Transit providers pose a threat to internet privacy and can cause serious cybersecurity issues
By ARYAMAN BHATIA — science@theaggie.org
Researchers at UC Davis have published a paper explaining how autocracies control the internet through transit providers, which are largely unknown to the public.
“Recent years have seen an increase in governmental interference in digital communication,” the study reads. “Most research on this topic has focused on the application level, studying how content is manipulated or removed on websites, blogs or social media. However, in order for governments to obtain and maintain control of digital data flows, they need to secure access to the network infrastructure at the level of internet service providers.”
In non-autocratic states, people access content on the internet first through access providers, such as Comcast, and then to content sources, such as Facebook and Google. However, the internet in autocratic states must go through an intermediary, known as a transit provider, before people access content sources.
Alexander Gamero-Garrido, UC Davis assistant computer science professor, provides an explanation into how these transit providers are detrimental to internet privacy and decentralization.
“The first reason is that people don’t know about them,” Gamero-Garrido said. “They don’t have a contract with users. For example, if I told you the name Level 3, which is a pretty important transit provider in the United States, you wouldn’t probably know about them because they’re just not highly publicized.”
Gamero-Garrido also mentioned that this centralization of the internet leads to cybersecurity risks.
“It actually also creates a kind of risk to the country, because if a foreign adversary takes control of this transit network — let’s say that they run a phishing campaign — and they obtain the administrative password of [the] network administrator, then they might be able to observe or disrupt the connection to the entire country,” Gamero-Garrido said.
Phishing is a deceptive cyberattack technique in which attackers impersonate legitimate entities to trick individuals into revealing sensitive information or performing actions that compromise security. By bringing out these statistics, the team hopes to bring changes in the centralization of the internet.
“We hope that revealing this information will exert some pressure on the governments that are really overtly [centralizing] the infrastructure of their countries, which is exposing them to risks,” Gamero-Garrido said.
Gamerro-Garrido also stated methods to help internet users protect their privacy, including the use of Virtual Private Networks (VPNs) and proxy services, which are tools that enhance online privacy and security by encrypting internet connections and masking IP addresses.
“I think the impact on ordinary people’s lives can be enormous,” Gamero-Garrido said. “As computer scientists, we benefit a lot from the fact that our field is growing.”
Written by: Aryaman Bhatia — science@theaggie.org