fact, VeriSign exists on a foundation of trust that is assumed when you use and obtain its certificates.

This system might indeed provide the trusted third party for age authentication, and it fits with the public key infrastructure. The problem— and Simpson Garfinkel and others have pointed to this in the privacy debates—lies in the meta-aggregation that will come in the future. I will get that database; VeriSign sells data like that. I also will get the clickstream from all the porn sites, and interesting data mining techniques will be used to aggregate and combine these data to trace it back to me and say, “You were the person who did this.” There is widespread compromise on the server side—look at Egghead and CD Now. This is an uncontainable problem that you do not encounter until after the compromise has occurred.21

11.4 SUMMARY

There are many threats to the system I just designed.22 Compliance is a major issue, which the search engine industry is addressing to some extent. Bots will be required to crawl the Internet for server-side ratings implementation; anti-bots can be created to defeat compliance checking. Client-side Trojans, worms, and viruses all can be injected into this machine to modify the XML processor. If it has memory, then I can hack it. If it has a processor, then good reverse engineers can create a one-click compromise. Ratings can be stripped off of content, or interesting techniques can be used to create content that appears G-rated to the rendering engine but is actually X-rated. In the Secure Digital Music Initiative, they tried to watermark the content to control it; this was hacked within days. The same thing would happen here. Finally, you would face widespread dissemination of a one-click compromise created by one hacker. “Script kitties” enable people to click on an attack that someone else created to automate everything I described. The scenario is not very hopeful.

21  

David Forsyth said you could prohibit people from possessing certain types of data or using them in certain ways. You also could punish violators. But the chances of actually catching them might be very small. Someone could keep a database in a way such that it would be difficult to find.

22  

Herb Lin summarized the presentation as follows: To control distribution of content to only age-appropriate people, you would have to make many changes in the existing technology and policy infrastructure, going far beyond the issue of age verification for inappropriate content. This would offer some benefits but would not necessarily solve the problem.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement