At 03:18 21.05.2000 +0200, Jacob Palme wrote:
Should IETF do anything to fight the increasing incidences
of net criminality?
Yes - make sure we have tools to establish trust.
Make it less necessary to "trust everyone to be nice".
Can we do anything? Can the protocols,
which IETF manages, be modified so as to make it easier
to fight virus distribution, mail bombing, ping attacks
and the other ways in which people are harassing the
Internet?
Or would such changes to the Internet protocols mean
more invasion of privacy, in a way which is even less
acceptable than letting the criminals continue? It seems
that there is a strong group in IETF which likes the
freedom of the net and believes that changes to stop
criminal usage would also remove this freedom? Is this
true, or can we fight net criminaltiy without risking
the freedom of the net?
Crime prevention outside the net Crime prevention in the net
-------------------------------- ---------------------------
Surveillance, video cameras, Is it possible to allow surveillance on
wiretapping, bugging the net in such ways, that it will
not be
misused? IETF did apparently not think
so, when this was discussed at the IETF
meeting in December 1999, where a very
large majority voted against any
kind of
help from IETF in this area.
Highly contentious also outside the Net.
Making crime difficult by locks We have rather little locks, and what we
walls and crime-safe houses. have is not used very much. Why?
Crypto.
video cameras, black boxes and other Is this also not acceptable? Could
we log
tools to investigate "after the fact" what happens on the net in ways which
what happended. makes it possible to track the
criminals,
without risking misuse which threatens
the freedom of the net?
Signatures.
More work needed, especially thinking about deploying the more esoteric
variants
of signatures, such as "you can only find out who I am if I try to cheat you",
or "I have left proof of my identity in this box, which you cannot open without
accusing me in public of trying to cheat you".
One reason the digital paper trail is so awfully wide is simply because it's
so simple to "just" record the plaintext identities.
------------- below this line, I think it's not IETF business ----------------
Laws, detectives, prosecution, Are also applied to net criminals, if
penalties they are caught.
Not the IETF's business.
Controlling access to dangerous This method is probably not useful
tools and weapons, like explosives, against computer terrorism. Computers,
etc. like hammers, are the same whether
used for good or bad acts.
Agree. Not something we want to do anything about.
Police on the streets. Do we have police on the nets? Do we
accept them? Help them?
We have them. Not an IETF problem.
International police cooperation. This is essential, computer criminals
often run their crimes over national
borders to make them more difficult to
find and prosecute.
They're making cooperation, whether we want it or not.
Not an IETF problem.
Harmonized laws across countries. Can te laws, as they apply to computers,
be internationally harmonized in ways
which makes it less easy for
criminals to
find safe harbours in countries
which do
not have the necessary laws?
They are being harmonized, whether for good or bad remains to be seen.
Not an IETF problem.
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald(_dot_)Alvestrand(_at_)edb(_dot_)maxware(_dot_)no