This is not the book I started to write. It became the book I had to write so that I could write the one I started. When I began writing, security was to be one chapter in a book that was to chart new ways of using the Web. Instead, I have had to spend time my time trying to protect what we have already.
We will certainly reclaim the Internet. That should never be in doubt. Internet criminals of every type are being caught and prosecuted. Many of the technical proposals described in this manifesto are already being deployed in some form. But will we have the nerve to go forward and claim the future possibilities that are our right?
We face so many challenges that should have a much more urgent claim on our attention. Climate change and competition for the finite supply of cheap fossil fuels demand that we rethink our energy strategy. The rest of the world expects and demands Western living standards, whereas the West asks how it might be maintained after the retirement of the baby boomer generation. If we are going to meet these challenges, we must do more with less. The supply chain efficiencies that the Internet enables will play a critical role.
Early in 2002, I divided my time between two projects: stopping spam and securing Web Services, the next generation of the Web. The objective of Web Services is to allow businesses to make their information systems and thus their business processes much more efficient by allowing computers to talk to computers with the same ease that the Web allows humans to talk to computers. Security was already a major concern; no company was going to put its business infrastructure on the Internet until it was convinced that it was safe to do so. My catchphrase at the time was, “Without security and trust, Web Services are dead on arrival.”
Five years later, I still believe that this is the case, but I have since come to understand that it is not enough to provide a security infrastructure for the new world of Web Services. I cannot persuade businesses to trust that infrastructure while Internet criminals appear to run amok unimpeded. I hope that this book has at least convinced you that we can tip the scales back in our favor and that the fight is a winnable one.
Winston Churchill wrote his 1945 election manifesto in 6,123 words, I have used more than 120,000. Moreover, Churchill was defeated by the Labour party, whose manifesto was 20 percent shorter at a mere 5,010 words.
Since then, the trend has been toward verbosity until Newt Gingrich successfully campaigned on his 10-point Contract with America. The 2005 Labour party manifesto set out Tony Blair’s program for government in 6 phrases described in 20 words or less.
Internet crime is a complex problem, but not as complex as running a country. Here then is my five-point plan for reclaiming the Internet.
Design to realistic goals—. Proposals must be designed to meet realistic goals that address the real and immediate problems of Internet crimes.
Design for accountability—. Proposals must be designed to re-establish the accountability that existed in the original Internet.
Design for usability—. Proposals must be designed to be used by the ordinary user with no intention of becoming a computer expert.
Design for infrastructure—. Security must be part of the Internet infrastructure; the Internet infrastructure must therefore be changed.
Design for deployment—. Proposals must be designed to rapidly establish the critical mass necessary to drive deployment.
We all have a part to play. Software vendors must produce applications that are designed to be secure when used in the way that ordinary users can be expected to use them. ISPs need to take more responsibility for dealing with the problem of botnets. Governments need to work out how to align ability to act against Internet crime with responsibility to do so. Users need to become aware of the types of scam that might be directed at them and the steps they can take to protect themselves.
In this book, I have set out a plan for stopping the Internet crime wave. The plan is at least extensive if not comprehensive. Two important questions remain: What might success look like, and what is its probability?
One answer to what success looks like is to convince enough people that there are answers to the Internet crime problem and that they are being seriously pursued. This book might not provide the final answer to Internet crime, but I believe that I have at least provided one answer. Our opponents are cunning and tenacious. We must expect to have to change our plan as they respond, but we must always remember that this is a world that we, not they, created. Also, it is a world in which we, not they, will always have the upper hand if we choose to raise it.
We cannot surrender to the criminals, nor can we wait forever, paralyzed by the fear that no solution is guaranteed or that any action might have unforeseen consequences. Action must become the benchmark applied to every proposed solution. I would count this book a success even if none of the measures I proposed was deployed but it prompted someone to propose a better solution or a more deployable one.
Defeatism is never a solution. The New York subway system once suffered from defeatism. The outward symptoms of the defeatism were trains covered in graffiti, thugs and petty criminals jumping the turnstiles to avoid paying their fare, and dirty, dilapidated stations.
Much has been written about William Bratton’s impact on the New York subway system and the application of the broken windows theory that environment is a powerful influence on crime. The essential point is that failure breeds failure; success breeds success. The subway system gained a reputation for being dangerous, which in turn drove away passengers, which in turn led to a loss of revenue, which in turn led to lower maintenance budgets, which in turn led to stations becoming dirtier and more dilapidated, which in turn confirmed the perception of danger. The key to reversing the spiral was proving that somebody cared and was committed to reversing the decline. Removing the graffiti, arresting the petty criminals, and cleaning up the station might not have reduced crime, but they did prove that someone cared.
