5 reasons why the proposed ID scheme for Internet users is a bad idea

5 reasons why the proposed ID scheme for Internet users is a bad idea

Summary: Imagine waking up in a world, where you would need to use two-factor authentication/biometric based ID, in order to do anything online. Here are five reasons why I think this is a bad idea.

SHARE:
TOPICS: Malware, Legal, Security
134

Imagine waking up in a world, where you would need to use two-factor authentication/biometric based ID, in order to do anything online. The reason for this? Accountability and supposedly, prevention of cybercrime.

This may well sound like the long-term reality, but Kaspersky's CEO Eugene Kaspersky has been pushing the idea for years.  According to a recently published article, he still believes that the time has come for a mass adoption of hardware IDs affecting every Internet user.

Here are five reasons why I think this is a bad idea, if not one that is virtually impossible to implement.

"To prevent the misuse of social networking accounts, Kaspersky is pushing the idea of government IDs as a prerequisite for all computer users. "I've been talking about this for four years already, that we need to have a secure design for the (entire) internet," he says. In Kaspersky's perfect world, all digital citizens would carry some form of ID to go online, hopefully creating greater hurdles for malware creators - but creating a nightmare for privacy advocates."

"When you buy a car, the car is registered and you have a drivers licence. If you want to have a gun, the same thing - it's registered to the person who bought it. The question is why?  Because it's dangerous. With computers, you can make much more harm than with a gun or car."

At first, the proposed ID scheme seems pretty logic in terms of accountability. Here are five points on what's wrong with it.

  1. Privacy vs Security for the sake of accountability - Interestingly, Kaspersky isn't claiming that the ID scheme would somehow lead to more privacy being sacrificed on behalf of the users. Instead, he argues that privacy is already dead, and that your ISP already knows everything about you, therefore the use of hardware IDs shouldn't really have an impact on the end user, since he's losing nothing. If privacy is already dead, and an ISP somewhere across the globe always knows everything about the activities of its customers, then what's the point of having a hardware based ID to authenticate something that's (supposedly) already known? There isn't. Which leads us to the best possible solution to the problem of tracking down the source of a cybercriminal - cross-border/cross-agency threat intelligence sharing.
  2. Mass adoption of two-factor authentication is no proof that it works, exactly the opposite - Using the "success" of two-factor authentication for E-banking as an example on the usefulness of the proposed IDs is partially incorrect. How did cybercriminals manage to undermine the myth of the hardware based authentication? Not by attempting to attack it directly, but by bypassing it entirely in the sense of patiently and automatically waiting for the now authenticated victim to start interacting with the E-banking provider.  Neither a SSL connection, nor a two-factor authentication device would prevent a crimeware-infected host from having its owner victimized by cybercriminal on the other side of the world. In the worst case, it would offer the user a false feeling of security.
  3. Hardware IDs would not solve the problem, since a malware infected host will be used to commit the same crimes - The article claims that the ID scheme would create some sort of hurdle for malware authors, which is totally untrue. How come? Even if we assume that the end user would be unplugging himself/herself from the Internet and connectivity would be disabled unless he authenticates himself again, botnet masters would continue operating with the bots whose users are online, taking advantage of the different time zones. With or without the hardware ID, the malware-infected host would continue forwarding the responsibility for the actions of the actual cybercriminal, to the owner of the host, unless it's proven the same has been compromised. Long gone are the days when a cybercriminal would use his own host to commit the crimes, unless we exclude the Mariposa botnet masters of course, who got caught by doing exactly the same.
  4. By authenticating yourself on a PC that's not yours, you automatically inherit its reputation - A quote from the article - "Kaspersky says that in Dubai "they are going to introduce regulations that in public places, to get access to public WiFi, you have to present your ID." The idea is that whenever a phishing attack is launched from a particular host, using the proposed ID scheme would allow law enforcement to find out the person that's supposedly behind the campaign based on the fact that he's already authenticated himself. In reality though, even when you're using a public computer, the malicious campaigns that were going on in the background would continue taking place, with numerous users identifying themselves, and none of them would theoretically have anything to do with these background processed maintained by someone on the other side of the world.
  5. Budgeting the idea on an international scale is off base - In order for this ID scheme to get even close to being of any use, would be its mass adoption. Otherwise, certain countries that deny, do not have the resources, or don't even believe in the idea, wouldn't bother implementing this. The real problem with fighting cybercrime has never been about the lack of technologies or knowledge on how the ecosystem really works. It's always been about the lack of mass adoption for these technologies, and the lack of active cooperation among countries. Even if we assume that in a perfect world, this scheme gets implemented, just like photoshop-ed IDs sent to domain registrars in Russia and China in order to comply with new regulations, biometric passports have been under fire since day one. It would be totally naive to assume that the same wouldn't happen to these IDs as well.

