Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Privacy The Internet Technology

Vint Cerf on Differential Traceability on the Internet (acm.org) 105

Addressing the bad behaviors on the Internet, that range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills require a wide range of technical and legal considerations, says Vint Cerf, even as he steers clear that he supports encryption. But is there a way to bring more accountability and traceability on our actions on the internet without compromising our privacy? He has a proposition: What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.

In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.

This discussion has been archived. No new comments can be posted.

Vint Cerf on Differential Traceability on the Internet

Comments Filter:
  • by Jarwulf ( 530523 ) on Sunday August 05, 2018 @06:43PM (#57075228)
    Without all the tracking and authoritarian features they've been crying for all these decades. Why do we suddenly need them now?
    • by Anonymous Coward

      Because we've lost our privacy and we need to get it back. All of your emails and IP address connections and search terms are stored in a database. Simply ask your congressman... they authorized it.

    • by AmiMoJo ( 196126 ) on Monday August 06, 2018 @08:10AM (#57077736) Homepage Journal

      The internet has gotten along well so far...

      Has it?

      Foreign countries interfering with our democracies using fake accounts. Trolling getting to the point where people are dying e.g. swatting. Endless scams (Nigerian princes etc.), phishing...

      The internet isn't some magical other dimension, it's just a part of everyday life and part of its immense power is that things that happen online have real world consequences. And that includes what bad actors get up to.

      Personally I don't like this scheme because it's impractical and would give authorities far more power than car licence plates do, but the other extreme isn't much better.

    • by swillden ( 191260 ) <shawn-ds@willden.org> on Monday August 06, 2018 @10:37AM (#57078608) Journal

      Without all the tracking and authoritarian features they've been crying for all these decades. Why do we suddenly need them now?

      I don't think we do.

      However, your question is disingenuous. Even if the Internet has gotten along well so far (which is a claim that really needs to be defined and supported, but I'll ignore that), society's level of dependence on the Internet clearly has changed. As the Internet becomes more and more central to everyone's lives, the context and implications change. When there were only a handful of horseless carriages tooling around on rutted dirt roads the need for regulating them was nil. Within a decade virtually the same vehicles were a major part of traffic and the need for regulation became significant. Within a few more decades they became central to life in the developed world and regulation became critical.

      If your argument is "why now?", there is no need for a sharp answer. As a process of gradual change continues, problems become gradually more clear and the level of interest in addressing them gradually rises until it surfaces in the public discourse. This is normal.

      At this point, this is a debate that we do need to have or, more precisely, to continue having. There are difficult issues here, of how to balance the public interest in law enforcement and security against the public interest in freedom of speech, association and other actions. Anyone who admits only one side or the other of these questions needs to learn some history and to study the way the same issues have been balanced in the past, in other contexts.

      My preference is to err on the side of freedom, and even to accept a certain level of crime and public safety risk as the price of that freedom. But there is room for -- and need for -- constructive debate.

  • License Plates (Score:3, Interesting)

    by Anonymous Coward on Sunday August 05, 2018 @06:47PM (#57075244)

    "Ordinary citizens do not have this authority."

    Most people in my state don't know, but a person can go to the Department of Transportation, fill out a form, and get the registration info for a license plate. It used to be the requester could remain anonymous, but after a woman was stalked and, as I recall, killed, the requester information is required and confirmed with a gov issued ID. The police determined the stalker obtained her address from DoT. None of this changes Cerf's basic idea. That said, people of any political persuasion can list governments they would not trust with this power. If it is not the government that has the power, who would have it?

  • by 93 Escort Wagon ( 326346 ) on Sunday August 05, 2018 @06:58PM (#57075290)

    Nothing wrong with that... but, given the subject being discussed, it’s something to keep in mind when reading his opinion regarding tracking and privacy.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Vint was my VP when we both worked for UUNet back in the day. He even showed up at our Linux User's Group and talked about things. Good guy. I was disappointed he went off to Google, but then again, so did so many other people from the UUNet Ashburn campus. I went off to greener pastures after we were bought out by Verizon Business, a company I didn't want to work for.

    • by Anonymous Coward

      The irony here being that he works for one of the two groups who should NOT get access to our 'identity' and is suggesting we give access to the other one.

  • Abuse (Score:5, Insightful)

    by Anonymous Coward on Sunday August 05, 2018 @07:04PM (#57075312)

    By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.

