Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet Your Rights Online

License to Surf, Take Two 503

NaugaHunter writes "A story on Yahoo asks Should [a] License Be Required to Go Online? It appears to be suggested by Bruce Schneier, chief technology officer for Counterpane Internet Security Inc. 'It could be a four-year college degree, a one-month course. It might be a good idea.' The story also details efforts of some schools from simple orientation to threats of fines for spreading viruses, and questions exactly who would be responsible for keeping track of who is and isn't licensed." Not a new idea, but one that's going to keep coming up. Update: 09/13 18:11 GMT by M : Bruce Schneier notes that he isn't in favor of computer licenses.
This discussion has been archived. No new comments can be posted.

License to Surf, Take Two

Comments Filter:
  • by LinuxMan ( 3590 ) on Friday September 12, 2003 @11:23PM (#6949803)
    That is a bit too much control on our rights, in my opinion. I would think that if that can happen for the Internet, then it could also happen for TV, telephone, and any other type of communication device.

    Though education is important, it is the software vendors who are really to blame for a lot of the problems... (i.e. RPC holes, etc) A lot of the propagation of viruses and worms is a result of software accessing flaws in the software, without user intervention.

    Apple 10 GB iPod [amazon.com]
    • by Sneftel ( 15416 ) on Friday September 12, 2003 @11:28PM (#6949828)
      The TV and telephone are different, tho; nobody ever caught a virus from a telephone (Douglas Adams references aside), and you do in fact need a license to run a TV station. The point is that, as a computer user, you have the ability to unwittingly affect lots and lots of other people.

      It's tempting to blame the vendors, and blame for stuff like the RPC holes should of course fall squarely on Microsoft's head, but keep in mind how successful trojan horses have been; some of the worst epidemics have required the uninformed cooperation of their victims.
      • nobody ever caught a virus from a telephone

        Are [wired.com] you [techweb.com] sure [oreillynet.com]?
      • TV and telephone aren't very different. In fact, you have a far greater claim to ownership--and legitimate, uncontrolled right to use of--the airwaves than you do the Internet or phone lines. If ATT wanted to shut off their phone lines, fine (although of course various telecom laws would actually complicate this matter tremendously; these are "artificial" anti-trust measures, not general issues of ownership). Comparitively, the TV airwaves are technically owned by the public and subletted to the license hol
        • The Internet is really the opposite, though. As more people use it, it becomes more valuable, not less.

          You sure about that?

          I started using the net in 1988. I thought it would be really neat if someday everyone had e-mail.

          I reconsider that with every penis enlargement spam that hits my inbox.

          The Internet becomes more valuable as more knowledge traverses it; but as Zappa observed, information is not knowledge. Most of what's being added now is static, not signal.

          • You sound a bit elitist to me. I'll agree that there may not be a linear relationship between usage and information; certainly some people could be stricken from the net without the rest of us noticing. But everyone having e-mail is pretty useful, too. Then again, I may not be the one to ask. I don't get spam, and I've been largely unaffected by blaster and sobig.
      • by SW6 ( 140530 )
        The TV and telephone are different, [...] you do in fact need a license to run a TV station.

        Interesting factoid: all telephone use in (at least) the UK is actually licensed. Sure, it's a class license (essentially the kit is licensed by virtue of it being idiot-proof enough to allow the unwashed masses to use it safely) but it's still a license. This license can be, and sometimes is, withdrawn from individuals or groups if they're causing problems with the system.

    • by SampsonSimpson ( 687479 ) on Saturday September 13, 2003 @12:26AM (#6950083)
      Viruses and the holes they exploit are the responsibility of the programmers, and they are in a better position to fix these problems rather than trying to distribute the responsibility to users. While preventative maintenance on behalf of the users should be encouraged as much as possible, it should never become a pre-requisite to internet use.

      It's plainly impractical, (Given the global nature of the internet, how do we go about giving one entity the responsibility to handle all of those registrations?) and it would implicate much privacy concerns.

      Also, (and possibly more importantly) I think there are very important First Amendment concerns raised with a mandatory licensing scheme - The internet is a communication medium, and I'm not sure a licensing requirement will strike the correct balance between security/safe computing and free speech; In ACLU v. Reno the Supreme Court viewed the internet as a "unique and wholly new medium of worldwide human communication" and that "the interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship." The Court was concerned with the CDA and its censorship of pornography, but I think the logic applies to all forms of government restrictions on internet communications. I think the court recognizes the importance of the internet and its impact on speech, and but for compelling reasons, free speech will be given more deference over restrictions that provide dubious benefits.

      I don't think virus/exploit free computing is compelling quite yet, because I think I am capable enough to prevent most exploits on my computer. Whether someone else prevents it from spreading or not is irrelevant to me - only I have the ability to prevent it from attacking me. I shouldn't blame you for sending me a virus, I should blame myself for not being able to prevent it from infecting my machine

      I suppose it's different when an intrusion is per se harmful to a third party (for example, when I start harming the RIAA after a virus infects my computer and starts sharing music files) but those situations should be handled on a case-by-case basis anyway.

      Basically, my point is that licensing internet use is a bad idea, and possibly unconstitutional. Let's not even consider it.

      and no, IANAL.

      • "the programmers are in a better position to fix these problems rather than trying to distribute the responsibility to users"

        Exactly. As much as some people would like a government-approved "way to use your computer" training course, how useful can it really be?

        Lycoris recently included a virus-checker in their GNU/Linux distribution, despite the fact that there are no known viruses which propogate on such a system, and their virus definition file was empty. Their reason? "The IT departments won't let
      • Viruses and the holes they exploit are the responsibility of the programmers, and they are in a better position to fix these problems rather than trying to distribute the responsibility to users.

        Well, here's what the article says about that [emphasis mine]:

        To combat threats, software companies have been trying to make technology easier to use -- Microsoft Corp., for instance, is considering automating the download and installation of software fixes.

        No user intervention required.

        Think about this, f

  • by Anonymous Coward on Friday September 12, 2003 @11:24PM (#6949808)
    Why don't we start taxing email! Or perhaps data by the megabyte! Think of the revenues!
    • Actually, thats not so bad of an idea... well... anyways the taxing email part.

      Although, not for the reasons you mentioned... having say a 1 cent tax per email cent, would perhaps be one of the only solutions to solving spam. In a year... I send perhaps... 7300 emails ( figuring 20 per day ) ... so... in the long run, It would cost me about 7.30$ a year...

      Now just think about how much money this would cost spammers??? It would cut back *ALOT* on spam, at least IMHO.

      Granted... this was an off to
      • Actually, thats not so bad of an idea... well... anyways the taxing email part.

        The problem with that is people like me with a private e-mail server. Do I have to become a business? Do I have to stop running the server? Do I have to clear every new account with some external authority and provide a paper trail for every user? Do I have to have someone come into my home and audit my server? Am I responsible for the tax if one of my users doesn't pay? Do I have to pay a tax for administrative e-mail I send?

  • by Frymaster ( 171343 ) on Friday September 12, 2003 @11:24PM (#6949809) Homepage Journal
    • Yup. Paid by MS I bet.

      Its not our fault our software has bugs, it the users for clicking on attachments, or surfing on the Internet with our software. Pass the buck, blame the user.

      Lucky it will never happen, nice puff piece. But with all information moving online, you cant require a license to access the information, or read a newspaper.
      • by Serapth ( 643581 ) on Friday September 12, 2003 @11:35PM (#6949868)
        Actually... it is more a linux-esque type article. MS makes its billions off catering to the slobering masses... Linux is the soceity that tends to bash users for being too stupid to do anything... The whole "lets license users" type argument for surfing is a complete tech-elitest typical bs approach. Then again, you idiot proof something, the world builds a better idiot. The real answer is most likely to make a more modern, effective and adaptive education system... both in traditional school years, and there after.

        That said, I agree... the article is total flame bait. Oh well.
        • by hankaholic ( 32239 ) on Saturday September 13, 2003 @10:19AM (#6951446)
          Linux is the soceity that tends to bash users for being too stupid to do anything... The whole "lets license users" type argument for surfing is a complete tech-elitest typical bs approach.
          To some extent, possibly, although I've often seen Slashdotters stand up with comments such as, "What about people in China (et. al) using the Internet for purposes which aren't condoned locally? The Internet can be a way to communicate with the world despite the wishes of the local governance."

