Internet Security and Privacy

Internet security and privacy
Personal Privacy in the Digital Age

By Philip E. Agre
It is the year 2010, and your car is hooked up to the Internet. As you
drive, you receive updates and instructions that reflect changing traffic conditions
monitored by video cameras and satellites. Your mechanic is able to monitor your
engine remotely and alert you if there are signs of a problem. Your entire home music
collection is available on the car stereo.
But these conveniences come at a price. Your insurance company also
tracks your movements, making sure you obey all speed limits. You receive endless
personalized advertisements for the businesses that you drive past. The police have
noticed that you often drive through a bad part of town and have started a file on you.
This scenario is entirely plausible, and the technology is already available
or soon will be. But will it actually happen? Is invasion of privacy the unavoidable
consequence of technological progress?
Hundreds of today's emerging technologies have privacy implications,
and many of them, such as wireless data communications, have already become cheap
enough to be used on a large scale. Once these technologies become commonplace, it
will be nearly impossible to change them. For this reason, taking measures to protect
privacy should be high on the agenda of societies throughout the world.
Why should we care about a possible loss of privacy? What are some
of the potential impacts when our privacy is breached? What data trails does a
person create in modern society? How important is the Internet, with its booming
demand for online shopping and its free flow of information, to these concerns? What
steps can individuals take to control access to data regarding their personal lives and
thus protect their privacy?
Personal Information and Technology
In the modern world privacy issues constantly arise with the collection
and dissemination of digitized personal data. This data, the computerized transfer of
information by a myriad of devices, has become a routine part of our lives. We
exchange this type of data when withdrawing money from an automated teller
machine (ATM), borrowing a book from the library, or sending electronic mail (email)
on the Internet. Computers also affect our lives in a thousand indirect ways: the bills
we get in the mail, the logistical systems that get groceries into the store, telephone
networks, and more.
To understand the privacy issues that information technology can raise,
it is important to understand what computers are and how they are designed.
Information technology originated in military and business environments as a way of
automating existing practices, such as calculating missile trajectories and scheduling
factory operations. As the technology matured, companies such as International
Business Machines Corporation (IBM) shaped modern software engineering by drawing
on the methods of industrial automation and the language of bureaucracy. The
computerized files that are the focus of privacy concerns today are directly descended
from the paper files of the past.
Page 1 of 94
Computers are, above all, representational machines—they manipulate

internal patterns of data that represent people, places, and conditions in the outside
world. Some data represents the past—for example, when an accounting program
keeps records of financial transactions. Other data represents the future, as when a
computer simulates the economic impact of a proposed change in taxes. Yet other data
represents the present, such as when a tracking device attached to a truck keeps the
trucking company informed of its location.
Central to the design of any computer system, therefore, is a careful
analysis of what sorts of things need to be represented. A designer may decide that a
particular system needs to represent people, cars, employees' tasks, and so on. The
next step is to decide which attributes of these things need to be represented: an
employee's name and job title, the type and location of a car, the inputs and outputs of
a task, and so on. Only then is it possible to specify the procedures the computer
should follow.
The best-designed computer system, however, is useless without a
supply of accurate input data. So designers must also provide their machines with the
technical means of ―capturing‖ the data. Early computers used simple mechanisms
such as keyboards: A person would manually type in the necessary data. Today,
however, computers can capture data through an enormous variety of mechanisms.
These mechanisms include bar code scanners, tracking devices, and wallet-sized cards
with magnetic strips. Some systems also use microphones, cameras, and more exotic
kinds of sensors.
Streams of Data
As a person goes through the day, therefore, representations of his or

her activities are continually being captured by computer input devices. Restaurant
orders are entered into point-of-sale (POS) terminals, which calculate the bill but also
detect patterns in customer dining habits. Medical personnel create detailed records of
interactions with patients, thereby assisting future caregivers but also permitting
oversight by insurance companies. Email messages at work are filed for easy
searching, but also for easy reading by supervisors. Credit card systems capture
details of purchases, easing both payment and subsequent marketing.
Few of these databases are unknown to consumers, who can see a
grocery store's scanner in operation and who most likely realize that a computer prints
their electric bill. Even so, few people understand the consequences of all of this data
being captured, accumulated, and passed along. It is a complicated matter. For
example, data can only be abused if it is individually identifiable—that is, if the
computer knows who you are. If you pay by cash in a restaurant, the records in the
POS terminal have no way of connecting your identity to the food you ordered. But if
you purchase groceries using a grocery store ―club‖ card, you have identified yourself
and made it possible for your data to be personally identified and thus possibly
manipulated and abused.
Because of the dangers posed by individually identifiable information,
most organizations take steps to prevent abuse. Computer security, for example,
includes numerous measures to prevent data from being used in unintended ways,
whether by outsiders ―cracking‖ a password mechanism or by insiders who might be
paid by private investigators to retrieve individual records. Responsible organizations
also establish clear data-handling policies, such as stringent password requirements,
and train their employees to follow them. But these measures are hardly foolproof.
Few abuses of personal information leave obvious signs that would tip off victims. As a
Page 2 of 94
result, the dangers are hard to measure, and few organizations have adequate
incentives to take the necessary precautions.
Even when security is tight, the most significant dangers to privacy
derive from uses of personal information that are consciously chosen. Flows of
personal data that are initiated for one purpose are often used for other purposes later
on. The most important of these secondary uses of personal information involve the
merger of databases from different sources. Records of your supermarket purchases,
for example, will be more valuable to marketers if they can be merged with
demographic information about your background and lifestyle. By combining the data
you generate at the supermarket with, for example, information gleaned from your
credit card purchases—where you buy your clothes, rent your videos, and go out to
eat—a well-defined profile of your personal tastes could be developed and used for
future marketing.
In order to merge different databases, however, each database must use
the same identifier (a number that has been assigned uniquely to you). In the United
States, the identifier most often used is the social security number (SSN). A recent
congressional initiative to require states to link social security numbers with driver's
licenses, designed to help control illegal immigration, was put on hold in November
1998 after significant citizen outcry. Privacy advocates oppose the creation of a
national identification card in the United States, which would allow databases to be
merged on a large scale.
On the other hand, no major privacy problems arise from aggregate
data—statistical trends that are calculated from thousands of individual records. There
are many benefits to this type of information, from deducing the causes of illness to
analyzing what types of products are most in demand. This type of personal data
collection means that people are more likely to be alerted to a public health problem,
and it is more likely that the book you want will be in stock and the sweater you like
will come in your favorite colors.
Privacy Violations and Crime
The large amount of personal data floating around in society today

leaves individuals open to having their privacy violated, sometimes with dire
consequences. Incredibly, a stolen social security or credit card number is often all that
is needed to perpetrate identity theft, a type of fraud in which a criminal assumes the
victim's identity to obtain illegal credit and run up huge debts.
Statistics are uncertain on this emerging area of crime, but one estimate
by the U.S. Secret Service, which tracks major cases of identity theft, indicates that
this type of crime was responsible for $745 million in losses in 1997, nearly $300
million more than the previous year. Credit companies say fraud inquiries have soared
in the 1990s to about 500,000 cases annually. Credit laws typically limit direct financial
losses to the victim, but correcting credit records and other corrupted information can
consume a victim's life for years afterward and cost thousands of dollars.
Medical records are another highly sensitive type of information that is
ripe for abuse. Often assumed to be highly confidential as part of the patient-doctor
relationship, electronic medical data in the United States actually has little in the way
of privacy regulation. The rise of large managed-care health organizations and the
tight connections between drug companies, drugstores, and intermediary companies
known as prescription benefit managers (PBMs) have changed the way patient medical
information is used.
It used to be that someone filling a prescription at the local pharmacy
could assume a certain measure of confidentiality. Today, the same consumers could
Page 3 of 94
find themselves receiving letters from the PBM telling them when and how to take their
medication, enrolling them in a special program, or informing them that they have
been switched to a lower-cost prescription. PCS Health Systems, a PBM owned by the
giant drug maker Eli Lilly and Company, covers 56 million people and has a total of 1.5
billion individual prescriptions in its database. Although most people assume that this
information is confidential, in fact the companies can use the information with few legal
restraints.
In addition to intrusive marketing and general concerns about medical
privacy, employees face particular risks if medical records are available to their
employers. There are many accounts of employees that have been reassigned or fired
when supervisors learned of a medical condition by accessing medical records. People
suffering from acquired immune deficiency syndrome (AIDS) can suffer particular harm
if their medical status is disclosed, but even employees seeing a therapist for
depression or another mental condition can face repercussions if their treatment is
disclosed. Although definitive data are hard to come by, a 1996 study by David
Linowes, a professor of political economy at the University of Illinois, showed that one-
third of Fortune 500 companies responding to a survey had utilized individual medical
records in making job-related decisions.
A particularly pertinent example of how personal data can be seriously
misused came in 1997 when a 36-year-old U.S. Navy sailor was threatened with
expulsion from the military because he was linked with an America Online (AOL)
personal profile that said he was homosexual. Timothy R. McVeigh (no relation to the
convicted Oklahoma City bomber) had filled out the AOL profile indicating he was gay
using only the name Tim. But naval investigators found the profile and obtained
McVeigh's full name from AOL's customer service department, in apparent violation of
AOL's own written privacy policies. McVeigh sued the Navy and won a settlement in
June 1998 that allowed him to retire with full benefits and an undisclosed sum. AOL
admitted it made a mistake and agreed to pay an undisclosed sum in damages. AOL
also vowed to conduct employee training on privacy issues.
Inadequate protection of private information can even threaten personal
safety. An actor named Rebecca Schaeffer was killed in 1989 by a deranged fan who
obtained her address through a private investigator. To get the address, the
investigator had simply called the California Department of Motor Vehicles. After this
incident California passed laws restricting access to its motor vehicle records, but of
course this is just one source of personal data. Women escaping from domestic
violence are particularly vulnerable, and must go to great lengths to prevent their
assailant from using public records or illicitly obtained private data to track their hiding
places.
Internet Privacy
A new level of concern over abuse of informational technology has

accompanied the rise of the Internet. Although email is not inherently private, some
guarantees of privacy can be obtained by encrypting the contents of electronic
messages. Emerging technical standards could make such encryption routine in the
future.
The World Wide Web, however, is a more complicated story. Web sites
typically use simple data files called cookies to maintain detailed records of individuals'
movements from one Web page to another. In practice, however, cookies resemble
pseudonyms—false names adopted just for the purpose of browsing that one Web site.
A Web site therefore cannot know a user's identity without explicitly asking for it. In
Page 4 of 94
this sense, the Web's current architecture is inherently friendly to privacy, although
this situation could easily change as that architecture evolves.
However, some Web sites require registration before a user can access
the site, potentially leading to sales pitches and other appeals. Sites targeted at
children have come under particular scrutiny for collecting detailed personal data from
naïve users. The Web can seem like an innocuous, friendly place, but the site you
furnish with your credit card number could be based in a country where U.S. fraud
laws do not apply. An organization such as the nonprofit consortium TRUSTe can
certify a site's privacy policy, but this approach is relatively new and still unproven.
Fear of “Big Brother”
Threats to privacy can also arise from abuse of personal information by

the government. Historically, the most important threat to privacy has been political
oppression. Computers emerged in the years during and immediately after World War
II (1939-1945). Secret police organizations and their networks of listening devices and
informers were common, most prominently in the totalitarian states of Nazi Germany
and the Union of Soviet Socialist Republics (USSR), and to a lesser but still significant
extent in the United States and other democracies. British writer George Orwell
described a culture of constant surveillance in his novel 1984 (1949), and Orwell's all-
seeing ―Big Brother‖ has become a metaphor for privacy invasions of all kinds.
The ―Big Brother‖ concept of a centralized, publicly visible surveillance
system is misleading for modern purposes, however. Contemporary dangers to privacy
are primarily decentralized—they emerge from a combination of databases
representing many different aspects of life. These databases are usually created
independently of one another, and they are often incompatible. When contemporary
governments do engage in systematic surveillance, as in the case of the U.S. National
Security Agency's Echelon system for intercepting electronic communications, they
generally do so secretly rather than openly. Of course, the vast amount of personal
data collected through modern technology only makes such covert surveillance easier.
Privacy Solutions
Potential solutions to the loss of informational privacy can be grouped

into three areas: regulation, technical measures, and individual action. Protecting
privacy is such a complicated and difficult task that any workable solution will have to
address all three areas.
The leading model of privacy regulation worldwide is known in the United
States as fair information practices and in most other countries as data protection. This
model originated in the late 1960s as countries throughout the industrial world built
centralized file systems to support their welfare states. The potential for abuse of these
files was obvious to everyone, and policy makers in several countries—especially
Germany, Sweden, and the United States—articulated a set of principles based on
individual rights. These principles include the right to know what databases exist, the
right to know what the collected information will be used for, and the right to have
false information corrected.
In the United States, these principles were incorporated into the 1974
Privacy Act. However, that law applied only to the government and has loopholes that
make it ineffective in practice. Since that time, the United States has passed a
fragmentary set of industry-specific privacy laws, but industry concerns over limiting
technological development and hampering commerce have prevented any more
generalized legislation from being passed. For the most part, therefore, the
Page 5 of 94
government has allowed private companies to regulate themselves. In the area of

medical records, the 1996 Kennedy-Kassebaum health care legislation, named for
Democratic Senator Ted Kennedy of Massachusetts and then-Senator Nancy
Kassebaum, a Republican from Kansas, mandates that the government must have
medical privacy regulations in place by mid-1999. How strong those regulations will be
is uncertain.
The Europeans have adhered to a stricter privacy standard, believing
that informational privacy is a human right and recalling the abuses of personal data
by the Nazis during World War II. Europe has applied its data protection principles both
to government and to private industry. The European Union (EU) recently gave these
principles constitutional status in the Data Protection Directive, which all EU member
countries must implement. The agreement, which took effect in October 1998, caused
concern in the United States because it prohibits trade with any nation that does not
have adequate privacy laws. Negotiations on this issue between the United States and
the EU were ongoing.
New technologies, the source of much privacy concern, can also be used
to protect privacy. Because privacy problems arise when information is individually
identifiable, cryptographic methods can be used to disguise identity. Digital cash
systems, for example, can take the place of credit cards and operate as anonymously
as ordinary cash, or they can be designed to reveal an identity only with the payer's
permission or with a court order. Similar methods can be employed to support
anonymous email or digital pseudonyms that prevent information from being merged
by different organizations without the individual's permission.
Even without these protections, individuals can act to protect their own
privacy. In some cases, market forces can create incentives for companies to protect
privacy if consumers consistently call for such protection. Consumers should study a
company's privacy policy in its promotional literature. If such a policy is weak or
nonexistent, it is reasonable to assume that the company uses any personal
information it captures in every way it legally can.
Consumers can also protect their privacy when faced with what they
consider excessive requests for information by asking why the information is pertinent
or by refusing to answer the questions. Finally, individuals can take initiative by
informing other citizens about specific privacy problems. Many threats to privacy
remain unpublicized simply because there are too many of them for existing privacy
advocates to track. Even simple research on an unpublicized privacy problem can have
an impact when submitted to a relevant Internet forum, watchdog group, or media
outlet.
At the Crossroads
The spread of information technology has made the world a less private
place. Computers that may be used to invade personal privacy can also be used to
protect it. The Internet might have the potential to become an omnipresent network of
surveillance, but it is already a worldwide forum for education, debate, and advocacy
on privacy issues.
Nothing is set in stone at this point—everything depends on the choices
that society makes over the next few years. Technologists can choose to incorporate
privacy protection in future devices and systems. Consumers can choose to educate
themselves, to assert their rights, and to become activists for sensible privacy
protection. Policy makers can explore the combinations of measures that can protect
privacy or can undermine it. If we so choose, we can enjoy the benefits of new
information technologies while also preserving privacy.
Page 6 of 94
About the author: Philip E. Agre is an associate professor of information studies at

the University of California, Los Angeles (UCLA). He is the coeditor of Technology and
Privacy: The New Landscape and the author of many articles on information
technology.
Source: Encarta Yearbook, December 1998.

http://encarta.msn.com/sidebar_1741587566/Personal_Privacy_in_the_Digital_Age.html
Page 7 of 94
Privacy in the Digital Age: Work in Progress
Jerry Berman & Deirdre Mulligan

Nova Law Review, Volume 23, Number 2, Winter 1999. The Internet and Law
TABLE OF CONTENTS
I. OVERVIEW
II. WHAT MAKES THE INTERNET DIFFERENT?
A. Increased Data Creation and Collection
B. The Globalization of Information and Communications
C. Lack of Centralized Control Mechanisms
III. WHAT DO WE MEAN BY PRIVACY? AND HOW IS IT BEING ERODED?
A. The Expectation of Anonymity
B. The Expectation of Fairness and Control Over Personal Information
C. The Expectation of Confidentiality
IV. WHERE DO WE GO FROM HERE?
A. Maintain a Consistent Level of Privacy Protection for Communications and
Information Regardless of Where They are Stored
B. Raise the Legal Protections Afforded to Transactional Data When it is
Collected
C. Encourage Technologies that Limit the Collection of Personally Identifiable
Data
D. Establish Rules and Implement Technologies That Give Individuals Control
Over Personal Information During Commercial Interactions
E. Create a Privacy Protection Entity to Provide Expertise and Institutional
Memory, a Forum for Privacy Research, and a Source of Policy
Recommendations on Privacy Issues
F. We Must Question Our Tendency to Rely on Government as the Central and
Sometimes Sole Protector of Privacy
V.CONCLUSION
I. OVERVIEW
The Internet is at once a new communications medium and a new locus

for social organization on a global basis. Because of its decentralized, open, and
interactive nature, the Internet is the first electronic medium to allow every user to
"publish" and engage in commerce. Users can reach and create communities of
interest despite geographic, social, and political barriers. The Internet is an
unprecedented mechanism for delivering government and social services, from
education and healthcare to public information. As the World Wide Web grows to fully
support voice, data, and video, it will become in many respects a virtual "face-to-face"
social and political milieu.
However, it remains an open question whether the Internet's democratic
potential will be achieved. The Internet exists within social, political, and technological
contexts that can impede its democratic potential. Governments tout the Internet, but
worry about its threat to their traditional authority. The private sector sees the
economic potential of the Internet, but anti-competitive impulses are also part of the
landscape. Users bring not only their social aspirations to the Internet, but also their
potential for antisocial behavior. Adopting the frontier metaphor, we are now
witnessing the struggle over governance of the Internet. After the revolution, what
Page 8 of 94
type of constitution do we want? Will it be pluralistic and democratic? Will it

incorporate a bill of rights that protects individual liberty and equality?
Protection of privacy is one of the critical issues that must be resolved.
Will the "Digital Age" be one in which individuals maintain, lose, or gain control over
information about themselves? Will it be possible to preserve a protected sphere from
unreasonable government and private sector intrusion? In the midst of this
uncertainty, there are reasons for optimism. Individuals operating on the Internet can
use new tools for protecting their privacy. From anonymous mailers and web browsers
that allow individuals to interact anonymously, to encryption programs that protect e-
mail messages as they pass through the network; individuals can harness the
technology to promote their privacy. Equally important is the new found voice of
individuals. Using e-mail, Web sites, listservers, and newsgroups, individuals on the
Internet are able to quickly respond to perceived threats to privacy. Whether it be a
proposal before the Federal Reserve Board requiring banks to "Know Your
Customers,"[ 1 ] or the release of a product like Intel's Pentium III, that will facilitate
the tracking of individuals across the World Wide Web. Internet users have a forum for
discussion, a simple method to find like-minded souls, and a platform from which to
spread their message. This active vigilance is forcing the government and the private
sector to reckon with a growing and vocal privacy constituency.[ 2 ]
But it is not just individuals' self-interest leading us toward increased
privacy protection. Faced with numerous surveys documenting that the lack of privacy
protections is a major barrier to consumer participation in electronic commerce,
businesses are beginning to take privacy protection more seriously. Numerous efforts
at self-regulation have emerged; both cooperative, such as TRUSTe ,[ 3 ] the Better
Business Bureau's Online Privacy Program,[ 4 ] and the Online Privacy Alliance;[ 5 ]
and perhaps more importantly for the long-run, company specific. A growing number
of companies, under public and regulatory scrutiny, have begun incorporating privacy
into their management process and actually marketing their "privacy sensitivity" to the
public. The collective efforts pose difficult questions about how to ensure the adoption
and enforcement of rules in this global, decentralized medium.
Governments, are also struggling to identify their appropriate role in this
new environment. To date, the United States policy appears to be largely based on the
principle "first do no harm." The restraint shown thus far can be credited with
providing the room for all affected parties to wrestle with the difficult issues presented
by this new environment and move towards consensus. The principles to be abided by,
and to some extent the enforcement schemes, are becoming more robust. Most
importantly, the dialogue in recent months, evidenced by developments such as the
recently passed Children's Online Privacy Protection Act ("COPPA")[ 6 ] --which was
supported by children's advocates, privacy advocates, and companies--has taken an
important turn. Less is heard about the means to achieve privacy protection--self-
regulation versus legislation--and more focus is on the ends--privacy protections for
individuals. These developments provide tangible evidence that common ground is
within reach.
While expectations of privacy are under serious challenge, the self-
interest of the various constituencies that make up the Internet--users, advocates,
industry, and government--are all pushing toward the adoption of technologies and
rules that provide individuals with greater control over their information and their
privacy.
Page 9 of 94
II. WHAT MAKES THE INTERNET DIFFERENT?
If we are to design systems that protect privacy on the Internet--a

globally, networked environment--we must understand the specific challenges to
privacy posed by its functions and use. The Internet presents a series of new
challenges for achieving public policy goals--be they protecting children from
inappropriate material or protecting privacy.
A. Increased Data Creation and Collection
The Internet accelerates the trend toward increased information

collection, which is already evident in our offline world. The data trail, known as
transactional data, left behind as individuals use the Internet is a rich source of
information about their habits of association, speech, and commerce. Transactional
data, click stream data, or "mouse droppings," as it is alternatively called, can include
the Internet protocol address ("IP address") of the individual's computer, the browser
in use, the computer type, and what the individual did on previous visits to the Web
site, or perhaps even other Web sites. This data, which may or may not be enough to
identify a specific individual, is captured at various points in the network and available
for reuse and disclosure. Some of the data generated is essential to the operation of
the network, like the phone number that connects a calling party to the intended
recipient, the IP address is necessary, for without it the network cannot function.
However, other pieces of data may serve purposes beyond network operation. Along
with information intentionally revealed through purchasing or registration activities,
this transactional data can provide a "profile" of an individual's activities. When
aggregated, these digital fingerprints reveal the blueprint of an individual's life. This
increasingly detailed information is bought and sold as a commodity by a growing
assortment of players.
B. The Globalization of Information and Communications
On the Internet, information and communications flow unimpeded across

national borders. The Internet places the corner store, and a store three continents
away, equally at the individual's fingertips. Just as the flow of personal information
across national borders poses a risk to individual privacy, citizens' ability to transact
with entities in other countries places individual privacy at risk in countries that lack
privacy protections. National laws may be insufficient, on their own, to provide citizens
with privacy protections, across borders. Whether it is protecting citizens from fraud,
limiting the availability of inappropriate content, or protecting privacy, governments
are finding their traditional ability to make and effectively enforce policies challenged
by the global communications medium.[ 7 ]
C. Lack of Centralized Control Mechanisms
While developing appropriate domestic policy may be sufficient in a

paper-based world or a centralized and closed network, where nations can control the
flow of information about citizens thereby protecting them from areas where protection
is insufficient, information in a networked environment flows effortless from country to
country, organization to organization, and policy regime to policy regime. Effective
monitoring of the generation, collection, and flow of information on this vast scale may
tax the resources of those currently responsible for data protection or other policies.
Page 10 of 94
In addition to the difficulty of enforcing rules, governments around the

globe are struggling with how to develop appropriate and effective rules. Efforts to use
legal and regulatory instruments developed to address issues in other media--
broadcast, telephone, print--may not be effective, and in cases like the United States'
Communications Decency Act, may be found impermissible .[ 8 ] The need for global,
decentralized solutions has prompted various international bodies including the
European Union, the Organization for Cooperation and Development, and the United
Nations to examine how to best advance their missions in this new environment .[ 9 ]
As Dr. Malcolm Norris, Data Protection Commissioner for the Isle of Man, concluded in
his paper, Privacy and the Legal Aspects of the Information Superhighway, "I believe
the Internet will prove to be very difficult to govern in the way that Governments may
wish."[ 10 ]
Together, the characteristics of the new medium pose challenges to our
traditional, top-down methods of implementing policy and controlling behavior.
Providing a seamless web of privacy protection to data as it flows through this
international network will require us to harness the business community's interest in
promoting commerce, the government's interest in fostering economic growth and
protecting its citizens, and the self-interest of individuals in protecting themselves from
the overreaching of the government and the private sectors. It requires us to use all of
the tools at our disposal--international agreements, legislation, self-regulation, public
education, and the technology itself. We must begin by reaching consensus on what
we mean by protecting privacy, but we must keep the characteristics of the online
environment sharply in focus. Concentrating in this manner is essential for the nature
of the Internet and may alter the manner through which we achieve our goals.
III. WHAT DO WE MEAN BY PRIVACY? AND HOW IS IT BEING ERODED?
Privacy means many things to many people and different things in

different contexts.[ 11 ] For the purpose of our discussion, we will examine several
core "privacy expectations"[ 12 ] that individuals have long held, and which should
carry over to their interactions on the Internet that are under siege.
A. The Expectation of Anonymity
Imagine walking through a mall where every store, unbeknownst to you,

placed a sign on your back. The signs tell every other store you visit exactly where you
have been, what you looked at, and what you purchased. Something very close to this
is possible on the Internet.
When individuals surf the World Wide Web, they have a general
expectation of anonymity, more so than in the physical world where an individual may
be observed by others. If an individual has not actively disclosed information about
herself, she believes that no one knows who she is or what she is doing. But the
Internet generates an elaborate trail of data detailing every stop a person makes on
the Web. This data trail may be captured by the individual's employer if she logged on
at work, and is captured by the Web sites the individual visits.[ 13 ] Transactional
data, click stream data, or "mouse-droppings," can provide a "profile" of an individual's
online life.
Technologies such as "cookies,"[ 14 ] written directly onto your hard
drive, enable Web sites to surreptitiously collect information about your online
activities and store it for future use. Designed for the benign purpose of enabling Web
sites to recognize a repeat visitor and respond accordingly, cookies were quickly
adopted by Web sites to facilitate the tracking of specific individual's activities at Web
Page 11 of 94
sites for the purpose of customizing content and advertising. The surreptitious
collection of information about individual's activities, across multiple Web sites enabled
through some "cookie" implementations, gained the attention of Internet users,
technicians, and policy makers.[ 15 ] Companies, such as Doubleclick, use this detailed
transactional information to provide targeted online advertising. Others, such as
Adfinity, combine these "mouse-droppings" or "click-stream data" with personal
information collected from other sources into fully identifiable profiles of the
individual's online and offline behavior.
The increased data collection enabled by the Internet and electronic
commerce are part of a larger phenomena--the growing market in personal
information. As one reporter stated: ―Let's face it: Companies are fascinated by me. ―
Okay, maybe not me personally, but "me"--the consumer--collectively. I
possess something nearly as valuable as spendable cash: information about myself.
Before they can get to "me" to buy something, they need to know a lot about me: how
old I am, how much I make, who I voted for, what I eat, wear, drive think or do. [ 16 ]
Evidence of the growing market for detailed "personal profiles" of
individuals is rampant on the Internet. Be it personalized search engines and "portals,"
the pervasive use of "cookies" and other sticky bits of data that Web sites store on
visitors' computers to aid the site in personalizing and targeting content and
advertising, or the recent move by Intel to stamp each computer--and once the
individual using the computer releases information, each individual--with a unique and
traceable identity in cyberspace. The business communities rapacious appetite for
information is all too apparent. Last August, some of the largest commercial sites on
the World Wide Web announced that they would feed information about their
customers' reading, shopping, and entertainment habits into a system developed by a
Massachusetts company that was already tracking the moves of more than thirty
million Internet users, recording where they go on the Internet and what they read,
often without the users' knowledge.[ 17 ] In a sense, the system does what direct mail
companies have done for years. But Internet based systems can be more precise,
determining not only which magazines you subscribe to, but also which articles you
read. More recently stories about "free" computers, valued at approximately $999,
provided to individuals in exchange for detailed information about themselves and their
families and permission to track their Internet usage, provide some indication of the
value placed by a section of the business community on personal information and the
lengths to which they will go to solicit it.[ 18 ]
While the private sector uses of personal information generated by use
of the Internet have been scrutinized by the public and the press, the governments
interest in and use of it has received less attention. But governments are interested in
this data too. As the Federal Trade Commission revealed in its report to Congress on
the Individual Reference Service Industry ("Look-up Services"), the government is a
major customer of personal information about us .[ 19 ] While marketing information is
not the fodder for "look-up services," it too is attractive to the government. A battle
being waged today, over the "location" information available through many cellular
networks, foreshadows the larger privacy considerations lurking in the vast data
generated by individuals' use of the Internet.[ 20 ] In the course of processing calls,
many wireless communications systems collect information about the cell site and
location of the person making or receiving a call. Location information may be captured
when the phone is merely on, even if it is not handling a call .[ 21 ] Both government
and the private sector have their eye on this location information. While the
government seeks to build added surveillance features into the network and ensure
their access to the increasingly detailed data it captures, the private sector is
considering how to use this new form of information. A company in Japan is
Page 12 of 94
experimenting with a World Wide Web site that allows anyone to locate a phone, and
the person carrying it, by merely typing in the phone number .[ 22 ] As one reporter
put it: "Cellular telephones, long associated with untethered freedom, are becoming
silent leashes."[ 23 ]
Now we head to the register. In the physical world, individuals can
choose to purchase goods and services with a variety of payment mechanisms, the
most common being cash, check, bank card, credit card, and a prepaid stored value
mechanism, such as a travelers check or smart- card. Individuals can, and often do,
pay by cash.[ 24 ] An individual's choice of payment mechanism impacts on her
privacy. The amount of personal information generated and collected varies from
theoretically none in a cash transaction to identity, item or service purchased,
merchant, and date and time in a credit transaction. Similarly, the list of parties who
have access to personal data can range from the individual and the merchant in a cash
transaction, to the merchant, affiliated issuer, transaction processor, credit card
company, and individual in a credit card transaction. In general, cash provides the
most privacy protection during financial transactions in the offline world .[ 25 ] It is
fungible, largely untraceable, and because its value is inherent and irrefutable, it
requires no additional assurance of authenticity which often drives the collection of
identity information.
In the online environment, the digital equivalent of cash has not yet
achieved widespread use. Most online purchases are made with credit cards, which
identify the individual and facilitate the collection of purchasing data. The lack of a
cash equivalent in the online world, and its reduced use in the physical world, will
seriously alter the privacy of individuals' financial dealings.[ 26 ]
For example, consider the differences between an auction/yard sale in
the physical world and Ebay, the premiere auction/classified listing/yard sale on the
World Wide Web. Attendees at a traditional auction while physically present do not
reveal who they are prior to participation. At Ebay, prior to bidding individuals must
provide a name, home address, phone number and e-mail address. The differences
between the information collected to support a similar activity in these two
environments to some degree reveals the increased emphasis placed on knowing the
identity of the individual with whom you are interacting where the payment mechanism
is less secure than what cash affords. The translation of cash, the most privacy
protective of payment mechanisms, into an online equivalent, is a pressing privacy
issue.[ 27 ] Without it we will quickly move from a world of cash-based anonymity to
one of full identification and increased tracking of individuals' purchases .[ 28 ]
B. The Expectation of Fairness and Control Over Personal

