Hot Points – A blog by Go Daddy founder and president Bob Parsons
Now that the facts are in the open, it takes only a second to know that Ben Fawley is not the type of individual most of us would choose to associate with. Unfortunately, for those that were unlucky enough to encounter Fawley over the internet, he seemed just like anyone else. This brings me to why I’ve decided to write about this sad tale: Taylor Behl met Ben Fawley online.
There are two types of anonymity that need to be looked at with different "eyes": The kind of anonymity in which your personal details -- Where you live, where you work, that sort of thing -- are not available for the general internet population to view. This is the good kind of anonymity.
The second type, the type that needs to be done away with, is the ability to create anonymous or false accounts in internet chat rooms, blogging communities, etc... without any sort of verification that you are who you say you are.
Now I'm not suggesting that full disclosure of every stupid thing you've ever done should be required before someone is allowed to join a community of some sort. If such were the case I'm guessing that a lot of people wouldn't join from the embarrasment of silly little things like getting caught when they were 18 stealing a candy-bar, or even not so silly things like a DUI. As wrong as it is to drink and drive, there are a lot of people (no, I'm not one of them; I'm not suggesting this to protect my own interests) who have made that mistake, rightfully got caught, and have since learned their lesson.
Now a history of drinking and driving -- the type where people are sent away for considerable lengths of time -- is something all together different. While they may not be the predative, murdering type, you probably would want to avoid getting into a relationship with someone who has proven time and time again that they can not control themselves from getting loaded and getting behind the wheel.
As Bob Parsons points out in the above linked piece: There are online communities such as True.com that require background checks before gaining access to community membership. In the case of True.com this apparently leads to about 5% of the applicants being denied membership because they are already married and another 5% because of negative criminal histories. This is excellent and definitely a good start. More communities such as Match.com and eHarmony (both mentioned by Mr. Parsons in his post) need to embrace this concept and they need to do it NOW!
While I don't think online dating communities should be held accountable (at least not yet -- if they simply will not put forth the effort to help fix the problem, then yeah, they should) when tragedies such as those outlined in the above linked piece take place, I do believe that there needs to be a requirement that forces a certain level of effort on the part of these communities to take the necessary steps to ensure they are doing all they can to keep these tragedies from taking place.
How many more murders, rapes, and other hideous and awful crimes need to take place before we stand up and say "ENOUGH IS ENOUGH!" I'll tell you right now that I am standing up and saying "ENOUGH IS ENOUGH!" and you should too.
Setting this aside for the moment this is only half of the anonymity problem. On the flip side of this is internet spammers.
Anonymity such that anyone can leave a comment on your blog or a trackback thats something more than a real comment on a particular post someone has made simply should not be allowed. In the same general area, our email inbox is not the kind of thing that anyone and everyone should have access to. Now a lot of progress has been made in this area, but its still not enough as the problem continues to plague the interent communities. Should we require criminal background checks before someone is allowed to perform one of the above activities. No! Obviously theres a level in which certain activities such as leaving a comment or trackback don't pose the same threats that meeting someone via an online dating service and developing a relationship with them pose.
But there does need to be a way to identify someone such that abusers of such privileges can be recognized and disabled from gaining access to the same said privileges. As such, there needs to be a process developed and put into place that forces and enforces a certain level of disclosure before someone is allowed access to these privileges.
Going back to my post regarding "Internet Stamps", I mentioned CACert. What's CACert? From their about page:
About CAcert.orgCAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.
CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a document base that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI).
For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you.
For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites.
If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates.
Obviously CACert isn't set-up to handle the problems posed to internet dating and chat forums. But it can certainly help and would definitely be a good foundation to extend from.
Extending from this I want to bring out a few other points.
- CACert is founded on the notion that providing payment for a signed certificate does basically nothing as far ensuring the honesty and integrity of any given individual or entity. As such, there is no direct charge for a CACert signed certificate. However, if you visit the site you should be able to quickly establish the fact that this project is built upon a base of "assurers", or real live people who meet up with other real live people who are desirous to gain a certificate in person, verify through a generated pass-id that the person they are meeting has gone through the online processing and given a secret ID that is shared with the assurer and verified to be the same, then verify via various forms of Government issued identification that they are who they say they are.
Once this has all been established the assurer then apply "points" to this person based on various factors -- the type of ID that was shown, their own personal "gut" feelings as to whether this person is legit, etc... -- and then enters their points rating into an online form provided by CACert. The ultimate goal then is to build up your points such that the more points you have, the more "trust" you are given. But from what I understand, how much trust you give any given person is up to you. In other words you might decide "I don't want to allow anyone access to my email inbox or to leave a trackback or comment on my blog unless they have 75 points." Fair enough. That's your decision and rightfully so. Such a system allows for the idea that we all have our own levels of comfort and should be given the ability to determine these levels for ourself, and not allow "comfort by commitee" to be the controlling factor. It also leaves room for the notion that, at this stage anyway, its not really known what level of points should be sufficient in safely assuming "yeah, this person is legit." My guess is that eventually enough data will exist that can be analyzed to determine the various risks involved with each level of points. With this data an official recommendation can be made as to what can truly be considered "safe."
But a recommedation is all it should ever be, as this area needs to stay fluid so that "glitches" in the system can be verified and adjusted such that there is never a notion set in stone that "ahhh.... now we can all feel better now as we have finally determined what can be assumed safe and what can not." Hackers (the bad kind) will always find a way around a system. As such that system needs to be enabled to always find away around the hackers. A cat and mouse game that never ends, yes. But a never ending cat and mouse game is a lot better than the alternative so its something we're just going to have to accept and get used to.
So getting back to the assurers and the cost of the CACert program. As I said, there is no cost for the certificate itself. However, each assurer is allowed a "reasonable" amount of room to recover costs incurred through travel, etc... As such, there may be a charge imposed upon by the assurer. They don't have to, but they can. I will admit that when I first saw this I thought "ooh, there in and of itself lies the problem with the system." But after chatting with various trusted individuals such as Uche, I came to understand that this isn't the problem I was making it out to be. Recovering costs is one thing. Charging exuberant rates and turning the "assurer business" into a lucrative business proposition is quite another. Such a system would be a little to enticing for the dishonest segment of our populations and would allow too much room for corruption. Fortunately a system such as the one CACert has in place will quickly root out those who are in it to gain profit as opposed to those who are in it to help bring a certain level of sanity to the insane internet "trust" system we currently lay victim too. All fees that the assurer might charge MUST be made known and agreed upong before a meeting takes place. If this "assurer" then demands a higher price a system exists to make these demands known.
With this in mind I feel really good about standing behind this system and stating "THIS ABSOLUTELY NEEDS TO HAPPEN AND IT NEEDS TO HAPPEN NOW!"
Why are we waiting?
What are we waiting for?
Why are you not standing up and making this same statement?
You need to. No more excuses. This needs to happen and it needs to happen now.
Thanks for reading.