There are many companies that choose to ignore the risks associated with computer crime and, even worse, ignore the wonderful defensive tools that are available. Lisa mentioned Pseudo-One, but they are only one example. I spent the remainder of our dinner conversation blasting the policies of Pseudo-One. After all, it was precisely to set such companies straight that I had chosen to take such an aggressive (and illegal) approach to EFT research.
Founded in 1994, Pseudo-One Incorporated provides a general shopping service over the Internet. The company is moving forward at full-steam with very little consideration for security. I have seen numerous posts on Usenet where the founders of the fledgling company make reckless comments about security, not to mention quotes in the print media that clearly express the company position. These comments point out that security is not equivalent to encryption, which is true enough. Security is a broader issue than encryption alone. Security includes encryption, but it also includes integrity, access control, policy, usage guidelines, and numerous other issues. This does not mean that security can be completely dismissed as a requirement for Electronic Commerce. Yet, strangely, this is what Pseudo-One executives seem to believe is a logical consequence of the limited scope of encryption. The non-sequiter leaves no room for rebuttal.
Many people don’t understand cryptology and wrongly assume that it can only be used to exchange secret messages and therefore is limited to spying. They incorrectly believe that if secrecy is not critical to their application then they have no use for cryptography.
On the Internet, when no special precautions are taken, it is quite easy for an impersonator to go undetected. IP-spoofing is not hard and several techniques are widely known. The Internet protocol, IPv4, has no support for authentication. Every packet contains the IP address of the source, but there is absolutely nothing to prevent a hacker from changing that address.
The Internet is uncontrolled and entirely insecure. Pseudo-One spokes-people readily admit this and even distribute information to advance this claim. Pseudo-One seems to have adopted the position that because the Internet is so prone to dishonest behavior, there is little point in trying to stem the tide. But to take this attitude is to completely overlook the power of the tools readily available today. Recent advances in cryptology have put the cryptographers at a clear advantage over the cryptanalysts. The cryptographer, acting in a defensive posture to protect information, has stronger algorithms available to him than the cryptanalyst, acting in an offensive posture attempting to crack those algorithms. There are several algorithms that are publicly known for which there are no known attacks that come close to cracking the algorithms. Moreover, these algorithms come in various forms and are extremely easy to implement, allowing one to achieve various design requirements. They can be used to protect data from eavesdropping, to protect data from tampering, to exchange keys, to produce digital signatures, to produce digital finger-prints, etc. To ignore these useful tools and instead rely upon a policy of “hang on and pray for the best” is to do a disservice to one’s customers.
Part of the reason that Pseudo-One has been as successful as they have is that they guarantee financial protection to their customers. If there is any breach in security (not a very big “if” by the way), then Pseudo-One will bear the cost. To limit their own risk, Pseudo-One buys insurance. In the target-rich environment of the Internet, this is a reasonable business strategy. With so many targets for hackers to choose from, what are the odds of Pseudo-One being singled out?
Well, the odds are frightening when one considers that 20% of Internet sites had security breaches in the past year, and 30% of those were after firewalls were installed.
The fatalistic acceptance of a dangerous situation, taking comfort in the safety of numbers, is the same approach taken by the rabbit Cowslips and his followers in the story Watership Down. Hazel, Bigwig, Fiver, and the other rabbits of Watership Down had the sense to leave Cowslips’ warren and seek a better existence. The lathargic and defeatist path taken by Cowslips was foreign to the thinking of the more enterprising and pioneering spirit of Hazel’s rabbits. One hopes that Pseudo-One has as much trouble attracting new followers as Cowslips did. Why? Mainly because the “hang on and pray” approach has inherent inefficiencies. These inefficiencies lead to greater costs which ultimately must be born by both consumers and merchants. And there is no need for it. Instead of paying a middle-man to redistribute costs evenly over the entire market whenever there is an attack, why not simply prevent such attacks in the first place? Too expensive? Nope, less expensive; there is now a tight upper bound on the damages — not only a bound on the damages for any one individual, but also a limit on the damages for the entire industry.