Craig Mundie Wants "Internet Driver's Licenses"

I Don't Believe in Imaginary Property writes "Craig Mundie, Microsoft's Chief Research and Strategy Officer, called for the creation of an 'Internet Driver's License' at the World Economic Forum in Davos, saying, 'If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance.' Of course, there are quite a few problems with this. For starters, internet use cannot yet cause death or dismemberment like car accidents can; and this would get rid of most of the good of internet anonymity while retaining all of the bad parts, especially in terms of expanding the market for stolen identities. Even though telephone networks have long been used by scammers and spammers/telemarketers, we've never needed a 'Telephone Driver's License.'"

Solution in search of a problem

[jmorris42]

Considering that enforcing a license requirement just here in the US would be nigh on impossible without rethinking everything and that the odds of doing anything of the sort worldwide is less than zero I'm left wondering just what problem this idea is intended to solve?

Hint, it ain't any problem we users have and it ain't a problem the network operators are having. And since the practice of allowing Microsoft products to connect to the Internet is the bulk of the spam/zombie/malware problem I guess we would license every host as well as user. Any any license scheme that permitted Microsoft crap to operate would be considered toothless and any that banned them would get called 'draconian.' No win scenario. The only winning move is not to play.

major loss for privacy, dissent

[hguorbray]

Although Google, et al can chip away at our privacy this would completely stifle free speech and dissent.

I know that some view ACs and their ilk as idiots clogging up discourse, but for a flip side of the coin how about the efforts to 'Out' Prop 8 contributors in Calif so they can be harrassed by gay activists?

-Not that I supported prop 8, but I do mod ACs up if they have something useful/interesting to say.

On the other hand, I don't disagree that there should perhaps be some required qualifications for hosting/administering websites, dealing with credit card transactions, userdbs, etc, but that is very different than (what I think) is being proposed.

I'm just sayin'

Schneier already covered this recently

[StreetStealth]

Bruce Schneier had a pretty good takedown [schneier.com] of this kind of argument just the other day.

Accept that you'll never truly know where a packet came from. Work on the problems you can solve: software that's secure in the face of whatever packet it receives, identification systems that are secure enough in the face of the risks. We can do far better at these things than we're doing, and they'll do more to improve security than trying to fix insoluble problems.

Ham radio

[KC1P]

So this is like a ham license for landlines which sort of *act* like public airwaves. It's actually not SUCH a bad idea -- it sure keeps the S/N ratio up in the ham bands. Even if the test is virtually unfailable, the overall sense of earned-privilege vs. god-given-right seems to add a few percent to the general level of maturity you get. It'll never happen though!

Chief Research and Strategy Officer...?!

[creimer]

This is the best idea that this guy could come up with?

It's been proposed before, and it still won't work

[Adrian Lopez]

1. It would probably be illegal for the US government to require "drivers licenses" for general Internet use. The Internet is primarily a medium for the dissemination of speech, and the US government is prohibited from demanding that people obtain permission before speaking [wikipedia.org].

2. Even if done privately, requiring people to identify themselves for any and all uses of the internet is likely a bad idea [schneier.com].

Only terrible because of complications

[slimjim8094]

I've seen many people on Slashdot suggest such a thing. Microsoft may be ridiculous, but it's likely they didn't come up with the idea.

In any case, the idea itself isn't terrible - it's only consequences of this that make it a bad idea (loss of anonymity, censorship, etc). The concept itself isn't a bad one. Loads of people aren't competent enough to not ruin it for everyone else.

If I were inclined to suggest something like this, it would be an ISP level thing. The ISP by default would allow you on to a NATted firewalled connection with a private IP address and filtering between hosts on the same virtual subnet. By passing a (standardized) evaluation or test or something, you'd be allowed IP addresses on the real internet. Sort of like a playpen for idiots.

These have the same problems as with a "driver's license", though, so I don't support them. Just saying Microsoft isn't nuts.

And keep in mind this guy shot down his own idea a few seconds after voicing it. I'm sure it was more like a thought experiment.

Don't become South Korea

[BlueFiberOptics]

As much as I like to joke that some people need licenses to operate a computer or use the Internet, this would be a bad thing. We'd all end up with license numbers and sites would start to require us to register with those numbers if we wanted to use those services. For many Internet-based services in Korea, you must enter a citizen ID.

Let's make a deal...

[DoofusOfDeath]

If users are like drivers, then OS providers are like car manufacturers.

So let's require drivers licenses, if and only if Microsoft:

• Can be sued when its brakes fail.
• Must issue recalls on all defective operating systems, regardless of how old the operating system is.
• Must subject its operating systems to safety tests.
• Must permit the government to review all of its designs when there are questions of safety.
• Must provide drivers enough information to fix their cars if/when Microsoft is slow to do so.

