Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ex-NSA Chief Supports Separate Secure Internet

timothy posted more than 3 years ago | from the barbed-wire-garden dept.

The Internet 214

Hugh Pickens writes "Nextgove reports that Michael Hayden, former director of both the NSA and the CIA, says the United States may seriously want to consider creating a new Internet infrastructure to reduce the threat of cyberattacks and several current federal officials, including U.S. Cyber Command chief Gen. Keith Alexander, also have floated the concept of a '.secure' network for critical services such as financial institutions, sensitive infrastructure, government contractors, and the government itself that would be walled off from the public web. Unlike .com, .xxx and other new domains now proliferating the Internet, .secure would require visitors to use certified credentials for entry and would do away with users' Fourth Amendment rights to privacy. 'I think what Keith is trying to suggest is that we need a more hardened enterprise structure for some activities and we need to go build it,' says Hayden. 'All those people who want to violate their privacy on Facebook — let them continue to play.' Clay Dillow writes that on the existing internet everyone does everything online anonymously, and while that's great for liberties, it's also dangerous when cyber criminals/foreign hackers are roaming the cyber countryside. Under the proposed .secure internet 'you may not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint — and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well,' writes Dillow. 'Those who want to remain anonymous on the Web can still frolic about in the world of dot-com, but in the dot-secure realm you would have to prove you are you.'"

Sorry! There are no comments related to the filter you selected.

No Privacy == No Security (0)

billstewart (78916) | more than 3 years ago | (#36705260)

Hasn't this guy learned anything from his time at the NSA?

Re:No Privacy == No Security (4, Insightful)

Jeremiah Cornelius (137) | more than 3 years ago | (#36705274)

He learned everything from his time there.

Your security is not the issue.

Ssssshhhh stop making sense, please ! (0)

Anonymous Coward | more than 3 years ago | (#36705492)

It's great for the networking & security consulting business, you know. I happen to know a I've done it best part of my life now :]

Who cares if it cost arm and leg, doesn't ever make what was meant as the target is moving all the time, but we can make A LOT OF MONEY BETWEEN !

The hardest part is always selling the idea to management, but apparently this time it's more pull than push, so we should be glad about it and get shoveling money right away, yay!

Re:No Privacy == No Security (0)

Anonymous Coward | more than 3 years ago | (#36705302)

Hasn't this guy learned anything from his time at the NSA?

You're joking, right?

Walking onto the grounds of a military base and being forced to identify yourself doesn't have a net effect of making you less safe.

Re:No Privacy == No Security (0)

Anonymous Coward | more than 3 years ago | (#36705354)

Right, but it makes the military base and everything contained within less safe because you were allowed to walk onto it. Even identifying yourself once entering the base isn't okay, you should be physically prevented from knowing how to access the base.

Re:No Privacy == No Security (1)

flaming error (1041742) | more than 3 years ago | (#36705550)

This proposal is not for a military base, it's for what would become a marketplace.

Re:No Privacy == No Security (1)

billstewart (78916) | more than 3 years ago | (#36705316)

Also, Sen. Sheldon Whitehouse, D-R.I who liked the idea of having the government create a .secure domain seems to forget that the government's not exactly in charge of those decisions - they'll have to pony up $185K to ICANN and see if it gets approved.

Re:No Privacy == No Security (3, Informative)

isopropanol (1936936) | more than 3 years ago | (#36705458)

It doesn't take a separate TLD to require signed TLS client certificates, and that is not the same as having separate wires.

Canada has separate wires for military, RCMP, and federal cabinet. Probably requires TLS client certs too, but I don't know for sure about that one.

Many banks run some variant of the "electronic body cavity search" before your computer can connect. It really only works if everyone who needs to connect has exactly the same hardware and software... not a problem for mortgage brokers who are issued a standard kit, but big problem for people from multiple different beaurocracies at different levels of government.

Re:No Privacy == No Security (1)

Samantha Wright (1324923) | more than 3 years ago | (#36705776)

Your first paragraph needs to be beaten into the head of the article authors, and perhaps Mr. Hayden himself. What kind of confusion of ideas could proliferate so far that we now consider a TLD to be a "network"? And how would you even audit every site in an entire TLD for security? (Wait, that one's easy. By paying the registrar out the wazoo for it.)

Re:No Privacy == No Security (1)

Drantin (569921) | more than 3 years ago | (#36705804)

The U.S. has separate wires too, known as the SIPRNet [fas.org] .

[...]Its complete architecture will be achieved by constructing a new worldwide backbone router system.[...]

Re:No Privacy == No Security (4, Insightful)

zero.kalvin (1231372) | more than 3 years ago | (#36705352)

Well goodie then, bit by bit they will demand more and more services to be moved to new "secure", until all is left on the old internet is unlawful sites. And by then it will be easy to argue for the prohibition of it and if that anyone is using it, then this person is a criminal. So thanks, but no thanks.

Re:No Privacy == No Security (4, Insightful)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36705414)

Yup. This is just Clipper chip / Trusted Computing / HDMI / 'show us your papers' all over again, in new clothing.

Re:No Privacy == No Security (1, Insightful)

LordLimecat (1103839) | more than 3 years ago | (#36705580)

You DO realize that in order to enter the Supreme Court building, or the White House, or the Capitol, you are required to "show us your papers", right? In fact, many high-security buildings in the district require it. And yet it has not become a mandatory norm across all parts of our society-- this seems to be a classic "slippery slope" fallacy.

Re:No Privacy == No Security (1)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36705612)

You DO remember going to the gate at the airport to see someone off, don't you? Seems rather slippery to me.

Re:No Privacy == No Security (1)

Runaway1956 (1322357) | more than 3 years ago | (#36705712)

Nahhhh - I always just dumped my girl friends at the front entrance to the air port. What's the point in going to the boarding gate, watching her sniffle and cry, just so I have to be sad as I walk back to the parking lot? Nope, not for me. Last minute arrival at the front gate, "You're gonna be late, Girl, git your shit and git!" No sniffling, no wet shoulder, nada.

Re:No Privacy == No Security (1)

Stupendoussteve (891822) | more than 3 years ago | (#36705952)

You can still do this, you just have to get a pass from the airline and go through security. You can also meet someone arriving.

