Former FBI Agent Calls for a Second Internet 486
An anonymous reader writes "Former FBI Agent Patrick J. Dempsey warns that the Internet has become a sanctuary for cyber criminals and the only way to rectify this is to create a second, more secure Internet. Dempsey explains that, in order to successfully fight cyber crime, law enforcement officials need to move much faster than average investigators and cooperate with international law enforcement officials. The problem is various legal systems are unprepared for the fight, which is why he claims we must change the structure of the Internet."
VPN (Score:5, Insightful)
Um, no (Score:4, Insightful)
In other words ... (Score:5, Insightful)
Yeah, that's going to happen.
Ummmmm, no. (Score:5, Insightful)
Any time you have a new community or resource to exploit, there will be criminals. However, calling it a sanctuary is hardly apt. I can think of more than a few places that are a sanctuary for criminals, yet you won't see the government razing those neighborhoods and starting anew, would you? Besides, who gets called a criminal?
and the only way to rectify this is to create a second, more secure Internet.
Ummmm, no. What he means is that they want to form a new network that can routinely be filtered, scanned and probed with no means of anonymity (already going away) or flexibility.
Dempsey explains that, in order to successfully fight cyber crime, law enforcement officials need to move much faster than average investigators and cooperate with international law enforcement officials.
How about figuring out how to deploy a network within your own agency first, that agency employees can actually use?
to the FBI.. (Score:5, Insightful)
I care about speed, anonymity and integrity of data.
While we are at it why don't we create new cities (Score:5, Insightful)
Since major cities have more crime than before why don't create new cities.
As opposed to extraditing murderers, mafiaa members etc is easy with respect to "traditional" crimes?Why hire competent people who technology as tools and adapt your law enforcement agency when you change the world around you to adapt to your incompetence?
And for those who says "Think of the children": No law can effectively parent your child for you. Do you damn duty.
Yay (Score:5, Insightful)
Good idea..but (Score:5, Insightful)
'replace'? (Score:1, Insightful)
The 'internet' is simply many computers connected together, interchanging data over cables. I could create my own internet, for example, using different protocols and such, and creating my own sever system, browser, and etc.
It just doesn't make much sense to 'make' a new internet. The internet is the world, and you just can't replace it.
Moreover, what would prevent me from doing the above and bypassing their 'secure' measures? Censorship never works.
Well gee, who's to blame for that? (Score:2, Insightful)
They weren't interested in nipping the cybercrime problem in the bud in the early years, and now the internet is a hive of scum and villainy.
~Philly
Security is impossible (Score:5, Insightful)
On the other hand, I wouldn't mind an overhaul on DNS and SMTP to slow some spammers and other jerks down.
The real problem is the diverse nature of laws between different countries and the strong enforcement in some places and near zero enforcement elsewhere. Think about it, someone in Russia can do almost anything outside their country and not be prosecuted. In other places, we have parts of the Internet filtered because of some lame moral code.
I just wish these people who don't understand the spirit of the Internet would take their marbles and go home.
Mr Dempsey, head of the internets (Score:4, Insightful)
Oh that's just great. So just because poor mr Dempsey woke up one day believing that someone wasn't ready for a fictional fight then we all should just drop the world's communications infrastructures and rebuild it according to mr Dempsey's vision. For the sake of those poor unprepared legal systems, of course. And also the world's safety. And the children, now that we are at it.
What mr Dempsey is advocating is nothing more than taking over the control of the medium. No one has it and he wants it badly, claiming that it's in everyone's best interests to be controlled by an overreaching, totalitarian organization. Well guess what mr Dempsey, the internet works great just as it is and no one benefits from having a righteous mr Dempsey, head of the internets, fighting the fight that those poor, fictional legal systems are supposedly incapable of carrying out.
International crime means new internet? (Score:5, Insightful)
So, he goes from acknowledging that there's a jurisdictional problem and a speed problem when it comes to law enforcement to creating a new "verified" internet where you have to "prove" who you are? Umm..no.
And he goes on to hit every hot topic in security today: DDOS, identity theft. spam, etc. And then, he makes the claim "the fact is that Internet crimes are almost always international crimes." And he doesn't back it up, rather gives anecdotal evidence of a hacker in Russia using computers in Thailand to steal data.