It is harder to judge whether the broken windows theory played a leading role in the decline of crime when applied to New York City as a whole. Social programs do not allow for the type of controlled experiment performed in physics. The reduction in crime in New York City coincided with a rapid fall in the number of juveniles and the end of the nationwide crack epidemic. It is also possible that a reduction in mortality rates due to gunshot wounds due to improved trauma care played a role in reducing deaths from gunshot wounds and hence the murder rate.
Science is a method of thinking; politics is a plan of action. Politics must take place in the real world, not in a science laboratory, and those who engage in it must act on information that is never perfect.
The Internet has also suffered from the perception that it is a permissive environment. The World Wide Web has been the World Wild West, an environment dominated by a frontier mentality that it is beyond the boundaries of law and order. The people on the Register of Known Spam Operators list of top spammers began spamming believing that it was a quick and easy way to make a lot of money. Every one of the top phishing gangs believes that it can operate the most brazen of frauds with impunity because the Internet is a weakly policed environment.
I cannot know what the same individuals would have done if they had believed that the Internet was not a permissive environment, but it seems most likely to me that at least some current Internet crime kingpins would never have gotten started.
Existing antispam measures demonstrate what we might expect success to look like. Small-time spammers are already being squeezed out. The passing of CAN-SPAM and the effective criminalization of the main techniques used to circumvent spam filters have reduced what had once been a flood of new entrants into the game to a trickle.
The elimination of the entry-level spammers has not had a marked effect on the volume of spam. The remaining high-volume spammers have responded to filters by increasing their message volume and switching to scams that provide the highest margin when successful. The short-term effect of filtering is that the kingpins have responded with more and worse spam.
Spam filtering alone could never eliminate the spam problem; filtering has closed the ramp for new entry-level spammers, but the kingpin spammers respond by sending more spam. Nor can the law solve the problem alone. Each spammer eliminated is quickly replaced. But the combination of technology and law is more powerful than either on its own. The spammers that are eliminated are replaced at a much lower rate, and the number of spammers steadily declines.
Eventually, a tipping point will be reached; the pool of active spammers will be reduced to the point where the remaining criminals realize that their own day of reckoning is likely to come soon. There are signs that some spammers are already starting to avoid targeting the largest ISPs, which have been aggressively prosecuting cases against spammers.
I believe that deployment of countercrime security infrastructure will also see a tipping point effect. Early adopters of e-mail authentication will look for improved reliability of e-mail delivery as the benefit. As the proportion of authenticated and accredited e-mail rises to a significant level, spam filters will be able to raise the discrimination criteria for unauthenticated e-mail without resulting in unacceptable rejection rates for legitimate e-mail. This in turn will increase the incentive to authenticate outgoing e-mail, which in turn will drive further deployment.
Similar tipping point effects, or positive feedback in engineering terms, should be seen through technological effects in the deployment of the INCH incident notification infrastructure and reverse firewalls described in Chapter 9, “Stopping Botnets.” ISPs that deploy these measures will effectively cause the criminals to switch their attention to ISPs that have not deployed. If your car is the only one parked in a street without a burglar alarm, it is the one most likely to be stolen.
Whatever the chance of success, we must try. Even if we believe we are certain to fail, we must try, or nobody will make the mistakes for the next generation of security specialists to learn from.
What is at stake here is not merely the Internet and the trillion-dollar Web economy, but what we might have in the future.
When the Internet began, nobody wrote a research proposal for inventing e-mail, but e-mail has proven to be immensely more valuable than anything that was planned. When CERN authorized the initial work that led to the World Wide Web, the objective was to produce a simple utility for use in the physics community, not to create the definitive information system of the twentieth century.
Web Services promise to revolutionize machine-to-machine communications as dramatically as the Web revolutionized human–to-machine interactions. Radio Frequency Identification tags (RFID) promise to revolutionize retail and manufacturing industries. The Semantic Web might allow us to change our understanding of knowledge itself.
Yet all these future benefits depend on our ability to secure the Internet as it stands today. We cannot convince businesses that they should move their entire information supply chain to the Internet until a convincing answer is given to the Internet crime problems we face here and now.