Brotherhood of the Internet Keys: Who Are the Chosen Seven?

July 29, 2010— -- Tolkien had his rings of power, King Arthur his round table, and now, the Internet has its own answer: a select group of seven individuals worldwide who hold keys to protect the Web after disaster.

It may sound like the plot of a science fiction movie. But Internet security experts say it's part of real effort to bolster security online.

So what if the fellowship isn't exactly secretive, or the keys aren't really keys? (They're smartcards embedded with pieces of a security code.)

The seven people chosen from different parts of the world still play a valuable role in a new system to make websites safer and less vulnerable to attack.

"It has a mythic quality to it," said Dan Kaminsky, one of the seven key holders and a prominent computer security expert.

But he added that the system makes use of a principle that goes all the way back to the Founding Fathers. The power to protect the system is split among seven people so that no one person can abuse the power, he said.

"The idea being that the only force that could bring [the key holders] together would be a legitimate force. The only thing everyone has in common is the desire for the common good," he said.

Kaminsky also said that though the seven-person structure recalls the famous fellowships of history and literature, this new brotherhood is actually, well, "quite prosaic."

Richard Lamb, program manager for the Internet Corp. for Assigned Names and Numbers (ICANN), an international Internet oversight group, said that earlier this summer his group began the launch of a new security system called DNSSEC.

DNSSEC (for Domain Name System Security Extensions) makes sure Web users reach the sites they want, and prevents cyber criminals from redirecting users to malicious websites.

To win confidence from countries, companies and individuals worldwide, Lamb said ICANN recruited 21 people from around the globe to help keep the system up and running.

Seven of them hold the "keys" to restart the system in case of disaster.

In the event of a terrorist attack or natural disaster that threatened the DNSSEC, Lamb said five of the seven keyholders would meet in one physical location. Code from the five smartcards would be combined to help re-launch the system.

"Since no one trusts anyone completely on the Internet, the only way to create a key that the Internet will trust, and therefore use, is to have no one party control it. That's the idea behind requiring the participation of international representatives from the [Internet] technical community," he said.

But though the plan conjures up images of mythical proportions -- all of cyberspace, saved by a few brave souls amid the rubble -- Lamb said the chances of the five keyholders ever convening post-crisis are pretty slim. He also said the system does not keep the entire Internet running, but rather maintains a layer of security for it.

"This is something that is only used in the extreme cases of disaster response … if the West Coast falls into the ocean and the East Coast is hit by a nuke. Only then would we call five of the seven," he said.