Home / Blogs

"Internet Drivers License" - A Short History Lesson

Suresh Ramasubramanian

The press, the blogosphere, CircleID - everybody has been discussing Craig Mundie's comment on the need for an "Internet Driver's License".

Most of the reaction has been from privacy advocates fearing that this is simply another way to kill anonymity on the Internet. Oh well… that's the usual set of reactions.

Now… the fun part is, a driver's license also shows that you have the competence to drive. So, Mundie seems to have been expressing the idea that it'd be great to train people in using the internet productively and safely, before actually letting them on the internet.

As Mundie put it —

"If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

Susan Brenner on CircleID did say something about K12 students having to display their licenses online having been trained in using the Internet safely and responsibly, and that licenses could be revoked for inappropriate use of the Internet.

She then went on about how a license wouldn't be very useful or effective in an open, unstructured internet.

If she'd googled back for some older history she'd have found that Mundie was simply channeling a trope that's over a decade old. It isn't something that he came up with all by himself.

The concept of an "internet driver's license" is an old usenet trope — dating back to the time when people spoke of an "eternal september" (referring to when, earlier, newbies would only come into usenet every september as the term opened in colleges, but after 1993 and aol, compuserve, juno etc, more and more people entirely new to the Internet kept coming in, in droves, exasperating the regulars on mailing lists and usenet groups). The concept of needing a driving license to use the internet was a running joke that dated back to the same period.

My good friend and maawg senior tech advisor Joe St.Sauver (of UOregon, EDUCAUSE, etc etc etc) put the need for a driver's license in a much more security aware context back in 2007 —

There's nothing inherently wrong with offering people a quick training course in using the internet safely and responsibly when selling them an internet connection. Several ISPs already distribute videos on install CDs and maintain support FAQs, online help forums etc.

The smaller ISPs (such as the community internet / freenet networks that are sadly dying out these days) used to reach out much more actively to their local userbase with face to face training courses. People new to the network in a university or a corporation routinely do receive a quick security briefing on safe and acceptable use of the Internet.

Yes - the concept of revoking an internet driver's license does seem unworkable, doesn't it?

There's something called a Walled Garden, that's quickly becoming established network security practice.

If there's a computer on a network (whether an office network, or a large ISP's DSL pool) that's infected and emitting malicious traffic, it can be detected, and once detected, moved into what is called a "walled garden" — a safe area or sandbox from where the user can only access the ISP helpdesk pages, windows update and antivirus update servers, till such time as he clears up the infection on his PC and either automatically releases himself from the walled garden by clicking a button (which can happen the first two or three times) or calling the ISP's helpdesk to let him out.

Several large DSL networks have already implemented this, and MAAWG has a best practice document that recommends it, along with other measures to mitigate botnet infections on a ISP network.

Two documents from the OECD and the ITU put this into context, discussing the threat posed by malware, and the political/administrative, technical and social measures needed to mitigate it. They both cite the MAAWG best practice documents, by the way.

I'll conclude by saying that a lot of this is simply to protect the ISP's users from the personal consequences (ID theft, phishing etc) of an infection on their PCs, as well as to protect the ISP's other users as well as the internet at large from the malicious traffic emitted by malware.

Note to some people reading this: Thank you. Yes, I've heard the Ben Franklin quote about sacrificing liberty for safety. I've also heard the Pastor Neimoller quote about "first they came for ..." (though I always think people who use that quote have automatically lost their argument, having violated Godwin's Law by comparing the other side to the Nazis). I'll still stand by what I said. Thank you.

By Suresh Ramasubramanian, Antispam Operations

Related topics: Access Providers, Censorship, Cybercrime, Internet Governance, Law, Policy & Regulation, Privacy, Security, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Dyn Weighs In On Whois

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Sponsored Topics

Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services


Sponsored by

DNS Security

Sponsored by


Sponsored by