US holds key to Net security

PUBLISHED : Thursday, 30 November, 1995, 12:00am
UPDATED : Thursday, 30 November, 1995, 12:00am


Related topics

A FEW years ago, the only people who were concerned about the Internet were the scientists, academics and students who used it.

The Internet today is rapidly being taken over by those with more commercial interests and words like protection, security and authentication are being heard far more frequently. This is understandable because many businesses see millions, perhaps even billions, of dollars of potential commerce flowing down the wires of the World-Wide Web.

This will not happen, we are told, if the merchants think it could easily be compromised. The one word that makes people shudder is hacker.

It is rather odd that there are those so afraid of the security of the Internet when every day people send credit card information in the most casual way.

We read the details out over the telephone and we even fax them to companies on the other side of the world when we want to buy something. Why, then, should we worry about the Internet? The average user of the telephone or the fax is not someone who could or would even be interested in tapping into somebody else's line. The technology to listen in on other people's telephone conversations, or receive copies of faxes, is not difficult to acquire or learn to use.

It is, in fact, being done by various groups and organisations, both official and not so official.

There is, however, no culture of phone tapping in the way that there is a culture of hackers and crackers. Many of the great things that have been done with computers have been done because of a handful of mostly young men who were quite happy to stay up all night to work on a project.

They are known as hackers among the cogniscenti and are often viewed as great geniuses who can do wonderful things with computers, usually at the lowest and most difficult level of the machine.

There is, unfortunately, a separate group of hackers who derive great fun out of breaking into other people's computers, sometimes just to look, and sometimes for more nefarious purposes.

These people are called crackers by those who wish to preserve the meaning of the older term hacker.

The question must be: should we be worried about crackers breaking into computer systems and obtaining sensitive information? The answer, as with so many things in this world, is not so simple.

For the most part, the answer is 'no, we need not worry'. There is a little proviso. With a little help from the US Government, there would be no worry at all and the millions and billions could start flowing on the ether tomorrow.

The key that the US Government holds is quite literally an encryption key. There are various schemes that would be perfectly adequate in protecting our data from any intruder, if - and here comes the bad news - the US Government would let us use them.

The Internet, as many people have probably learned by now, began in the chillier climate of the Cold War and was specifically designed so that information could be exchanged after a nuclear attack on the US. In the same spirit of the Cold War, all encryption schemes are classified as military secrets and are not allowed to be given to foreigners (from an American point of view, of course).

One of the best available secure systems today is something called PGP. This stands for 'pretty good privacy'. This is an excellent public key encryption scheme and is based on the best available mathematical algorithms we have.

It is freely available on the Internet to anyone who wants it. There is one small problem: it is illegal to use it outside of the US. This means that although I can get it and use it to encrypt a message to a friend of mine in England, or indeed the US, it is illegal.

The US Government can do little about what an individual does, but it can stop companies. This means that corporations will not be able to use it until the US Government relaxes the law.

The good news is that many important people are trying to change the mind of the US Government. The computer industry is almost united in its attempts to persuade government officials that relaxation is the key to big bucks for America.

It is difficult to believe that the US Government will stand in the way of such an enormous business opportunity. The history of the US has rarely been such that business has suffered. The moment the law is relaxed, we can expect to see an explosion of business on the Internet and Hong Kong will be right up front.