A few months ago, I already had some discussions with Eugene Kaspersky during an event of the Council of Europe on Cybercrime, how to address cybercrime on the Internet. At the moment, I am at a very, very slot connection and just got, what I saw on my RSS feed enclosure and could not verify the whole article but it is pretty much in line with the discussion we had there:
So, let me try to give you a perspective and some comments in this context. He seems to say: The short term solution is to get global cooperation with the police, because the police of different countries don’t know how to collaborate with one another. He believes the police want more successful investigations, not just to stop the criminals but to also own the list of successes. So nothing is getting done and each one is blaming the other for the problem. We have to start to work together, think globally, and create a global police force.I could not agree more with this but I am going one significant step further: We do not “only” need a better collaboration between the different police forces in different countries (or within a single country), we need a better collaboration between Law Enforcement, Judges, Prosecutors and the private sector. This requires a different way of thinking by all the parties but it is absolutely necessary. The biggest challenge here is, that there is not history of deep trust between these parties. From what I know, the Council of Europe is a great catalyst to help us all to get there. Additionally there are extremely good people in the different bodies like in Interpol, Europol who really want to move this on.
Next: The long term solution is to get governments around the globe to implement a universal list of rules and regulations for the public internet network. Well, yes and no. I am not completely sure, whether I want this. If these rules are written together with the industry, there is a certain chance that we regulate the right thing. However, knowing the different players at the moment, there is a good chance that this will not be used for the sake of a safer Internet but only to get a competitive advantage – and this would be really bad!
Finally he says: In addition, a personal ID will be required for internet access and for logging into financial websites, similar to a driver’s license or insurance card. “If you want to get connected or onto a website you will have to present an ID.” He explains. This is, where we had the discussion as I fundamentally object this idea. This is – in my opinion – not feasible as it would destroy one of the biggest advantages of the Internet: Free speech. Think about the events recently in Iran: Would the same kind of communication been feasible if we would have had strong authentication? Definitely not.
So, what we need is a model, which allows for both – and this is what we think the claims based authentication is about to deliver – it is part of the End to End Trust framework we introduced earlier.
So, I think that Eugene should stop with this claim. It does not really add to a fruitful discussion. Let’s collaborate (as stated above) to jointly work towards one goal: A safer Internet.