At 03:18 21.05.2000 +0200, Jacob Palme wrote:
>Should IETF do anything to fight the increasing incidences
>of net criminality?
Yes - make sure we have tools to establish trust.
Make it less necessary to "trust everyone to be nice".
> Can we do anything? Can the protocols,
>which IETF manages, be modified so as to make it easier
>to fight virus distribution, mail bombing, ping attacks
>and the other ways in which people are harassing the
>Internet?
>
>Or would such changes to the Internet protocols mean
>more invasion of privacy, in a way which is even less
>acceptable than letting the criminals continue? It seems
>that there is a strong group in IETF which likes the
>freedom of the net and believes that changes to stop
>criminal usage would also remove this freedom? Is this
>true, or can we fight net criminaltiy without risking
>the freedom of the net?
>
>Crime prevention outside the net Crime prevention in the net
>-------------------------------- ---------------------------
>
>Surveillance, video cameras, Is it possible to allow surveillance on
>wiretapping, bugging the net in such ways, that it will
>not be
> misused? IETF did apparently not think
> so, when this was discussed at the IETF
> meeting in December 1999, where a very
> large majority voted against any
> kind of
> help from IETF in this area.
Highly contentious also outside the Net.
>Making crime difficult by locks We have rather little locks, and what we
>walls and crime-safe houses. have is not used very much. Why?
Crypto.
>video cameras, black boxes and other Is this also not acceptable? Could
>we log
>tools to investigate "after the fact" what happens on the net in ways which
>what happended. makes it possible to track the
>criminals,
> without risking misuse which threatens
> the freedom of the net?
Signatures.
More work needed, especially thinking about deploying the more esoteric
variants
of signatures, such as "you can only find out who I am if I try to cheat you",
or "I have left proof of my identity in this box, which you cannot open without
accusing me in public of trying to cheat you".
One reason the digital paper trail is so awfully wide is simply because it's
so simple to "just" record the plaintext identities.
------------- below this line, I think it's not IETF business ----------------
>Laws, detectives, prosecution, Are also applied to net criminals, if
>penalties they are caught.
Not the IETF's business.
>Controlling access to dangerous This method is probably not useful
>tools and weapons, like explosives, against computer terrorism. Computers,
>etc. like hammers, are the same whether
> used for good or bad acts.
Agree. Not something we want to do anything about.
>Police on the streets. Do we have police on the nets? Do we
> accept them? Help them?
We have them. Not an IETF problem.
>International police cooperation. This is essential, computer criminals
> often run their crimes over national
> borders to make them more difficult to
> find and prosecute.
They're making cooperation, whether we want it or not.
Not an IETF problem.
>Harmonized laws across countries. Can te laws, as they apply to computers,
> be internationally harmonized in ways
> which makes it less easy for
> criminals to
> find safe harbours in countries
> which do
> not have the necessary laws?
They are being harmonized, whether for good or bad remains to be seen.
Not an IETF problem.
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
