CyberCzars, CyberRasputins, and Cyber Anastasias

For the past six days or so I have been reading about the pending appointment by Obama of a forthcoming "CyberCzar". Supposedly, in this one individual, will be an embodiment of some ethereal 'internet security policy', which keeps getting encumbered by, how shall we say, 'a lot of big words' but never ends up in any where near a useable or pragmatic way to even begin to keep the Internet safe for government, business, or private citizens.

The new 'Czar' will hopefully, they think have a role on the National Security Council, to do something which has been carefully reviewed with suggestions in a 60 page review by Melissa Hathaway. Others note that the favored candidate will be the darling of the Recording Industry, ahem, who fears the download on Bearshare of such all time money makers as 'The Great Speckled Bird" or "Cowboy Pride".

Obama entered office and began appointing any number of Czars. He tried to appoint Czars in places where no Czars have ever been allowed to date though there have been many 'secret' Czars and self-appointed Czars. He appointed a whole committee of Faith and Benevolence Czars, Church, Mosque and Synagogue Czars, and all the Czars answered to the Czar Czar...I think that's Rahm. Obama and Rahm are both from Chicago , the city of Czars.

The appointment of an Internet Security 'Cyber Czar' though, is unique for a few very terrible reasons: one is, the Internet is already full of CyberCzars, each fighting for the right to control the Internet and none of whom are really sure who is or should be in charge. I have recently confronted in my own work how confusing authority can be on the net when little Czars, Rasputins and Anastasias begin to control what you can say, do or own on the net. The problem with Internet security, whether it is for the Government or individuals is that it is still undefined and unsolved. Government is worried about intrusions and hacking and modification/information collecting by foreign governments and special interests. We are far beyond the days when Wozniak and Jobs and Gates tried to find security holes in NASA or the FBI (whoever tried that first), and then helped the agencies solve the problem. We are now in an age of technology and expertise which includes such insurmountable problems as the one mentioned recently in a Senate hearing regarding whether foreign manufactured routers could include unknown and virtually undetectable data collectors which could return info to governments such as the Red Chinese.

How Bad Security has gotten and Can Get
When alot of people think of security on the net, they think of 'wurms' and viruses.That same Senate hearing included intense discussion of the recent 'conficker' worm that created havoc , well sort of on the internet and which should have included midday cyber sirens and red alert buttons, but which could be removed by almost any spyware or malware cleaner. The first thing to recognize then is what is really a threat to security and what is merely a pest. First and foremost, education makes a difference and there is no consistent central source of education for basic security training for all. We all learned about adaware, spysweeper, spybot etc on our own, out in the street, and then learned what were real virus protection programs and what were scams. While this is a first line of basic defense, it is hardly the massive security issue that bears a half hour discussion before Congress.

A much greater threat to us all, is strategy and esoteric knowledge. Who knows the Internet rules the World. Overstatement? Not even a little. I met a young fellow a few years back in Reno Nevada, who had savvy and knowledge on the net beyond most I have ever met, in his early 20s. He had studied and 'figured out' Google robot technology, and could SEO almost any site to the top of its class. While there are thousands of folks in Search Engine Optimization who can greatly improve a site's chance, this one fellow, a real Cyber Rasputin, could catapult a site to # 1 fairly consistently. Knowledge. On the net it is a golden grail. It means that what we see in a search, and thereby what influences our research, writing and BELIEFS is now heavily influenced by what appears high in search rankings.

Take a simple example. Let's say a child is looking up the word 'holocaust'. Out of 25,500,000 listings, he or she will probably look no further than 2 or 3 pages, or around 50 to 60 listings out of the 25.5 million. That's .0000002 (rounded) of what is out there, influencing that child's perspective on the shoah. Not much to worry about with Wikipedia and Ushmm figuring prominently, or about.com or History1900s, but what if stormfront.org, or radioIslam.com press in with the best to run their ideologies to the top? Or what if a darkhorse Congressional candidate or presidential candidate, rather than using wisdom and positions, merely hired the best IT guy, and ran a propaganda campaign with a 'cyber edge'?

Coupled with an emerging technology to control information (see Bayesian Networks), the education, beliefs and reasoning of an entire forthcoming generation will cease to be in the hands of traditional 'estates' of the nation but will instead rest in the hands of an oligarchy of savvy tech wizards. While they are benevolent and tolerant, few will care, but when that goes, its anyone's guess.

Another Security Issue though, premiere in this decision which has been addressed before in this column, is the idea of what happens when the Government begins to take control of first Security concerns on the net, and then other issues. The government of nations has already had some hand in Internet control: Red China and North Korea tightly control amount of time on the net, registry of users, allowable content, and commerce, and recently Iran has jumped on board, momentarily losing its mind to sequester the use of Facebook. No more easter eggs for Mahmoud. Google, the still growing Monolith that it is has succumbed for business purposes to their whims, and so has Yahoo! including the turning over of registry information on blogs which contributed to one blogger to be beaten to death. The 'free speech' arena is drying up for us recalcitrant bloggers, us 'cyber Anastasias'-nobody knows who we are, we thought, though they somehow noted our royal stature.

The US is no exception, and while the nations rage, the government entity of ICANN governs the right usage and registration of Domain names, the last vestige of hope for authors and web designers to own their own material on the web. The World though does not want a US entity solely to govern such matters, and really, apart from our glut of pride and 'ethnocentrism' we really do not have a right to control the total governance of DNS usage. What if a dissident falls out of favor with the US government? It's happening now. Even suggesting the above means undue monitoring. If ICANN, even though they are usually very fair and moderate falls under the pressure of a despotic executive branch, what decision will they make towards an individual out of favor and with little power? Design something fascinating on the net today, with high numbers, and it becomes a free-for-all threatening the loss of copyrights, revenue, reputation, and results potentially in even career and life ruin while merchandisers and 'cowboys' attempt to get something for nothing, except for the fact that that 'something' may involve a decade of hard work. People are becoming reluctant to put too much quality material on the net at a time, and I know of at least three formidable sites which were taken over by far less competent people than the owners and authors by the snakiest methods on earth.
Hosting companies may contrary to the law move and hide IPs and switch servers at the last minute and after years, in one fell swoop can make it look like your extensive site was really on another IP and everyone ends up in court. Mirror tricks, that result in deadly consequences. Who do you appeal to? Courts, law enforcement and attorneys often are not nearly sharp enough on IT issues to really argue points of law: I have found in my own work they often do not even know the law in their states.

Also, some hosting companies are disappearing with thier clients' work, and reselling or marketing it in a way the client can do little about: the stats and specs they need for court are in the hands of the ones they are suing, if they can find them. These are all individual site owner security issues, not national issues, seemingly, although they join the ranks of stolen bank accounts, rerouted mortgages, and ID fraud: so easy on the internet. Is the Recording Industry angry about lost revenue from downloads? I am worried about the massive misuse of the net and chat rooms to seduce children or even young adults across state lines by the most sinister of folks, with the problem growing so great, that law enforcement cannot deal with it. How will a cyberCzar address any of those very real Security issues.

Can a CyberCzar stop 'cyber-bullying' which is driving some children to suicide? Will they even look into it? Can they stop corporate takeovers by sinister interests of even large businesses and organizations using the net? How easy is it to overthrow a corporation? Fairly easy, with enough people with know-how. They can switch browsers, steal motherboards, fake and redirect registrations, waylay shopping carts and checkouts, and conduct massive credit card fraud, stealing millions of dollars of merchandise, leaving the seller holding the bag with no recourse. They can commit insurance fraud, waylay income tax returns, and worst of all, looming dark and threatening on the horizon, they are bartering IDs: careful use of the Internet can garner whole fraudulent identities to falsely gain benefits, jobs, housing, and all the other baubbles thieves go after.

In short, despite CyberCzars, Rasputins (some real wizards out there) and the mundane but outspoken, wistless , winsome Anastasias such as myself, the solution to Internet Security lies outside a Federal appointment, and all a Federal appointment of a Czar does is add to the melee and create a frightening incursion into government control of the net. This is the progress of such an appointment: they first 'look into things', then they make recommendations. When the recommendations are not followed, they begin to take action: break up and down monopolies and control such as Google and Microsoft and Sun. Will W3C still set standards if the Government takes hold? Then a government search engine becomes very plausible to ensure 'fairness' as the government finds a couple incidents and tries to convince the public that the search engines are unfair, which they can be. It is a boiling frog mentality, and leads to undue government influence on the net, and later to serious international concerns, for the net is not contained by national boundaries.

A Moderate Solution
I really do believe there needs to be consistent security on the net, although I know where it leads, I am afraid, inevitably. Rather than a CyberCzar, a non-government Resolution and Ombudsman group, containing careful and diverse representation of major Net decision-makers and private companies, along with significant net users such as editors of net newspapers, imminent bloggers, website directors of well known sites, etc, with government representation, able to influence government but not under the auspices of the government seems far safer in addressing National, International and Individual security issues than a new Executive branch appointment. Government does have to come to terms with Cyber Issues, but the US has no inherent rights to the net: it is a conglomeration of private and international interests: any decision the US makes under such a Czar can always be challenged in World Court, due to that international, borderless nature.
If there is to be a Czar, I posit that it should be to advise the Executive branch but have virtually no controlling function over the net or even net security issues. Rather, let the government encourage private endeavors to:

1. Teach local, individual Security Measures Consistently and Centrally
2. Make laws protecting free speech, and ensuring private ownership
3. Alert the general public via a suboffice of Homeland Security as to current viral threats or other issues
4. Work to ensure through traditional constitutional means protection of children on the net through COPPA and other measures.
5. Absolutely without wavering declare primary ownership of sites as the registrant of the DNS, until proven differently in a court of law. Establish a systematic way of processing abuses, like ICANN does.
6. Encourage private measures to provide widespread free and inexpensive security measures such as super secure email accounts for private use of hosting: email is a mainstay of overthrowing accounts and registrations.
7. Train law enforcement on cyber issues: they do not know the law often, they often overstep their bounds, and they take million of hitech manhours as insignificant leaving web workers in despair.
8. Beef up existing well written laws and ENFORCE THEM. I have found the laws are generally not enforced.
9. Do not rush to government control: it will lead to international instability in issues of litigation.
10. If a community or large organization will not comply with internet law (it has happened horribly locally), then use government measures to remove privileges from a community such as federal funding, until they agree to comply. It is the only measure in extreme circumstances which can keep out the worst elements on the net.

Just a last note: in the end, the Czar died, Anastasia couldn't remember who she was, and only Rasputin escaped shootings, poisoning, beatings but in the end died thrown in the river by a few Princes and others. The net has become just a little too dangerous.ekbest