Re:No Privacy == No Security (2)

0123456 (636235) | more than 3 years ago | (#36705710)

You DO realize that in order to enter the Supreme Court building, or the White House, or the Capitol, you are required to "show us your papers", right?

You DO realize that during the Cold War one of the propaganda points made by the US government was that US citizens could go just about anywhere in their country without some police state thug demanding 'your papers please?' right?

And how exactly is 'showing your papers' supposed to make those buildings secure?

Re:No Privacy == No Security (1)

TheGratefulNet (143330) | more than 3 years ago | (#36705508)

we have to decide: is the risk to the current 'free' internet evaporating worth the benefits (few, but non-zero that they are) of a .secure concept?

is there any guarantees that the 2 internets will continue to be allowed to co-exist? will all people be able to choose (even at a per-app basis) which 'side' to connect to?

isn't the very idea of a 'multihomed host' (so to speak) who can connect to both, in *itself* a security risk? therefore, if you connect to .secure, you won't be allowed to connect anywhere else (is a logical conclusion of this, as I see it).

I say no. the risks are not worth the benefits this idea brings. throw the idea out. thanks for thinking, but this idea has a net negative to us.

do.not.want.

Re:No Privacy == No Security (2)

Runaway1956 (1322357) | more than 3 years ago | (#36705734)

The two internets should never meet. If your machine is set up to use the WWW.net, .com, .org, or whatever - then it should be incapable of connecting to .secure. And, vicey versey.

Have we forgotten that there should be an air gap between infrastructure and the web?

Oh wait, I forgot about all that nonsense about cyberwarfare against our electrical grid, and other infrastructure. Seems we never learned that lesson, so how could we have forgotten it?

Re:No Privacy == No Security (0)

Anonymous Coward | more than 3 years ago | (#36705364)

Well my bank has all the details of my finanvial dealings. Since nothing is private - they know everything - ny bank is not secure?

Stuff's more complicated that that!

Re:No Privacy == No Security (1)

mmcuh (1088773) | more than 3 years ago | (#36705452)

It means that you are definitely not secure from your bank, should they decide to try and screw you.

Re:No Privacy == No Security (2)

Dunbal (464142) | more than 3 years ago | (#36705474)

Prove you are you: Absolutely identifying a computer or other mobile device in no way proves who was using the device. That is, until we're all chipped and hard-wired into the internet. I think even the supreme court ruled recently that IP != a person. Neither is a login/password combo and for the same reasons. This is just another frivolous demand for cash from an already bankrupt government.

Mod parent up. (1)

khasim (1285) | more than 3 years ago | (#36705858)

With all the available options, why is there even a discussion of "critical" systems being on the publicly available Internet?

They want a service that THEY do not have to pay for (or pay only a fraction of its cost). That way, their projects can get the "security" check box checked without paying the real cost.

Re:No Privacy == No Security (1)

LordLimecat (1103839) | more than 3 years ago | (#36705560)

Actually, no, privacy and security are opposites. If you want total security, you need to live in a police state, and if you want total privacy you have to accept that someone can trivially take your life at any time (by, for example, walking into your house with a gun and shooting you).

Look at the UK; in an effort to combat crime they have cameras up everywhere in London. Im sure the cameras are effective in their task, but they also take away some privacy. The question then becomes, is it worth the cost?

I would be interested to know by what logic you think that more privacy gives more security.

Re:No Privacy == No Security (1)

cheekyjohnson (1873388) | more than 3 years ago | (#36705856)

If you want total security, you need to live in a police state

And even then the so-called "security" might not even work.

Re:No Privacy == No Security (5, Interesting)

Jahava (946858) | more than 3 years ago | (#36705694)

Hasn't this guy learned anything from his time at the NSA?

There's a difference between privacy through anonymity and privacy in general. Presumably such a network would use well-designed cryptographic algorithms and protocols to exchange information. It could leverage existing technologies, such as SSL/TLS [wikipedia.org] or IPSec [wikipedia.org] . The data, in transit, would still be secure. The difference is twofold:

  • The ".secure" infrastructure would know who sent any given encrypted packet, and
  • The intended recipient (and only the intended recipient) of the encrypted packet would know who sent the decrypted information.

Honestly, this approach makes a lot of sense to me. Maintain the current anonymous Internet in its full glory. You would continue to use it for most things! However, if you want to bank, purchase, or administer, both you (the client) and the server site (Amazon, Bank of America, etc.) have the option to push that transaction onto an encrypted and attributable infrastructure.

Now, the same suite of Internet problems will still exist on the secure domain, but that extra de-anonymizing information goes a long way towards addressing them. If you are attacked by a bot on the secure network, you know who is infected. You can send them a notification and rapidly suspend or deny their secure network access. If someone is probing your site for vulnerabilities, you also know who it is, which may harm the white-hats (not that solutions couldn't be worked out), but will certainly hinder the black-hats. These are all good capabilities that I want my banking sites to have!

So do I want a completely-deanonymized Internet? Hell no. It'd be inefficient (traffic-wise) and it would cost me several critical rights. However, I would love to elevate all critical and financial assets to an elevated attributable domain. There is no good reason they should inherently have to accept anonymous traffic, nor should each of them be independently responsible for (in their own manner) establishing client identities.

TSA Agents (0)

Anonymous Coward | more than 3 years ago | (#36705266)

Maybe we could get the TSA to screen users before boarding, I mean logging on to the secure internet.

Based on the experience... (1)

Anonymous Coward | more than 3 years ago | (#36705282)

... I'd guess that users and admins will act like users on a "safe" internal network act. They'll assume that they can go back to using four-letter passwords, not have firewalls, etc. It'll make the attacks less frequent, but when they do work they'll be eminently successful.

A screw or seven loose. (0)

Anonymous Coward | more than 3 years ago | (#36705296)

Under the proposed .secure internet 'you may not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint — and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well,' writes Dillow.

Hi, Dillow. Please get over yourself and get the stick out of your ass. If you think that losing anonymity in a place where you go voluntarily and the people who do business choose to not be anonymous is the same as Nazi Germany's (or Soviet Union) clamping down on your ability to travel, then you have a screw loose.

Revelation: 13-17 (-1, Troll)

Jeremiah Cornelius (137) | more than 3 years ago | (#36705310)

King James Bible
And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.

American King James Version
And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.

New International Version (©1984)
so that no one could buy or sell unless he had the mark, which is the name of the beast or the number of his name.

New Living Translation (©2007)
And no one could buy or sell anything without that mark, which was either the name of the beast or the number representing his name.

English Standard Version (©2001)
so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name.

New American Standard Bible (©1995)
and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the beast or the number of his name.

International Standard Version (©2008)
so that no one may buy or sell unless he has the mark, which is the beast's name or the number of its name.

GOD'S WORD® Translation (©1995)
It does this so that no one may buy or sell unless he has the brand, which is the beast's name or the number of its name.

American Standard Version
and that no man should be able to buy or to sell, save he that hath the mark, even the name of the beast or the number of his name.

Bible in Basic English
So that no man might be able to do trade but he who has the mark, even the name of the beast or the number of his name.

Douay-Rheims Bible
And that no man might buy or sell, but he that hath the character, or the name of the beast, or the number of his name.

Darby Bible Translation
and that no one should be able to buy or sell save he that had the mark, the name of the beast, or the number of its name.

English Revised Version
and that no man should be able to buy or to sell, save he that hath the mark, even the name of the beast or the number of his name.

Webster's Bible Translation
And that no man might buy or sell, save him that had the mark, or the name of the beast, or the number of his name.

Weymouth New Testament
in order that no one should be allowed to buy or sell unless he had the mark--either the name of the Wild Beast or the number which his name represents.

World English Bible
and that no one would be able to buy or to sell, unless he has that mark, the name of the beast or the number of his name.

Young's Literal Translation
and that no one may be able to buy, or to sell, except he who is having the mark, or the name of the beast, or the number of his name.

Re:Revelation: 13-17 (0)

Anonymous Coward | more than 3 years ago | (#36705372)

Fucktard. Forgot to check 'Post Anonymously', huh?

Re:Revelation: 13-17 (0)

Anonymous Coward | more than 3 years ago | (#36705418)

well-done!

btw, I have seen the proposal that `vi vi vi' is the equivalent of hebrew `s' letter, which is seen in the "vulcan hand salute" which has the shape of `w' ~= `www'.

pls excuse my lack of knowledge of the hebrew letter's name. it's not my native tongue but the WikPed has an entry for it under `hebrew alphabet'

Finally, let's be plain and clear about what we're discussing COMMERCE!!!

Re:Revelation: 13-17 (3)

Jeremiah Cornelius (137) | more than 3 years ago | (#36705806)

Shin. It is "sh", more than "s".

The letter is symbolic of "shekinah", which is often translated as "Holy Spirit".

Of course, there are those that will sell you Will and Desire - naming it the "spirit's higher calling". Trust me - if something really pertains to the spirit, it is usually a rebuff to one's wishes.

Re:Revelation: 13-17 (1)

Artifakt (700173) | more than 3 years ago | (#36706188)

There is a time when what you have said of Will is true, and, specifically for you, an interval soon to come when it ceases being true. (and maybe a time when it is true again, if the Joy of Matter lies at the end of the aeons). This is not the place to speak of such things, nor are we in Daath where such things are neither spoken of or ignored. The request to address you despite this comes neither from my Will or my Desire (for certain values of my acceptable to majority consensus in western civilization).

Re:Revelation: 13-17 (3, Insightful)

xkuehn (2202854) | more than 3 years ago | (#36705506)

Please, please can we not mention religion on Slashdot?

It's always the same. Religious people flaming atheists, atheists flaming religious people and agnostics flaming both sides. The universal argument? "I'm right because it's obvious and you're stupid for not agreeing".

Re:Revelation: 13-17 (4, Funny)

Needlzor (1197267) | more than 3 years ago | (#36705546)

I agree, it really is annoying to people like me who actually are right.

Re:Revelation: 13-17 (1)

LordLimecat (1103839) | more than 3 years ago | (#36705604)

Its the same in politics; the hope is that by discussion, at least perhaps we will all learn something, be it where we are wrong, or where our arguments are weak.

Misquoted (1)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36705318)

'All those people who want to violate their privacy on Facebook — let them continue to play.'

All those people who want to violate their privacy on Facebook — let them continue to play — we'll violate their privacy everywhere else.

Bridge (1, Insightful)

Anonymous Coward | more than 3 years ago | (#36705334)

Not sure how this will work if he means that it should be a broad public network. All it takes is one user to "bridge" the networks (log in on the secure network while being connected to the Internet, say via public wireless) and you're not much better off than today.

Sounds very soft-shell, a.k.a as "billions in the sea with nothing to show but some theater".

financial institutions, so ATM move back to dial u (1)

Joe_Dragon (2206452) | more than 3 years ago | (#36705374)

financial institutions, so will ATM's move back to dial up? What about on line banking? Will that need a VPN? a remote desktop setup?

Re:Bridge (1)

TheGratefulNet (143330) | more than 3 years ago | (#36705768)

yes, I referred to the bridge (I called it 'multi-homed' like IP and other networking protocols) and also that its a security risk.

if your company gives you a company-paid dsl line and it terminates directly in their site (several bay-area places I worked at did this, 10 yrs ago) - and then you ALSO have your own private dsl ethernet at home; no one would really allow that, in any official way (the company, that is). ie, once you are on the secure side, you cannot be on the other side as well! its one or the other, and certainly not on a per-packet basis.

I am me (0)

Anonymous Coward | more than 3 years ago | (#36705340)

But also the guy who robbed me. And a couple of gals who forged my "papers". And my brother, I guess. Let's not forget the wife. Most importantly, any TLA. But that's all.

This is not such a bad idea (1)

elucido (870205) | more than 3 years ago | (#36705342)

I think they also need a .kids so that there is a separate internet for kids. This way they don't have to use children as the excuse to censor the entire internet. Anyone who wants to access .kids should either be under 18 or be a licensed adult. Sex offenders of course would not receive a license.

Iran much lately? (0)

SuperCharlie (1068072) | more than 3 years ago | (#36705348)

This smells particularly familiar..

Fourth Amendment Rights (0)

Anonymous Coward | more than 3 years ago | (#36705362)

How does this do away with anyone's rights? The fourth amendment isn't a right to go anywhere you please without being asked questions. I'm regularly ID'd when I walk into bars; I have to schedule a tour of the White House; The bank doesn't like it when I bring my gun inside. Private companies have the right to a reasonable inquiry as to the credentials of their customers. As for government websites, while they're subject to stricter standards because of the fourth amendment, just like I can't walk into a police department or courtroom at my own discretion to do whatever I please, the fourth amendment doens't give me the right to plumb the depths of cia.gov at my discretion. Asking for my ID at the door doesn't substantially violate any right to privacy (a right which, by the way, isn't a "fourth amendment" right; it's a right resulting from an amalgam of implications within the Constitution).

it would be useful (0)

Anonymous Coward | more than 3 years ago | (#36705366)

I have suggested a separate, secure 'internet' for years now. I don't trust the internet for high power financial transactions, health records, criminal laws, etc. If nothing else, it will be much easier to track crackers down.

frost pi57 (-1)

Anonymous Coward | more than 3 years ago | (#36705378)

To kkep up as oR chair, return

Well, not ALL users rights would be abrogated (4, Insightful)

rbrander (73222) | more than 3 years ago | (#36705398)

It's funny how hard it is to let go of past models. The heart of the Internet model is, as the saying goes "a sphere", where every node has equal access to every other node. No clients, no servers, just equal connectors. Society as a whole (when weighted by money rather than head-count) keeps trying to reject that in favour of it being a fancy way to broadcast: a few large hosts running Wal-Mart-sized data centres, many clients on as dumb a terminal as possible. Efforts to democratize information flow are opposed as either unserious utopianism or outright crime. (They can't seem to find a statute forbidding Wikileaks that doesn't forbid the Times, but from the rhetoric, you'd never guess.)

When Hayden says that "users" 4th-amendment rights would be abrogated, he isn't thinking of all the users, not the big ones. Just the little ones. Which I think just models how Hayden sees society itself. Little folks don't have rights, just privileges.

Re:Well, not ALL users rights would be abrogated (2, Insightful)

c6gunner (950153) | more than 3 years ago | (#36706106)

The heart of the Internet model is, as the saying goes "a sphere", where every node has equal access to every other node

No, it's not, nor has it ever been. Such a network would be completely impractical, both from a technological/economic perspective, and from a security perspective.

Society as a whole (when weighted by money rather than head-count) keeps trying to reject that in favour of it being a fancy way to broadcast: a few large hosts running Wal-Mart-sized data centres, many clients on as dumb a terminal as possible.

Right - people want functionality. They don't want every person to write their own version of facebook - they want a large service which everyone can access. Money has nothing to do with it - it's about usefulness.

Efforts to democratize information flow are opposed as either unserious utopianism or outright crime. (They can't seem to find a statute forbidding Wikileaks that doesn't forbid the Times, but from the rhetoric, you'd never guess.)

Complete nonsense, of course, supported by nothing other than your personal ideological biases.

When Hayden says that "users" 4th-amendment rights would be abrogated, he isn't thinking of all the users, not the big ones.

He's speaking about anonymity, dumbass. There would be no anonymity on the secure part of the net, by design. How exactly do "The Big Ones" get around that, and why would they want to? Have you put any thought into this?

Infected Import Tech (0)

Anonymous Coward | more than 3 years ago | (#36705404)

I don't think your network will be as secure as you hope:

DHS Admits Knowledge of Infected Import Tech (HARDWARE)
http://it.slashdot.org/story/11/07/08/208206/DHS-Admits-Knowledge-of-Infected-Import-Tech

Re:Infected Import Tech (1)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36705466)

What makes you so sure that a "new, improved" government-only "Internet" would use TCP/IP? Seems likely enough you could spec special blessed and approved network hardware as part of the overall plan.

Re:Infected Import Tech (0)

Anonymous Coward | more than 3 years ago | (#36705538)

i just felt my national debt grow

Here's a novel idea (5, Insightful)

king neckbeard (1801738) | more than 3 years ago | (#36705442)

"Core elements of our electric grid, of our financial, transportation and communications infrastructure would be obvious candidates. But we simply cannot leave that core infrastructure on which the life and death of Americans depends without better security."
Here's an idea, if a service being infiltrated can result in deaths, DON'T CONNECT IT TO THE FUCKING INTERNET

Re:Here's a novel idea (4, Insightful)

YrWrstNtmr (564987) | more than 3 years ago | (#36705564)

Here's an idea, if a service being infiltrated can result in deaths, DON'T CONNECT IT TO THE FUCKING INTERNET

Given that some of these systems have to communicate, that is exactly what this guy is proposing!
Don't connect them to the regular 'Net, but some other communication setup.

Re:Here's a novel idea (2)

king neckbeard (1801738) | more than 3 years ago | (#36705664)

It sounds more like he wants to use the same cables, and try and wall it off via hardcore authentication. My solution is completely separate wires if communication is needed for a system, and no wires if direct communication isn't needed

Re:Here's a novel idea (0)

todrules (882424) | more than 3 years ago | (#36705702)

My solution is a giant network of tubes.

Re:Here's a novel idea (1)

Anonymous Coward | more than 3 years ago | (#36706198)

LOL its funny because it's an old-ass meme that is only tangentially related to the topic! how comical! dumb fuck.

Re:Here's a novel idea (4, Interesting)

MimeticLie (1866406) | more than 3 years ago | (#36705914)

No, what he is proposing is "levels" within the existing internet that would require varying amounts of identification. From TFA:

Mulvenon, an executive at Defense Group Inc., a government contractor that provides agencies with intelligence analysis, has in mind a three-level network. "If you want to do banking, there's no anonymity," and users would need to enter true names and digital credentials to operate in the space, he said. The middle level, perhaps applicable to the .edu domain, would require fewer personal details from visitors.

"At the bottom, you can run around like a hobbit," he said. "How can you have a multilevel system that allows you to play up here and down there and doesn't compromise your ability to play?" is the challenge.

The article doesn't have any quotes from Alexander or Hayden, but it has some from others talking about the same plan. Despite the FUD that the proponents of this plan are spreading, this isn't about securing crucial industrial infrastructure. It's about creating a special ".secure" TLD that would somehow be outside the protections the Fourth Amendment grants on search and seizure with the stated goal of eliminating anonymity. So it's clearly not about "cyberattacks" either, as requiring credentials has nothing to do with DDOS.

