Don't secure the internet, it needs crime: Diffie

Don't secure the internet, it needs crime: Diffie

Summary: Creating a completely secure internet is not a practical way to solve our security problems and having it as a medium for crime might actually be better for society.

SHARE:

While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary.

Diffie, who spoke at the Australian Information Security Association's National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and Ralph Merkle the Diffie-Hellman public key exchange method.

He said that the security problems we face today aren't necessarily due to the unsecure nature of the internet, drawing a parallel to its reliability.

"I'm inclined to think that society needs crime."

He pointed out that reliability on the internet wasn't created by designing it into its bottom layer, stating that if it were, the cost to implement such a network would be substantial. Instead, he said that today's Internet Protocol is a cheap, unreliable way of communicating, and that when reliability is required, other protocols are introduced as needed.

"If you need reliability, you run something like TCP ... and you concentrate reliability where you need it. There's an analogy here with security," he said.

"I am rather inclined to think that a [completely] secure network is not adequate to serve our needs, and that's one of the reasons we don't have one. We put our needs above some notion of security."

Furthermore, Diffie said that by looking at the broader socio-economic picture, creating a completely secure internet could be a mistake.

"I'm inclined to think that society needs crime," he said, explaining that in the event of a crime taking place offline, such as a home robbery, it creates jobs for police, judges, lawyers, insurance companies.

"There's thousands of dollars worth of business here, while the crook only got 50 bucks!" he said.

"Clearly, crime has a much larger constituency than society would like to admit. I am conjecturing, therefore, that the internet also needs crime."

Diffie said that the internet would be a nicer place if people didn't spread malware, but that the real world does, to an extent, mirror the online world.

Diffie's argument for an unsecure internet doesn't necessarily mean that security can't be provided. He pointed to the World War I era, during which radio transmissions were completely open — yet, through cryptography, it was possible to send private messages.

"[Cryptography] turns all problems into key management problems. The security or insecurity is amplified to be the security or insecurity of gigabytes of traffic."

He said that cryptography essentially frees whatever information you are trying to transmit from the medium that it is being sent via, whether that is a satellite, a phone line, or an unsecure network like the internet.

However, cryptographic methods require keys to decipher the information, and, as such, Diffie said that the problem isn't in securing the network; it's in securing whatever system the keys reside on.

"It turns all problems into key management problems. The security or insecurity is amplified to be the security or insecurity of gigabytes of traffic."

And when it comes to secure computing, Diffie said that it has been done poorly.

"It seems to me that we have made less progress in secure computing than we have in cryptography."

He pointed out that many times, various organisations, both private and governmental, have gone down the wrong paths.

"People often propose building a separate internet. They vet the users, and they defend the end points, and both of those have costs that are linear in the number of people using it. That's not scalable."

He also criticised attempts to keep computing environments secure by writing code in-house.

"You can't write all of your own software. The US Air Force tried that. It finally gave it up in the '60s. It had its own compiler and things like that. It cost billions and it just wasn't sustainable."

To solve the issue, he said that there are two approaches, one of which involves limiting and reporting to the network what software is installed on a machine, hence allowing others to refuse connections if the software is not trusted.

"It limits the kind of damage that can be done to you, but you have a basic hold [from software vendors] that you have very little control of."

The other approach goes in the opposite direction, by concealing at the edge of the unsecure network what's installed on the end point.

"A computer built from the ground up to serve the interests of its user," he said.

"It would be a computer, it would be running Linux or something, but all the outside world could see was that. They couldn't see what information it has."

Topics: Security, Malware, Networking, Privacy, Australia

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • No, we don't need crime

    We'd all be a lot better off if everyone was voluntarily honest, allowing us to spend a lot less on "security". The money would surely be spent on other things, so job losses would be short term.

    It should be understood, though, that prior restraint isn't free and can be more expensive than the alternative (not all costs are monetary).
    John L. Ries
    • Problem is that dishonest /= criminal

      And there are a lot of things on the criminal law books that I personally don't believe should be on them because they infringe on constitutional and human rights, something that if I were 'grabbed' on them I would be willing to argue in a court of law.
      Lerianis10
      • Crime and law

        Yes, there are some rather bad, and restrictive laws that only cater to someone's personal view of right and wrong. However, that doesn't apply to the type of computer crimes this article addresses. Several recent laws violate good sense, and ancient international practices, such as charging someone with a crime in the US that took place in another country. These raise issues of the rights of countries to pass laws that may be different from others.
        rphunter42
      • Crime vs lawbreaking

        There are acts such as murder, theft, or kidnapping, that are inherently criminal and would be, even if they were legal; other acts, such as speeding or copyright infringement are outlawed for legitimate public purposes (we hope), but are only wrong because they are illegal; not because they are inherently criminal. I have long asserted that the term "crime" properly applies only to the first category of offenses.
        John L. Ries
        • Belief in God is required

          Who decides for example, that lying or stealing are inherently criminal? If a society decided that these things are not wrong, would they still be wrong? A secular, evolutionary worldview holds to the doctrine or theory of survival of the fittest. This means that the creature with the biggest claws or most powerful gun is most fit to survive. On the other hand, someone who holds the worldview that there is a God who has created everything, including absolute moral law of right and wrong, enables us to clearly say that an act is wrong because God has decreed so, just as he has decreed the laws of physics. Right and wrong are only absolute if there is an absolute God above and beyond humans.
          arminw
          • Wich god ? Yahweh, Ala, Zeus, Horus?....

            This has nothing to do with a belief in a god or gods I do not understand how you link belief in a god to this article & blame secular worldviews when the ones doing harm are religious people basing their morality on first century world views. Your argument is illogical. You say belief in god is require I ask you to tell me what god or gods there are thousands and people that are indoctrinated to belief in one god or the other have justify evil in the name of their god. How is that even moral?How does belief in god explain the world we live in today where the majority belief in a god and still commit crimes.
            beau parisi
          • While I do believe in God...

            ...I don't believe that any holy book (to include secular ones like the "Origin of Species") includes a comprehensive code of morality (easier to concern oneself with general principles). But if you're an atheist, you may want to consider what sorts of behaviors are conducive to the continuance of civilization, the survival of the species, and general quality of life, and which are not.
            John L. Ries
        • Inherently criminal...

          That's an interesting comment "inherently criminal". On what do you base this - one has to draw from a reference point to be able to say that something is "inherently" anything. In this case, the reference point is an arbitrary standard that we in the west have set up. But where did that standard come from? And why consider some standards to be "gold" and others as "cultural"? There are plenty of cultures in the world who are still very comfortable with murdering a person, or kidnapping them or stealing from them when it suits. Indeed, those people groups who practised such "flexibility" in their standards outnumbered "the west" until the 17 or 1800's. And as we in the "west" slide back towards dark, tribalist self-centred narrow thinking again, we are "shedding" what should be inherently wrong and re-labelling such as "culturally optional".

          The classic case of this in the "modern" west is abortion (sounds of collective gasp as liberals can't believe someone would have the audacity to challenge their holy grail in public). There are only 2 views on this. 1) It's murder (taking someone else's life against their will) 2) It's choice. The problem with option 2 is two-fold. Firstly, it assumes that the un-born baby isn't human. That's a spiritual problem based on the denial of God's existence. Second, that since the "object" inside a woman isn't human, therefore it has no rights and can be "removed" as if it were a tumor. And the reason I mention any of this is that in reality, abortion is actually inherently wrong, as it is murder. But since relativistic post-Christian revisionist morality has ditched God's standards as the "gold" standard, anything and everything can be reasoned away, and therefore there really no longer exists an "inherent" wrong or right, as there is no basis for for the "inherent-ness" to stand upon. Therefore, secularism ends up in a vicious downwards spiral that ends in anarchy and tribalism - which is why the "west" is self-destructing today. And then we end up right back where we started from 2,000 years ago, with the strong controlling all by force and violence, foisting on the "weak" whatever transient, convenient rules and laws suits them on a day to day, week-to-week basis.

          The short of it is this: without God's standards, human society cannot flourish or stand cohesively - it just limps along. And before you say "What about the Egyptians, Aztecs and all the other great civilisations?", remember 2 things: 1) despite your darwinian secularist humanist indoctrination, all the great civilisations came post-flood and had the seed of God's standards as a result (since they all descended directly from those very few who survived the flood: easily, scientifically, genetically provable, before you rant about it not being possible to repopulate the planet from so few) - in some instances more than a seed, a number of the later ones inadvertently borrowing from the Hebrews (who were intrusted with God's standard) of the day. 2) All the major civilisations in question flourished so long as they had firm laws and standards that were enforced throughout their empire. While such laws certainly weren't uniformly or even obviously God-based standards, they were absolute, not relative. Even then, some of the very basic basics of God's standards (eg that murder is wrong, the concept of restorative justice etc) still existed in all these civilisations. It's only as hedonistic self-interest and a desire to "water down" the laws took effect, and relativism entered, that these "great civilisations" self-destructed (often in concert with rivals and ascending civilisations who were able to overcome the once dominant civilisation due to it's new-found corruption and weakness due to moral decay).That's an interesting comment "inherently criminal". On what do you base this - one has to draw from a reference point to be able to say that something is "inherently" anything. In this case, the reference point is an arbitrary standard that we in the west have set up. But where did that standard come from? And why consider some standards to be "gold" and others as "cultural"? There are plenty of cultures in the world who are still very comfortable with murdering a person, or kidnapping them or stealing from them when it suits. Indeed, those people groups who practised such "flexibility" in their standards outnumbered "the west" until the 17 or 1800's. And as we in the "west" slide back towards dark, tribalist self-centred narrow thinking again, we are "shedding" what should be inherently wrong and re-labelling such as "culturally optional".

