Cybersecurity and Authentication: The Marketplace Role in Rethinking Anonymity – Before Regulators Intervene

Abstract

Anonymous speech plays a fundamental role in America’s political history. However, that long tradition of anonymous communications faces an image problem in today’s age of spam, computer viruses, spyware, denial-of-service attacks on websites, and identity theft. The criminals and hackers who perpetrate these insults on the commercial Internet are, for the most part, anonymous; we simply do not know the identities of these bad guys. Yet, the promise of anonymous communications is vital to the preservation of political liberty across the globe. Therefore, how should we regard anonymity in a digital age? And how should we strike the right balance between security and anonymity online? To begin, we should not consider the outlawing of anonymous communications as the answer to today’s cybersecurity threats. Commercial sector “regulation” of anonymity, so to speak, can play a significant role in combating these problems. Increasingly, online authentication has become important to both personal security and to cybersecurity in general. Some recent proposals toward bolstering security have included greater authentication of the source of emails to deal with spam and the requirement that those who conduct transactions online reveal their identities – seeming violations of online culture. Policymakers also want a say in the matter, and as the process unfolds, they might feel increasingly tempted to intervene whenever issues impacting privacy and authentication emerge in debates over telecommunications, intellectual property, biometrics, cybersecurity, and more. Regardless, government should not strip us of our anonymity online. Cybersecurity concerns may instead call for the marketplace – not regulators – to deal with the fact that many threats stem from that very lack of authentication. The inclusion of greater authentication standards into online services by private vendors will lead to their working in concert in unprecedented ways that may draw attention from regulatory and antitrust authorities. But these private, experimental efforts have no implications for political liberty – nor are they anticompetitive. Private solutions are the only real hope we have for decreasing cybersecurity threats, given that previous government efforts to regulate the Internet – for example, outlawing spam in 2004 – have not lived up to expectations. Political anonymity and commercial anonymity are not the same thing, and the distinction requires better appreciation. Over the coming tumultuous period of dealing with online threats, policymakers should allow the experimentation necessary to cope with today’s lack of online authentication to proceed with minimal interference.

This is a preview of subscription content, log in to check access.

Notes

  1. 1.

    Amy Harmon, “Digital Vandalism Spurs a Call for Oversight,” New York Times, September 1, 2003. p. A1.

  2. 2.

    Jennifer Tan, “Firm Says 2003 Viruses Caused $55B Damage,” Washingtonpost.com, January 16, 2004, available from Tecrime Website, //www.tecrime.com/llartV10.htm.

  3. 3.

    Ted Bridis, “FBI Skeptical on Internet Attack Source,” Associated Press, January 29, 2003. Available from Information Security News Website, //seclists.org/lists/isn/2003/Jan/0154.html. See also Katie Hafner and John Biggs, “In Net Attacks, Defining the Right to Know,” New York Times, January 30, 2003. p. G1, //www.nytimes.com/2003/01/30/technology/circuits/30secu.html.

  4. 4.

    Quoted in Robert O’Harrow Jr. and Ariana Eunjung Cha, “Internet Worm Unearths New Holes,” Washington Post, January 29, 2003, p. A1.

  5. 5.

    Security in the Information Age: New Challenges, New Strategies, United States Congress, Joint Economic Committee, May 2002, p. 63. //www.house.gov/jec/security.pdf.

  6. 6.

    “Revised Cybersecurity Plan Issued,” Associated Press, January 7, 2003. //www.wired.com/news/conflict/0,2100,57109,00.html.

  7. 7.

    For example, see Louis Trager, “Multiple Agencies Expected to Investigate Internet Attack,” Washington Internet Daily, October 24, 2002, p. 1.

  8. 8.

    “MyDoom Worm Spreads as Attack Countdown Begins,” CNN.com. January 29, 2004. //www.cnn.com/2004/TECH/internet/01/29/mydoom.future.reut/index.html. Quoted in the story was Paul Wood, Chief Information Analyst for British-based email security firm MessageLabs: “It’s very difficult for anti-virus firms to react in these scenarios. We’re always going to be on the back foot.”

  9. 9.

    Noted in Effective Patch Management is Critical to Mitigating Software Vulnerabilities (GAO-03-1138T), statement of Robert F. Dacey, Director, Information Security Issues, United States General Accounting Office, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform, September 10, 2003. //www.iwar.org.uk/comsec/resources/worm-virus-defense/GAO-final-testimony.pdf.

  10. 10.

    Testimony of Dr. Bill Hancock, Chief Executive Officer, Internet Security Alliance, “Computer Viruses: The Disease, the Detection, and the Prescription for Protection,” Subcommittee on Telecommunications and the Internet, Committee on Energy and Commerce. November 6, 2003. //energycommerce.house.gov/108/Hearings/11062003hearing1124/Hancock1786print.htm.

  11. 11.

    For one overview, see Alex Salkever, “Needed: A Security Blanket for the Net,” BusinessWeek Online, September 16, 2003. //www.businessweek.com/technology/content/sep2003/tc20030916_6815_tc129.htm.

  12. 12.

    Stop Signs On the Web,” The Economist, January 11, 2001. Available at //www.economist.com/printedition/displayStory.cfm?Story_ID=471742.

  13. 13.