          Given this viewpoint, many Slashdotters would realize (and vocalize about) the idea that requiring licensing from the locally ruling bodies could restrict speech in those localities in terrible ways.

          It seems to me that Slashdotters often seem to hold freedom over security.
  • Can we (Score:3, Funny)

    by Phosphor3k ( 542747 ) on Friday September 12, 2003 @11:25PM (#6949814)
    Take care of revamping drivers tests first? A retarded monkey can pass drivers tests in most states.
  • If surfing is outlawed, only outlaws will surf.
  • by pavon ( 30274 ) on Friday September 12, 2003 @11:26PM (#6949817)
    First off this whole virus issue is just starting to get really bad. A few years ago it wasn't necisarry for the average user to be so vigiant. As it become necisarry, whose to say that they won't learn by collective experiance. And if you are going require licenses from anyone, lets start with the people writting poor software that is allowing the net to degrade the way it is? (and again whose to say that they won't improve on their own now that it is becoming more necisarry to do so).

    But here's my real question. Why post such flaimbait? This article is just some nobody giving his foolish opinion in a non-influential news site. If this was on CNN, then i could kind of see posting it. It this written by a big name in IT, I could see posting it. If there was ANY chance that this guy would be taken seriously, i might understand posting it. But there is none. This article is pure flaimbait, and Bruce Schneier is a Nazi.
    • Bruce Schneier is a Nazi.

      Damn! There I was, putting my finishing touches on my "+5 insightful" comment and BAM! the discussion is ended!

      oh well... there'll be other threads...

    • Bruce Schneier is a Nazi

      I actually sent an e-mail to Bruce to discuss some things with blowfish about a year ago and he actually returned a very thoughtful and information e-mail. Most people as busy as him would not do so.

      Perhaps there should be required training before posting on /.
    • by twitter ( 104583 ) on Saturday September 13, 2003 @12:12AM (#6950037) Homepage Journal
      This needs to be reported because it needs to be combated. It need to be reported as long as "you need to keep up with the current patches and virus checkers and all that shit" is passed off as popular wisdom. M$ is trying to blame the user for it's own software failures and therby force restrictions on email, www, and all computer usage that would be benificial to themselves and harmful to free software.

      The user is never at fault for poor software, especially closed source crap the user can't fix if they could or wanted to fix.

      Virus checkers, email restrictions, firewalls and all that are in vain when faced with the reality of closed source distribution. I work for a small computer shop. The only software we can put on all the broken computers that come in for repair is the user's original software and any updates M$ lets you. The vast majority of computers out there run EOL'd systems like 95 and 95. Customers lack the skills needed to diagnose the problems or do the best fix, a wipe and reload. It cost them about $75 if they have all of their software, and they are loath to pay for the time it takes to load up all the patches and updates that won't protect them from next week's worm. I can't blame them for feeling that way. Nor can I blame them for wanting to email their friends. Those that have lost their software generally end up throwing their machine away or go find some nasty cracked copy of M$ shit because they don't want to spen the $109 and equpment purchase needed for an OEM copy of Windoze. The net result is the same in every case, boxes that are just as easy to bust as the day they were made. But, so what? Even the dilligent are getting burnt.

      I have recomended Mozilla for people who absolutly must have M$. My little brother told me that an XP update broke Mozilla and made it terribly slow, but Netscape still works. Woot.

      I'd recomend Debian or Red Hat and sell CDs for the same price as a driver disk, but my boss is worried about support. I'm not sure what kind of "support" could be worse than the mess most Windoze users now find themselves in. Still, he's the boss. The day, however, I can make money doing it, he's going to like it. I'm starting to think that the store's usual $4 per CD burnt and the 30 minutes it takes to install a dual boot of any linux system might be cheaper fixing Windoze. Blinding the windoze side to the network makes it last longer so that it can do the things it does well for the user.

      I'm starting to see the path of least resistance here. Demo the system with Knoppix to prove hardware use. Blind Windoze, dual boot and set them loose. Actually doing something beats the hell out of bitching and moaning. It can work.

