+1 386-243-9402 MON – FRI : 09:00 AM – 05:00 PM

There have been many emails about the PepperBall, but perhaps the most emotional feedback has been about my short stories on healthcare. The cry for more efficient, effective, and affordable healthcare is universal. One reader said, "I was happy to see your take on healthcare in your recent blog. This is a field where some good IT could solve redundancy quagmires, but one of the basic problems is privacy. I think people reject the idea of their healthcare info being in a database for fear unauthorized people would be able to get at it to find out what their ‘weaknesses’ are".
Of all the issues which will affect the future of the Internet, the safeguarding of our personal information when it travels on or over the Net is likely the most important because it is at the heart of Trust — and without Trust the Net will not be able to realize its full potential. This means that information about an individual needs to be handled in a way that is consistent with the privacy and security expectations of the individual — if not, there will be no trust. Excerpts from a series of stories about privacy and trust can be read below.


MyFamily.com is a very useful site for families to share information, calendars, photos, and to learn about genealogy. As part of the registration process on the site, people are providing not only their own personal information, but also the name, email address, and (optionally) the birthdays of their children. This represents some very serious information that a person is entrusting to this web site. The management of MyFamily.com is committed to their privacy policy but what happens if MyFamily.com gets acquired? What assurance do we have that the policy will survive? How do we know that the site is safe from hackers? How do we know we can trust the I/T staff not to look at our personal family information? There are numerous questions of this nature that are not Privacy Policy per se –they are actually more about security in many cases — but questions about which people will eventually get concerned when they begin to think about the fact that they may have placed their entire family history and photo gallery on a web site.
One element of privacy on the Net is “Opt in” versus “Opt out”. When you register at a web site you will often see a small box to be checked giving you the “option” to be included or not included in subsequent emails making offers to you. Opt in means you proactively choose to be included. Opt out means you are included by default and you have to take action to be removed from the list of those who will automatically receive the emails. In some cases you have to read the words very carefully to determine which case is the default. This is part of Trust. Is the site really opening up to you and making it very clear what your options are, or are they making the words a bit fuzzy and hoping you won’t figure out what the default actually is?
Citibank introduced a service two years ago called c2it to enable the sending and receiving of cash via e-mail. You simply visited the c2it site, specify which of your checking, savings, or credit card accounts you wanted the money to come from, and enter an email address for someone you want to send the money to. That person would then receive an email, be asked to enroll in c2it, and then accept the money from you directly into their checking, savings, or credit card account. This seemed like a potentially useful service to me when I learned about it and so I enrolled. Only after I enrolled did I find out that there were fees involved. Then I discovered that incoming amounts are not credited to your account for five to six days, which is longer than if I had received a check and deposited it myself. Then I discovered that there is no fee to receive into a Citibank credit card but there is a fee if it is another bank’s credit card. I am not saying the fees are unreasonable – the competition from PayPal and other services determined that.
The issue was trust. It would be easy to get the feeling that Citibank was not being forthcoming about their offering. Now comes the good part – Affiliate Sharing. The enrollment page on the web site said “Citibank FSB is allowed by law to share with its affiliates any information about its transactions or experiences with you. Please check this box if you do not want Citibank to share among its affiliates any other information you provide to us or that we get from third parties”. We are talking about a sweeping allowance to provide a broad and undefined amount of information about you with a broad and undefined audience. Should the default be “check this box if you do not want” this? Seemed to me that this was an obvious case where it should have been opt in not opt out. Trust might wane a bit further.
Then came the Marketing Offers. “Citigroup may still send you marketing offers by telephone, mail and e-mail. If you do not want to receive such marketing offers, please write to the address below and include your name, address, social security number and tell us you don’t want offers by mail and/or phone and/or e-mail”. Write to us? This highly automated web site that can transfer money in and out of any account can’t have one more check box; preferably with “check here if you would like us to make offers to you”? I sent the letter and am not sure how long it took to get “processed”, if it ever was. In the meantime, I began receiving unsolicited marketing offers. Citigroup is a superb marketing oriented company but the approach with this Internet offering clearly did not build trust with new enrollees even though the company is a highly trustworthy organization.
The following now appears on the c2it website: IMPORTANT NOTICE – c2it service has been discontinued as of November 9, 2003. All financial transactions on the www.c2it.com website have been permanently disabled.

