GELFAND ON CULTURE-It's amazing how complacent we've all become, what with spam and trojan horses and phishing emails and of course that Nigerian general's widow who wants to split fifty million dollars with you. It didn't have to be this way, and it still could be fixed. I blame Bill Gates for a lot of it, which means that I blame IBM for giving him the franchise, but I also blame all the governments and law enforcement agencies in the western world. Their negligence too has been monumental.
The design of the original IBM PC, and IBM's decision to outsource the operating system to Bill Gates, was the introduction of a new Pandora's box into the world. The creation of the Windows operating system and its zillions of security weaknesses cracked the lid of that box open a little bit. The introduction of the internet as a widely available public utility jammed the lid wide open.
Since that moment, criminals in eastern Europe and our own home grown American fraudsters have all had the ability to gain access to home computers by the tens and then the hundreds of thousands. They have used this criminal access to insert viruses and to use your home computer (if you are one of the unknowing victims) to send out spam, and with that spam, more viruses by the millions. There is even a slang term for this. Since your computer has been made into a robotic slave of the criminals, the collection of such roboticized computers became known as a botnet. Most of the time, the owners of such computers are not even aware that they are being used in this way, since the misuse does not completely immobilize the computer, at least for very long.
It the mechanics and organizational structure of the internet were a little different, we could prevent a lot of this from happening again. To make this fix involves giving up a little bit of somebody's freedom, but there is an argument to be made in its favor.
I know I'm going to get flak for saying this, but there would be a distinct advantage to being able to positively identify the source of every email, right down to the machine it came from and the fingers that typed it. It would equally be an advantage to be able to identify the source of messages sent to web sites, and that includes comments sent to discussions such as this one.
Yes, this would violate the precept that the internet should be totally open and free, where "open and free" includes the ability to remain anonymous. It would be particularly hard on the people who live under oppressive regimes. It would take away the anonymity that some people need to stay out of prison. I concede this point, but offer the following counter argument, for what it's worth.
Just considering Europe and North America, we are somewhere around a billion users of the internet, of cell phones, and of mobile applications such as the iPad. We don't need the internet as a tool to replace despotic government. We have voting and we have Constitutions. And we have access to the internet to communicate to our fellow voters if we want to try to sway their votes. I would argue that for some of us, it would be worthwhile to have at least one iteration of the internet where we can be free of anonymous spam and death threats.
That last line may have seemed a little argumentative, but it is not. The abuse of bloggers, women in particular, by anonymous commenters is the subject of a lot of current discussion. Men (and women who use male names) are less susceptible to this kind of abuse, but for self-identified female internet writers, it is quite a different thing. It's not uncommon for female internet authors to be threatened with rape, and sometimes with murder. The ability for anyone to send a comment under a pseudonym makes this a lot easier. If the identities of people making terroristic threats were ascertainable by some standard set of tools, then the police could handle such events when they happen, and they would instantly become much rarer.
So let's think the question through.
First, is it technically possible to rebuild the internet so that messages are traceable? Second, is it something that we really want to do?
As for the technical feasibility of creating a tighter, more secure internet, I think that the answer is yes. A little careful thought leads to the following suggestion: The critical point in the system is the uploading of a message from your computer to your email service provider. What's necessary is that the system which constitutes that first entry point be able to determine for sure that the message came from you, and not somebody else. It's actually not that hard a conceptual problem. Think about the fact that for close to a hundred years now, the phone company has been able to tell what number your landline call comes from. It's because the identities of landline calls are pretty much hardwired in. Is it foolproof? Obviously not, because hardwired systems can be tapped into, as the movies and television detective shows love to show us.
But a hardwired system can be pretty good, even if it's not 100 percent perfect. Take the same idea and apply it to that first link from your computer to the nearest telephone pole. It doesn't have to be the same exact methodology, but it has to accomplish the same goal.
