I just went to a panel discussion about Internet security and let me tell you, it was scar-y. Between individual fraud, organized crime, corporate espionage and government spying, it’s an incredibly dangerous world out there, which, according to one panelist, is growing exponentially worse.
These are incredibly complex problems that even the smartest of the smart admit they don’t have a great handle on, although Craig Mundie, Microsoft’s chief research and technology officer, offered up a surprisingly simple solution that might start us down a path to dealing with them: driver’s licenses for the Internet.
The thing about the Internet is that it was never intended to be a worldwide system of mass communication. A handful of guys, all of whom knew each other, set up the Web. The anonymity that has come to be a core and cherished characteristic of the Internet didn’t exist in the beginning: it was obvious who was who.
As the Internet picked up steam and gathered more users, that stopped being the case, but at no point did anyone change the ways things worked. The Web started out being a no-authentication space and it continues to be that way to this day. Anyone can get online and no one has to say who they are. That’s what enables a massive amount of cyber crime: if you’re attacked from a computer, you might be able to figure out where that particular machine is located, but there’s really no way to go back one step further and track the identity of the computer that hacked into the one that hacked into you.
What Mundie is proposing is to impose authentication. He draws an analogy to automobile use. If you want to drive a car, you have to have a license (not to mention an inspection, insurance, etc). If you do something bad with that car, like break a law, there is the chance that you will lose your license and be prevented from driving in the future. In other words, there is a legal and social process for imposing discipline. Mundie imagines three tiers of Internet ID: one for people, one for machines and one for programs (which often act as proxies for the other two).
Now, there are, of course, a number of obstacles to making such a scheme be reality. Even here in the mountains of Switzerland I can hear the worldwide scream go up: “But we’re entitled to anonymity on the Internet!” Really? Are you? Why do you think that?
Mundie pointed out that in the physical world we are implicitly comfortable with the notion that there are certain places we’re not allowed to go without identifying ourselves. Are you allowed to walk down the street with no one knowing who you are? Absolutely. Are you allowed to walk into a bank vault and still not give your name? Hardly.
It’s easy to envision the same sort of differentiated structure for the Internet, Mundie said. He didn’t get into examples, so here’s one of mine. If you want to go to Time.com and read all about what’s going on in the world, that’s fine. No one needs to know who you are. But if you want to set up a site to accept credit-card donations for earthquake victims in Haiti? Well, you’re going to have to show your ID for that.
The truth of the matter is, the Internet is still in its Wild West phase. To a large extent, the law hasn’t yet shown up. Yet as more and more people move to town, that lawlessness is becoming a bigger and bigger problem. As human societies grow over time they develop more rigid standards for themselves in order to handle their increased size. There is no reason to think the Internet shouldn’t follow the same pattern.
Though that’s not to say it’ll happen anytime soon. Governments certainly have been talking to each other about this (almost by definition, any effective efforts will have to be international in nature), but even in Europe, where there is a cyber security convention in effect, only half of the Continent’s nations have signed up.
One stumbling block that was mentioned at today’s panel discussion: governments’ own intelligence agencies are huge beneficiaries of the Internet’s anonymity. We managed to spy on each other before the Web, but how much easier it is now that we can cruise around cyberspace without anyone even knowing we’re there.
So don’t expect any changes in the short term. But do know that the people in charge—as much as anyone can be in charge when it comes to the Internet—are thinking about it.