A world where everything is connected

When every computer is connected to every computer a lot of things are possible. Some of them are not pretty. Trust will become critical. Brands will become more important than ever because they will signal to us what level of trust we can expect. How will we know whether we can really trust a web site? Trust goes hand in hand with good security and privacy. Offering good security and a solid privacy policy will be the bare minimum but we will also follow how an e-business acts over time. What is their commitment? Do they listen to their constituencies? Do they respond to concerns about privacy and make things better? These actions will separate the good guys and the bad guys.
Brand used to be a feeling conjured up by how a company’s product was physically packaged or how you imagined yourself using it. Increasingly brand is a feeling conjured up by your experience on that company’s web site. It ties directly to Trust. Companies that have a web site that provides an end-to-end positive experience and which enhances people’s quality of life by saving them time will gain enhanced brand equity. The converse will become obvious.

Privacy, confidence, and trust all go together

In a December 2000 speech in New York , Lou Gerstner, chairman of IBM Corporation said, “We know that trust is a fundamental element of every positive brand experience. It is fundamental to all consumer behavior, to the willingness to buy and to brand loyalty. All of it is based on trust.” Web sites already have a repository of huge amounts of personal data that represent the byproduct of not just our registrations but also our surfing habits and our purchases. In the near future our medical records will be on a web site somewhere and beyond that will come real time data streamed from pacemakers and other medical instruments that are attached to our bodies. All of this data can bring significant benefits to us but only if we are able to trust the holders of the data and have confidence that they will protect it and respect our preferences about how and when it can be used. Lou Gerstner summarized it well when he said, “The answer here must begin with a responsible marketplace. Through our policies and our practices, industry has to send an unambiguous message that tells people: ‘You can trust us. You have choices. They will be respected. And you’ll know in advance how any information that you give us will be used.'”

The cookie monster

When you click on a link to a web page, a request is made to retrieve a document from a server and the server sends the document to your browser. If you then come right back to that server for another document it is an independent request – the server has no knowledge that it was you that had just requested the document. This is fine for surfing but for e-business there are numerous reasons why the server does need to know that you were the one that had just made the request. Some of the early web pioneers had realized the need to be able to retain information about who had made requests of the server and they also saw the need to maintain the “state” of things going on at the server so that if there were multiple steps to an e-business process or if a user became disconnected from the Internet, they would be able to return to the site and pick up where they left off. The technical invention to make this possible was called the “cookie”.
When you visit a site the server sends a cookie to your PC. The cookie is a small data file that can contain information about you and the transaction you are participating in. When you come back that second time the server reads the cookie, looks up some data about you in a database if needed and then allows you to continue. The cookie was a great idea and most web sites use them. In fact, cookies have facilitated e-business. However, in some cases the use of cookies has become an invasion of our privacy – a tool to be able to track our every mouse click. Cookies have been used by some companies to analyze your web visits and then target advertising at you based on what sites you have recently visited. Some people like this and others find it a large invasion of their privacy.
From time to time I see an editorial or story suggesting that anonymity should not be allowed on the Internet. The motivation is usually associated with concerns over pedophilia. This is certainly an important concern but so are the concerns of those who feel they need to be anonymous. A battered wife or an alcoholic that are seeking help and finding it in discussion groups on the Internet have a very valid reason to be anonymous. We have to be careful that we don’t react to “bad things” that happen on the Internet with a cry for regulation. There are laws that address many “bad things” and law enforcement agencies need to use the Internet more effectively as a tool to enforce the laws that already exist. This is happening but more needs to be done.

Platform for privacy preferences

A new standard has been developed called P3P, the platform for privacy preferences, which provide s a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. At its most basic level, P3P is a standardized set of multiple-choice questions, covering all the major aspects of a web site’s privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users. P3P-enabled web sites make this information available in a standard, machine-readable format. P3P enabled browsers can then “read” this snapshot automatically so that the user can compare it to their privacy preferences. P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see. P3P will allow you to establish the degree of privacy you want to have. Some of us may want to be anonymous. That’s okay. Some may conclude that they really like the idea of getting e-mails and personalized web pages. Some may even like the idea of an e-business which sorts through past web purchases and then makes buying recommendations based on the history. They may be very busy and don’t have time to shop so if somebody can make suggestions for them it may be a valuable service. That’s okay too. P3P will enable us all to express our preferences in the browser and then help us to find those services that meet our individual privacy requirements. If a web site doesn’t meet our privacy requirements, we will be advised and have the choice to move on to a different site.
Part of Trust comes from seeing people up close and personal. Looking into their eyes. Observing whether they look back into yours. Body language. I often get asked whether the Internet as a new medium will reduce people’s desire to get together in person or whether people will just sit in front of their PC and never go anywhere. I don’t think so. Perhaps the ultimate proof point is web sites for seniors like SeniorNet and ThirdAge that have been responsible, at least in part, for numerous marriages. People will have a lot of e-meetings but I don’t think people will give up on meeting in person as a result. There is too much that would be missed.