So then what is this (not) new network? Given that it's being pushed by Michael "warrantless wiretaps" Hayden, the whole Fourth Amendment link starts to make sense. It's not about eliminating anonymity from secure transactions (it's not like credentials aren't already required for all this stuff. Hell, even World of Warcraft had 2 factor identification available), it's about bypassing your right to privacy. The government (and defense contractors like, oh I don't know, Defense Group Inc.) would be able to datamine all that juicy stuff they currently aren't allowed to touch because of those pesky "constitutional protections". China is the model here:

Nations with fewer civil liberty protections, including China, use "deep packet inspection" to search all Internet traffic for viruses -- as well as anti-government content, noted James Mulvenon, a China and cybersecurity specialist. Due to privacy laws, the United States cannot monitor private network traffic using this approach. Mulvenon questioned whether such restrictions give other nation states the upper hand in cyber defense.

Re:Here's a novel idea (3, Funny)

turkeyfeathers (843622) | more than 3 years ago | (#36705670)

Here's an idea, if a service being infiltrated can result in deaths, DON'T CONNECT IT TO THE FUCKING INTERNET

Your idea won't work. How can people employed at power plants, banks, etc. use bitcoins (the only secure currency of the future) if their network isn't connected to the Internet?

Re:Here's a novel idea (1)

Oligonicella (659917) | more than 3 years ago | (#36705700)

So you agree. The need to interconnect between these agencies has forced them to use the Internet, as no other metal does this. So, like he, you suggest a separate Internet for these agencies. Sounds quite sound to me.

Small FYI, you don't need to shout an agreement.

Re:Here's a novel idea (1)

king neckbeard (1801738) | more than 3 years ago | (#36706050)

I don't think I agree. He seems to want to use the same internet separated by software, while I want a physically separate network if there has to be any direct intercommunication, and in cases where there doesn't have to be, there shouldn't by any connection at all.

Actually (1)

WindBourne (631190) | more than 3 years ago | (#36705486)

The west, not just America, needs MULTIPLE networks. In particular, there should be one for DOD, another for utilities such as Power, water, etc, and other for general commerce. The DOD and utilities should NOT be connected in any fashion with the general internet. In addition, the DOD one should be limited to friends, only.

Re:Actually (1)

WindBourne (631190) | more than 3 years ago | (#36705628)

To take this further, the equipment on it should be done in the west ONLY. We need to know that it will not be taken down by China when they finally decide to attack.

Re:Actually (3, Interesting)

FreelanceWizard (889712) | more than 3 years ago | (#36705810)

What's funny about this is that we *already* have this setup. SIPRnet, JWICS, and other networks running on the Defense Information Systems Network (DISN) are already segregated from the public Internet by an air gap. This is actually required for any classified data. Information can sometimes enter a classified network from the outside world, but the mechanisms for doing so are extremely circumscribed and a massive amount of analysis has to go into making such systems "provably secure." In practice, NIPRnet and SIPRnet require different physical terminals. That's why we have things like the presidential Blackberry, which is essentially two Blackberries in the same case with a physical switch to swap between the unclassified and classified systems.

As for utilities and the like, sure, you have two options. One is to airgap the communications network, which is what I'd advise given the shoddy quality and poor security record of SCADA systems. The other is to use secure communications from the transport layer up and using defense in depth principles. Of course, that requires building security into the system from the ground up, and very few companies and people are willing to do that. In light of that, an airgapped network makes sense. If a truly independent network isn't needed, every backbone provider is more than happy to provide MPLS virtual networks for the right price.

In the end, though, I think the problem is that utilities don't want to spend the money on what they feel has no deterministic ROI (cf. trying to get a company to buy a disaster recovery system). This is rational self-interest, especially when you consider the explicit guarantee of insurance and the implicit guarantee of the government for critical infrastructure. The solutions are simple: enforce proper controls through regulation or nationalize the infrastructure so rational self-interest is removed.

Re:Actually (1)

WindBourne (631190) | more than 3 years ago | (#36706130)

Actually, it is not. All of that runs in virtual lans, going over the same physical cables as the net inside of ATT, Verizon, Qworst, etc. Worse, many of the VLANS are using Chinese made equipment which makes it all prone to cracking. Simply put, we need MULTIPLE PHYSICAL infrastructures. We have loads of dark cables. Does not matter where that is made. However, the electronics absolutely needs to be western made.

It doesn't really solve the problem ... (4, Insightful)

MacTO (1161105) | more than 3 years ago | (#36705488)

Ignore the privacy bit for a moment, because that seems to garner knee-jerk reactions around these parts, and look at the security bit.

There are a lot of transactions that need to be secure, yet would not qualify for the .secure network. For example: you could cram bank systems into the new network, but are you really going to allow every business that uses these financial systems on it (e.g. credit card transactions or trades on the stock market)? Even if you did, you would still end up with 'insecure' connections between the customer and the business. Or are you going to give every citizen a security token too? In that case, the ability to verify the identity of the user drops to nil since identify theft becomes an issue. Or people lending their identity to friends. Or people using loopholes in the system to create new identities.

Even a network which tightly restricts who could access it would face hurdles. Research labs attract all sort of riff-raff scientists and technicians. Some of those people will create bridges between the .secure network and everything else. Even if it is unintentional, because they are using the same systems to access secure databases as they use to access journals (and their goof-off resources). I'm not saying that it is impossible to stop that sort of thing, but it will be awfully difficult given the population involved.

Re:It doesn't really solve the problem ... (1)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36705584)

This is just the camel's nose in the tent to do away with all that awful, yucky anonymity on teh Internets. Monitored, controlled, non-anonymous citizens don't file-share, among other things. Think of the children!!

Re:It doesn't really solve the problem ... (2)

SwedishChef (69313) | more than 3 years ago | (#36705600)

This, I think, is the crux of the problem. Inevitably, someone will want WiFi access from their smart-phone and will finagle a way to do it. There are secure - and separate - networks in NSA and CIA which rely on clearances and job security and even they have problems with people abusing the system; how do you suppose Berkeley is going to do?

And who pays for this?

Re:It doesn't really solve the problem ... (0)

Anonymous Coward | more than 3 years ago | (#36705722)

A 'secure' network needs to be 100% or it isnt.

Three words here Deep packet inspection. All of the big ISP's in the united states just signed up to do it on behalf of the RIAA and MPAA.

Its not even hard to do. With a small amount of work I could listen to all of my neighbors network traffic. Hell the cable comes right into my house. But I dont because most people are honest. But with very little work I could. I can even buy a modem that does 90% of the work already.

A truly secure system would be very hard to do. All the end points would need to be switched out at this point and replaced with equipment that will cost 2x as much. As if I can snoop it I can crack it eventually. How do they plan on fixing that issue?

Also do you really *trust* all the middle hops? You better as they by definition can snoop.

I dont trust my ISP anymore. Why should I? They have shown they can be bought. All it took was enough money thrown their way and they are willing to snoop on *ALL* of my traffic just because I might steal something.

I am also telling all my friends and family. Who will in turn tell others about it. Dont trust your ISP. Which is the take away I get.

Re:It doesn't really solve the problem ... (2)

durdur (252098) | more than 3 years ago | (#36705766)

US military and diplomats already use secure networks [wikipedia.org] so it's not completely infeasible.

But for commercial transactions there are some issues. It is hard to require a separate machine for secure access so privilege escalation (insecure->secure) is an issue. Plus if you store the credentials you need to access the secure internet on the machine that is doing the access, then all you know for sure is that the machine initiated a transaction, not that a specific individual did. In particular, a hacked box allows impersonation of the user. If you require some kind of token to be plugged in, PIN to be entered, etc. then you have more security, but it becomes difficult to do automated transactions, which are very common and useful.

Conceptually it sounds good (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36705504)

Conceptually this sounds good as it would allow separate networks for stuff that should be secure from stuff that doesn't. I fear that the implementation will not work out that way as business now don't want to spend the money to separate things as it requires more hardware. You will also run into the why can't I access Google/Facebook/internet thing from this machine that is only connected to the scads system. In general companies are too cheap and their employees are too stupid to have real security.

Add to it the fact that this is coming from a government agency that is known for spying I am not terribly I sure I trust that the motives are entirely altruistic. It may be that they are (SELinux [wikipedia.org] ) or just a better way of keeping tabs on individuals.

Futile effort (2)

kpainter (901021) | more than 3 years ago | (#36705512)

They would be separate for about an hour. Right away, somebody would figure out a way to connect them together thus defeating the purpose.

Anonymity (0)

Anonymous Coward | more than 3 years ago | (#36705526)

So if you ran a proxy for accessing these .secure machines (like tor), it appears anybody who uses said proxy could be charged with identity fraud.. since the ID is associated with a particular person. This isn't an issue with current proxies, since there is no claim that an IP address represents a particular individual.
Also if your ID gives access to EVERYTHING (email, banking etc) then you'll be much less likely to want to share it.

you mean (1)

Gripp (1969738) | more than 3 years ago | (#36705528)

you mean... like some kind of internal network? with some sort of DMZ that separates it from the rest of the interweb? wow, i bet those gov IT guys never thought of that! i wonder where this guy got his IT degree from... oh wait. lul. and "certified credentials" ? you mean none of those gov websites require credentials? and here i was impressed by all the recent hacking of those servers that had happened.... guess I should have taken a better look into the matter! and yes, changing those pesky interweb adresses from .gov to .secure will definitely make things *much* more secure.

on a more serious note, how about we start listening to people that actually know WTF they're talking about instead of putting everything into a title. do we really think that just because he was the head of the NSA that he has god-like mental abilities? no. more than likely he simply has a quicker wit than most, a family with money/political ties and the ability kiss anything - no matter how brown it is.

Re:you mean (1)

Gripp (1969738) | more than 3 years ago | (#36705624)

replying to myself FTW....
and further, as far as i understand, when working for a gov, or any such hi-risk, institution you already DO sign away your right to privacy. they monitor all of your computer activities, often track you personally, and will survey your personal life as well. so what would formally telling people that "by going to this web address you are forfeiting your rights to privacy" accomplish? sounds like a setup for yet another loop-hole for them to be able to perform warrant-less activities.

Re:you mean (1)

todrules (882424) | more than 3 years ago | (#36705758)

Good idea. They could even block off certain IP subnets to be used just for internal networks.

Re:you mean (1)

c6gunner (950153) | more than 3 years ago | (#36706196)

you mean... like some kind of internal network? with some sort of DMZ that separates it from the rest of the interweb?

No, that's not at all (not even close) what he was talking about.

White iGlove (1)

Tablizer (95088) | more than 3 years ago | (#36705566)

not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint â" and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well

It's the iGlove examinations that really disturb me. They don't even offer to buy me dinner afterwards.

A new TLD does not a secure network make (4, Insightful)

Nkwe (604125) | more than 3 years ago | (#36705590)

So is the article talking about a separate physical network that is firewalled off from what we now call the Internet or is it just talking about a new top level domain that by policy requires domain owners to demand some sort of verifiable credentials for access to services on hosts that are pointed to by DNS entries within the new domain?

Unless it is a separate physical network with firewalls or other edge devices that require authentication and there is a mechanism to securely forward the credentials from the edge device to the internal host, you haven't crated any more real security.

Creating a new TLD on an existing "insecure" network that doesn't require authentication to access the physical network doesn't add any security. In this scenario anyone can still access the machines and it is up the owners of the machines to implement their own security. If the government (and others) can't manage security on their machines now, crating a new naming system for those machines isn't going to help.

Not a separate "Internet" (2)

GrantRobertson (973370) | more than 3 years ago | (#36705610)

This proposal is not for a separate "Internet" as the headline states. It is merely for a separate top-level-domain. And all the servers on this domain would supposedly have super secure firewalls that are impenetrable and unhackable? Riiiiight.

If this separate-but-not-really-SEPARATE "internet" is connected to the same wires as the regular internet then the hackers will still get in. Hell, all the servers that were hacked recently were supposedly super secure. Not a lot of good that did them.

