I hate hackers. As a group, as individuals, as a genre without exception, I hate hackers. While I am at it, I hate identity thieves, spam, people from Burkina Faso who tell me my uncle died, some nun from Liberia who wants to help steal from the church, and anyone else who is running some Internet scam to prey on the stupid.
Don’t get me wrong, I am not fond of stupid people either. I am just tired of the chaos on the web.
Our current methodology for internet security is positively medieval. We hide behind firewalls and have security patrolling our borders attempting to repel the invaders. Each second of the day someone is trying to lay siege to our data, and we hope that our defenses are updated.
We live as if the castle is the only safe place, but gunpowder has just arrived and that castle is not all that safe anymore.
The irony is, in the digital world of today, the raiders, who attack us, are exceptional at what they do but for some reason, have chosen to be destructive instead of cooperative. Though there are ones who seemingly help and people are willing to compare them to Robin Hood because they attack governmental organizations or anyone else with an agenda, and undermine their security to let us know the truth, ultimately they are still thieves who compromise our information for their notoriety and grandstanding. They steal privacy.
There are three things that you can take that put you beyond the pale: taking a life, a sense of self, or privacy. Any one of those thefts and you are not a hero, you are the villain. It might be hard to steal a life on the internet, but you can certainly do the other two.
But does such gallantry actually work? In the myth of Robin Hood, the king returned and all was well. This ain’t Robin Hood. There is no king who can use majesty and power to correct the wrongs of the internet, and while it might seem as if organized hacking groups are doing a service, all, they are really doing, is making it harder for everyone else. Instead of creating a transparent government, they make people hide things with greater effort.
There is a theory that when computers get smarter, they will be able to protect themselves and your data better without all the additional layers of safety. I am not sure how that is going to work when the biggest single point of failure now is the operator.
Crappy passwords, inadequate understanding of what you are doing, going places on the internet that are the equivalent to the worst neighborhood in town and flashing cash, and outdated equipment all contribute to the reason that we have problems. How do we stop someone who is undereducated from opening an email from some weird place? How do we get people to reject the idea of free money?
Common sense is not enough.
I have always heard that if you have several problems that appear to be insurmountable, perhaps you can offset them against each other and a solution can be found that supports what you are trying to accomplish and removes the inability to act.
One method is to take the technology to the next level. Instead of usernames and passwords, we need a piece of hardware that can be loaded to prove who we are and will serve as our permanent digital identification. Admittedly some people will not like that but the reality is something has to be done.
The two best ways are already in use today and while there will still be problems; they fall on the availability of the hardware side rather than usage, but they will both fix stupid if they are implemented. One will do the job better than the other.
The first is a Common Access Card, which is gaining ground in the industry, already in partial use in the banking arena in Europe as Chip and Pin technology and the standard for the United States Military.
The Common Access Card focuses on two things, a physical object that you must have, and a pin or password. The military uses the cards to provide user access to computer systems, military websites, and to sign documents. In Europe, all credit cards are tied to chip and pin which requires the user to input a pin before the transaction will work. As a result, credit card theft and fraud is down in Europe and guess where all the thieves are focusing, America. We don’t have the chip and pin working yet.
The challenge on the national level would be to get the card to every citizen and the physical hardware to use it. 300 million people are a lot of cards and card readers. The military set their goal a three years when they initially implemented, and it took every bit of it plus some. Imagine the DMV but worse because it takes more information to produce a card and people slow the process just by being people.