Internet Security

the glass is half full not half empty
Mention the word Trust and many people immediately think of security. We hear so many negative questions about Internet security. Is it strong enough? What will happen to my credit card number? What about hackers? We would like to implement this or that application but we can’t because of “security”. The list goes on. This is one area where some “old fashioned” attitudes are actually healthy. Security is critical and needs to be taken very seriously — but not in a restrictive sense. In fact the question that business and government leaders should be asking is about how security on the Internet can become the enabler of global commerce, the enabler for meeting peoples’ expectations, and the enabler for Trust.
In one sense, the Internet is actually completely insecure. It is similar to a “party” telephone line (for those old enough to remember them) where multiple parties are actually sharing the same network. You might pick up a “party” phone line and find out your neighbor is already using it. The Internet is a shared network also. Our emails, web pages, and IP telephony calls are broken up into “packets”, containing 5,000-10,000 zeroes and ones each, and the packets travel over phone lines hopping between specialized computers called routers to get from their origin to their destination. A clever “snoop” could use various “sniffers” to “listen” to the packets and if they are very clever assemble them back into the email, web page, or IP telephony call.
Enter encryption technology; one of the most powerful technologies on earth. Using very sophisticated mathematics, the contents of packets can be scrambled (encrypted) in such a way that only the intended recipient is able to unscramble (decrypt) the packets. Millions of people have discovered that this technique has enabled them to put their credit card number into a secure web transaction in a way that only the server at the other end is able to read it. In fact more and more people are realizing that their credit card number may be safer on the Internet than it is when they give it to a total stranger over a toll free number or to a waiter in a restaurant. The “strength” of encryption is incredible. There is no known case of anyone “breaking” full strength encryption or even a practical theory for how to do so. At some point in the future there may be some combination of people, networked computers, and schemes that will enable information encrypted with today’s technology to be decoded but by then the strength of the encryption technology will have advanced even further. The bottom line is that using encryption enables us to do things very securely using an insecure network.

It’s not the technology

The real issue with regard to Internet security has to do more with policy and procedures and these in turn have to do with attitude. I spoke with a group of CEO’s recently and one of them asked me what a firewall is? I said, well that’s a specialized computer that stands between your company and the Internet, and it allows your employees to be able to go out to the Internet and see what’s out there. It also allows the other 200 million people out there to come into parts of your business you don’t want them to come into if it isn’t set up and managed properly. By the way I asked, “Do you know the state of the morale of the person who administers your firewall”? When did they get their last salary increase? Are they a disgruntled employee? A security study once showed that the most common password for operating firewalls is the word ‘password’ which comes shipped as the default password when getting new firewall hardware or software!
We all know how we feel about en employee who cheats the company by claiming reimbursement for a meal or travel expense they didn’t actually have. We don’t tolerate it. End of discussion. How do we feel when an employee puts a stick-on memo on their PC screen or under their mouse pad with their password on it? We should feel the same way as with the expense fraud because that employee has compromised the security of the company. Is it condoned for employees to share passwords? How about the physical security of your server room? Is it ok to leave the door open if it gets warm in the room? Can visitors get into the server room? Does the audit department make periodic attempts to “break in” to the server room and see if they can turn something off or walk out with some backup tapes?
One of the fastest growing businesses at IBM is the “ethical hacking” group. For a fee they will try to break into your servers from the Internet. If successful they tell you how they did it and offer advice for how to prevent it in the future. Unfortunately, they are usually successful. At PC Forum, an exclusive I/T industry conference of top executives from around the world several companies volunteered to be guinea pigs while a team of IBM “ethical hackers” attempted to break into their servers. This was done on the condition that the company name would not be revealed. An IBM expert stood at the podium while talking over a speakerphone with the “ethical hacker” team that was at a technology center far away. The discussion was broadcasted over the sound system to the audience. The first break-in took eleven minutes after which the IBM engineers were looking at the driver’s license of the daughter of the CEO of the company. The second company attempt took seventeen minutes after which the engineer had access to the company payroll file. These were not failures of technology. They were failures of process, procedure and, audit. The source of the problem is attitude about security. It should not be feared – it should be embraced. The right attitude will not restrict the opportunities but in fact will enable more opportunities and enable them to be handled in a more secure manner.

