Privacy, Anonymity and the Attack on Authentication Technologies.Early in the debate over encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. , I used to say that there was some good news about government policy: Strong authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. was probably ten times more important for secure networks than strong encryption An encryption method that uses a very large number as its cryptographic key. The larger the key, the longer it takes to unlawfully break the code. Today, 256 bits is considered strong encryption. As computers become faster, the length of the key must be increased. - and at least there weren't any governments trying to stop strong authentication. I was wrong. More and more, it looks as though many governments are taking steps that will stop strong authentication cold. Unlike the effort to control encryption, this policy isn't carefully coordinated or even fully thought through, but ironically it may yet prove to be more effective than encryption controls. This creeping regulation of authentication is a cloud on the horizon for the smartcard industry. Smartcards are increasingly being marketed as authentication and sign-on devices and many system software companies have begun incorporating smartcards for this purpose. Admittedly, none of the public and government criticism has -- so far -- involved smartcard products. However, the attacks on other authentication technologies are a worrisome trend for those who hope to see smartcards employed as a universal authentication feature in network architectures. Let's take two examples. Intel's new P3 processor contains a processor serial number that is unique to that chip. The processor can be set to reveal its serial number in response to an inquiry from the network. While this is not perfect authentication, it would certainly add to the security of networks in real ways. Network administrators could quickly and surgically deny privileges to a stolen laptop. They could add a serial number check to other log-on procedures to reduce the risk associated with compromised passwords. The serial number was a useful downpayment on the full- fledged fledge v. fledged, fledg·ing, fledg·es v.tr. 1. To take care of (a young bird) until it is ready to fly. 2. To cover with or as if with feathers. 3. authentication infrastructure that is needed to bring security to PC networks. Similarly, Microsoft incorporated into its software a method of identifying each document with a globally unique identifier A Globally Unique Identifier or GUID (IPA pronunciation: ['gu.ɪd] or [gwɪd] (GUID (Globally Unique IDentifier) A pseudo-random 128-bit number that is computed by Windows and Windows applications in order to identify any component in the computer that requires a unique number. ) that incorporates information about the machine on which the document was produced. The GUID makes it difficult to generate an anonymous document, at least as far as the network is concerned. This is not surprising. If a document were truly anonymous, the network wouldn't know where to store it after it had been edited. This feature, too, has security value. Shortly after it became widely publicized pub·li·cize tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es To give publicity to. Adj. 1. publicized - made known; especially made widely known publicised , it was used by volunteer sleuths to track the author of the Melissa virus A Word macro virus that was unleashed in the spring of 1999. It sent an e-mail message with a list of pornographic Web sites to the first 50 names in the user's Microsoft Outlook address book. and to link him to other Internet postings Were these prototypes of authentication welcomed as a small step toward more secure networks? Quite the contrary. Privacy groups attacked the new technology as soon as it was announced. And govemments quickly joined the fray fray 1 n. 1. A scuffle; a brawl. See Synonyms at brawl. 2. A heated dispute or contest. tr.v. frayed, fray·ing, frays Archaic 1. To alarm; frighten. 2. . The United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. took a restrained view. Although privacy groups importuned the Federal Trade Commission and state attorneys general to sue Intel and Microsoft, these agencies have held their fire. The same cannot be said of Europe. Even though the European data protection laws do not purport to regulate technology, several government agencies called in the technology companies and conveyed a simple message - do whatever it takes to disable To turn off; deactivate. See disabled. those technologies or face unpleasant government sanctions. For lovers of irony, the privacy community's attack on these technologies offers a rich lode. Privacy advocates led the fight against the FBI's effort to restrict encryption technology. In that fight, they claimed that technologists, not government, should determine what technologies are deployed in computers, particularly when the technology provides valuable security for responsible users. The FBI was restricting technology simply because it might be misused by a minority, they argued. Surely it was better to regulate the misuse than to deny everyone better security. User choice, not government mandate, should be the touchstone touchstone Black, silica-containing stone used in assaying to determine the purity of gold and silver. The metal to be assayed is rubbed on the touchstone, and then a sample of metal of known purity is rubbed on the stone right next to it. . When it came to authentication, though, these arguments went out the window. The serial number and GUID may be useful in making network users more accountable and secure, privacy advocates declared, but they could be misused by unscrupulous Web merchants to track users through cyberspace Coined by William Gibson in his 1984 novel "Neuromancer," it is a futuristic computer network that people use by plugging their minds into it! The term now refers to the Internet or to the online or digital world in general. See Internet and virtual reality. Contrast with meatspace. . Was the answer to regulate unscrupulous Web merchants? It was not; privacy advocates would only be satisfied when these capabilities were removed entirely from the hardware and software. And, backed by the threat of punishment by data protection agencies, the privacy advocates are getting pretty much what they demanded. What they want, in the end, is not to ensure user choice, but to prevent the deployment of authentication. Why? To preserve anonymity. Of course all of us value anonymity - at least sometimes. We all know the illicit thrill of doing or saying something to strangers that we wouldn't dare say inside more familiar circles. And in a politically repressive re·pres·sive adj. Causing or inclined to cause repression. environment, anonymous speech may be the only way to express dissent. But anonymity is a two-edged sword. In fact, it turns out that we may sometimes value anonymity for ourselves, but we almost always mistrust it for others. A signed love letter is flattering flat·ter 1 v. flat·tered, flat·ter·ing, flat·ters v.tr. 1. To compliment excessively and often insincerely, especially in order to win favor. 2. ; an anonymous love letter is creepy creep·y adj. creep·i·er, creep·i·est Informal 1. Of or producing a sensation of uneasiness or fear, as of things crawling on one's skin: a creepy feeling; a creepy story. 2. . Respectable newspapers rightfully refuse to publish unsigned unsigned Adjective (of a letter etc.) anonymous Adj. 1. unsigned - lacking a signature; "the message was typewritten and unsigned" signed - having a handwritten signature; "a signed letter" letters to the editor. And none of us would want to walk in a city where all the pedestrians were masked - or drive in a city where none of the cars had license plates. For exactly the same reasons, none of us would want to trust important information or transactions to networks full of anonymous, unaccountable users. Indeed, here's another irony: Authentication is particularly important as a way of protecting the personal data that we increasingly store on networks. After all, we don't put data on the network to keep it away from others. If we never wanted anyone to see that data, we'd just keep it off the network. What we really want when we talk about protecting the privacy of that data is to share it with some people and not with others. For example, when our personal financial information is available on a network, we certainly want that information to be protected by strong authentication so that only we - and authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: bank officials -- can access it. But if there's no way to tell who's using the network, who's accessing our data, then we can't tell whether or not our privacy expectations have been met. Privacy, it turns out, is a complicated concept, often quite distinct from anonymity, and the campaign to preserve a kind of mandatory anonymity risks sacrificing many important forms of privacy. The only way to protect our nuanced concept of privacy is to build an information infrastructure that allows all of us to choose between authentication and anonymity - not once and for all, but every day, perhaps even every hour or every transaction. And we can't make that choice if the technology that enables authentication has been driven out of our computers. So how can we get such an infrastructure? Certainly not by listening to extreme advocates of anonymity and assuming that they speak for us. More than anything, officials, companies, and individuals that care about network security have to join the debate. If we leave this debate to those who value only anonymity, then enforced anonymity is what we'll get. Until the public understands the importance of accountability and authentication - and the risks of excluding those tools from computers - introducing new authentication technologies will be fraught with risk. So speak up. Or get used to living in a city of masks. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion