What would it take to create a more secure Internet? That’s what John Markoff explores in his latest New York Times article, “Do We Need a New Internet?” Echoing some of the same fears Jonathan Zittrain articulates in his new book The Future of the Internet, Markoff wonders if online viruses and other forms of malware have gotten so out-of-control that extreme measures may be necessary to save the Net. Compared to when cyber-security attacks first started growing over 20 years ago, Markoff argues that:
[T]hings have gotten much, much worse. Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.
Like many others, Markoff fingers anonymity as one potential culprit:
The Internet’s current design virtually guarantees anonymity to its users. (As a New Yorker cartoon noted some years ago, “On the Internet, nobody knows that you’re a dog.”) But that anonymity is now the most vexing challenge for law enforcement. An Internet attacker can route a connection through many countries to hide his location, which may be from an account in an Internet cafe purchased with a stolen credit card. “As soon as you start dealing with the public Internet, the whole notion of trust becomes a quagmire,” said Stefan Savage, an expert on computer security at the University of California, San Diego.
Consequently, Markoff suggests that:
A more secure network is one that would almost certainly offer less anonymity and privacy. That is likely to be the great tradeoff for the designers of the next Internet. One idea, for example, would be to require the equivalent of drivers’ licenses to permit someone to connect to a public computer network. But that runs against the deeply held libertarian ethos of the Internet.
Indeed, not only does it run counter to the ethos of the Net, but as Markoff rightly notes, “Proving identity is likely to remain remarkably difficult in a world where it is trivial to take over someone’s computer from half a world away and operate it as your own. As long as that remains true, building a completely trustable system will remain virtually impossible.” I’ve spent a lot of time writing about that fact here and won’t belabor the point other than to say that efforts to eliminate anonymity for the entire Internet would prove extraordinarily intrusive and destructive — of both the Internet’s current architecture and the rights of its users. There’s just something about a “show-us-you-papers,” national ID card-esque system of online identification that creeps most of us out. That’s why I spend so much time fighting age verification mandates for social networking sites and other websites; it’s the first step down a very dangerous road.
But what if we could apply such solutions in a narrower sense? That is, could we create more secure communities within the overarching Internet superstructure that might provide greater security? Markoff starts thinking along those lines when he suggests…
Continue reading →
Declan McCullagh, CNET News’ chief political correspondent, does a nice job debunking the privacy fears about Google Flu Trends that a couple of pro-regulatory privacy advocates have set forth. Flu Trends is a very cool application that uses search terms as an indicator of possible upticks in flu-related illnesses in various regions of the U.S. Of course, it didn’t take long for some Chicken Littles to rain on the parade with their irrational fears about data privacy. As Declan notes, however, there is no personally identifiable information being collected or shared here. It’s just search term analysis. Moreover, if these privacy-sensitive advocates are really that paranoid about it, they should just just Tor or another anonymizer to cloak their searches instead of calling in the regulators to suffocate another technology while its still in the cradle.
Anyway, make sure to read Declan’s excellent piece.
Great post over on the Tor blog about how “anonymity on the Internet is not going away.” This is a subject I care about deeply. Here, for example, is an essay I wrote about mandatory age verification and the threat it poses to online anonymity. I love this paragraph from the Tor essay, and agree with it wholeheartedly:
Anonymity is a defense against the tyranny of the majority. There are many, many valid uses of anonymity tools, such as Tor. The belief that anonymous tools exist only for the edges of societies is narrow-minded. The tools exist and are used by all. Much like the Internet, the tools can be used for good or bad. The negative uses of such tools typically generate huge headlines, but not the positive uses. Raising the profile of the positive uses of anonymity tools, such as Tor, is one of our challenges.
Amen brother.
The latest attack on anonymous online speech comes from Kentucky Representative Tim Couch, who proposed legislation last week that would ban posting anonymous messages online. The bill requires users to register their true name and address before contributing to any discussion forum, with the stated goal of cutting down on “online bullying.”
The right to speak anonymously is protected by the First Amendment, and the Kentucky proposal raises serious Constitutional questions. In Talley v. California, the U.S. Supreme Court overturned a Los Angeles ban on the distribution of anonymous handbills on First Amendment grounds. However, the Court has yet to directly address the question of anonymous speech on the Internet, as few existing laws target online anonymity.
The Kentucky bill comes on the heels of controversy over the growing popularity of JuicyCampus.com, a “Web 2.0 website focusing on gossip” where college students post lurid—and often fabricated—tales of fellow students’ sexual encounters. The website bills itself as a home for “anonymous free speech on college campuses,” and uses anonymous IP cloaking techniques to shield users’ identities. Backlash against the site has emerged, with Pepperdine’s student government recently voting to ban the site on campus.
Under current law, websites like Juicy Campus cannot be sued for user-posted messages. As Adam Thierer mentions in a recent post, Daniel J. Solove of George Washington Law School has offered some insightful analysis on anonymity in the digital age. Solove points out that under the Safe Harbor provision found in Section 230 of the Communications Decency Act, providers are immunized from liability if they unknowingly distribute libelous messages so long as they remove libelous postings upon receiving a takedown request. This issue was further clarified in 2006 in Barrett v. Rosenthal, in which the Court found that website operators are immune from liability when distributing defamatory communications.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.