I am not a security expert (and I'm not pretending to be) but this "sky is falling" mentality is crap. Most identity theft (the act of stealing) is not done over the internet, its done locally. Yes, selling lists of thousands of SSNs and credit card #s happens over the internet, but the thievery itself doesn't.
In fact, this would make things worse: you're creating a global ID. Once someone steals your global ID they can do whatever they want. And once again, your ID wouldn't be stolen over the "new" internet, it would be stolen because you didn't shred a document and someone went dumpster diving.
This doesn't solve any problems.
Re:Hmm... (Score:5, Insightful)
It seems that many countries just want to forbid things, with regards to the internet, rather than adjust to a new way of looking at crime committed through the internet.
If it turns out that law enforcement can't or won't adjust to the speed in which cybercriminals operate, maybe the only way to help prevent crime is to educate the users, or even help write better software (against spoofing etc.).
Re:to the FBI.. (Score:3, Insightful)
"Successfully fight[ing] cyber crime" can fairly important when it comes to integrity of data. Unless you decide that fighting cyber crime is really up to network administrators or something like that. In which case we may as well make phishing and hacking and whatnot entirely legal or something... internet theft, etc.
not that I actually support the former FBI agent's idea. actually it seems to be pretty stupid, heh.
A Sanctury for Cyber Criminals (Score:2, Insightful)
Both are probably true.
Digital Immigrants vs. Digital Natives (Score:5, Insightful)
The next generation of investigators will be digital natives. They'll have grown up with the web, email, blogs, message boards, IM, flickr, youtube, social networking, and the like. They won't all have CCNAs, but they'll have a sufficient understanding of how people use the internet to know when to bring in forensic experts.
The transition will be difficult. The digital immigrants with extensive investigative experience and the digital natives who are novices in their profession will have to cooperate and exchange their knowledge and wisdom, and in the meantime, some criminals will slip through the cracks. That's the price of progress.
Good Idea (Score:3, Insightful)
We all stand and applaud, then cut them off from ever returning to the old internet.
Then we can go back to the days of sharing information and having fun without that stupid "punch the monkey" ilk...
Re:Security is impossible (Score:3, Insightful)
The real problem is the diverse nature of laws between different countries and the strong enforcement in some places and near zero enforcement elsewhere.
From a defensive perspective, the problem is that most people are really bad at recognizing phishes, hoaxes, scams, and the like. At this point, 100% of the email forwards I get from my 60 year old aunt have been debunked. Most people just lack that "this is bullshit" detector.
Re:Well gee, who's to blame for that? (Score:3, Insightful)
Common but fallacious reasoning (Score:5, Insightful)
2. Changing X would fix that problem.
3. Therefore, we should change X.
With no regard for whether X has any value of its own. Open your eyes and look outside of your own field before you decide to change the world in your favor.
Re:Translation (Score:5, Insightful)
He can't have a legislative solution, so he comes up with a technical one.
(x) Sorry dude, but I don't think it would work.
At first I thought he was crazy (Score:5, Insightful)
After reading the article, however, and carefully thinking about his ideas, I've concluded that he is instead an idiot.
Has this man never heard of Metcalfe's Law [wikipedia.org]? His second, registration-only internet will be about as popular as BITNET [wikipedia.org] and Telenet [wikipedia.org] are these days. (Yes, Virginia there were globe-spanning networks before the Internet. It's true!)
While he's at it, he might as well call for a second telephone system, one that only allows people to say nice things.
Re:Ummmmm, no. (Score:4, Insightful)
How about figuring out how to deploy a network within your own agency first, that agency employees can actually use?"
More importantly, how about ending crime by extreme economic inequality, tax breaks for the rich and going after tax havens?
I'd rather see money spent on Prevention rather then re-action, making a society that people don't feel the need to turn criminal to begin with.
Human beings have this awful tendency to neglect the human environment and thus they bring revolution and crime down on themselves for their apathy and neglect.
Re:VPN (Score:4, Insightful)
also much easier to implement than trying to build an internet around catching crooks.
so what do you do with the criminals from Africa who are connected to organized crime, who have whole 'internet cafes' and people standing watch so they can get out of there if the 'police' come, who are more than likely on the take anyways...
remember the 'untouchables' it took a special breed of cops to go against organized crime and get results, and with 'cyber crime' often being 'international crime' it's difficult to police.
'spying' on what people do over the net is really the only way to catch the criminals in the act. however, doing so in a country that you don't work for is impossible with the way the internet works. unless of course, you create a law governing how 'backbone' providers work with international police, to allow certain countries to be 'locked in' to a certain backbone, where the data traveling from that backbone to other backbones can be monitored... and evidence of crime can be monitored, and controlled.
doing something like that would discourage the growth of online crime in iran and africa without affecting internet usability in 'modernized' nations, but countries like china russia etc would be much harder to try and stop crime in, without completely redesigning the internet around catching criminals, the problem will only get worse.
remember the prohibition, when a layman could make a fair bit higher salary rum running, than doing decent work, crime spiraled out of control. an internet that doesn't care who does what or when or why and does everything to make any packet go through to recipient... will only breed a den of thieves.
can the global economy take a 7 billion dollar a year hit to cyber crime every year, for the next 20 years? no it can't and that's why tracing criminal activity is Going to become standard. right now to credit card fraud, identity theft, and check fraud scams etc... i seem to recall hearing that europe and the usa were combined losing 7 billion dollars a year, but it was on dateline nbc, not on the internet so the figure might be off.
tracking the criminals down is going to get easier, and the crime harder to pull off. It's only a matter of time.
although i Seriously doubt they're going to make it easier for the movie and music industries to track down users, and catch them 'in the act' what is going to get targeted is the stuff that really steals from the banks, and the rich and gives it to the criminals.
if i had the money I'd bet a billion dollars that within a decade hacking will be traceable world wide, through hardware ids before they get the money transfered from one bank account to another one.
if i had another billion dollars, I'd wager that in 10 years banks will process checks the way wal-mart does now, before they hand the user any money, and before they can 'wire' the money to another bank account, the original account is checked for the money, and the check is scanned by the computer for identifying marks, that can verify it as original.
taking 3 days to verify a cashiers check just doesn't cut it when that's what check cashing fraud scams are banking on.
The Moon is a Harsh Mistress (Score:5, Insightful)
Heinlein wrote about this decades ago - "The Moon is a Harsh Mistress." Great read, and extremely relevant.
Re:Yay (Score:1, Insightful)
What criteria do we use to form the conclusion that it is obvious that the internet requires some type of governance? Is this obvious because someone says the internet is dangerous? Is this obvious because there is crime perpetrated through the internet? Allowing for the conclusion that the internet provides a means for people to connect or come in contact with others that will exploit them, why does this necessitate "governance"? Wouldn't it necessitate independence? Isolation or the power to isolate users from others? This would be the opposite of governance, since governance requires an authority with power and knowledge of all participants.
I submit the more easily understood answer, and hence the obvious answer, is ensuring anonymity. When people can ensure that they are not visible to others on the internet, and they can hide the location or where they have been, then they cannot be tracked by others wishing to do them harm. When users can ensure only those they wish can see them, or contact them, then the user will be empowered most to protect themselves from the exploitations of others. Putting a central authority in power ensures that there is but one place to go to exploit all the people, and hence creates a system that make it easier to exploit or control the people beyond what they wish - the very thing that we are looking to prevent I would argue.
Re:In other words ... (Score:4, Insightful)
Besides, neither Dufus Feeb, nor his colleagues need "to be on" anything, or be brainwashed, wear tinfoil and goggles. They have a vested interest in spreading this bullshit -- it directly gives them a larger paycheck. So they'll happily sell you any story to that effect.
It is not the "conspirative" part that worries me, it is the part that these efforts are now mainstream and "legitimate" that's worrying.
Re:VPN (Score:5, Insightful)
While they are in prison or once they get out?
Or are you going to keep convicted criminals in prison because it "would be a step in the right direction"?
Or keep them permanently on public "* Offender" lists?
If rehabilitation rates are so low and nobody really gives a damn, why not just execute them like they do in China? Since obviously "everyone hates them so much".
The only big difference between you and a convicted criminal is you haven't been caught yet.
Is copying stuff a criminal offense yet?
Re:VPN (Score:2, Insightful)
Yes, absolutely. Do you have any idea how tiny that is when compared to the multi-trillion dollar US economy, let alone the global economy? Wal-Mart has 350 billion in revenue last year, and 11 billion in profit. 7 billion is 2% of wal-mart's revenue. Some retailers lose 2% in shoplifting.
In fact, 7 billion is such a low number, I suspect the real number is much much higher.
if i had another billion dollars, I'd wager that in 10 years banks will process checks the way wal-mart does now, before they hand the user any money, and before they can 'wire' the money to another bank account, the original account is checked for the money, and the check is scanned by the computer for identifying marks, that can verify it as original.
I'll take that bet. I think checks will go the way of the dodo, and be replaced by modern smartcards that can do signed public-private key exchange, similar to current systems used in europe today.
Define "cybercrime" (Score:3, Insightful)
If it's the first, then it's not a new internet we need, but rather to fix what is allowing these attacks to take place.
If it's the second, then my friend, there's no solution. Crime was committed before the internet. Changing the internet won't solve crime. Child porn happens because children are kidnapped and abused. And that happens OUTSIDE the internet. Perhaps we need to spend less money on Iraq and more money on programs to prevent child abuse and all that.
If you want children not to be approached by stranger adults, then make some kind of "child ID" using a centralized certification authority or something. Or how about EDUCATING YOUR KIDS?
Re:Security is impossible (Score:3, Insightful)
You grew up around the Internet, and are familiar with the types of people and scams that are common. It feels like common sense because it developed as a sort of mental reflex. But I doubt you even bother to compare ingredients and price for more than the two major competing brands at the supermarket.
Two Words: Anonymous Layer (Score:5, Insightful)
Soooo how are they going to stop people from encrypting data and obfuscating it?
Soooo how are they going to stop people form implementing a "slow drip" protocol through random nodes which is also encrypted?
There is absolutely no way to police the Internet without significantly impacting response times, etc. QoS will suck and they will still never be able to touch 99.99% of the "criminals".
Re:Two Words: Anonymous Layer (Score:4, Insightful)
Segregating the Internet!!!! Why do I get dejavu when I think of that? Oh what that's how it all started.
Honestly this idiot is suggesting we work backwards and devolve the Internet.
~Dan
and how about a third internet? (Score:4, Insightful)
As the government tries more and more to clamp down on the internet and bandwidth becomes more and more free OR the government successfully forces us to go to this "Second" internet (let's call this "surveillance net"), people will come up with a new "freenet" to lay on top of this new freedom restricting internet.
All it would take would be an open source program protocol that would pass information over the "surveillance net" by encoding the data, chopping it up, and passing it through multiple nodes (think parallel, not serial distribution) before it gets to the recipient. That way nobody (i.e. government) at any single node would be able to tell what data was being passed or even to who. This would successfully nuke any second internet benefits. With this expectation of a free internet that the general masses have grown to expect, I think you'd get a large percentage of people who were willing to be freenet nodes. (you can of course try to mandate this like bittorrent nodes where you have to be a node on the freenet in order to use the freenet).
I think all this really requires is that bandwidth be cheap and a push by the government to clap down on internet freedoms. I think we'd very quickly see a counter-revolution and open source developers would create the freenet.
d
The network is not the problem. The client is. (Score:3, Insightful)
Most of the security and crime problems associated with the Internet are problems with the client, not the network. In other words, Microsoft Windows is the problem.
If desktop clients ran each browser window in a separate jail, and downloaded programs were constrained by NSA SELinux type mandatory security, or a virtual machine monitor, to stay in their individual compartments, most of the attacks on personal computers would stop working.
If it weren't for those armies of zombie PCs out there, hiding where something unwanted was coming from on the network wouldn't work. Look what's happened to spam. Today, essentially all spam involves compromised machines. Any that doesn't is shut down, fast.
Ir's all Microsoft's fault.
Police state, no thanks! (Score:3, Insightful)
Re:Translation (Score:2, Insightful)
The Network is the Message (Score:3, Insightful)
The internet shouldn't be made more 'secure' by the government. The internet as we know it, is designed as a network which gives everyone the opportunity to participate. Restricting these 'rights' would be against the ideology from which the internet is build. We should see the internet as a public domain, where users are responsible and should watch for cybercrime and fight it. Let's think of securing the internet by participating as users instead of giving this out hands to the government.
