Saturday, June 30, 2007

Weird Internet laws in Korea

How bizarre, according to the Times, new laws in South Korea will require users who post on bulletin board to submit their name and social security number before being allowed to post in a bid to tackled anonymous bullying. There are a number of implications here. First, one must assume that site has the ability to cross-reference names to social security data. That implies either the South Korean Government is giving full database information on its citizen to private companies, or it is exposing some sort of query webservice for validation purposes.

The latter is more likely I think, which then raises some serious civil liberty and privacy concerns. Firstly, what is there to stop private bulletin boards caching the queried data and build up its own validation database? What happens if the private bulletin board sites are compromised? What is there to stop user A finding out user B's social security number and posting as him? Presumably the sites will not let non-nationals post either? Or perhaps they will but use geographic location systems to decide who should and should not submit extra information to post? If that's the case then the open proxy servers online will becomes ever more popular. The implication is for "local Internets for local people".

The point is of course that if someone wants to post anonymously online they're going to find a way of doing it, and the most obvious way is to bounce traffic through servers in somewhere like Uzbekistan to mask the source address. Not of course that a source address is always meaningful anyway, after all, on a large network with a single gateway using address translation you could have a 1000 users with one presented IP. It will continue to be that way until we move away from IPV4 (capable of having about 4.3 billion unique addresses) and start using IPV6 at the end user level and not just on the backbones (about 340 billion billion billion billion unique addresses). IPV6 will, in theory mean, we could all have our own IP address.

That however won't solve the problem of re-routing traffic, pretending to be someone or somewhere else. What I do find most interesting is that there are clearly calls from the more authoritarian amongst society to regulate and control the Internet in these sort of ways. The problem is that they fail to understand the nature of the network. There are actually just two choices for Government in this case, either you control information flow by segmenting your nation's Internet off into effectively a very big LAN (see the Great Firewall of China), or you don't. Either way, they'll will always be people out there circumventing obstacles in their way.


Ed said...

I'm surprised that it's Korea who have tried this, because it's exactly the kind of ignorant ill-thought out project that our own government would try.

Cyber bullying is a bit of an odd one because of course if you don't get treated well on a particular site you can choose not to go back on to it. As an example I was accused of being a twat on Bob Piper's blog so I don't read it anymore. Perhaps I should have accused him of bullying!

Chris Paul said...

I hear Dale and Fawkes are keen to try this out immediate;y to stop their unfunny graffiti problem.

Diablo said...

Clearly you should pass this idea onto Brown but in the meantime if you need a few NI numbers I know a bloke down the pub who can help.

(PS: See that Chris Paul is here as well with his irrelevant remarks. Has he got a thing for Iain Dale?)

online attorney said...

I agree that's really weird.