Slashdot Mirror
Vint Cerf on Differential Traceability on the Internet (acm.org)
Addressing the bad behaviors on the Internet, that range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills require a wide range of technical and legal considerations, says Vint Cerf, even as he steers clear that he supports encryption. But is there a way to bring more accountability and traceability on our actions on the internet without compromising our privacy? He has a proposition: What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.
In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.
In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.
Riiiiight.
Deny it.
I'll hear all month.
Without all the tracking and authoritarian features they've been crying for all these decades. Why do we suddenly need them now?
"Ordinary citizens do not have this authority."
Most people in my state don't know, but a person can go to the Department of Transportation, fill out a form, and get the registration info for a license plate. It used to be the requester could remain anonymous, but after a woman was stalked and, as I recall, killed, the requester information is required and confirmed with a gov issued ID. The police determined the stalker obtained her address from DoT. None of this changes Cerf's basic idea. That said, people of any political persuasion can list governments they would not trust with this power. If it is not the government that has the power, who would have it?
"...as he steers clear that..." and "...more accountability and traceability on our actions..." indicates that msmash is either experiencing a TIA or his/her English competence has been degraded. Suggest either sobering up, or a visit to the ER.
Nothing wrong with that... but, given the subject being discussed, it’s something to keep in mind when reading his opinion regarding tracking and privacy.
#DeleteChrome
Considering the government's efforts with license plate readers precisely because they're the only ones with the power to demand ownership information from the DMV, isn't this a great example of the whole problem with trying to introduce traceability? It's become very clear that computers not only allow for the rapid automation of use but also the rapid automation of abuse. Attach that to a global communication network, and you offer pervasive rapid automation of abuse. It stands to reason with that in mind, you want to take steps to reduce traceability as a necessary step towards resilience from the pervasive adversaries, not only to those endowed with authority but those who would bribe, mole, or engineer their way into that authority.
tl;dr - We need to take more steps towards protecting users, not trying to out villains. Computers are the one space where that's a much more doable option than most.
ordinary citizens have friends who do.
From the summary he just stated the obvious.
I'd rather let the internet bad guys stay free than give up one iota of my own privacy. A lot of individual people in law enforcement are good people with good behavior, but both a large number of individuals and the law enforcement institutions in general are dirty as shit in so many ways. Everyone from the cunt that runs the FBI and insists on the encryption equivalent of legislating pi = 3 down to the highway patrol dispatcher that's a short snappy bitch on the phone, they can shove it up their asses and go to hell.
Consider the following:
Facebook: OK, now that we're in the future where Vint Cerf's special differential traceability magic has come to pass, we've identified the IP addresses that these election meddlers were using to connect to their VPNs. Now, to unmask the villains...
Roskomnadzor: Those IP addresses do not exist.
Facebook: But--
Roskomnadzor: Fifty years gulag!
Vladimir Putin: Fifty years gulag!
Donald Trump: So I have great confidence in my intelligence people, but I will tell you that President Putin was extremely strong and powerful in his denial today.
This is where we already are. Improving the paper trail won't fix anything that needs fixing.
It's a harsh statement, but the published goals of IPv6 are for every device to have a unique, stable IP address. This destroys even the slight anonymity currently afforded by NAT. It is one of the reasons many companies _refuse_ to switch to IPv6, even though one can do NAT over IPv6. The relatively small allocated Pv4 address space demands the use of NAT almost everywhere, and blurs the source of client connections.
"What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society."
You can't espouse that while also evangelizing encryption/privacy, Vint. That makes you an absolute fucking cowardly hypocrite.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
In plain English, Vint cerf wants an internet police.
Fuck that...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
The State of Washington public education system and related interest groups are engaging in fraud and embezzlement: http://www.courts.wa.gov/appel...
For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user.
And not all machines are actually personal, family computers, internet cafes, library computers etc. are still a thing. While I'm not saying it's a good idea, if you want to record users well then you'd need to identify users, not machines. Oh and then I don't want the admins at work to be able to use my ID even though I need to access the Internet. And where would servers or IoT devices fit into this, like do I have to grant the light bulb permission to go online? And I imagine you'll run into all the fun credential passing issues with VPNs, SSH, VMs and so on. It kinda works for people who only have their own cell phone and their own laptop and nothing more complicated than that.
Live today, because you never know what tomorrow brings
Technology has changed to the point license plates no longer work like that and we should get rid of them. In the old days individuals did get a lot of samples. No law enforcement and commercial vendors are recording enough samples of when and where for each place, that it isn't hard to deannonymise them in many cases. A lot of private information that isn't other people's business can be gleaned from that data. The commercial vendors are selling that data.
I rather like the idea of someone, something, being able to reach out and touch all those people who use the internet to commit felonies. I can't do it. One of the reasons I can't is because I have pretty well given up on the idea of being able to identify who is on the other end of this weeks scam. I can't even identify what country they are in.
I like the idea of a big brother who could reach out and smite on my behalf. Problem is, I can't think of anyone who I would trust with that power. How do I keep the RIAA away from my music ? How do I keep my state from checking that I haven't bought any straws lately, or the wrong laundry detergent?
The ancient romans expressed it as "Quis custodiet ipsos custodes? " or (loosely translated) who will watch over the people who watch over you? I have no answer to this problem but do understand the desire to address it.
Good luck with this problem, Mr. Cerf, good luck.
But billing info will still be required. It's a very short trip to connect this anonymous ID to all the real information that is required to do any internet business. From that point on, the real bad guys know exactly who you are. This makes security worse, not better.
"The ability to trace bad actors on the internet...Consider license plates on cars..."
This is a terrible analogy. Cars are physical objects that directly cause property damage, serious injury, or death. "The internet" is just speech, and not even the "yelling fire in a crowded theater" sort of speech.
Differential discovery implies that there is some benevolent authority somewhere. I'm wondering who Mr. Cerf believes could be trusted with this responsibility.
Because the mirrors have cracked and the smoke is clearing. Home server prohibition matters. So does the ability to trace death threats and unsolicited advertisements you receive via email/gmail/twitter/irc/etc. So does the ability to express free speech and/or votes without fear of reprisal from a government 20 years in the future radically different from all current ones, but with 20 year old packet capture logs from backbone routers/hubs/switches And then it also matters what level of confidence you have in the security of each device on the full route that if compromised could trivially invalidate the trace.
Cerf's 2006 testimony to congress about net neutrality suggested spam was not fundamentally incompatible with so-called 'network neutrality'. In Cerf's Kurose-Ross interview he suggested home servers were a part of the internet's future.
It's not surprising that this proposal comes out of a workshop in the UK; European governments have been trying desperately to deal with their revolting peasants who simply don't seem to want to comply with what Brussels and their own governments tell them to do. Both in the UK and in continental Europe, governments clearly want the ability to censor speech critical of government policies and to sow fear into the hearts of people critical of government policies.
What is charmingly naive about people like Cerf is that he thinks he can make this happen. The net effect of such a regulatory regime would simply be a shattering of the Internet, as people move to P2P platforms, encryption, and other tools to avoid government censorship of the kind he advocates. A good outcome would be that it would badly hurt platforms like Facebook and Twitter.
So, I say, bring it on, Vint, baby. Let's see whether the open source community can demonstrate what an authoritarian fool you are.
As it happens, we got lucky. It turns out you CAN have privacy, and still catch criminals.
It just so happens that felons tend to be stupid, and therefore fairly easily caught. Perhaps that's because generally, committing serious crimes is stupid, so typically stupid people do so. The rest of us can have our privacy, while the dumb crooks get themselves caught by being dumb.
It's ironic that many governments wanting this capability aren't even capable of identifying who crosses their borders and have millions of people living illegally in them. And, of course, in the US, many people throw a hissy fit when asked for identification on the street.
The ability to track, "differentially identify", and punish people for unwanted speech only works for law abiding citizens in the first place. And the net effect of putting more of such laws into place will be to breed more and more contempt for government and the rule of law.
