Home / Blogs

"Internet Drivers License" - A Short History Lesson

Suresh Ramasubramanian

The press, the blogosphere, CircleID - everybody has been discussing Craig Mundie's comment on the need for an "Internet Driver's License".

Most of the reaction has been from privacy advocates fearing that this is simply another way to kill anonymity on the Internet. Oh well… that's the usual set of reactions.

Now… the fun part is, a driver's license also shows that you have the competence to drive. So, Mundie seems to have been expressing the idea that it'd be great to train people in using the internet productively and safely, before actually letting them on the internet.

As Mundie put it —

"If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

Susan Brenner on CircleID did say something about K12 students having to display their licenses online having been trained in using the Internet safely and responsibly, and that licenses could be revoked for inappropriate use of the Internet.

She then went on about how a license wouldn't be very useful or effective in an open, unstructured internet.

If she'd googled back for some older history she'd have found that Mundie was simply channeling a trope that's over a decade old. It isn't something that he came up with all by himself.

The concept of an "internet driver's license" is an old usenet trope — dating back to the time when people spoke of an "eternal september" (referring to when, earlier, newbies would only come into usenet every september as the term opened in colleges, but after 1993 and aol, compuserve, juno etc, more and more people entirely new to the Internet kept coming in, in droves, exasperating the regulars on mailing lists and usenet groups). The concept of needing a driving license to use the internet was a running joke that dated back to the same period.

My good friend and maawg senior tech advisor Joe St.Sauver (of UOregon, EDUCAUSE, etc etc etc) put the need for a driver's license in a much more security aware context back in 2007 —

There's nothing inherently wrong with offering people a quick training course in using the internet safely and responsibly when selling them an internet connection. Several ISPs already distribute videos on install CDs and maintain support FAQs, online help forums etc.

The smaller ISPs (such as the community internet / freenet networks that are sadly dying out these days) used to reach out much more actively to their local userbase with face to face training courses. People new to the network in a university or a corporation routinely do receive a quick security briefing on safe and acceptable use of the Internet.

Yes - the concept of revoking an internet driver's license does seem unworkable, doesn't it?

There's something called a Walled Garden, that's quickly becoming established network security practice.

If there's a computer on a network (whether an office network, or a large ISP's DSL pool) that's infected and emitting malicious traffic, it can be detected, and once detected, moved into what is called a "walled garden" — a safe area or sandbox from where the user can only access the ISP helpdesk pages, windows update and antivirus update servers, till such time as he clears up the infection on his PC and either automatically releases himself from the walled garden by clicking a button (which can happen the first two or three times) or calling the ISP's helpdesk to let him out.

Several large DSL networks have already implemented this, and MAAWG has a best practice document that recommends it, along with other measures to mitigate botnet infections on a ISP network.

Two documents from the OECD and the ITU put this into context, discussing the threat posed by malware, and the political/administrative, technical and social measures needed to mitigate it. They both cite the MAAWG best practice documents, by the way.

I'll conclude by saying that a lot of this is simply to protect the ISP's users from the personal consequences (ID theft, phishing etc) of an infection on their PCs, as well as to protect the ISP's other users as well as the internet at large from the malicious traffic emitted by malware.

Note to some people reading this: Thank you. Yes, I've heard the Ben Franklin quote about sacrificing liberty for safety. I've also heard the Pastor Neimoller quote about "first they came for ..." (though I always think people who use that quote have automatically lost their argument, having violated Godwin's Law by comparing the other side to the Nazis). I'll still stand by what I said. Thank you.

By Suresh Ramasubramanian, Antispam Operations

Related topics: Access Providers, Censorship, Cybercrime, Cybersecurity, Internet Governance, Law, Policy & Regulation, Privacy, Spam


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals