Author: Dr. Phillip Hallam-Baker
Publisher: Addison-Wesley Professional (www.informit.com/aw)
Published: December 2007
ISBN-13: 978-0-321-50358-9
ISBN-10: 0-321-50358-9
Format: Hard cover, 456 pages
Price: $29.99
Building a more trustworthy Internet
Dr. Phillip Hallam-Baker is well-qualified to have penned the book "The dotCrime Manifesto: How to Stop Internet Crime." As a member of the CERN (European Organization for Nuclear Research) team that created the original Web specifications, he contributed to the design of HTTP, the core protocol of the World Wide Web. In addition, he was employed as the first Principal Scientist at VeriSign Inc., which defined the Internet infrastructure that allowed for the development of online retail stores and banks. [Note: CERN is an acronym for the French Conseil Européen pour la Recherche Nucléaire]
The content of "The dotCrime Manifesto: How to Stop Internet Crime" has been divided up into four major sections.
The opening section of the book sets the Internet crime scene for us. This is where Hallam-Baker presents details of the sorts of problems we are currently facing and the reasons why these problems haven't yet been eliminated. It might come as a surprise to some readers that Hallam-Baker takes the stance that "technology only plays a minor role" in online crime. His reasoning is that "money is the motive; people are the cause. You don't need to be a technology expert to understand how these crimes work; the typical Internet criminal is not a technology expert."
The next major section of "The dotCrime Manifesto: How to Stop Internet Crime" is devoted to finding practical solutions to the types of Internet crime that were introduced in the first section of the book. For instance, there are chapters here that discuss techniques for combating spam, dealing with phishing, and tackling the problem of networks of computers controlled by criminals (botnets). The significance of spam and botnets should not be underestimated since Hallam-Baker views them as the "two principle engines of Internet crime."
The third section of the book is titled "Tools of the Trade" and consists of just two chapters. The first of these chapters investigates, in depth, the use of cryptography, with Hallam-Baker quick to point out that while cryptography should be regarded as useful; it is certainly not a panacea. He cleverly likens it to cement in that "cryptography is a powerful tool that almost every architect will employ in some fashion in almost every building, but there is much more to architecture than the correct use of cement, and few buildings that are constructed entirely out of cement have won public praise and affection." The second chapter in this section of the book looks at different technological mechanisms that enable trust to be established on the Web. Examples of just two of the topics put under the spotlight here are digital certificates and XKMS, an abbreviation for XML Key Management Specification.
The fourth and final section of the book investigates the actual technical architecture underpinning the accountable Web. Earlier in his book, Hallam-Baker talks about the idea of The Accountable Net, namely, that the "key to stopping Internet vandals and spam is to restore accountability to the Internet." For instance, to overcome spam, accountability must be restored using a strategy that combines authentication, accreditation, and consequences. Six of the eight chapters in this section respectively focus on the following layers of security infrastructure: secure transport; secure messaging; secure identity; secure names; secure networks; and secure platforms. The second last chapter of the book discusses the important role that the legal system can play in reducing Internet crime while the final chapter of the book is where the title of the book is explained in detail. "The dotCrime Manifesto" is a plan of action that has been devised to stop Internet crime.
The last dozen or so pages of the book are taken up with suggestions for further reading plus a list of references to material used throughout the book. Hallam-Baker informs his readers that his choice of additional reading matter is not exhaustive because, as he explains, there are lots of books available on the subject of Internet security. Instead he has based his selections on those books that he considers his readers will find particularly useful. To make it easier to find extra reading material, he has organized his offerings into half a dozen categories. They are security principles; the history of cryptography; cryptography itself; Internet safety; the history of Internet crime; and security usability. The references supplied, organized by chapter, cover a diverse number of information sources including news articles; Web site content; journals; books; essays; talks at conferences; government working groups; editorials; and even an MIT thesis.
If, after reading this review, you are still undecided as to whether or not it is worth your time to read this book, consider the following sobering statistic, plus a warning, put forward by Hallam-Baker in the opening chapter of his book:
"By the last count, I receive more than 2,500 criminal e-mails a day. These criminals want my money; they want your money. How are we going to stop them? The first step toward finding an answer is to understand how the crimes work. Knowing how Internet crimes work will do little to reduce the number of victims: it will only take a little longer for the criminals to find them. It is, however, the best way to make sure you do not become the victim."
The entire first chapter of the book, simply titled 'Motive", is available for downloading, in PDF format, from the site of the book's publisher "Addison-Wesley Professional" (www.informit.com/aw). In that particular chapter, I was immediately drawn to Hallam-Baker's discussion of a variety of emerging threats including spyware; terrorism; espionage and warfare; pedophile rings; and offline safety. On that last topic, he cites the example of online dating where the "real safety concern is not what happens online. There are few places safer than the Internet; risks to life and limb occur only if the participants meet offline. Online chat rooms can result in emotional injuries, but there is no risk of physical harm unless online activities cross into the offline physical domain."
An outstanding feature of "The dotCrime Manifesto: How to Stop Internet Crime" is its high level of readability. Today, far too many technology titles are hard going either because too much jargon is used inappropriately by the books' authors, or because many authors, whilst they themselves may be technology competent in the subject matter under discussion, can't, or simply won't, write in such a manner that provides understanding to as wide an audience as possible. The fact that this particular book is easy to read is not an accident. The book's author, Dr. Phillip Hallam-Baker, has consciously adopted five principles to ensure that his writing always remains clear and straightforward. For instance, his explanation of the purpose of the fifth principle is as follows: "where a term is not widely used outside a specialist clique and is not self explanatory without reference to other jargon terms, I avoid it. In particular, I make a point of avoiding the hacker jargon leet speak. The point of leet speak is that it allows cliques to show each other how clever they are through use of a private code."
Hallam-Baker sums up the situation perfectly when he states that "word games can be fun, but we won’t beat the criminals if we allow them to choose the rules and the game. I was recently in a meeting where a speaker had a cute term for every Internet crime imaginable. The next morning they were all forgotten." Such a common sense approach to writing technology titles as adopted by Hallam-Baker is to be lauded, and hopefully, other IT authors too will commit themselves to delivering their finished work in the same manner.
In concluding this review, the question must be asked: "Who should read this book?" The answer: "Anyone who uses the Internet!" But if you do read it, and I highly recommend that you do, be prepared to be alarmed at what is revealed to you. Hallam-Baker warns us that "Internet criminals appear to run amok unimpeded." Nevertheless, there is still hope because he has written his book so that we can "tip the scales back in our favor and that the fight is a winnable one."