|
A controlled-access Internet?
By Scott Bradner
Ex-CIA Director George Tenet worries about the
Internet. He seems to think that its basic nature and
current use presents an ongoing threat that the U.S.
government may have to fix.
In his view the threat is such that the use of the
Internet, or at least the use of some networks, might
have to be restricted. To paraphrase a Vietnam-era
quote, Tenet seems to want to destroy the 'Net in order
to save it.
On Dec. 1, Tenet spoke on the topic of Democracy and
Terrorism at Federal Computer Week Events' Homeland
Security and Information Assurance Conference. Press
reports varied, maybe because most reporters were
excluded from his speech. Headlines ranged from a
positive "Tenet touts info sharing"
fcw.com/fcw/articles/2004/1129/web-tenet-12-01-04.asp
in Federal Computer Week to the threatening "Tenet
suggests
limiting the Internet to approved users"
<http://www.nwfusion.com/nlgibrad932>
in Internet pamphleteer Dave Farber's Important People list.
The main thrust seems to have been that the most
important thing that can be done in the fight against
terrorism is to properly share data between the federal
government and state and local officials and "to the
lowest levels of our society to let them take action."
But to share data this way requires a trustworthy
network, and Tenet doesn't think the Internet qualifies.
He is both right and wrong.
Part of the trustworthiness Tenet is worried about is
that of the Internet infrastructure itself. That could
be better, and it is (slowly) getting better.
Tenet wishes there were a useful public key
infrastructure but, as he points out, setting up a
national or international PKI is "a daunting task" and
one that I don't think will be done anytime soon. And
maybe that's for the best considering the
double-edged-sword nature of a PKI in that it makes
anonymity
very hard. You may not desire anonymity for a terrorist
but you might find it quite important if you needed to
contact an AIDS support center or if you were a
whistleblower or undercover police officer. I expect
that an application-specific PKI just for the
information exchange function is a lot more likely to
be deployable and would have fewer negative side effects.
Tenet would like industry to lead the way by
"establishing and enforcing" security standards and by
delivering products with a higher level of built-in
security. That would help a lot but it is nowhere near
enough. People who put data onto the Internet need to
get some clue about security. California is in the
process of notifying 1.4 million people that their
private data might have been compromised because data
that had no business being anywhere near the Internet
was on an Internet-connected machine.
Tenet said that if the Internet could not be made
secure, then maybe the government would have to build
separate networks for tasks such as information
distribution. There are many reasons why this is an
expensive and generally pointless exercise, some of
which I talked about more than three years ago
www.nwfusion.com/columnists/2001/1022bradner.html
Tenet's comment that access to the Internet might need
to be limited to people who can show they take security
seriously led to the scare headline in Farber's
posting. An attention-grabbing headline, but as likely
to happen as limiting access to the phone network to
those who promise not to talk about anti-U.S.
activities. And, sadly, about as likely to happen as
people not putting data that should not be public in a
public place such as the Internet.
Disclaimer: Harvard gets its share of
attention-grabbing headlines, mostly good. But I did
not talk to anyone at the university about this
particular one, so the above is my own ramble.
____________________________________
Bradner is a consultant with Harvard University's
University Information Systems.
<mailto:sob@sobco.com>
--
LP
"We are fighting today for security, for progress,
and for peace, not only for ourselves but for all
men, not only for one generation but for all
generations. We are fighting to cleanse the world
of ancient evils, ancient ills."
Franklin Delano Roosevelt
State of the Union Address - 1942
|
| |
| |
|
