Fighting Internet Spam in Brazil Historical Overview and Reflections on Combating Spam and Managing Port 25, Coordinated by the Brazilian Internet Steering Committee
Total Page:16
File Type:pdf, Size:1020Kb
1 CGI.br BOOK SERIES Studies Fighting Internet spam in Brazil Historical overview and reflections on combating spam and managing port 25, coordinated by the Brazilian Internet Steering Committee Edited by Cristine Hoepers Henrique Faulhaber Klaus Steding-Jessen This work is licensed under a Creative Commons Attribution 4.0 International License. <http://creativecommons.org/licenses/by/4.0 Brazilian Network Information Center (NIC.br) Edited by Cristine Hoepers Henrique Faulhaber Klaus Steding-Jessen Report and interviews performed by Carlos Affonso Pereira de Souza Marilia de Aguiar Monteiro 1 CGI.BR BOOK SERIES Studies Fighting Internet spam in Brazil Historical overview and reflections on combating spam and managing port 25, coordinated by the Brazilian Internet Steering Committee Brazilian Internet Steering Committee (CGI.br) 2017 Brazilian Network Information Center (NIC.br) Chief Executive Officer Demi Getschko Chief Advisory Officer Hartmut Richard Glaser Chief Financial Officer Ricardo Narchi Chief Technology Officer Frederico Neves Director of Special Projects and Development Milton Kaoru Kashiwakura Advisory Team to the CGI.br Activities Administrative Advisors Paula Liebert, Salete Matias Technical Advisors Carlos Francisco Cecconi, Diego Rafael Canabarro, Jamila Venturini, Jean Carlos Ferreira dos Santos, Juliano Cappi, Marcelo Oliveira, Nathalia Sautchuk Patrício, Vinicius Wagner Oliveira Santos Concept & Production Coordinators Cristine Hoepers Henrique Faulhaber Klaus Steding-Jessen Report and interviews Carlos Affonso Pereira de Souza Marília de Aguiar Monteiro Executive and Editorial Coordination Carlos Francisco Cecconi and Juliano Cappi Editorial Production Caroline D’Avo and Everton Rodrigues (Comunicação NIC.br) Editorial support for this edition Jamila Venturini Jean Carlos Ferreira dos Santos Juliana Nolasco Translation to English Linnguagem Idiomas English revision Juliana Nolasco Desktop publishing and illustrations Papel Moderníssimo e Pilar Velloso Pictures Omar Paixão, Gettyimages e Istockphoto This publication is available in digital format at the URL <http://www.cgi.br> Dados Internacionais de Catalogação na Publicação (CIP) (Câmara Brasileira do Livro, SP, Brasil) Fighting Internet spam in Brazil - Historical overview and reflections on combating spam and managing port 25, coordinated by the Brazilian Internet Steering Committee / Núcleo de Informação e Coordenação do Ponto BR; [tradução Linguagem Idiomas]. –– São Paulo : Comitê Gestor da Internet no Brasil, 2017. -- (Cadernos CGI.br estudos) Título original: Combate ao spam na Internet no Brasil : histórico e reflexões sobre o combate ao spam e a gerência da porta 25 coordenados pelo Comitê Gestor da Internet no Brasil Vários colaboradores. Bibliografia. ISBN: 978-85-5559-036-8 1. Internet – Medidas de segurança 2. Políticas públicas – Brasil 3. Redes de computadores – Medidas de segurança 4. Spam (Mensagem eletrônica) – Combate I. Núcleo de Informação e Coordenação do Ponto BR. II. Série. 17-00738 CDD-005.8 Índices para catálogo sistemático: 1. Segurança de redes de computadores : Combate ao spam : políticas de Internet : Brasil 005.8 Brazilian Internet Steering Committee (CGI.br) Composition as per december 2016 Committee members Representatives from the Federal Government Carlos Roberto Fortner Francilene Procópio Garcia Franselmo Araújo Costa Igor Vilas Boas de Freitas Luiz Carlos de Azevedo Luiz Fernando Martins Castro Marcelo Daniel Pagotti Marcos Vinícius de Souza Maximiliano Salvadori Martinhão Representatives from the corporate sector Eduardo Fumes Parajo Eduardo Levy Cardoso Moreira Henrique Faulhaber Nivaldo Cleto Representatives from the third sector Carlos Alberto Afonso Flávia Lefèvre Guimarães Percival Henriques de Souza Neto Thiago Tavares Nunes de Oliveira Representatives from the scientific and technological community Flávio Rech Wagner Lisandro Zambenedetti Granville Marcos Dantas Loureiro Internet Expert Demi Getschko Coordinator Maximiliano Salvadori Martinhão Executive Secretary Hartmut Richard Glaser Preface by HENRIQUE FAULHABER “Initiatives to improve cybersecurity and address digital security threats should involve appropriate collaboration among governments, private sector, civil society, academia and technical community” NETmundial Multistakeholder Statement, São Paulo – 2014 Dear reader, his publication aims at reporting the efforts of the Brazilian Internet Steering Committee (CGI.br) and several people and organizations on fighting spam in Brazil since 2004. The unsolicited mass messages that reach our e-mail boxes represent a challenge Tfaced by users, companies and by the entire access infrastructure and Internet services value chain. The Anti-Spam Working Commission (CT-Spam), created within the scope of the Brazilian Internet Steering Committee (CGI.br) in 2004, aimed at the creation of a national strategy to address the problem of spam. Because spam is a major vehicle for malicious code distribution and a serious threat to the security of the Internet, CERT.br was a key player in the success of CT-Spam. The importance of this publication is not just because it is a documentary approach to the activities carried out over the last 10 years in the combat of a particular problem. This report is valuable not only for purposes related to the combat of SPAM; by unveiling the process behind CT-SPAM, it also uncovers one of the main tasks of CGI.br: the multistakeholder coordination of actors in the development of a national Internet policy. Many challenges still lie in the way of effective collaboration in the field. Education and engagement of decentralized groups, including governmental actors still go through obstacles. Among them, the difficulty of understanding the complexity of collaboration through various skills and of leaving behind en- 9 trenched management frameworks in favor of a multistakeholder mode of engagement that can be more innovative and inclusive. This work went far beyond removing Brazil from the top posi- tions of global lists of spammers. It is the result of a combination of security, freedom and network governance dynamics and col- laborative dialogue between different decision makers. Henrique Faulhaber Board Member at CGI.br 10 11 Contents 15 I Report: The brazilian experience of port 25 management 16 Introduction 25 Brief history of CT-Spam war on spam 35 Port 25 management 45 Legal and regulatory issues 57 A multistakeholder model for public policies management 64 Conclusions 69 II Interviews 70 Henrique Faulhaber 81 Cristine Hoepers Klaus Steding-Jessen 96 Demi Getschko 105 Carlos Afonso 111 Marcelo Bechara 120 Eduardo Parajo 126 Rubens Kuhl 129 Eduardo Levy 134 Danilo Doneda 143 Jaime Wagner 148 Marcelo Fernandes 14 I Report The brazilian experience of port 25 management 15 Introduction Issues related to communication networks security have assumed critical importance on a national and international scale, while com- munication and information technologies have become essential el- ements for the attainment of rights such as freedom of expression and the expansion of access, either in terms of public policies or as intrinsic processes to various productive chains. Given that networks significantly affect the Internet, and the daily affairs of citizens, businesses, and government, different ac- tors legitimately focus their efforts on ensuring network safety and confidence. None the less, such issues exhibit different levels of political, technical, regulatory, economic, and social complex- ity. Part of this complexity derives from the very nature of the Internet: regulatory choices, business, decisions and even legal actions on net safety should always take into account the global nature of the network, as well as considerations abo ut its interop- erability and the participation of different actors. The majority of threats to network security has a systemic com- plexity, involving different actors at the same time. Therefore, co- operation between such different actors stands as the best effort for detecting and mitigating the effects of these threats. Such complexity is not different from threats posed by spam, which, by in turn, also have peculiarities that do communicate, from time to time, with the development of network security practices. Fighting spam has been currently discussed in forums on In- ternet governance and regulation for the past 15 years. Factors leading to such a persistent theme are as varied as the ways to investigate the problem, once efforts to discourage spamming can be implemented through perspectives of technological, legal, po- litical and social natures. The aim of this paper is to present the coordinating work performed by the Brazilian Internet Steering Committee (CGI.br) in a project known as “Port 25 Management” as a successful case study in which initiatives pointing to multis- takeholder collaboration are referred to as the best strategy for facing cyber security themes. Various initiatives on the national and international level, as well as in the international forums, advocate cooperation among different actors as a means for combating outbreaks and mini- 16 mizing threats. The Netherlands have the Dutch Cyber Security Council, comprising 15 members from the government, scientif- ic community, private sector, and industry. The Council acts by itself or on behest of civil society or the government, and is re- sponsible for implementing the Dutch Domestic Cyber Security Strategy. In 2013, the Dutch Council published a best-practices recommendation