Flamboyant anti-virus guru Eugene Kaspersky has defended his controversial internet passport plans. Kaspersky, chief exec of malware exterminators Kaspersky Lab, first outlined plans to mandate use of a hardware token-based passport to get online around two years ago. The scheme is designed to deter abusive use of internet …
This would be like the TSA for the Internet
Bad guys don't play to our rules. So here's what'll happen:
1. The majority of Internet users will be penalised
2. The bad guys will continue to get away with their crimes
3. If it becomes reality, trade in such "IDs" will be great. Stolen or just sold by the "owner"
4. Let's face it, the web of trust in something "simple" like TLS is crumbling. If we can't make HTTPS work perfectly, how in buggary are we going to get hundreds of jurisdictions to mandate the uptake of such a scheme? How would it be protected from abuse?
I actually agree with Kaspersky's argument.
Oh, wait, my mistake, they're all rubbish.
An "Internet Passport" will just create another kind of underground market.
Dancho Danchev is, in my mind, one of the most intelligent cyber-crime bloggers and researchers, and his arguments against Kaspersky's ridiculous scheme are far more eloquent than mine ever could be.
The cat is out of the box now, and putting it back in just will not happen. I'm sorry if Kasperky's regrets that the internet is now free-to-all, but that's just the way it is. Eternal September isn't going to go away.
*AC puts on sunglasses*
Deal with it.
... would be managing the necessary database(s) of Internet users?
Surely not governments, who famously can't keep hold of data?
Or major corporations, who famously want it for their own commercial ends?
Or idealistic IT types, who have trouble even on agreeing what kind of domain suffixes should be allowed?
And even if we can understand who, how would THEY be secured, why should we trust them, and how (and by whom) would they be selected?
All your base
Its not about whether it will work or not (it won't, for fairly obvious reasons), it's about an Industry with an uncertain future*, creating a new profit centre that's so irresistible to the omnipotent ambitions of western governments, they're likely to make it mandatory.
To paraphrase the BOFH, you can't help but admire the sheer balls of it.
* that would be the AV industry, Android offers sales for them in the short term, but the trend on OS X and Windows is about locking everything down to such a degree that AV products can do little more than check themselves for infection, in the long term, I'd expect Amazon to essentially fork Android to provide a similar 'safe' experience**.
** for a given value of 'safe'.
Fail Fail Fail
This is fine in a world where people don't use Windows, IE, Adobe Flash and Adobe Reader. All you need to do is click 1 link (or open an email) and someone else effectively owns your passport. All their mis-doings will be redirected from your computer, and you will get the blame for it all.
Oh, and the best thing is that since it was _your_ passport, _you_ are guilty. Go straight to Guantanamo bay, do not collect £200.
I would be worried if I used any products from this company, if their chief exec is such a thick-as-2-short-planks fuckwit.
"Driver's licence for free speech"
Technical quibble: A driver's licence is (ostensibly) about having the basic technical prowess to not unduly endanger fellow users of the road. You could argue that there shouldn't be a name on it, or at least that plod wouldn't be allowed to do anything with that name unless there's been an accident that needs a name to assign the blame. Of course that isn't how it works in practice, but strictly speaking that's administrative lazyness. The justification is in having to show you can drive well enough to be allowed to drive. Yes, that's splitting hairs but the difference might turn out to be important in this discussion, so please keep it in mind. Anyhow.
So, is he doing a "thinking of the children" moral panic? 'twould be sad to see an IT professional --you'd think such a someone would know better-- go down that path. Or is he just trying to sell a corporatise-the-world "security" solution?
Personally I dislike "impossible" counter-arguments; we've seen time and again that very few things turn out to be flat-out impossible, though with enough care they'll turn out intractable for the foreseeable future for a fair application to all, ie there will be holes, it won't be perfect, it won't work very well. But something can always be made to work given a sufficiently small scale (which might not be all that small: China being a point in case) and for some that is enough argument to ignore "impossible" objections.
To me the salient point is that pinning down everyone, everywhere, everywhen, with that one state-issued "identity" tag, isn't just a bad idea, unworkable, or any such objection. It is something we should not desire. In fact it is something we cannot have without making a mockery of our freedoms.
In this respect ardent proposers of schemes like this are, quite simply and just to return the favour of unduly labeling people, haters of freedom. And then it suddenly becomes really interesting to see which politicians buy into, say, this guy's arguments.
are just trying to appear more indispensable than they really are. Passports would be a new source of revenue for them, nothing more.
Their marketing made you believe they are trustworthy. Maybe they are not.
The global police state is coming...
"Attempts to banish anonymity from the internet won't affect those savvy enough to bypass it, would cost billions, and would have only a negligible effect on security,"
The same is true about the real passports, isn't it? The savvy criminals use forged or stolen passports. This hasn't prevented the governments from mandating passports for their citizens, because it means that the vast majority of people are more easily monitored and controlled.
Which is precisely why something like this WILL be made mandatory on the Internet. Not because it will stop the criminals (it won't) - but because it will allow the governments to suppress dissenters and wikileakers better.
We've been here before
Just dig out all the objections to the dead, unlamented ID card scheme and scale them up to reflect the world population rather than that of the UK.
I mean no governments would ever, ever abuse such a system for their own gain or to shut down shouty dissenting types, would they?
Keep him away from the EU !
To the mindset of control-freak bureaucrats this would be perfection.
Only the rich want to control things
Once you are at the top of your game in life then the next goal is to control other peoples lives.
That is how it goes when you are at the top of the economic food chain.
Works so well for telephony...
Well he would defend his ludicrous idea without blinking
This is from the antivirus vender whose antivirus manages to break Windows Update.
Oh, those Russians!
Actually, it is doable - his idea isn't that bad
Most of the commentards confuse ID with privacy. You can have an ID without going naked on the Net. The challenge lies in what that ID represents, and that problem has already been solved in another field (a bit of a side effect of what I was doing).
I've emailed him and had a response - let's see where this goes.