Web of Fear

There’s a very scary story floating (h/t Gizmodo) around about a man framed by a virus that compromised his computer, then downloaded child porn and acted as a server, all unbeknownst to him.

The Wallet Inspector (I can't believe that worked!) from Simpsons Episode 503

The Wallet Inspector (I can't believe that worked!) from Simpsons Episode 503

Let that sink in for a minute.

The man was eventually able to clear his name, after spending hundreds of thousands of dollars on his defense. Computer forensics were able to show that the computer was visiting sites and downloading material at an inhuman rate of speed, making it impossible for a person to be driving it.

Apparently, it’s common for courts to skip detailed computer analysis like this due to high cost. Yikes.

Stories about the perils of the Internet are incredibly common in all forms of media, and I’m sure everyone has at least one personal story about a virus or a scam that nabbed you. The open nature of our beloved intertubes has created a dangerous place where the uneducated can really get hurt.

So, how to fix this, assuming it needs to be fixed?

I think it’s safe to assume that sometime in the next decade, anonymous online activity will virtually disappear. Court precedents over the past few years have shown less tolerance for people hiding behind anonymity.

Right, wrong or indifferent, it’s only a matter of time before the old joke about nobody knowing you’re a dog goes extinct. Generally speaking, I’m in favor of educating people, rather than creating a police state to protect the innocent.

Along those lines, I’ve often thought that people should have to take a course in general interwebs safety before they can do any damage to themselves or others. The natural extension of this is a licensing process, just like the one every teenager goes through to get a driver’s license.

There are a lot of moving parts here, and I haven’t got it all figured out yet. Still, this feels like an issue that’s going to get worse before it gets better, which usually means sweeping action of some kind.

Am I wrong to think this is a problem that needs a solution of some kind? Most people are hopelessly uninformed about what can happen to them online, just from harmless browsing. Case in point, Chet’s post about his neighbor’s virus problem.

But maybe this is a survival of the fittest case, i.e. if you don’t keep you machine updated and take reasonable precautions, you reap what you sow.

So maybe it doesn’t need to be fixed.

What do you think? Find the comments.

AboutJake

a.k.a.:jkuramot

16 comments

  1. i waffle on this…my instincts say it should be darwinian, but if you didn't do it and it can be proven…wifey was just railing on the entire licensing thing the other day. she went to get her hair done…the guy has to have a license (pays the state, pays for CE classes-if any)…why? to protect the stupid? if he's good, the market will show that. or maybe she's just angry that I don't have a job…who knows?

    I've been reading Security Monkey (aka @chiefmonkey) since I started reading online blogs…he talks about this quite a bit. Check his stuff out if you get a chance…the case files are awesome.

  2. There's no easy answer, but the solutions range from total control of the 'tubes (a la China) to complete laissez faire. Sprinkle in a pinch of net neutrality and pirating, and you've got a whole lot of dicey issues that will be front-and-center for the next decade.

    I like licensing in this case b/c as with cars, you can do yourself and others harm by sucking at internets.

  3. we need a sense of perspective here – one guy versus how many were actually engaged in this kind of illegal activity and ended up in jail? and then there's all those who aren't injured at all on the web. license away but as we've seen with cars, they can still be used for bad stuff… … plus would you want a job in the interweb equivalent of the the DMV? Noooooooooooooooooooo.

  4. One guy who successfully fought it. Sure, it's a bit tough to get a real idea of who else has been effected (everyone's innocent, right), but I'm guessing there's a small percentage of innocent people.

    Identity theft is pretty commonplace, so how about that instead? These types of crimes are really difficult to trace as well, leaving a perpetrator-less crime. I guess the point is that something's going to be done about this eventually; so, do we educate or install controls to protect the ignorant (and possibly lazy)?

  5. That might be one perspective, but then the argument could be made about educating people not to throw credit card statements or receipts in the trash.
    It's like backups and flossing – nobody does it until they lose something.

  6. Bit of a broad generalization there. I think a lot of people have changed behaviors like the ones you mention as a precaution b/c they're easy.

    Being safe online isn't what a lot of people would call easy. You have to patch regularly, which we know is a big issue, even for people who should know better, and be able to identify attack vectors.

    Honestly, part of the problem is lack of proper perspective. Most people are vaguely aware, while others are super paranoid. No one with any knowledge has correctly set the bar. I guess this is a growth industry 🙂

  7. I think the real challenge is increasing digital literacy so people can a) get access to the interweb, and b) do so safely. There's too many without this kind of literacy (actually the literacy literacy in general in some developed nations ain't a lot to write home about either). That needs to be balanced by a respect for people when they DO get online – providers have responsibility here too: http://www.irishtimes.com/newspaper/finance/200….

  8. This will remain a problem until non-repudiation gets down to the hardware level and includes the net transport layer. Then the problem simplifies to, when you outlaw repudiation, only outlaws can repudiate. Some semblance of anonymity can be created for certain subnets for political speech or otherwise give the appearance of freedom. People cannot evaluate risk properly under the best of circumstances. Any manual processes will fail, and any processes must be evaluated in terms of massive computing power.

    Education will help the current issues, but won't come close to solving them, and doesn't address the root causes of the issues. It's not to protect the stupid, it's to protect everyone. People forget that even in the most apparently silly licensing or often laws in general, they were put in place to right a perceived, actual or potential wrong. Do you have any idea what kind of nasty things used to be done in hairstyling salons? Even in this century, check the recalls on hair products.

  9. Just thinking out loud. This problem is going to get worse before it gets better, a lot worse. Everyone wants open until it's their identity stolen, their computer compromised for botnet malfeasance, their case being tried by a luddite judge and jury.

  10. Outstanding hair salon reference 🙂 Solutions aren't coming anytime soon. There is too big a gap between lawmakers and people who actually understand intertubes (i.e. it's not a big truck, it's a series of tubes). Plus, there's no incentive because individuals, even squeaky wheels, aren't enough to force change.

    The next decade will be very interesting.

  11. Just thinking out loud. This problem is going to get worse before it gets better, a lot worse. Everyone wants open until it's their identity stolen, their computer compromised for botnet malfeasance, their case being tried by a luddite judge and jury.

  12. Outstanding hair salon reference 🙂 Solutions aren't coming anytime soon. There is too big a gap between lawmakers and people who actually understand intertubes (i.e. it's not a big truck, it's a series of tubes). Plus, there's no incentive because individuals, even squeaky wheels, aren't enough to force change.

    The next decade will be very interesting.

Leave a Reply

Your email address will not be published. Required fields are marked *