Do you think the pros of the proposed hardware based ID scheme -- if any -- are worth the loss of privacy? Do you still believe privacy exists online? Are you willing to sacrifice even the left overs of it, with the idea to improve accountability over the Internet, and supposedly limit cybercrime?

How long before cybercriminals undermine the ID scheme as well, and wouldn't a potential flaw in it lead us the same situation we're into today - millions of end users still susceptible to outdated 3rd party application flaws and vulnerable browser plugins, given the fact that only a small number of the hardware ID users would even know they're susceptible to impersonation based on the flaw?

Talkback.

Cartoon courtesy of Clay Bennett.

Topics: Malware, Legal, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

134 comments
Log in or register to join the discussion
  • This guy from Kapersky isn't

    spawn of Kim Jong Il is he?

    What's next, give blood for a phone call?

    It may be true that the ISP already knows more than the average bear about me, however, what this guy is suggesting really wouldn't make the world anymore safer, nor would it make the internet anymore secure.
    Snooki_smoosh_smoosh
    • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

      @JM1981 Kim Jong Il,no -- Lee Myung Bak, yes. Korea has had an Internet ID law for a couple of years now. It's a royal pain and means that non-Koreans can't joins conversations on Korean websites. Unless we're going to a world-wide ID, this would just Balkanize the Internet. I hated the Korean law when I was there.

      The law was passed because an actress was accused of some stuff on some forums, including having money problems. She ended up committing suicide. While her death is a serious matter, there wasn't really any more "cyber bullying" than any celeb normally receives.

      Instead of using her death as a way to discuss whether suicide is the appropriate response to being accused of something on the Internet, a law was passed to make all comments on sites over a certain size verifiable. It saddened me. There is no anonymous speech in Korea.
      daengbo
    • the solution is traceroute information on all packets

      It is really unimportant who sent the packet, as that is easily faked, but where it came from, what country, what exchange could provide a wealth of information in tracking "the bad guys". You could keep logs of your packets received by session, and have a very good idea of where your problems are coming from, without having to have an id.

      The isp's aren't into making the investments in infrastructure to make these kinds of things possible, so they push it back at the user, and let it be defeated by FUD, because no one really wants to have their actions tracked in such a draconian way.

      It seems Kapersky is another shill.
      sparkle farkle
      • But like you said, the source IP can easily be spoofed.

        How do you propose to find the sender's country without their IP? Deep packet inspection to try to automatically look for words, see what language they are in, and guess the country based on that? Come on!
        AzuMao
  • Cars, guns... you can't kill someone with the internet

    Sure, you can make someone disappear but you cannot electrocute them from my computer using theirs. There's a license for cars due to insurance, guns, for killing... The internet is for everyone.<br><br>Put it this way, I'll pay for another internet where someone can be accountable for a planted virus because their login was tracked. That's it.
    Maarek
    • Well in theory you could kill someone using a computer

      @Maarek: Not that any of what I am suggesting is in practice or may ever be put into practice, but if a safety system at a manufacturing company was somehow connected to the internet, or a virus gets sneaker net into a piece of equipment, it could in theory disable the safety systems, exposing someone to risk.

      There was also an article on ZDNET recently that showed that if a hacker could gain physical access to your vehicles computer port that they could disable all safety systems in your vehicle, which that in itself could cause injury or death.

      Is it possible? Yes. Likely? No.
      Snooki_smoosh_smoosh
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @JM1981 It is up to the service providers to implement security measures to reduce the risk. The proposals of Kaspersky are in line with every dictatorial tyrant to ever devastate a population. Removal of privacy and self defense in the name of government protection as stepping stones to enslavement.