After all, dangers cars are just as serious as dangerous drivers, right?

Re:From the email cited

[GreatBunzinni]

More to the point, who exactly believes that the ability to freely express our own ideas how we see fit and without any danger of being attacked and punished by it is somehow bad or even dangerous to anyone? Who exactly is so afraid of free communication of ideas and the freedom to share information in order to be so desperate to beg any country's government to quench their citizen's ability to do that sort of thing? To put it in other words, who is so desperately afraid of not only their own countrymen but also every country's populace?

Questions

[bXTr]

Civil rights issues aside, there are other questions about this "proposal".

• What authority would be responsible for issuing these licenses?
• What are the criteria one would have to pass when obtaining a license?
• Assuming one would have to pay a fee for the license (nothing is free in this world), how much would one have to pay?
• What exactly would the monies collected in license fees be used for?
• What authority would be responsible for policing and enforcement of being licensed?
• What would be the benefit to the licensee? What would we get in return that we don't already have now?
• How will the information being collected from licensees be safeguarded from abuse by those within and without the licensing authority?
• If I'm traveling to another country, would the license be valid there, or would I need to obtain yet another license from that country?
• What about businesses that allow Internet access to their employees? Would the individual license be valid at work, or would the company have to obtain its own license?
• Would government agencies also be required to obtain licenses?

Those are only the few questions I could come up with in ten minutes time. There are certainly many more beyond these. I would like to hear Mr. Mundie's answers to these questions along with the complete plan for putting this into place. I'll wait.

It's only a *tad* bit flawed...

[MrCrassic]

Okay, I kid; this idea really sucks. I'm sure others here have picked up on this, but from just pondering it for thirty seconds:

• 1) (An aside) The headline is quite misleading; for a moment, I thought the article suggested porting physical driving licenses to an online medium, which isn't that good or that useful of an idea
• 2) What will this theoretical license allow and disallow? Would I have my internet account revoked because I forgot to sign up for a license? What would provoke such action?
• 3) This license would need physically-identifiable information, which probably means a social security number. Forget bank account hacking; this will be where the money's at. Which leads to...
• 4) Where would such a license be stored? If it's local, what happens when I wipe my PC? Can I re-download it from "the cloud?" And what happens if my license were stolen from "the cloud?"
• 5) How would this be enforced anyway? What if I'm connecting via tor or an anonymizing proxy?

I'm sure these questions can get addressed with enough thought, but I really hope this doesn't grow beyond that point.

Re:Licences for OS

[Anonymous Coward]

They'd just do what they did with the openXML standard, buy out the votes, hijack the committee, and declare their implementation, whatever it may be--the standard.

People die driving;they don't die on the internets

[mykos]

I feel MORE secure when people are required to learn rules before they drive. I feel LESS secure when the government decides who can and can't communicate.

I can understand a license to drive, but a license to communicate is stupid...no...it's scary.

whom to regulate

[Lord Ender]

How about we regulate the banks to provide real two-factor authentication for any online financial transaction? How about we set a standard for smart-cards (hell, add the capability to dirvers' licenses) and require that PCs come with smart-card readers?

If we just had these standards in place, they would pay for themselves extremely quickly.

Let's tell it like it really is

[taustin]

Microsoft doesn't want you to have to have a license to use the internet. Microsoft wants you to have to pay them for a license to use the internet.

Re:Just what I always wanted

[Hurricane78]

Which brings up the question, if the test will include famous lolcat quotes, knowledge about goatse/tubgirl/etc, memes, 4chan, YouTube “stars”, etc... and most importantly... will be 99.9% questions about porn topics. ^^

Ok, I did not expect some control freak lunatic like Craig Mundie to come up with something realistic...

Then again, nobody cares about him anyway. Ever. Especially from now on.

Re:Windows not road ready

[Anonymous Coward]

Wait a damn minute there. APPLE is the one who introduced the idea of "Developers Licenses"! So Microsoft talks about it but Apple is ALREADY IMPLEMENTING IT! Try to program something for an iPhone...oh didn't pay for your "developers license" well then you can't sell your software!

Re:Craig at it again...

[merc]

I saw Craig speak at the Usenix Symposium on Internet Security in San Antonio back in 1998. I completely forget to this day what his speech was about but I know enough to remember that it doesn't matter. The speech was full of inane misdirected statements, unproven research and illogical conclusions. After speaking a while I think I, and a lot of other people stopped listening to him and managed to allow themselves to be distracted by other things. But one thing I do recall that was amusing to see was Tom Ptacek -- who probably couldn't take much nonsense from this bag of wind -- started calling shenanigans on Craig's flawed conclusions and made a public spectacle of him. To this day I think it was one of the most amusing conference moments I've ever had the pleasure to witness.