October 16, 2010

Internet Security vs. Civil Liberty

From Washington DC it is being reported that the US government is taking a look at a new program now set to be rolled out in Australia, to make the internet “safer.” Before we get right to the topic, as a side note, it is worth mentioning that this is not the first time the Land Down Under has become the proverbial canary in the coalmine. In the late 1990's these freedom-loving people in a land of vast wilderness expanses was subject to new draconian restrictions on citizens' firearms. Today, statistics show that these heavy-handed restrictions by the government have done nothing to improve public safety. A fair argument can even be made that the loss of gun rights put the citizens there in more danger, at a very high monetary cost, yet the failed policy remains in place more than a decade later. Moreover, those statistics cannot show what the real cost may be when it comes to the values of liberty and freedom heralded by America, but supposedly also cherished by the rest of the “free world.” It seems that the global powers-that-be like to use a freedom-loving but sparsely populated land like Australia as a testbed for their control mechanisms over populations.

Here is some information on the impact of gun-control in Australia, information that you may not be allowed to view much longer if you are in Australia and your ISP doesn't want you to see this web-page...

Today, information is power. So it only stands to reason that the internet, the last bastion of unrestricted exchange of information, would be viewed by some as an entity which must be controlled, like all the other facets of our lives that have come under restrictions. It seems most of the so-called rights we are left with today require a user handbook in order to know how you can actually apply those rights without violating the law or some civil statute that may leave you broke and destitute should you stray afield of these control mechanisms. The internet however, is not so easily policed, with rapid dissemination of information made easy and with violators of public code more difficult to identify.

So it is no surprise that the current Presidential administration is meeting with industry leaders in order to find a way to put clamps on the internet. To impose security measures in the name of “safety” while claiming that civil liberty concerns are being weighed as anything more than a stumbling block to symbiotic government/corporate control of the internet. They are looking closely at portions of Australia's plan that are set to go into affect in December.

There, internet service providers will be allowed to alert a customer if their computer has been taken over by hackers. Seems like a good idea on the surface. As White House cyber-coordinator Howard Schmidt puts it, "Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," But of course, the question then is, how effective is the software that is being used to identify threats? This also opens the door to “selective” policing, and lulls the public into a false sense of security. A very good hacker working on the cutting edge of up to the minute technology probably won't be detected. Government intrusions will not be reported most likely, even if they were detected. And of course, the corporations with their varying agendas will exploit this inherent vulnerability in selective policing. If your ISP is gathering usage data on you and selling it to another company, they certainly aren't going to send you a report about it.Besides, who better to judge their own security need better than the individual? Are legislated or corporate imposed requirements actually necessary?

Schmidt went on to say that the American public would go along with it if a company is willing to give them better security. Sure, why not? That is the real question. What is the real cost here? Because “giving” us better cyber-security is bound to have some strings attached. Nothing is free in this world, and no company, nor the government are about to spend millions, even billions of dollars and go well out of their way to “give” you anything, except syphilis perhaps.

Cyber-security expert James Lewis, a senior fellow at the Center for Strategic and International Studies is of the opinion that the public would be amendable to the idea of having their ISP warn of cyber attacks, while helping them to clear malicious software from their systems through instructions, patches, and anti-virus programs. But isn't such help already out there? Well granted, security software and monitoring is not done by your ISP, but it's not like most of us are surfing the net without firewalls, malware removal tools at the ready, and even full retail grade security suites. Of course, much if it is not free, and some folks say in a sort of tongue-in-cheek manner that it is the cyber-security software companies themselves that are creating these threats in order to maintain the demand for their products and to insure continued update subscriptions. So will ISP's be providing for free what software companies have been charging for? Not for long, because as Mr. Lewis also explains, the public may be willing to pay a monthly service fee, just like all the other fees that are already attached to our utilities and communications services.

So rather than having the choice of whether or not you want to spend money on internet security, it will be mandatory that you now cover those costs as part of your standard contract with an internet service provider. For now though, the public is being softened up to the idea, like a crack dealer who give you your first few hits for free. Comcast is set to expand their Denver-based pilot program which alerts customers when their computers come under the control of a botnet. That program will go nationwide in the next few months. Seems all well and good, but even if the service is not itemized as a pay service, surely Comcast is not promising a freeze on general rate increases, which would help to cover the cost of the program, and whatever future security enhancements they may choose to “provide.”

Like Mr. Lewis said though, the public will probably be willing to pay a small fee with a non-chalant, “thanks for the info, good to know” sort of approach. After all, it could still be considered voluntary what company you choose as an ISP, though those options seem to have become more and more limited because of mergers. But in Australia, they are taking it a step further now. It's not just good-to-know info, but your ISP will insist that you do something about it. They are planning everything from warnings, to blocking outbound emails, to actually quarantining your entire system from the internet. That is not just one company, that is set to be the industry standard for all ISP's in Australia. It's one thing to be provided information to help keep your system safe and secure, it is quite another to have your access to the internet terminated because you are not up to date on your security maintenance tasks.

