|
Virtually safe?
Exposure to risk on the Internet
While it is generally recognised that there are safe and unsafe activities that can be performed on the internet and through one’s e-mail, there is increasing concern about the extent to which e-mail, e-commerce, and internet surfing expose users to risk.
Concerns about internet security range from the fear that sensitive data about an individual or corporation will be accessed and stolen, changed, or erased, to the fear that some information — such as one’s credit card number — might be misused by fraudsters trawling the internet. In addition, civil libertarians fret that governments and others might be able to gain access to personal information which, irrespective of its potential to cause material harm, ought not to be exposed to others without the consent of the person concerned.
So just how dangerous is electronic communication to its users? And how can one protect oneself from harm?
To understand the nature of the risk, it is important to grasp a few basics about the way in which electronic communication happens on the internet.
How the internet works
In essence, the internet is a vast series of rings of computers, each of which is connected to other rings of computers through dedicated computers called routers and gateways. When an internet user sends e-mail, the message goes to all the computers on the same network as the user. When the e-mail hits the router, if it is not intended for any computer on the sender’s network, it is sent to a higher level. It then hits all computers on that network of routers and is sent on only by that router that recognises the address as being on its network. This process might be repeated a number of times, but eventually the message will reach a router on a network which includes the computer for whom the message is intended. Then it is sent on by that router to all the computers on the network, being accessed finally by the user in possession of the appropriate access code.
The nature of this communication means that any e-mail will route via a very large number of computers, even if only the intended addressee can read the message. It also means — and this is the bad news — that there are very many points at which a message might be intercepted by any other internet user.
The good news, on the other hand, is that before a message is sent from any computer, it is broken up into numerous very small packets. Each packet contains information about its relationship to the others. These packets are sent separately and there is a very strong likelihood that each will take a different route through the various systems. This makes it virtually impossible for someone to capture and disentangle a message, and therefore sharply reduces the risk that the sender and the recipient face.
Thus, if you are making plans to break into the vault at the Reserve Bank, it is extremely unlikely — unless someone is actually tapping your telephone — that any mail you send about this will be intercepted. Your only real risk is that someone will be able to search your hard drive, or that of your recipient, in order to access the incriminating mail. On the downside, small parts of a larger e-mail — say your credit card details — might well be intercepted and captured whole.
Encryption of e-mail messages
Because it is extremely unlikely that any mail might be intercepted whole, it means that e-mail is seldom encrypted (the information is not codified). However, because the risk of interception remains, encryption technology — some of which is built into the most recent versions of the most common web browsers — is used for particularly sensitive communications and in particular for the electronic finalisation of commercial transactions.
The encryption of messages has some associated costs, mainly being the demand on scarce computing resources and a consequent slowing down of the speed of communications. Nonetheless, for sensitive communication there is no doubt that encryption is required.
In essence, encryption works by transforming the data to be sent into a string of digits which can only be returned to its original form if the receiver has the key to decode the string of digits. Single key encryption works between two parties who know each other and who agree on a key before communication begins. Public-private key encryption works by creating two keys, one of which is public and can be used to transform a message into code. The other is private and is used to decode the encrypted message. The public code, which belongs to and is published by the receiver, and to which all users have access, provides no clues to the private code to which only the receiver has access. In this way only the intended receiver can translate a message intended for him or her. It is this latter methodology that forms one of the bases of secure e-commerce.
Access to encryption technology
That sophisticated encryption technology can be virtually impregnable to the decoding efforts of third parties raises a range of public policy issues. These relate to the access private parties should have to such technology, since they might well use it to render illegal communications virtually immune to law enforcement interception. In the US, this has led to export bans on the sale of some encryption technology.
There is little doubt that there is some risk involved in opening one’s computer and one’s communications to the internet: communication can be intercepted and stored data accessed. At the same time there are a variety of techniques available to the reasonably savvy netizen to protect her data from all but the most cunning and determined attack. Nonetheless, it pays to be careful, and to assume that any and all vulnerabilities will be breached at some point.
Antony Altbeker
School of Public and Development Management, Wits University
|
|