity watchdog, National Cyber Security Centre (NCSC), announced plans for a government/industry formed DNS firewall to protect government and core industry internet interests at the Billington Cyber Security Summit in Washington DC earlier this week. The NCSC was formed by government mandate and though it expressly includes the private sector, the NCSC still answers to the GCHQ. They even have the stated goal of “making the UK the safest place to live and work online.” It’s all eerily similar to the verbiage used by China’s Ministry of Public Security, which was responsible for the creation of the Great Firewall of China.
Martin explained the NCSC’s planned firewall at the DC event:
“We’re exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?”
What exactly constitutes a “bad address?” The UK is attempting to build this Great Firewall of Britain quickly; the GCHQ wishes to build out this powerful, DNS level censorship tool and bill it as a simple social good project. How would Americans react if the NSA tried to build such a thing?
The “Great Firewall of Britain”
Many are calling the proposed plan the “Great Firewall of Britain” after the Great Firewall of China, which keeps companies like Google out of China. In its current, nascent form, the Great Firewall of Britain isn’t quite yet “viewable from cyberspace” like its Chinese cousin; however, the two are clearly cousins by blood. Seeing as how China currently exports its Great Firewall technology to countries such as Cuba, Zimbabwe, and Belarus… So it’s even possible that bits and pieces of the Great Firewall of China actually end up in the new Great Firewall of Britain.
The UK private sector, with the permission and encouragement of the government, has already proven to be overzealous in their website blocking – as evidenced by overreaching blocks on pornography and torrent websites in recent years.
NCSC tries to justify a “Great Firewall of Britain”
Martin claims that the government currently faces 200 national security threatening cyber incidents per month, up by double from last year and expected to grow month by month. A lot of these logged cyber incidents might not even be full on attacks; instead, they could be probes for weaknesses in preparation for a larger and more coordinated attack. Bruce Schneier has also warned of an uptick in “cyber incidents” that he thinks might be meant to “learn how to take down the internet.”
Even in the face of such threats, a giant firewall is still not the answer. A “Great Firewall of Britain” would become a target for abuse from both sides – resulting in a loss of usability and security for the average UK citizen. Jim Pollack, an activist from London based Open Rights Group, voiced potential concerns about a Great Firewall of Britain:
“Even if we trust ISPs and governments not to abuse their extending powers of censorship, we ought to be worried that GCHQ is proposing at least one security measure which undermines international efforts to improve the integrity of the internet and thereby its security”
Open Rights Group is right. Allowing the government and the most moneyed of private industry participants create a country-wide firewall enforced by every UK ISP is a great security flaw ripe for rife abuse. Such a creation would inevitably be used for censorship or some other obstruction of basic rights. We have already seen the information gap and rampant censorship that has resulted from the Great Firewall of China. Let’s not sit by idly while the same gets built up in the UK.