  • by 2starr ( 202647 ) on Friday September 12, 2003 @11:26PM (#6949818) Homepage
    I help administer an apartment/dorm-ish complex at a university. Basically the approach we're taking is letting people know what's expected: virus checker, etc. If an incident occurs and we find the person wasn't taking adequate precautions, they get fined.
    I don't think you can require people to do stuff like take classes, but if they're neglegent, they should be held responsible.
    • by TwistedGreen ( 80055 ) <[twistedgreen] [at] [gmail.com]> on Friday September 12, 2003 @11:40PM (#6949902)
      So if everyone gets infected, does everyone get fined? I think it's ridiculous to get fined at all, let alone getting fined for deficiencies in software /you/ didn't write.
      • You choose to use the software. If you can't judge the risks and take adequate precautions, it's your fault.

        If a trojan installs a spam spewer on your system: it's your fault.

        The software on your system is an extension of you; it is acting as your agent. It's infractions are your infractions. Period.

      • by aardvarkjoe ( 156801 ) on Saturday September 13, 2003 @12:46AM (#6950163)
        If an incident occurs
        and we find the person wasn't taking adequate precautions, they get fined.

        They're not getting fined for deficiencies in software. They're getting fined for irresponsible behavior. What's wrong with that?
    • If I go outside with a cold and you happen to get sick a week later, are you going to come to my house and fine me?
    • I would like to see a highly publicized case of holding some home broadband user responsible for the fact that their machine was hijacked to send spam or participate in some DDoS.

      I've talked to too many people who've said, "I don't need to bother securing my home system because I've got nothing anyone would want." I've answered, "They want to use your machine to attack me." But the message doesn't sink in.

      While these end users are being provided with crap systems, there is a market out there. If their choice of bad systems gets them severly spanked, they will start making demands of their providers.

      All it would take would be a couple of high profile cases.

    • by Gogl ( 125883 )
      What makes more sense to me (and what they do at the university I attend) is to not fine those who get viruses, but rather to require that they have all service packs installed and a virus scanner (they can download one for free from ITS if necessary) before they can access the internet, and then if they still manage to get a virus just cut off their internet access until they're clean again. Makes sense to me, at least.
  • Great... (Score:2, Interesting)

    by G33kDragon ( 699950 )
    So once the users are educated with a basic set of computing knowledge, and when only people that actually know what they are doing are using computers...what's going to happen to lovely tech support?
    • Re:Great... (Score:2, Insightful)

      by Verteiron ( 224042 ) *
      We license people to drive, but traffic cops and state troopers don't seem to have much trouble holding on to their jobs...
  • As a help desk worker, I've thought this would be a nice thing to have many a time... but for it to work at all, a license would have to be valid for a year or so at most, at least the way technology changes today. Would an "internet knowledge test" from 5 years ago have a lot of relevance today? I rather doubt it.

    To really be a responsible and competent net-user, it's not good enough to write a test once - you have to get some basic knowledge, and then use that to continually learn new things as they appe
  • by Malor ( 3658 ) on Friday September 12, 2003 @11:27PM (#6949822) Journal
    In essence, we are blaming users for things that aren't their fault.

    The article talks about the need to install anti-virus software, and keep up on patches, and to read the fine print in click-through licenses to prevent spyware from being installed. All of these things need to be done to operate a computer safely, true.

    But why the hell are they required? We are giving users HORRIBLE software that is prone to constant infection. Some companies are taking advantage of click-through licensing to hijack people's computers. And we're blaming USERS for not doing the right things?

    That would be like making cars that exploded if you ran them at exactly 62mph for more than 12 continuous minutes, with brake systems on the outside of the car where anyone could walk by, flip a switch, and disable them, as well as aftermarket accessories that forced cars to drive on particular roads at particular times.... and blaming the drivers when cars blow up, can't brake, or cause traffic jams on certain roads.

    People mostly just want to do email and read the web. We should be providing them software that does this with absolute security.

    We are blaming users for faulty software.
    • by tsg ( 262138 ) on Friday September 12, 2003 @11:45PM (#6949929)
      It's not a "black-and-white" issue. No software is 100% secure. No hardware is 100% secure. Users are going to have to patch their systems at one time or another. Users also have to know not to open attachments in email unless they're reasonably[1] sure it's not dangerous.

