Last week I publicly released a white paper called Fixing the Internet: A Security Solution in this blog.
I proposed three main ideas:
- Put together an Internet security dream team of experts to solve the hard issues
- Create an Internet global infrastructure service dedicated to Internet security for the benefit of all
- Replace the Internet's pervasive anonymity with requestable identity and integrity
I've had as many critics as supporters, although not surprisingly, my closest friends and colleagues have been the harshest. This I expected, as you don't learn new things by hanging around with passive, unopinionated people. Here's the most common objection:
Regarding the third item in my solution, many have pointed out that it invades people's privacy, and a few have said that I'll take their privacy when I pry it out of their cold, dead hands. In short, they say that my plan is an utter invasion of personal privacy.
My answer? Yes, it is!
Wow, that was easy. OK, on to the next one...
Seriously, I completely agree with this complaint. It is an invasion of privacy, and I'm a big personal privacy proponent. I read and promote Electronic Privacy Information Center nearly every week. One of my favorite quotes is from Benjamin Franklin, who said, "Anyone who trades liberty for security deserves neither liberty nor security." I hate many parts of the US Patriot Act and the current proposed renovations to the FISA courts (although I respect and support all laws). I think privacy is a good thing. I just cannot think of a long-term solution to the Internet's security problems that does not involve giving up some privacy, some of the time, in order to get a significantly more secure Internet.
Privacy is not a binary yes or no decision. We accept varying degrees of compromised privacy all the time. We do this when we register for national IDs, employee badges, and health insurance cards. We do this when we take driver licenses tests and stop for law enforcement when they pull us over for speeding. Anyone belonging to civilization today and not running off to remote, mostly uninhabited areas of the world have purposefully traded off some portion of privacy for more security, whether it be physical, spiritual, or mental.
Further, my solution doesn't require that you give up privacy. It only requires that you give up privacy to interact in the most optimal way with a destination that also requires that you give up your anonymity, but only during a transaction requiring it.
You may require that your identity be kept anonymous all the time, no exceptions. Or you can always offer to identify your true self to Web sites and applications you trust. Or maybe you'll take the middle ground and use a third-party-verified identity that isn't really you...it's just a proxy identity, but one that both sides of the transaction accept. OpenID or CardSpace anyone?
For example, I may choose to drop any traffic not identified by the real identity or a verified proxy from contacting my e-mail server. Heck, that would end a lot of spam and most of the hate mail I've been getting. I could require that end-users give me some level of identity before they can say they hate me, but accept anonymous love letters.