Dark days on the Net.
Someday the Internet may become an information superhighway, but right now it is more like a 19th-century railroad that passes through the badlands of the Old West. As waves of new settlers flock to cyberspace in search of free information or commercial opportunity, they make easy marks for sharpers who play the keyboard as deftly as Billy the Kid ever drew a six-gun. Old hands on the electronic frontier lament both the rising crime rate and the waning of long-established norms of open collaboration.
It is difficult even for those who ply it every day to appreciate how much the lnternet depends on collegial trust and mutual forbearance.... Most people know, for example, that E-mail messages can be read by many people other than their intended recipients, but they are less aware that E-mail and other communications can be almost tracelessly forged - virtually no one receiving a message over the Net can be sure it came from the ostensible sender.
Electronic impersonators can commit slander or solicit criminal acts in someone else's name; they can even masquerade as a trusted colleague to convince someone to reveal sensitive personal or business information. Of those few who know enough to worry about electronic forgeries, even fewer understand how an insidiously coded E-mail message can cause some computers to give the sender almost unlimited access to all the recipient's files....
In the early days, only researchers had access to the Net, and they shared a common set of goals and ethics, points out Eugene H. Spafford of Purdue University.... A lack of security ... did not bother anyone, because that was part of the package, according to Dorothy E. Denning, a professor of computer science at Georgetown University: "The concerns that are arising now wouldn't have been legitimate in the beginning." As the Internet grew, however, the character of its population began changing, and many of the newcomers had little idea of the complex social contract - and the temperamental software - guiding the use of their marvelous new tool.
By 1988, when a rogue program unleashed by Robert T. Morris, Jr., a Cornell graduate student, brought most Internet traffic to a halt for several days, a dear split had developed between the "knows" and the"know-nots." Willis Ware of the Rand Corporation, one of the deans of computer security, recalls that "there were two classes of people writing messages. The first understood the jargon, what had happened and how, and the second was saying things like, 'What does that word mean?' or 'I don't have the source code for that program, what do I do?'"
Since then, the Internet's vulnerability has only gotten .... Moreover, as the Internet becomes a global entity, U.S. laws become mere local ordinances. In European countries such as the Netherlands, for instance, computer intrusion is not necessarily a crime. Spafford complains - in vain, as he freely admits - of computer science professors who assign their students sites on the Internet to break into and files to bring back as proof that they understand the protocols involved....
If the Internet, storehouse of wonders, is also a no-computer's-land of invisible perils, how should newcomers to cyberspace protect themselves? Security experts agree that the first layer of defense is educating users and system administrators to avoid the particularly stupid mistakes .... The next level of defense is the so-called fire wall, a computer that protects internal networks from intrusion. Most major companies have long since installed fire walls, and many universities are adopting them as well. Fire walls examine all the packets entering and leaving a domain to limit the kinds of connections that can be made from the Internet at large. They may also restrict the information that can be passed across those connections....
Encryption could provide not only privacy but authentication as well: Messages encoded using so-called public-key ciphers can uniquely identify both recipient and sender. But encryption software in general remains at the center of a storm of political and legal controversy. The U.S. government bars easy export of powerful encoding software even though the same codes are freely available overseas.
Within the United States, patent rights to public-key encryption are jealously guarded by RSA Data Security, a private finn that licensed the patents from their investors. Although software employing public-key algorithms has been widely published, most people outside the U.S. government cannot use it without risking an infringement suit.
To complicate matters even further, the government has proposed a different encryption standard, one whose algorithm is secret and whose keys would be held in escrow by law-enforcement agencies. Although many civil libertarians and computer scientists oppose the measure, some industry figures have come out in favor of it.... The question is not whether cyberspace will be subjected to legislation but rather "how and when law and order will be imposed," says Donn B. Parker of SRI International. He predicts that the current state of affairs will get much worse before the government steps in "to assure privacy and to protect the rights people do have."
Others do not have Parker's confidence in government intervention. Marcus J. Ranum of Trusted information Systems foresees an Internet made up mostly of private enclaves behind fire walls that he and his colleagues have built. "There are those who say that fire walls are evil, that they're balkanizing the Internet," he notes, "but brotherly love falls on its face when millions of dollars are involved."
Denning counts herself among the optimists. She lends her support to local security measures, but "I don't lose any sleep over security", she says. Farber, also cautiously optimistic, sees two possible directions for the Internet in the next few years: rapid expansion of existing services, or fundamental re-engineering to provide a secure base for the future. He leaves no doubt as to which course he favors. Spafford is like-minded but gloomier. "It's a catch-22," he remarks. "Everyone wants to operate with what exists, but the existing standards are rotten. They're not what you'd want to build on."
Even if computer scientists do redesign the Internet, he points out, putting new standards in place may be impossible because of the enormous investment in old hardware and software.
So much of the Internet rests on voluntary cooperation, he observes, that making sweeping changes is almost impossible.
|Printer friendly Cite/link Email Feedback|
|Publication:||The Wilson Quarterly|
|Date:||Jun 22, 1994|
|Previous Article:||The cultural consequences of the information superhighway.|
|Next Article:||Wired for what?|