Cyber crimes like hacking and ransomware may be resolved by tagging each file and every piece of hardware with a unique identifier. What is keeping us from doing this?
The current internet protocol was developed in the early days of the internet to get packets of information from one point to another via any viable route. ‘It doesn’t care who you are, what you’re sending or who you’re sending it to. All that matters is the internet addresses that need connecting’ said New Scientist (August 9, 2017).
But the open standard of the 1970s is vulnerable to misuse and makes it hard to identify and block cyber criminals and hackers.
Traceable identifier
Internet pioneer Robert Kahn has proposed a solution called the ‘handle system’ in which each document and every piece of hardware will have a unique permanent and traceable identifier. The handle system would bring the exchange of information under control since it only allows access to devices with a valid identifier and blocks all others. A central handle registry keeps track of who has access to what.
The handle system is currently best known for its use within libraries and universities. Publishers use the handle system to identify articles with a handle called the DOI-code (Digital Object Identifier) such as doi:10.1186/s13635-017-0056-5. Even if the original website goes offline; you can still retrieve a document by its DOI.
Will full deployment of the handle system to each device and every document make the internet a better place?
The handle database itself will provoke cyber attacks
Dr. Pieter van Gelder, Professor of Safety Science at TU Delft’s Faculty of Technology, Policy and Management (TBM), does not think the handle system would prevent cyber crimes. Although it would make detecting and tracking individuals much easier.
“Compare the handle system in cyberspace to the physical system of a worldwide DNA database,” Van Gelder says. “Such a DNA bank would make it easy to identify a burglar even if only one hair is found at the crime scene. But genetic identification would not prevent people from trying to break in.”
Privacy issue
His other concern is the handle registry containing the handles from all documents and every internet user. The handle database itself will provoke cyber attacks, Van Gelder fears.
And then there is the privacy issue. “By labelling people and storing their data, tracking individuals would become much easier. Commercial entities could use this information to exclude people from insurance or to adapt their prices. Dynamic pricing already exists. When you book flights through a MacBook, sites will charge you more than if you would have used a standard PC.”
‘It is no coincidence that totalitarian regimes support this system ’
Professor of Governance of Cybersecurity at TBM Dr. Michel van Eeten says the main consequence of a handle system would be the ‘attribution.’ In other words: it will become easier to track who is doing what on the internet.
Van Eeten: “The handle system results in more control, and more control makes it possible to enforce other things as well, such as monitoring people who use VPN (to circumvent censorship and filtering, ed.) Or users who work with a TOR browser (to remain anonymous, ed.). It is no coincidence that totalitarian regimes support this system.”
Draconian control
And then there is the complication of introducing the handle system, which was conceived as a ‘blank slate’ solution, as if we could start all over again. Enforcing compliance with the handle system would require draconian control. Van Eeten: “You can only force it down hierarchically. All internet providers would be compelled to register each and every device that their clients use to go online. If a laptop doesn’t have a cryptographic identifier, it will get no internet access.”
Still, Van Eeten does not exclude that the handle system may be introduced locally. “China may be interested in source address validation. But in the western world, we’re not going to see that happening.”
Heb je een vraag of opmerking over dit artikel?
j.w.wassink@tudelft.nl
Comments are closed.