The Net must fight back to regain our trust

A new flavor of attack means that even those Web sites you trust might not be trustworthy--and we all pay the price.

Trust is tremendously valuable, but unfortunately supplies are running a bit short on the Internet right now.

We've all heard about Trojan horse malware that poses as software you might want to run, phishing scams that send fake e-mail purporting to be from your bank, and identity thieves who can siphon away your money. But an unpleasant new variety of faith-undermining behavior has shown up twice now in recent months: bogus versions of the digital certificates that enable encrypted communications on the Net.

How does a bogus certificate hit you where it hurts? Think of the Web sites you trust, the ones with the traditional closed-lock icon that signifies a secure connection. Fake certificates, in combination with changes to the way in which data is routed around the Internet, can be used to steal passwords and intercept e-mail from use of those sites.

The problem is that there are hundreds of organizations called certificate authorities (CAs) that issue certificates, and those organizations may be vulnerable to attack. The certificate authority worry is very real: In March, Comodo issued fake certificates after a successful attack, and in August DigiNotar issued 531 fake certificates for Google, Facebook, Twitter, the CIA, and more. Some security experts expect more use of fake certificates, too.

In other words, we're running into a breach of trust not just for Web sites, but for the organizations set up to to tell us whether we can trust Web sites.

That's a particularly corrosive type of doubt to have in the back of your mind: it's systemic, with the potential to undermine faith broadly, not just hurt the reputation of one particular site.

The utility of trust
Trust is tremendously useful. It increases the efficiency of transactions, saving time by not requiring every little detail to be verified in advance.

It can be hard to establish trust, though. Here's a case in point from my recent move to France: my bank required a phone bill with my new address to prove that I really had moved, and my phone company required a bank statement with my new address before it would give me a subscription. (The situation was more complicated, to be fair, but that procedural deadlock was one very real aspect.)

Once the trust is established, though, future transactions get easier. For example, my bank now will send me a replacement debit card or an older bank statement with little fuss.

The bank's process is very formal, but I think systems of human interactions naturally incorporate trust more organically. Perhaps it's human nature, in which we evolved to give others the benefit of the doubt to some degree. Perhaps it's that a system with a certain amount of trust is more efficient and spreads more quickly to other people.

The problem is that it's easy to get ahead in the short run if you're willing to abuse trust. The September 11 attacks took advantage of some built-in goodwill in pilot training, aircraft security, and air traffic control. Other examples of abuses: fabricated news stories, fraudulent scientific results, investment funds that are actually Ponzi schemes, and the patron who stiffs the restaurant. If everybody skipped out on paying bills, you can bet that all restaurants would demand payment in advance, but for now, we generally get the flexibility of being able to add dessert and a coffee onto the bill at the end of the meal.

Happily, human systems repair themselves because overall the advantages of trust are pretty high, too. The stock market, airline industry, news media, scientific research community, and restaurant business all have surmounted plenty of trust-based challenges.

Hidden tax on the Net
What worries me about the Internet is that it operates at a massive scale and with greater automation. Even though the overall Net will keep on humming, a large number of individuals could suffer. Consequently, we're seeing a gradual rise in technical countermeasures. That means a tax on the Net's use, one way or another.

Here's one example: I use Google two-factor authentication, and it's a pain. For one thing, I have to have my phone around to provide a verification code when I log into my account from a new browser. Given that I have two phones, two tablets, three computers, and at least a dozen browsers in regular use, that's a lot of work.

Just as inconveniently, two-factor authentication means I have to generate passwords for apps that use Google services--Gmail and Google+ on my Android phones and tablet, Mail on my Mac and iPad, Chrome settings and iTunes-Google sync, and more.

I've thought about ditching two-factor authentication on many occasions, but each time I ponder the risks and leave it on.

Likewise, my bank makes me jump through hoops to sign on--but in today's world I grit my teeth and put up with it. When I sign up for new services, I worry that I'm adding one more potential way that some identity thief or fraudster will find a way into my life.

Browsers, the gateway to the Web, are on the front lines of this battle. There are encouraging signs here that browser makers are getting more serious.

Google has modified Chrome so that for particular domains such as Gmail, it will only use certificates from a short list of certificate authorities it deems solid. That won't stop all abuse, but it was useful enough to flag the DigiNotar problem.

Browser makers are also making it harder for add-ons to add themselves without user permission, asking difficult questions about balancing new features' utility and risk. More broadly, Google is pushing the use of secure Web connections, not just for Gmail but also for search.

No longer naive
This isn't the first time trust took a hit on the Net, of course, and computing systems continuously evolve away from their early, naive designs. Gone are the days when it was possible to break into servers with the username "guest" and an empty password, as described in Cliff Stohl's 1989 book "The Cuckoo's Egg."

The trouble is that the Internet is increasingly essential to school, business, politics, and our personal lives. The damages of breaches of trust are worse than ever.

It's great that the Net's technologists are responding. But there's no miracle cure here, and malicious hackers are advancing the state of the art at the same time. Governments and armed forces, not just thieves, are getting involved as cyberwar becomes just a facet of ordinary war.

It's a great time to be on the Net, and I'm confident that ultimately it will withstand this current hit to its trustworthiness. But the time being, I'm keeping the annoying, heavy-duty Google authentication.