Cybercrime can be stopped without monitoring! (Score:5, Insightful)
The article talks about hacking into bank accounts and identity theft etc. So if the government wants to crack down on this, why don't they just mandate that banks have to send their customers a bootable read only flash drive that contains a basic operating system, browser, SSL certificates and a one time pad? It wouldn't matter how badly some clueless moron's computer was trojaned to hell, because the bank would only accept connections from the booted flash drive.
You can't get mugged on the internet. You can't be coerced on the internet. Criminals need YOUR COOPERATION.
The U.S. could also stop using checks like every other civilized country, because they're a ridiculously huge security hole and a huge pain in the ass compared to direct bank transfer. But all of this would make too much sense, because none of it involves more government monitoring of its citizens.
The land of the free. Where no laws must ever tell corporations what to do, but citizens must compensate for their ineptness by being spied upon.
Re:Hmm... (Score:5, Insightful)
Re:Cybercrime can be stopped without monitoring! (Score:5, Insightful)
You can't get mugged on the internet. You can't be coerced on the internet. Criminals need YOUR COOPERATION.
Well, that is almost true. With certain Windows exploits, you can be doing perfectly normal things on your PC and still become infected. You can even have a firewall and anti-virus/anti-spam spam filter.
Unless, of course, you think that "cooperation with criminals" means "I don't digitally arm my computer to the hilt with every possible kind of protection, down-to-the-second patches, and anti-hacker voodooo ninjas." Just because my house is not surrounded by a moat filled with hungry pirahnna, does not somehow mean that I am cooperating with thieves. Next you're going to blame women for being raped...
Re:Cybercrime can be stopped without monitoring! (Score:4, Insightful)
why don't they just mandate that banks have to send their customers a bootable read only flash drive that contains a basic operating system, browser, SSL certificates and a one time pad?
While I suspect this will protect many, what about others, perhaps the majority that were not broken into this way?
Lots of cases of people walking in to banks and jacking in a USB drive right to the tellers or bank managers machine. So far we have even trusted bank employees and government officials. They too could be on the take for a list of ...
Don't overstate the users complicity in identity theft, while it does happen, not nearly as often as the banks would like you to think. This feeds the bank image, "we didn't do it" when in fact most of the time it was bank failure, not user failure.
But it is also why the banks do not do what you suggest, as then the only avenues of leaks are theres and they don't want us to realize how uncontrolled it really is.
Re:Hmm... (Score:4, Insightful)
The internet is an enabling technology and as it enables certain crimes they become MUCH more prevalent than they used to be. Not necessarily fundamentally different, just easier to carry out. Kiddie porn or fraud are good examples.
I think that laws don't necessarily need to change, but investigators need to be able to accomplish more (notice I didn't say they need more powers). Simply finding the kiddie porn sites is hard enough when the guys know they're being hunted and are hiding from the cops already. Being able to find the bad guys, develop a case, and bring it to prosecution needs to be easier without violating anyone's existing civil rights. I would focus on more hiring, better training, and straightening the paths within DOJ and among law enforcement agencies.
News flash (Score:3, Insightful)
Seriously... every time I hear "cyberthis" or "cyberthat", it's inevitably someone in law enforcment, the media or k-12 education (but talking about some enforcement issue). The cops are the worst... every unit they create is cyber-something... I guess they think it sounds cool. In actuality, it's more like hearing your grandpa say "gettin' jiggy with it".
However, if they're serious about such an endeavour they should go study with those who've already begun this sort of thing: China.
I'm sorry, Mr. Dempsey, sometimes a job just has to be hard.
Re:Translation (Score:2, Insightful)
Re:Two Words: Anonymous Layer (Score:3, Insightful)
It's a very short step from finding scammers and criminals and holding them accountable to finding political dissidents and persecuting them. You cannot have one without the strong likelihood of the other. If the potential for abuse occurs, then abuse is inevitable.
Re:Two Words: Anonymous Layer (Score:5, Insightful)
"You were hiding jews in your house ? Prepare to die !"
Accountability means that you are accountable to someone. That someone can easily abuse his powers; Hell, even the finnish police, the police of the state repeatedly voted the least corrupt in the world, began abusing the kiddie porn filter immediately after it was implemented. There is no authority worth the trust accountability requires.
Unfortunately, in Real Life, accountability is a neccessity. While it inevitably leads to abuses, lack of it means us violent monkeys live up to our murderous nature and rape, kill and loot each other. That's why we have governments, nation-states and courts of law.
However, it is impossible to murder anyone in the Internet. It is just as impossible to rape them, or cut a single hair from their heads. It is impossible to even rob them - altought it is possible to spy on them enough to gain access to their online accounts, which is one of the reasons why I don't have any. In fact it is impossible to do anything except say something nasty to them.
So, why would we need accountability in the Internet ? Who, exactly speaking, is actually being hurt by the spam, botnets or porn ? No one.
No, this "accountability online" is simply a guise for tracking down the people who leak nasty secrets of politicians and corporations, in order to punish them and thus cause a chilling effect. Internet and especially the anonymous protocols working on top of it - such as Tor and Freenet - are every politicians worst nightmare: an information propagation channel they can't block. "The truth shall set you free", so is it any wonder that every overlord in history has tried to prevent it from getting out ?
A democratic society - indeed, any free society - needs an anonymous communication channel with no accountability of what you say. If that is also useful for criminals, then that is simply the price you have to pay. The alternative is freedom of speech a la Soviet Russia: you are free to pee on Lenin's statue while shouting "down with communism", but you'll be sent to a Siberian labor camp for it.
Formerly Free Americans Call for Second FBI (Score:4, Insightful)
When contacted for comment on the AFFA group, agent Johnson of the FBI commented: "It is clear that AFFA is a domestic terror group, all they want to talk about is freedom when we are fighting an endless war. We need to be able to do whatever we want because most certainly this group may kill babies, torture puppies and bomb buildings. This cannot be allowed."
When presented with the quote above, Smith replied "This is why we're calling for a second FBI, the criminals in our government have ruined the first FBI by either asking them to, or allowing them to commit crimes against the people; and be clear, we are not saying most FBI agents are criminals, that isn't the case, my uncle was a fed, but the corruption at the top and in certain "joint task forces" ruinz it for the 98% of good, America loving agents."
When asked what evidence the agency had of anything illegal acts by AFFA, or why they would suspect that a group committted to peace, freedom, and the rule of law would commit such heinous acts, I was detained and questioned for 10 hours about if I was part of a domestic terror group and whether I supported the constitution. I was released after I agreed to publish the following statement: "I now see that the the FBI is right, this group and their type is dangerous. We are all in danger, danger is everywhere, and the internets is where it hides."
Re:Hmm... (Score:5, Insightful)
I quoted the word "cure" because I know there's no "cure", but treatments could be developed that would minimilize a pedophiles impulses and thus allow them to lead a normal and productive life. Putting them in prison or on Dateline is not the solution.
Re:Two Words: Anonymous Layer (Score:3, Insightful)
Well, if you feel that way, lets get away from the anonymity of the ballot box, eh?
I mean, you *would* support posting publicly your voting record for all elections wouldn't you? I mean, no need not to be held accountable for who you voted for in each election (or if you voted at all), right?
There are many reasons for true anonymity...political expression is just one of them. Of course with anything out there...you can use it for good and evil, but, if we were to toss out everything that could be used nefariously, we'd not have many freedoms or possessions left.
Re:Two Words: Anonymous Layer (Score:4, Insightful)
The ballot box is an unfortunate example, because it leads to confusing anonymity with confidentiality.
I have no problem with someone knowing that I have voted, and indeed a record of this fact is kept to ensure that I can't vote twice. I am thus not an anonymous voter, and I hope we'd agree that allowing arbitrary anonymous votes is not likely to meet with democratic success.
Who I voted for is a different question. That is private/confidential information. Since the information is not publicly available, I don't believe it is necessary for me to put my name to that information.
As it happens, there is also no crime that can be committed by voting in a certain way as long as I am casting my vote(s) according to the rules of the election, and no-one else's rights can be infringed by my doing so. Thus there would be no legitimate need to break confidentiality anyway. I think this is a separate issue to the anonymity question, though.
Re:Hmm... (Score:3, Insightful)