Who are you – really ?

There was a cartoon by Peter Steiner in the July 5, 1993 issue of The New Yorker showing a dog at a PC speaking to another dog watching from the floor. The caption was, “On the Internet nobody knows you’re a dog.” Very true and in fact nobody really knows for sure just who you are. Nor do you know who is at the other end of a chat session or e-commerce transaction either. In the NGi we will have Digital IDs that will change this. There has been a prevailing attitude that digital IDs would mean that the “government” would issue an ID that would then enable them to spy on us; read our email, track what we do on the web, or invade our privacy in some way. A bit of knowledge plus a healthy Net Attitude would actually instead lead us to a very positive view — that digital ID’s are not to be feared but in fact should be embraced. They represent the empowerment that can unleash the full potential of e-business. They will allow us establish that we are who we say we are and to validate that the web server we are doing business with is really who they say they are. Security is not the issue. Authentication is.
It is true that large numbers of people have learned that security technology can encrypt their credit card number in such a way that only the web server at the destination is able to decrypt it. When people see the solid lock or key at the bottom of their browser they implicitly know that their credit card number or other private information is being encrypted using the public key of the server at the other end. And, since only that server has the corresponding private key then only that server is able to decrypt the private information. An important question however is who is that web server on the other end? How do you know it really is the merchant or university or government agency that the server’s home page said it was? Answer? You don’t. It could in fact be a hacker who has “spoofed” the web site; i.e. the site could be an imposter. Likewise the web site at the other end doesn’t really know for sure that you are who you say you are. What we are talking about here is authentication. For the most part we do not have it on the Internet today. Yet, it is one of the core capabilities needed to achieve the ultimate potential of the Internet and enable us all to fee we can Trust the Internet.
Today we use the login ID and password as a substitute for authentication. We all use them every day but the problems with them are nontrivial. First is the password sharing problem that enables someone else to be you. If you leave your password on a stick-on on your PC or under your mouse pad then one of your children or a colleague can become you. They can get into your bank account, buy a book at Amazon, or engage in a chat session as you. Assuming you keep your password to yourself, there is another set of problems. Web sites have different rules for login Ids and passwords. Some require that you use your email ID as your login, some require you to use your social security number, others allow you to pick anything you want as long as it is at least so many characters or in other cases as long as it is no more than so many characters. For good reasons they all require that your ID be unique. Sorry, but jjones is already taken. The same thing is the case for the password. Some require at least so many characters, some require that a password must contain at least one numeric character, some require that it be all numeric, and others require that contain no numeric characters. The variations are vast and the result is that you end up with a lot of different IDs and passwords.

