Kaspersky Favours Big Brother

In a recent ZDNet interview, Eugene Kaspersky suggested that one of the biggest problems facing the internet was the ease of anonymity that allows attackers to hide their identity. To prevent this he proposed a strict proof of identity should be required before allowing access, a sort of "internet passport".

While well intentioned, Kaspersky's proposals are bordering on fantasy. Such a system would require international cooperation on an unprecedented scale. As anyone who has been involved in large scale identification and authentication schemes will confirm, the devil is in the details. Here in the UK the proposed ID card system has already collapsed under a tirade of technical criticism, and there are a number of credible technical attacks allowing the cloning of proper national passports, never mind internet ones. Given that in Kasperksy's own industry, virus protection, the various bodies can't even agree on a common naming convention I won't be holding my breath waiting for a workable Internet passport scheme.

It is also doubtful if such a scheme would be in the broader public interest. While anonymity is certainly used to conceal crime, it is also used for beneficial purposes such as reporting human rights abuses or corporate malpractice. Perhaps Kaspersky should review some of the literature from Amnesty International before suggesting that every government has the right to identify every Internet user.

For a cautionary tale perhaps he should also review the classic scifi tale Shockwave Rider, a remarkably prescient novel where the protaganist hijacks the electronic identies of others to suit his own purposes.

In practice such a scheme would probably not make it past the first BlackHat conference after its release before being royally hacked, after which legitimate users would have no privacy and criminals would continue to benefit from anonymity. It's an imperfect world but what the Internet certainly doesn't need is an extra layer of international beaurocracy.