    Considering the government's efforts with license plate readers precisely because they're the only ones with the power to demand ownership information from the DMV, isn't this a great example of the whole problem with trying to introduce traceability? It's become very clear that computers not only allow for the rapid automation of use but also the rapid automation of abuse. Attach that to a global communication network, and you offer pervasive rapid automation of abuse. It stands to reason with that in mind, you want to take steps to reduce traceability as a necessary step towards resilience from the pervasive adversaries, not only to those endowed with authority but those who would bribe, mole, or engineer their way into that authority.

    tl;dr - We need to take more steps towards protecting users, not trying to out villains. Computers are the one space where that's a much more doable option than most.

    • Actually anyone can request ownership information from a license plate from the DMV. He doesn't know what he is talking about. Vint is an old sellout who needs to retire.
  • by Anonymous Coward

    Consider the following:

    Facebook: OK, now that we're in the future where Vint Cerf's special differential traceability magic has come to pass, we've identified the IP addresses that these election meddlers were using to connect to their VPNs. Now, to unmask the villains...

    Roskomnadzor: Those IP addresses do not exist.

    Facebook: But--

    Roskomnadzor: Fifty years gulag!
    Vladimir Putin: Fifty years gulag!
    Donald Trump: So I have great confidence in my intelligence people, but I will tell you that President Putin was

  • It's a harsh statement, but the published goals of IPv6 are for every device to have a unique, stable IP address. This destroys even the slight anonymity currently afforded by NAT. It is one of the reasons many companies _refuse_ to switch to IPv6, even though one can do NAT over IPv6. The relatively small allocated Pv4 address space demands the use of NAT almost everywhere, and blurs the source of client connections.

    • Wrong; See: https://tools.ietf.org/html/rfc4941 [ietf.org].

      And IPv6 moving away from NAT has everything to do with NAT being an awful solution to the bad design of IPv4. NAT Going away is an enormous benefit for the freedom of the internet where all nodes are treated as peers.

      • Replying to myself, as it is the Slashdot way.

        Fun fact, all major operating systems support the IPv6 Privacy Extensions and most even turn them on by default. EXCEPT for the one operating system designed by an advertising company (hint: Android).

        • by Antique Geekmeister ( 740220 ) on Sunday August 05, 2018 @11:01PM (#57076052)

          I'm afraid that a security extension that no one bothers to use cannot be counted is irrelevant to network planning. No network I've encountered since the invention of IPv6 has activated those extensions. Most of them who've bothered with IPv6 have run it in parallel with IPv4 on their externally exposed addresses. And _none_ have discarded their IPv4 exposed NAT addresses in favor of IPv6.

          Whether NAT was "an awful solution", it has been effective and remains effective. I'm afraid that the underlying logical premise of IPv6, that every device should be addressable from every other device, was undesirable and flawed from its conception. Most devices on the Internet _should not_ be accessible from most other devices, and there has been no concrete reason to make them accessible. It's why most home routers simply use NAT, as do most corporate, educational, and public wifi networks. Though it is theoretically inelegant compared to IPv6, NAT on IPv4 takes less work to set up and is thus the standard worldwide.

          • by anon mouse-cow-aard ( 443646 ) on Monday August 06, 2018 @09:29AM (#57078146) Journal
            Please read up on Bellheads vs. netheads: https://www.wired.com/1996/10/... [wired.com] for networking to function best it needs to be end-to-end, and NAT breaks it. It's not a detail. It's not small kludge. It is fundamental breakage that prevents true peer-to-peer networking that happens, and forces people to use third parties to connect to one another. Hint: that's not a privacy feature.

            IPv6 with RAD includes privacy extensions by default and dead easy to deploy (even easier than DHCP on a home router.) While with typical IPv4 nat, someone who wants to map your home network just has to find your subnet, then has 255 or fewer addresses to ping. In contrast, using bog standard IPv6 (the privacy extensions became standard fifteen odd years ago?), you need to search 2 billion internets worth of addresses to map each home network, which will, at least, take much longer, but really, it is practically infeasible.

            The addresses used by IPv6 privacy extensions rotate more rapidly than IPv4 DHCP4, because they run multiple addresses at once. To argue that IPv4 is more privacy oriented than IPv6 is idiocy. Don't be an idiot.

            • In theory, networking is best when it is entirely exposed and valid. I'm afraid that in the real world, it is constantly being adjusted and tuned, locally optimized for both cost savings and security. NAT is _supposed_ to break networking, to prevent reaching into an internal network from outside without specific designated service by the NAT gateway owner.

