Driver’s licenses for the Internet
By Barbara Kiviat
I just went to a panel discussion about Internet security and let me tell you, it was scar-y. Between individual fraud, organized crime, corporate espionage and government spying, it’s an incredibly dangerous world out there, which, according to one panelist, is growing exponentially worse.
These are incredibly complex problems that even the smartest of the smart admit they don’t have a great handle on, although Craig Mundie, Microsoft’s chief research and technology officer, offered up a surprisingly simple solution that might start us down a path to dealing with them: driver’s licenses for the Internet.
The thing about the Internet is that it was never intended to be a worldwide system of mass communication. A handful of guys, all of whom knew each other, set up the Web. The anonymity that has come to be a core and cherished characteristic of the Internet didn’t exist in the beginning: it was obvious who was who.
As the Internet picked up steam and gathered more users, that stopped being the case, but at no point did anyone change the ways things worked. The Web started out being a no-authentication space and it continues to be that way to this day. Anyone can get online and no one has to say who they are. That’s what enables a massive amount of cyber crime: if you’re attacked from a computer, you might be able to figure out where that particular machine is located, but there’s really no way to go back one step further and track the identity of the computer that hacked into the one that hacked into you.
What Mundie is proposing is to impose authentication. He draws an analogy to automobile use. If you want to drive a car, you have to have a license (not to mention an inspection, insurance, etc). If you do something bad with that car, like break a law, there is the chance that you will lose your license and be prevented from driving in the future. In other words, there is a legal and social process for imposing discipline. Mundie imagines three tiers of Internet ID: one for people, one for machines and one for programs (which often act as proxies for the other two).
Now, there are, of course, a number of obstacles to making such a scheme be reality. Even here in the mountains of Switzerland I can hear the worldwide scream go up: “But we’re entitled to anonymity on the Internet!” Really? Are you? Why do you think that?
The truth of the matter is, the Internet is still in its Wild West phase. To a large extent, the law hasn’t yet shown up. Yet as more and more people move to town, that lawlessness is becoming a bigger and bigger problem. As human societies grow over time they develop more rigid standards for themselves in order to handle their increased size. There is no reason to think the Internet shouldn’t follow the same pattern.
Though that’s not to say it’ll happen anytime soon. Governments certainly have been talking to each other about this (almost by definition, any effective efforts will have to be international in nature), but even in Europe, where there is a cyber security convention in effect, only half of the Continent’s nations have signed up.
So don’t expect any changes in the short term. But do know that the people in charge—as much as anyone can be in charge when it comes to the Internet—are thinking about it.
China begins monitoring billions of text messages as censorship increases