Digital IDs to the Rescue

There are basically two ways to deal with managing this problem and neither of them is a good solution. First is to devise an ID (and password) that conforms to nearly all web site rules but which is also unique. Maybe you design an ID or password something like k7jyt14s that seems to work just about everywhere and surely nobody else will already have it. On the surface your multipurpose universal ID or password seems to be a good idea until you realize that if one of your web merchants turns out to be a scofflaw or if someone somehow steals your ID and password he or she now has access to your bank account, brokerage account, and every other web site where you have registered! By making things simple for yourself you have compromised yourself with every web relationship you have.
The other potential solution, which many people use, is to create a small database of all your IDs and passwords. Where to put it? On a piece of paper? Where to put that? On the desk. Then it falls off of the desk and dog eats it. You now have No ids or passwords! Then you decide to get serious and buy some database software and create a PC database of your IDs and passwords. Hmmm, this is a really important database –. maybe you need an ID and password for your ID/password database? Hmmm. Maybe you need a backup and recovery scheme? You have now become a database manager!
In case you aren’t discouraged about IDs and passwords yet there is one more peril. Whatever your ID and password are, when you send them they are almost always sent “in the clear”; i.e. not encrypted. Even sites that use encryption for all transactions normally do not use encryption to receive your ID and password. This means that an unscrupulous person might be able to “sniff” your ID and password from the Internet. They wouldn’t need to even know who you are. They just know they have a way to gain access to many web sites as an impersonator of you. There has to be a better way. Fortunately there is.
In the near future most people will have a digital ID along with an accompanying biometric link such as a fingerprint, face print, voiceprint, iris or retina scan. The combination of digital ID and biometric match will enable you to establish yourself as a completely unique person. At last you have the ability in the digital world to establish that you are who you say you are just as you can in the physical world! Step one is to get a digital ID from someone that knows for sure who you are and who is trusted by others as a reliable source for authenticating you. And who would this someone be? The Certificate Authority, or CA, is the place. The CA will ask you for information to validate that you are who you say you are. The degree of certainly they require will depend on your intended use. For routine things like email perhaps asking your mailing address and mother’s maiden name will be adequate. If you are going to use your digital ID to make millions of dollars worth of purchases for your employer then a personal appearance may be required where you show multiple forms of identification and then the CA gives you a diskette or other form of digital ID.
Over time there will be many CAs. Governments will operate them as will banks, companies, and institutions of all kinds. In theory there could be one CA that authenticates everyone and you would have just one digital ID. In theory you could have a “national” drivers’ license in your wallet (actually, most countries outside of America do) or a “universal” credit card and that one card could be used for all purposes. In theory, but not in practice. Can you imagine that VISA or MasterCard or American Express will give up their logo on the card and be part of a generic ID? I don’t think so either. Not only do they not want to give up their marketing presence on the card they also don’t want to take on the liability for providing a general purpose digital ID that you could potentially use to go to the hospital for a leg amputation. If the hospital happens to take the wrong leg off of the wrong person the credit card company will surely not want to be liable for having validated that you are who you say you are. Just like we have multiple physical id’s in our wallet we will have multiple digital id’s.
The important thing is for a CA to be able to be quite certain that you are who you say you are before they issue you a digital ID. This can happen in various ways. For example, Equifax is a consumer credit reporting company that has information about 200+ million people. They know your name, your last few addresses, your phone number, and in many cases your mortgage balance! So when they ask you for certain information they can compare it to what is in their database and if there is a match the odds are very high that they can indeed be sure that you are who you say you are. With this assurance they can issue you a digital ID or provide the information to another third party who can THEN issue you the digital ID.
Digital IDs are actually being issued already in some parts of the world. Singapore and Taiwan have established guidelines that provide for CA’s. Europe has established a directive that will enable CA’s across the continent. In fact the Ministry of Finance in Spain issues digital ID’s that allow citizens to make their tax payments over the Internet. A Spanish citizen can log on to the site by entering their password into their browser. The digital ID is stored in the browser and does not have to be passed over the Internet in the clear. Once authenticated, the Spanish citizen can pay taxes or check the status of tax payments. The U.S. government in July 2000 passed legislation that will allow CA’s to be established that can enable digital signatures to be used anywhere in the country.
Once you get a digital ID, where do you keep it and how does it work? There are two parts to your digital ID; a public part and a private part. The public part is something you want to make easily available to anyone. This will be described in more detail a little bit further on. The private part of your ID is something you will keep very private and never share it with anyone. Where will your digital ID be stored? There will be a lot of choices including on our PC hard drive, in our mobile phone, in smart cards in our wallet, in a PCMCIA card, in an electronic ring on our finger, or in a token we wear around our neck. A company called KeyNetica is developing products that will enable a broad spectrum of Internet users – everyday people who do everyday things like banking and shopping – to move among many different Internet access devices during the course of a day using a portable personal identification tool that they can use on almost any computer via a ” USB flash memory key”. Since all PC’s shipped today have a USB “port” used to plug in printers, digital cameras , and other devices, the USB flash memory key could enable you to plug your digital ID into any PC anywhere. Wherever you keep it, the digital ID is a very empowering capability.
Does a digital ID mean we lose our privacy? No, quite to the contrary. By having a Digital ID you can establish not only who you are but what privacy preferences you want to stand by. If you choose to be anonymous you will be able to.

Authentication (you are who you say you are)

There are five important attributes in a world of digital IDs. The first is authentication. Once you have a digital ID you will no longer have to send your login ID and password over the Internet. Your password goes no further than your smart card, token, or your PC. Instead you will use your password to enable an encrypted exchange of digital data between your PC (or phone or other information appliance) and the other party. The result of the exchange is that both parties will be able to confirm that the other party is indeed who they say they are. If you have also provided biometric data the person will know not only that it was your ID but that it was actually you who initiated the transaction and not someone who may have “borrowed” your login/password. Digital IDs are stored in a digital certificate (hence the origin of the certificate authority) and during the initial exchange of information you will see some of the data that is stored in the other party’s certificate. For example, you will see who issued the ID to them and you can use this information as an additional input to determine whether you want to trust the other party. Authentication is the beginning. If you want to be really sure you can examine the other party’s “fingerprint”. This is analogous to the small key number embossed on your house or car key. Your credit card statement, for example, may have the “fingerprint” printed on the statement so if you wanted to you could check it against what appeared on the web page to be 100% certain that the credit card company’s web site was indeed them.

Authorization (who can do what)

Now that you have established that who you are who you say you are (been authenticated), various service providers such as banks, merchants, and others can authorize you to do various things. This might include reading a subscription to a publication, banking, investing at an on-line brokerage firm, establishing an account with a merchant so you can buy things without having to register each time you purchase something, or voting in local or national elections. Authorization goes deeper however. Since you are authenticated, you can be authorized to authorize others! Let’s suppose your company has an intranet application that allows you to enroll annually for various medical and dental benefits. Suppose you wanted to allow your spouse to do this for you. How would that work? In today’s world, unfortunately, many people don’t think twice about giving their password to a friend, colleague, or relative. In tomorrow’s world that is not a good idea. A digital ID gives each of us great power and enables us to establish our privacy at the same time. Sharing our password with others dilutes that power. An alternative approach is simply to have a web application that allows a person to authorize someone else to do something on their behalf without giving up their own identity. You authenticate yourself and then you authorize your spouse to be able to enroll or change your medical and dental plan benefits. Then the health care provider or insurance company knows not just that a valid ID and password were used to enroll, but that in fact, the person using the application was authorized by an authenticated person.
If you read the fine print at on-line banking sites you will find that you agree that as long as your ID and password was used to execute a transaction that they are not liable for it not being you. If one of your children finds your ID and password and sells your portfolio (or doubles the size of it on margin) the on-line brokerage is not liable. It was you!

Confidentiality (only the intended recipient can read your messages)

The killer application on the Internet is arguably still email. Unfortunately of the trillions of emails sent each year most are sent “in the clear”. In other words they are not encrypted. Think about writing your most sensitive personal thoughts about someone on a plain postal card and dropping it in a postal box or the slot at the post office. You would have no idea who might be able to read it as it travels from postal box to post office to post office to mail room to intended recipient. That is how it is with all the emails you send! You really have no idea who can read them. When we all have Digital IDs there will be a better way. If you want to send Josef a very private message that nobody but Josef can read you will go to a Certificate Authority and get a copy of Josef’s public key. You will then use your email program or other encryption software such as PGP (Pretty Good Privacy) to encrypt your message to Josef. When Josef receives the scrambled message he decrypts it using his private key. Nobody has Josef’s private key but Josef so you and Josef both know that nobody but Josef was able to read the message.

Integrity (you both know nothing got changed)

How does Josef know that the email really came from you and that it wasn’t altered in some manner on its way to him? A by-product of using the encryption keys is a function called “hashing”. A calculation is made based on all the characters in the message you create. This calculation is encrypted along with the message. After the decryption takes place, the calculation is compared to the one that was made at the time of the encryption. If they agree then your software will in effect tell both you and Josef that the message was not altered. Also, the message was “signed” by you using your private key. Josef gets your public key from the CA and decrypts your digital signature to confirm that it was actually you who “signed” it.