              > The addresses used by IPv6 privacy extensions rotate more rapidly than IPv4 DHCP4,

              I'm sad to say "so what"? The addresses are not exposed through ra

              • NAT provides no security, if you think NAT-ing does anything other than provide extended addresses you need to read some networking books.

                For a primer, see: https://en.wikipedia.org/wiki/NAT_traversal>

                Further, In IPv6 just because each device has a unique address do NOT mean that each device can or must be globally accessible. You still have firewalls, and gateways.

                • I've certainly used "NAT traversal", port forwarding, proxies, and the like. I am experienced, even expert, in precisely how the limited resources of a small exposed address space can be worked around. The point I've tried to make is that the exposure of publicly accessible IP addresses of every device in the world for which IPv6 was designed is, itself, a profound security hazard and for most environments undesirable. Yes, one can install and maintain gateways nad firewalls, but the enforced gateway of NA

              • In theory, networking is best when it is entirely exposed and valid. I'm afraid that in the real world, it is constantly being adjusted and tuned, locally optimized for both cost savings and security. NAT is _supposed_ to break networking, to prevent reaching into an internal network from outside without specific designated service by the NAT gateway owner.

                > The addresses used by IPv6 privacy extensions rotate more rapidly than IPv4 DHCP4,

                I'm sad to say "so what"? The addresses are not exposed through random network scans. They're exposed by traffic sniffing, and logs collected on remote services. And the attackers do not care, and the home or small business user typically has no interest, nor capacity in skills, to enable the IPv6 "stateless addresses" And I'm afraid the addresses are not, by any means, "stateless"

                You obviously have never used IPv6 from an ISP. The way people "enable stateless addresses" is to either tick a box on their router or do absolutely nothing, as the ISP will just give them a router with it configured by default, and modern OS's will *just work*. It is LESS complicated than NAT, as you don't even need an internal DHCP. *stateless* refers to the way addresses are negotiated WITHOUT NEEDING A CENTRAL SERVER. It's FAR MORE ANONYMOUS than NAT on DHCP. each host basically asks the network..

                • > You obviously have never used IPv6 from an ISP.

                  I have. For home addresses, many vendor provide IPv4 and Pv6, and both addresses are NAT'ed. precisely to avoid people hosting traffic with public IP addresses. But many, and this includes large vendors like Verizon and Comcast, have used NAT addresses themselves for the exposed home IP addresses. They do not _want_ to expose the IP addresses of people's home routers unless they are paif for it, because it encourages them to set up their home addresses as

                  • Perhaps some natting is going for cell-phones, but in north america, at least, every home user gets a public IPv4 address that is quasi-static. The ISP's don't want to do NAT because it is too expensive for them (think of the poor routers doing the natting for a hundred thousand netflix streams.) Carrier-grade nat is very rare, to the point that I have never heard of it being used in North America. You're just wrong. It's bloody expensive to do right. and if the ISP's do it wrong they get downtime, which m
                  • >

                    My work has involved many customers and partners with thousands of hosts in their networks. Internal business networks without NAT is _not_ common, and the enforced policies of service exposure necessary for NAT are always a critical aspect of firewall and router configuration.

                    yes, I know, I work in an enterprise where idiots use enterprise NAT and it is a pain in the ass, every single goddamn day. NAT has become a religious cult of security people that think it has magic protective powers. That attitude is not based on any reasonable reading of evidence, just become a sort of chant, and it causes major issues for enterprises all day every day, but the issues are invariably technical, so long to explain that management's eyes glaze over. It's sort of death of a thousand cuts,

                    • > idiots use enterprise NAT and it is a pain in the ass, every single goddamn day.

                      So is the endless scanning and attacks on exposed IP addresses. So is the endless firewall tuning and maintenance to support a sophisticated internal network that presumes that every IP address will e exposed and services activated without having to get permission and put it through the NAT gateway. The working assumptions for NAT, that all incoming traffic is absolutely forbidden unless both the NAT port forwarding is act

                    • > idiots use enterprise NAT and it is a pain in the ass, every single goddamn day.

                      So is the endless scanning and attacks on exposed IP addresses. So is the endless firewall tuning and maintenance to support a sophisticated internal network that presumes that every IP address will e exposed and services activated without having to get permission

                      Firstly, a firewall is configured, as completely standard practice, to block incoming connections. Period. There is no additional exposure. IPv6 addresses are not *exposed to the internet* because there is no NAT. People still need to ask permission for things, because the default is to deny. NAT is not the same thing as a firewall. NAT is one way of implementing a firewall, but firewalls without NAT have existed forever and restrict traffic just as fully. An IPv6 corporate lan is not more exposed tha

    • by Anonymous Coward

      NAT is a hopeless patch-up crock that requires extra code in a lot of places to avoid breaking other things. But since the code is there you don't notice its extra weight. Moreover, its obfuscations can be undone with little effort, such as cookies, browser fingerprinting, and so on.