Information
When individuals provide information to a doctor, a merchant, or a bank,

they expect that those professionals/companies will base the information collected on
the service and use it for the sole purpose of providing the service requested. The
doctor will use it to tend to their health, the merchant will use it to process the bill and
ship the product, and the bank will use it to manage their account--end of story.
Unfortunately, current practices, both offline and online, foil this expectation of
privacy. Whether it is medical information, or a record of a book purchased at the
bookstore, information generated in the course of a business transaction is routinely
used for a variety of other purposes without the individual's knowledge or consent.
Some entities go so far as to declare the information individuals provide them as
company "property."
Page 13 of 94
There are multiple examples of companies using and disclosing personal

information for purposes well beyond what the individual intended. For example,
recent news stories have focused the public on misuses of personal health information
by the private sector--particularly when it is digitized, stored and manipulated.
Recently, the Washington Post reported that CVS drug stores and Giant Food were
disclosing patient prescription records to a direct mail and pharmaceutical company .
[ 29 ] The company was using the information to track customers who failed to refill
prescriptions, and then sending them notices encouraging them to refill and to
consider other treatments.[ 30 ] Due to public outrage and perhaps the concern
expressed by senators crafting legislation on the issue of health privacy, CVS and Giant
Food agreed to halt the marketing disclosures.[ 31 ] But the sale and disclosure of
personal health information is big business. In a recent advertisement Patient Direct
Metromail advertised that it had 7.6 million names of people suffering from allergies,
945,000 suffering from bladder-control problems, and 558,000 suffering from yeast
infections.[ 32 ]
While many expect strong concern for privacy to surround sensitive
information such as health and financial records, several recent incidents involving the
sale and disclosure of what many perceive as less sensitive information indicate a
rising of privacy concerns among the public.[ 33 ] In recent years, a number of
corporations, as well as government entities, have learned the hard way that
consumers are prepared to protest against services that appear to infringe on their
privacy. In 1996, public criticism forced Lexis-Nexis to withdraw a service known as P-
Trak, which granted easy online access to a database of millions of individuals' Social
Security numbers. Also in 1996, Yahoo faced a public outcry over its People Search
service. The service, jointly run with a marketing list vendor, would have allowed Net
searchers to put an instant finger on 175 million people, all culled from commercial
mailing lists. After hearing the complaints, Yahoo decided to delete 85 million records
containing unlisted home addresses. During August of 1997, American Online ("AOL")
announced plans to disclose its subscribers' telephone numbers to business partners
for telemarketing.[ 34 ] AOL heard loud objections from subscribers and advocates
opposed to this unilateral change in the "terms of service agreement" covering the use
and disclosure of personal information .[ 35 ] In response, AOL decided not to follow
through with its proposal.[ 36 ] At the beginning of the year, the Washington Post
reported that several states had entered into agreements to sell state drivers' license
photos to Image data. Under public scrutiny the deal seemed quite different,--state
governors and legislatures quickly moved to block the contract. Florida Governor Jeb
Bush terminated the contract saying: "I am personally not comfortable with the state
mandating license photos for the purpose of identifying authorized drivers, and then
selling those photos at a profit for a completely different purpose."
The technologies' surveillance capacity to collect, aggregate, analyze and
distribute personal information coupled with current business practices have left
individual privacy unprotected. While recent surveys[ 37 ] and public pressure have
raised the privacy consciousness of companies, particularly those operating online,[ 38
] individuals' information is frequently used and disclosed for purposes well beyond
what the individual provided it for.
C. The Expectation of Confidentiality
When individuals send an e-mail message, they expect that it will be

read only by the intended recipient. Unfortunately, this expectation too is in danger.
For starters, if an individual is using an office computer, it is possible, and legal, for her
Page 14 of 94
boss to monitor her messages. If she is using her home computer, her privacy is still
not fully assured.
While United States law provides e-mail the same legal protection as a
first class letter, the technology leaves unencrypted e-mail as vulnerable as a postcard.
Compared to a letter, an e-mail message travels in a relatively unpredictable and
unregulated environment. As it travels through the network, e-mail is handled by
many independent entities: in comparison, a letter is handled only by the United
States Postal Service. To further complicate matters, the e-mail message may be
routed, depending upon traffic patterns, overseas and back, even if it is a purely
domestic communication. While the message may effortlessly flow from nation to
nation, the statutory privacy protections stop at the border. In addition, unlike the
phone or postal systems, the Internet does not have central points of control. While
the decentralized nature of the Internet allows it to cope with problems and failures in
any given computer network, by simply routing in another direction, it also provides
ample opportunities for those seeking to capture confidential communications .[ 39 ]
The rogue action or policy of a single computer network can compromise the
confidentiality of information.
But e-mail is just one example, today our diaries, our medical records,
our communications, and confidential documents are more likely to be out in the
network than under our bed. This has drastic consequences for our privacy--as
information moves further out onto the network our existing statutory framework
provides less and less protection.
It's useful to look at the weak state of privacy protections for other
personal papers and records. Individuals traditionally kept their diaries under their
mattress, in the bottom drawer of their dresser, or at their writing table. Situated
within the four walls of the home, these private papers are protected by the Fourth
Amendment. With the advent of home computers, individual diaries moved to the
desktop and the hard drive. Writers, poets, and average citizens quickly took
advantage of computers to manage and transcribe their important records and
thoughts. Similarly, pictures moved from the photo album to the CD-ROM.
Today, network computing allows individuals to rent space outside their
home to store personal files and personal World Wide Web pages. The information has
remained the same. A diary is a diary is a diary. But storing those personal thoughts
and reflections on a remote server eliminates many of the privacy protections they
were afforded when they were under the bed or on the hard drive. Rather than the
Fourth Amendment protections--including a warrant based on probable cause, judicial
oversight, and notice--the individual's recorded thoughts may be obtained from the
service provider through a mere court order with no notice to the individual at all.
The weak state of privacy protection is evident in the business setting
too. Let's look at medical records. Hospitals, their affiliated clinics, and physicians are
using intranets to enable the sharing of patient, clinical, financial, and administrative
data. Built on Internet technologies and protocols, the private networks link the
hospital's information system, to pharmacy and laboratory systems, transcription
systems, doctor and clinic offices and others. The United States government is
contemplating the development of a federal government-wide computer-based patient
record system.[ 40 ] According to news reports, the Internet and World Wide Web-
based interfaces are under consideration .[ 41 ] The private sector is moving to
integrate network computing into a sensitive area of our lives, the doctor's office .[ 42 ]
As computing comes to medicine, the detailed records of individuals'
health continue to move not just out of our homes, but out of our doctor's offices.
While the use of network technology promises to bring information to the fingertips of
Page 15 of 94
medical providers when they need it most, and greatly ease billing, prescription refills,
and insurance preauthorizations, it raises privacy concerns.
In the absence of comprehensive federal legislation to protect patient
privacy, the legal protections afforded medical records may vary greatly depending
upon how the network is structured, where data is stored, and how long it is kept. If
records are housed on the computer of an individual doctor then access to that data
will be governed by the Fourth Amendment.[ 43 ] Law enforcement would be required
to serve the doctor with a warrant or subpoena and the doctor would receive notice
and have the chance to halt an inappropriate search. Under federal law, the patient
however, would receive no notice and have no opportunity to contest the production of
the records. When information is in transit between a doctor and a hospital through a
network, law enforcement's access is governed by the warrant requirements of The
Electronic Communications Privacy Act of 1986 ("ECPA"); and, neither doctor nor
patient receive prior or contemporaneous notice. If the records are stored on a server
leased from a service provider, the protections are unclear. They may be accessible by
mere subpoena. If they are covered by the "remote computing" provisions of ECPA this
would severely undermine privacy in the digital age .[ 44 ]
The confidentiality of our sensitive information is challenged by a legal
framework that hinges protections on who maintains the information, how the network
is structured, where data is stored, and how long it is kept. As our wallets become "e-
wallets" housed somewhere out on the Internet rather than in our back-pockets, and
as our public institutions, businesses, and even cultural institutions find homes online,
the confidentiality of our communications, papers, and information is at risk of
compromise.
IV. WHERE DO WE GO FROM HERE?
It is clear that our existing legal framework did not envision the
pervasive role information technology would play in our daily lives. Nor did it envision
a world where the private sector would collect and use information at the level it does
today. Our legal framework for protecting individual privacy in electronic
communications while built upon constitutional principles and statutory protections,
reflects the technical and social "givens" of specific moments in history. From a belief
that the government's collection and use of information about individuals' activities and
communications was the only threat to individual privacy and that a solid wall
separated the data held by the private and public sector; to the notion that the
Internet would be used primarily for a narrow slice of activities and that private and
public spaces were easily demarcated, these vestiges of a pre-Internet, pre-networked
world, stress our existing privacy framework.
Crafting proper privacy protections in the electronic realm has always
been a complex endeavor. It requires a keen awareness of not only changes in
technology, but also changes in how the technology is used by citizens, and how those
changes are pushing at the edges of existing laws. From time to time these changes
require us to reexamine our fabric of privacy protections. The issues raised in this
article indicate that it is time for such a review.
The Internet has changed the quantity and quality of data available
about individuals' lives, but unfortunately our business practices, norms, and laws
have not progressed to ensure individuals' privacy. At the outset, there are six areas
where we must step up our activities to strengthen privacy protections. Clear proposals
can be attached to some, while at this time others require further consideration.
Page 16 of 94
A. Maintain a Consistent Level of Privacy Protection for Communications and

Information Regardless of Where They are Stored
Increasingly, our most important records are not "papers" in our

"houses" but "bytes" stored electronically at distant "virtual" locations for indefinite
periods of time and held by third parties. As discussed in Part I, the Internet, and
digital technology generally, accelerate the collection of information about individuals'
actions and communications. Our communications, rather than disappearing, are
captured and stored as well on servers controlled by third parties. With the rise of
networking and the reduction of physical boundaries for privacy, we must ensure that
privacy protections apply regardless of where information is stored.
Under our existing law, there are now essentially four legal regimes for
access to electronic data: 1) the traditional Fourth Amendment [ 45 ] standard for
records stored on an individual's hard drive or floppy disks; 2) the Title III-Electronic
Communications Privacy Act[ 46 ] standard for records in transmission; 3) the
standard for business records held by third parties, available on a mere subpoena to
the third party with no notice to the individual subject of the record;[ 47 ] and 4) for
records stored on a remote server such as the research paper, or the diary, of a
student stored on a university server, or the records, including the personal
correspondence, of an employee stored on the server of the employer, the scope of
which is probably unclear.
As the third and fourth categories of records expand because the wealth
of transactional data collected in the private sector grows and people find it more
convenient to store records remotely, the legal ambiguity and lack of strong protection
grows more significant and poses grave threats to privacy in the digital environment.
Independent Counsel Starr's investigation into books purchased by Monica Lewinsky
highlights the potential sensitivity of records routinely collected by businesses and the
intersection of privacy and First Amendment concerns .[ 48 ] During his investigation
into President Clinton's relationship with White House intern Monica Lewinsky, Starr
sought information confirming the purchase of a specific book by Miss Lewinsky. Starr
served a subpoena upon Kramer Books, a local DC bookstore, demanding the
production of records reflecting purchasing activities .[ 49 ] While the book store
valiantly objected to the subpoena on First Amendment and privacy grounds, and Starr
eventually obtained Miss Lewinsky's records through other channels, this incident
raised concern among the book-buying public.[ 50 ] To search Miss Lewinsky's
residence for information about her reading habits Starr would have needed a warrant,
but in the hands of the bookstore the records were available under a less stringent
standard.
Sometimes the equation is flipped--the government has collected the
data and the private sector seeks access to it. During the law suit brought by several
states, including Massachusetts, against the tobacco industry for repayment of state
health care costs for smoking related illnesses, lawyers for the tobacco industry sought
access to a Massachusetts database containing records on every hospital visit by every
person in the entire state population.[ 51 ] While the State's purpose for collecting the
data was to compare what it paid for health care to private insurers, it failed to enact
privacy protections to limit access to the database .[ 52 ] Because the State's argument
for repayment was premised on its ability to prove damage to state residents from
tobacco products, the tobacco companies wanted to see the data supporting it.[ 53 ]
Massachusetts acted responsibly, hiring a team of cryptographers to ensure that the
data released wouldn't identify individuals, however the fact remains that the data was
not protected by law.[ 54 ]
Page 17 of 94
Even our communications are vulnerable under today's law. Under the
existing legal framework, the same e-mail message would be afforded different privacy
protections depending on whether it was sought: while on the individual's computer; in
transmission; unread in storage for less than 180 days; or, read but left on the service
provider's server. The differences in protection afforded e-mail depending on whether
it is captured in transmission, accessed in storage while unread, or accessed in storage
after it has been read seem unwarranted, for the communication and individuals'
expectations of privacy remain the same. In an era where e-mail is more commonly
accessed as a stored record than through an interception, the concepts developed for
governmental access to business records in the relatively static, paper-based
environment are an ill-fit and provide weak protections for individual privacy. It is time
to provide a framework that reflects individuals' expectations.
B. Raise the Legal Protections Afforded to Transactional Data When it is

Collected
Where information is needed, we must ensure that it is protected from

misuse and unfettered government access. Congress acted by legislation to establish a
right of privacy in bank records in the wake of a Supreme Court decision finding they
were without constitutional protection.[ 55 ] Institutions all across the economy are
quickly becoming store houses of information about individuals' marketplace
behaviors,--unlike records held by banks, these new databases are unprotected. The
possibilities of computer analysis have given value to tidbits previously considered
meaningless: the little digital footprints individuals leave showing who they called,
where they used their credit cards, what websites they visited, what products they
purchased, and when they entered the "intelligent" highway using the automatic toll
booth. While a certain website or product registration card may only ask for a few
minor pieces of personal information, together they constitute a fairly complete profile
of one's associations, habits, health condition and personal interests, combining credit
card transactions with magazine subscriptions, telephone numbers, real estate records,
car registrations and fishing licenses.[ 56 ] The digital deposits of these transactional
details are so deep that the practice of exploiting their commercial value is called
"data-mining," evoking the intensive, subterranean, and highly lucrative labors of an
earlier age.
It's time to ensure that the records of our reading habits, our online
browsing, and all the details of our lives left behind, online and in electronic commerce,
are not treated as mere "business records" available, without our knowledge or
permission, at the government's request. For even the most mundane of records can
harbor risks to privacy. A December Washington Post article revealed that Drug
Enforcement Administration ("DEA") officials were reviewing records of grocery store
purchasing data collected to support "frequent shopper" or loyalty programs.[ 57 ]
What would DEA officials possibly hope to uncover? According to the Post, they were
seeking to identify purchasers of large numbers of small plastic bags and baking
powder -- common grocery supplies used by drug dealers to dilute and package
cocaine and other drugs.[ 58 ] As businesses intensify their data collection efforts we
must take steps to strengthen the privacy protections afforded this data.
Congress took the first small step towards recognizing the changing
nature of transactional data in the networked environment with amendments to the
Electronic Communications Privacy Act[ 59 ] enacted as part of the Communications
Assistance for Law Enforcement Act of 1994 ("CALEA ").[ 60 ] The 1994 amendments
recognized that transactional data was emerging as a hybrid form of data, somewhere
between addressing information and content, and was becoming increasingly revealing
Page 18 of 94
of personal patterns of association. For example, addressing information was no longer

just a number and name, but contained the subject under discussion and information
about the individual's location. Therefore, Congress raised the legal bar for
government access to transactional data by eliminating subpoena access and requiring
a court order, albeit one issued on a lower relevance standard.[ 61 ] This Congress
passed legislation to foster online interactions between citizens and the government by
facilitating the government's acceptance of digital certificates.[ 62 ] The legislation
includes forward looking privacy protections for the transactional data generated by
citizens' use of digital certificates.[ 63 ] On a case by case basis, the courts are
addressing the privacy issues raised by this revealing data. However, as electronic
commerce becomes pervasive, transactional data will continue to proliferate. A
piecemeal approach may not provide the privacy protections that this potentially
sensitive information deserves.
C. Encourage Technologies that Limit the Collection of Personally Identifiable

Data
Law is only one tool for protecting privacy. In this global, decentralized
medium, we must promote applications of technology that limit the collection of
transactional information that can be tied to individuals.[ 64 ] Some tools developed to
protect privacy by limiting the disclosure, or cloaking it, of information likely to reveal
identity, or decoupling this identity information from the individual's actions and
communications, exploit the decentralized and open nature of the Internet.[ 65 ] For
example, Crowds provides anonymity to individuals surfing the Web by mingling their
requests for access to Web sites with those of others.[ 66 ] By routing Web site access
requests in a series of unpredictable paths, the identity of the requester is hidden.
Similarly, Onion Routing uses the decentralized nature of the Internet coupled with
public key encryption to provide privacy protections for Internet communications.[ 67
] Communications are passed through a series of routers before reaching the recip-
ient. Resembling an onion, the message is encircled in a series of lay-ers. Each router
is able to peel one layer of the onion enabling it to learn the next stop in the messages
path. Passing messages in this fashion protects an individual's identity by obfuscating
the originator and recipient of the message from points in the network. These technical
advances, if adopted by users, can provide protections for privacy.
Of particular importance are payment mechanisms that preserve
anonymity. By using cash, individuals can engage in many daily transactions without
revealing their identity. Depending on the design choices we make, the online
environment could wipe out the expectation of privacy that the physical world's cash
purchase provides or the technology of electronic payments could preserve privacy.
Similarly, digital certificates, if guided by privacy concerns, could be designed to limit
the instances in which identity is used as a broad substitute for specific traits or
abilities.
A number of companies have attempted to craft cash-like payment
mechanisms.[ 68 ] Digicash is a frequently mentioned payment mechanism that
provides cash-like anonymity to individual users.[ 69 ] Digicash relies on blind digital
signatures, a cryptographic technique, to prevent the bank, or other money issuer, and
merchant from linking the individual's identity to specific transactions.[ 70 ] Blind
signatures provide the merchant with the ability to determine the value and establish
the authenticity of the payment while shielding the individual's identity. The bank,
while privy to information about the user's identity, and able to deduct the appropriate
sum from the individual's account, is incapable of tying the particulars of a transaction
to the individual.[ 71 ]
Page 19 of 94
The ability to engage in cash-like transactions in the online environment

is important to the protection of privacy. The enhanced data generation and collection
that occurs during the process of browsing a virtual store front, a merchant's World
Wide Web site, increases the privacy concerns associated with the revelation of identity
during the payment process. The capacity to connect information far in excess of the
specifics of a given financial transaction to the individual's identity increases the risks
to individual privacy relative to the concerns in the offline world.
Digital cash technology can vastly reduce the need for the collection and
revelation of identity information. By providing alternative methods of authenticating
value, the online environment can afford cash-like anonymity while providing some of
the protections against theft associated with traditionally data intensive payment
mechanisms. For example, Digicash's reliance on blind digital signatures may limit the
risk of theft by providing for non-identity dependent methods of verifying the
transaction at the point that value is removed from the individual's account.
The development of electronic payment mechanisms that protect privacy
hinges on the use of strong cryptography and the creation of a robust public key
infrastructure to support its use.[ 72 ] By designing payment mechanisms to limit the
collection of personally identifiable information by banks, clearinghouses, and
merchants, it is possible to preserve the privacy which individuals currently enjoy
during cash transactions and perhaps move the developers of other payment
mechanisms to enhance privacy protection. The private sector and the government
should foster the development of payment mechanisms and other technologies that
foster anonymity and privacy.
D. Establish Rules and Implement Technologies That Give Individuals Control