      At the same time, software and hardware manufacturers (closed and open source alike) have to be diligent about shipping reasonably[1] secure products.

      And let's not forget the people who supply the pipe through which the lusers with their horrible software are infecting every other computer on the planet. ISP's have to be more responsible for their users. Both in educating them and preventing them from being too dangerous when they do screw up.

      All sides need to do their jobs better.

      [1]For very large values of "reasonably"
    • Blaming the user (Score:3, Insightful)

      by metamatic ( 202216 )
      Of course we're blaming the users. The users choose to purchase PCs running Windows.

      When people choose to buy Pop-Tarts, microwave them, and then eat them, we feel they have nobody to blame but themselves for the burns. Yet somehow when they buy Windows, ignore the safety directions that tell them to keep up to date with software updates, and hose the Internet, everyone seems reluctant to blame the idiots.

      Windows is not necessary. I've never purchased any Microsoft software, and I'm doing just fine. In my
      • by LordLucless ( 582312 ) on Saturday September 13, 2003 @03:32AM (#6950622)
        "anyone who decides to spend money on a PC running Windows deserves what they get"

        And there are, like, so many options too. It's fine for me, I build all my computers from parts. But the truth is, most people buy ready-made, plug-em-in-and-they-work type boxes. And most of those come with Windows. Not to mention that anyone who wants to play most games these days has to run Windows. Or just the fact that they know windows, and are comfortable with it.

        And lets face it, if clueless newbies adminned Linux boxes, they'd be almost as insecure Windows machines. Unpatched, permanently logged in as root, all files chmodded to 777 so they don't get any errors, no firewall, cause ipchains is just too tricky. I'd agree that Linux is a technically superior OS, but as we all know, technical superiority don't mean jack when it comes to the desktop market.
    • Still, it's probably a good idea anyway- a lot of viruses and worms rely on users doing silly things.

      The classic example is urban legends, these entirely rely on the misbehaviour of users- I've multiple times received emails warning me about LSD stickers going around that look like superman, about microsoft sending money to anyone that replied to an email etc. etc. These get sent by the hapless orginator who thinks they are doing the right thing, and often are sent to a huge distribution list.

      The Micros

  • by Empiric ( 675968 ) * on Friday September 12, 2003 @11:27PM (#6949824)
    Should License Be Required to Go Online?

    No, but perhaps grammar skills should be required to work for the Associated Press...

    Seriously, this is a terrible idea. This would open up chicken-and-egg problems across the whole range of learning endeavor computers and the internet offers.

    The analogy of needing a license to drive a car is used repeatedly in the article, but I think that's not quite the right analogy; maybe requiring you to know how to rebuild an engine before you ever drive would be more accurate. One of the expectations mentioned is that you must know how to set up a firewall; is this really realistic to require before any unsupervised on-line time?

    The internet is growing because it's accessible, reasonably. If I needed a license to buy a book, I might never have started reading--and a book is a more accurate analogy than a car.

    Put the responsibility for viruses where it belongs, on the network admins and software vendors, not the newbies. Everybody's got to start somewhere.
    • The other major problem with the car analogy is that driving a very heavy piece of equipment at high speeds is dangerous not only to the driver but also to any anyone else around. What you do online may be annoying or troublesome, but it is extremely unlikely to kill anyone. (And requiring licences to simply use a computer seems utterly insane -- the article seems to imply that this might be part of the idea, although it may just be that the author personally can't distinguish between using a computer and b
  • Gasp! (Score:3, Funny)

    by Weatherman-au ( 572907 ) on Friday September 12, 2003 @11:28PM (#6949830) Homepage
    You mean the "Internet Driver's Licence" isn't a real licence for that there Interweb? Bugger, now I have to take it off my resume.
  • by kaan ( 88626 )
    In fact, this is not only impossible, but unrealistic and rather terrible. Why? Because there will be absolutely no practical way to enforce, encourage, or even suggest uniform "rules" (whatever they might be) in every country around the world.

    The article plainly says that we are continually exposed to junk mail, viruses, etc., and this would help to eliminate such things, but one of the reasons that such nuisances exist is because there is no single governing body over the internet. As much as I'd like
  • by BattyMan ( 21874 ) on Friday September 12, 2003 @11:29PM (#6949836) Journal
    To drive a car
    to fly an airplane
    to use any radio transmitter beyond minimal power walkie-talkies, cellphones or 802.11.