      IPv6 is built on the same assumption that underpinned pre-NAT IPv4, that every host on the 'net has its own IP address. And this still holds in IPv4 except in the "consumerised" NATed corners. Your "safety feature" is a crock an

  • Vint is a coward (Score:4, Interesting)

    by Khyber ( 864651 ) <techkitsune@gmail.com> on Sunday August 05, 2018 @07:29PM (#57075376) Homepage Journal

    "What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society."

    You can't espouse that while also evangelizing encryption/privacy, Vint. That makes you an absolute fucking cowardly hypocrite.

  • by Rosco P. Coltrane ( 209368 ) on Sunday August 05, 2018 @07:30PM (#57075380)

    In plain English, Vint cerf wants an internet police.

    Fuck that...

  • by Kjella ( 173770 ) on Sunday August 05, 2018 @07:43PM (#57075416) Homepage

    For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user.

    And not all machines are actually personal, family computers, internet cafes, library computers etc. are still a thing. While I'm not saying it's a good idea, if you want to record users well then you'd need to identify users, not machines. Oh and then I don't want the admins at work to be able to use my ID even though I need to access the Internet. And where would servers or IoT devices fit into this, like do I have to grant the light bulb permission to go online? And I imagine you'll run into all the fun credential passing issues with VPNs, SSH, VMs and so on. It kinda works for people who only have their own cell phone and their own laptop and nothing more complicated than that.

  • by Ken McE ( 599217 ) <kenmce@@@spamcop...net> on Sunday August 05, 2018 @07:45PM (#57075426)

    I rather like the idea of someone, something, being able to reach out and touch all those people who use the internet to commit felonies. I can't do it. One of the reasons I can't is because I have pretty well given up on the idea of being able to identify who is on the other end of this weeks scam. I can't even identify what country they are in.

    I like the idea of a big brother who could reach out and smite on my behalf. Problem is, I can't think of anyone who I would trust with that power. How do I keep the RIAA away from my music ? How do I keep my state from checking that I haven't bought any straws lately, or the wrong laundry detergent?

    The ancient romans expressed it as "Quis custodiet ipsos custodes? " or (loosely translated) who will watch over the people who watch over you? I have no answer to this problem but do understand the desire to address it.

    Good luck with this problem, Mr. Cerf, good luck.

    • Re: (Score:2, Troll)

      by Herkum01 ( 592704 )

      I just watched this video, Hear the death threat made to Don Lemon and Brian Stelter(on C-SPAN) [youtube.com]. I don't think we are safer with the individuals who use their anonymity to hide their bad behavior and deeds(look at the KKK, they lost a lot of power once the mask came off), not to mention governments (like Russia) can abuse this as well.

      I rather have a clearer view of whom is doing what, then pretending that everyone is good person only expressing an opinion, as opposed to someone is actively threatening vio

  • But billing info will still be required. It's a very short trip to connect this anonymous ID to all the real information that is required to do any internet business. From that point on, the real bad guys know exactly who you are. This makes security worse, not better.
  • It's just speech (Score:4, Insightful)

    by KC0A ( 307773 ) on Sunday August 05, 2018 @07:58PM (#57075444) Homepage

    "The ability to trace bad actors on the internet...Consider license plates on cars..."

    This is a terrible analogy. Cars are physical objects that directly cause property damage, serious injury, or death. "The internet" is just speech, and not even the "yelling fire in a crowded theater" sort of speech.

    Differential discovery implies that there is some benevolent authority somewhere. I'm wondering who Mr. Cerf believes could be trusted with this responsibility.

  • by ooloorie ( 4394035 ) on Sunday August 05, 2018 @08:11PM (#57075482)

    It's not surprising that this proposal comes out of a workshop in the UK; European governments have been trying desperately to deal with their revolting peasants who simply don't seem to want to comply with what Brussels and their own governments tell them to do. Both in the UK and in continental Europe, governments clearly want the ability to censor speech critical of government policies and to sow fear into the hearts of people critical of government policies.

    What is charmingly naive about people like Cerf is that he thinks he can make this happen. The net effect of such a regulatory regime would simply be a shattering of the Internet, as people move to P2P platforms, encryption, and other tools to avoid government censorship of the kind he advocates. A good outcome would be that it would badly hurt platforms like Facebook and Twitter.

