[ISN] Microsoft-loving (former) security czar calls for closed internet

From: InfoSec News (alerts@private)
Date: Tue Oct 02 2007 - 23:04:05 PDT


http://www.theregister.co.uk/2007/10/02/richard_clarke_speech_trust_online_santa_clara_university_microsoft/

By Cade Metz in Santa Clara
2nd October 2007

Richard Clarke, the man who served President Bush as a special adviser 
for cyber security, has a five-point plan for saving the internet.

Speaking at a Santa Clara University conference dedicated to "trust 
online," Clarke called the net "a place of chaos in many ways, a place 
of crime in many ways," but laid out several means of righting the ship, 
including biometric IDs, government regulation, and an industry wide 
standard for secure software. He even embraces the idea of a closed 
internet - which seems to have sparked a death threat from net pioneer 
Vint Cerf.

"A lot of these ideas go against the grain. A lot of these ideas are 
ones people have already objected to - because of certain shibboleths, 
because of certain belief systems, because of certain idealogical 
differences," Clarke said. "But if we're going to create trust in 
cyberspace, we have to overcome some of those shibboleths, overcome some 
of those ideological differences, and look anew at these ideas."

According to Clarke - who was also a special assistant to the President 
for global affairs and national coordinator for security and 
counter-terrorism - about 35 per cent of all U.S. citizens would rather 
shoot themselves than carry a national ID card. But he thinks they're 
being silly. He believes biometric IDs are an essential means of 
fighting online crime.

"One thing you could do with a biometric ID card - if you wanted to - is 
prove your identity online," he said, as if taunting his critics.

Yes, he realizes that internet mavens value online anonymity. But he 
insists this has nothing to do with biometric internet IDs. "One of 
ideological underpinnings of the internet is that we're anonymous," he 
said. "Well, guess what? We're not anonymous. Amazon and DoubleClick and 
all those other companies already know everything about what you're 
doing online." ID cards don't eliminate anonymity, he explained, because 
anonymity is already gone. Then he added that Bill Gates agrees with 
him.

Next, Clarke called for more government oversight of the net. According 
to his rough calculations, 75 per cent of all U.S. citizens are against 
government regulation of any kind. But he thinks they're being silly 
too. "You don't want government regulation? Then just let your kids eat 
all that lead off their toys."

In short, he believes the Federal Communications Commission (FCC) should 
force ISPs to crack down on cyber-crime. "[The FCC] could, for example, 
say to all the ISPs, 'You will do the following things to reduce fraud, 
bot nets, malicious activity, etc."

Isn't the government one of the problems where online privacy is 
concerned? It is, as Clarke pointed out. He also called for a 
nonpartisan organization dedicated to fighting abuses of government 
power. "What if we had a champion in the government who we trusted on 
privacy rights and civil liberties? What if we had a government advocate 
with real power to ensure that the government doesn't violate privacy 
rights."

That's three points from the five-point plan. Two more to go.

Number four: A secure software standard. "We should look, as an 
industry, at improving the quality of secure code, so that we don't need 
to issue software patches, so there aren't trap doors - intentional or 
otherwise," he said. "This is not a revolutionary idea. We put this in 
place a long time ago for electrical appliances."

This is Clarke's least controversial notion, but you have to wonder how 
effective it can be. Removing all bugs from electrical equipment is one 
thing. Removing them from software code - some of the most complex stuff 
ever invented - is another.

In discussing secure software standards, Clarke slipped in another plug 
for Microsoft. "This is an idea Microsoft has already championed," he 
said. And then he said it again. Bill and gang sponsored the conference.

And, yes, Clarke's fifth and final idea is a less than open internet. 
"Another idea that's already been rejected that I think we should look 
at again is the idea of a closed internet," Clarke said. "Why should the 
part of the internet that's connected to the power grid be open? Why 
should that part of the internet that runs nuclear laboratories be open? 
Why shouldn't there be a closed internet? There are already relatively 
closed internets - and now we need to think seriously about expanding 
them."

Several years ago, when Clarke suggested the idea to Vint Cerf, the 
internet founding father had a fit. "[He] implied he was putting 
together a firing squad to take me out," Clarke said.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Tue Oct 02 2007 - 23:37:07 PDT