January 7, 2003
Ever Heard of Cyber-Civics?... Let's take five with Moira Gunn. This is "Five Minutes".
Who can forget being in school and taking Civics? We learned how the government worked and what it meant to be a good citizen. Yet, in those days, we had no idea what life would be like today.
For every 100 Americans, there are now 62 personal computers. More adult Americans are on the Internet than aren't. The truth is pc's and Internet interconnectivity have become the norm, and we are tied together digitally. Our local communities aren't just defined by our work, the grocery store and city hall. They now include cyberspace.
So, how does this affect civic duty? Let's talk about computer viruses. They're always discussed in terms of protecting one's own computer and the data therein. But I think it goes beyond that.
--
At a conference recently, I heard a speaker propose that you want to protect yourself from viruses so you don't pass them on to someone else. And he's right. The worst virus I ever got was from the trustee of a major university who had no idea a virus had infected her system. Every time she sent an email, it would send a follow-on email containing the virus. It looked like she just had an added thought, and of course, I trusted her. Ultimately, it mangled 6 weeks worth of data before I was able to rid myself totally of its effects.
Frankly, I wasn't simply an innocent bystander here. My computer didn't recognize the virus for what it was, and it was only technical happenstance that I didn't pass it on.
So, let's ratchet it up a notch. If you type in www.some-web-site-name.com, say Yahoo or Google, the next technical step is for the web site to respond with "Okay, I hear you. Let's sync up." Then it's your computer's turn to say, "Cool. Now download your web page." And that's where the vulnerability lies.
At this point in the technical conversation, the web site reserves a slot for you, and if your computer doesn't respond, the web site just sits and waits. Keep sending these initial requests, and eventually all the incoming slots are filled up. New, legitimate requests have to be denied.
--
This scheme was employed in the "Denial of Service" attacks several years back. A teenager with a simple set of tools downloaded off the Internet was able to find a number of computers online, all the time. He loaded small programs onto each of them, and sent commands to send a mountain of initial requests. Among others, CNN's website was brought to its knees. And yes, the culprit was found, and the vulnerability patched.
But what about the computers which hosted the offending software? The owners had no knowledge of it. Yet, did they have a social responsibility to be sure that they were not used by persons unknown? Today, with cable modem access and DSL, our own personal computers - when turned on - are connected to the Internet at all times. How do we know our own computers aren't used for unsavory purposes?
I say it's our responsibility to make sure they aren't. And it's the software and hardware manufacturer's responsibility to enable us to make sure they don't. Simply and automatically.
And what shall we call this concept of social responsibility? Let's call it the first principle of Cyber-Civics 101.
I'm Moira Gunn. This is Five Minutes.
