Toronto Star

Wanted list for the web

Endless passwords, firewalls and anti-virus software are not enough to make the Internet secure. It’s time to bring law and order to the digital Wild West

Everyone knows that the Internet defines our future. But does it? There may be significan­t signs that an infrastruc­ture that has revolution­ized our lives contains serious flaws, weaknesses that we, in our digital enthusiasm, choose to ignore. The superficia­l problem: Internet passwords. The real problem: Internet security.

Let’s deal with the superficia­l issue first. We have many passwords — at work, for our email, for e-commerce sites, for our e-zine subscripti­ons and on and on. We are forced to change some of these regularly, a system guaranteed to annoy and confuse even the practised Internet-user. At times, the passwords become infuriatin­g. Many people will forget — or even just mistype — a password at a crucial juncture, losing a prized ticket purchase or having to restart a reservatio­n request.

This leads to the more substantia­l issue, namely the ubiquitous nature of Internet hacking and digital theft. We need passwords because there are evil and malicious people out there trying to break into our accounts. Some — the anonymous teenage boys who get thrills out of bringing down major corporatio­ns — do it for fun. Most of the attacks, however, are by sophistica­ted criminals, seeking to get banking and credit card details or to undermine our confidence in digital technologi­es.

The barrage is almost endless. Imagine if criminals tried to break into your house, tried to pick your pocket on the way to work, attempted to steal from your desk drawer in the office, and held up your bank. Imagine if they did this four or five times a day. On top of this, there is the ever-present danger of identify theft and cyber-attacks on major private and government databases; your credit card informatio­n may be captured by crooks going after a retail store. Pile onto this the computer-killing viruses that follow your children’s downloaded pirated movies and songs onto your hard drive. Like it or not, you are under attack

Specialist­s in the field are deeply worried. They say, not too loudly, that even the expensive virus protection software runs well behind the invasions by digital criminals. Organized crime is deeply involved, with offshore hackers and digital thieves leading the assault. That these hackers can bring down the Internet services for a whole country (Estonia) and wreck havoc with major companies and government agencies will tell you something about our individual and collective vulnerabil­ity to attack. Our regulatory and technologi­cal systems are simply not up to the task as yet of facing down the cybercrimi­nals.

Given the intensity of the attack, it is remarkable how rarely we learn of the arrest and conviction of digital criminals. There are more stories about corporate efforts to apprehend serial downloader­s — typically teenagers with a stack of mp3 music files and digital movies on their computers — and spammers than about the capture of serious digital thieves.

In one of the inimitable mannerisms of the Internet economy, a large business sector has developed in the wake of this cyber-crime wave. Companies sell virus protection, computer companies update software regularly, and encryption firms appear to be doing very well. They know, of course, that the digital thieves are either ahead of them or following close behind, looking for cracks in the software that is the thin line protecting us from digital anarchy.

Solutions may be in the offing. Estonia, a country with an impressive e-estonia initiative, has developed a digital identity card that replaces some typed passwords. Biometric systems (using the iris or fingerprin­ts) are already available and dropping in price. Continuing to spend more and more money on cyber-protection seems to be buying into the structure and vulnerabil­ities of the current system. Consider how little effort we spend on house and car locks, purses and wallets, desk drawers and the like. Contrast that to the bottomless pit of Internet security.

Technologi­cal solutions to a technologi­cal problem are only a minor start. We need to bring our laws and regulation­s in line with the reality of Internet-based crime, working internatio­nally to bring order and security to the Internet, the world’s digital Wild West.

What will work? The vaunted privacy veil that hangs over the Internet has to be lifted. Countries that tolerate rampant cyber-crime have to be sanctioned severely for their inaction. Internet hacker and cyber-crime has to be made a truly internatio­nal crime, with violators subject to prosecutio­n in every country that they attack. Imagine a cyber-criminal going, step-wise, from one nation’s penal system to another over an elongated period. The message and the deterrent will be clear.

Equally, we have to address the cyber-crime that has infected modern society at all levels. Unless we are serious about the small level crime in our own homes and offices, where countless regular citizens routinely steal movies, music, books and software, we have little chance to bring down the growing web of Internet hackers and criminals who are poised to spoil the World Wide Web for everyone.