Sunday, January 31, 2010

Why Internet driver's licenses is a very bad idea

UN agency calls for global cyberwarfare treaty, ‘driver’s license’ for Web users

"The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency warned Saturday.

Craig Mundie, chief research and strategy officer for Microsoft, said "there are at least 10 countries in the world whose internet capability is sophisticated enough to carry out cyber attacks ... and they can make it appear to come from anywhere."

"People don't understand the scale of criminal activity on the internet. Whether criminal, individual or nation states, the community is growing more sophisticated," the Microsoft executive said.

He also called for a "driver's license" for internet users.

"If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

Andre Kudelski, chairman of Kudelski Group, said that a new internet might have to be created forcing people to have two computers that cannot connect and pass on viruses. "One internet for secure operations and one internet for freedom."

As with other major problems that our generation has faced and been duped over, here we are with yet another, only this one may well turn out to the worst of the lot.

It's been a no-brainer for some time that there would be a movement towards positive identification to use the Internet. The question really was “when?”. Unfortunately, the answer is on the horizon: soon.

First, terminology. The words “driver’s license” are a curve ball. The real words are “positive identification”, an undeniable link between people and transmissions over the net.

Why is this such a monstrously bad thing? It’s because positive identification adds the missing ingredient to what's being collected in the “data mountain” behind the super-computers that record Internet traffic in real time already: a precise link-back to specific, individual people who entered that data, as well as the data itself, whatever it is. This amounts to a data collection exercise the likes of which even we struggle to comprehend, but when we really think about it we realize that “yeah, that could happen”. I’ve read testimony that it is happening, and I’m familiar enough with ‘big iron’ to reach my own conclusion (“that there is no doubt whatsoever about it”).

Of course, no sooner are words like these spoken then the God-fearing, upstanding, self-righteous citizen instantly jumps up to ask “What’s so bad about that? If you have nothing to hide, why are you worried?”

Here’s why that’s so bad: since we’re already looking slightly into the future, let’s turn it’s face another way, and see the part where it “just turns out, by pure chance” that some (a few) people will have access to the data mountain, and others (most) wouldn’t, for “security reasons”, of course.

Now do you remember the adage about “he who runs the information runs the show”? Think: If you had an adversary, for whatever reason, and that person has access to the mountain, and as a result knows more about you then you do, but you do not have that access, who has the advantage?

In a world like that, even Gandhi himself wouldn’t have a chance to grow old enough to lead anyone. The fact is that nobody walking today can throw the first stone at anyone else - if all the facts were known. The thought police would have had him locked up for life at a very early age, and certainly by the time he was ready to lead.

If you want to talk about power, there you have it.

And yes, I’m particularly worried. I have nothing but disdain for those with the power today, they who have already destroyed would could have been - and they aren’t finished. The very last thing we need is to keep feeding them, yet that’s exactly what we’re doing.

You, I and every one of us should be working on this problem BEFORE attacks get to the point where people give in and accept anything that works. If we do that, it will be too late.

To explore alternatives, I realize that the OS is center stage, but it seems that Microsoft is incapable of making Windows secure. So I’ve been thinking that maybe VM can handle the problem. At least by virtualizing Windows, attacks can be repelled by rebooting Windows, so long as the VM itself is secure. There may still be problems, but nothing like those we’re hit by today, which involve programming installed on our computers from anywhere. Unfortunately, I’ve discovered that a capable version of VM is too expensive to burden myself and clients with.

Complimentary to a technology solution is getting the police to do their job and bring these criminals to justice. Yes, of course that means an international, UN based effort. But it’s already that. This missing parts are the direction and the will.

Realizing we may never have a perfect solution to this problem, we can - and must - forestall what appears to a consensus forming in the direction of positive identification (aka “driver’s licenses”).

It’s reasonable to expect the industry and the powers-that-be to back the positive identification track, because they will one way or the other be beneficiaries, they’ll see to that. But ordinary people need a better solution then one that will become yet a monster.

What we need to realize now is that what will NOT work is continuing to pay extortion/protection to so-called “anti-virus” software makers. At first their “protection” worked, but the attackers have gotten more sophisticated. It’s easy to see people in groups strapping on harness/frameworks when they start their day, just like we do. Imagine your framework having the ability to create destructive programs, each rendition with slightly different code, by the hundreds - or thousands? And suppose you’re just one of many.

It may be well be true that we are the builders (the good guys) and they are the destroyers (the bad guys), but let’s not make the mistake (again) of underestimating our adversary. These people share the power of these machines and networks, they are every bit as “smart” and “clever” as we are, and some of them are highly motivated with religious fervor.

Update: Just read this:
The Value of Government Surveillance of Citizens by Jacob G. Hornberger

"As it turns out, the U.S. government, operating through the NSA in cooperation with U.S. telecoms, was secretly recording countless telephone conversations of countless Americans for an extended period of time. The recordings of those conversations are now in the permanent databases of the NSA and possibly other government agencies.

What better way to keep an entire populace subdued, subservient, and obedient?

People who are now tempted to, say, join a Tea Party protest movement now have to factor in their deliberations the fact that the government potentially has some very incriminating or embarrassing information that it could use against them in retaliation.

How could the government use that type of information against someone? Simple — by simply leaking it to a favored journalist, who proceeds to share the gossip with others until it begins to percolate within society, in much the same way that U.S. officials ensured that people found out that Valerie Plame worked for the CIA. "

Update: Enemies Of Free Speech Call For Internet Licensing by Paul Joseph Watson, Alex Jones & Steve Watson

" “Don’t be surprised if it becomes reality in the near future,” writes ZD Net’s Doug Hanchard. “Every device connected to the Internet will have a permament license plate and without it, the network won’t allow you to log in.”

The graphic below illustrates how you would be blocked from using the Internet if your device had not obtained government permission to access the network."


1 comment:

lelandj said...

The internet is world wide, (eg www). It seem it would be difficult getting the consensus needed to enact a credential system required to connect to the internet; because, the world is so full of diversity.

In countries like the USA there is a Constitution that protect the private information of citizens, which would make collecting personal information by www credentials illegal.

Remember, the internet is not owned or operated by a single company or authority. It grew piecemeal into what it is today over a long period of time. The laws of the various jurisdictions encompassing the www are specific to the many cities, states, and countries around the world, so it would be difficult to standardize a www credentials system.

I expect those in a position to get away with crimes will acquire their information in the old fashioned way, by kidnapping citizen, torturing them for information, and then killing them. The information provided by the kidnapped victim will be used to round up the next batch of enemies of the perpetrator.