There are a few very big problems with that approach. Here in America, it could and should be seen as a direct assault on the First Amendment. To have your words, perhaps in the form of an email for example, being barred from distribution by some private corporation is a clear affront to liberty, even if it is in the interest of “internet security.” That's like saying that you cannot say what you want while standing on a street corner, because the guy who built the sidewalk is worried that you might cause damage to the sidewalk. Guess we'll have to go buy a pair of bowling shoes first. Freedom of speech, by paid permit only with proper attire.

Just because a person cannot afford internet security software, does not mean they should be barred access to the internet for one thing. But perhaps the ISP will be providing these fixes and software “free” of charge. Of course, then that means that your ISP could be installing who knows what into your system. What if the threat you are most concerned about is in fact your own ISP that you have been railing against on your web-page, or some other company that does business with your ISP, or the government who, no doubt, also have a cozy relationship with ISP's. What if these supposed fixes are malware themselves? What if these supposed fixes create system errors, as unnecessary system updates may do from time to time. But at least there, we still have a choice as to whether or not we update our systems. These new security ideas allow for no such freedom or choice in how you will maintain your system.

There is yet another serious concern, especially to folks like small business owners, folks who work from home, who depend on their computers for income. There may be times when a person is operating on a deadline, or may have some other immediate need for internet access such as a family emergency. A sudden and announced block could have serious and costly repercussions. Even for the person who is diligent with their system security knows that on occasion they may be subject to an attack or error that can take days to repair. Now you will be restricted or even barred from the internet during that time. Not to mention the fact that you might very well need internet access in the first place to make the repair. If you think they already thought this through, guess again. There is a whole nest of unforeseen problems that may or may not be fixed, as it is the consumer's problem, the citizens' problem, not theirs once these things are put in place.

Now a personal anecdote for a moment, if I may. In the US, a land-line telephone is considered so important, that even if you don't pay your bill, there are FCC regulations that bar outright and immediate termination of service. It can take months before that line is finally cut completely, and in that time the person who is in default will get many notices and still be able to dial the operator as well as 911. Several years ago I found out the hard way that digital communications are not governed by the same FCC regulations as the telephone company, and to not trust these companies any further than I can throw a television. I signed up for a triple-service plan with Cablevision, to have my telephone, television and internet all be provided by them for a single monthly rate. Because I made the switch part-way into the month, it created a billing error. I was told not to worry, that I had in fact been over-charged, and to not pay anything until my next regularly scheduled billing statement arrived. A few nights later, in the middle of the night, my roommate stopped breathing. I ran for the phone. I could not make a call. No, “sorry, your service has been suspended,” no dial-tone, no operator, no 911, nothing. I woke the neighbors, and got an ambulance there. My roommate was fine after a quick visit at the hospital. But you can bet that the next day I raised holy-hell with Cablevision, and a snotty supervisor that I finally got on the line from a neighbor's phone. That was how I learned the hard lesson of how not all service providers are the same or governed by the same regulations as technology advances. When I went back home, I found that she had in fact turned the telephone back on...and then an hour later my television and internet went dark. I ripped the box out of the wall and never dealt with Cablevision again.

Now just think of what an internet service provider like that will do if and when they are handed real power, as society becomes ever-more dependent on the internet. Are we really going to allow this sort of thing to be legislated into law, in the name of public safety, and then be forced to pay a fee on top of that? Apparently, because Mr. Lewis also tells us that it is inevitable that ISP's will play a role in internet security. Dale Meyerrose, vice president and general manager of Cyber Integrated Solutions at Harris Corporation states, "There are people starting to make the point that we've gone about as far as we can with voluntary kinds of things, we need to have things that have more teeth in them, like standards.” Teeth huh? Sounds like some folks are talking about sinking their teeth into the Constitution and our wallets. Standards? The same sort of standards that leave a person who has stopped breathing without a lifeline to the outside world? What threat justifies corporations or government imposing such standards and measures that will cause so many problems at considerable cost in time, money, and personal liberty?

According to former chief technology officer for the National Security Agency, Prescott Winter of California-based cyber-security firm ArcSight, the unfettered and unfenced technological wild-west is not secure, stating, “we need to take steps to make it safe, reliable and resilient.” Uh huh, so we keep hearing, but the reasons why are not so clear. It seems the spectre of oppressive corporate sponsored government is far more prevalent than the threat of any serious attack.

By what right does a corporation or government presume to dictate what level of security the individual may find necessary for their internet needs, or what they can afford? If one wants to buy some old laptop from a yard sale running windows 95 and go power up at the coffee shop to jump online, they should have every right to do so. But that is not the future envisioned by Mr. Meyerrose. Instead, he sees public wifi hotspots restricting access, blocking those laptops which are not equipped with certain security software, that do not meet whatever criteria the industry decides is the standard. Moreover, he sees that it will be your tax dollars that will be used to impose those standards, as tax breaks will be given to those providers who comply with the demands.

"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better," says Prescott Winter. So it appears that they are indeed the canary in the coalmine, and that we are expected to go jump off the bridge behind them.

A report on this subject was made by the Associated Press and can be found at the following Yahoo News page...

US studying Australian Internet security program

For further reading on internet security, it is highly recommended that you read our previous article...

No comments:

Post a Comment

Popular Posts

I may be contacted at my email address marselus.vanwagner@gmail.com