    So, I say, bring it on, Vint, baby. Let's see whether the open source community can demonstrate what an authoritarian fool you are.

    • People in "Europe" have no problems spewing fascist and racist propaganda over Facebook with their real names, surnames and profile pictures visible to everyone: they would give zero shits about being given an "internet license plate" wrt government criticism. Moreover, their governments actually have no need or desire to censor them, because more and more often they are of the same political spectrum as them (elections take place).
      • European governments are not representative of public opinion. For example, majorities of Europeans have objected to migration/immigration from Muslim countries for many years, yet mainstream parties are simply refusing to implement meaningful restrictions. Furthermore, statements critical of Islam or Muslims are frequently prosecuted and punished by European governments.

        You're free to argue, like European governments, European churches, and European socialists do, that such restrictions on speech are neces

        • When you're conflating the Ukraine and Iceland with Portugal and Malta under a single term, as you keep doing when you talk generically about "Europe", statements lose meaning. If we're talking about mature democracies, as I suppose you're doing, then European governments are elected, typically every five years, and therefore they are fully representative of the people who voted for them. Many extremists generically claim that somehow governments escape elections and get to be tyrants against their own peop
          • If we're talking about mature democracies, as I suppose you're doing, then European governments are elected, typically every five years, and therefore they are fully representative of the people who voted for them

            The politicians that stand for election are themselves not representative of voters or the wishes of voters; European voters, like US voters, pick the least bad choices among a whole range of bad and unrepresentative choices.

            Europe has been under fascism, has been destroyed by it, and there it is k

            • The politicians that stand for election are themselves not representative of voters or the wishes of voters; European voters, like US voters, pick the least bad choices among a whole range of bad and unrepresentative choices.

              No, it is very easy to run as a politician in Europe, and politicians are as bad as the people who vote for them. We've seen porn stars get elected as senators. Just tell people something attractive to them and people will vote for you.

              It's absurd for you to imply that Hitler came to

              • Between the wars, people couldn't read or write in Europe. They couldn't care less about American eugenics, because they wouldn't have a way to know about i

                Really? How do you imagine that worked? People came back from WWI and suddenly became illiterate? My parents grew up between the wars and I emigrated from Europe. Of course European societies were literate and educated. Scientific racism was taught in schools and promoted by government scientists.

                Sleazy politicians started telling people what they wanted

    • by AmiMoJo ( 196126 )

      The net effect of such a regulatory regime would simply be a shattering of the Internet, as people move to P2P platforms, encryption, and other tools to avoid government censorship of the kind he advocates.

      It wouldn't. They already have this in China, and most people just use the normal, censored, tracked and monitored internet without any protection or even any worry about it. They think it's a good thing, for their protection. They will boast about how little crime there is because the government is protecting them.

      It's only a minority who bother with Tor or VPNs, and merely using them is a crime in itself.

      • Well, here's a newsflash for you: the Chinese are culturally very different from Americans and are willing to tolerate authoritarianism to a much greater degree.

  • quite ironic (Score:4, Insightful)

    by ooloorie ( 4394035 ) on Sunday August 05, 2018 @08:43PM (#57075630)

    In most societies today, it is accepted that we must be identifiable to appropriate authorities under certain conditions (consider border crossings, traffic violation stops as examples).

    It's ironic that many governments wanting this capability aren't even capable of identifying who crosses their borders and have millions of people living illegally in them. And, of course, in the US, many people throw a hissy fit when asked for identification on the street.

    The ability to track, "differentially identify", and punish people for unwanted speech only works for law abiding citizens in the first place. And the net effect of putting more of such laws into place will be to breed more and more contempt for government and the rule of law.

  • A more accurate analogy than licence plates, is library cards.

    His suggestion is that all "readers" have a globally unique identifier, so if they read (or write) something bad they can be traced.

    #fahrenheit451

  • There is a problem with his example as stated. Sure, us peasants aren't granted access to the license plate database the government maintains, but car financing companies, repo agents, parking authorities and in some places, any one who pays the fees can access that database. On top of that, there is a thriving and little known industry of compiling wholly civilian databases of license plates to serve those groups as well. Those private concerns are worse in my opinion, because while the DMV has your name a
  • I think the best compromise is for traceability to require information to be held/put together/authorized for collection by multiple groups with conflicting agendas. For example, any of a myriad of law enforcement and intelligence agencies would be Step 1. An internal review organization like the GAO or FISC would be Step 2. A watchdog/public interest group like say the ACLU or EFF would be Step 3. What is crucial is that the group involved in step 3 be independent and unable to be mandated by legal order t

  • Wait, what!? Not only does the Vint seem to think looking up license plate registration information is limited to "those in power", but it seems like nearly everyone else in this thread does too. People are just taking statements as truths...this is how confusing myths get started.

