Internet crime keeps getting worse...but it doesn’t have to be that way. In this book, Internet security pioneer Phillip Hallam-Baker shows how we can make the Internet far friendlier for honest people–and far less friendly to criminals.
The dotCrime Manifesto begins with a revealing new look at the challenge of Internet crime–and a surprising look at today’s Internet criminals. You’ll discover why the Internet’s lack of accountability makes it so vulnerable, and how this can be fixed –technically, politically, and culturally.
Hallam-Baker introduces tactical, short-term measures for countering phishing, botnets, spam, and other forms of Internet crime. Even more important, he presents a comprehensive plan for implementing accountability-driven security infrastructure: a plan that draws on tools that are already available, and rapidly emerging standards and products. The result: a safer Internet that doesn’t sacrifice what people value most: power, ubiquity, simplicity, flexibility, or privacy.
Tactics and strategy: protecting Internet infrastructure from top to bottom
Building more secure transport, messaging, identities, networks, platforms, and more
Gaining safety without sacrificing the Internet’s unique power and value
Making the Internet safer for honest people without sacrificing ubiquity, simplicity, or privacy
Spam: draining the swamp, once and for all
Why spam contributes to virtually every form of Internet crime–and what we can do about it
Design for deployment: how to really make it happen
Defining security objectives, architecture, strategy, and design–and evangelizing them
How to Build a Safer, Better Internet
You’ll find yourself deeply concerned, then fascinated, then hopeful as you read about
• Building an Internet that resists online crime
• Phishing, botnets, and spam: tactical, workable, immediate countermeasures
• Establishing the “Accountable Web”: a strategic, long-term solution to Internet crime
• Improving security without sacrificing what people love about the Internet
The Internet is today’s Wild West: too much lawlessness, too little accountability. Now, one of the Internet’s leading pioneers shows how we can build a more trustworthy Internet: one that resists crime without frustrating honest people or compromising privacy and civil liberties. Drawing on years at the cutting edge of Internet and security research, Phillip Hallam-Baker offers a complete plan for reinventing the Internet: a plan that addresses everything from technology to politics and culture. Whether you’re a technology professional, policymaker, or citizen, this book will show you how we can make the Internet better, smarter, and above all, safer.
About the Author xxviii
Chapter 1: Motive 1
Chapter 2: Famous for Fifteen Minutes 37
Chapter 3: Learning from Mistakes 51
Chapter 4: Making Change Happen 81
Chapter 5: Design for Deployment 107
Chapter 6: Spam Whack-a-Mole 119
Chapter 7: Stopping Spam 135
Chapter 8: Stopping Phishing 155
Chapter 9: Stopping Botnets 175
Chapter 10: Cryptography 199
Chapter 11: Establishing Trust 215
Chapter 12: Secure Transport 227
Chapter 13: Secure Messaging 251
Chapter 14: Secure Identity 277
Chapter 15: Secure Names 311
Chapter 16: Secure Networks 323
Chapter 17: Secure Platforms 343
Chapter 18: Law 355
Chapter 19: The dotCrime Manifesto 377
Further Reading 383
Dr. Phillip Hallam-Baker has been at the center of the development of the World Wide Web, electronic commerce, and Internet security for more than a decade. A member of the CERN team that created the original Web specifications, his list of design credits has few rivals and includes substantial contributions to the design of HTTP, the core protocol of the World Wide Web.
A frequent speaker at international conferences with more than 100 appearances over the past four years and numerous media interviews, Hallam-Baker is known for his passionate advocacy of what he calls technology for real people. His mission is to democratize technology, making technology serve the needs of the ordinary person rather than interest technologists or an artificial business model. The dotCrime Manifesto serves this mission by reaching out beyond the field of network security specialists to provide a firsthand, accessible account of the measures needed to control Internet crime.
Dr. Hallam-Baker was also responsible for setting up the first-ever political Web site on the World Wide Web and worked with the Clinton-Gore ’92 Internet campaign, correctly predicting that the Web would change the future of political communication, a prediction that led to the creation of the Clinton Presidential Web site, whitehouse.gov. While at the MIT Laboratory for Artificial Intelligence, Dr. Hallam-Baker worked on developing a security plan to allow deployment of the groundbreaking Internet publications system at the executive office of the president.
VeriSign Inc. was founded in 1995 to provide a trust infrastructure for the Internet that would allow people to buy and sell over the Web without worrying that a criminal might be able to steal their credit card number. This trust infrastructure was the key technology that allowed the development of online retail stores and banks. Dr. Hallam-Baker joined VeriSign in 1998 and became its first principal scientist in 2000. His first commission as principal scientist was to design a second-generation trust infrastructure for the Internet. This research work led to the design of XML Key Management Specification (XKMS), a protocol that reduces the number of lines of code necessary to connect to a trust infrastructure from more than a quarter of a million to less than two thousand. This research was also a major influence on the development of the Security Assertion Markup Language (SAML) protocol, which Dr. Hallam-Baker also edited. Both XKMS and SAML have been adopted as industry standards, and SAML was chosen by the Liberty Alliance as its key infrastructure protocol.
Since 2002, Dr. Hallam-Baker has increasingly focused on the problem of how to stop Internet crime. He played a leading role in the fight against spam and was one of the first researchers to argue for the authentication-based approach to spam control that has since become the Industry standard. In 2004, Dr. Hallam-Baker testified at the Federal Trade Commission workshop on authentication-based approaches to stopping spam.
Dr. Hallam-Baker holds a degree in electronic engineering from Southampton University and a doctorate in computer science from the Nuclear Physics Lab at Oxford University. He has worked at internationally respected research institutions such as DESY, CERN (as a European Union Fellow), and MIT. He is a member of the Oxford Union Society and a Fellow of the British Computer Society.