Over Personal Information During Commercial Interactions
We must adopt enforceable standards, both self-regulatory and

regulatory, to ensure that information provided for one purpose is not used or
redisclosed for other purposes. At the same time, we must recognize that in this
freewheeling, open marketplace, there will be limits to the effectiveness of regulation
and self-regulation. Therefore, we must look to technological tools that will empower
individuals to control their personal information.
The Federal Trade Commission and the Department of Commerce are
engaged in initiatives designed to promote "fair information practice principles" in the
online environment. The business community is also engaged in efforts to protect
privacy through self-regulatory guidelines and enforcement mechanisms. All such
efforts should focus on the Code of Fair Information Practices ("CFIP") developed by
the Department of Health, Education and Welfare ("HEW") in 1973 [ 73 ] and the
Guidelines for the Protection of Privacy and Transborder Flows of Personal Data,
adopted by the Council of the Organization for Economic Cooperation and Development
in 1980.[ 74 ] Coupled with the World Wide Web Consortium's Platform for Privacy
Preferences ("P3P")[ 75 ], rules based on the FIP will provide a framework that
protects privacy by limiting data collection to that which is necessary for transactions
and ensuring that individuals are the arbiters of their personal information. The
challenge of implementing privacy practices, such as notice and consent, on the
Internet is ensuring that they are implemented in a fashion that builds upon the
medium's real-time and interactive nature and uses it to foster consumer privacy.
While the path to this policy is currently quite contested, there is some
indication of a growing willingness to collaborate in order to develop privacy
protections. Debate over the capacity of self-regulation and market forces to
adequately address privacy concerns is common in the privacy and consumer
Page 20 of 94
protection arenas, and will continue to rage. Advocates often take the position that
self-regulation is inadequate due to both a lack of enforcement and the absence of
legal redress to harmed individuals. Industry tends to strongly favor self-regulation,
stating that it results in workable, market-based solutions while placing minimal
burdens on affected companies. These positions, while in tension, have both accurately
described the self-regulatory process. A close look at the enactment of federal privacy
legislation over the years reveals that the battle itself, with all its sound and fury, is
the path to legislation.
Historically, for privacy legislation to garner the support of at least a
section of the industry, which is generally critical to successful legislative efforts, it
must build upon the work of some industry members--typically binding bad actors to
the rules being followed by industry leaders--or, be critically tied to the viability of a
business service or product as with the Video Privacy Protection Act and the Electronic
Communications Privacy Act.[ 76 ]
Today, the dialogue over assuring privacy on the Internet and in
electronic commerce is well situated for a successful legislative effort. Privacy-aware
companies are seeking to develop and implement self-regulatory programs. Surveys
have shown that the viability of online commerce depends upon the existence of real
protections for consumers' privacy. Similar to the development of early privacy laws,
some industry actors have led the way crafting self-regulatory policies that are the
prototype for subsequent legislation supported by self-regulated players who for
reasons of public trust, liability, and/or government concern want to bind bad industry
actors.
Advocates of both self-regulation and legislation each have a vested
interest in exploring and resolving the hard issues. Questions of what is personally
identifiable information in the context of the Internet, what does access require, and
what is the appropriate way to police and provide remedies in this environment must
all be explored. The work of the Online Privacy Alliance to develop principles to protect
children's privacy became a starting point for the recently passed Children's Online
Privacy Protection Act.[ 77 ] The collective desire to provide privacy protections that
protect individuals' privacy, and encourage them to participate in the online
environment, provides the common ground for the development of sound policies and
enforcement strategies in the coming year.
E. Create a Privacy Protection Entity to Provide Expertise and Institutional

Memory, a Forum for Privacy Research, and a Source of Policy
Recommendations on Privacy Issues
The work outlined above, and the state of privacy today, all weigh in
favor of creating a privacy entity within the federal government. The existing approach
has hindered the development of sound policy and failed to keep pace with changes in
technology. The United States needs an independent voice empowered with the scope,
expertise, and authority to guide public policy. Such an entity has important roles to
play on both domestic and international fronts. It would serve as the forum for
collaboration with other governments, the public interest community, and the business
community.
There are a myriad of functions an entity charged with promoting privacy
could perform. Unfortunately, the debate over the scope and power of such an agency
or office has consistently stymied attempts to create one. As in many areas, the
perfect has been the enemy of the good. At this junction, foremost on this entity's
agenda should be developing and articulating a comprehensive vision of privacy
protection for the United States, and coordinating efforts to advance it in both the
Page 21 of 94
public and private sector. The emergence of the Internet and other advanced
technologies require us to reflect, study, adapt, and apply existing privacy principles
and at times develop new ones. Without expertise and devoted resources this task will
not be undertaken.
To function well, such an entity should have the ability to:
1. monitor and evaluate developments in information technology with respect to
their implications for personal privacy;
2. conduct research, hold hearings, and issue reports on privacy issues in both
the public and private sector;
3. develop and recommend public policy appropriate for specific types of
personal information systems;
4. comment upon government and private sector proposals that impact on
privacy;
5. review agency activities under the Privacy Act;
6. participate in government proposals that impact on privacy .[ 78 ]
The level of 1) public concern; 2) agency activity; 3) private sector
investment; and 4) non-governmental organization focus on individual privacy, cry out
for the formation of an entity able to comprehensively and effectively address privacy
issues.
In July, Vice President Gore announced the Administration's intent to
appoint an individual to oversee and coordinate the governments privacy activities as
part of the "Electronic Bill of Rights."[ 79 ] While the duties and powers of this
individual are unclear, the announcement signals the Administration's recognition that
privacy is an issue of growing importance and one that the Administration must play a
role in coordinating. As of publication, no appointment has been made.
F. We Must Question Our Tendency to Rely on Government as the Central and

Sometimes Sole Protector of Privacy
In the decentralized and global environment of the Internet, the law's

impact will be limited. In an area such as privacy, where the government's actions
have often been detrimental rather than supportive, we must ask if other options--
such as technology may provide stronger protection. We must encourage the
development and implementation of technologies that support privacy. They are
critically important on the Internet and other global medium. Strong encryption is the
backbone of technological protections for privacy. Today technical tools are available to
send anonymous e-mail, browse the World Wide Web anonymously, and purchase
goods with the anonymity of cash.
Public policy is quickly becoming as much a product of computer code
and product decisions as law. Advocates who once focused nearly exclusively on
federal and state legislatures and agencies are increasingly seeking to influence the
design of technical standards and specifications, and even specific product designs.
From the Internet Engineering Taskforce and the World Wide Web Consortium, to the
United States Telephone Association, decisions that will affect the future of privacy are
made each day. Advocates, the public, and policy-makers have taken fire at specific
products ranging from Lexis-Nexis Ptrak[ 80 ] to the soon to be released Intel Pentium
III Processor seeking to ward off privacy invasions. But as we ward off the bad, we
must move for the development of the good--seeking to foster technologies,--both
standards and specific products,--that protect privacy.
Future technical developments have the capacity to provide an
underlying framework for privacy, providing greater anonymity, confidentiality, and a
platform for fair information practices.[ 81 ] Technologies must be a central part of our
Page 22 of 94
privacy protection framework, for they can provide protection across the global and
decentralized Internet where law or self-regulation may fail us.
V. CONCLUSION
No doubt, privacy on the Internet is in a fragile state, however, there is

new hope for its resuscitation. The business community, enlightened by survey upon
survey documenting consumers' privacy concerns, has recently begun serious efforts
at self-regulation. The White House, the Federal Trade Commission, the Department of
Commerce, and Congress all show interest in ensuring that privacy is protected as the
digital economy is embraced. A growing number of advocacy organizations, ranging
from consumer to civil liberties to libertarian organizations, have begun to focus on
privacy. Thanks to the Internet, the public voice is being heard more clearly than ever-
-more often than not weighing in strongly in support of privacy protections through law
and technology.
There is a special need now for dialogue. Providing a web of privacy
protection to data and communications as they flow along networks requires a unique
combination of tools--legal, policy, technical, and self-regulatory. Cooperation among
the business community and the nonprofit community is crucial. Whether it is setting
limits on government access to personal information, ensuring that a new technology
protects privacy, or developing legislation--none will happen without a forum for
discussion, debate, and deliberation.
http://www.cdt.org/publications/lawreview/1999nova.shtml
Page 23 of 94
CERT® Coordination Center
Home Network Security
This document gives home users an overview of the security risks and
countermeasures associated with Internet connectivity, especially in the context of
―always-on‖ or broadband access services (such as cable modems and DSL). However,
much of the content is also relevant to traditional dial-up users (users who connect to
the Internet using a modem).
I. Computer security
A. What is computer security?
B. Why should I care about computer security?
C. Who would want to break into my computer at home?
D. How easy is it to break into my computer?
II. Technology
A. What does "broadband" mean?
B. What is cable modem access?
C. What is DSL access?
D. How are broadband services different from traditional dial-up services?
E. How is broadband access different from the network I use at work?
F. What is a protocol?
G. What is IP?
H. What is an IP address?
I. What are static and dynamic addressing?
J. What is NAT?
K. What are TCP and UDP ports?
L. What is a firewall?
M. What does antivirus software do?
III. Computer security risks to home users
A. What is at risk?
B. Intentional misuse of your computer
1. Trojan horse programs
2. Back door and remote administration programs
3. Denial of service
4. Being an intermediary for another attack
5. Unprotected Windows shares
6. Mobile code (Java, JavaScript, and ActiveX)
7. Cross-site scripting
8. Email spoofing
9. Email-borne viruses
10. Hidden file extensions
11. Chat clients
12. Packet sniffing
C. Accidents and other risks
1. Disk failure
2. Power failure and surges
Page 24 of 94
3. Physical theft
IV. Actions home users can take to protect their computer systems
1. Consult your system support personnel if you work from home
2. Use virus protection software
3. Use a firewall
4. Don’t open unknown email attachments
5. Don’t run programs of unknown origin
6. Disable hidden filename extensions
7. Keep all applications (including your operating system) patched
8. Turn off your computer or disconnect from the network when not in use
9. Disable Java, JavaScript, and ActiveX if possible
10. Disable scripting features in email programs
11. Make regular backups of critical data
12. Make a boot disk in case your computer is damaged or compromised
Appendix: References and additional information
Document Revision History
I. Computer security
A. What is computer security?
Computer security is the process of preventing and detecting

unauthorized use of your computer. Prevention measures help you to stop
unauthorized users (also known as "intruders") from accessing any part of your
computer system. Detection helps you to determine whether or not someone
attempted to break into your system, if they were successful, and what they may
have done.
B. Why should I care about computer security?
We use computers for everything from banking and investing to

shopping and communicating with others through email or chat programs. Although
you may not consider your communications "top secret," you probably do not want
strangers reading your email, using your computer to attack other systems, sending
forged email from your computer, or examining personal information stored on your
computer (such as financial statements).
C. Who would want to break into my computer at home?
Intruders (also referred to as hackers, attackers, or crackers) may not

care about your identity. Often they want to gain control of your computer so they
can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true
location as they launch attacks, often against high-profile computer systems such as
government or financial systems. Even if you have a computer connected to the
Internet only to play the latest games or to send email to friends and family, your
computer may be a target.
Page 25 of 94
Intruders may be able to watch all your actions on the computer, or

cause damage to your computer by reformatting your hard drive or changing your
data.
D. How easy is it to break into my computer?
Unfortunately, intruders are always discovering new vulnerabilities

(informally called "holes") to exploit in computer software. The complexity of
software makes it increasingly difficult to thoroughly test the security of computer
systems.
When holes are discovered, computer vendors will usually develop
patches to address the problem(s). However, it is up to you, the user, to obtain and
install the patches, or correctly configure the software to operate more securely. Most
of the incident reports of computer break-ins received at the CERT/CC could have
been prevented if system administrators and users kept their computers up-to-date
with patches and security fixes.
Also, some software applications have default settings that allow other
users to access your computer unless you change the settings to be more secure.
Examples include chat programs that let outsiders execute commands on your
computer or web browsers that could allow someone to place harmful programs on
your computer that run when you click on them.
II. Technology
This section provides a basic introduction to the technologies that underlie

the Internet. It was written with the novice end-user in mind and is not intended to
be a comprehensive survey of all Internet-based technologies. Subsections provide a
short overview of each topic. This section is a basic primer on the relevant
technologies. For those who desire a deeper understanding of the concepts covered
here, we include links to additional information.
A. What does broadband mean?
"Broadband" is the general term used to refer to high-speed network

connections. In this context, Internet connections via cable modem and Digital
Subscriber Line (DSL) are frequently referred to as broadband Internet connections.
"Bandwidth" is the term used to describe the relative speed of a network connection -
- for example, most current dial-up modems can support a bandwidth of 56 kbps
(thousand bits per second). There is no set bandwidth threshold required for a
connection to be referred to as "broadband", but it is typical for connections in excess
of 1 Megabit per second (Mbps) to be so named.
B. What is cable modem access?
A cable modem allows a single computer (or network of computers) to

connect to the Internet via the cable TV network. The cable modem usually has an
Ethernet LAN (Local Area Network) connection to the computer, and is capable of
speeds in excess of 5 Mbps.
Typical speeds tend to be lower than the maximum, however, since
cable providers turn entire neighborhoods into LANs which share the same
bandwidth. Because of this "shared-medium" topology, cable modem users may
Page 26 of 94
experience somewhat slower network access during periods of peak demand, and
may be more susceptible to risks such as packet sniffing and unprotected windows
shares than users with other types of connectivity. (See the "Computer security risks
to home users" section of this document.)
C. What is DSL access?
Digital Subscriber Line (DSL) Internet connectivity, unlike cable

modem-based service, provides the user with dedicated bandwidth. However, the
maximum bandwidth available to DSL users is usually lower than the maximum cable
modem rate because of differences in their respective network technologies. Also, the
"dedicated bandwidth" is only dedicated between your home and the DSL provider's
central office -- the providers offer little or no guarantee of bandwidth all the way
across the Internet.
DSL access is not as susceptible to packet sniffing as cable modem
access, but many of the other security risks we'll cover apply to both DSL and cable
modem access. (See the "Computer security risks to home users" section of this
document.)
D. How are broadband services different from traditional dial-up

services?
Traditional dial-up Internet services are sometimes referred to as "dial-

on-demand" services. That is, your computer only connects to the Internet when it
has something to send, such as email or a request to load a web page. Once there is
no more data to be sent, or after a certain amount of idle time, the computer
disconnects the call. Also, in most cases each call connects to a pool of modems at
the ISP, and since the modem IP addresses are dynamically assigned, your computer
is usually assigned a different IP address on each call. As a result, it is more difficult
(not impossible, just difficult) for an attacker to take advantage of vulnerable network
services to take control of your computer.
Broadband services are referred to as "always-on" services because
there is no call setup when your computer has something to send. The computer is
always on the network, ready to send or receive data through its network interface
card (NIC). Since the connection is always up, your computer’s IP address will change
less frequently (if at all), thus making it more of a fixed target for attack.
What’s more, many broadband service providers use well-known IP
addresses for home users. So while an attacker may not be able to single out your
specific computer as belonging to you, they may at least be able to know that your
service providers’ broadband customers are within a certain address range, thereby
making your computer a more likely target than it might have been otherwise.
The table below shows a brief comparison of traditional dial-up and
broadband services.
Dial-up Broadband
Connection type Dial on demand Always on
IP address Changes on each call Static or infrequently changing
Page 27 of 94
Relative
Low High
connection speed
Remote control Computer must be dialed in Computer is always connected, so

potential to control remotely remote control can occur anytime
ISP-provided
Little or none Little or none
security
Table 1: Comparison of Dial-up and Broadband Services
E. How is broadband access different from the network I use at

work?
Corporate and government networks are typically protected by many

layers of security, ranging from network firewalls to encryption. In addition, they
usually have support staff who maintain the security and availability of these network
connections.
Although your ISP is responsible for maintaining the services they
provide to you, you probably won’t have dedicated staff on hand to manage and
operate your home network. You are ultimately responsible for your own computers.
As a result, it is up to you to take reasonable precautions to secure your computers
from accidental or intentional misuse.
F. What is a protocol?
A protocol is a well-defined specification that allows computers to

communicate across a network. In a way, protocols define the "grammar" that
computers can use to "talk" to each other.
G. What is IP?
IP stands for "Internet Protocol". It can be thought of as the common

