BBC News UK Edition
 You are in: Science/Nature: Specials: Washington 2000  
News Front Page
N Ireland
Talking Point
Country Profiles
In Depth
BBC Sport
BBC Weather
Tuesday, 22 February, 2000, 12:03 GMT
Encryption for all
By BBC News Online's Kevin Anderson in Washington DC

Susan Landau does not go anywhere on the web, does not buy anything online and does not say anything in a chat room that she would not want seen on the front page of her local paper.

She has long been concerned about privacy, and as more information and communication has become electronic, she has transferred that concern to all things electronic from mobile phones to the internet.

But Ms Landau is no ordinary internet user. She works for Sun Microsystems, the company that according to its own advertisements puts the dot in dot com. The company's servers and software run many high profile websites.

"If I don't want it broadcast in public, then I don't do it on the net," Ms Landau said at the annual meeting of the American Association for the Advancement of Science conference (AAAS).

She was part of a panel discussing encryption, the practice of encoding information.

Many believe that encryption is key to the success of the information economy because it provides for privacy, a certain level of anonymity and also authentication of identity.

Slow adoption

But the widespread use of encryption has been hampered by a lack of consumer demand, which many on the panel put down to a lack of understanding.

Many people do not understand that sending e-mail is about as secure as sending a postcard, said Deborah Hurley, directory of the Information Infrastructure Project at Harvard University's Kennedy School of Government.
Encryption big brother
There are civil liberties at stake over who controls encryption
"Anyone with a modicum of skill can go in and read it," she said.

There are times, as with the paper post, that we wish our electronic communications to remain private, she said, adding: "That is an immediate place where an average person could benefit from cryptography."

"And most people think when they surf the web that it is an anonymous activity, but it's not in the least," she said.

Most websites track the websites that you have already visited, what pages a visitor looks at on their site and how long visitors look at certain parts of the site, she said.

And in the US, unlike most European countries, this information can amassed, analysed and combined with your financial information, your medical records, your credentials and your biometric information, such as iris scans or DNA information, and sold to anybody, she said.

"If they use encryption, people can have more anonymity," she said.

She suggests that computer security be taught to students in primary and secondary school as part of any normal computer science curriculum.

Digital identity

But encryption provides not only security and privacy but also authentication. Public key encryption can help verify a person's identity and the source of information on the internet.

Whitfield Diffie is one of the father's of so-called public key encryption. In conventional cryptography, one key is used both encrypting and decrypting.

Mr Diffie developed a two-key system, but knowing one of the keys would not compromise the security of the other key.

In this system, a user has both a public and secret key. The public key is often uploaded to a public directory or attached to a piece of e-mail.

If someone were to encrypt a message with another user's public key, only the recipient would be able to decrypt the message using the secret key.

If a person was to encrypt a message with the secret key, a user could use the sender's public key to decrypt the message and be assured of the identity of the sender.

"In that way, it acts like a signature because only one person can create messages but many people can verify that the messages came from that one person," Mr Diffie said.

Public key encryption allows two things:

  • a much improved method of arranging for private confidential communications between people who may have not had any previous contact, such as over the Internet
  • a mechanism that does a remarkably good job of duplicating the function of written signatures on paper documents.
Securing the net

Mr Diffie said that encryption used for authentication could be used to improve the overall security of the internet, including stopping attacks such as the recent distributed denial of service attacks, which took down several high-profile e-commerce sites.

Once the attacks were launched, very little could have been done to stem them "at the sharp edge of the attack".

The utility of cryptography relies on it being applied at the right place, he said.

"The place the cryptography could have done a lot of good has to do with authenticating computer programmes that were installed on computers of inadvertent intermediaries in the attacks," he said.

Administrators could configure their machines not to install code from untrusted sources, thereby stopping the attack before it started.

The BBC's Pallab Ghosh
Secrecy surrounds a new US unit set up to fight cyber crime
Kevin Anderson
The fear is that people simply do not understand the issues
See also:

20 Feb 00 | Washington 2000
05 Mar 99 | E-conomy
26 Aug 99 | Science/Nature
Links to more Washington 2000 stories are at the foot of the page.

E-mail this story to a friend

Links to more Washington 2000 stories

© BBC ^^ Back to top

News Front Page | World | UK | England | N Ireland | Scotland | Wales |
Politics | Business | Entertainment | Science/Nature | Technology |
Health | Education | Talking Point | Country Profiles | In Depth |