Non-repudiation (no one can deny a conversation or transaction)

Have you ever been told, “We did not receive any request from you to make that stock sale” or have you had to say, “I did not receive that confirmation notice”? If you receive an encrypted message from someone that is “signed” with their Digital ID (with their private key) and you are able to decrypt it with their public key then you know that the message must have been signed with their private key. Only they have their private key, so they must have signed it. They cannot deny it. This works in both directions, of course. Many major countries of the world have now passed legislation that makes digital signatures as good as signatures with ink. They will stand up in court. Soon we will realize that they are actually much better than ink.
Digital signatures are not perfect. Bruce Schneier, founder and CTO of Counterpane Internet Security Inc., has pointed this out in great detail in various writings. This is because computers and computer software are not yet perfect. In order to trust the digital signature, we implicitly trust the hardware and software that enabled us to use our digital ID to create the digital signature. In spite of the imperfections there are many instances where digital signatures are adequate and in fact a clear advantage in efficiency and effectiveness versus current methods. Where the dollar value that depends on the signature is very high, strict security measures need to be taken in proportion.

Back to the GE wire transfer

Remember my saga with GE Capital in trying to wire money to my attorney? Let’s contrast that process with how it might have worked using a public key infrastructure approach with the five security functions described above.
Authentication. Yes, I was authenticated by the bank. They looked at my driver’s license and put a rubber stamp on the fax request form. The only difference was that instead of a mouse click or two it was a harrowing forty five minutes running around the streets of New York on a hot summer day.
Authorization. Yes, I was authorized by GE Capital because once they received the authentication they could look up my account, see that I had adequate funds, and therefore authorize the funds transfer.
Confidentiality. Sort of. If I call GE Capital and the person I am talking to is standing at a fax machine and I am standing at a fax machine and I say “Ok, here it comes” and they say “Ok, I see it coming” then arguably we could say it is a confidential transfer of information. In reality faxes tend to go from an outbox to an assistant who takes it to a fax machine where someone could be looking over their shoulder. And then the document is faxed to a number and received in a “fax room” to be read by anyone who happens to pick it up. And of course there was the hassle of finding a fax machine and the time delay. Hardly a mouse click.
Integrity. Definitely not. This is the real flaw in the manual paper based process. When the fax was taken by me or someone else to the fax room I may have placed in on a table and made a quick run to the men’s room or gotten distracted by a phone call. Meanwhile someone sees the wire transfer form and changes $500 to $50,000. Then the form gets faxed. What amount gets wired? $50,000. No integrity.
Non-repudiation. You bet. The transaction will stand up in court. As far as GE Capital is concerned I requested the wire transfer of $50,000. I was authenticated, the transaction was authorized and the fax form was transmitted “confidentially”. If I contested the transfer I would probably lose in court.
So what is missing? Why couldn’t I have done this transfer on the web with a few mouse clicks or mobile phone clicks? Technology problem? No. Security problem? No. It is time for the leadership of institutions of all kinds to move forward to make digital IDs available to their constituencies so that Trust can be achieved.

Open standards need to continue to rule

Another dimension of Trust has to do with standards. The Internet is the only thing I know of that works the same everywhere. Most things work differently in different parts of the world. The side of the road we drive on, the side of the car we drive from, the width of the railroad tracks, the plugs that we put in the wall; all work differently around the world. But not the Internet; it works exactly the same in every corner of the world. It is based on standards. There are a lot of debates during the process while Internet standards are being developed but once published as a standard every vendor implements the standard. The vendors compete on how well or how fast they are able to implement standards but they do not compete by changing an Internet standard. As an application developer, when an application is built with open standards you can have a high degree of Trust that the application will interoperate with other applications, that technical support will be available in the event of problems, and that there will be flexibility to change vendors if appropriate.
An open standard means a standard that is supported on all information technology platforms. XML and HTTP, for example, work with Windows, Unix, Linux, Apple, IBM, HP, and all PC’s. There are other important technologies like IBM’s mainframes or Microsoft’s Windows that are dominant in various ways. They support open standards, like XML and HTTP, but they are not themselves open standards.

So many issues; so little time

The final element of trust comes from public policy. There are many policy issues that will affect the Internet — taxation, trade rules, jurisdiction over transactions, protection of intellectual property, privacy, and others. Although the Internet is transferring power to the people there is still an important role for governments and global organizations. Generally speaking, regulations are not needed but thoughtful standards and cooperative policy work are. The private sector needs to provide aggressive leadership. We can’t delay. We have to anticipate the impending issues such as privacy and run hard and fast to address them. The alternative is to wait until the political pressures result in regulation that, in many cases, may be difficult and costly to implement.