If they want a truly secure, truly separate network then it shouldn't even be an "Internet" at all. It should have a completely separate set of wires. The equipment connected to these wires should be able to detect if the wires have been tapped into or if other unauthorized equipment is attached. It should have all new protocols, designed from the ground up for security and authentication rather than anonymity. In fact, every layer in the the entire IP stack should be completely thrown out and replaced with a secure system which, by law, can only be used on this new system. It will only be licensed for very specific purposes and no one else will be allowed to own this equipment or even have software that uses these protocols. Then, when you catch someone with this equipment or software, you know they are up to no good. The only way into the network will be by tapping in, which will be physically traceable, or by gaining physical access to a licensed terminal, which would be partially traceable but far more difficult to do.

Anything less than this is mere theater. Any claims that a .secure TLD will be any more secure than existing firewalls are just wishful thinking.

Re:Not a separate "Internet" (3, Interesting)

mlts (1038732) | more than 3 years ago | (#36705762)

A .secure domain on the same physical net is one thing. However, what we really need are separate backbones designed from the ground up to carry traffic.

The US has NIPRNet and SIPRNet. Ideally, it would be nice to see banks and credit card processing places have a "BIPRNet" just so that machines from bank "A" can contact bank "B" via a secure link, preferably a separate physical wire than what the traffic from the outside runs on. This way, a blackhat would have to find a machine that sits on both networks, and go from there. If the network backbone is set up to allow communications only between machines that have a business need to see/connect to each other, it would make that backbone quite secure. Add an IDS/IPS system will make compromise even more difficult.

Same with SCADA stuff. It needs its own backbone, then hardened computers that relay the diagnostic info from the embedded controllers to where it needs to be. I've even used two machines that were connected to each other via a one way serial port (slow link, but it worked getting the small datasets across, and one tx/rx pair was disabled so data could only move from the inner network to the outer) to ensure that the inner embedded network would require physical access to be compromised.

Good internet security is not a matter of "can't". It is a matter of "won't".

Re:Not a separate "Internet" (1)

GrantRobertson (973370) | more than 3 years ago | (#36706184)

Good internet security is not a matter of "can't". It is a matter of "won't".

I totally agree. I once read an article by the creator of SendMail that said it is impossible to create an e-mail system that is any more secure than the current one. I wrote him a message saying essentially: "Not with your program we can't." Can you imagine the audacity of the guy. Because the program he wrote decades ago isn't secure, it is impossible to be secure. Again: Riiiiiiiight.

Instead of starting over... (0)

Anonymous Coward | more than 3 years ago | (#36705614)

Why not just focus on securing what we have? We don't need a new .secure, just make banking sites more secure. Why not hire professional security personnel for network security instead of relying on a web developer to do it?

I decline your offer. here's mine. (5, Interesting)

TheGratefulNet (143330) | more than 3 years ago | (#36705632)

I thought about this a bit. this is MY proposal (from some random internet guy; but one who's been around, online, for quite a few decades).

what we need is true end-to-end encryption and that will get us all the 'secure' we need. it would not be a bad idea to insist that all non-encrypted protocols be aged out and replaced with SSL carried user-protocols (mail, file transfer, remote console, DNS, all the basics).

oh, there's one other tiny little detail. NO one can spy on the end-to-end connections. no MitM, no wiretaps, no opto-sniffing, no none of that [sic]. promise and ensure that all world citizens have protected (as in 'their rights, as human beings') end-to-end private communications. tapless and secure. to me, THIS means secure.

what they want is exactly the opposite. no encryption and nothing BUT tapping us (DPI, etc). they will know the identity of each networked station but this will not add to privacy OR security for anyone.

recognize this, people. do not give them this 'divided internet'! really bad idea. lets, instead, change the debate BACK to private communications and the right to not be listened to, monitored and surveiled.

Re:I decline your offer. here's mine. (0)

Anonymous Coward | more than 3 years ago | (#36705876)

This is exactly what TLS is designed for. TLS can handle both TCP traffic and UDP, so in theory, machines should be using this for every packet that flies across the network other than the initial handshakes. Most edge protocols can be run over SSL/TLS, and DNS has DNSSEC. It is just getting other sites to have this available, so all traffic is protected.

As for wiretaps, here is my proposal. A wiretap can go on for a time... BUT:

The user has to be notified about the wiretap at the end of the process.

The data obtained from the wiretap, unless it is used in immediate criminal or national security case gets discarded completely after a reasonable period of time.

The data is only used for one set of charges, just like a search warrant only allows searching on a limited basis. If police are searching a house for a dead body and find marijuana plants, they can't just add that possession charge without due process.

The data never leaves the LEO/TLA. This way, a wiretap doesn't turn into a fishing expedition for a patent or copyright troll, or can be used by an ex-spouse to win a divorce case.

a VPN? (1)

garlicbready (846542) | more than 3 years ago | (#36705672)

the concept of a '.secure' network for critical services such as financial institutions, sensitive infrastructure, government contractors, and the government itself that would be walled off from the public web

ohh you mean a VPN right? yeah we've had them for a while now

We dont need another internet (1)

drolli (522659) | more than 3 years ago | (#36705676)

it will grow with time and then the same problems will exist again.

What we need is the idea that managing access to networks is important.

Use your own CA, use big (maybe even one time pad) keysizes, make firewalls restrictive, make it mandatory that all systems are are managed by an experienced administrator, use TCPI, make encryption mandatory, and educate all employees to do it the right way or ask for help. Educated everybody in controlling the access to documents correctly (no: oh, lets just make it readable for all philosphy). Create a climate in which the IT deparment listens to what the users want to do instead of defining that they dont want anything complicated.

Oh. You say that costs a lot? Yes, that costs a lot. but it solves the problem. The steps which you need to verify that somebody whom you communicate with on the "internet nr.2" are exactly the same ones you need to verify that you are talking to the right person on the normal internet.

Re:We dont need another internet (1)

Astatine (179864) | more than 3 years ago | (#36705860)

What you described doesn't just "cost a lot". It's security cloud cuckoo-land...

Re:We dont need another internet (1)

drolli (522659) | more than 3 years ago | (#36706038)

Well cockoo-land and costs a lot are the same.

