Security boss calls for end to net anonymity

Kaspersky's online police state


The CEO of Russia's No. 1 anti-virus package has said that the internet's biggest security vulnerability is anonymity, calling for mandatory internet passports that would work much like driver licenses do in the offline world.

The comments by Eugene Kaspersky, who is also the founder of Kaspersky Lab, came during an interview this week with Vivian Yeo of ZDNet Asia. In it, he proposed the formation of an internet police body that would require users everywhere to be uniquely identified.

"Everyone should and must have an identification, or internet passport," he was quoted as saying. "The internet was designed not for public use, but for American scientists and the US military. Then it was introduced to the public and it was wrong...to introduce it in the same way."

Kaspersky, whose comments are raising the eyebrows of some civil liberties advocates, went on to say such a system shouldn't be voluntary.

"I'd like to change the design of the internet by introducing regulation - internet passports, internet police and international agreement - about following internet standards," he continued. "And if some countries don't agree with or don't pay attention to the agreement, just cut them off."

He rejected the notion that internet protocol numbers were sufficient for tracking a user, arguing they are too easy to come by.

"You're not sure who exactly has the connection," he explained. "Even if the IP address is traced to an internet cafe, they will not know who the customer or person is behind the attacks. Think about cars - you have plates on cars, but you also have driver licenses."

Kaspersky was traveling on Friday and not available to be interviewed for this article. A company spokeswoman declined to comment.

Kaspersky admitted such a system would be hard to put in place because of the cost and difficulty of reaching international agreements. But remarkably, his interview transcript spends no time contemplating the inevitable downsides that would come in a world where internet anonymity is a thing of the past.

"You could make the same argument about the offline world," said Matt Zimmerman, a senior staff attorney at the Electronic Frontier Foundation. "You know, every purchase you make should be tracked, we should ban the use of cash, we should put cameras up everywhere because in that massive data collection something might be collected to help someone. But we think privacy is an important enough countervailing value that we should prevent that."

In Kaspersky's world, services such as Psiphon and The Onion Router (Tor) - which are legitimately used by Chinese dissidents and Google users alike to shield personally identifiable information - would no longer be legal. Or at least they'd have to be redesigned from the ground up to give police the ability to surveil them. That's not the kind of world many law-abiding citizens would feel comfortable inhabiting.

And aside from the disturbing big-brother scenario, there are the problematic logistics of requiring every internet user anywhere in the world to connect using an internationally approved device that authenticates his unique identity. There's no telling how many innovations might be squashed under a system like that.

No doubt, the cybercriminals that Kaspersky has valiantly fought for more than a decade are only getting better at finding ways to exploit weaknesses in internet technologies increasingly at the heart of the way we shop, socialize and work. But to paraphrase Benjamin Franklin, those who sacrifice net liberty for incremental increases in security no doubt will get neither. ®

Broader topics


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022