The Internet Should Not Be Anonymous
Driver's licenses aren't all bad
I think most of us agree that some form of access control is needed in order for the Internet to be a useful tool for billions of people, especially as more and more critical services go online. The real question: How much control and who should control it? I'm pretty sure I don't want any government controlling the Internet, but I'm not sure a national logon ID is a complete takeover.
A lot of people whom I respect and admire are totally against any government agency requiring anyone to have a common identifier in the real world, such as a Social Security number or a passport, or on the Internet. They argue that such IDs are guaranteed to be hacked, abused, and misused -- both by malicious people and the very governments that issue them.
I understand the inherent concerns about giving any entity total trust, but a blanket statement against any common and trusted ID doesn't seem to be fair either. Although common IDs are largely imperfect, they provide value all throughout society. For example, I'm delighted that underage children aren't allowed to drive cars and that adults are forced to take a test before they can. I like that my world has street names and sequenced housing addresses so that it's easier for mail to be delivered and for the fire department and rescue squads to find my house.
For each ID we have, we should ask ourselves if society is better off with or without it. I'm not talking about using scary edge cases as the determiner, but looking at all the positives and negatives before registering complete disdain.
Know your Net neighbors
Perhaps you support the idea of driver's licenses and passports but still don't see how a national Internet ID would make the Web a safer place. Well, if the system could improve identity assurance (that is, the person is who they say they are), then it could prove useful. Maybe it would require two- or multifactor, biometric identification. A well-designed authentication system would consider all the components of the system and elevate or de-elevate assurance levels as appropriate.
This wouldn't stop hacking -- or identity theft, for that matter -- because bad guys can simply reuse credentials after the person has successfully authenticated on their compromised workstation. But it would be better than the default simple name and passwords we use today.
The details behind the Obama administration's push for a national Internet ID aren't known. But I do know that the Internet needs to be a more trustworthy place than it is today, and I'm willing to listen to new solutions that might help -- at least long enough to learn all the facts before just saying no.
In fact, I'd be happy if all it does is get the discussion to the end-game going. Anything is better than what we currently have in place.
This story, "The Internet should not be anonymous," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest in business technology news, follow InfoWorld.com on Twitter.