The gun is pointing the wrong way, as usual (2)

biodata (1981610) | more than 3 years ago | (#36705692)

Were these guys asleep in the last couple months? Seems to me that we have all been publicly reminded that computer networks aren't secure, and that some are very not secure because their owners are asleep at the wheel. So what to do about that? Of course! Pretend the problem is people pretending to be whom they are not, and carry on pretending that you can secure a network against that. Give a load of taxpayers money to some buddies to build a new 'secure' network, instead of legislating and regulating the owners of the current network components and asking them why they didn't secure their shit better. Can they not understand that there is no way for a server to tell which person it is communicating with, especially if that person deliberately lies? Only human beings can fairly reliably recognise other human beings. You can't make computers that can do it, they are much less clever than people.

"Certified credentials" (1)

Astatine (179864) | more than 3 years ago | (#36705716)

Do they mean a PKI, with certificates?

If so, .secure will go down like a lead balloon.

See: Email encryption (S/MIME etc) -- do you know anyone who uses it? In the unlikely event that you do, can you say they're not a huge nerd? Hell, I work as a security specialist and I don't use it because it's too hard.

Also see: DNSSEC -- even the big network operators are having difficulty deploying it, let alone anyone else.

And the https system for web certificates, which only "works" because it's fundamentally insecure (every browser trusts a huge list of CAs, any one of which can sign a certificate for any site, which is all that's required to impersonate the site -- and that's before we get into mixed content and all the other problems). .secure will require usable, secure authentication over the Internet, and that's *hard*.

Wireless Internet and Secure Cables (0)

Anonymous Coward | more than 3 years ago | (#36705748)

Move the common 'net to the wireless broadband spectrum and secure net over cables.

Should use a different protocol (0)

Anonymous Coward | more than 3 years ago | (#36705764)

The current internet was not designed for security, or traceability. A network designed for security and traceability should have a protocol and hardware designed for security and traceability.

SIPRNET? NIPRNET? (1)

sillivalley (411349) | more than 3 years ago | (#36705822)

I thought they already had a secured network -- SIPRNET?

Or do they just want a spam-free network?

Oh, maybe they mean NIPRNET -- why not let the banks and such on that?

Or maybe it's just that these bozos don't like sharing the ball OR the sandbox with anybody else and they want their own for just them and their good friends.

Re:SIPRNET? NIPRNET? (1)

biodata (1981610) | more than 3 years ago | (#36705942)

I was thinking the same, I'm sure I read they had already built one. Why don't they just run off a copy if they need another? OK, give it a misleading TLD if you have to for marketing purposes.

What's really needed is a COMPLETE secured chain (0)

Anonymous Coward | more than 3 years ago | (#36705852)

The guy's idea is both stupid and doomed to fail.

If you want security, you must have security on the whole chain, starting with the users' computers. And that's what cannot be done. The user will always be the weak link. The only solution to that problem would be to have hardened terminals -used only for that kind of secured communications- in public places (townhalls, etc.), and even that could be circomvented, albeit not that easily.

Of course, such a drastic -though feasible- solution would be impractical for many sites (government especially) which would need to be accessed through unsecured means: when looking for general information (not sensitive exchanges), you shouldn't be required to jump throught all those hoops.

As for his anti-privacy arguments, they fail miserably for the same reason: it does not matter if you are authenticated if your computer has been compromised! It would be all too easy to use your stolen credential from other compromissed computers...

Don't forget the DNA layer (1)

biodata (1981610) | more than 3 years ago | (#36705966)

Same flaw in argument as the original article. Starting from the computer does not identify the user. Even if you made the person submit DNA every time they logged in some would go around collecting people's DNA and keeping it in the fridge for when they needed to anon.

Morons everywhere (3, Interesting)

WaffleMonster (969671) | more than 3 years ago | (#36705904)

This is what happens when politicians who know nothing about security or network infustructure make high level design decisions.

Securing the wire always has and always will be a lost cause. Just click the little require secure connections only button in all of your operating system (IPSec) and you have yourself your secure private network.

There is no reason to segment traffic. On a large network you can expect someone on the network will eventually be compromised by an insider or determined advasary. Given this reality physically separate network must not be relied on to convey any security at any time.

All it means is you don't see a bunch of botnets launching blind attacks 24x7. It means important infustructure on a "secure" network becomes as complacent and vulnerable as the machines behind corporate firewalls. It is human nature. Without constant pressure it will happen. If you are tired of the random hits use IPv6.

Never trust the wire.. Just don't do it. It is always stupid and you will always be burned by it.

A few other points needing to be made:

If the content of your communication can not be private good luck with your "secure" network.

Federated authentication systems tend to induce weaknesses in server authentication. Imagine everyone on earth was using openid or had the same password file. You could login to any computer you wanted with your credentials.

This means:

The material which authenticates you as a person can not also be used to authenticate the service you are consuming as everyone has access to the authentication system. Even if your credentials are never exposed your authentication provides you with no assurances with regards the service you are consuming beyond an unbound trust anchor.

Want this to happen! (0)

Anonymous Coward | more than 3 years ago | (#36705988)

Most agree that the corporate hegemony + corrupt/incompetent govt will eventually eat away at many online freedoms. Fine. This idea (or even the separate physical wires proposal), then, is beneficial because it will direct their attention away from the "regular" internet and towards securing their little playground. Perhaps they'll even leave the "regular" internet alone forever. Certainly they won't tackle the hard problems and sticky, unpopular, politically questionable issues involved in messing with the "regular" internet until they see if their new playground has succeeded or failed.

Everything I'm interested in won't be moving to some jackbooted version of the net, so let them have it! Will /. move? No. Will kernel.org move? No. Will chegg.....umm...I mean my espn fantasy hoops league move? Prolly not.

Get these a$$clownz out of our hair, at least temporarily. Plus, it's infrastructure investment, and therefore it's money much better spent than, say, going to war against the cavemen of Random 3rd World Country X.

Hyperbole (1)

jensend (71114) | more than 3 years ago | (#36706096)

Saying that a network which requires credentials linked to your identity "would do away with users' Fourth Amendment rights to privacy" is ridiculous. The only thing that the Fourth Amendment says about privacy is that the feds can't search your stuff without a warrant. What the devil does that have to do with when you choose to visit a site which won't work with you unless you reveal your true identity?

Extra, Extra! Read all about it! Gub'ment proposes new security technology for shops and inns, called "refusing to do business with you unless you tell us your real name." Union of patent medicine peddlers objects that it breaches their "right to privacy!"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?