    All these things are done to help enhance the safety of everyone using the medium.

    The signal to noise ratio of the Internet (maybe I oughta make that noise to signal) is typical of things which are totally out of control...
    • In order to get a SCUBA tank filled with compressed air you have to flash certification credentials saying that you've the knowledge to use it without killing yourself.

      Could ISP's not require _some_ sort of credentials assuring them that you've a clue?

      I see an apalling level of ignorance, from modern electronic office workers, whose _jobs_ consist of reading and sending email, building webpages, making PowerPoint presentations, expressing themselves via "desktop publishing" & spreadsheets, doing www r
    • by antiMStroll ( 664213 ) on Saturday September 13, 2003 @02:33AM (#6950505)
      The manufacture of cars, airplanes and radio transmitters are also regulated by massive standards bodies and testing, far more strenuous than any training imposed on users. Doesn't it make more sense to start there if we're really concerned about enhancing "the safety of everyone using the medium"?
  • ...but this is the dumbest suggestion I've heard in a long time. A security expert recommends more security. Shocking. News at 11.

  • by JoeShmoe ( 90109 ) <askjoeshmoe@hotmail.com> on Friday September 12, 2003 @11:31PM (#6949844)
    Which includes lessons on how Windows(R) with its WindowsUpdate(TM)(C)(R) is more easy to secure than Linux and even UNIX!

    And you thought the evolution in schools issue was a flamefest...

    - JoeShmoe
  • you won't be able to surf while under the influence.
    what will the slashdotters do? ;)
  • Better idea (Score:5, Insightful)

    by rossz ( 67331 ) <`ogre' `at' `geekbiker.net'> on Friday September 12, 2003 @11:34PM (#6949866) Homepage Journal
    I think someone should have to take a course in the Constitution before making stupid fucking statements that would limit people's rights.
  • by bob65 ( 590395 ) on Friday September 12, 2003 @11:37PM (#6949880)
    It could be a four-year college degree.

    Um, yes. I'm proud to be a Bachelor of Mouse-Clicking.

  • by JohnDenver ( 246743 ) on Friday September 12, 2003 @11:37PM (#6949881) Homepage
    From considering that maybe companies like Microsoft should be held liable for knowningly shipping an insecure product?

    The last thing I want to see is the software be subjected to the same liability/litigation as the aerospace industry, but I don't believe a EULA should protect a manufacturer from not fixing a product that is inherantly secure.

    The question we need to ask ourselves, "Has Microsoft knowingly done nothing to fix a security hole?"

    Nah! Let's just legislate RTFM!
  • by Heem ( 448667 ) on Friday September 12, 2003 @11:37PM (#6949883) Homepage Journal
    When we, the technologicaly elite, make our OWN network, based on encrypted tunnels on the existing infrastructure - then we can choose what level of certification is required to interact with peers.

    I'm serious.

    • Re:Our Own Network (Score:3, Insightful)

      by Tom ( 822 )
      Your problem is that you will still suffer from the next Melissa/CodeRed/Blaster/whatever outbreak, because when the pipes are saturated, they are saturated and your encrypted tunnels go down.

      If all the windows viruses would only affect windows systems, I couldn't care less. It's that they affect us all that bothers me.
  • The internet. Providing access to the ideas of ignorant fucks since 1969. Over 99 billion ignorant ideas served, laughed at, ridiculed, and shat into oblivion.
  • This will help poor people stay a whole lot poorer. The course will cost money. Poor people will not be able to afford the course. Poor people don't go online. Poor people miss out on education, school related studies, employment searches, etcetera. Poor people get less opportunities. Who thinks these ideas up? Republicans?
  • gentility (Score:3, Insightful)

    by sstory ( 538486 ) on Friday September 12, 2003 @11:44PM (#6949924) Homepage
    Be gentile in your responses, I read what he said, and he's just sort of hypothesizing, he's not really advocating.
  • to threats of fines for spreading viruses

    Are they not already imprisoned, at least in the US?
  • a nation-wide ID system. Might be crowded if you have to take a drivers test as well as an internet test at the same time; but I'm sure that can be ironed out somehow. Maybe by having different certifications such as we already have for driving.
  • People should need a license to have children, not to surf the internet.
  • by wytcld ( 179112 ) on Friday September 12, 2003 @11:54PM (#6949976) Homepage
    Knock on the door.

