cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Champion

Latest high-tech authentication method--snail mail

Facebook needs to comply with Canada's new laws regarding election ads.

 

So, to determine where a would-be advertiser is located, Facebook will send the advertiser a letter to a Canadian address containing a code required to run political ads.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
4 Replies
Community Champion

Re: Latest high-tech authentication method--snail mail

OM what will I do without seeing political ads on Facebook......LOL

 

thanks Rob.

 

Contributor I

Re: Latest high-tech authentication method--snail mail

This is very smart on the part of Canadians.  The principles of Trust No One (TNO) with out of band and multiple means of verifying identity is the way to go, especially in this age of escalating threat.

Respectfully,

Francis (Frank) Mayer, CISSP
Community Champion

Re: Latest high-tech authentication method--snail mail

I've already started my printing press with my forged document.

Contributor I

Re: Latest high-tech authentication method--snail mail

OK, that is a point, however, once you forge a document then that in itself creates more forensic evidence and more importantly now you need to use the standard hard copy postal system.  When you do this, law enforcement can prosecute you on mail fraud too.  The more you make things difficult and multifaceted the harder you make it for the malfeasant criminals and the easier you make it for law enforcement to prosecute. 

 

We need to treat Internet crime and all other bad behavior online as socially unacceptable as is violent crime and we need to prosecute it with vigor.  The government, specifically ARPA created the entire concept that lead to the Internet so their is no reason that the Internet cannot be regulated like Interstate highways, communications utilities, airlines, automotive vehicles, and many other technologies.  

 

Handling physical objects, like paper, means that the perpetrator has a higher likelihood of  leaving their DNA on it, such as a hair inadvertently left on the paper.     This is a good reference for Locard's exchange principle that shows it applies to digital and physical artifacts and I see goodness in policy that tries to make fraud harder to commit even if it is not perfect  https://www.sciencedirect.com/topics/computer-science/exchange-principle   

 

We all know that there is no such thing as a flawless solution.  We could make everyone get a six point verified identity smart card for any Internet access based on also submitting a DNA sample with advanced layered security features. Governments could mandate that a person would need to use this card as part of a two factored solution before they could even get online and then they would need to digitally sign all communication and e-commerce transactions by law.  If the major world governments agreed to lock down the internet this way and to strictly control all ISPs, they could mandate this kind of extreme solution.  Navy research lead to Tor as well. Therefore, the world's governments have the power to really lock down the entire Internet if they had the political will to do it.  Even then, it would impossible to execute exploits and subsequent fraud by any means and we all know this fact.   

 

Canada's modest step is much more realistic and acceptable.  I think it is at least a reasonable effort to address the problem.  I think that we as professionals need to come up with how we feel we could address the problem in a better way.   Like a boss I had once said to me, it is easy to throw stones.  He mentored me to realize that when professionals point out problems we need to have good solutions and recommendations to go along with the criticism. 

Respectfully,

Francis (Frank) Mayer, CISSP