There's no reason that at least some part of the email system couldn't be made traceable by an analogous technique. By the way, once you get beyond those first links from computers, the rest is fairly easy and probably a lot cheaper. That's because there are more individually owned computers than there are internet service providers. The new internet can be limited to internet providers who agree to limit their traffic to traceable sources. There would have to be a surefire way of knowing that an incoming message is from a truly traceable source, but that's just engineering. If we can agree on something as complex as the specifications for a USB plug, then we can also agree on how to engineer in traceability.
Notice that to engineer traceability is not necessarily to abuse its power. We can imagine a carefully crafted legal rule in which the equivalent of a warrant or a subpoena would be required to collect an identification. The difference between the old internet and the new internet would simply be that in the latter, the ability to make an identification would exist. Would there be attempts at abusing this power? Undoubtedly, but its not a new issue, and many of the legal questions regarding subpoena power over internet patrons have long since been adjudicated.
To cater to hard core libertarians, we could even make it an opt-in system. Put it this way -- if I want to be a part of the new internet, then I have to agree to abide by its rules myself, and that includes an identifiable tag that allows the system and the recipient of my message to know for sure that it came from me, and not some spammer. If you want to be that spammer and avoid traceability, maybe that will remain your prerogative, but my machine won't accept messages from you because I will never receive them.
In order to make the new internet work, we would have to be careful about access. The old style internet cafe, the source of so much spam and fraud, may end up being excluded. As someone who has used internet cafes in my travels, I'm not exactly sure how to solve this problem. Perhaps there will continue to be an old internet which allows for all the random access we have now. More likely, should the new internet come into being, the internet cafes will learn to adapt. It might be as simple as scanning your ID or passport, in the same way the hotels already do if you are from a different country.
I suspect it's more likely that international travelers will increasingly rely on cell phones for their communication needs. It's happened already to a considerable extent. The companies that provide cell phone services are concerned about the security of their systems already, although they don't yet have all the answers. For example, scam artists currently have the ability to spoof the phone number you see on your screen when they send you the cellular equivalent of email spam. The fact that spam cell phone calls are relatively rare suggests that the cellular system is already way more secure than the old internet. Since the smart phone is a relatively new development, it's likely that the system will continue to be made more secure. The technology has room for improvement, and subscribers will demand it.
Meanwhile, billions of us will continue to use home computers, business computers, and something that will continue to be called the internet.
If we are really serious about creating a new internet, we can do it, but it will probably take 5 to 10 years just to get a good start. For one thing, it's probably going to require a new generation of computers, or at least some physical modification of currently existing computers. Maybe it could be something as simple as a redesigned internet modem -- just replace the current router box with the new one. Then, it will take a well designed operating system to make use of the new safeguards. Then, the internet providers will need to reprogram their systems so as to reject fraudulent input.
Curiously, we have a precedent for this kind of wholesale redesign. Anybody remember the Y2K panic, otherwise known as the millenium? Remember how a whole generation of computers had been built so as only to record the last two digits of the year? Since the first 2 digits were always 19, why waste storage and coding on them? Then came 2000, and we had to adapt, so people were not billed a million dollars for a month's phone bill, or appropriated a negative number for a refund. Businesses and lots of individuals took advantage of the changes (and reacted to their own concerns) by going out and buying new computers.
Perhaps we could plan on a similar upgrade in the year 2020, preceded by a gradual introduction of the opt-in New Internet in the form of pilot projects. These pilots projects would be appropriate for any area in which the old internet wiring is being replaced by high speed fiber optics.
And if you don't like this idea, I can offer you a chance to split fifty million dollars with me. All I need is your name, phone number, bank account number, complete DNA sequence, and a modest amount in US Dollars to cover my costs. Let me know.
(Bob Gelfand writes on culture and politics for CityWatch. He can be reached at [email protected]).
-cw
CityWatch
Vol 12 Issue 8
Pub: Jan 28, 2014