In a recent interview prominent antivirus developer Eugene Kaspersky decried the role of anonymity in cybercrime. This is not a new claim – it is touched on in the Commission on Cybersecurity for the 44th Presidency Report and Cybersecurity Act of 2009, among others – but it misses the mark. Any Internet design would allow anonymity. What renders our Internet vulnerable is primarily weakness of software security and authentication, not anonymity.
Consider a hypothetical of three Internet users: Alice, Bob, and Charlie. If Alice wants to communicate anonymously with Charlie, she may relay her messages through Bob. While Charlie knows Bob is an intermediary, Charlie does not know with whom he is ultimately communicating. For even greater anonymity Alice can pass her messages through multiple Bobs, and by applying cryptography she can ensure no individual Bob can piece together that she is communicating with Charlie. This basic approach to anonymity is remarkable in its independence of the Internet’s design: it only requires that some Bob(s) can and do run intermediary software. Even on an Internet where users could verify each other’s identity this means of anonymity would remain viable.
The sad state of software security – the latest DHS weekly bulletin alone identified over 40 “high severity” vulnerabilities – is what enables malicious users to exploit the Internet’s indelible capacity for anonymity. Modifying the prior hypothetical, suppose Alice now wants to spam, phish, denial of service (DoS) attack, or hack Charlie. After compromising Bob’s computer with malicious software (malware), Alice can send emails, host websites, and launch DoS attacks from it; Charlie knows Bob is apparently misbehaving, but has no means of discovering Alice’s role. Nearly all spam, phishing, and DoS attacks are now perpetrated with networks of compromised computers like Bob’s (botnets). At the writing of a July 2009 private sector report, just five botnets sourced nearly 75% of spam. Worse yet, botnets are increasingly self-perpetuating: spam and phishing websites propagate malware that compromises new computers for the botnet.
Shortcomings in authentication, the means of proving one’s identity either when necessary or at all times, are a secondary contributor to the Internet’s ills. Most applications rely on passwords, which are easily guessed or divulged through deception – the very mechanisms of most phishing and account hijacking. There are potential technical solutions that would enable a user to authenticate themselves without the risk of compromising accounts. But any approach will be undermined by weaknesses in underlying software security when a malicious party can trivially compromise a user’s computer.
The policy community is already trending towards acceptance of Internet anonymity and refocusing on software security and authentication; the recent White House Cyberspace Policy Review in particular emphasizes both issues. To the remaining unpersuaded, I can only offer at last a truism: There’s anonymity on the Internet. Get over it.
Anonymity on the net? Never existed. Never build a machine you can’t control- common sense. The net is layered privileged access anonymity at best.
It’s quite possible to achieve some level of technically-assured anonymity on the net. Systems like Tor [torproject.org] have been built which do so quite effectively.
It’s not just that there’s anonymity, there’s also no reliable (fsvo “reliable”) permanent pseudonymity. That’s something that could potentially change without massive changes in architecture.
I am not convinced that any Internet design would allow anonymity. Consider a design that requires, by law, that each node on the Internet keeps a permanent log of the source(s) of each bit that it sends out. Random audits could find nodes that cheat and disconnect them from the Internet.
In the interest of brevity I glossed several details in the article. While it is true traffic correlation (not quite what you describe – encryption renders the bits themselves useless to an adversary) would defeat the redirection-based anonymity I discuss, the likelihood and feasibility of complete monitoring and logging on the Internet scale are low. Moreover, traffic correlation can be directly combated by delaying, reshaping, and spoofing traffic, frequently switching intermediaries, and sharing intermediaries between users.
As to the general notion that some anti-anonymity standard might be legally enforced, bear in mind that anonymous Internet communication is a constitutionally protected right in the United States, ACLU v. Miller, 977 F. Supp. 1228 (N.D. Ga. 1997). With such a sizable pool of potential intermediaries and anonymous users, any standard of the sort would have minimal effectiveness (setting aside its theoretical shortcomings).