In an effort to deal with the security woes of .com websites, the U.S. Government has a solution: build a new “internet” around .secure instead. The problem? Apparently, people have too much freedom on the .com’s, allowing cyber-dirtbags to skulk around anonymously. This would aim to cure all that by requiring “visitors to use certified credentials for entry and would do away with users’ Fourth Amendment rights to privacy.” Several current federal officials, including U.S. Cyber Command chief Gen. Keith Alexander, have floated the concept. They say the .secure domain would be walled off from the .com domain, and would house things like financial institution traffic.
The .com argument draws parallels to the Wild West days of yore in the U.S., where everyone was pretty well free to get away with whatever they could manage. While that mode was in place during the free-for-all land grab days, eventually it was decided that society would run smoother with things like reliable infrastructures, centralized government, etc. Linking them together was made smoother using unique ID’s to identify people attempting to use the systems, though at a cost of privacy, some argue.
The initiative would require giving up anonymity for some “guarantee” of increased security. Benjamin Franklin once quipped, “Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.” In this case, however, folks willing to continue working in the .com space would be free to do so. The hope is that a critical mass of vendors would migrate to the .secure domain, and their customers would follow. This would require both to have a large amount of faith and motivation, or compulsion. Also, they would have a significantly more rigorous process of gaining credentials to do so (.secure ID black market anyone?). These barriers of entry seem high, compared with today’s system of relative freedom, but the initiative argues users and vendors would come flocking as it was implemented. After all, we’re all tired of security breaches, right?
Then there is the technology. Deep packet inspection, complex encryption, secure networks and hosts are all terms that begin with $. Put together a whole separate network with them, and the $ would be followed by many zeroes. Securing a network is no trivial thing, and it must strike a balance between security, usability and cost. If you have cheap deep packet inspection hardware, expect users to complain of network latency, or worse, just go back and get the job done on .com. Also, you need a slew of network guardians to keep it all humming. Anyone know how many people voluntarily switched to IPv6 in the last few years because they know it’s more secure?
My relatives still have most of the secure information needed to run their online lives piled in scrap paper within a 2 foot radius of their primary computer, and I can’t quite get them to understand where a file goes after it’s downloaded. I can’t imagine how long the phone call would last where I explain why they need to switch networks, but only sometimes. This would require pages of scribbling, probably then taped to the cabinet above their monitor in plain sight for easy access, and they still wouldn’t use it.
Author Cameron Camp, ESET