Crime Expert Backs Call For "License To Compute"

The Cable Guy writes to mention that Russel Smith, one of Australia's principal criminologists, is pushing for first-time computer users to be required to earn a license to browse the web. "The Australian Computer Society launched computer driver's licenses in 1999. It aimed to give users a basic level of competency before they started using PCs. But the growth in cybercrime has led to IT security experts such as Eugene Kaspersky to call for more formalized recognition of a user's identity so they can travel the net safely. Last week Dr. Smith sat in front of a Federal Government Inquiry into cybercrime and advised Australia's senior politicians on initiatives in train to fight cybercrime. He said that education was secondary to better technology solutions."

Shhh ...

[SL Baur]

What's next, a license for sex?

Sadly, that actually makes more sense in this day and age of incurable STDs. The license states clearly when your last test was done and which (if any) STDs you have.

That should actually be welcome news to the average slashdotter who rarely ventures from his mother's basement - you're now a highly prized date. And even better news to Americans who would now have grounds to sue if they caught an STD from having sex with someone who showed a clean license.

Re:WTF?

[Anonymous Coward]

The same way painting your car red makes it go faster.

No, this needs a Godwin analogy, not a car analogy.

"The same way sticking a yellow star or a pink triangle on your jackets makes you safer."

After all, you're only safe in public if you can tell, at a glance, what kind of people you're dealing with.

Re:WTF?

[sams67]

Heh. Actually I wrote those .. thanks for the attribution swanzilla.

Re:WTF?

[Steve Franklin]

I think the analogy you are missing is the one that involves having a license to read. After all, it's a lot more efficient that burning books. Just give everyone a test for proper thinking before you give them a license to use this "dangerous" medium. You think Kennedy was killed by someone other than J Edgar Hoover's man in the CIA? You think WTC 7 looks suspiciously like a controlled demolition? No reading for you, sonny.

Re:something that should be learned in school

[TheRaven64]

But what do you do about people who left school before the Internet became commonplace? I'm only in my 20s, but I left school before the height of the dot-com boom and back then my school had a dual ISDN (128Kb/s) line for 700 or so students (only 70 computers scattered over the school though, and not many of the ones outside the computer lab were networked). Realistically, you can't expect anyone over about 25 to have been taught much about the Internet in school. Certainly no one over 30, and that accounts for a lot of the population.

Re:WTF?

[jamstar7]

Whoosh.


As The Who would say, "Meet the new boss, same as the old boss."

Re:WTF?

[Anonymous Coward]

Education yes, licensing no. There are a couple technical reasons for this.

First, for real security, a smart card will have to be issued to everyone with a license. This will slow down ID theft, even if someone's computer is completely compromised. If the card is physically taken, without the PIN, most smart cards will lock or demand an ever increasing wait time between guesses.

With a smart card comes a PKI for certificates to stop MITM attacks. We already have large PKIs supporting SSL, but can we scale up to supporting not just millions of hosts, but billions of people? Not just support, but do this securely with HSMs for the root keys that are both incredibly secure, but yet able to be backed up (so a loss of a site doesn't mean the loss of a root key.)
That root key will be a GIGANTIC target for any blackhat in the world because if they bag that, they can impersonate anyone in the world. This means that the keys will have to be kept in top secret security resistant to a siege force, only accessed by people who are cleared up very high.

Also with a smart card comes education. Most people barely know how to get cash out of an ATM with a PIN. Training people to understand that if they guess their PIN wrong more than "x" amount of times means they have to get it unlocked via remote, or having to go to the DMV will add a lot of frustration to a lot of non tech savvy users.

Then come smart card readers. Right now the CAC is the standard, but readers are fairly expensive. Maybe smart cards that are in a USB form might be the answer such as the iKey or eToken?

Finally, which division of the government would handle this momentous task of deploying this, both in meatspace (handing people the smart card and PIN), and in cyberspace (think corporate SSO servers, except scaled up several orders of magnitude.)

Having tried to get smart cards deployed at several places I've worked at, I hopefully know some of the ins and outs of the technology. If used right, they solve a lot of security issues [1], but they have their drawbacks, especially if a card malfunctions, if a user causes the card to lock due to too many wrong PIN attempts, or if smart keylogging software is able to not just grab the PIN, but access the card while it is plugged into the reader to obtain encrypted data unavailable otherwise [2].

