One of the interesting things about taking a class in network security is that I am not sure if I should be terrified from all the threats or intrigued by all of the opportunities. As a field trip the class attended a seminar yesterday hosted by the Pittsburgh Technology Council featuring speakers from the National Cyber-Forensics Training Alliance which is an organization which aids law enforcement track online crime. One of the most interesting parts of the discussion was that the internet is so unregulated that global criminal networks can brazenly set up extranets on top of it with little worry about interference. They even advertise services such as money laundering across these networks.
A topic which came up is the push by many corporations to push authentication of users to the core of the computers so they can identify the individual machine that was used by identification codes built into both the operating system’s kernel at the hardware level as well as on chips at the hardware level. This set off alarm bells in the civil libertarian part of my brain but it also has questioning my knee jerk civil libertarian views. I know all of the arguments for the actual need for people to maintain anonymity for privacy and political reasons but I also know the threat of our current weak abilities to authenticate people. I know I have had credit cards which have had to be reissued after their numbers have turned up on these criminal sites and, even though they were never used, I know the sense of violation that comes with that. I understand banks and other businesses wanting to safeguard themselves by trying to eliminate the possible fraud which can be committed with the current state of internet identification. I just wonder if there is a way that us users will be able to only reveal these built in identifiers to who we want rather than have them open to the whole online public.