The “hang on and pray” attitude works well for lawyers and insurance agents, but what about consumers? If one company on the Internet is hit with a major loss due to a hacker, that particular company loses and the other companies all breath a sigh of relief, but as a group, consumers lose any time any company is hit.
In press releases, Pseudo-One does a nice job of pointing out the vulnererabilities to commerce over the Internet:
- the Internet is the most open networking environment imaginable with no safeguards designed into it;
- impersonations on the Internet are easy;
- intercepting and re-routing messages is easy;
- anyone with an established brand identity on the net needs to worry about attackers tampering with the presentation of information associated with that brand;
- and any point-to-point security system based upon cryptography will require a secret key stored on a machine and therefore is vulnerable to security breaches on that machine (e.g. a virus, a password sniffer).
Curiously, these are used as reasons not to address security. Instead, after pointing out that the environment is very hostile, Pseudo-One relies upon an e-mail call-back feature to obtain a secure communication channel. If impersonations and re-routing of messages are easy, as Pseudo-One agrees they are, then an e-mail call-back feature is rather pointless.
Because the problem seems insurmountable, the company has thrown in the towel and opted for the inefficient solution. Better to have an inefficient solution than to completely forgo electronic commerce. Yet, anybody that has studied modern cryptology knows that privacy, integrity, authenticity, and accountability are all properties that can be achieved, provided one is careful and makes proper use of the science of cryptology.
There is no need to rely upon an e-mail call-back feature, which has very little value, and claim that this is sufficient, all the while complaining that the Internet is a hostile environment that cannot be trusted with sensitive information in any form. To state that any information that is too sensitive to appear in the clear on the Internet is also too sensitive to appear in encrypted form, is to completely ignore hundreds of years of science in cryptology, and to ignore the past couple of decades in particular. In the years following the second World War, advances in cryptology have paralleled advances in complexity theory. As mathematicians and computer scientists have learned to better qualify and measure the complexity of mathematical problems and algorithms, they have been able to apply this to cryptology so that today we can qualify, in a meaningful and precise way, the difficulty in cracking a given encryption algorithm. Thus, when we refer to “strong” cryptography, we have a formal definition behind the phrase. Therefore, given an encryption scheme, complete with key lengths and a message protocol, it is quite reasonable to make qualitative and even quantitative statements about the level of confidence in the scheme.
Certainly there are examples of data that is too sensitive to be sent in the clear over the Internet and yet can be exchanged with confidence in a well-studied and well-understood cryptographic system. The emerging credit-card payment system is an example. Nobody would place their credit-card number in the clear on the net (unless they are quite naive) yet there is reason to believe that the Secure Electronic Transactions (SET) protocol will do an adequate job of protecting such information.
Provided I have ample opportunity to study the encryption program, and know that others more knowledgeable than I have also studied it, and provided I am confident that the system has safeguards from viruses and poor management policies, I would trust modern cryptographic methods with my (small) fortune. Because SET, IPv6, and other Internet security protocols are open to public inspection, I have good reason to trust them. This is why I become frustrated when companies like Pseudo-One turn their backs to these protocols, and furthermore, preach to the general public that the problem is unsolvable. This last stance is fraudulent. I explained to Lisa that this, more than anything else, is what drove me to take it upon myself to study electronic commerce and the protocols that support it: my goal is to demonstrate the feasibility of strong security on the Internet. If corporate America is unwilling to pay for strong security, however economical it may be, then I will work from the “outside”, learning about electronic commerce through passive eavesdropping. Mostly passive anyway; I was forced to agree when Lisa reminded me that I had copied and re-inserted messages into the transaction stream between two banks.
I did my best to control my emotions as I continued to vent my feelings. It is not just Psuedo-one that spurns modern cryptographic solutions. Most corporations, large and small, while claiming to be concerned, take the same stance. The position adopted by by these companies is naive and ignorant at best; callous and disrespectful at worst.
Telephone companies are an excellant example. Every year millions of dollars are spent monitoring cell-phone usage patterns in an effort to recognize a cloned phone. When there is a sudden change in the calling pattern, the cell-phone company discontinues the service on that phone. The customer is forced to bring his or her phone into a service center to have the phone reprogrammed for a different phone number. Then the customer must notify all his or her friends and business associates that the number has changed. Then, if the phone actually was cloned, when the phone bill arrives it is usually for some astronomical amount. The customer is typically asked to pay the bill until the matter can be “sorted out”, at which point a credit is issued.