The Accountable Web
It is frequently asserted that little thought was given to security in the design of the Internet. In the case of the Web at least the assertion is false. Security was a major issue as early as 1993, long before the dotCom era.
Or was it?
A lot of time was spent on implementing cryptography. The view of the time was that cryptography is a sufficiently powerful tool that we can solve any problem provided that we use enough of it. This view turned out to be naive and wrong.
The Accountable Web is an attempt to fix that problem.
Bank vaults are a good way to protect cash but only a small proportion of the bank notes printed are sitting in a bank vault at any given time, the point of cash is that it is a medium of exchange. If cash sits idle in a bank vault for any length of time it might as well be replaced by an entry in a ledger.
For cash to do its job it must spend most of its time outside the protection of the vault. Even so the system works for two reasons. The first is risk based security. Banks need strong vaults because they hold large concentrations of money. Shops avoid being targets for theives by holding as little cash on hand as they can to do their business. Most people do the same thing, a mugger knows that their victim's watch or iPod is likely to be worth rather more to them than the contents of their wallet. Security measures are chosen for their cost effectiveness. If the cost of a security measure is less than the expected return of risk reduction it is unlikely to be widely implemented.
The second reason the system works is Accountability. The theif can easily get away with one picked pocket, or two, or even ten. But the professional theif who picks pockets for a living is certain to be caught sooner or later, it is only a matter of time. The purpose of having police is to deter crime.
In December 2003 I attended the Aspen Institute round table on three problems of Internet governance: spam, privacy and network security. Had the event occured a year later it is likely that Internet Crime in the form of phishing would be added to the list. In each case we identified a failure of accountability as a key reason for the problem we were discussing.
The idea of accountability is somewhat foreign to the Internet and there are many who want the Internet to remain a global consequence free environment. It is now clear that the Internet has consequences beyond the Internet and that demanding absolute anonymity for Internet use is neither sustainable nor desirable.
If someone wants to send anonymous email let them. But that anonymous email sender has no right to force me to accept their messages and the anonynmous email sender has no right to stop me rejecting any message that is not securely authenticated and comes from a party I can hold accountable if it turns out to be spam.
