[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Article from March Scientific American




From Scientific American, March 1994, pages 90 - 101.

This is not the whole article, just the part pertaining to up
(reprinted withut permission) please excuse any spelling errors!

-------- cut here --------
Parker = Donn B. Parker, SRI International
Denning = Dorothy E. Denning, Georgetown University
Ware = Willis Ware, Rand
Ranum = ??
Farber = David J. Farber, University of Pennsylvania
Spafford = Eugene H. Spafford, Purdue University
 
  If passwords should traverse the Internet only in encrypted form, what 
about other sensitive information?  Standardization efforts for 
"privacy-enhanced" e-mail have been under way for more than five years, 
but widespread adoption lies well in the future.  "The interoperability 
problem is nasty," Ware says, unless everyone has software that can 
handle encrypted messages, it is of little use to anyone.
 
  Encryption could provide not only privacy but authentication as well: 
messages encoded using so-called public-key ciphers can uniquely identify 
both recipient and sender.  But encryption software in general remains at 
the center of a storm of political and legal controversy.  THe U.S. 
government bars easy export of powerful encoding software even though the 
same codes are freely available overseas.
 
  Within the U.S., patent rights to public-key encryption are jealously 
guarded by RSA Data Security, a private firm that licensed the patents 
from their inventors.  Although software enploying public-key algorithms 
has been widely published, most people outside the U.S. government cannot 
osse it without risking an infringement suit.
 
  To complicate matters even further, the government has proposed a 
different encryption standard, one whose algorithm is secret and whose 
keys would be held in encrow by law-enforcement agencies.  Although many 
civil libertarians and computer scientists oppose the measure, some 
industry figures have come out in favor of it.  "You can't have absolute 
privacy," Parker says.  "A democracy just can't operate that way."
 
  The question is not whether cyberspace will be subjected to legislation 
but rather "how and when law and order will be imposed," Parker says.  He 
predicts that the current state of affairs will get much worse before the 
government steps in "to assure privacy and to protect the rights people 
do have."
 
  Others do not have Parker's confidence in government intervention.  Ranum 
forsees an internet made up mostly of private enclaves behind firewalls 
that he and his colleagues have built.  "There are those who say that 
fire walls are evil, that they're balkanizing the Internet," he notes, 
"but brotherly love fall on it's face when millions of dollars are 
involved."
 
  Denning counts herself among the optimists.  She lends her support to 
local security measures, but "I don't lose any sleep over security," she 
says.  Farber, also cautiously optimistic, sees two possible directions 
for the Internet in the next few years:  rapid expansion of existing 
services, or fundamental reengineering to provide a secure base for the 
future.  He leaves no doubt as to which course he favors.  Spafford is 
likeminded but gloomier.  "It's a catch 22," he remarks.  "Everyone wants 
to operate with what exists, but the existing standards are rotten.  
They're not what want to build on."
 
  Even if computer scientists do redesign the Internet, he points out, 
putting new standards in place may be impossible because of the enormous 
investment in old hardware and software.  So much of the Internet rests 
on voluntary cooperation, he observes, that making sweeping changes is 
almost impossible.
 
  Then again, Ware counters, perhaps piecemeal evolution may be the only 
possibility.  No single organization understands the idea of a national 
information infrastructure well enough to be put in charge, he contends: 
"There's no place to go and say `Here's the money, work out all the 
problems.'  There aren't even three places, and I'm not sure there should 
be."
 
  In the meantime, the network grows, and people and businesses entrust to 

-------- cut here --------

-nate

--
+---------
| Nate Sammons  <[email protected]>  PGP Key and fingerprint via finger.
| Kill The Clipper. Question Authority. Encrypt everything in sight.
+---------