          The classic case of this in the "modern" west is abortion (sounds of collective gasp as liberals can't believe someone would have the audacity to challenge their holy grail in public). There are only 2 views on this. 1) It's murder (taking someone else's life against their will) 2) It's choice. The problem with option 2 is two-fold. Firstly, it assumes that the un-born baby isn't human. That's a spiritual problem based on the denial of God's existence, and the fact that at the moment of conception God attaches a spirit to the growing cells, making it human from that point onwards. Second, that since the "object" inside a woman isn't human, therefore it has no rights and can be "removed" as if it were a tumour. And the reason I mention any of this is that in reality, abortion is actually inherently wrong, as it is murder. But since relativistic post-Christian revisionist morality has ditched God's standards as the "gold" standard, anything and everything can be reasoned away, and therefore there really no longer exists an "inherent" wrong or right, as there is no basis for the "inherent-ness" to stand upon. So secularism ends up in a vicious downwards spiral that ends in anarchy and tribalism - which is why the "west" is self-destructing today. And then we end up right back where we started from 2,000 years ago, with the strong controlling all by force and violence, foisting on the "weak" whatever transient, convenient rules and laws suits them on a day to day, week-to-week basis.

          The short of it is this: without God's standards, human society cannot flourish or stand cohesively - it just limps along. And before you say "What about the Egyptians, Aztecs and all the other great civilisations?", remember 2 things: 1) Despite darwinian secularist humanist indoctrination, all the great civilisations arose post-flood and had the seed of God's standards as a result (since they all descended directly from those very few who survived the flood: easily, scientifically, genetically provable, before one rants about it not being possible to repopulate the planet from so few) - in some instances more than a seed, as a number of the later civilisations inadvertently borrowed from the Hebrews (who were entrusted with God's standard) of the day. 2) All the major civilisations in question flourished so long as they had firm laws and standards that were enforced throughout their empire. While such laws certainly weren't uniformly or even obviously God-based standards, they were absolute, not relative. Even then, some of the very basic basics of God's standards (eg that murder is wrong, the concept of restorative justice etc) still existed in all these civilisations. It's only as hedonistic self-interest and a desire to "water down" the laws took effect, and relativism entered, that these "great civilisations" self-destructed (often in concert with rivals and ascending civilisations who were able to overcome the once dominant civilisation due to it's new-found corruption and weakness due to moral decay).
          naibeeru
          • the need of god.... the need of alcohol in our veins....

            While this would get you drunk (although it would be very dangerous) it will not save you from a breathalyzer.
            You actually excrete a certain amount of alcohol out of your lungs. Breathalyzers measure this, and calculate the level of alcohol in your blood, it doesn't matter how you took the alcohol.
            On a side note, IV alcohol is actually used to treat ethylene glycol (antifreeze) poisoning. (under strict medical supervision of course). When a hospital in rural Australia ran out of medical grade alcohol they had to use IV vodka to treat a patient.

            There are even more versions of Microsoft's Office 365 than we've thought. Another small-business and a mid-size business release are on deck. And here's pricing for the lot.

            Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

            The short of it is this: without God's standards, human society cannot flourish or stand cohesively - it just limps along. And before you say "What about the Egyptians, Aztecs and all the other great civilisations?", remember 2 things: 1) Despite darwinian secularist humanist indoctrination, all the great civilisations arose post-flood and had the seed of God's standards as a result (since they all descended directly from those very few who survived the flood: easily, scientifically, genetically provable, before one rants about it not being possible to repopulate the planet from so few) - in some instances more than a seed, as a number of the later civilisations inadvertently borrowed from the Hebrews (who were entrusted with God's standard) of the day. 2) All the major civilisations in question flourished so long as they had firm laws and standards that were enforced throughout their empire. While such laws certainly weren't uniformly or even obviously God-based standards, they were absolute, not relative. Even then, some of the very basic basics of God's standards (eg that murder is wrong, the concept of restorative justice etc) still existed in all these civilisations. It's only as hedonistic self-interest and a desire to "water down" the laws took effect, and relativism entered, that these "great civilisations" self-destructed (often in concert with rivals and ascending civilisations who were able to overcome the once dominant civilisation due to it's new-found corruption and weakness due to moral decay).
            dkaparunakis@...
          • What don't you get?

            Your argument against abortion is the same old religious intolerance and bigotry. Can't you distinguish the difference between a seed and a sapling?
            stephen714
    • yay......!!!!!!!!!!!

      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      we need crime period.....!!
      dkaparunakis@...
  • Securing the internet is impossible to do

    In the real world, securing the internet totally is impossible to do. Not to MENTION that some things that are crimes today might not be tomorrow. Example: homosexuality being legalized in the 1970's and interracial relationships being legalized in the 1960's.

    No, what we really need is for people to get SMARTER about using computers and being taught to not download and install every single thing that they see on the internet or are referred to on the internet.
    Lerianis10
  • No crime necessary

    This is an misinterpretation, it seems.

    The Internet operates more or less on the cold war principle. If everyone misbehaves, this assures mutual destruction, i.e. nothing works. Because of this, everyone on Internet voluntarily behaves.

    Further, there is this common misconception of the "security of the network". By design, Internet runs on a very "dumb" network with "smart" end nodes. Unlike other traditional communication networks, the Internet has not central control points. Everyone and anyone is in charge.

    Of course, a bunch of parties would like to convince everyone, that Internet should become centrally managed, etc.
    danbi
  • Secure it

    There's a belief that if something is profitable and revenue-generating, then it is good for society. If someone could make mass murder profitable.. oh wait... war is one of the most profitable industries.
    Crime online is as inevitable as crime offline. If agencies find a way to protect us from all crime on the street then it is concievable that online crime could also be tackled. By all means secure the internet, but don't expect it to be 100% secure, and don't trample on our liberties to achieve security.
    justanumber
  • Good reasons for encryption

    I think the solution lies in educating the layman as opposed to trying to find advocate a blanket solution for security or the lack thereof. Furthermore, its kind of a tradeoff, between the extent of gov spying, crime and reduction of complexity. There is a growing need today to encrypt your traffic, but I wouldn't want the government or an ISP doing it for me. There are a lot of flexible services out there that are also user friendly and cost effective. I personally use Hush Tunnel (hushtunnel.com ..no affiliation) because of their BitTorrent and VPN support, as well as the fact that it uses Diffie's technology (thanks Diffie!) but there are many others that are good like TuVPN, PureVPN, etc.
    Marci_xoxo
  • Another Federal Agency?

    The PRO "protect me from everything" crowd is really fired up about this. I just see another inept federal bureaucracy costing $$$billions in the making. There are a bunch of companies out there willing to take a risk to develop anything that's needed, and make products for a profit that will deliver whatever is needed at far less cost now and in the future than any government invented process. Plus do it right now, and not tell us about their 5 or 10 year plan!
    BadDog40
    • Federal Agency not the problem you are thinking about

      I'm not as worried about an "inept" federal bureaucracy as an extremely "ept" one! Government CAN be smart when motivated to be. Remember J. Edgar Hoover? He built an agency that certainly REDUCED (not eliminated, of course) violent crime, but in the process, he also built an agency that tried to stop the civil rights movement, accusing it of being "communist" inspired, an attitude that too many people share even today, and violated (still does) privacy when no crimes are involved. For example, when Lucille Ball found out she was pregnant with Desi Jr., Hoover's spies in the doctor's office reported it to Hoover, and Hoover called Desi to congratulate him, BEFORE LUCY had a chance to call her husband!

      Besides, it is a myth that organizations are inefficient just because they are part of a government, especially the federal government. A government bureaucracy won World War II, after all, and efficiency (dollars per dead Nazi?) was not the goal. We pulled out of Vietnam in part because we picked the wrong fight, and in part because Sec. Def. McNamara tried to run the war "like a business". Bigness, not profit orientation, makes organizations inefficient; how many dollars per decision does it cost to hire a CEO?

      However, I agree that the "protect us from everything" crowd would just like to be the only criminals (in the moral, not legal sense) in the system and control everything. I have heard that the city with the lowest rate of regular street crime was Las Vegas when it was under mobster control; random crime was bad for business, so they swept the muggers off the streets WITHOUT the constraints that the legal police had!
      jallan32
      • That's nice...

        But this is the same government that runs the ever-so- efficient DMV.
        kikax
  • Crime

    First, we DON'T need crime, and doing things that defend it is purely stupid.
    Second, saying that we need computer crime is like saying that legalizing murder will decrease the number of people being murdered. Total nonsense.
    rphunter42
    • Agreed! Poor logic...

      I'm astounded by such poor logic by someone with the intelligence level that Diffie supposedly has. Does he really mean to imply that there is a net gain of thousands minus the $50 the crook got??? That is not real math: those thousands in revenue for security companies, anti-malware, cops, etc., are thousands in expenses for someone else who is paying them! Crime is a NET LOSS, and cannot be otherwise!
      Techboy_z