Without trying to scare you right out of the 20th century, did you know that your email is as public as if you had posted it on the community board of your local Acme? Completely unencrypted, it bounces through server after server to get where it is going. Any one of those nodes can be watched for mail coming from a certain domain (like, microsoft.com) or even from a specific user (bgates@microsoft.com!) If they snag a copy as it floats by, they could be looking at a letter to someone’s dad…or a letter to the IRS or from the IRS or from the FBI to the CIA. The only thing someone needs is the desire and the skill…and it doesn’t take much of either.

To paint a more pervasive picture, the card reader that is used to swipe your VISA at the Department store doesn’t encrypt the card number before it sends it: these systems rely on having a dedicated line to the VISA computer for this. But dedicated doesn’t mean "secure", it just means "hard to get at." If you can get by the physical security and hook the two wires of your data sniffer to the wiring block of either building (sending or receiving) you can snag any data that comes by. Enterprising crooks have pilfered the card data off of the wire and then programmed the magnet strips on bogus cards to reflect the purloined account data.

If this revelation has you sweating and feeling tempted to use your garbage disposal to destroy all of your plastic, please come down from the ceiling. The situation is getting better, and it is not yet necessary to drop out of society and go raise goats.

The primary dilemma for data security is: "To what lengths am I willing to go to be reasonably sure my drawing is only readable by me or by those I deem suitable." The watch word is "reasonably." You see, if anyone has more motivation to get that information than you have motive to keep it private, they will get it.

A prime example of this "how far will you go" dilemma would be a backup system I developed for the Security office at a University which had critical and limited (confidential) information on it. That office has several workstations, plus a server and additional connections to machines all over the campus. My system design stated, "every workstation makes its own local backup nightly, the server backs up all of local machines plus itself, and then duplicates that data to a third machine at the other end of the campus, the tapes of which are then moved to a fireproof safe." Thus, anything short of a nuclear bomb landing on campus would mean that the data would be safe or losses would be held to only 24 hours worth… Unless someone within the office tampered with the system intentionally.

While that internal tampering hasn’t happened (as your staff is considered to be on "your side"), the notion of intentional sabotage hadn’t occurred to me, and that is the place where the data is vulnerable: the point at which someone else is willing to go farther to get the data than I am to protect it. If that is true of a simple circumstance like backups, imagine how much more difficult it is to deal with this your data is time sensitive and mission critical.

So, if you can’t keep interloping eyes off your data, then the next best thing is to make it worthless to the snoop. Thus, the psychology of Cryptography could be referred to as "the art of hiding something in plain view." The danger of Cryptography used to be (prior to 1976) that sender and receiver used the same code book (cipher) or encryption to both encode and decode. If the competition laid hands on the cipher book, we’re both (sender and receiver) dead: They could read the mail we send each other or forge mail to either of us.

To address this drawback, a new and considerably more bullet-proof technology has emerged called Public Key Encryption (PKE). Here is how it works: If I want to receive secure information from you, I would provide you with my Public Key which encodes the data that you will send to me. That key would scramble the data (making it unreadable to snoops) and then you send the encrypted data to me over the wire. If the message is intercepted, all the busybody will find is a file that looks like your printer lost its lunch.

When I have received the encrypted data, I would use my Private Key to decode it. (Both Public and Private Keys were created initially by me.) What is so glorious about the PKE model is that the encoder only needs one key, but the decoder needs BOTH keys to make it work. Having the Public Key that encrypts the data tells you nothing about how to decode the data with the Private Key. Kind of like locking a door with one half of a key, but needing BOTH halves to unlock it.

This technology floated around in academic circles for a few years before Philip Zimmerman of MIT helped codify it when he wrote the application Pretty Good Privacy (PGP). He posted it to the Internet newsgroups about the time Congress and the National Security Agency were starting to understand that they wouldn’t just be able to look over shoulders anymore to see what people were saying to each other. Zimmerman was hounded by the government for making this globally available (over the newsgroup) as U.S. Customs considered PGP to be military grade encryption and thus considered it "munitions." After several years of government harassment, the suit against Zimmerman was dropped in 1996.

The reason the government is so concerned about the subject is not because PGP is widely available, but because it is, for all practical purposes, bullet proof. A heavily encrypted file could be cracked, but with current computing technology, it couldn’t be cracked in anything less that a couple hundred years, long after the importance of the data has come and gone. 

This naturally brings up the question of personal privacy versus public safety or governmental security. When we hear about the theft of trade secrets, most of us are likely to shrug and wonder why the aggrieved company "wasn’t more careful." But when a U.S. citizen isn’t allowed to exercise their constitutional right to tell the government to "butt out" of their personal affair and relationships…that, friends, is when the mob starts to go mad. Because legislation is reactive by nature and the Internet is proactive by nature, we are to be witness to a tremendous clash in ideals: Historically, the law has responded to, not anticipated, technological changes, often reacting repressively when a new technology challenges the status quo. The Communications Decency Act of 1995 attempted to limit Internet "speech" (if you consider the depiction of rape and domination of women "speech") to that deemed acceptable to a six year old. In trying to quash what most people saw as a threat, the CDA over-legislated the whole affair and got itself shot down by the Supreme Court last month.

A great many people (myself included) have wondered aloud why, if we aren’t doing anything illegal, should we be worried about the government reading our mail? The answer uncomfortably comes from two sources: One, Robert Ellis Smith, Publisher of the PRIVACY JOURNAL cracks, "An employee with nothing to hide may well be an employee with nothing to offer." The other from Gary Marx, professor of sociology at MIT, who notes ten characteristics of new kinds of computer-based monitoring that make them particularly intrusive:

1. They transcend boundaries that traditionally protect privacy.
2. They permit the inexpensive and immediate sharing and merging and reproducing of information.
3. They permit combining discrete types of information.
4. They permit altering data.
5. They involve remote access which complicates accountability issues.
6. They may be done invisibly.
7. They can be done without the subject’s knowledge or consent. 
8. They are more intensive.
9. They reveal previously inaccessible information. 
10. They are also more extensive and they cover broader areas.

United States Constitutional scholar Laurence Tribe posed a question: "When the [technological, social] lines along which our Constitution is drawn warp or vanish, what happens to the Constitution itself?" In applying long-standing constitutional guarantees to electronic and data privacy, Tribe recommends that policy makers focus on the fact that the Constitution was written to restrict the government...not its citizens; It is to regulate actions of the government, not of the actions of private individuals.

Of the things my father has taught me, one of the axioms that has kept me out of the most trouble is, "Keep your head down and your mouth shut." On the whole it has served me well socially and in business. The question that our culture wrestles with now is that if a great many people don’t think personal privacy matters to society, how long will it be before the decision about the state of my mouth (open/shut) is made for me?

Peace,

Webwalker