The Net Delusion - Evgeny Morozov [123]
Plenty of American decision makers in the defense and intelligence communities are pushing to reengineer the Internet to better protect the country from cyberwar by making it easier to track cyber-attacks, hardly good news for anyone concerned about privacy. When the director of the FBI publicly admits that he doesn’t bank online out of security concerns, it’s a sure bet that more control and regulation of the Internet are on their way. Cybercrime has been one of the few consistently growing activities on the Internet, and its future prospects look bright. Now, with the rapidly expanding trade in virtual goods on social networking sites and other websites, crimes that target such goods have spiked as well (in 2009, the fraud rate for merchants selling virtual goods was 1.9 percent, compared to 1.1 percent for those selling physical goods online).
That so many online transactions are anonymous is believed to be the chief reason behind rapidly growing rates of cybercrime. Not surprisingly, many governments are attempting to link our online actions to our real names. Speaking at a April 2010 cybersecurity conference, Stewart Baker, former counsel of NSA, was just expressing a popular view in intelligence circles when he said that “anonymity is the fundamental problem we face in cyberspace.” In his much-discussed 2010 book about cyberwarfare, Richard Clarke, a senior national security official in many administrations, proposed that more ISPs should engage in “deep packet inspection,” a practice that would allow them to better analyze the information sent and received by their customers, thus identifying cyber-threats and dealing with them at an early stage. Clarke’s is a legitimate proposal that deserves debate and scrutiny by the public, but it’s important to remember that it’s through deep packet inspection—and using equipment bought from European companies—that Iran manages to keep such a tight hold on the Web. Very little can be done about Iran’s use of the technology: Nokia-Siemens, one of the companies that supplied Iran with the inspection equipment, rightfully points out that this is the same equipment used by Western governments, even if they may not engage in such practices as aggressively as the Iranians. As deep packet inspection becomes even more widespread in the West, it will become nearly impossible to hold Nokia-Siemens—never mind Iran—responsible for its actions. The public may decide that it wants more deep packet inspections to address the threats posed by cybercrime or terrorism; they’ll just need to remember it will have rather chilling effects on the business of promoting democracy abroad.
More junior and more tech-friendly military staffers have also been trying to figure out how to tame the Internet. In “Sovereignty in Cyberspace,” a 2010 article published in Air Force Law Review, Lieutenant Colonel Patrick Franzese, who is with the U.S. Strategic Command, proposed that “[American] users wanting to access the Internet globally could be required to use a biometric scanner before continuing.” Franzese’s justification for establishing a tighter control over the Internet is common in military circles: “Cyberspace provides states and nonstate actors the opportunity to negate the United States’ conventional military advantage, circumvent its natural boundaries, and directly attack critical infrastructure inside the United States.” It certainly helps that reining in cyberspace seems considerably easier than other domains. The notion of an Internet kill-switch is probably just an urban myth, but little about the infrastructure of today’s Internet precludes some kind of a biometric scanner standing between users and the Internet. (Indeed, many laptops today already carry fingerprint-scanning devices.)
It is not just the military folks who are concerned about controlling the Web. Parental associations want to make