language of computers on the Internet. There are a number of detailed descriptions of
IP given elsewhere, so we won't cover it in detail in this document. However, it is
important to know a few things about IP in order to understand how to secure your
computer. Here we’ll cover IP addresses, static vs. dynamic addressing, NAT, and TCP
and UDP Ports.
An overview of TCP/IP can be found in the TCP/IP Frequently Asked
Questions (FAQ) at
http://www.faqs.org/faqs/internet/tcp-ip/tcp-ip-faq/part1/
and
H. What is an IP address?
Page 28 of 94
IP addresses are analogous to telephone numbers – when you want to

call someone on the telephone, you must first know their telephone number. Similarly,
when a computer on the Internet needs to send data to another computer, it must first
know its IP address. IP addresses are typically shown as four numbers separated by
decimal points, or ―dots‖. For example, 10.24.254.3 and 192.168.62.231 are IP
addresses.
If you need to make a telephone call but you only know the person’s
name, you can look them up in the telephone directory (or call directory services) to
get their telephone number. On the Internet, that directory is called the Domain Name
System, or DNS for short. If you know the name of a server, say www.cert.org, and
you type this into your web browser, your computer will then go ask its DNS server
what the numeric IP address is that is associated with that name.
Every computer on the Internet has an IP address associated with it that
uniquely identifies it. However, that address may change over time, especially if the
computer is
 dialing into an Internet Service Provider (ISP)

 connected behind a network firewall
 connected to a broadband service using dynamic IP addressing.
I. What are static and dynamic addressing?
Static IP addressing occurs when an ISP permanently assigns one or

more IP addresses for each user. These addresses do not change over time. However,
if a static address is assigned but not in use, it is effectively wasted. Since ISPs have a
limited number of addresses allocated to them, they sometimes need to make more
efficient use of their addresses.
Dynamic IP addressing allows the ISP to efficiently utilize their address
space. Using dynamic IP addressing, the IP addresses of individual user computers
may change over time. If a dynamic address is not in use, it can be automatically
reassigned to another computer as needed.
J. What is NAT?
Network Address Translation (NAT) provides a way to hide the IP

addresses of a private network from the Internet while still allowing computers on that
network to access the Internet. NAT can be used in many different ways, but one
method frequently used by home users is called "masquerading".
Using NAT masquerading, one or more devices on a LAN can be made to
appear as a single IP address to the outside Internet. This allows for multiple
computers in a home network to use a single cable modem or DSL connection without
requiring the ISP to provide more than one IP address to the user. Using this method,
the ISP-assigned IP address can be either static or dynamic. Most network firewalls
support NAT masquerading.
K. What are TCP and UDP Ports?
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)

are both protocols that use IP. Whereas IP allows two computers to talk to each other
Page 29 of 94
across the Internet, TCP and UDP allow individual applications (also known as
"services") on those computers to talk to each other.
In the same way that a telephone number or physical mail box might be
associated with more than one person, a computer might have multiple applications
(e.g. email, file services, web services) running on the same IP address. Ports allow a
computer to differentiate services such as email data from web data. A port is simply a
number associated with each application that uniquely identifies that service on that
computer. Both TCP and UDP use ports to identify services. Some common port
numbers are 80 for web (HTTP), 25 for email (SMTP), and 53 for Dmain Name System
(DNS).
L. What is a firewall?
The Firewalls FAQ (http://www.faqs.org/faqs/firewalls-faq/) defines a

firewall as "a system or group of systems that enforces an access control policy
between two networks." In the context of home networks, a firewall typically takes one
of two forms:
Software firewall - specialized software running on an individual computer,

or
Network firewall - a dedicated device designed to protect one or more computers.
Both types of firewall allow the user to define access policies for inbound
connections to the computers they are protecting. Many also provide the ability to
control what services (ports) the protected computers are able to access on the
Internet (outbound access). Most firewalls intended for home use come with pre-
configured security policies from which the user chooses, and some allow the user to
customize these policies for their specific needs.
More information on firewalls can be found in the Additional resources
section of this document.
M. What does antivirus software do?
There are a variety of antivirus software packages that operate in many

different ways, depending on how the vendor chose to implement their software. What
they have in common, though, is that they all look for patterns in the files or memory
of your computer that indicate the possible presence of a known virus. Antivirus
packages know what to look for through the use of virus profiles (sometimes called
"signatures") provided by the vendor.
New viruses are discovered daily. The effectiveness of antivirus software
is dependent on having the latest virus profiles installed on your computer so that it
can look for recently discovered viruses. It is important to keep these profiles up to
date.
More information about viruses and antivirus software can be found on
the CERT Computer Virus Resource page
http://www.cert.org/other_sources/viruses.html
III. Computer security risks to home users

A. What is at risk?
Page 30 of 94
Information security is concerned with three main areas:
 Confidentiality - information should be available only to those who

rightfully have access to it
 Integrity -- information should be modified only by those who are
authorized to do so
 Availability -- information should be accessible to those who need it
when they need it
These concepts apply to home Internet users just as much as they would
to any corporate or government network. You probably wouldn't let a stranger look
through your important documents. In the same way, you may want to keep the tasks
you perform on your computer confidential, whether it's tracking your investments or
sending email messages to family and friends. Also, you should have some assurance
that the information you enter into your computer remains intact and is available when
you need it.
Some security risks arise from the possibility of intentional misuse of
your computer by intruders via the Internet. Others are risks that you would face even
if you weren't connected to the Internet (e.g. hard disk failures, theft, power outages).
The bad news is that you probably cannot plan for every possible risk. The good news
is that you can take some simple steps to reduce the chance that you'll be affected by
the most common threats -- and some of those steps help with both the intentional
and accidental risks you're likely to face.
Before we get to what you can do to protect your computer or home
network, let’s take a closer look at some of these risks.
B. Intentional misuse of your computer
The most common methods used by intruders to gain control of home

computers are briefly described below.

6. Mobile code (Java, JavaScript, and ActiveX)
8. Email spoofing
9. Email-borne viruses
10.Hidden file extensions
11.Chat clients
12.Packet sniffing
Trojan horse programs are a common way for intruders to trick you
(sometimes referred to as "social engineering") into installing "back door" programs.
These can allow intruders easy access to your computer without your knowledge,
Page 31 of 94
change your system configurations, or infect your computer with a computer virus.
More information about Trojan horses can be found in the following document.
http://www.cert.org/advisories/CA-1999-02.html
On Windows computers, three tools commonly used by intruders to gain

remote access to your computer are BackOrifice, Netbus, and SubSeven. These back
door or remote administration programs, once installed, allow other people to access
and control your computer.
Another form of attack is called a denial-of-service (DoS) attack. This

type of attack causes your computer to crash or to become so busy processing data
that you are unable to use it. In most cases, the latest patches will prevent the attack.
The following documents describe denial-of-service attacks in greater detail.
http://www.cert.org/archive/pdf/DoS_trends.pdf
It is important to note that in addition to being the target of a DoS

attack, it is possible for your computer to be used as a participant in a denial-of-
service attack on another system.
Intruders will frequently use compromised computers as launching pads

for attacking other systems. An example of this is how distributed denial-of-service
(DDoS) tools are used. The intruders install an "agent" (frequently through a Trojan
horse program) that runs on the compromised computer awaiting further instructions.
Then, when a number of agents are running on different computers, a single "handler"
can instruct all of them to launch a denial-of-service attack on another system. Thus,
the end target of the attack is not your own computer, but someone else’s -- your
computer is just a convenient tool in a larger attack.
Unprotected Windows networking shares can be exploited by intruders in

an automated way to place tools on large numbers of Windows-based computers
attached to the Internet. Because site security on the Internet is interdependent, a
compromised computer not only creates problems for the computer's owner, but it is
also a threat to other sites on the Internet. The greater immediate risk to the Internet
community is the potentially large number of computers attached to the Internet with
unprotected Windows networking shares combined with distributed attack tools such
as those described in http://www.cert.org/incident_notes/IN-2000-01.html
Another threat includes malicious and destructive code, such as viruses
or worms, which leverage unprotected Windows networking shares to propagate. One
Page 32 of 94
such example is the 911 worm described in http://www.cert.org/incident_notes/IN-

2000-03.html
There is great potential for the emergence of other intruder tools that
leverage unprotected Windows networking shares on a widespread basis.
6. Mobile code (Java/JavaScript/ActiveX)
There have been reports of problems with "mobile code" (e.g. Java,
JavaScript, and ActiveX). These are programming languages that let web developers
write code that is executed by your web browser. Although the code is generally
useful, it can be used by intruders to gather information (such as which web sites you
visit) or to run malicious code on your computer. It is possible to disable Java,
JavaScript, and ActiveX in your web browser. We recommend that you do so if you are
browsing web sites that you are not familiar with or do not trust.
Also be aware of the risks involved in the use of mobile code within email
programs. Many email programs use the same code as web browsers to display HTML.
Thus, vulnerabilities that affect Java, JavaScript, and ActiveX are often applicable to
email as well as web pages.
More information on malicious code is available in
http://www.cert.org/tech_tips/malicious_code_FAQ.html
More information on ActiveX security is available in
http://www.cert.org/archive/pdf/activeX_report.pdf
A malicious web developer may attach a script to something sent to a

web site, such as a URL, an element in a form, or a database inquiry. Later, when the
web site responds to you, the malicious script is transferred to your browser.
You can potentially expose your web browser to malicious scripts by
 following links in web pages, email messages, or newsgroup postings

without knowing what they link to
 using interactive forms on an untrustworthy site
 viewing online discussion groups, forums, or other dynamically
generated pages where users can post text containing HTML tags
More information regarding the risks posed by malicious code in web

links can be found in CA-2000-02 Malicious HTML Tags Embedded in Client Web
Requests.
8. Email spoofing
Email ―spoofing‖ is when an email message appears to have originated

from one source when it actually was sent from another source. Email spoofing is often
an attempt to trick the user into making a damaging statement or releasing sensitive
information (such as passwords).
Spoofed email can range from harmless pranks to social engineering
ploys. Examples of the latter include
Page 33 of 94
 email claiming to be from a system administrator requesting users to

change their passwords to a specified string and threatening to suspend their account
if they do not comply
 email claiming to be from a person in authority requesting users to
send them a copy of a password file or other sensitive information
Note that while service providers may occasionally request that you
change your password, they usually will not specify what you should change it to.
Also, most legitimate service providers would never ask you to send them any
password information via email. If you suspect that you may have received a spoofed
email from someone with malicious intent, you should contact your service provider's
support personnel immediately.
9. Email borne viruses
Viruses and other types of malicious code are often spread as

attachments to email messages. Before opening any attachments, be sure you know
the source of the attachment. It is not enough that the mail originated from an address
you recognize. The Melissa virus (see References) spread precisely because it
originated from a familiar address. Also, malicious code might be distributed in
amusing or enticing programs.
Many recent viruses use these social engineering techniques to spread.
Examples include
 W32/Sircam -- http://www.cert.org/advisories/CA-2001-22.html
 W32/Goner -- http://www.cert.org/incident_notes/IN-2001-15.html
Never run a program unless you know it to be authored by a person or

company that you trust. Also, don't send programs of unknown origin to your friends
or coworkers simply because they are amusing -- they might contain a Trojan horse
program.
10. Hidden file extensions
Windows operating systems contain an option to "Hide file extensions for

known file types". The option is enabled by default, but a user may choose to disable
this option in order to have file extensions displayed by Windows. Multiple email-borne
viruses are known to exploit hidden file extensions. The first major attack that took
advantage of a hidden file extension was the VBS/LoveLetter worm which contained an
email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious programs
have since incorporated similar naming schemes. Examples include
 Downloader (MySis.avi.exe or QuickFlick.mpg.exe)

 VBS/Timofonica (TIMOFONICA.TXT.vbs)
 VBS/CoolNote (COOL_NOTEPAD_DEMO.TXT.vbs)
 VBS/OnTheFly (AnnaKournikova.jpg.vbs)
The files attached to the email messages sent by these viruses may
appear to be harmless text (.txt), MPEG (.mpg), AVI (.avi) or other file types when in
fact the file is a malicious script or executable (.vbs or .exe, for example). For further
Page 34 of 94
information about these and other viruses, please visit the sites listed on our Computer
Virus Resource page: http://www.cert.org/other_sources/viruses.html
11. Chat clients
Internet chat applications, such as instant messaging applications and

Internet Relay Chat (IRC) networks, provide a mechanism for information to be
transmitted bi-directionally between computers on the Internet. Chat clients provide
groups of individuals with the means to exchange dialog, web URLs, and in many
cases, files of any type.
Because many chat clients allow for the exchange of executable code,
they present risks similar to those of email clients. As with email clients, care should
be taken to limit the chat client’s ability to execute downloaded files. As always, you
should be wary of exchanging files with unknown parties.
12.Packet sniffing
A packet sniffer is a program that captures data from information

packets as they travel over the network. That data may include user names,
passwords, and proprietary information that travels over the network in clear text.
With perhaps hundreds or thousands of passwords captured by the packet sniffer,
intruders can launch widespread attacks on systems. Installing a packet sniffer does
not necessarily require administrator-level access.
Relative to DSL and traditional dial-up users, cable modem users have a
higher risk of exposure to packet sniffers since entire neighborhoods of cable modem
users are effectively part of the same LAN. A packet sniffer installed on any cable
modem user's computer in a neighborhood may be able to capture data transmitted by
any other cable modem in the same neighborhood.
Accidents and other risks
In addition to the risks associated with connecting your computer to the

Internet, there are a number of risks that apply even if the computer has no network
connections at all. Most of these risks are well-known, so we won’t go into much detail
in this document, but it is important to note that the common practices associated with
reducing these risks may also help reduce susceptibility to the network-based risks
discussed above.
1. Disk failure
Recall that availability is one of the three key elements of information

security. Although all stored data can become unavailable -- if the media it’s stored on
is physically damaged, destroyed, or lost -- data stored on hard disks is at higher risk
due to the mechanical nature of the device. Hard disk crashes are a common cause of
data loss on personal computers. Regular system backups are the only effective
remedy.
Page 35 of 94
2. Power failure and surges
Power problems (surges, blackouts, and brown-outs) can cause physical

damage to a computer, inducing a hard disk crash or otherwise harming the electronic
components of the computer. Common mitigation methods include using surge
suppressors and uninterruptible power supplies (UPS).
3. Physical Theft
Physical theft of a computer, of course, results in the loss of

confidentiality and availability, and (assuming the computer is ever recovered) makes
the integrity of the data stored on the disk suspect. Regular system backups (with the
backups stored somewhere away from the computer) allow for recovery of the data,
but backups alone cannot address confidentiality. Cryptographic tools are available
that can encrypt data stored on a computer’s hard disk. The CERT/CC encourages the
use of these tools if the computer contains sensitive data or is at high risk of theft (e.g.
laptops or other portable computers).
IV. Actions home users can take to protect their computer

systems
The CERT/CC recommends the following practices to home users:

3. Use a firewall
4. Don’t open unknown email attachments
5. Don’t run programs of unknown origin
7. Keep all applications (including your operating system) patched
Further discussion on each of these points is given below.
Page 36 of 94
Recommendations
If you use your broadband access to connect to your employer's network

via a Virtual Private Network (VPN) or other means, your employer may have policies
or procedures relating to the security of your home network. Be sure to consult with
your employer's support personnel, as appropriate, before following any of the steps
outlined in this document.
The CERT/CC recommends the use of anti-virus software on all Internet-

connected computers. Be sure to keep your anti-virus software up-to-date. Many anti-
virus packages support automatic updates of virus definitions. We recommend the use
of these automatic updates when available.
See http://www.cert.org/other_sources/viruses.html#VI for more
information.
3. Use a firewall
We strongly recommend the use of some type of firewall product, such

as a network appliance or a personal firewall software package. Intruders are
constantly scanning home user systems for known vulnerabilities. Network firewalls
(whether software or hardware-based) can provide some degree of protection against
these attacks. However, no firewall can detect or stop all attacks, so it’s not sufficient
to install a firewall and then ignore all other security measures.
4. Don't open unknown email attachments
Before opening any email attachments, be sure you know the source of
the attachment. It is not enough that the mail originated from an address you
recognize. The Melissa virus spread precisely because it originated from a familiar
address. Malicious code might be distributed in amusing or enticing programs.
If you must open an attachment before you can verify the source, we
suggest the following procedure:
1. be sure your virus definitions are up-to-date (see "Use virus protection
software" above)
2. save the file to your hard disk
3. scan the file using your antivirus software
4. open the file
For additional protection, you can disconnect your computer's network

connection before opening the file.
Following these steps will reduce, but not wholly eliminate, the chance
that any malicious code contained in the attachment might spread from your computer
to others.
5. Don't run programs of unknown origin
Page 37 of 94
Never run a program unless you know it to be authored by a person or

company that you trust. Also, don't send programs of unknown origin to your friends
or coworkers simply because they are amusing -- they might contain a Trojan horse
program.
Windows operating systems contain an option to "Hide file extensions for

known file types". The option is enabled by default, but you can disable this option in
order to have file extensions displayed by Windows. After disabling this option, there
are still some file extensions that, by default, will continue to remain hidden.
There is a registry value which, if set, will cause Windows to hide certain
file extensions regardless of user configuration choices elsewhere in the operating
system. The "NeverShowExt" registry value is used to hide the extensions for basic
Windows file types. For example, the ".LNK" extension associated with Windows
shortcuts remains hidden even after a user has turned off the option to hide
extensions.
Specific instructions for disabling hidden file name extensions are given
in http://www.cert.org/incident_notes/IN-2000-07.html
7. Keep all applications, including your operating system, patched
Vendors will usually release patches for their software when a

vulnerability has been discovered. Most product documentation offers a method to get
updates and patches. You should be able to obtain updates from the vendor's web site.
Read the manuals or browse the vendor's web site for more information.
Some applications will automatically check for available updates, and
many vendors offer automatic notification of updates via a mailing list. Look on your
vendor's web site for information about automatic notification. If no mailing list or
other automated notification mechanism is offered you may need to check periodically
for updates.
Turn off your computer or disconnect its Ethernet interface when you are
not using it. An intruder cannot attack your computer if it is powered off or otherwise
completely disconnected from the network.
Be aware of the risks involved in the use of "mobile code" such as

