Brotherhood of the Internet Keys: Who Are the Chosen Seven?

July 29, 2010— -- Tolkien had his rings of power, King Arthur his round table, and now, the Internet has its own answer: a select group of seven individuals worldwide who hold keys to protect the Web after disaster.

It may sound like the plot of a science fiction movie. But Internet security experts say it's part of real effort to bolster security online.

So what if the fellowship isn't exactly secretive, or the keys aren't really keys? (They're smartcards embedded with pieces of a security code.)

The seven people chosen from different parts of the world still play a valuable role in a new system to make websites safer and less vulnerable to attack.

"It has a mythic quality to it," said Dan Kaminsky, one of the seven key holders and a prominent computer security expert.

But he added that the system makes use of a principle that goes all the way back to the Founding Fathers. The power to protect the system is split among seven people so that no one person can abuse the power, he said.

"The idea being that the only force that could bring [the key holders] together would be a legitimate force. The only thing everyone has in common is the desire for the common good," he said.

Kaminsky also said that though the seven-person structure recalls the famous fellowships of history and literature, this new brotherhood is actually, well, "quite prosaic."

Richard Lamb, program manager for the Internet Corp. for Assigned Names and Numbers (ICANN), an international Internet oversight group, said that earlier this summer his group began the launch of a new security system called DNSSEC.

DNSSEC (for Domain Name System Security Extensions) makes sure Web users reach the sites they want, and prevents cyber criminals from redirecting users to malicious websites.

Five of Seven 'Keyholders' Needed to Re-Start Security System

To win confidence from countries, companies and individuals worldwide, Lamb said ICANN recruited 21 people from around the globe to help keep the system up and running.

Seven of them hold the "keys" to restart the system in case of disaster.

In the event of a terrorist attack or natural disaster that threatened the DNSSEC, Lamb said five of the seven keyholders would meet in one physical location. Code from the five smartcards would be combined to help re-launch the system.

"Since no one trusts anyone completely on the Internet, the only way to create a key that the Internet will trust, and therefore use, is to have no one party control it. That's the idea behind requiring the participation of international representatives from the [Internet] technical community," he said.

But though the plan conjures up images of mythical proportions -- all of cyberspace, saved by a few brave souls amid the rubble -- Lamb said the chances of the five keyholders ever convening post-crisis are pretty slim. He also said the system does not keep the entire Internet running, but rather maintains a layer of security for it.

"This is something that is only used in the extreme cases of disaster response … if the West Coast falls into the ocean and the East Coast is hit by a nuke. Only then would we call five of the seven," he said.

ICANN: Keyholders Would Only Be Called in Extreme Disaster Situations

Still, he said the seven individuals were carefully chosen to make sure different parts of the world were represented.

In addition to Kaminsky, who was chosen from the United States, other members of the modern-day fellowship include Paul Kane from the U.K., Bevil Wooding from Trinidad and Tobego, Jiankang Yao of China, Moussa Guebre from Burkina Faso, Norm Ritchie of Canada, and Ondrej Sury of the Czech Republic.

Lamb said ICANN chose them because of their technical expertise but that all volunteered to take part in the program. He also said that membership in the high-tech club isn't for life. While ICANN is still figuring out details, he said they hope to cycle through different members of the technology community.

Domain Name System Consulted Up to a Trillion Times a Day

Kane, an entrepreneur based at the U.K.'s University of Bath, told the BBC he was excited to be part of the program.

"It's an honor for Bath to be one of the locations for the 'keys to the internet' and it is an acknowledgement of the strength of our region and the individuals who live here in global Internet security," he said.

The domain name system stores Internet addresses and, according to ICANN, is queried up to a trillion times a day by the 1.8 billion Internet users around the world.

In a Wednesday press conference, the organization announced that the DNSSEC marked a new generation of cyber security systems.

"A cyber criminal can steal your money or your personal data without you even knowing it. Cyber crime doesn't respect national boundaries," Rod Beckstrom, President and CEO of ICANN, said in a statement. "This upgrade will slam the door in the face of those around the world who hope to exploit this crucial part of the Internet infrastructure to steal from unsuspecting people."