A growing concern: information security
IT'S time to put hackers in their place.
Over a period of seven months, they have erased, altered, and stolen unclassified computer records from the Pentagon. In April, they pilfered an on-line copy of the National Security Agency's employee manual. If the North Koreans stole a government employee manual, we wouldn't worry. But because these break-ins were electronic, news organizations made a big deal and missed the larger point.
Computer security is threatened, not by two-bit hackers, but by a lack of security on the Internet and other networks. If these challenges aren't met, electronic communications won't gain the public's confidence, says Alan Blatecky, vice president of information technologies at MCNC, a North Carolina research consortium. He ticks off several problems:
* Authentication. The physical world is full of sounds and visual clues that identify people. On the Internet, ``how do I know it's you?'' Dr. Blatecky asks. The answer is: You don't.
* Authorization. ``How do I know what you are authorized to get?'' he asks. ``Not everything is open and free.''
* Data integrity. Has that message from you been altered before I got it? Internet users can't guarantee the authenticity of any message, Blatecky says. ``It's so easy to intercept it.''
* General security. How do you ensure that a message stays out of the wrong hands? Internet users often post private thoughts on public-discussion groups - thoughts that could get them into trouble if their boss, for example, saw it. Some security experts believe users will one day scramble their private messages. But encryption technology is not yet readily available.
* Privacy. This may be the biggest bugaboo of all. ``The amount of information I can get for an individual is enormous,'' Blatecky says. ``I can look at where you call, where you buy.... Put it all together and we are getting a far better description of you than you would imagine.''
Sound a little scary? Well, it is, and not just in some high-tech future, circa 2010. Our current phone-and-paper system has many gaping security holes too. Anyone with a Radio Shack scanner can listen to a conversation on a portable phone, says Allan Schiffman, a network-security expert in Menlo Park, Calif. ``People confirm $100,000 deals with a phone call. They make million-dollar deals with a fax. And they're not secure.''
One reason people are warier of the Internet is because it's newer. Another difference, Mr. Schiffman says, is that physical snoopers have to be nearby; on the Internet, they can pry from the other side of the world.
So what can be done? The Clinton administration is sidetracked on a fruitless debate over the so-called Clipper chip. The chip allows people to encrypt phone and data communications but gives law-enforcement agencies an electronic ``back door'' to listen in. Privacy groups and security companies oppose it. Lately, the administration has made conciliatory noises about changing its plans. After all, what crook is going to buy an encryption device if he knows the FBI can tap in?
The larger issue is how to improve the security of personal information. On-line and off-line, I want to know who I'm talking to and who is listening in. I'd like a crackdown on hackers, but I also want strict limits on how much personal information my supermarket, bank, and credit-card company can collect. And I ought to know how much of it my government can sift through. We're nearing 2010. Let's not turn it into 1984.
* Send comments to CompuServe (70541,3654), Prodigy (BXGN44A), or the Internet (laurentb @delphi.com).