[1]: Client certificates, S/MIME, PGP or GPG keys, Remote access, application signing, BitLocker To Go, TrueCrypt volumes, EFS, and other utilities have their security greatly enhanced by smart cards. An attacker has far less a window of attack to get into a TrueCrypt volume if they have to guess a cryptographic token PIN in less than 5-15 attempts, compared to unlimited guesses with a regular password or passphrase. Plus, an attacker would have to compromise the user (likely the easiest route), get physical possession of the smart card, or actively use the machine the card is plugged into without being detected.

[2]: A few years back back, a top notch software vendor had one of their HSM's ID/passwords compromised so an attacker was able to sign a few packages with it. The vendor took immediate action and issued a blacklist for the signed files (so there were no compromises on the customer end), but it is a lesson that even a key in an HSM stored on Mount Doom only accessible with the One, Two and Three Rings is still compromisable.

Re:Old Joke

[Dan541]

What's next, a license for sex?

We used to, it was called marriage.

Aha!

[SDFanboy]

I called this years ago! There's no way the big boys are going to let this powerful media go uncontrolled. Soon you will need a license to run a server, a web page, everything. Every packet will carry a crypto license from an authority - routers will have hardware to check it - by law! Coming soon!

Incorrect assignment of blame

[Jimmy_B]

Identity theft is a misleading term for bank fraud, and fighting it is the banks' responsibility, not the government's or the user's. We know how to do it, it just isn't getting done because of cost. Monetary transactions should be done with dedicated devices so that compromised computers can't be used to steal money. Reducing the number of compromised computers won't help because there are many of them and it only takes a few.

If they want to do something

[burning-toast]

If they simply HAVE to do SOMETHING about this "problem" then might I suggest incentivizing basic computer knowledge as such:

1. Optionally attach a basic computer literacy "certification" to your written drivers test which is renewed at the same place and time (license is imprinted with a symbol similar to the organ donor stuff). Leave the price of the ID / License the same.
2. Government $5-10 dollar tax break for persons acquiring the literacy certification with an equal portion donated to a public fund in charge of supplying our most underfunded public schools with updated computer equipment purchased from used corporate leased equipment (this would be a public bid by hardware vendors for the contracts) with an option to donate your $5-10 credit to the same.

ISP's could be compelled to give customers with this marking a small discount on their service since they will be a slightly lower risk than others.

If enough people got the certification I just HAVE to think that the net effect of a more educated society would have some cost savings SOMEWHERE in the economy the same way that drivers licenses have most certainly prevented or reduced the number of fatal / expensive collisions on the road.

I'm not generally a proponent of bigger government, but if we HAD to do something and massively f-ing expensive and complicated shit like computing licenses is already on the table then I would take my above approach instead of the more Orwellian approach in the summary.

- Toast

Utterly contemptible Bullshit

[Ralph Spoilsport]

Computer has: CPU
Cellphone has: CPU
Computer has: input pad (keyboard)
Cellphone has: input pad (numbers and associated buttons)
Computer has: video screen
Cellphone has: video screen
Computer has: audio out to a jack or speaker
Cellphone has: audio out to a jack or speaker
Computer has: memory RAM
Cellphone has: memory RAM
Computer has: memory storage (HDD or SSD)
Cellphone has: memory storage (usually SSD)

So, given that a cellphone is, for most intention and purpose, fundamentally a fucking COMPUTER, are they going to make people get a license so they can operate it "safely"?

Dear Antipodean legislators considering this legislation:

I want you to know and understand very clearly that I, Ralph Spoilsport (owner and operator of Ralph Spoilsport Motors) think you are a complete and utterly pathetic pack of nimrods and all around stupid ass knuckleheads for letting such a notion get beyond the "gee, that's a dumb idea stage". By even considering this as a possible line of action puts you at the same level of the most knuckledragging retarded dipstick government reps normally only found in the Middle East or Red State America.

If you actually pass this legislation, I hope your arms swell up and drop off.

RS

Re:Nonsense

[Anonymous Coward]

What can you do on Linux that can't be done in windows?

1) Install OS and near complete software on any PC without a license or activation
2) Access a repository of vetted software with 99% of what I need
3) Surf with piece of mind that my PC is not painted with an easily-hit bullseye
4) Install a modern release (2009) without paying a dime (as opposed to 2001 XP)
(repeat for 2010, 2011, 2012, 2013...)

That you can pirate Windows matters not to me. I'll save my pirating for DRM-free content.