In a recent post, I suggested that terrorist internet activity is not always as anonymous as its perpetrators assume. This week, a leading security expert proposed that the only way to reduce cybercrime―which might also include terrorist use of the internet―is to force all internet users to be registered, such that anonymity no longer exists.
Q: What’s wrong with the design of the Internet?
A: There’s anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people―hundreds, or maybe thousands. Then it was introduced to the public and it was wrong…to introduce it in the same way. I’d like to change the design of the Internet by introducing regulation―Internet passports, Internet police and international agreement―about following Internet standards. And if some countries don’t agree with or don’t pay attention to the agreement, just cut them off.
At present, it is often difficult to ascribe individuals to IP addresses―the codes that identify individual machines on the network, and which are often the first major leads in investigations of online activity. To avoid the use of fake registrations of domain names, broadband contracts, etc, Kaspersky would like to introduce … more layers of registration and identification. It’s not clear how this would work but we can probably assume that Kaspersky and his company might just be able to produce some prototype technology to demonstrate this concept. Technology, of course, that will itself be amenable to hacking.
It’s a terrible idea. Governments are having enough problems regulating online activity, catching the bad guys, and introducing physical identification methods as it is. Whilst Kaspersky’s idea might be music to the ears of many governments (authoritarian or otherwise), what value is there in creating a whole new layer of intrusive technology that will only fuel further accusations of ‘Big Brother’-ness? We have in the last few days read about the problems of putting whole communities under suspicion on the basis of counterterrorism and national security. Importantly, if you treat your citizens as potential criminals, will they push back against the very policies ostensibly meant to protect them? I have yet to find a strong case for internet regulation of this type, nor for ID cards, let alone a technology that is itself secure enough to deliver their promised benefits.
It’s too early to tell if Kaspersky’s ideas will have any traction beyond a single interview. Kaspersky has upwards of 90% of the Russian internet security market, and the Russian government has not been backward in restricting freedom of expressionwhere it can, so his comments may have been aimed at domestic ears. I doubt that, as Kaspersky is very much a global company, and Kaspersky notes the transnational nature of the internet in the interview. Regardless of Kaspersky’s motivations, the ‘internet passport’ is a non-starter in my opinion, and will do almost nothing to solve the problems it purports to address. Instead, it may give rise to a whole host of civil liberties issues―just the sort of thing that any wise government would wish to avoid.