    "Please open up. We have reason to believe someone inside is online without a license!"

    The license can't just be a smartcard, or everyone will just leave theirs in the slot so family and friends have access - and likely put the whole crew and half the wireless neighborhood on NAT behind them. So we're going to have to build biometric security into every potentially Net-connected device.

    That will surely get the Dept. Homeland Security Seal of Approval. Let's have Microsoft build it so it really works!
  • Do I really need to explain why this would be inevitable with some stupid plot like this. Mod article down -1 flamebait
  • Not good (Score:2, Insightful)

    by Anonymous Coward
    This is a Very Bad Idea. They want to license Internet Access, like they license buying a gun, or getting a license to drive. As if the internet has as much effect as a gunshot or a car crash! Besides, the real problems are the fundamental flaws in the design of protocols and software on the internet (i.e. open SMTP relays, email viruses - Yes, Office XP/NAV helps a lot, but I'll bet you there are still tons of people using Office 2000 who will never upgrade to Office XP, and who never renew their virus
  • If you aren't a good driver, you will kill someone. If you don't know how to use your own computer properly, you will wreck your own computer, There is a HUGE difference. You don't hurt anybody by not knowing how to use your own PC.
  • (i.e. who's behind you) and lose your license
  • No (Score:3, Interesting)

    by dswensen ( 252552 ) on Saturday September 13, 2003 @12:35AM (#6950121) Homepage
    As a tech support drone, I have to say that the second people have to have the slightest idea what the hell they're doing in order to get online, I am out of a job. So, no.
  • by HBI ( 604924 ) on Saturday September 13, 2003 @12:42AM (#6950150) Journal

    For pete's sake, this has to be the most elitist article I have seen recently. Because Mr. Schneier knows what to do to keep his computer uninfected, let's blame the users and force them to be certified to be online.


    How about blaming the actual target, the operating systems and flawed web standards that allow this. Look at certification authorities, browser, and OS vendors. I saw one of those hidden install ActiveX objects recently that has a Thawte signature. Why? Well, that CA's root cert is preloaded in IE so therefore, the signed ActiveX will install without any user intervention with default security settings.

    What is wrong with this picture?

    1. Why is Thawte issuing a certificate/signing code to/from a shady vendor like this?
    2. Why does Microsoft let anyone with a signed ActiveX object install the thing without question, by default?
    3. Why does the functionality to do so over the web exist in the first place? We know that scripting/file upload from untrusted Internet sources is the #1 security problem with end user systems. So why?

    The problem was flawed assumptions at the outset. Microsoft assumed the Internet environment would remain benign, as it was in the early days of commercialization. Therefore, security was not a consideration. This has proven utterly false. The CAs figured they were in the business of printing up certificates for money. Check on the reliability of a vendor? Why, that would cost too much...so what are certificates and signing really worth? Not a whole hell of a lot. Yet we tell people to trust their money and credit card numbers to this intrinsically flawed system of 'trust'.

    We, in IT in general, really need to reconsider all these flawed assumptions we have made and the bill of goods that has been sold to the general public. I have been doing end user support for 15 years now and I would be all too willing to blame this on the user. In this case we cannot. In the end, we have to realize it is not their fault. It is ours. We assumed things would stay the way they were, and they haven't.

    Now let's fix it...invalidating the entire CA model and delegating that function to the government would probably be a good start. Have all certificates emanate from a government source or be considered invalid. That might actually work.

    While we are at it, let's get the government involved in regulating operating system software in a formal fashion. Sure, I like the private sector and all, but it hasn't worked, has it? We have this huge security mess. Perhaps a greater degree of regulation is required to get us out of this mire, because market forces aren't going to fix the fact that Microsoft's operating system is woefully inadequate for today's Internet and most probably cannot be fixed while preserving backward compatibility for a meaningful number of applications.

    The last two paragraphs were just ideas off the top of my head. I'm sure others could be arrived at, and better.

