There are grave inconsistencies in the implementation of secure communications that have left the consumer at great odds with a new generation of talented, albeit immature, data thiefs. Catching a segment of traffic out of the air or through a piggy-back of a stream of packets brings concern to this scene veteran's mind. Looking at a protocol such as Internet Relay Chat (IRC), this is a community service protocol that should have been secured en-masse a decade ago (yes, I acknowledge the existence of several fledgling or poorly implemented initiatives providing "secure" communications with IRC participants). With the variety of commentary it provides and undoubtedly a vast percentage of that being interpersonal, socially-demonstrative chatter or even a variable percentage of immoral, unethical or illegal conversations - you would think that the majority of IRC users would have pushed for larger initiatives in addressing the stream's security imbalance.
However, who's responsibility is it or who is to provide the direction and solution? The truly responsibile party is the government, over any established country who has a basic electronic and/or telecommunications infrastructure to utilize or uphold. Will they willingly participate in this? Most likely, the answer is not without a fight. With the introduction of the Patriot Act, something that despite the course of this article I do support, surveilling a target would become 3x more difficult through cyberspace.
The U.S. Government alone has just caught up to the standards of this millenium with the implementation of facilities such as digital forensics laboratories for the FBI and U.S. Customs (DHS) - it is a step back for them to support a broad effort like this that we can only assume with confidence that they failed to predict. But is that a prediction worth coming to, when the consumer has been led astray from the fact that it has become increasingly easier for their communications traffic to be picked off in the last 4 years alone, in the midst of the whole security hype at that. Houdini himself could never has misdirected the crowd like that as well as the world's global technology partners have. Governments have an obligation to institute public policy that supports protection and privacy of the consumer - an obligation that have sat on for over a decade now. That leaves it to the private sector firms and the consumer.
Of course, the consumer is just not ept enough in the subject matter's specific basis to be effective in change - they just don't / won't know how to do it themselves. The private sector, knowing this full well, will capitalize on this weakness. That is how money is made in this world, plausible exploitation of weakness or addiction in society. So it is the government's fault, right? No. The government works - the leadership, however, is questionable. As the consumer public, we have an obligation to challenge this topic with our congress, state and local officials. One notable individual is doing just that with his efforts in raising awareness, Dr. D. J. Bernstein; Dr. Bernstein's relative article on this topic is here. Are we so blind today in accepting that the communications industry keeps our privacy as their number one priority? Absolutely not - the bottom line is the bottom dollar, always. Forging or dissecting a packet in this day and age takes grossly less skill than a decade or two ago. The legwork has been done, the protocol / RFC / standard has been established and the limits have been pushed with how far the technology could take us to the point that a second version has had to be created to cope with the unprecedented growth. This insecure means of generating and scaling traffic has led to some of the greatest Internet security breaches to date.
Of course, stopping 70% of the attacks isn't perhaps unrealistic with the implementation of some checks and balances that has been on the development table for the last decade - why won't the industry take the time to set them in motion? "Every couple of years they arrest some kid that rooted a couple of nasa.gov servers and label him a super-hacker / terrorist, rewarding him only with a jail term fo 20+ years." - How true, so let's take a look at a concept that I call Residual Accountability To Targeted Systems (RATTS). Beyond the scope of filing the criminal away to the court system for their just dues, we should also mitigate the issue of the corporat(assumingly) entity providing opportunity. Even the Holy Bible tells us not to provide opportunity to your brother to commit an immoral act A.K.A a crime. The opportunity can create the motive. So let's introduce legislation in the governments of the world that proposes levied fines on business or agencies that fail to secure their own communications or support systems.
Sound crazy? Maybe, but think about it. If VISA, who handles verifiable and equatable personal account details that link directly to your global financial profile and eventually your most personal identifying details, failed to provide proper checks and balances to their Point-Of-Service machine traffic, to include secure packet architecture or tunneling proficient devices, due to either blatant ignorance or ineptitude (i.e. making a concentrated effort on securing their systems and being accountable to a oversight agency) and were subsequently penetrated (potentially ruining the lives of millions of card/account holders), why then shouldn't these entities be penalized? Class-action lawsuits ARE NOT ENOUGH.
This goes for the telecommunications industry, television and media sources and even McDonalds! Not only would this provide an unprecedented negative incentive to business, but it would stimulate qualified workforce advances and the economy globally through the hiring of quality IT/IS administrators, engineers and analysts. This is a win-win situation for all parties.
2 Responses to “Internet Communication Needs RATTS”
Leave a Reply