Picture the unhappy half-truth of Internet security

Security is a subject that has little to recommend it lately. While budgets continue to increase, the evidence shows that...

Security is a subject that has little to recommend it lately. While budgets continue to increase, the evidence shows that technology offers solutions but not answers to the many challenges involved in protecting and capturing the traffic flowing through the global information space.

You may read about Echelon and Carnivore, Hushmail and hackers, and realise that anything you might communicate with the help of electricity can be read or listened to by someone else. Of course, interception is often a matter of luck, unless someone has installed one of the many user-friendly programs on your network that capture every e-mail you may read and send and every Web site you visit. In fact, and even more disturbing, for many of us, powerful network surveillance software can be downloaded as freeware, so it may not be the boss who is reading your mail.

Worried about the US Echelon surveillance technology, a European Union committee recommended that we routinely encrypt our e-mail but, for most of us, it is too much trouble and we assume that nobody in the US National Security Agency is really interested in what is going on in our office. And anyway, if you really want to hide information it is not difficult, regardless of the expensive technological muscle that attempts to prevent you doing it.

Take steganography, a way of hiding information in plain sight, as an example. This column is hidden in my photo on my Web site and, if I wished to, I could conceal the entire magazine in a large graphic or MP3 file. If you wish to check, there is a freeware program called S-tools in the Files section of the site. It will decrypt the photo and the password is "weekly".

So, sensitive company information could be posted invisibly on a site for anyone to collect, or sent to a friend as a digital holiday snap, and nobody would know. All they would see is a Gif file.

This is where the most sophisticated technology falls down. While you can come close to protecting your network from the world outside the firewall, there is very little chance of intercepting anything other than routine e-mail traffic if somebody really does not want to be overheard.

Fortunately, we still have the right to encrypt anything we might wish to send anyone else, using PGP or other freely available software. In other words, it is not illegal. That said, and in the light of New York's tragedy, it is possible that, if a connection can be made between the Internet, any application of encryption software and the terrible events of 11 September, that we could see some form of blanket regulation applied to strong encryption software.

Unlikely? Perhaps. Impossible, perhaps not.

The irony is that what we understand as security in a wired-world remains a half-truth, an unhappy compromise between what business and government would like from the technology and what it can have.

Simon Moores is chairman of the Research Group www.drmoores.com

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close