Also, suppose there is a 95% chance that one will get away with X. Typically, the criminal, upen getting away with it the first time, does it again. They still don't get caught, so they do it again. Keep doing it until they get caught.
Certainly some people will commit a violation once and never again, but they account for a rather small proportion of crime, so I'm not all too concerned about them.
A more accurate analogy than licence plates, is library cards.
His suggestion is that all "readers" have a globally unique identifier, so if they read (or write) something bad they can be traced.
#fahrenheit451
NAT is a hopeless patch-up crock that requires extra code in a lot of places to avoid breaking other things. But since the code is there you don't notice its extra weight. Moreover, its obfuscations can be undone with little effort, such as cookies, browser fingerprinting, and so on.
IPv6 is built on the same assumption that underpinned pre-NAT IPv4, that every host on the 'net has its own IP address. And this still holds in IPv4 except in the "consumerised" NATed corners. Your "safety feature" is a crock and costs you your agency, for no longer can you stand up and serve your content to others, you need third parties for that.
So NAT has a rather steep price tag, but doesn't actually buy any privacy. And rather than "break privacy", IPv4 and IPv6 are based on assumptions of everyone being on the same level, where NAT creates a second citizenry class.
The problem with privacy is this same imbalance. In a village everyone knows about you but you know about everyone too. In a city you don't know anyone but nobody knows you either. In the brave new world of no privacy, "every" company knows about you in tedious detail, but you don't know in what all databases your privatest datas all reside. This imbalance is the danger. Hiding behind a shield of semblance but without substance, as using NAT does, does not buy you any privacy, but does come at a cost.
So on balance (pun intended), I'll choose IPv6 for everyone over NAT for everyone except the big organisations still able to afford public addresses and therefore able to serve content.
The problem with Vint Cerf's "proposal" is that he puts forward the notion of a trusted third party. Not a single one but certainly "internationally agreed circumstances" under which some people suddenly have more power over other people's data than others. Which gets us into "Quis custodiet ipsos custodes?"-territory, something he doesn't address. I say he ought to know better.
"Differential traceability" sounds nice but is really a way to say "okay so maybe we can't have backdoors but we still want to tap your ass^Wcomms whenever we feel like it, because we're special like the government". That doesn't fly when everyone's a first class citizen.
Note that the discussion he refers to was in England, of "no sex on the internet please, we're Bwitish"-infame, several(!) content filters, wholesale government pandering to copyright mafia, "good and clean internet", and otherwise straight authoritarian deconstructing of the internet. And off the internet there's CCTV, ANPR, DNA-swabs for everyone getting brought into a police station for any reason, and so on, and so forth, but I digress. He'd been bamboozled into giving up the 'net's ideals, if he ever really understood them.
He even buys into the "anonymity invites bad behaviour"-canard, something already disproven: Non-anonymous trolls tend to troll harder. Nothing like true conviction to misbehave. This then shows problems in the assumptions of law enforcement that the internet is forcing to the fore, and Vint Cerf hasn't even caught on, he just bought into them.
And wear shit-colored glasses when using it.
A more accurate analogy than licence plates, is library cards.
His suggestion is that all "readers" have a globally unique identifier, so if they read (or write) something bad they can be traced.
#fahrenheit451
#911
Seriously, along with open (after another few years) state sanctioned torture, 9/11/1 brought us the expectation that our librarians had fundamentally gone from the 'what you read is your business period' to 'sorry kiddo, not only will we record what you read, but if there is a surveillance camera or kindle in the picture, how much time you spent on each page will be in a government database for the next thousand years'. Scary times.
illegality is the one and only bar. if you want to get rid of bad behavior, just ban them from your platform. being a jerk is not fucking illegal ffs.
and we ALREADY have the ability to find people... WITH A WARRANT. every isp can identify customer with IP address. you get a warrant, you have the user.
sounds like he's got one foot into the sjw lynch mob set.
Citation requested. The devil is in the details and nuance matters. Making it easy/trivial/possible for every device to have a stable IP address is not equivalent to having a published goal of every device having a stable IP address.
It's like free speech. If you've got it, you don't have to use it every hour of every day, it's just a nice freedom to have *IF* and *WHEN* you want to exercise it. It's like people that are pro-war-on-drugs thinking the libertarians want to force everyone to become addicted to crack. I hate those people. Shit, I just committed hate speech. Someone alert the internet police, I seem to have lost their email address.
the NSA has made available to federal agencies and LOCAL LAW ENFORCEMENT all of your IP address traffic. You CURRENTLY don't have the privacy you think you have..
It is already routine for marketing companies to compile surprisingly detailed profiles on people based on browsing habits, but that profile can be tricky to link to a specific person. Right now it's all based on IP addresses and browser fingerprints. Having some kind of license scheme, wherein all internet users in a region must be registered with an authority will only enable tying those profiles to specific people. The potential for censorship and suppressing dissent should be obvious to the slashdot crowd.
I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
"Ordinary citizens do not have this authority." Yes, we do. Tell us Vint, is every ACM president as stupid as you? What a waste of reading.
Maybe "ordinary internet inventors" didn't actually invent the internet..
I think the best compromise is for traceability to require information to be held/put together/authorized for collection by multiple groups with conflicting agendas. For example, any of a myriad of law enforcement and intelligence agencies would be Step 1. An internal review organization like the GAO or FISC would be Step 2. A watchdog/public interest group like say the ACLU or EFF would be Step 3. What is crucial is that the group involved in step 3 be independent and unable to be mandated by legal order to approve a request. In other words, they'd be a sovereign entity existing outside of the law; they couldn't initiate any data collection the internal review wouldn't approve, however, which should allay some fears of them becoming (too) corrupted, or they could just be forbidden from initiating data collection.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
to expand on his car analogy, what he suggest is that something obvious as a car plate, which you already can see who is driving anyway (or if a cop, stop and demand documents even, in case of wrong doing) should be extended to all other means of transportation. he should be required to afix his vanity plate every time he takes a cab, bus, subway and uber! thats is the correct car analogy of what he suggestes.
Wait, what!? Not only does the Vint seem to think looking up license plate registration information is limited to "those in power", but it seems like nearly everyone else in this thread does too. People are just taking statements as truths...this is how confusing myths get started.
You can most certainly get license plate registration information yourself, at least in every state I've been in. In Maryland, for example, I can get the owner's name, the registration information and the VIN number of the vehicle in any one of several different ways.
Change is bad, authority is bad!
I've been saying this for a few decades.
We need positive identification as a basis for trust.
You can be identified by biometrics and location.
Your ID probably has to be underwritten by a number of official forms of identification,
drivers license, bank card, passport, birth certificate, relatives, etc.
Then a network has to be secure enough to base that trust on,
probably verified by a cross referenced, Geo-located audit trail.
Anonymity and obfuscation is bullshit.
Go well
We already have Differential Traceability. That is, we have many entities collecting data and rules on who is allowed to access that data and what they are allowed to do with it.
The issue is that this system is the problem, not the solution. It has 3 major faults:
1. It is precisely these data collecting entities (governments and large companies) that we need privacy protection from.
2. It relies on rules and regulations, meaning goodwill from governments. Arguably the single most important entity that privacy needs protection from.
3. There is no way to proof data has not been abused.
The only thing that can provide a little protection is to forbid all non-essential data collecting and then punish when such data is found during an audit anyway.
But that is only a marginal improvement. The only thing that can really guarantee privacy are technically inherent safe designs, pretty much the opposite of any technology standard in use today. In fact most technology standards designed today seem to be designed with the explicit purpose to allow data collection by the owner of the technology.
I don't mean for president, I mean when Al Gore made the bone head statement that he had created the Internet (kind of like when he said he built his house with his own hands) Vint Cerf tried to back Gore's statement.
Small companies get security contractors to operate their cameras, cameras that film people going into many small stores in the same area. The shops will know who you are when you enter, what your credit rating is, and whether you are suspected of anything, and none of that will be government information, and none of will require some massive db operated by big, bad FAANG, or the government. FAANG are just the first to set a pattern that smaller actors can use going forward. The benefit for most people will be decent customer service, and security more focused on bad actors. Companies will have more bang/$ on security spend, and could improve their sales. Everybody wins, which is why it will happen.
Those bleating about personal information are the 21st century version of throwing clogs. It will be too cheap, and too easy to not happen. Information wants to be free, and that includes what you look like, and where you spend your money. I'm not advocating this, it's just that the economic incentives tilt the tables that way whether we want it or not. So go ahead and call yourself rabiddog43
The companies will tag rabiddog43 as the one that drives a 2013 vw jetta diesel with license place x1z 251, his credit card number, and the name on it. The malls and shops will have footage of your car, your walk, your face if you ever visit any of them. The phone company will have all your movements throughout the day, based on cell tower telemetry. if they're google, they will have lower time resolution data from routine GPS pings. This is all information that they have as the normal course of doing their legitimate business.
You want the cell phone not to track your location? Your phone needs to talk to a nearby tower. Want 911 to work, in a car accident? what about traffic congestion data? GPS& tower data is helpful... Want people to accept your credit card? (cash will die soon, too expensive to deal with.) As soon as you attempt any commercial transaction, you are toast.
In the future, everyone you deal with knows *who you are* in the sense of having some summary of your digital history, if you are making any kind of commercial transaction, just like the small villages we lived in for tens of thousands of years. Honour and reputation will again become hugely important as it was of old, because the entire world will track how you behave. Everyone will behave well, or else.
Who needs big brother if there are a thousand little brothers? If ten or fifteen little brothers have *got it wrong* about something is that actually easier to fix than having one big brother? The real question we have is not whether we will be surveilled, it's how fragmented we want that surveillance to be, and who watches the watchers.
Laws need to evolve to deal with pervasive personal information, where it is everywhere, held by companies large and small, and understand that personal information is helpful to governments in providing services, not just policing. It's a conversation we aren't having yet, with all the privacy commissioners and luddites trying to shove the genie back into the bottle. Valiant effort. won't work.
Always steer clear of anybody who says, *find some balance*. Either we encrypt, or we don't. Hardly matters when you're tethered to ISP.
This idea was a part of Vernor Vinge's "Rainbows End". In it the government had the ability to trace and control all internet traffic, i believe by mandating that all routers have technology enabling that.
Ostensibly the government needed this ability to track terrorists. And the most fantastical part of the book IMHO was that the government did in fact only use it to track terrorists.
In a fantasy land where we could actually trust the government to impartially use such power only in a responsible way i'd be 100% behind this idea. Unfortunately, we happen to live in the real world.
We may end up in that situation anyways, but if we do i expect it won't solve as many problems as we'd like and we'll have to deal with a bunch of new abuses by the government itself. (And it's not like the government does a great job of using the tools currently available to solve problems on the internet as things are now anyways.)
.
This Space Intentionally Left Blank
"just like the small villages we lived in for tens of thousands of years. Honour and reputation will again become hugely important as it was of old, because the entire world will track how you behave."
Nothing like "the small villages we lived in for tens of thousands of years". More like the one way mirror in a police interrogation room with money and power authorizing the right to watch.
Your example of such an interrogation room is an argument for more surveillance: of police, of government, and that that information be public. Watching the watchers can happen If everything done by police and government is public information that can be found easily, then the police state has a much tougher time of it. Are secrets really helpful to us, or only those in power? Is surveillance the problem, or is the problem only that if it is one-way? If it becomes possible to know everything about everyone, how do we decide who should know what ? How do we catch cheaters of those rules?
Besides, the surveillance is going to happen anyways, you aren't going to stop it. No-one can. Restricting surveillance is likely the worst case scenario that restricts those capabilities to only *authorities* for important reasons like *national security*... restricting surveillance leads to exactly the case you are worried about. I'm worried that the price of defending privacy is to be defenseless to authoritarians.