ActiveX, Java, and JavaScript. A malicious web developer may attach a script to
something sent to a web site, such as a URL, an element in a form, or a database
inquiry. Later, when the web site responds to you, the malicious script is transferred to
your browser.
The most significant impact of this vulnerability can be avoided by
disabling all scripting languages. Turning off these options will keep you from being
vulnerable to malicious scripts. However, it will limit the interaction you can have with
some web sites.
Many legitimate sites use scripts running within the browser to add
useful features. Disabling scripting may degrade the functionality of these sites.
Page 38 of 94
Detailed instructions for disabling browser scripting languages are

available in http://www.cert.org/tech_tips/malicious_code_FAQ.html
More information on ActiveX security, including recommendations for
users who administer their own computers, is available in
More information regarding the risks posed by malicious code in web
links can be found in CA-2000-02 Malicious HTML Tags Embedded in Client Web
Requests.
Because many email programs use the same code as web browsers to
display HTML, vulnerabilities that affect ActiveX, Java, and JavaScript are often
applicable to email as well as web pages. Therefore, in addition to disabling scripting
features in web browsers (see "Disable Java, JavaScript, and ActiveX if possible",
above), we recommend that users also disable these features in their email programs.
Keep a copy of important files on removable media such as ZIP disks or

recordable CD-ROM disks (CD-R or CD-RW disks). Use software backup tools if
available, and store the backup disks somewhere away from the computer.
To aid in recovering from a security breach or hard disk failure, create a

boot disk on a floppy disk which will help when recovering a computer after such an
event has occurred. Remember, however, you must create this disk before you have a
security event.
Appendix
References and additional information
This section contains links to references and additional resources related to this
document.
References
The following documents were used in compiling portions of this document:

CERT Advisories
CERT Incident Notes
CERT Tech Tips
Other CERT documents
Page 39 of 94
CERT Advisories
CA-1999-02: Trojan Horses
CA-1999-04: Melissa Macro Virus
CA-2000-01: Denial-of-Service Developments
CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
CA-2001-22: W32/Sircam Malicious Code
CERT Incident Notes

IN-2000-01: Windows Based DDOS Agents
http://www.cert.org/incident_notes/IN-2000-01.html
IN-2000-02: Exploitation of Unprotected Windows Networking Shares
IN-2000-03: 911 Worm
IN-2000-07: Exploitation of Hidden File Extensions
IN-2000-08: Chat Clients and Network Security
IN-2001-15: W32/Goner Worm
CERT Tech Tips

Frequently Asked Questions About Malicious Web Scripts Redirected by Web Sites
http://www.cert.org/tech_tips/malicious_code_FAQ.html
Spoofed/Forged Email
http://www.cert.org/tech_tips/email_spoofing.html
Windows 95/98 Computer Security Information
http://www.cert.org/tech_tips/win-95-info.html
Other CERT documents

Other Computer Virus Resources
http://www.cert.org/other_sources/viruses.html
Results of the Security in ActiveX Workshop
Security of the Internet
http://www.cert.org/encyc_article/tocencyc.html#PackSnif
Trends in Denial of Service Attack Technology
http://www.cert.org/archive/pdf/DoS_trends.pdf
Page 40 of 94
Additional resources
Additional information is available from the following sources.

TCP/IP Frequently Asked Questions
Computer Virus Frequently Asked Questions for New Users
http://www.faqs.org/faqs/computer-virus/new-users/
alt.comp.virus Frequently Asked Questions
http://www.faqs.org/faqs/computer-virus/alt-faq/part1/
VIRUS-L/comp.virus Frequently Asked Questions
http://www.faqs.org/faqs/computer-virus/faq/
Firewalls Frequently Asked Questions
http://www.faqs.org/faqs/firewalls-faq/
This document is available from: http://www.cert.org/tech_tips/home_networks.html
Page 41 of 94
http://www.mycrypto.net/
Encryption
• Encryption and Privacy

•Why Encrypt?
• How Encryption works
• Private Key Encryption
• Public Key Encryption
• Encryption Algorithms
• Encrypted Email
• Cracking Encryption
• Virtual Private Network
• Encryption Tools
• Encryption Resources
Encryption and Privacy
"They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety." ~ Benjamin Franklin, 1759.
Security and privacy have long been important issues forming the
basis of numerous democracies around the world. In the digital age, securing personal
information and ensuring privacy pose to be issues of paramount concern. At first
glance, one might find it gratifying that an online website greets the person by their
first name, sends them emails when goods of their taste are added, or recommends
goods services based on their demographic profile, previous visits, etc. An astute
surfer though will also see the privacy drawbacks in such services. Who else is being
provided this information? Is there a way to ensure the security of this information?
What happens with the information if the company meets financial diffuculties and has
to liquidate its assets? Where does all that "private information" go?
Many studies over the last few years have suggested that a majority of
consumers are concerned about when, what and how their personal information is
being collected, how this information is being used and whether it is being protected.
They want to know whether the information is being sold or shared with others, and if
so with whom and for what purposes. They also want to have control over their privacy
in today's digital age where strides in telecommunicaiton, storage and software
technologies have made monitoring a person's activities effortless.
The Internet, once a research tool has grown into a mammoth
educational, entertainment and commercial implementation. The advent of commerce
on the Internet exposed the lack of security over this public network. The incorporation
of encryption (especially strong 128 bit encryption) into Internet browsers and web
servers quelled this concern to a certain extent. There was still the matter of storing
the information sent over the Internet in a safe manner. Firewalls and encryption
Page 42 of 94
software evolved to ensure that the computers and data on the Internet were safer.
What can be done regarding these important issues? Part of the solution
is to secure important data - more specifically, using strong encryption. Educating end
users and corporations on the use of email and file encryption software, data
encryption during transmission using VPNs, password encryption on public interfaces
and use of encryption software like PGP, F-Secure and 128 bit version of IE/NS will
lead us closer to the end goal of a safer Internet.
The growth of the worldwide Internet user base and with Internet based
transactions believed to reach well over a trillion dollars in the next three years, it
makes sense for the parties involved to secure the Internet. Haphazard handling of
financial and personal information can lead to the Internet being constantly associated
with fraud and privacy abuses instead of being a viable commerce medium.
http://www.mycrypto.net/
Why Use Encryption?
As organizations and individuals have connected to the Internet in

droves, many have begun eyeing its infrastructure as an inexpensive medium for wide-
area and remote connections. The Internet is an international network consisting of
individual computers and computer networks that are all interconnected by many
paths. Unlike Local Area Networks where access is physically restricted to authorized
users, the Internet is a public network and can be accessed by anyone.
Now more than ever, moving vast amounts of information quickly and
safely across great distances is one of our most pressing needs. The basic idea of
cryptography is to hide information from prying eyes. On the Internet this can be your
credit card numbers, bank account information, health/social security information, or
pseraonal correspondence with someone else.
History of Encryption
Encryption pre-dates the Internet by thousands of years. Looking back in

history we find that Julius Caesar was an early user of cryptography. He sent messages
to his troops in a simple but ingeneous method. A letter in the alphabet was replaced
by one say 5 positions to the right. So, an "A" would be replaced by an "E", "B" by "F"
and so on. Hence RETURN would become VJYZVS. But as it can be seen, this cipher
can be easily broken by either figuring out a pattern, by brute force or by getting ones
hands on a plaintext and ciphertext combination to deduce the pattern.
Users of Encryption
A few decades ago, only governments and diplomats used encryption to

secure sensitive information. Today, secure encryption on the Internet is the key to
confidence for people wanting to protect their privacy, or doing business online. E-
Commerce, secure messaging, and virtual private networks are just some of the
applications that rely on encryption to ensure the safety of data. In many companies
that have proprietary or sensitive information, field personnel are required to encrypt
their entire laptops fearing that in the wrong hands this information could cause
millions of dollars in damage.
Page 43 of 94
http://www.mycrypto.net/encryption/why_encrypt.html
How Encryption Works
The concept behind encryption is quite simple - make the data unlegible
for everyone else except those specified. This is done using cyrptography - the study of
sending 'messages' in a secret form so that only those authorized to receive the
'message' be able to read it.
The easy part of encryption is applying a mathematical function to the
plaintext and converting it to an ecrypted cipher. The harder part is to ensure that the
people who are supposed to decipher this message can do so with ease, yet only those
authorised are able to decipher it. We of-course also have to establish the legitimacy of
the mathematical function used to make sure that it is sufficiently complex and
mathmatically sound to give us a high degree of safety.
The essential concept underlying all automated and computer security
application is cyptography. The two ways of going about this process are conventional
(or symmetric) encryption and public key (or asymmetic) encryption.
Featured articles:
A Primer on Public Key Encryption
by Charles C. Mann.
Introduction to Cryptography
by Peter Meyer.
http://www.mycrypto.net/encryption/how_encryption_works.html
Primer on Public Key Encryption
[A Web-only sidebar to "Homeland Insecurity," (September, 2002 Atlantic Monthly) by

Charles C. Mann]
Public-key encryption, as noted in the profile of cryptographer Bruce

Schneier, is complicated in detail but simple in outline. The article below is an outline
of the principles of the most common variant of public-key cryptography, which is
known as RSA, after the initials of its three inventors; a mathematically detailed
explanation of RSA by the programmer Brian Raiter, understandable to anyone willing
to spend a little time with paper and pencil, is available here.
A few terms first: cryptology, the study of codes and ciphers, is the
union of cryptography (codemaking) and cryptanalysis (codebreaking). To
cryptologists, codes and ciphers are not the same thing. Codes are lists of prearranged
substitutes for letters, words, or phrases—i.e. "meet at the theater" for "fly to
Chicago." Ciphers employ mathematical procedures called algorithms to transform
messages into unreadable jumbles. Most cryptographic algorithms use keys, which are
mathematical values that plug into the algorithm. If the algorithm says to encipher a
message by replacing each letter with its numerical equivalent (A = 1, B = 2, and so
on) and then multiplying the results by some number X, X represents the key to the
algorithm. If the key is 5, "attack," for example, turns into "5 100 100 5 15 55." With a
Page 44 of 94
key of 6, it becomes "6 120 120 6 18 66 ." (Nobody would actually use this cipher,
though; all the resulting numbers are divisible by the key, which gives it away.) Cipher
algorithms and cipher keys are like door locks and door keys. All the locks from a given
company may work in the same way, but all the keys will be different.
Public-key cryptography is often said to be important because messages
enciphered by it are "unbreakable"—that is, people can't randomly try out possible
keys and break the cipher, even with powerful computers that try thousands of keys a
second. (This assumes that the key has been properly chosen; even the best algorithm
will be compromised if the key is something easily guessable.) In fact, though, many
types of crypto algorithms are effectively unbreakable. What public-key does—its
significant innovation—is to simplify drastically the problem of controlling the keys.
In non-public-key crypto systems, controlling the keys is a constant
source of trouble. Cryptographic textbooks usually illustrate the difficulty by referring
to three mythical people named Alice, Bob, and Eve. In these examples, Alice spends
her days sending secret messages to Bob; Eve, as her name indicates, tries to
eavesdrop on those messages by obtaining the key. Because Eve might succeed at any
time, the key must be changed frequently. In practice this cannot be easily
accomplished. When Alice sends a new key to Bob, she must ensure that Eve doesn't
read the message and thus learn the new key. The obvious way to prevent
eavesdropping is to use the old key (the key that Alice wants to replace) to encrypt the
message containing the new key (the key that Alice wants Bob to employ in the
future). But Alice can't do this if there is a chance that Eve knows the old key. Alice
could rely on a special backup key that she uses only to encrypt new keys, but
presumably this key, too, would need to be changed. Problems multiply when Alice
wants to send messages to other people. Obviously, Alice shouldn't use the key she
uses to encrypt messages to Bob to communicate with other people—she doesn't want
one compromised key to reveal everything. But managing the keys for a large group is
an administrative horror; a hundred-user network needs 4,950 separate keys, all of
which need regular changing. In the 1980s, Schneier says, U.S. Navy ships had to
store so many keys to communicate with other vessels that the paper records were
loaded aboard with forklifts.
Public-key encryption makes key-management much easier. It was
invented in 1976 by two Stanford mathematicians, Whitfield Diffie and Martin Hellman.
Their discovery can be phrased simply: enciphering schemes should be asymmetric.
For thousands of years all ciphers were symmetric—the key for encrypting a message
was identical to the key for decrypting it, but used, so to speak, in reverse. To change
"5 100 100 5 15 55" or "6 120 120 6 18 66 " back into "attack," for instance, one
simply reverses the encryption by dividing the numbers with the key, instead of
multiplying them, and then replaces the numbers with their equivalent letters. Thus
sender and receiver must both have the key, and must both keep it secret. The
symmetry, Diffie and Hellman realized, is the origin of the key-management problem.
The solution is to have an encrypting key that is different from the decrypting key—
one key to encipher a message, and another, different key to decipher it. With an
asymmetric cipher, Alice could send encrypted messages to Bob without providing him
with a secret key. In fact, Alice could send him a secret message even if she had never
before communicated with him in any way.
"If this sounds ridiculous, it should," Schneier wrote in Secrets and Lies
(2001). "It sounds impossible. If you were to survey the world's cryptographers in
1975, they would all have told you it was impossible." One year later, Diffie and
Hellman showed that it was possible, after all. (Later the British Secret Service
revealed that it had invented these techniques before Diffie and Hellman, but kept
them secret—and apparently did nothing with them.)
Page 45 of 94
To be precise, Diffie and Hellman demonstrated only that public-key

encryption was possible in theory. Another year passed before three MIT
mathematicians—Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman—figured out a
way to do it in the real world. At the base of the Rivest-Shamir-Adleman, or RSA,
encryption scheme is the mathematical task of factoring. Factoring a number means
identifying the prime numbers which, when multiplied together, produce that number.
Thus 126,356 can be factored into 2 x 2 x 31 x 1,019, where 2, 31, and 1,019 are all
prime. (A given number has only one set of prime factors.) Surprisingly,
mathematicians regard factoring numbers—part of the elementary-school curriculum—
as a fantastically difficult task. Despite the efforts of such luminaries as Fermat, Gauss,
and Fibonacci, nobody has ever discovered a consistent, usable method for factoring
large numbers. Instead, mathematicians try potential factors by invoking complex
rules of thumb, looking for numbers that divide evenly. For big numbers the process is
horribly time-consuming, even with fast computers. The largest number yet factored is
155 digits long. It took 292 computers, most of them fast workstations, more than
seven months.
Note something odd. It is easy to multiply primes together. But there is
no easy way to take the product and reduce it back to its original primes. In crypto
jargon, this is a "trapdoor"—a function that lets you go one way easily, but not the
other. Such one-way functions, of which this is perhaps the simplest example, are at
the bottom of all public-key encryption. They make asymmetric ciphers possible.
To use RSA encryption, Alice first secretly chooses two prime numbers, p
and q, each more than a hundred digits long. This is easier than it may sound: there
are an infinite supply of prime numbers. Last year a Canadian college student found
the biggest known prime: 213466917-1. It has 4,053,946 digits; typed without
commas in standard 12-point type, the number would be more than ten miles long.
Fortunately Alice doesn't need one nearly that big. She runs a program that randomly
selects two prime numbers for her and then she multiplies them by each other,
producing p x q, a still bigger number that is, naturally, not prime. This is Alice's
"public key." (In fact, creating the key is more complicated than I suggest here, but
not wildly so.)
As the name suggests, public keys are not secret; indeed, the Alices of
this world often post them on the Internet or attach them to the bottom of their e-
mail. When Bob wants to send Alice a secret message, he first converts the text of the
message into a number. Perhaps, as before, he transforms "attack" into "5 100 100 5
15 55." Then he obtains Alice's public key—that is, p x q—by looking it up on a Web
site or copying it from her e-mail. (Note here that Bob does not use his key to send
Alice a message, as in regular encryption. Instead, he uses Alice's key.) Having found
Alice's public key, he plugs it into a special algorithm invented by Rivest, Shamir, and
Adleman to encrypt the message.
At this point the three mathematicians' cleverness becomes evident. Bob
knows the product p x q, because Alice has displayed it on her Web site. But he almost
certainly does not know p and q themselves, because they are its only factors, and
factoring large numbers is effectively impossible. Yet the algorithm is constructed in
such a way that to decipher the message the recipient must know both p and q
individually. Because only Alice knows p and q, Bob can send secret messages to Alice
without ever having to swap keys. Anyone else who wants to read the message will
somehow have to factor p x q. How hard is that? Even if a team of demented
government agents spent a trillion dollars on custom computers that do nothing but try
random numbers, the Sun would likely go nova before they succeeded. (Rivest,
Shamir, and Adleman patented their algorithm and to market it created a company,
RSA Data Security, in 1983.)
Page 46 of 94
In the real world, public-key encryption is practically never used to

encrypt actual messages. The reason is that it requires so much computation—even on
computers, public-key is very slow. According to a widely cited estimate by Schneier,
public-key crypto is about a thousand times slower than conventional
cryptography(http://www.f10.org/Number-Theory/Cryptography). As a result, public-key
cryptography is more often used as a solution to the key-management problem, rather
than as direct cryptography. People employ public-key to distribute regular, symmetric
keys, which are then used to encrypt and decrypt actual messages. In other words,
Alice and Bob send each other their public keys. Alice generates a symmetric key that
she will only use for a short time (usually, in the trade, called a session key), encrypts
it with Bob's public key, and sends it to Bob, who decrypts it with his private key. Now
that Alice and Bob both have the session key, they can exchange messages. When
Alice wants to begin a new round of messages, she creates another session key.
Systems that use both symmetric and public-key cryptography are called hybrid, and
almost every available public-key system, such as PGP, is a hybrid.
Solving the key problem, one should note, didn't make encryption easy
for novices—it made encryption easier for experts. In 1999 a Carnegie Mellon doctoral
student named Alma Whitten asked twelve experienced computer users to send and
receive five encrypted e-mail messages apiece with PGP. One couldn't manage it at all;
three accidentally sent unencrypted messages; seven created them with the wrong
key; two had so much difficulty with the other tasks that they never bothered to send
out the public, encrypting half of their keys; two who received properly encrypted
messages tried to decrypt their decryption key, rather than the messages. Whitten
called her report, cowritten with J. D. Tygar of the University of California at Berkeley,
"Why Johnny Can't Encrypt."
Indeed, as mentioned in the profile, Johnny not only can't encrypt, he
doesn't encrypt. Fascinating as a mathematical exercise, public-key encryption has yet
to make much difference in people's lives. (The Atlantic Monthly)
http://www.mycrypto.net/encryption/encryption_public.html
Introduction to Cryptography
by Peter Meyer (Last revision 1994-04-29)
The purpose of this article is to provide information in the area of

practical cryptography of interest to anyone wishing to use cryptographic software. I
have mostly avoided discussion of technical matters in favor of a more general
explanation of what I regard as the main things to be understood by someone
beginning to use encryption. Those wishing to get more deeply into the theoretical
aspects should consult Bruce Schneier's book (see bibliography at end).
Dolphin Software publishes several commercial cryptographic software
products for the PC, including Dolphin Encrypt and Dolphin Encrypt Advanced Version
(file and disk encryption software) and EZ-Crypt (an on-the-fly encryption TSR).
(Product information available upon request). Occasionally in this article I include some
remarks specifically concerning these or other products.
Cryptography is the art or science of secret writing, or more exactly, of
storing information (for a shorter or longer period of time) in a form which allows it to
be revealed to those you wish to see it yet hides it from all others. A cryptosystem is a
method to accomplish this. Cryptanalysis is the practice of defeating such attempts to
hide information. Cryptology includes both cryptography and cryptanalysis.
Page 47 of 94
The original information to be hidden is called plaintext. The hidden

information is called ciphertext. Encryption is any procedure to convert plaintext into
ciphertext. Decryption is any procedure to convert ciphertext into plaintext.
A cryptosystem is designed it so that decryption can be accomplished
only under certain conditions, which generally means only by persons in possession of
both a decryption engine (these days, generally a computer program) and a particular
piece of information, called the decryption key, which is supplied to the decryption
engine in the process of decryption.
Plaintext is converted into ciphertext by means of an encryption engine
(again, generally a computer program) whose operation is fixed and determinate (the
encryption method) but which functions in practice in a way dependent on a piece of
information (the encryption key) which has a major effect on the output of the
encryption process.
The result of using the decryption method and the decryption key to
decrypt ciphertext produced by using the encryption method and the encryption key
should always be the same as the original plaintext (except perhaps for some
insignificant differences).
In this process the encryption key and the decryption key may or may
not be the same. When they are the cryptosystem is called a "symmetric key" system;
when they are not it is called an "asymmetric key" system. The most widely-known
instance of a symmetric cryptosystem is DES (the so-called Data Encryption Standard).
The most widely-known instance of an asymmetric key cryptosystem is PGP. Dolphin
Encrypt and EZ-Crypt are symmetric key cryptosystems.
There are many reasons for using encryption (examples are given
below), and the cryptosystem that one should use is the one best suited for one's
particular purpose and which satisfies the requirements of security, reliability and
ease-of-use. Ease-of-use is easy to understand. Reliability means that the
cryptosystem, when used as its designer intended it to be used, will always reveal
exactly the information hidden when it is needed (in other words, that the ciphertext
will always be recoverable and the recovered data will be the same as to the original
plaintext). Security means that the cryptosystem will in fact keep the information
hidden from all but those persons intended to see it despite the attempts of others to
crack the system.
Ease-of-use is the quality easiest to ascertain. If the encryption key is a
sequence of 64 hexadecimal digits (a 256-bit key), such as:
B923A24C98D98F83E24234CF8492C384E9AD19A128B
3910F3904C324E920DA31
then you may have a problem not only in remembering it but also in using it (try
typing the sequence above a few times). With such a key it is necessary to write it
down or store it in a disk file, in which case there is the danger that it may be
discovered by someone else. Thus such a key is not only inconvenient to use but also
is a security risk.
The key used in Dolphin Encrypt is any typeable string of from 10 to 60
characters and thus may be a phrase which is easy to remember, e.g. "Lay on
MacDuff!" Spaces are not significant, and upper and lower case are equivalent, so you
don't have to remember whether the key is "Lay on MacDuff!" or "Lay on Macduff!"
Reliability is the quality next easiest to test for. If it is not possible to
provide a formal proof that the decryption of the encryption of the plaintext is always
identical to the plaintext it is at least possible to write software to perform multiple
encryptions and decryptions with many different keys to test for reliability (though this
testing cannot be exhaustive). Such software is provided with Dolphin Encrypt.
Finally there is the question of security. The security of a cryptosystem is
Page 48 of 94
always relative to the task it is intended to accomplish and the conditions under which
it will be used. A theoretically secure system becomes insecure if used by people who
write their encryption keys on pieces of paper which they stick to their computer
terminals.
In general a cryptosystem can never be shown to be completely secure
in practice, in the sense that without knowledge of the decryption key it is impossible
to recover the plaintext with real-world computing power in less than, say, a thousand
years. There is one cryptosystem known as the one-time pad, which is absolutely
secure, but in practice it is cumbersome and the key can be used only once without
compromising the security of the system.
In some cases it is possible to show that cracking a cryptosystem is
equivalent to solving some particular mathematical problem, e.g. the problem of
factoring large numbers ("large" here means numbers with several hundred decimal
digits). If many mathematicians working for many years have been unable to solve a
problem then this is a reason to regard a cryptosystem based on it as secure.
However, there is no guarantee that a solution to the mathematical problem may not
be found tomorrow, in which case the security of the cryptosystem would disappear
overnight (or at least, as soon as word got around).
In the case of PGP and other encryption software such as RIPEM which
rely on an asymmetric encryption algorithm known as the RSA Algorithm, it is widely
believed that these are secure if and only if the problem of factoring large numbers is
insoluble (that is, computationally infeasible in real time). Yet recently a claim has
been made, but has not been confirmed, that a method of cryptanalysis of the RSA
Algorithm has been found which does not depend on a general solution to the problem
of factor ing large numbers. A poster to the Usenet newsgroup sci.crypt (Francis
Barrett) has remarked:
Although factoring is believed to be hard, and factoring breaks RSA,
breaking RSA does not simplify factoring. Trivial non-factoring methods of breaking
RSA could therefore exist. Whether this paper [by William H. Payne] is legitimate
remains to be seen, but it is certainly not beyond the realm of possiblity.
Some have claimed that PGP is the most secure encryption program
available for PCs, a claim that does not withstand critical examination. Given two
encryption programs, each of which generates random-looking ciphertext, how does
one decide that one of them is "more secure" than the other - even if full details of the
encryption algorithms are known? Short of breaking one of the systems there is no
clear answer. If one cannot provide criteria for determining when one program is more
secure than another then it does not make sense to ask which is the most secure.
Brute force attacks upon a cryptosystem (a brute force attack involves
trying every possible key to decrypt some ciphertext until finding one that works) can
be compared since the average time required by a brute force attack is half the
number of possible keys multiplied by the time required to test each key (by using it to
decrypt the ciphertext and seeing whether anything intelligible results). It is true that
if the size of the key space associated with a cryptosystem is small (e.g. 2^16 =
65,536) then the cryptosystem is vulnerable to a brute force attack. But if a
cryptosystem has a large key space (e.g. the key space associated with Dolphin
Encrypt, whose size is about 10^109) then a brute force attack is not feasible and so
any weakness in the system, if it exists, must be sought elsewhere.
Some may wonder: When trying to decrypt an encoded message by
brute force, how does a computer know when it has succeeded? The answer is that in
a brute force attack one tries one key after another, and if a key is incorrect the
"decryption" will normally be garbage, i.e. will look like random bytes. There are
statistical tests for randomness that can easily distinguish random bytes from natural
Page 49 of 94
language, so if the output does not appear like garbage then it is probably the
plaintext, or at least is flagged for closer inspection. Randomness tests will distinguish
between garbage and natural language text regardless of what the natural language is.
More sensitive tests may actually be able to detect which natural language, since
natural language texts in different languages have different statistical qualities.
In general, the security of a cryptosystem can only be measured by its
resistance to actual attempts to break it in practice. Those that have been broken are
obviously insecure. (There are several commercially available PC encryption packages
that have been broken; see for example the articles by Kochanski in the bibliography
at the end of this article.) Those that have resisted the attentions of many
cryptanalysts for many years may be deemed secure, at least until better methods of
cryptanalysis are invented.
In the case of DES there has long been widespread suspicion that the
National Security Agency influenced its designers at IBM so that it was strong enough
to withstand most attacks but not strong enough to withstand the NSA computers.
The original design submitted by IBM permitted all 16 x 48 = 768 bits of
key used in the 16 rounds to be selected independently. A U.S. Senate Select
Committee ascertained in 1977 that the U.S. National Security Agency (NSA) was
instrumental in reducing the DES secret key to 56 bits that are each used many times,
although this had previously been denied by IBM ... (Massey, p.541.)
But the best attempts by cryptanalysts over the years have produced
only meager results (in particular, the demonstration of Adi Shamir that cryptanalysis
of DES ciphertext, in the simplest DES mode (electronic code book), can be done with
somewhat less effort than that required for a brute force attack). But recently a new
method of DES cryptanalysis has been proposed which involves the use of parallel
processing (using many computers simultaneously), and it now seems clear that for a
few million dollars a computer can be built which can crack DES ciphertext in a few
hours. Since NSA has practically unlimited funding and has the largest concentration of
computing power and mathematical talent in the world, it is likely that NSA possesses
the ability to decrypt DES ciphertext fairly easily.
NSA has, of course, never affirmed or denied their ability to crack DES.
(NSA also means Never Say Anything.) However, the absence of publication of a
demonstration that a particular cryptosystem has been cracked is no proof that it
hasn't. Anyone who discovered a way to crack DES, RSA, etc., could make a lot more
money by quietly providing a decryption service than by telling the world about his
discovery. In fact if he did announce it people would quickly stop using that
cryptosystem and he would have few clients.
When selecting a cryptosystem, or cryptographic software, you should
first consider what you want it to accomplish. There are numerous (legitimate) reasons
why you might wish to conceal information, for example:
Companies often possess data files on employees which are confidential,
such as medical records, salary records, etc. Employees will feel safer knowing that
these files are encrypted and are not accessible to casual inspection by data entry
clerks (who may be bribed to obtain information on someone). Individuals may share
working space with others, of whose honor they are not entirely sure, and may wish to
make certain that in their absence no-one will find anything by snooping about in their
hard disk. A company may wish to transfer sensitive business information between
sites such as branch offices. Or it may wish to send confidential information (for
example, a negotiating position, operating procedures or proprietary data) to an agent
in the field (perhaps abroad). If the information is encrypted before transmission then
one does not have to worry about it being intercepted since if this happens the
encrypted data is incomprehensible (without the encryption key).
Page 50 of 94
A company may have information that a competitor would like to see,

