Thought You Were Running A Tech Firm? No, You're The Fuzz.
Is it just me, or does it feel like the the internet is getting even more 'Wild West'?
Recently, the BBC's Horizon reported on the Dark Web and did a pretty good job of highlighting some of the gargantuan challenges thrown up by the penetration of the net into almost all aspects of our society, including:
- how do you maintain an open and free internet, but at the same time not leave a vast, unpoliced world for the exploitation of criminals and terrorists?
- how exactly do we expect there to be any sort of sensible consensus or response when this by necessity needs the collaboration of a myriad of stakeholders, including governments with diametrically opposed views on how the web should be governed?
- how can you regulate anyway given the ever-increasing rate of disruptive, technological innovation?
Make no mistake - we're in trouble here!
Consider just three facts:-
- the estimated annual cost over global cyber crime is 100 billion.
- there are "fast-evolving, multidimensional threats [that] exist across all sectors... risks are rising exponentially" (Ernst and Young).
- if Guy Fawkes had had the net, he'd have gotten away with it
At 52.40s into the Horizon film is a sequence where one of the key bodies (ICANN) "updates the internet" - it all looks nice and controlled and secure. But with every step away from this hard centre, things get softer.
By way of example, the Wall Street Journal asked why something as simple (and supposedly easy to remove) as internet pharmacies selling drugs without prescription have proliferated. Interpol (and the US FDA) tried to shut down over 1,300 such sites. ICANN has found themselves unwittingly in the position of investigating - and subsequently being lambasted for failing to fix the issue. Why couldn't they do it? Answer: the websites were created in one country, hosted in another, and doing business in multiple jurisdictions (some of which 'legally'). There was next to no co-operation from most of the countries involved, and no framework to call it in.
Fixing the 'policing' of the net requires collaboration and consensus that simply hasn't been achieved at all in the real world, so it won't happen online either.
However, there are certain pinch-points which can be addressed. It's estimated that 90% of cyber-crime involves - in some capacity - the exploitation of loopholes and gaps in internet domain structure - for example, the use of domain names to control botnets, distribute malware and take control of computers.
Domain hosts naturally try to limit their liability for defamatory, obscene or seditious content which is against public morality or is illegal in nature. However, securing domains does mean that domain registrars and other internet infrastructure providers need to address abuse of their own services - at source.
That in turn means a proliferation of compliance requirements across the technology value chain - for example, validation of an end-user's address, email and phone numbers: in effect, the pushing down of internet policing right to the grass roots.
You and me, the internet police.