Date: Feb 04, 2002 Author: Kevin Henson Source: Boston Business Journal
Although "information superhighway" is an overused description of the Internet, it's not altogether unfitting. Like many highways, the Web is littered with tacky billboards and questionable roadside attractions. If the Internet were a real highway, its major exits would be marked "West Beirut" or "South Chicago" - places where there is never a cop around when you need one.
Just like the real world, it is up to travelers to lock their doors, guard their wallets and assume there are bad people watching and listening.
Many people believe that only large corporations need privacy protection. This is not the case. The proliferation of file-sharing software and malicious "spyware" applications has led to the distribution of people's personal information, legal and criminal records, and corporate merger plans through the Internet.
There is an axiom in the security field - "If you wouldn't want to see it on a highway billboard, encrypt it."
This means five things to the average person. E-mail to correspondence with a lawyer, stockbroker or accountant should be encrypted. Stored or transported intellectual property should be encrypted. If disclosing information to a competitor would cause financial harm to either party, the information should be encrypted.
Encryption, if properly used, can prevent disgruntled ex-employees from taking information with them, or accessing it after they leave. The investment in information security should be proportional to that of the value of the data it guards.
The FBI claims that it only uses its e-mail-snooping Carnivore and the encryption password-stealing Magic Lantern to spy on foreign terrorists. But "friendly foreign governments" are willing to use national assets to assure economic security. Western democratic countries like some in Europe are willing to spy on business travelers to give their domestic companies an edge in the global marketplace.
There also are highwaymen - high-tech criminals - who use a variety of tools like viruses, worms and encryption crackers to steal money, identities and corporate secrets. It is widely suspected that these cybercriminals have their own intrusive versions of Carnivore and Lantern, and the motivation to use them.
Depending on the built-in protections offered by networks and software providers, one has the same level of security as pushing a wheelbarrow full of cash through the Bronx after dark.
Now for the good news. There are low-cost steps people can take to prevent privacy invasions, identity-theft and fraud.
Use good antivirus software, keep it up to date and run a thorough scan weekly. Use a good personal firewall, not the one provided with your new computer. If you send messages or keep files you don't want someone else to see, encrypt them with strong encryption and store them in encrypted folders.
Unencrypted information can be read by anyone who's interested in reading it. Its only privacy is in the fact that it is surrounded by lots of other information and takes a sorting system like Carnivore to find it.
Strong encryption is a mathematical means of scrambling content in such a way that an unintended receiver is unable to read the message.
Encryption is similar to a real-world lock, the more complex the key, the longer it takes to try all the possibilities and open the lock. The 32- and 40-bit encryption used on wireless devices and commercial software can be cracked in real time. The 56- and 64-bit standard systems can be cracked in minutes or hours with a mid-sized computer network.
Today's generation of strong 128-, 256- and 512-bit encryption systems is more difficult to crack. In 1999 it took seven months and 212 PCs to crack a popular 512-bit encryption standard. Progress has been made in computational science since 1999, but exact figures on how long it would take to crack a 512-bit key are sketchy. Estimates range from as little as a week to as much as three months. According to RSA Security Inc., a manufacturer of encryption technology, a key size of at least 768-bits is required to assure security.
Locks keep honest people honest. Encryption keeps private information private. It is up to each person to judge the value and exposure of their personal information and the information entrusted to them by others. So with a combination of antivirus software, firewalls and strong encryption, you'll be safe - even in South Chicago.
