Sign up to our newsletter
The latest security news direct to your inbox
Fighting modern day piracy is something of a paradox; in an open system that allows freedom (good), scoundrels are also free to skulk around doing nasty things (bad). Various efforts have been made to pounce on evildoers, but it’s a game of whack-a-mole. When one has been thwarted, others pop up as variations on the same theme. In a recent report, the Brookings Institute floats the idea that modern piracy is a variation on the high seas hijinks of yesteryear, sans pirate patch and questionable grooming, and should be combated in similar ways.
The difference, the report opines, is that combating pirates with ships and cannons required a central effort by governments, versus modern day efforts which will require efforts by private entities, specifically ISP’s. In the days of yore, specific chokepoints along navigable routes were identified and controlled by those who owned the waterway, usually a nation. In modern times, there are major network trunks here and there that serve as navigable routes to online seas over the visible horizon.
Shouldn’t this be left to governments? In Egypt’s recent struggle to rid Mubarak after an extended stay in power, one critical tactic used by his administration was to “flip the killswitch” on the internet, in an effort to stifle opposition and stall communication attempts. For many, ceding this level of control to officials would present a far-too-tempting lever for them, possibly utilized for nefarious purposes. Additionally, once a government gains this sort of control, they have a history of hanging on to it long after it seems beneficial to the populace.
It seems there are around 5,000 major ISP’s and carriers involved in the equation. In an internet measured in many billions of connecting points, that’s certainly a small number of potential chokepoints. So what are they supposed to do? Take an aggressive stance and clamp down on abettors of underground nonsense. This seems far simpler to opine than may be practical to implement.
For one thing, ISP’s stay in business by offering services customers want and feel have better value than the competition. If one ISP adopts a very restrictive crackdown and the competition doesn’t, customers may choose the more open option, unless they can be educated and value the new approach, a non-trivial feat. I have family members who use the same pet name for every password, I can imagine the difficulty of getting their adoption on this. So if there isn’t something of a “mutual drawdown” by all ISP’s, the more aggressive ones may find it difficult to woo customers, resulting potentially in disappointing earnings, a kiss of death in a competitive market. Also, every new control costs money in hardware and associated expert staff. This means the product may cost more to the customer, again tilting the scales toward the less restrictive vendor.
The wildcard in the equation is whether a critical mass of customers would be willing pay more for what they understand to have that kind of benefit. Either that, or pray the government will pass a law to MAKE various ISP’s take steps, all at the same time. The business community tends to resent this sort of additional meddling by often under-informed bureaucracies, due to the addition burden of forced compliance efforts, again affecting profits. So it’s a tricky proposition, but one that may have the attention of ISP’s and governments alike, and certainly the owners of the information being pirated.
Author Cameron Camp, ESET