Full surveillance internet society?

Filed Under: Data loss, Law & order, Privacy

Queensland, Australia, is reeling from the news of two child murders in the past two weeks.

12-year-old Elliott Fletcher was stabbed to death last week at school; 8-year-old Trinity Bates was killed and dumped in a storm drain just 100 metres from her home.

In both cases, a suspect has already been arrested and charged with murder by the police.

Sadly, tribute sites set up for the murdered youngsters have been bombarded with offensive material. Those responsible for this heartlessness are much less likely to be brought to book.

Cybercriminals are increasingly likely to get caught and prosecuted, as Sophos documents in its latest Threat Report, but the number of prosecutions is minuscule against the size and scale of on-line crime.

This abuse of tribute sites has provoked considerable outrage in Australia, with Facebook in the firing line for allowing the abuse to take place at all. But Facebook – understandably for a company in America, where free speech is formally covered in the Constitution – wants to avoid being the judge, jury and executioner for all content posted on its pages.

A writer I spoke to yesterday about this issue asked if it would be appropriate to make the internet more like the telephone network, where every call is logged, and where lawful interception of the content of any call is technically possible. Should we go so far as to monitor and record all internet traffic so that renegade posters and internet trolls might more easily, or pehaps invariably, be caught?

Simply put, is it worth becoming a "full surveillance" internet society, with on-line anonymity prohibited and prevented altogether? Is this a reasonable price for limiting abusive or inappropriate behaviour such as the desecrating of tribute sites – even those which are deliberately left open for anyone to post whatever they want?

Fortunately, this question is as easy to answer as it is hard for the cops to police the modern internet.

No.

A "full surveillance" internet is in no Australian's interest. The internet is not our telephone network, and the internet is not our road network. Analogies for similarly regulating the internet do not apply.

There is just too much traffic, covering too many sorts of correspondence – banking, business and personal; formal, informal and mere chat – for it to be appropriate for all of it to be recorded "just in case".

To provide full surveillance would require all parts of every internet transaction to be stored somewhere, by someone. The content of secure banking transactions, for instance, couldn't be stored by your ISP, so the bank would need to store those parts for later, just in case. (Current regulations deliberately prevent the bank storing all of the information you submit to them, such as your credit card CVV number.)

So, a full surveillance internet would almost certainly erode safety and security, rather than reinforce it. Cybercriminals would no longer need to hack into my PC to record my internet sessions, and into your PC to record yours.

They could simply target the very many places, operated by many different providers, all around the internet, where vast quantities of "full surveillance" data would lie around merely to satisfy legal strictures. From this data, our entire internet life histories might be reconstructed.

Even ignoring the outrageous privacy implications, a full surveillance internet would be deeply flawed, since it would remove all sense of, and requirement for, personal involvement in on-line security. After all, if the government has regulated to solve the problem of on-line porn in unexpected places, why would anyone feel the need to teach their children about the issues?

If you don't like Facebook's attitude to content management for web content they host for you (for free, if you don't mind), why use Facebook? If you want a web site where you control the content and the terms and conditions exactly the way you want, why not set up your own web server?

Does that sound too hard? Too expensive? Not enough popularity amongst your friends?

Tough call, but that's part of the price of freedom.

, , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog