At the forefront of the security on the Internet, there lies the security problem of identity. How can internet users maintain their right to privacy while at the same time securing identity information when necessary?
IP addresses are the means by which information is passed from one destination to another online, and play a role in identity online. Given the number of IP addresses available in its current iteration IPv4 and the increasing number of devices that utilize IP addresses, the urgency for a new solution is becoming apparent.
IPv6 is a new protocol that will consist of longer IP addresses (128-bit rather than 32 to be exact). IPv6 has many advantages, including increased address space, larger data packets, the potential for individual devices to have their own IP addresses. The ability for individual IPs will simplify network design and allow more specific connectivity. (For those of you about to search for IPv5, here’s your answer, and also the Internet Society or ISOC has a good Q and A on the details of IPv6 )
The International Telecommunications Union (ITU), a United Nations agency is working to improve international technological infrastructure and seeks to aide connecting the world via technology. The ITU settles long-distance international dialing country codes, so many hope that they can provide an impartial source of distribution for IPv6 addresses, as compared to the ad-hoc distribution of IPv4, whose irregularities have be seen as unfair.
Their work spans government and industry and are currently working towards online child protection, addressing cyberthreats and also creating the cybersecurity gateway with links to resources such as conferences and papers.
Who should have the control over IP distribution? What is the best way to implement a new protocol? What types of problems arise when individual devices no longer have to share IPs?
Another solution to the identity question are platforms like Oauth and the communities such as Kantara that support such technologies. Oauth is an open protocl giving users the power distribute varrying degrees of access to content on a particular site or platform.
Would this type of implementation be ideal? What risks are involved? What potential downsides (if any) are there to so much customization?
To deal with the issue of identity, many have suggested having a government issued online identity, much like a drivers license ID.
Will people online trust and warmly receive a government issued ID? How would the government deal with the problem of online identity theift? How could this ID be misused to track people? What are commercial and interpersonal situations where it would prove beneficial to have an online identity (ie: receiving a phone call or buying an app)? How would this change the relationship between people and corporations for the identity of each of them?
Another government impelmented approach is outlined in the White House’s Cyberspace Policy Review. This document outlines near-term and mid-term action plans, including short term goals that raise many relevant questions.
Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.
Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
Initiate a national public awareness and education campaign to promote cybersecurity.
Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.
Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement
In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.
How can the government implement these plans while serving privacy and civil liberties? What are best practices for an incident response plan? What is an appropriate and effective way to educate about cybersecurity? What does a strong cybersecurity policy look like?