Former FBI Agent Calls for a Second Internet

An anonymous reader writes "Former FBI Agent Patrick J. Dempsey warns that the Internet has become a sanctuary for cyber criminals and the only way to rectify this is to create a second, more secure Internet. Dempsey explains that, in order to successfully fight cyber crime, law enforcement officials need to move much faster than average investigators and cooperate with international law enforcement officials. The problem is various legal systems are unprepared for the fight, which is why he claims we must change the structure of the Internet."

Translation

[christurkel]

"We need a second Internet so we can make it easier to spy on you and track you."

Re:Translation

[mabhatter654]

Microsoft & AT&T has also wanted this... that's how they'll "fix" things like spam, porn, competition, etc. What everybody really wants is a pay-per-connection system like the phone system. The commie geeks at MIT and DARPA pulled a big one over building a fault-resistant, uncontrolled, re-routeable open spec network in the name of "national security"... it's the last time corporations will let that happen.

VPN

[ForestGrump]

Someone give this guy a VPN.

Re:VPN

[TheLink]

"requiring convicted criminals to use a vpn would be a step in the right direction."

While they are in prison or once they get out?

Or are you going to keep convicted criminals in prison because it "would be a step in the right direction"?
Or keep them permanently on public "* Offender" lists?

If rehabilitation rates are so low and nobody really gives a damn, why not just execute them like they do in China? Since obviously "everyone hates them so much".

The only big difference between you and a convicted criminal is you haven't been caught yet.

Is copying stuff a criminal offense yet?

In other words ...

[rossz]

"We're too stupid to deal with this interweb thingy, so we need the entire world to change how things are done to accommodate our incompetence."

Yeah, that's going to happen.

Re:In other words ...

[siddesu]

Actually, it has little to do with stupid. What started as random voices against the internet from various corners several years ago is now solidifying into a very firm and well-funded opposition to a the free internet.

The reasons of the different parties vary, but they are all pushing consistently for the same outcome -- a monitored and controlled internet. Most worryingly, their lobbying and scare tactics are increasingly getting results.

First, everyone under the hat of IFPI and the various Recording and Movie Ass. of wherever are in the game as their business model is evaporating. They want more restrictions and more monitoring, so that they can eat into your consumer surplus better. Most other copyright and related rights owners jump on this bangwagon, as they have strong vested interest in having their monopoly to be extended in various ways.

Then, there are the newspapers and the TV -- in addition to belonging in the first group, they feel their revenues are being eaten by a random collection of bloggers, aggregators and other uncontrollable internet evils that deliver more targeted and interesting commentary faster and at lower cost. Besides, their relevance as propaghanda tool (and their position as "the fourth power") is also threatened, and they'll fight hard to keep it.

Finally, there is the government. The establishment want to know more about you so that they can tax you (and, in general, manage you) better. Surveillance is always a boon to them, and anything that can bring more is very welcome. Especially lobbying groups like those above, who make seemingly "legitimate" cases for more surveillance and control. But it doesn't end there. The internet is also a threat to the establishment in that it allows exposure of their questionable activities; it keeps track of their past deeds. This threat makes the life of the establishment politicians hard, and they'll fight to remove it. Bribery is a big source of income, and threats to it are hardly welcome. Finally, the internet allows "fringe politicians" and large groups of people to gather behind a cause quickly and efficiently. This tends to make, among everything else, lobbying less efficient, and decrease the amount of legal bribery income.

And, this push against the free internet is happening everywhere. Draconian internet laws have sprung fast virtually everywhere in the past year or two - the US, Eastern and Western Europe, Australia, Japan, Korea, which suggests what happens is not a random process at all.

Ummmmm, no.

[BWJones]

"Former FBI Agent Patrick J. Dempsey warns that the Internet has become a sanctuary for cyber criminals

Any time you have a new community or resource to exploit, there will be criminals. However, calling it a sanctuary is hardly apt. I can think of more than a few places that are a sanctuary for criminals, yet you won't see the government razing those neighborhoods and starting anew, would you? Besides, who gets called a criminal?

and the only way to rectify this is to create a second, more secure Internet.

Ummmm, no. What he means is that they want to form a new network that can routinely be filtered, scanned and probed with no means of anonymity (already going away) or flexibility.

Dempsey explains that, in order to successfully fight cyber crime, law enforcement officials need to move much faster than average investigators and cooperate with international law enforcement officials.

How about figuring out how to deploy a network within your own agency first, that agency employees can actually use?

Re:Ummmmm, no.

[tsm_sf]

Pulling common sense into a discussion about law enforcement is practically unamerican. We want more criminals, but harder penalties. Prevention doesn't fill jails, buddy.

While we are at it why don't we create new cities

[deadmongrel]

Since major cities have more crime than before why don't create new cities.

But the problem with investigating international cyber crimes and capturing criminals on the Internet is not necessarily due to lack of cooperation among international law enforcement bodies."

As opposed to extraditing murderers, mafiaa members etc is easy with respect to "traditional" crimes?
Why hire competent people who technology as tools and adapt your law enforcement agency when you change the world around you to adapt to your incompetence?
And for those who says "Think of the children": No law can effectively parent your child for you. Do you damn duty.

Yay

[jollyreaper]

When the government or agents of the government ask for something, the opposite is probably in your best interest.

Also...

[TheWizardTim]

... the FBI want's a pony.

Good idea..but

[Alphavox]

What do we do when the second internet is overrun? Building a new internet everytime "cyber-criminals" get on it sounds expensive...

Second Nigeria

[Viking+Coder]

If only we could create a second, more secure Nigeria.

International crime means new internet?

[flabbergast]

"If we accept the fact that the greatest hurdle in arresting international cyber criminals is that various legal systems just aren't prepared to address the speed at which these crimes occur or the various nuances that are unique to computer crimes, then the question is: What can we do to fix the problem?"
So, he goes from acknowledging that there's a jurisdictional problem and a speed problem when it comes to law enforcement to creating a new "verified" internet where you have to "prove" who you are? Umm..no.
And he goes on to hit every hot topic in security today: DDOS, identity theft. spam, etc. And then, he makes the claim "the fact is that Internet crimes are almost always international crimes." And he doesn't back it up, rather gives anecdotal evidence of a hacker in Russia using computers in Thailand to steal data.
I am not a security expert (and I'm not pretending to be) but this "sky is falling" mentality is crap. Most identity theft (the act of stealing) is not done over the internet, its done locally. Yes, selling lists of thousands of SSNs and credit card #s happens over the internet, but the thievery itself doesn't.
In fact, this would make things worse: you're creating a global ID. Once someone steals your global ID they can do whatever they want. And once again, your ID wouldn't be stolen over the "new" internet, it would be stolen because you didn't shred a document and someone went dumpster diving.
This doesn't solve any problems.

Re:Hmm...

[Idefix97]

Although Dempsey says that a solution "might be" a second internet, which to me sounds silly, he does make some very valid points on how cybercrime needs to be handled across borders.
It seems that many countries just want to forbid things, with regards to the internet, rather than adjust to a new way of looking at crime committed through the internet.
If it turns out that law enforcement can't or won't adjust to the speed in which cybercriminals operate, maybe the only way to help prevent crime is to educate the users, or even help write better software (against spoofing etc.).

i'm gonna go build my own internet!

[Deanalator]

.. with blackjack, and hookers!

spam is just a special case of "cybercrime"

[Darkforge]

so we can re-use our old forms. It's a bit surprising how effective this is.

--

Patrick J. Dempsey, your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting international "cybercrime." Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from nation to nation.)

( ) spammers can easily use it to harvest email addresses
(x) legitimate Internet uses would be affected
(x) no one will be able to find the guy or collect the money
( ) it is defenseless against brute force attacks
(x) it will protect us for two weeks and then we'll be stuck with it
(x) users of the Internet will not put up with it
(x) microsoft will not put up with it
(x) the police will not put up with it
(x) requires too much cooperation from criminals
(x) requires immediate total cooperation from everybody at once
(x) many users cannot afford to lose business or alienate potential employers
( ) spammers don't care about invalid addresses in their lists
( ) anyone could anonymously destroy anyone else's career or business

specifically, your plan fails to account for

(x) laws expressly prohibiting it
(x) lack of centrally controlling authority for the Internet
(x) open relays in foreign countries
( ) ease of searching tiny alphanumeric address space of all email addresses
(x) asshats
(x) jurisdictional problems
( ) unpopularity of weird new taxes
( ) public reluctance to accept weird new forms of money
(x) huge existing software investment in the Internet
(x) willingness of users to install os patches received by email
(x) armies of worm riddled broadband-connected windows boxes
( ) eternal arms race involved in all filtering approaches
(x) extreme profitability of international crime
(x) joe jobs and/or identity theft
(x) technically illiterate politicians
( ) extreme stupidity on the part of people who do business with criminals
(x) dishonesty on the part of criminals themselves
( ) bandwidth costs that are unaffected by client filtering
( ) outlook

and the following philosophical objections may also apply:

(x) ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) any scheme based on opt-out is unacceptable
(x) smtp headers should not be the subject of legislation
( ) blacklists suck
(x) whitelists suck
( ) we should be able to talk about viagra without being censored
( ) countermeasures should not involve wire fraud or credit card fraud
( ) countermeasures should not involve sabotage of public networks
(x) countermeasures must work if phased in gradually
( ) sending email should be free
(x) why should we have to trust you and your servers?
(x) incompatiblity with open source or open source licenses
(x) feel-good measures do nothing to solve the problem
( ) temporary/one-time email addresses are cumbersome
(x) i don't want the government reading my email
( ) killing them that way is not slow and painful enough

furthermore, this is what i think about you:

( ) sorry dude, but i don't think it would work.
(x) this is a stupid idea, and you're a stupid person for suggesting it.
( ) nice try, assh0le! i'm going to find out where you live and burn your house down!

typical law enforcement drumbeat

[drDugan]

"Doing law enforcement is getting harder, so let's change the rules"

I see this now in almost every arena of law enforcement... and for good reason. It *is* getting harder to do low enforcement. The thought process is something like this: "As law enforcement, we know we're failing; we can't really stop the criminals, so let's treat everyone as a suspect." Basically enforcing laws is a traditional behavior. It is the way to maintain stability and control on society and in a similar way that traditions maintain cultural norms. Traditional behaviors are the antithesis of innovation.

Technology is changing at a breakneck pace, and increasing in the speed of change. It is hard, nigh impossible for large, bureaucratic, rules-based organizations to keep pace with innovation in technology, and the concomitant adoption by criminals.

The disturbing thing is that instead of law enforcement innovating to keep up with the demands of the job, many in law enforcement have lobbied successfully to change the rules of the game. This is most true in the United States over the last five years with the tired dirge: "give up your liberties or the terrorists will win".

I think the correct solution is to change the way we do law enforcement. Change the people who do it. Make smaller, more nimble organizations. Change the speed with which law enforcement operates. Remove entrenched, non-technical savvy deadweight from organizations. Incorporate the latest technology. Change quickly with the rest of society and keep the fundamental principles that make open society possible and successful.

And for christ's sakes, please stop degrading people by forcing them to take off their clothing and shoes to board an airplane. I know, it seems totally off topic, but the same idea we can't really stop the criminals, so let's treat everyone as a suspect.

In light of the real issue:

[merc]

Dempsey explains that, in order to successfully fight cyber crime, law enforcement officials need to move much faster than average investigators and cooperate with international law:

I call for a second FBI.

Actually, yes.

[Max+Littlemore]

"Former FBI Agent Patrick J. Dempsey warns that the Internet has become a sanctuary for cyber criminals

Any time you have a new community or resource to exploit, there will be criminals. However, calling it a sanctuary is hardly apt. I can think of more than a few places that are a sanctuary for criminals, yet you won't see the government razing those neighborhoods and starting anew, would you? Besides, who gets called a criminal?

Actually, the internet is a sanctuary for cyber criminals. You don't find cyber criminals holding up armoured trucks at gun point, regular meat criminals do that, you find cyber criminals on the interwebs. That's why they're cyber criminals. The intertubes are a sanctuary for cyber criminals for exactly the same reason that the FBI is a sanctuary for corrupt FBI agents.

I totally recommend creating a second internet, and a second FBI, a second stock market, a second local primary school. Everything.

No one thing should get all the cred for harbouring criminals. If people want to be paranoid and really stupid, let them be paranoid and really stupid and have a good laugh at their expense.

The Moon is a Harsh Mistress

[mentaldrano]

Seriously, does it surprise anyone that law enforcement wants a more "secure" and hence traceable, internet? The Law is moving in on this frontier; some of the residents demand it, and cops always want more power.

Heinlein wrote about this decades ago - "The Moon is a Harsh Mistress." Great read, and extremely relevant.

Re:Restricting to VPN

[r_jensen11]

requiring convicted criminals to use a vpn would be a step in the right direction. I would love to see the results of only restricting convicted pedo's to only VPN's.

Pedo 1: a.s.l?
Pedo 2: 13, f, nyc. u?
Pedo 1: 12, f, nyc 2! Hmm, a network of only 13-year-olds.... So the real question is, would it be one giant digg?

Re:Hmm...

[phpmysqldev]

"Will the second internet have Third Life?"

No, no! Its a multiplier so it would have 4th life. Which raises the question of what happened to 3rd life?

Which is why I will be producing the new online sensation "5th Life: Search for 3rd Life"

Dont even get me started on the currency conversion.

Two Words: Anonymous Layer

Soooo how are they going to stop people from just layering an anonymous protocol on top of whatever they force on to people?

Soooo how are they going to stop people from encrypting data and obfuscating it?

Soooo how are they going to stop people form implementing a "slow drip" protocol through random nodes which is also encrypted?

There is absolutely no way to police the Internet without significantly impacting response times, etc. QoS will suck and they will still never be able to touch 99.99% of the "criminals".

Cybercrime can be stopped without monitoring!

[EvilNTUser]

This has to be the only reason, in fact, and not just one of them. Cybercrime can be stopped without any monitoring!

The article talks about hacking into bank accounts and identity theft etc. So if the government wants to crack down on this, why don't they just mandate that banks have to send their customers a bootable read only flash drive that contains a basic operating system, browser, SSL certificates and a one time pad? It wouldn't matter how badly some clueless moron's computer was trojaned to hell, because the bank would only accept connections from the booted flash drive.

You can't get mugged on the internet. You can't be coerced on the internet. Criminals need YOUR COOPERATION.

The U.S. could also stop using checks like every other civilized country, because they're a ridiculously huge security hole and a huge pain in the ass compared to direct bank transfer. But all of this would make too much sense, because none of it involves more government monitoring of its citizens.

The land of the free. Where no laws must ever tell corporations what to do, but citizens must compensate for their ineptness by being spied upon.

Re:Hmm...

[b4upoo]

I am amazed that anyone is falling for the internet as a criminal nest nonsense. Obviously whenever any very large group of people does anything at all some crime must occur. It's all about proportion. How many people died world wide fighting to keep their bicycle from being stolen last year? How many died because of internet activity? We all know bicycles were far ahead in the crime stats. So should we build an entirely different society to keep bicycles from being stolen? Obviously not. And we don't need a new net either.

Re:Hmm...

[spun]

I don't think the bicycle analogy is very good. I agree. This is Slashdot; we only use car analogies here. Of course we do. A good car analogy is like a finely tuned race car. It gets you where you need to go faster. Although it's loud. And it's probably not street legal. And sometimes your car analogy crashes into someone else's car analogy and there's a big wreck but the fans love that anyway. And you need a lot of gas, did I mention the gas?