Re: security on the web

Sarra Mossoff wrote:
> 
> It is my understanding that concerns about security on the web are much
> exaggerated.  Think of all the people who feel comfortable giving their
> credit card number over the phone -- even cordless phones.  This method 
> of transmission can be intercepted by just about anyone willing to 
> invest a small amount of money in the necessary technology.
> 
> Intercepting a credit card number that has been sent over the phone 
> lines via a web connection is, in contrast, nearly impossible.  You'd 
> need a wealth of computer knowledge and very expensive technology to 
> get and read the data packets, and then there's the issue of getting 
> just the right data packets -- the ones containing credit card numbers. 
> It seems almost silly when you think that all anyone really interested 
> in getting a credit card number needs to do is just go through the 
> trash behind a restaurant or department store.

While I agree that credit cards in the clear over the Internet are no
less secure than everyday normal credit card use, we have the
opportunity
to make commerce (and communication in general) _really_ secure with 
strong encryption technology. With strong encryption, credit cards and 
many other things become equally secure from common criminals and 
multi-billion dollar organizations (differentiated by size of budget not
because one is any less criminal than the other ;-)

Unfortunately the U.S. Government and many others are staunchly
against security and privacy, so the task of deploying strong encryption
is extremely difficult. This is made worse by the vast majority of
U.S. corporations who are willing to make a deal with the devil to
make more money.

Here is the list of companies currently planning to abandon security
and privacy in favor of FBI/Big Brother software (this comes from
a U.S. Government document, not heresay):

Baltimore Technologies 
nCipher Corp. 
Boeing 
NEC
Cryptomathic 
Portland Software 
GemPlus 
RedCreek Communications 
Frontier Technologies Corp. 
RPK 
Fujitsu Ltd. 
Silicon Graphics, Inc. 
Hitachi 
Spyrus 
Open Horizon, Inc.    
Intel 
Tandem 
IRE 
Technical Communications Corp. 
Mitsubishi Electric America 
Toshiba 
America Online, Inc. 
Mytec Technologies, Inc. 
Apple Computer, Inc. 
NCR Corp. 
Atalla
Network Systems Group of StorageTek 
Certicom 
Novell, Inc. 
Compaq Computer Corp. 
PSA 
CygnaCom Solutions, Inc. 
Price Waterhouse
Cylink Corp. 
Racal Data Group 
Data Securities International Inc. 
Rainbow Technologies 
First Data Corp. 
RSA 
Digital Equipment Corp. 
SafeNet Trusted Services Corp. 
Digital Signature Trust Company 
Secure Computing Corp. 
Entrust Technologies 
SourceFile 
Gradient Technologies, Inc. 
Sterling Commerce Groupe 
Bull 
Sun Microsystems, Inc.
Hewlett-Packard 
Trusted Information Systems, Inc. 
IBM
Unisys 
ICL 
UPS 
McAfee 
Utimaco 
Mergent 
VPNet Technologies 
Motorola 

> 
> Recently, IBM has been running a television ad where a yuppie's friends 
> are giving him a really hard time about buying golf clubs off the web 
> because of the risk of credit card fraud.  IBM of course, then says it 
> can make internet commerce safe through encryption.

Marketing organizations always tell the truth, don't they? :-)

-- Mr. E

Received on Monday, 12 May 1997 17:20:05 UTC