By Jonny Lupsha, Wondrium Staff Writer
The internet has always had an identity authentication problem. Every year, users still fall for attacks from a supposed deposed royalty asking for money to return to the throne. How do you know if someone online is real?
The internet is full of bad actors impersonating others. On social media websites, they may do this to contact loved ones of the person they’re impersonating in order to ask for money or to hack into the loved ones’ computers. Setting up fake accounts disguised as the real thing is, unfortunately, all too common.
Authentication is difficult, especially for those who keep their information private, like celebrities. For many years, Twitter offered a verification method in which a high-profile user could get authenticated with a blue check mark next to their name. A recent program by new Twitter owner Elon Musk, in which anyone can buy a blue check mark for eight dollars per month, has led to a maelstrom of fake accounts pretending to be the real thing, causing chaos and even costing pharmaceutical companies billions.
How could the Internet handle identity attribution? In his video series Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare, Professor Paul Rosenzweig, Professorial Lecturer in Law at The George Washington University Law School, suggests a plan for the attribution dilemma.
Just a Thought
If nothing else, what about a trusted-identity system?
“The basic concept with this […] idea is to accept that we can’t do attribution by working backwards from the intrusion to the hacker,” Professor Rosenzweig said. “We will try to look forward by establishing an identity at the human-computer interface when a person actually puts her fingers on the keyboard. What this means in practice is trying to find a way to make access to the internet available through trusted identities.”
Some people exaggerate this idea as requiring a driver’s license to use the internet, but parts of this analogy are accurate. Basically, servers control identity on the network when someone signs on in a way that securely locks in an identity for later tracking and accountability.
“In the United States, this trusted-identity system would have to be voluntary,” Professor Rosenzweig said. “It is almost impossible to imagine that any system requiring mandatory identification would be politically acceptable.”
Such a system would, in fact, be almost certainly unconstitutional. Anonymous speech or speech published under a pseudonym has been a part of the United States since The Federalist Papers. A mandatory cyber-identity program would make online anonymous speech nearly impossible. However, a voluntary system could still be of some use.
“If you wanted to be careful, you could refuse to do business with anyone who didn’t have a trusted identity,” Professor Rosenzweig said. “That would make it much harder for a thief to pretend that he was your bank’s website. You could even create your own private networks with only trusted users.
“In the end, however, these types of programs would only take you so far: The system wouldn’t be universal, and the network’s very universality is its strength.”
Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare is now available to stream on Wondrium.