In message <>, wrote:

>What is your suggestion to keep the sky from falling?

My full answer, if fully elaborated, would bore you and everybody else
to tears, so I'll try to give you an abbreviated version.

It seems to be that it comes down to three things... acceptance, leadership,
and new thinking.

        We, the people of this planet, including end users, small ISPs,
        big ISPs, Tier-1 providers, ICANN, and all of the dangling tentacles
        that derive their authority and power therefrom, law enforcement
        globally, and judicial systems globally, have to begin by accepting
        the undeniable reality that traditional law enforcement and judicial
        processes have already been utterly overwhelmed by the new phenomenon
        of international cybercrime, *and*, more importantly, that they always
        will be.  If a teenager can hack your bank account in ten minutes,
        but it takes three years to bring him to trial, after which he
        gets a slap on the write and probation... well... any idiot can
        see that this is an ongoing recipie for disaster on a grand scale.
        (And in a way, announcements like the one today about a small
        handful of Internet criminals being busted are actually a bad
        thing, becase they only serve to perpetuate this comforting but
        incredibly incorrect mass delusion that traditional law enforcement
        has the new world of cyberspace well in hand.  They don't, and never
        will.  And in fact they are just falling further and further behind
        with each passing year.)

        This has to come from the folks at the top of the food chain, the
        Tier-1 providers, and sadly, they have become like the banks...
        everybody hates them, but we all know that we can't live without
        them, and they are free to make money hand over fist while showing
        no signs of accountability whatsoever.  (And don't kid yourself
        that there is anything even remotely like independence in any of
        the bits and pieces, starting from ICANN on down, that currently
        pass for what is laughingly called "Internet Governance".  All of
        these structures take their cue, and their marching orders, from
        the Internet industry, and the industry, such as it is, can't change
        a damn thing without buy-in from the Tier-1 providers.)

        Unfortunately, in this just-past election, one party's Presidential
        candidate was criticized for being "too close to the banks", in
        particular, Goldman Sachs, and the other one has just selected a
        former Goldman Sachs banker pal of his to run the treasury
        department in the new administration.  This shows that without a
        massive sea change in the level of anger among the general populace,
        nothing will change, ever.  And so it is also with the Internet
        industry.  End users and consumers need to wake up and start actively
        demanding that the industry grow up, grow a pair, and stop just
        sitting idly by while the current ongoing hacking free-for-all
        claims new victims every goddamn day.  When and if that ever happens,
        perhaps one or more CEOs of Tier-1 providers will finally wake up,
        smell the coffee, and understand that over a time horizon longer than
        this coming quarter, they need to start showing some leadership,
        and help guide the whole industry towards a better and safer future.

New Thinking
        Even miltary men have, for some time now, been calling cyberspace
        "a new domain of battle, like air, land, sea, and space".  Why then
        do our law enforcement and judicial systems, worldwide, fail to
        also and likewise accept and begin to deal with this new reality?

        Everywhere on earth, law enforcement, judicial systems, and
        governments are, by and large, still trying to pretend that
        cybercrime is a strictly a local matter.  It isn't, and hasn't
        been, for about 30 years now.

        Internationalized legal structures are hard to assemble, but they
        are not hardly without precedent.  Why should there not be an
        international Internet equivalent of the "Law of the Sea"?

        It is quite common for cybercrimes to cross national borders, and yet
        I personally have so far never heard of a single instance in which
        any cybercriminal has been brought before the International Criminal
        Court in the Hague to stand trial.  Why not?  Russia and China may
        (and indeed do) seem to have more than a little reluctance to allow
        extradition of their cybercriminals to the U.S. to stand trial.  OK
        then.  What will be their excuse if we instead say that such defendants
        should be rendered unto, and be brought before the bar in The Hague?

        Are ISPs, by and large, so absolutely desperate for new clients that
        they absolutely and positively MUST sell connectivity to any homo
        sapien who can successfully fog a mirror?  If I go to my local
        cable TV provider and I ask them to give me new service, but also
        tell them that I *do not* want to first give them a big fat "security
        deposit", they will say "Ok.  No problem.  Just give us a minute
        whil we check your credit rating."  If that comes back green, then
        they give me service... no big deposit required.  On the other hand
        if it comes back orange or red, then I have to pony up a big deposit...
        which, depending on my behavior, I might not ever get back... before
        they will sell me service.

        Contrast this to Internet service.  If you reach out and hack my
        router, and if I am on the ball, I can and will report you to your
        (current) ISP, giving the exact date and time of the incident and your
        IP address.  In the rare circumstance where (a) this is not your
        first offense while on your current ISP and also (b) your ISP is
        below-average greedy and (c) your ISP is below-average incompetent
        and (d) your current ISP is below-average irresponsible, then you
        -may-... I stress -may-... actually lose your current connectivity.
        But even in that very rare case, of course, you can just waltz down
        the street, the same day, to the next convenient ISP and start all
        over again, barely missing a beat.

        So, when is this industry going to grow up, realize that creative
        individuals, given a single DHCP connection, even perhaps one with
        relatively low bandwidth, can get on and cause $tens of millions of
        dollars worth of either theft or damage?  When is the industry going
        to start admitting to itself that individual end-lusers can be
        dangerous, sometimes even to the tune of $tens of millions of dollars?
        In short, when is this industry going to start vetting people, at
        least a little bit, before giving out connectivity to any Tom, Dick,
        or Harry who shows up on the doorstep with five dollars burning a
        hole in his pocket?  Where is the equivalent of the "credit rating"
        for Internet users?  If I'm running a mom-n-pop ISP, where do I go
        if I want to find out whether or not this unsavory-looking individual
        who slept in my doorway last night is or isn't a guy who has already
        been tossed off his prior two ISPs for gross misbehavior?

        Maybe its time for the industry to create a registry of such people.
        (And don't hand me all of that bleeding heart crap about personal
        privacy, government survelliance, etc. etc. etc.  You'll only serve
        to make it evident to all that you're in the same camp with the
        wacko Second Amendment wingnuts and/or the equally wacko Any Rand
        extremist devotees.  Time to grow up and realize that if you want
        to participate in, and obtain benefit from, a civilized society,
        then society has a fair right to ask you to give up a little bit of
        something in return.  That's the bargain.  Take it or leave it.  If
        you don't like it, then get the flock off the Internet and go live
        in a cave someplace.  And don't let the door hit you in the ass on
        your way out.  You will not be missed.  And besides all of that,
        you're probably carrying around five credit cards in your walet as
        we speak.  So it's more than a liitle disingenuous for you to whine
        about personal privacy as you are checking your credit score five
        times a day.)

Believe it or not, -that- is the -short- version of my solution to the
Internet's problem(s).


Reply via email to