        We will be better off with less regulation and more anonymity at the user level, and greater emphasis on aggressive implementation of security measures at the server admin level... One of the common errors in the design of many of the systems that are cracked is that they are connected to the Internet at all. Frankly, a dedicated control system which uses wireless controls has no reason for an Internet presence if designed properly. If security is that important, the interface between the public side and the private control side must be sneakernet. The whizbang automation and remote admin trends are the reason for the security breaches. Bring back hands on human controls and the hacking issue is resolved.
        notme403@...
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @JM1981 There was a guy who released a worm into the Internet which, among other things, entered a computer which controlled a radiotherapy unit - which then proceeded to deliver lethal doses of radiation to patients.

        While it's pretty stupid to leave ANY safety-critical computer system connected to the Internet and vulnerable to intrusion, this is a prime example of how the Internet can kill.
        loupgarous
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @loupgarous: No, that is a prime example of how stupidity can kill. You have a reference for that likely improbable event? I cannot see a technician setting doses and an worm randomly changing them to a different setting and the technician never catching it until people were dying. It's best not to pass on hearsay without citation, someone may take you seriously and start repeating it as fact.

        @JM1981 The mere fact that we have a computer in our car can kill us. Imagine you decide to go offroad in the desert equipped with what you need for the day. With a mechanically sound vehicle the computer can go out and you are now stranded. No hacker required and your computer likely just killed you.<br><br>I wonder how many people have been seriously injured due to a computer dying while driving on the highway? I've had three computers go out in my Dodge Durango over the last 11 years. Two had a "bad ground" and would suddenly shut the vehicle off while driving. Fortunately I'm no stranger to putting a car in neutral and coasting to a safe stop out of traffic. Sadly, most people wouldn't even have that thought.<br><br>Exactly which safety could be disabled to result in injury or death? I am curious what you were thinking of when you mentioned that. A car overheating or misfiring isn't likely to cause injury. Computers don't prevent electrocution - fuses do. Fortunately, at this point, brakes aren't disabled by a computer going out or enabling ABS. Computers don't shut the vehicle down if you are out of oil, so a rod would be thrown either way and that could possibly hurt someone. That's about the only thing I could imagine and hardly the kind of event a hacker would risk to take out a driver.<br><br>Thanks for your comment it set me pondering. ;0)
        mcbluefire
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @mcbluefire: "@loupgarous: No, that is a prime example of how stupidity can kill. You have a reference for that likely improbable event? I cannot see a technician setting doses and an worm randomly changing them to a different setting and the technician never catching it until people were dying. It's best not to pass on hearsay without citation, someone may take you seriously and start repeating it as fact."

        My bad: the Therac 25 incident, when a software error caused a radiotherapy device in Panama to deliver lethal doses of radiation to at least five patients, occurred at roughly the same time (early '90s) as the Morris computer worm.

        But from Wired magazine:

        "Bug eradication: no time soon

        When all is said and done, the most successful technique for combating software bugs may be to abandon any dream of eliminating them, says Jackson.

        "By way of example, Jackson says that during the summer of 2005, radiotherapy machines at two U.S. hospitals were infected with computer viruses when the Windows-based computers that controlled the machines were connected to the hospital networks.

        "Why was this small embedded system put on the network?" asks Jackson. The hospitals were trying to directly integrate the machines with the rest of the hospital's data network, but the computers hadn't been patched to resist the latest virus.

        Here's the catch: The radiotherapy machines probably couldn't be patched, because doing so would have changed the computer's configuration and required the medical software to be recertified. That's because installing a security patch might itself introduce a bug that could make the machine operate unsafely. "

        Here's your cite. Wired magazine good enough for you?

        http://www.wired.com/software/coolapps/news/2005/11/69369?currentPage=all#ixzz0pFfuKOMe

        Expanding on Wired's comments, a virus or other malware could (simply by altering program timing) cause a computer-driven radiotherapy device to deliver too little or too much radiation without the operator's knowledge. As a former biomedical engineering technologist, I know whereof I speak.
        loupgarous
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @JM1981 If someone gains physical access to a car, they don't NEED to use a computer to disable safety systems. I can just as easily cut your break lines, disconnect the airbags from the mercury impact switch, or whatever. The computer side of that is irrelevant. If someone wants to cause injury to another person, there are many ways to do that.

