Archive

Posts Tagged ‘cyber war’

The War on Web Anonymity

By Marcel Rosenbach and Hilmar Schmundt

The Internet has always been a refuge of anonymity. Anyone could hide behind the cloak of namelessness and express the most offensive views. Now politicians and companies — including Google and Facebook — want to change that.

The Avenue de l’Opéra in Paris is a respectable address, surrounded by banks, boutiques and cafés. The tenants listed on door plaques include a language school and an airline. But the name of the building’s most famous tenant is not listed: Google. The global corporation values privacy — its own privacy, at least.

“We take data protection seriously,” says Peter Fleischer, Google’s Global Privacy Counsel. “We don’t know our users by name,” he insists. “We just store anonymous identifiers, but no personal data.” This is an important distinction for Fleischer, who says that Google’s primary goal is to improve the accuracy of targeted advertising. According to Fleischer, the identities of the people behind the numbers are irrelevant. “We don’t even want to know the names of users,” he says.

These statements were made only three years ago, and yet they seem to be from a different era. In the past, the Internet was a sea of anonymity dotted with username islands, but now the relationship is being reversed. Anonymity is being declared the exception — and a problem.

In June, Google launched a frontal attack on competitor Facebook and began testing its own social network: Google+. Suddenly Google is asking for precisely what Fleischer so vehemently declared was of no interest to the company in 2008 — real names.

The company has repeatedly blocked the accounts of users who refuse to provide their real names instead of a pseudonym, because this is a violation of its “community standards.” Those rules stipulate the following: “To help fight spam and prevent fake profiles, use the name your friends, family or co-workers usually call you.”

Free Speech vs. Attribution

Today Google is no longer satisfied with pseudonyms, and it isn’t alone. Politicians and law enforcement agencies have also declared war on anonymity, a fundamental characteristic of the Internet.

For some, anonymity is among one of the biggest strengths of the Internet, a guarantee of free speech and privacy. Others voice concerns over the “attribution problem” and see it as a key issue in the digital world that must be eliminated.

Particularly in the wake of attacks in Oslo and on Utøya Island , there is growing interest in tearing the masks off the faces of those who author radical right-wing hate blogs . Critics are calling for stronger online surveillance, an alarm button for reporting dangerous content and the reintroduction of data retention. But what use are surveillance and warning mechanisms if the authors of violent messages cannot ultimately be identified?

Last week the anti-Islamic treatises by the blogger “Fjordman,” whom the Norwegian killer Anders Behring Breivik has described as his “favorite writer,” made international headlines. But of course he isn’t the only one hiding behind a pseudonym. Jihadist forums using crude code names seek to incite hatred and violence against “infidels,” while right-wing extremists use the protection of anonymity to publish the names and addresses of members of the Antifa, or anti-fascist movement, who employ the same tactic.

Feelings of public outrage run high when it comes to issues like cyber-bullying, hate mail and insults, as was recently the case with iShareGossip, a German site where students could anonymously insult their fellow students. Some time ago, a site called Rotten Neighbor triggered similar feelings of outrage. It enabled people to take their neighborhood disputes online. Of course, those who unloaded their vicious remarks on the site remained anonymous, while the victims of their abusive language were clearly identified.

Limiting Anonymity

Last autumn Axel Fischer, a member of Germany’s conservative Christian Democratic Union (CDU) and the chairman of the parliamentary commission on “Internet and Digital Society,” called for a “ban on disguises” in the virtual world, at least for forums with political voting options, as he clarified after a storm of protest from the online community. Then Interior Minister Thomas de Maizière (CDU) also addressed the issue several times, saying that “limitless anonymity” should not exist on the Internet, where the authorities must be able to identity people who break the law.

De Maizière also launched two projects intended to facilitate secure identification on the Internet — albeit on a voluntary basis at first — the supposedly tamper-proof digital mail system “De-Mail” and the new identity card.

But in the anarchic world of the Internet is it even possible to implement a large-scale, binding identification requirement? A look at events in South Korea offers some answers to this question.

Ironically, this journey has led to more surveillance in the Asian country, where the Internet euphoria is among the most rampant in the world. In 2008, the 39-year-old Korean actress Choi Jin-sil was bombarded with hateful tirades online. No longer able to bear the attacks, she hung herself.

The nation was shocked. The conservative government reacted with the broader application of a law originally created only for election campaigns. Under the “Real Name Verification Law” anyone who wishes to post comments or videos online must identify themselves with their “resident registration number,” a 13-digit unique identifier issued by the government.

A Civilizing Effect

Currently the law applies only to websites with more than 100,000 users per day. Some website operators are probably quite pleased with the regulation, because the real names of customers are extremely valuable in the advertising industry.

Media researcher Daegon Cho of the US-based Carnegie Mellon University wanted to know what lessons could be learned from the Korean experiment. Does the constraint of having to reveal one’s true identity online have a moderating effect on the Internet community?

It does, as Cho discovered. The Identification Law has a civilizing effect on the Internet’s verbal offenders — though only in moderation. Those who rarely post comments online were especially likely to temper their emotions. In this group, the number of comments containing “swear words and anti-normative expressions” fell from 27 to 20 percent. Nevertheless, the majority of troublemakers continued to swear without restraint under their real names. Besides, instructions for circumventing identification requirements have been available online for some time, and when in doubt, troublemakers can always use foreign servers.

