Front Page

UK

World

Business

Sci/Tech

Sport

Despatches

World Summary


On Air

Cantonese

Talking Point

Feedback

Low Graphics

Help

Site Map

Friday, January 16, 1998 Published at 08:30 GMT



Special Report

Encryption...beating the criminals
image: [ Can you read this...neither can anyone else ]
Can you read this...neither can anyone else

If there is one thing most Internet experts agree on, it is that online business has a great future.

Estimates of the future value of digital shopping malls vary widely but it is generally agreed that the one thing stopping most people from typing their credit card number into their computer, is the fear that someone, somewhere, could intercept it.

But there is a technology already available which would render those fears meaningless. The trouble is, most governments don not want you to have it. It is called encryption and it encodes e-mails to make them uncrackable.

The encryption debate has raged fiercely in the US between the government on one side, and the computer industry on the other.

Governments are worried about technology that allows people complete security. Publicly they talk about its benefits to criminals, pornographers, paedophiles, terrorists and spies, privately though, they may be more worried about the potentially devastating effect on their tax revenues if people are allowed to secretly transfer money anywhere in the world.

The US government was so concerned about encryption that it classified these programs as military hardware, severely restricting their export. However they were outflanked when one program, Pretty Good Privacy (PGP), was released on the Internet just before it was restricted.

Encryption works by using incredibly long algorithms to encode e-mails. One half of the algorithm (the padlock) is public, the other half (the key) you keep to yourself.

Use of encryption is simplicity itself. The person e-mailing you encodes the message using the padlock, and only you have the key to decode it.

In September the US Congress rejected amendments to a bill entitled SAFE (Safety And Freedom through Encryption.) which would have allowed encryption into the public domain. However the amendment and the bill would have granted the US Government access rights, including depositing the key with a third party (key escrow) which horrified the online community.

But in the UK, the Department of Trade and Industry is preparing to release a consultation paper on encryption, which is thought to back the use of 'Trusted Third Parties' for key escrow. The policy is not Labour's, it dates back to the previous Conservative government, but already similar battle lines are being drawn in the UK.

"It is vital for electronic commerce that we have access to strong cryptographic algorithms," says Jonathon Sowler, services director for London computer security company JCP. He has major reservations about the 'trusted third party' policy. "Fraudsters and terrorists will not put their keys into escrow," he said. "It is difficult to see how legislation will be framed to enable escrow to work."

The government is being urged by many observers to leave the issue of encryption well alone. Chris Sundt, the chair of the CBI's Information Security Panel believes the issues need to be thought through. "The worst thing a government can do is put in too much legislation too soon."

The Department of Trade and Industry will be releasing its consultation document on Encryption, and the use of Trusted Third Parties for key escrow, early in 1998. But until that happens most computer professionals believe people should not panic about online crime.

"There's a lot of noise spoken about giving out credit card numbers over the Internet," says Mr Sundt. "But ultimately it is easier for a criminal to steal your number from a restaurant, or by tapping your telephone."

And Bob Melville, lecturer in information security systems at City University in London, believes that the threat from computer crime is over-rated: "like teenage sex, computer crime is more talked about than done." he said.


 





Back to top | BBC News Home | BBC Homepage

©

[an error occurred while processing this directive] [an error occurred while processing this directive]
  Relevant Stories

15 Jan 98 | Talking Point
Analysis: Free speech key to encryption debate

16 Jan 98 | Special Report
Police baffled by computer crime

16 Jan 98 | Special Report
Criminals get free run on the net

12 Jan 98 | Business
Cyber commerce poses a taxing question

29 Dec 97 | Sci/Tech
Straw to tackle cyber crime

23 Dec 97 | Sci/Tech
'Cybercops' fight to clean-up Net

 
  Internet Links

Encryption policy resource page

The International Pretty Good Privacy homepage

Department of Trade and Industry

JCP Security software company


The BBC is not responsible for the content of external internet sites.