        I say keep anonymity on the 'net. There are too many bad ways that governments and companies can make the internet useless with that. Take the great Firewall of China for instance -- people there are denied access to much of the 'net, and in many cases persecuted for accessing certain information. This ID facility would make that possible, and likely, in all countries. Sure the idea would make sense logically, but lets face it, government and business is not logical.
        Liath.WW
    • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

      @Maarek

      Being killed is not the only harm that can be done in this universe. Think a bit dude. Free your mind.

      Highways are for everyone who has a licensed vehicle to drive on it. The Internet is a highway and should really only be accessed by identifiable computers. Think about. You'll get it.
      mustang_z
      • That's about the worst logic I've ever heard

        @mustang_z Do you seriously think of the internet as a highway? Everyone knows it's a series of tubes.
        marshray
  • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

    I think online ID is good. Everyone needs to be accountable for whatever he or she does online. Privacy and the Interned ane incompatible.
    dsm650
    • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

      @dsm650

      Everyone needs to be accountable for whatever he or she does offline, too. That doesn't mean when we visit a Sears store we have to announce and ID ourselves. Why must we do when we visit sears.com?
      none none
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        When you go to Sears or some other store and use a credit card to pay for your purchase, the cashier asks you for your ID (usually a drivers license), in order to verify your identity, relative to your possession of you credit card. That is an example of 2-factor authentication. Your face on the drivers license is kind of like biometrics, assuming you don't have somebody from the mission impossible team making one of those masks that looks like you. You sign a receipt. The cashier (an expert on detecting forged signature), verifies its authenticity (third factor).
        PSFTGURU@...
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        PSFTGURU@...
        I've never, in my life, (and I'm OLD) been asked for my ID with a credit card purchase. Be the victim, go ahead and show the sales clerk your drivers license. Now they have everything they need for ID fraud and theft; your credit card number as well as your proper name and address.
        PS "The cashier (an expert on detecting forged signature)..." Are you kidding? You're lucky some minimum wage clerk can figure out how to bag the item you just purchased.
        PZalong
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @PSFTGURU:

        Or you could go into a Sears and pay for a purchase with cash, in which case the cashier or the company won't know you from Adam unless they go to the trouble of hunting you down using security footage, fingerprints on the bills, etc. The point being, while perfect privacy and anonymity are really not to be had either in the physical world or on the Internet, we do (and should) have some choices about how easy we make it for people to find our information.
        Ginevra
      • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

        @PZalong: "PS "The cashier (an expert on detecting forged signature)..." Are you kidding? You're lucky some minimum wage clerk can figure out how to bag the item you just purchased."
        That basically tags you as a complete jerk. Just because someone works in a low-paying job doesn't mean that the person is any more or less intelligent than yourself. Many of those people are doing whatever they can to bring in money, and because of the way the employers pay 'peon' employees and jerk around their schedules means that they have to bust their butts to do that job, keep a family, and go to school (and somehow manage to pay for all of this).
        Do they check your ID every time that you use your card? Probably not. They *should*, but something your supreme intelligence is missing is that it takes time to do that properly, and if you've ever waited in a line and gotten niffed at how long it takes, imagine how much LONGER it would take if they properly checked every single customer's ID. Even better, I bet your haven't even had your ID ready *before* you get to the register to present anyhow.
        Now, add to that the employee's 'performance indicators' like customers per hour -- add in a proper ID check and guess what? Most of them would be fired -- on top of being bitched at by people that view them as nobodies already -- because they're "taking too long" to do their job.

        Before you make inane comments like that, I think you need some time working one of these jobs (and relying on it for income, not having help from parents/family/inheritance). Your outlook on things would change quite a bit.
        Liath.WW
    • RE: 5 reasons why the proposed ID scheme for Internet users is a bad idea

      @dsm650 [i]Everyone needs to be accountable for whatever he or she does online.[/i]

      Morally I agree with you... However, I do not want the government or anyone else to tell me what my moral compass should look like.
      Badgered