    Quoted in Declan McCullagh, “White House Preps Cybersecurity Plan,” CNET News.com, September 16, 2002. //news.com.com/2102-1023-958159.html.

  14. 14.

    Jonathan D. Wallace, “Nameless In Cyberspace: Anonymity on the Internet,” Cato Institute Briefing Paper No. 54, December 8, 1999. //www.cato.org/pubs/briefs/bp54.pdf.

  15. 15.

    Robert A. Levy, “The ID Idea,” National Review Online, October 24, 2001. //www.nationalreview.com/comment/comment-levy102401.shtml.

  16. 16.

    Wallace, 1999. pp. 2–3. //www.cato.org/pubs/briefs/bp-054es.html. Wallace cites McIntyre v. Ohio Campaign Commission, 514 U.S. 334, 115 S.Ct. 1511 (1995), noting that “the Court invalidated an Ohio ordinance requiring the authors of campaign leaflets to identify themselves.” Also, in 2002, the Court struck down an ordinance requiring Jehovah’s Witnesses and other door-to-door canvassers to carry written identification permits. Watchtower Bible and Tract Society of New York, Inc. v. Village of Stratton, 122 S.Ct. 2080 (2002).

  17. 17.

    See Robert Lemos, “Sendmail Flaw Tests Homeland Security,” CNET News.com, March 3, 2003. //news.com.com/2102-1009-990879.html, as well as “Second Major Vulnerability Discovered in Sendmail this Month,” Internetweek.com. March 31, 2003. //www.internetweek.com/security02/showArticle.jhtml?articleID=8100186.

  18. 18.

    Ian Austen, “Study Finds That Caching By Browsers Creates a Threat to Surfers’ Privacy,” New York Times, December 14, 2000. //www.nytimes.com/2000/12/14/technology/14PRIV.html.

  19. 19.

    Seth Schiesel, “File Sharing’s New Face,” New York Times, February 12, 2004. //tech2.nytimes.com/mem/technology/techreview.html?res=9805E2DE133AF931A25751C0A9629C8 B63.

  20. 20.

    Walter S. Mossberg, “In Wake of Terrorism, It’s Time for the Internet to Face the Real World,” Wall Street Journal, October 4, 2001. p. B1.

  21. 21.

    For example, see Lawrence Lessig, Code and Other Laws of Cyberspace, Basic Books: New York. June 2000.

  22. 22.

    See Bruce M. Owen and Gregory L. Rosston, “Local Broadband Access: Primum Non Nocere or Primum Processi? A Property Rights Approach” (paper prepared for Progress and Freedom Foundation conference on Net Neutrality, June 27, 2003), p. 22, //siepr.stanford.edu/papers/pdf/02-37.pdf.

  23. 23.

    See Saul Hansell, “Anti-Spam Focus Shifts to Legitimate Mail; System Would Be Like Caller ID for the Inbox,” SFGate.com, October 7, 2003. //www.sfgate.com/cgibin/article.cgi?file=/chronicle/archive/2003/10/07/BUGSQ26H7I1.DTL&type=printable

  24. 24.

    Brian McWilliams, “Cloaking Device Made for Spammers,” Wired News, October 9, 2003, //www.wired.com/news/business/0,1367,60747,00.html.

  25. 25.

    Ibid, The Economist, November 27, 2003.

  26. 26.

    Quoted in Steven Levy, “A Net of Control,” MSNBC News. //msnbc.msn.com/id/3606168.

  27. 27.

    “Microsoft to Shut Down Chat Rooms,” Reuters, September 23, 2003. //www.wired.com/news/culture/0,1284,60567,00.html.

  28. 28.

    See Adam Thierer and Clyde Wayne Crews Jr., Who Rules the Net? Internet Governance and Jurisdiction, Cato Institute: Washington, D.C. 2003.

  29. 29.

    See Steve Peacock, “Bill to Hold Chief Information Officers Accountable for Security Seen,” Washington Internet Daily, October 30, 2002. p. 2.

  30. 30.

    Larry Seltzer, “Put Antivirus Protection Where it Belongs – On the ISP,” eWeek Enterprise News and Reviews, July 25, 2003. //www.eweek.com/article2/0,1759,1490782,00.asp.

  31. 31.

    Noted in Salkever, “Needed: A Security Blanket for the Net,” September 16, 2003.

  32. 32.

    See //www.mail-abuse.com.

  33. 33.

    Michelle Finley, “Other Ways to Fry Spam,” Wired News, April 24, 2000. //www.wired.com/news/print/0,1294,35776,00.html.

  34. 34.

    In January 2004, Bill Gates embraced the long-standing idea. Jonathan Krim, “Gates Wants to Give Email Users Anti-Spam Weapons,” Washington Post, January 28, 2004. p. E1. //www.detnews.com/2004/technology/0401/28/technology-47750.htm.

  35. 35.

    Stefanie Olsen, “Telecoms, ISPs partner in spam fight,” CNET News.com, January 13, 2003. //news.com.com/2100-1024_3-5140556.html.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Clyde Wayne Crews Jr..

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Crews, C.W. Cybersecurity and Authentication: The Marketplace Role in Rethinking Anonymity – Before Regulators Intervene. Know Techn Pol 20, 97–105 (2007). https://doi.org/10.1007/s12130-007-9010-z

Download citation

Keywords

  • Cybersecurity
  • Cyberterrorism
  • Commercial internet