|
|
|
|
||
|
Desperately Seeking Security
By John Burgess
The article goes on to say that everything in your house now is vulnerable to theft and that you and everyone else with that type of lock will think twice about acquiring anything of value. This might cause a downturn in the retailing industry and the economy in general. The lock's manufacturer is quoted promising that the lock will be modified on an emergency basis to defeat whatever trick the locksmith used. Everyone who owns one of the locks, in fact, can come in for a free replacement. You won't find that story in the paper, but we often read something similar when the locks that are picked are electronic. Hardly a week passes without news that a team of computer whizzes has managed to crack the security features in such-and-such software, or some security sage has found a backdoor way into such-and-such system. For a variety of complicated reasons, we have come to demand a much higher level of security in the electronic realm than we do in real life, even though in real life we stand to lose so much more, including life itself. Expert burglars can pick our front-door locks. We all know that. Yet we continue to buy televisions and jewelry, knowing that the lock is good enough to foil most crooks who'd try to get in. Not to mention that the laws of probability suggest that the lock may never get the chance to be tested. And if we do get robbed, that's what insurance is for. It's the same way with credit cards. We all know that a credit card found on a street could be used to run up illicit charges. Or that there's nothing to stop a waiter or a cashier at a restaurant from jotting down a number and using it for a shopping spree. Yet we all see that as an acceptable risk and continue to carry plastic, and laws protect us from exorbitant losses. But cyberspace generates a lot of skittishness. I feel it myself. Just on the other side of the screen, it seems, there could lurk someone waiting for a sucker, me. Call it foolish, but I have yet to buy anything on the network that required sending a credit card number over it. Rarely has so much public angst been devoted to the hypothetical. While I know plenty of people who've had their credit card numbers stolen the old-fashioned way, I know not one who's suffered that on the Internet. And though the experts say that it's happened, I have yet to see the details of a single case made public. So what's going on? I think it's a mix of the following: * It's the media. We keep writing stories about holes in Internet security, so people naturally focus on them. * It's the nature of the Internet. Since its users are far-flung and invisible to each other, it's a less trustable environment than the real world. We never really know who's at the other end of the transaction. * We get a net benefit from using a credit card in a store or restaurant. No one wants to carry cash, and many places don't take checks. Most of us don't get much benefit from Internet shopping – it's overpriced, it's slow, it's less fun than handling the merchandise before we buy. So we don't feel like taking the risk of exposing our credit card numbers. When the Internet does have something that we really want to buy, we lose our inhibitions. Witness the case of the sex industry, whose sites handle a huge proportion of the credit card transactions that do take place. * The people who are driving the security debate have standards that are quite high. Much of their interest is not in commerce, but in the security of e-mail and other personal communications. To many of the privacy lobbies in Washington, it's not good enough to say that only the best government supercomputers could crack such-and-such security codes. Those are precisely the computers they worry about. Government snooping into private affairs is their big concern. * Software companies that make security products want to increase their sales, so they spread the word about security. * There are good reasons to want higher security in cyberspace than at your front door, and people know it. One broken code on the Internet or on a big online service can compromise thousands, perhaps millions of people, at once. One picked lock, in contrast, generally means one unhappy family filing an insurance claim. * Electronic security breaches can happen without your ever knowing it. If your house is entered, you generally know. But if someone reads your e-mail, you don't have anything like steam marks on the flap of an envelope to tip you off. A year from now, this mix of reasons might be entirely different. I might even feel confident typing in those credit card numbers. But not just yet. I read the news. John Burgess's e-mail address is burgessj@washpost.com
|
|||||||||||||||||
|
|
|
|
||
 |
||
