“What will eventually force Americans to go this route will be a major, catastrophic event online; such as an act of terrorism or massive credit data breach, loss or disruption. None of this is a matter of if it will happen, it is a matter of when. The internet was never designed to do what it does, so don’t kill the messenger, it’s going to happen. How we have chosen to prepare for this day will determine our ability to survive what has become as critical to our existence as bread and water.”

If you don’t believe this, please go directly to your nearest beach and insert your head firmly and deeply into the sand. 

From 2007-2010 I worked with the Department of Defense in pioneering black psychological warfare capabilities known in military nomenclature as Interactive Internet Activities, (IIA). Becoming a subject matter expert in IIA required me to identify not only physical, but also psychological and sociological vulnerabilities in social networks which could be exploited using IIA. It was not difficult, and ethically questionable black PSYOP products like Obama’s ShadowNet, have since become a new industry within the private sector defense contracting community with a very small physical footprint. At this same time the FBI were indicting Russia because it’s so terrible. The damage these products do to the integrity of the internet is greater, in my opinion, than bank and retail online fraud combined. 

The core vulnerability in both social media and the internet, is authentication, and that is because the internet was never, ever designed for what it is used for today. If that wasn’t disappointing enough, there is absolutely nothing that could ever be done to the World Wide Web [HTTP://www.] to fix it.

The problem itself can be fixed. This problem, by the way, is estimated at anywhere between $50-$100 Billion annually to Americans. I would argue it’s much higher when intellectual property rights theft is factored in properly. Either way, it’s over $1 Trillion every decade that goes to the black market, terrorists, domestic threat-actors and hostile foreign governments.

Lately, I have heard several professors and other intellectuals flat out tying the birth of the internet, and to a greater extent, social networks, have a direct correlation between the rise in school shootings and other random, largely individual acts of extreme violence such as road-rage. Even suicide rates are at per-capita, record level highs that a 10-year-old could see a connection with. I will save you the intellectual MYTHOS, PATHOS, LOGOS arguments explaining “why” it is happening, and stick with the “how,” from a cyber-security perspective, but you’re still not going to like it. 

The problem is simple. When using HTTP://www, there is no way of truly knowing the person or resource you are interacting with is truly whom they say. There is no possible way to fix that issue, even if you could get the political support to legislate a technical solution, which isn’t likely either, but at least possible.

Ok, so before I tell you the very simple solution, let’s run down quickly what this would solve: $100 billion annually in fraud, massively reduce suicides, bring school shootings back to 1960’s level, eliminate identity theft, eliminate the IRS, eliminate unauthorized spying, intellectual property theft, data theft, massively improve medical records, border security and illegal immigration, voting confidence/election integrity…

It’s this simple, instead of typing in HTTP://www., you would instead type in an address that looked more like HTTP://usa., and then provide your new USA ID Common Access Card (CAC). In order to get a USA-CAC you would use the same process as the military uses to issue a base ID. This process would be easy for some, and very difficult for others, so that would need to be addressed. 

You would use your USA-CAC to access the new HTTP://usa top-level domain architecture, and nothing would be allowed to access it without using the CAC with other multi-factor authentication options. For this to work, every online business and online financial transaction that takes place either within or with the USA, can only be done through the new USA domain structure. The CAC would become your passport, driver’s license (if states wanted,) and all credit cards would be replaced with your single USA-CAC. Foreigners wanting to do business with America would require applying for a business or visitor CAC, which would allow someone very limited and specific access that would be very well vetted in the ID process. Anyone would be able to do business that was authorized, even a street vendor in Thailand. The process would just not be instant for them like it is now with the world wide web, which is inherently the problem.

Although the WWW would still exist, the fact you couldn’t monetize it would force social media sites to host it on the new USA domain, which would eliminate the possibility of anonymity. Virtually every psychologist agrees that the anonymity a person has on Twitter and other social network mediums directly contributes to the hate and anger these platforms feed. I strongly encourage everyone to watch this conversation between Ben Shapiro and Jordan Peterson on The Rubin Report (begin around 17-minute point).

So, if you read this article and think it’s a cute idea but not something you want or would support, I’m sorry to say it will soon become a necessity. Cyber-security SME’s are entirely in agreement with my claim that the world wide web was not designed to provide a safe and secure connection to your vehicle, home appliances and most notably banking and financial institutions. The world wide web was designed as an easily accessible collaboration tool for sharing tacit knowledge. What we have done and are doing is like trying to turn a shopping cart into a Ferrari on the basis a shopping cart has four wheels. You can add fancy red paint, a powerful Ferrari motor and even put Tom Selleck in the fold out child seat, and it will still be a shopping cart at its core. If you want a Ferrari you need to build it out of Ferrari parts from the ground up. Any variation or substitution creates a vulnerability that will threaten the entire vehicle.

The .com upper level domain was designed for commerce, which needs to be connected to a secure financial infrastructure, all use different proprietary databases with unique authentication requirements. Resolving this requires an all-or-nothing commitment using a standardized and highly trusted authentication. This singular vulnerability is what makes any possible solution for the www impossible to fix, but also ensures a kind of “death by a thousand cuts” kind of future. Every day millions of people suffer from financial, physical or emotional loss as a direct result of the way we use the internet. Most won’t know it for years, and others may not ever even know something happened. This almost lottery like randomness prevents us from acting to fix it, much in the same way the California fires are not as high of a priority in most people’s day to day life in Florida. 

We are hemorrhaging losses massively from online businesses, whom eat losses from fraud as charge-backs from credit card companies whom always side with their customer, not the vendor. Many people don’t know that even if the vendor verifies a credit card transaction meeting all the credit card company’s authentication and verification requirements, if the transaction was shipped to the address verified by the credit card company, the vendor will still take the loss, not the credit card company. I don’t see any incentive for the credit card companies to change their methods when they don’t suffer any financial loss on a transaction that was verified and authorized by them.   

What will eventually force Americans to go this route will be a major, catastrophic event online; such as an act of terrorism or massive credit data breach, loss or disruption. None of this is a matter of if it will happen, it is a matter of when. The internet was never designed to do what it does, so don’t kill the messenger, it’s going to happen. How we have chosen to prepare for this day will determine our ability to survive what has become as critical to our existence as bread and water. 

Patrick Bergy has over a decade as an Information Assurance Security Officer (IASO), Information Management Officer (IMO) and Knowledge Management Officer (KMO) for the highest levels of secured networks and programs in our Department of Defense. He voluntarily deployed in some of the most austere environments in Iraq and Afghanistan for a combined total of nearly 20 months. His background is unique in that it ranges from providing Intelligence, Surveillance and Reconnaissance (ISR) support to the “tip of the spear” in Afghanistan, to pioneering tactical, clandestine, social media psychological warfare capabilities for our military, and for commercial use as well. If any of that sounds exactly like what the FBI just indicted 13 Russians for doing, you wouldn’t be wrong.

Leave a Reply

avatar
  Subscribe  
Notify of