Susan Landau does not go anywhere on the web, does not buy anything online and does not say anything in a chat room that she would not want seen on the front page of her local paper.
|
|
|
But Ms Landau is no ordinary internet user. She works for Sun Microsystems, the company that according to its own advertisements puts the dot in dot com. The company's servers and software run many high profile websites.
"If I don't want it broadcast in public, then I don't do it on the net," Ms Landau said at the annual meeting of the American Association for the Advancement of Science conference (AAAS).
She was part of a panel discussing encryption, the practice of encoding information.
Many believe that encryption is key to the success of the information economy because it provides for privacy, a certain level of anonymity and also authentication of identity.
Slow adoption
But the widespread use of encryption has been hampered by a lack of consumer demand, which many on the panel put down to a lack of understanding.
Many people do not understand that sending e-mail is about as secure as sending a postcard, said Deborah Hurley, directory of the Information Infrastructure Project at Harvard University's Kennedy School of Government. "Anyone with a modicum of skill can go in and read it," she said.
There are times, as with the paper post, that we wish our electronic communications to remain private, she said, adding: "That is an immediate place where an average person could benefit from cryptography."
"And most people think when they surf the web that it is an anonymous activity, but it's not in the least," she said.
Most websites track the websites that you have already visited, what pages a visitor looks at on their site and how long visitors look at certain parts of the site, she said.
And in the US, unlike most European countries, this information can amassed, analysed and combined with your financial information, your medical records, your credentials and your biometric information, such as iris scans or DNA information, and sold to anybody, she said.
"If they use encryption, people can have more anonymity," she said.
She suggests that computer security be taught to students in primary and secondary school as part of any normal computer science curriculum.
Digital identity
But encryption provides not only security and privacy but also authentication. Public key encryption can help verify a person's identity and the source of information on the internet.
Whitfield Diffie is one of the father's of so-called public key encryption. In conventional cryptography, one key is used both encrypting and decrypting.
Mr Diffie developed a two-key system, but knowing one of the keys would not compromise the security of the other key.
In this system, a user has both a public and secret key. The public key is often uploaded to a public directory or attached to a piece of e-mail.
If someone were to encrypt a message with another user's public key, only the recipient would be able to decrypt the message using the secret key.
If a person was to encrypt a message with the secret key, a user could use the sender's public key to decrypt the message and be assured of the identity of the sender.
"In that way, it acts like a signature because only one person can create messages but many people can verify that the messages came from that one person," Mr Diffie said.
Public key encryption allows two things:
Mr Diffie said that encryption used for authentication could be used to improve the overall security of the internet, including stopping attacks such as the recent distributed denial of service attacks, which took down several high-profile e-commerce sites.
Once the attacks were launched, very little could have been done to stem them "at the sharp edge of the attack".
The utility of cryptography relies on it being applied at the right place, he said.
"The place the cryptography could have done a lot of good has to do with authenticating computer programmes that were installed on computers of inadvertent intermediaries in the attacks," he said.
Administrators could configure their machines not to install code from untrusted sources, thereby stopping the attack before it started.
~RS~a~RS~Domestic~RS~q~RS~~RS~z~RS~19~RS~)