[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SciAm's Crypto Stego Pushup

Scientific American, November, 1995

Doing Business on the Net

By Anne Eisenberg 

Like the leaves of autumn, those resolutely noncommercial
days on the Internet when ads were anathema are dwindling
fast. Nowadays the Internet's World Wide Web has so much
commercial promise that it has spun off an association
called the HTML Writers' Guild (http:
//www.mindspring.com). You can hire one of its members
literate in Hypertext Mark-up Language (HTML is the
language of the Web) to create dramatic "home pages,"
sites on the Web where a growing number of businesses
advertise their wares. "We're there for the same reason
we have banks in malls," one Citibank executive
explained. "It's where people congregate."

Web ads are quickly evolving into arresting combinations
of sound, text and vivid, point-and-click picture links
called image maps. Computer science students who were
once stern critics of business on the Net now eye the ads
appreciatively, so long as they are not "in your face" --
inserted where people have no choice but to look at them.
Besides, commercials may one day pay for Net services,
much as they now underwrite programs on radio and
television. And the ads are convenient: click on the
icon, read about the product and order, all in one step.

Many companies arc poised to put not only advertisements
but entire catalogues on the Web as routinely as they now
list their services in me Yellow Pages. After all, if
e-mail could hatch a generation of letter writers by
eliminating the bother of envelopes and stamps, surely
commerce should blossom when paper catalogues fall, and
we all start buying straight from the screen.

For business to thrive, though, people will need a secure
way to pay and be paid on the leaky Net, where messages
containing credit-card numbers can be intercepted as they
travel from machine to machine. And all those prospective
shoppers, entrepreneurs and micromerchants will want not
only secure payment mechanisms but also a choice -- cash,
check or charge -- before they hit the convenient,
brightly colored order links. Inspired by a vision of
untold millions buying and selling on the Net, companies
and banks (among them Chase Manhattan, Citibank,
CyberCash, DigiCash, Mondex and Microsoft) have joined
what is being called the Gold Rush of 1995, as they race
to become the Great Central Biller in the Sky.

No victors have yet emerged, but early leaders are
probably going to provide security in the form of
public-key, (PK) cryptography, ingenious algorithms that
use pairs of unique numerical "keys" for encoding and
decoding messages. If you use PK software for an online
shopping trip, you will have your own pair of keys, one
public and one as private as the identification number
you use to get cash from an automated teller machine.
When you order, your program will automatically encrypt
the information with your private key. When the company
uses your public key to decode the order, it will know
without question that the message was generated by you --
the match is the digital signature that authenticates the
transaction. Companies in turn will encrypt messages to
you with your public key; the messages will be secure,
for only you can decrypt and read them, using your
private key. Netscape and other new Web browsers --
software that lets you travel to linked Internet
resources without typing complicated addresses -- are
known as encrypting browsers; they are ready to help you
shop securely on the Net. Some will even come with
built-in PK signatures.

Whether the cryptographically cloaked digits of e-money
will bestow privacy in addition to security is another,
far more contentious matter. When people start using
e-wallets instead of cash to rent a video or lend a
friend $20, fertile new areas for infringing on privacy
will bloom. Electronic dossiers can be compiled by
automated systems that track spending habits. Many people
will not want the details of their daily lives collected
and stored in, say, consumer preference data banks,
joining the folders that already document their health
and credit ratings.

Only a few of the emerging electronic payment systems
address privacy issues. The untraceable digital cash
closest to hand is probably Chaumian cash, named in honor
of David Chaum, founder of DigiCash and of the
cryptographic protocols that underlie his anonymous
digital-money technology. Chaum's patented e-cash is an
adaptation of PK cryptography that includes one-way
privacy for the payer. The bank can verify that the money
is genuine but is blinded from identifying the source.
This means you will be able to prove you have made a
payment when you need to, but the bank cannot flick a
switch to retrieve the records of your travel and
entertainment preferences and add them to its data-mining

The terminology of electronic commerce reflects the clash
of cultures that has come about as the youthful language
of the Net meets the austere discourse of banking. The
jaunty "e-" prefix has attached itself firmly to Nettish
talk of the e-wallets and e-purses that we will soon be
using to make our e-payments. But bankers resist this
linguistic cheeriness. They substitute "digital" for
"electronic" whenever possible and never shorten it to
"d-" when they speak of the digital time stamps and
digital signatures they will soon offer us to
authenticate our digital payments. And cryptography
(known affectionately as crypto on the Net) is still a
four-syllable word at the bank, where it is against
nature for managers to be linguistically fond of any
action that commits them to untraceable communications
and exchanges.

We will know the new, hybrid field of electronic commerce
is truly on its way when banking ads on the Web offer
"strong crypto" and even, as a backup, steganography (the
science of hiding the existence of messages in, say,
microdots or sound files) for telephone chats with loan
officers. On the Net, of course, this service is already
known as stego.


Anne Eisenberg ([email protected]) conducts her
e-business at Polytechnic University in Brooklyn, N.Y.