Bruce Schneir has a fascinating piece on Internet Quarantines.
The short of it: If an ISP finds that a computer getting online through its gateway is infected with a virus and is spreading it, that ISP could close down the cable modem of that computer’s home or business network and keep them offline until the problem is solved.
There’s the technical problem–making the quarantine work in the face of malware designed to evade it, and the social problem–ensuring that people don’t have their computers unduly quarantined.
No doubt we’re on the way to quarantining in the background (self-healing?) with operating systems that update themselves and applications that send manufacturers information about the environment they’re running in.
The social problem is the one that interests me and Bruce discusses it:
Who gets to decide which computers to quarantine? A software vendor (Microsoft for example) might want to quarantine all computers not running legal copies of its software.
What if someone uses their cable modem for voice over IP telephone calling and that’s their only means of making and getting calls? Take them offline for a virus and you’ve made for a potential disaster when they can’t call for help when they fall down.
What if someone gets quarantined by mistake? What will their recourse be?
Public health is the right way to look at this problem. This conversation–between the rights of the individual and the rights of society–is a valid one to have, and this solution is a good possibility to consider.
Quarantining is a form of social engineering and as we’ve found out with attempting to change the whole to protect the part (ADA, Affirmative Action, etc.) that things get messy. This doesn’t mean that social engineering is a bad thing to do or that quarantining isn’t something to consider to make for a safer/cleaner internet, just that it might get a bit messy downstream.