Security is a subject that has little to recommend it lately. While
budgets continue to increase, the evidence shows that technology
offers solutions but not answers to the many challenges involved in
protecting and capturing the traffic flowing through the global
information space.
You may read about Echelon and Carnivore, Hushmail and hackers, and
realise that anything you might communicate with the help of
electricity can be read or listened to by someone else. Of course,
interception is often a matter of luck, unless someone has
installed one of the many user-friendly programs on your network
that capture every e-mail you may read and send and every Web site
you visit. In fact, and even more disturbing, for many of us,
powerful network surveillance software can be downloaded as
freeware, so it may not be the boss who is reading your mail.
Worried about the US Echelon surveillance technology, a European
Union committee recommended that we routinely encrypt our e-mail
but, for most of us, it is too much trouble and we assume that
nobody in the US National Security Agency is really interested in
what is going on in our office. And anyway, if you really want to
hide information it is not difficult, regardless of the expensive
technological muscle that attempts to prevent you doing it.
Take steganography, a way of hiding information in plain sight, as
an example. This column is hidden in my photo on my Web site and,
if I wished to, I could conceal the entire magazine in a large
graphic or MP3 file. If you wish to check, there is a freeware
program called S-tools in the Files section of the site. It will
decrypt the photo and the password is "weekly".
So, sensitive company information could be posted invisibly on a
site for anyone to collect, or sent to a friend as a digital
holiday snap, and nobody would know. All they would see is a Gif
file.
This is where the most sophisticated technology falls down. While
you can come close to protecting your network from the world
outside the firewall, there is very little chance of intercepting
anything other than routine e-mail traffic if somebody really does
not want to be overheard.
Fortunately, we still have the right to encrypt anything we might
wish to send anyone else, using PGP or other freely available
software. In other words, it is not illegal. That said, and in the
light of New York's tragedy, it is possible that, if a connection
can be made between the Internet, any application of encryption
software and the terrible events of 11 September, that we could see
some form of blanket regulation applied to strong encryption
software.
Unlikely? Perhaps. Impossible, perhaps not.
The irony is that what we understand as security in a wired-world
remains a half-truth, an unhappy compromise between what business
and government would like from the technology and what it can have.
Simon Moores is chairman of the Research Group
www.drmoores.com