    You can most certainly get license plate registration information yourself, at least in every state I've been in. In Maryland, for example, I can get the owner's name, the registration information and the VIN number of the vehi

  • I've been saying this for a few decades.
    We need positive identification as a basis for trust.
    You can be identified by biometrics and location.
    Your ID probably has to be underwritten by a number of official forms of identification,
    drivers license, bank card, passport, birth certificate, relatives, etc.
    Then a network has to be secure enough to base that trust on,
    probably verified by a cross referenced, Geo-located audit trail.
    Anonymity and obfuscation is bullshit.

  • by anon mouse-cow-aard ( 443646 ) on Monday August 06, 2018 @09:06AM (#57077998) Journal
    Folks railing against government suveillance are completely missing the point. Facial/bio recognition and license plate reading tech are only going to get cheaper over time. At a mall chain in Canada, there was an small kerfuffle because they started analyzing data from a camera and mike to do demographics of people asking questions: https://globalnews.ca/news/437... [globalnews.ca]

    Small companies get security contractors to operate their cameras, cameras that film people going into many small stores in the same area. The shops will know who you are when you enter, what your credit rating is, and whether you are suspected of anything, and none of that will be government information, and none of will require some massive db operated by big, bad FAANG, or the government. FAANG are just the first to set a pattern that smaller actors can use going forward. The benefit for most people will be decent customer service, and security more focused on bad actors. Companies will have more bang/$ on security spend, and could improve their sales. Everybody wins, which is why it will happen.

    Those bleating about personal information are the 21st century version of throwing clogs. It will be too cheap, and too easy to not happen. Information wants to be free, and that includes what you look like, and where you spend your money. I'm not advocating this, it's just that the economic incentives tilt the tables that way whether we want it or not. So go ahead and call yourself rabiddog43

    The companies will tag rabiddog43 as the one that drives a 2013 vw jetta diesel with license place x1z 251, his credit card number, and the name on it. The malls and shops will have footage of your car, your walk, your face if you ever visit any of them. The phone company will have all your movements throughout the day, based on cell tower telemetry. if they're google, they will have lower time resolution data from routine GPS pings. This is all information that they have as the normal course of doing their legitimate business.

    You want the cell phone not to track your location? Your phone needs to talk to a nearby tower. Want 911 to work, in a car accident? what about traffic congestion data? GPS& tower data is helpful... Want people to accept your credit card? (cash will die soon, too expensive to deal with.) As soon as you attempt any commercial transaction, you are toast.

    In the future, everyone you deal with knows *who you are* in the sense of having some summary of your digital history, if you are making any kind of commercial transaction, just like the small villages we lived in for tens of thousands of years. Honour and reputation will again become hugely important as it was of old, because the entire world will track how you behave. Everyone will behave well, or else.

    Who needs big brother if there are a thousand little brothers? If ten or fifteen little brothers have *got it wrong* about something is that actually easier to fix than having one big brother? The real question we have is not whether we will be surveilled, it's how fragmented we want that surveillance to be, and who watches the watchers.

    Laws need to evolve to deal with pervasive personal information, where it is everywhere, held by companies large and small, and understand that personal information is helpful to governments in providing services, not just policing. It's a conversation we aren't having yet, with all the privacy commissioners and luddites trying to shove the genie back into the bottle. Valiant effort. won't work.

  • by Daetrin ( 576516 ) on Monday August 06, 2018 @11:31AM (#57079084)
    This idea was a part of Vernor Vinge's "Rainbows End". In it the government had the ability to trace and control all internet traffic, i believe by mandating that all routers have technology enabling that.

    Ostensibly the government needed this ability to track terrorists. And the most fantastical part of the book IMHO was that the government did in fact only use it to track terrorists.

    In a fantasy land where we could actually trust the government to impartially use such power only in a responsible way i'd be 100% behind this idea. Unfortunately, we happen to live in the real world.

    We may end up in that situation anyways, but if we do i expect it won't solve as many problems as we'd like and we'll have to deal with a bunch of new abuses by the government itself. (And it's not like the government does a great job of using the tools currently available to solve problems on the internet as things are now anyways.)

    .

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...