    • For pete's sake, this has to be the most elitist article I have seen recently. Because Mr. Schneier knows what to do to keep his computer uninfected, let's blame the users and force them to be certified to be online.



      How to read the article:

      (1) Click the link.
      (2) Read.
      (3) Scroll down when necessary.

      Following this simple procedure, you will find the entirety of Schneier's wry little quote, which I will copy and paste here (instructions on that omitted) for your benefit:

      It could be a four-y

  • Give me a break (Score:4, Interesting)

    by Dr. Transparent ( 77005 ) * on Saturday September 13, 2003 @03:00AM (#6950560) Homepage Journal
    This is one of the stupidest ideas I've ever heard. Do you really think that a stupid course is going to do anything towards limiting the amount of times users screw up? Half the time people screw up (or more) is because people are lazy. It won't matter if you make someone take a stupid course. They still have to actually do something to prevent problems.

    Furthermore, the idea that a license will solve a problem is just plain idiotic. To suggest that "licensing" people prevent problems is a complete lie. While the author says "motorists must obtain licenses to drive", it is noteworthy that nearly 100% of all accidents occur by licensed drivers. Licensing would just be a new way for someone to tax me and a new excuse for people's own laziness.

    If you want to solve these kinds of problems, build better software and prosecute dumb-ass virus writers and script kiddies like the little punk-ass bastards they are.

    If you enter my house uninvited and threaten me I can shoot your ass dead. Why shouldn't it be the same way when someone breaks into my computer. Prosecute script kiddies.

  • by Cinematique ( 167333 ) on Saturday September 13, 2003 @03:02AM (#6950563)
    People should have to get a license to have kids, not to surf the Internet.

    Yeah, I said it.
  • Just online? (Score:3, Interesting)

    by Tom ( 822 ) on Saturday September 13, 2003 @04:33AM (#6950713) Homepage Journal
    Just for going online? There should be a mandatory course for using computers at all.

    Hey, hey - before you mod "Troll", think about this:

    * You can't drive without a license
    * You can't operate heavy machinery
    * You can't practice medicine


    We already cover most points where people can do damage to either themselves or others with mandatory education. It makes sense, too.

    It doesn't have to be "elitest". It can be as simple as driving school in most of the US, where you hop in a car with the local sherrif for 10 minutes and show him that you know which pedal does what.

    Of course, computers being more complicated, there's also a different answer. I'll post that in a new reply, so you can mod this one down all you like. :)
  • by Kjella ( 173770 ) on Saturday September 13, 2003 @07:45AM (#6951029) Homepage
    Come on, noone is going to verify such a licence. If anything, one person in the household will pass and the rest ignore it. Teaching basic computer safety should be part of the general education, as almost everybody that grows up today will be or come in contact with computers.

    Anti-virus - the importance of running one, but also some common sense. Like, if someone sends you an .exe on irc, and asks you to "test" it, would you run it? Trust me, many would.

    Automatic patching - seriously, I run an up2date cron job on my Linux box. What's the big fuzz over Microsoft's automatic updates? Your average desktop doesn't have a testbed anyway, so might as well patch when it's available.

    Firewall - With anything and everything connecting to the net these days, it's growing less and less useful for Joe Average because there's so many programs, they don't know which are good and which are bad anyway. Not to mention some of the biggest virus sources are web and email (read: Outlook and IE), which are allowed through anyway.

  • Geek cred. (Score:3, Insightful)

    by Johnny Mnemonic ( 176043 ) <mdinsmore&gmail,com> on Saturday September 13, 2003 @12:31PM (#6951931) Homepage Journal

    There used to be a minimum amount of computer knowledge that was required to get online. It's once the bankers and marketers invaded online space, and tried to make it available to the unwashed consumer masses, that we started having all these issues. Returning the internet to the geeks, who were largely self-policing, would do away with the vast majority of problems.

    Doing away with DNS would cure most of the issues, I think. How about having to remember the IP address for every site that you visit? If that's not enough, require three lines of CLI input before going anywhere. That'll stop the issues cold.

    I'm only half-kidding, actually. These assholes that broke our internet want to certify us to get back onto it? Maybe they should just be dis-invited.

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall