Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ex-NSA Chief Supports Separate Secure Internet

Posted by timothy on from the barbed-wire-garden dept.

Hugh Pickens writes "Nextgove reports that Michael Hayden, former director of both the NSA and the CIA, says the United States may seriously want to consider creating a new Internet infrastructure to reduce the threat of cyberattacks and several current federal officials, including U.S. Cyber Command chief Gen. Keith Alexander, also have floated the concept of a '.secure' network for critical services such as financial institutions, sensitive infrastructure, government contractors, and the government itself that would be walled off from the public web. Unlike .com, .xxx and other new domains now proliferating the Internet, .secure would require visitors to use certified credentials for entry and would do away with users' Fourth Amendment rights to privacy. 'I think what Keith is trying to suggest is that we need a more hardened enterprise structure for some activities and we need to go build it,' says Hayden. 'All those people who want to violate their privacy on Facebook — let them continue to play.' Clay Dillow writes that on the existing internet everyone does everything online anonymously, and while that's great for liberties, it's also dangerous when cyber criminals/foreign hackers are roaming the cyber countryside. Under the proposed .secure internet 'you may not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint — and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well,' writes Dillow. 'Those who want to remain anonymous on the Web can still frolic about in the world of dot-com, but in the dot-secure realm you would have to prove you are you.'"

3 of 214 comments (clear)

  1. Here's a novel idea by king+neckbeard · · Score: 5, Insightful

    "Core elements of our electric grid, of our financial, transportation and communications infrastructure would be obvious candidates. But we simply cannot leave that core infrastructure on which the life and death of Americans depends without better security."
    Here's an idea, if a service being infiltrated can result in deaths, DON'T CONNECT IT TO THE FUCKING INTERNET

    --
    This is my signature. There are many like it, but this one is mine.
  2. I decline your offer. here's mine. by TheGratefulNet · · Score: 5, Interesting

    I thought about this a bit. this is MY proposal (from some random internet guy; but one who's been around, online, for quite a few decades).

    what we need is true end-to-end encryption and that will get us all the 'secure' we need. it would not be a bad idea to insist that all non-encrypted protocols be aged out and replaced with SSL carried user-protocols (mail, file transfer, remote console, DNS, all the basics).

    oh, there's one other tiny little detail. NO one can spy on the end-to-end connections. no MitM, no wiretaps, no opto-sniffing, no none of that [sic]. promise and ensure that all world citizens have protected (as in 'their rights, as human beings') end-to-end private communications. tapless and secure. to me, THIS means secure.

    what they want is exactly the opposite. no encryption and nothing BUT tapping us (DPI, etc). they will know the identity of each networked station but this will not add to privacy OR security for anyone.

    recognize this, people. do not give them this 'divided internet'! really bad idea. lets, instead, change the debate BACK to private communications and the right to not be listened to, monitored and surveiled.

    --

    --
    "It is now safe to switch off your computer."
  3. Re:No Privacy == No Security by Jahava · · Score: 5, Interesting

    Hasn't this guy learned anything from his time at the NSA?

    There's a difference between privacy through anonymity and privacy in general. Presumably such a network would use well-designed cryptographic algorithms and protocols to exchange information. It could leverage existing technologies, such as SSL/TLS or IPSec. The data, in transit, would still be secure. The difference is twofold:

    • The ".secure" infrastructure would know who sent any given encrypted packet, and
    • The intended recipient (and only the intended recipient) of the encrypted packet would know who sent the decrypted information.

    Honestly, this approach makes a lot of sense to me. Maintain the current anonymous Internet in its full glory. You would continue to use it for most things! However, if you want to bank, purchase, or administer, both you (the client) and the server site (Amazon, Bank of America, etc.) have the option to push that transaction onto an encrypted and attributable infrastructure.

    Now, the same suite of Internet problems will still exist on the secure domain, but that extra de-anonymizing information goes a long way towards addressing them. If you are attacked by a bot on the secure network, you know who is infected. You can send them a notification and rapidly suspend or deny their secure network access. If someone is probing your site for vulnerabilities, you also know who it is, which may harm the white-hats (not that solutions couldn't be worked out), but will certainly hinder the black-hats. These are all good capabilities that I want my banking sites to have!

    So do I want a completely-deanonymized Internet? Hell no. It'd be inefficient (traffic-wise) and it would cost me several critical rights. However, I would love to elevate all critical and financial assets to an elevated attributable domain. There is no good reason they should inherently have to accept anonymous traffic, nor should each of them be independently responsible for (in their own manner) establishing client identities.