Instead of an identification requirement, the online community is placing its faith in the self-regulating forces of the Internet. Twenty years of experience with the World Wide Web have shown that it does not necessarily lead to moral decline. In fact, the figures from South Korea suggest that the Internet even civilizes some users with time. Experienced contributors to forums write offensive comments about six times less frequently than those who rarely write comments.

The discussion culture is often tended with sophisticated filter mechanisms and evaluation systems, and many administrators act as blog monitors, taking action against rude comments. Reputation systems reward popular discussion participants, whether or not they are anonymous. The content is what counts.

But what about extremists and criminals who use anonymity to evade law enforcement?

No Match For Law Enforcement

It appears that if there is sufficient pressure from investigators, the much-touted principle of anonymity quickly evaporates. The arrests of many presumed members of the hacker groups “Anonymous,” “LulzSec” and Germany’s “No-Name Crew” prove this.

The “unmasking” of about 20 “Anonymous” activists speaks volumes. Apparently neither masks nor virtual precautions could protect the net anarchists from being apprehended. Ironically, both the real names and, in some cases, the photos of these previously faceless net activists are now publicly available.

In a chat with SPIEGEL, German hacker “Darkhammer,” accused of having hacked into and disclosed customs data, boasted that he wasn’t afraid of the authorities, and that only stupid people let themselves be caught. He was arrested a few days later.

There is also ample evidence to suggest that political pressure isn’t necessary to force the use of real names online because users will take that step on their own. Nothing has accelerated the trend more than the success of social networking sites like Facebook, where users voluntarily reveal not only their names, but often photos, birthdays and sometimes even intimate details of their lives.

These services have turned into something resembling a digital civil registration office — the antithesis of anonymity. This is slowly undermining a quality that also has many proven advantages, particularly for dissidents in countries with oppressive regimes. A report by the respected American Association for the Advancement of Science even concludes: “Anonymous communication should be regarded as a strong human right.”

The example of media education shows what a double-edged sword the call for identification on the Internet can be, though. In one respect, Germany’s Ministry of Consumer Protection, parents and data privacy advocates are in rare agreement. To protect themselves against fraud, stalking and abuse, young people should never use their real names online, they say.

It isn’t easy to explain why this valuable anonymity suddenly becomes a problem after their 18th birthday.

Advertisements

U.S. Not Winning Cyber War

May 13, 2010 By Reuters

WASHINGTON (Reuters) – The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official said on Wednesday.

More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy under secretary of defense for policy.

Terrorist groups also had cyber attack capabilities.

“Our systems are probed thousands of times a day and scanned millions of times a day,” Miller told a forum sponsored by Ogilvy Washington, a public relations company.

He said the evolving cyber threat had “outpaced our ability to defend against it.”

“We are experiencing damaging penetrations — damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” Miller said.

His comments came as the Obama administration develops a national strategy to secure U.S. digital networks and the Pentagon stands up a new military command for cyber warfare capable of both offensive and defensive operations.

The Senate last week confirmed National Security Agency Director Keith Alexander to lead the new U.S. Cyber Command, which will be located at Ft. Meade, Maryland, the NSA’s headquarters.

Miller suggested the new organization, which is expected to be fully operational in October, had its work cut out for it.

Among its challenges are determining what within the spectrum of cyber attacks could constitute an act of war.

Miller said the U.S. government also needed to bolster ties with private industry, given potential vulnerabilities to critical U.S. infrastructure, like power grids and financial markets.

STAGGERING LOSS

Hackers have already penetrated the U.S. electrical grid and have stolen intellectual property, corporate secrets and money, according to the FBI’s cybercrime unit. In one incident, a bank lost $10 million in cash in a day.

“The scale of compromise, including the loss of sensitive and unclassified data, is staggering,” Miller said. “We’re talking about terabytes of data, equivalent to multiple libraries of Congress.”

The Library of Congress is the world’s largest library, archiving millions of books, photographs, maps and recordings.

U.S. officials have previously said many attempts to penetrate its networks appear to come from China.

Google announced in January that it, along with more than 20 other companies, had suffered hacking attacks that were traced to China. Google cited those attacks and censorship concerns in its decision to move its Chinese-language search service from mainland China to Hong Kong.

Miller took an example from the Cold War playbook to explain how the United States military would need to prepare for fallout from a cyber attack, which could leave cities in the dark or disrupt communications.

In the 1980s, the Pentagon concluded that the military needed to prepare to operate in an environment contaminated by the use of weapons of mass destruction.

“We have a similar situation in this case. We need to plan to operate in an environment in which our networks have been penetrated and there is some degradation,” he said.

One of the challenges Miller singled out was the development of enough U.S. computer programmers in the future.

“In the next 20 to 30 years, other countries including China and India will produce many more computer scientists than we will,” he said. “We need to figure out how to not only recognize these trends but take advantage of them.”

Copyright 2010 Reuters. Click for restrictions.