such as information concerning legal or financial problems, results of research, who the
customers are and what they are buying, information revealing violations of
government regulations, secret formulas or details of manufacturing processes, plans
for future expansion or for the development of new products. A person or company
may wish to transport to a distant location a computer which contains sensitive
information without being concerned that if the computer is examined en route (e.g.
by foreign customs agents) then the information will be revealed.
Two individuals may wish to correspond by email on matters that they
wish to keep private and be sure that no-one else is reading their mail. From the above
examples it can be seen that there are two general cases when encryption is needed:
(a) When information, once encrypted, is simply to be stored on-site (and invulnerable
to unauthorized access) until there is a need to access that information.
(b) When information is to be transmitted somewhere and it is encrypted so that if it
is intercepted before reaching its intended destination the interceptor will not find
anything they can make sense of.
In case (b) there arises the problem of secure key exchange. This
problem exists because the person who will decrypt the information is usually not the
same as the person who encrypted the information. Assuming that the decryptor is in
posssession of the decryption engine (normally a software program) how does the
decryptor know which decryption key to use? This information must be communicated
to the decryptor in some way. If, during the course of this communication, the key is
intercepted by a third party then that third party can intercept and decrypt the
ciphertext subsequently sent by the encryptor to the decryptor.
This is a problem which all users of symmetric key systems (e.g. DES
and Dolphin Encrypt) must face when transmitting encrypted data, because in such
systems the decryption key is the same as the encryption key. The encryptor can
choose any encryption key they wish, but how are they to communicate that key to the
decryptor in a secure way? Governments typically solve this problem by putting the
key in a locked briefcase, handcuffing it to the wrist of a trusted minion, and
despatching him with several armed guards to deliver the briefcase in person (typically
at an embassy in a foreign country). This solution is generally too expensive for
ordinary citizens.
If you know that your mail is not being opened then you can send the
key that way, but who can be sure of this? Even registered mail may be opened. The
best way to pass the key to whoever you will be sending encrypted material to is by
personal contact someplace where there is no chance of being observed. If this is not
possible then various less secure means are available. For example, if you used to live
in the same city as the person for some years then you might call them and say,
"Remember that restaurant in San Diego where we used to have breakfast? Remember
the name of that cute waitress? Let's use her name as the key." Then you have a key
that only you two know, unless someone has extensive information on your breakfast
habits in San Diego several years ago and the names of the waitresses you might have
come in contact with.
There is a class of cryptosystems knowns as "public key" systems which
were first developed in the 1970s to solve this problem of secure key exchange. These
are the systems referred to above as "asymmetric key" systems, in which the
decryption key is not the same as the encryption key. Such public key systems can, if
used properly, go a long way toward solving the problem of secure key exchange
because the encryption key can be given out to the world without compromising the
security of communication, provided that the decryption key is kept secret.
Let's say you wish to receive encrypted email from your girlfriend Alice.
Page 51 of 94
You call her and give her your public key - the one used to perform encryption. Alice
writes a passionate love letter, encrypts it with your public key and sends it to you.
You decrypt it with your private key. If your other girlfriend Cheryl intercepts this then
there is no way she can decrypt it because the public key (assumed to be known to
everyone and thus to her) is no good for decryption. Decryption can only be performed
with the private key, which only you know (unless Cheryl finds it written on a piece of
paper in the top drawer of the dresser under your socks).
A public key cryptosystem relies on some mathematical procedure to
generate the public and private keys. The mathematical nature of these systems
usually allows the security of the system to be measured by the difficulty of solving
some mathematical problem. There are numerous public key cryptosystems, the most
well known being the one based on the RSA Algorithm (which is patented by its
inventors, Rivest, Shamir and Adelman), which, as noted above, relies for its security
on the difficulty of factoring large numbers. There are other public key systems
available for licensing for commercial use, such as the LUC public key system (from
LUC Encryption Technology, Sierra Madre, CA), and one developed by the computer
manufacturer Next, Inc.
Public key cryptography has applications beyond the classical one of
hiding information. As a consequence of the encryption key and the decryption key
being different, public key cryptography makes possible digital signatures (for
authentification of documents) and digital forms of such activities as simultaneous
contract signing. Digital cash is also an idea which builds on the use of an asymmetric
cryptosystem.
Although public key cryptography in theory solves the problem of secure
key exchange, it does in general have a couple of disadvantages compared to
asymmetric (or secret) key systems. The first is speed. Generally public key systems,
such as PGP, are much slower than secret key systems, and so may be suitable for
encrypting small amounts of data, such as messages sent by email, but are not
suitable for bulk encryption, where it may be required to encrypt megabytes of data.
Secret key systems can be very fast (especially if implemented by instructions hard-
coded into chips rather than running in a computer's memory). The more complex
such a system is the slower it tends to be, but even complex systems are generally of
acceptable speed. For example, Dolphin Encrypt will encrypt and decrypt at about 30
Kb/sec on a 80486 PC running at 50 Mhz (equivalent to 1 megabyte in 35 seconds),
which is fast enough for most people.
The second disadvantage of public key systems is that there is a problem
of key validation. If you wish to send encrypted data to a person, Fred, say, and you
have obtained what is claimed to be Fred's public key, how do you know it really is
Fred's public key? What if a third party, Jack, were to publish a public key in Fred's
name? If Jack works for a U.S. intelligence or law enforcement agency and can monitor
communications channels used by Fred then he can intercept encrypted data sent to
Fred, including any message you send to him, and can then decrypt it (since he has
the corresponding private key). If Jack were really sneaky, and knew Fred's real public
key, he could re-encrypt your message to Fred using the real public key (perhaps after
altering your message in ways you might not approve of) and deliver it to Fred as if it
had come directly from you. Fred would then decrypt it with his private key and read a
message which he assumes is from you, but which may in fact be quite different from
what you sent. In theory Jack could sit in the middle of an assumed two-way email
correspondence between you and Fred, read everything each of you send to the other,
and pass to each of you faked messages saying anything he wanted you to believe was
from the other.
A recent contributor to sci.crypt (Terry Ritter, 11/29/93) wrote:
Page 52 of 94
When we have a secret-key cipher, we have the serious problem of transporting a key
in absolute secrecy. However, after we do this, we can depend on the cipher providing
its level of technical secrecy as long as the key is not exposed. When we have a public-
key cipher, we apparently have solved the problem of transporting a key. In fact,
however, we have only done so if we ignore the security requirement to validate that
key. Now, clearly, validation must be easier than secure transport, so it can be a big
advantage. But validation is not trivial, and many people do not understand that it is
necessary. When we have a public-key cipher and use an unvalidated key, our
messages could be exposed to a spoofer who has not had to "break" the cipher. The
spoofer has not had to break RSA. The spoofer has not had to break IDEA. Thus,
discussion of the technical strength of RSA and IDEA are insufficient to characterize the
overall strength of such a cipher. In contrast, discussion of the technical strength of a
secret-key cipher *IS* sufficient to characterize the strength of that cipher. Discussion
of the strength of public-key cipher mechanisms is irrelevant without a discussion of
the strength of the public-key validation protocol. Private-key ciphers need no such
protocol, nor any such discussion. And a public-key cipher which includes the required
key-validation protocol can be almost as much trouble as a secret-key cipher which
needs none.
When encryption is used in case (a), to be stored on-site (and
invulnerable to unauthorized access) until there is a need to access that information, a
secret key cryptosystem is clearly preferable, since such a system has the virtue of
speed, and there is no problem of key validation and no problem of key exchange
(since there is no need to transmit the encryption key to anyone other than by face-to-
face communication).
However, many people are still using secret key cryptosystems that are
relatively easy to break since those people don't know any better. For example, the
WordPerfect word processing program allows you to lock the information in a file by
means of a password. In a bad marriage one spouse might think that by locking their
WordPerfect files they can write what they like and not worry that the other spouse
might later use this against them. What the first spouse doesn't know is that there are
programs around that can automatically (and in a few seconds) find the password used
to lock a WordPerfect file.
In fact the WordPerfect encryption method (at least for Versions 5.1 and
earlier) has been shown to be very easy to break. Full descriptions are given in the
articles by Bennett, for Version 4.2, and by Bergen and Caelli, for Version 5.0 (see the
bibliography below).
Another case is the encryption scheme used by Microsoft's word
processing program Word. A method to crack encrypted Word files was published on
Usenet late in 1993, so this method of protecting information is now obsolete. There is
even a company, Access Data Recovery (in Orem, Utah) that sells software that
automatically recovers the passwords used to encrypt data in a number of commercial
software applications, including Lotus 123.
For a cryptosystem to be considered strong it should possess the
following properties (I shall illustrate these by reference to the Dolphin Encrypt file
encryption software):
(i) The security of a strong system resides with the secrecy of the key rather than with
the supposed secrecy of the algorithm. In other words, even if an attacker knows the
full details of the method used to encrypt and to decrypt, this should not allow him to
decrypt the ciphertext if he does not know the key which was used to encrypt it
(although obviously his task is even more difficult if he does not know the method).
The encryption algorithm used in Dolphin Encrypt is defined by the C source code for
the encryption and decryption functions, and this source code is part of a publicly
Page 53 of 94
available C function library (the Dolphin Encryption Library). The method is not secret
and its full details are available for examination to anyone who purchases the library.
(ii) A strong cryptosystem has a large keyspace, that is, there are very many possible
encryption keys. DES is considered by many to be flawed in this respect, because there
are only 2^56 (about 10^17) possible keys. The size of the keyspace associated with
Dolphin Encrypt is about 10^109, due to the fact that keys can be up to 60 characters
in length.
(iii) A strong cryptosystem will produce ciphertext which appears random to all
standard statistical tests. A full discussion of these tests is beyond the scope of an
introductory article such as this on the use of encryption software, but we may
consider one interesting test, the so-called kappa test, otherwise known as the index
of coincidence.
The idea behind this is as follows: Suppose that the elements of the
cipher text are any of the 256 possible bytes (0 through FF). Consider the ciphertext to
be a sequence of bytes (laid out in a row). Now duplicate this sequence and place it
beneath the first (with the first byte of the second sequence below the first byte of the
first sequence). We then have a sequence of pairs of identical bytes. Slide the lower
sequence to the right a certain distance, say, 8 places. Then count how many pairs
there are in which the bytes are identical. If the sequence of bytes were truly random
then we would expect about 1/256 of the pairs to consist of identical bytes, i.e. about
0.39% of them. It is not difficult to write a program which analyzes a file of data,
calculating the indices of coincidence (also known as the kappa value) for multiple
displacement values.
When we run such a program on ordinary English text we obtain values
such as the following ("IC" means "index of coincidence"):
Offset IC coincidences Typically only 80 or so different byte

1. 5.85% 2397 in 40968 values occur in a file of English text. If these byte
2. 6.23% 2551 in 40967 values occurred randomly then we would expect an
3. 9.23% 3780 in 40966 index of coincidence for each displacement of about
4. 8.31% 3406 in 40965 1/80, i.e. about 1.25%. However, the distribution of
5. 7.91% 3240 in 40964 characters in English text is not random ("e", "t" and
6. 7.88% 3227 in 40963 the space character occur most frequently), which is
7. 7.78% 3187 in 40962 why we obtain the larger IC values shown above.
8. 7.92% 3244 in 40961 The kappa test can be used to break a
weak cryptosystem, or at least, to provide a clue
9. 8.24% 3377 in 40960
toward breaking it. The index of coincidence for the
10. 7.98% 3268 in 40959
displacement equal to the length of the encryption
11. 8.16% 3341 in 40958
key will often be significantly higher than the other
12. 8.09% 3315 in 40957
indices, in which case one can infer the length of the
13. 8.15% 3337 in 40956 key.
14. 7.97% 3264 in 40955 For example, here are the indices of
15. 7.97% 3265 in 40954 coincidence for a file of ciphertext (2048 bytes in
16. 8.07% 3306 in 40953 size) produced by encrypting a text file using a weak
17. 8.04% 3293 in 40952 cryptosystem (one which was discussed on sci.crypt
18. 7.85% 3214 in 40951 in December 1993):
Offset IC coincidences 1 0.15% 3 in 2047 2 0.34% 7 in 2046 3 0.34% 7
in 2045 4 0.54% 11 in 2044 5 0.44% 9 in 2043 6 0.39% 8 in 2042 7 0.24% 5 in 2041
8 0.49% 10 in 2040 9 0.49% 10 in 2039 10 0.29% 6 in 2038 11 0.15% 3 in 2037 12
0.10% 2 in 2036 13 0.64% 13 in 2035 14 0.74% 15 in 2034 15 0.39% 8 in 2033 16
0.20% 4 in 2032 17 0.30% 6 in 2031 18 0.34% 7 in 2030.
256 different byte values occur in the ciphertext, so if it were to appear
Page 54 of 94
as random then the kappa value should be about 0.39% for each displacement. But
the kappa values for displacements 13 and 14 are significantly higher than the others,
suggesting that the length of the key used in the encryption was either 13 or 14. This
clue led to the decryption of the ciphertext and it turned out that the key length was in
fact 13.
As an example of how non-random some ciphertext produced by
commercial cryptosystems may be it is instructive to consider the proprietary
encryption algorithm used by the Norton Diskreet program. The file named
NORTON.INI, which comes with the Diskreet program, contains 530 bytes and 41
different byte values, including 403 instances of the byte value 0. The non-zero byte
values are dispersed among the zero values. If we encrypt this file using Diskreet's
proprietary encryption method and the key "ABCDEFGHIJ" we obtain a file,
NORTON.SEC, which contains 2048 bytes, including 1015 0-bytes. When we examine
this file with a hex editor we find that it consists of the letters "PNCICRYPT", seven 0-
bytes or 1-bytes, 1024 bytes of apparent gibberish (the ciphertext) and finally 1008 0-
bytes. Suppose we extract the 1024 bytes of ciphertext. There are 229 different byte
values in this ciphertext, so if it really appeared random we would expect the kappa
values to be about 1/229, i.e. about 0.44%. What we find is the following:
Offset IC coincidences 1 0.29% 3 in 1023 2 21.72% 222 in 1022 3
0.69% 7 in 1021 4 1.08% 11 in 1020 5 0.49% 5 in 1019 6 0.20% 2 in 1018 7 0.39%
4 in 1017 8 0.00% 0 in 1016 9 0.79% 8 in 1015 10 0.39% 4 in 1014 11 0.69% 7 in
1013 12 0.69% 7 in 1012 13 0.30% 3 in 1011 14 0.99% 10 in 1010 15 0.20% 2 in
1009 16 0.30% 3 in 1008 17 0.40% 4 in 1007 18 0.20% 2 in 1006 The figure of
21.72% for offset 2 is quite astounding. When we look at the ciphertext with a hex
editor we see that there are many lines which have a byte pattern:
xx yy aa bb aa bb cc dd cc dd ee ff ee ff gg hh gg hh ... that is, in which pairs of bytes
tend to be repeated, for example:
4B 25 4B 25 8D 28 8D 28 2D F8 2D F8 21 AC 21 AC E8 9E E8 9E F2 FC
F2 FC C6 C5 C6 C5 7E 4F 7E 4F B2 8B B2 8B 32 EE 32 EE 25 2C 25 2C A5 32 A5 32 8D
61 8D 61 E5 C1 E5 C1 D4 F7 D4 F7. This explains why sliding the ciphertext against
itself two places to the right produces such a large number of coincidences.
Clearly this ciphertext shows obvious regularities, and appears to be very
far from random. Such regularities are what a cryptanalyst looks for, as a clue to the
encryption method and to the key, and which a good cryptosystem denies him.
In contrast to Diskreet, Dolphin Encrypt encrypts the same file,
NORTON.INI, using the same key, to a file of 450 bytes (in which there are 207
different byte values, implying that the kappa values should be about 0.48% if the
ciphertext is to appear random) with kappa values as follows:
Offset IC coincidences 1 0.45% 2 in 449 2 0.45% 2 in 448 3 0.00% 0 in
447 4 0.45% 2 in 446 5 0.00% 0 in 445 6 0.23% 1 in 444 7 0.45% 2 in 443 8 0.23%
1 in 442 9 0.23% 1 in 441 10 0.23% 1 in 440 11 0.46% 2 in 439 12 0.23% 1 in 438
13 0.23% 1 in 437 14 0.46% 2 in 436 15 0.23% 1 in 435 16 0.69% 3 in 434 17
0.00% 0 in 433 18 0.46% 2 in 432 The essentially discrete distribution of these indices
of coincidence (0.00, 0.23, 0.46, 0.69) are due to the small size of the ciphertext (450
bytes). When we do the same test for a file of Dolphin ciphertext of size 60201 bytes
(in which there are 256 different byte values, implying a desired kappa value of
0.39%) we find:
Offset IC coincidences
1. 0.41% 248 in 60200
2. 0.43% 258 in 60199
3. 0.44% 263 in 60198
4. 0.43% 258 in 60197
Page 55 of 94
5. 0.43% 257 in 60196

6. 0.34% 205 in 60195 The kappa test, and other statistical
7. 0.40% 239 in 60194 tests, reveal no regularities in the ciphertext
8. 0.42% 252 in 60193 produced by Dolpin Encrypt (or by EZ-Crypt).
9. 0.40% 241 in 60192 When evaluating an encryption program
10. 0.40% 242 in 60191 it is reasonable to ask whether the cipher used is
11. 0.41% 247 in 60190 something as weak as a repeated exclusive-or
12. 0.36% 216 in 60189 cipher, in which the bytes of the key are repeatedly
13. 0.41% 245 in 60188 exclusive-or'd against those of the plaintext - the
sort of "crypto system designed by a 16-year-old on
14. 0.37% 223 in 60187
a long weekend" that some like to accuse very new
15. 0.36% 219 in 60186
system of being. In a such a crypto system each
16. 0.41% 247 in 60185
byte of the ciphertext is affected only by the
17. 0.40% 238 in 60184
corresponding byte in the key and not by every byte
18. 0.37% 222 in 60183 (or every bit) in the key. In this case the system is
generally easy to crack (by determining the length of the key, say n, and then
considering the n sets of bytes affected by each byte in the ciphertext). Some simple
tests of the encryption program may be performed to answer this question of the
extent of the dependence of each byte of the ciphertext on all of, or only on some of,
the bytes of the key. To illustrate in the case of Dolphin Encrypt:
A file, NULLFILE, of 50,000 zero-bytes (good for testing ciphers because
the plaintext consists entirely of a single byte value) was encrypted using Dolphin
Encrypt and two similar keys, "abcdefghij" and "abcdefghik". These keys differ only in
their final bit ('k' instead of 'j'). The ciphertext files produced were, respectively,
NULLFILE.E1 (length 1800 bytes) and NULLFILE.E2 (length 1830) bytes (Dolphin
Encrypt performs compression before encryption). A byte-by-byte file comparison
utility was run on the two output files, with the following result:
File 1: NULLFILE.E1 Filesize: 1800
File 2: NULLFILE.E2 Filesize: 1830
152 bytes are different. One byte is identical. 38 bytes are different. One
byte is identical. 31 bytes are different. One byte is identical. 174 bytes are different.
One byte is identical. 107 bytes are different. One byte is identical. 318 bytes are
different. One byte is identical. 155 bytes are different. One byte is identical. 175 bytes
are different. One byte is identical. 8 bytes are different. One byte is identical. 125
bytes are different. One byte is identical. 42 bytes are different. One byte is identical.
464 bytes are different.
Thus exactly 11 bytes, at apparently random locations, in the first 1800
bytes of the first file were the same as the bytes in the corresponding positions in the
second file. This is more-or-less what we would expect when comparing files which
consist of what appear to be random bytes and which are independent of each other
(since 1800/256 = 7.03).
A similar test is to take a string of characters such as "aabbccddee" and
encrypt it using two keys which differ by one bit. When this string is encrypted using
Dolphin Encrypt and the keys "abcdefghij" and "abcdefghik" (as before) the resulting
ciphertext is as follows (these are hexdumps of the two ciphertext files):
85 E0 08 22 F6 54 27 DE - 6A 1F A0 2C 8F C1 C7 D3 ...".T'.j..,.... 87 54 DF 59 CF 2F
75 64 - 82 D3 95 23 2A 70 3D EA .T.Y./ud...#*p=. D6 AB 12 1C 6D 9E 52 4E - 41 20
0A A9 E7 47 89 90 ....m.RNA ...G.. 47 2C 14 83 EF EE DB 44 - AD FA 2C 38 5C 89 E7
0F G,.....D..,8\... FE 6A EC 16 7C 55 33 EC - 51 2E 52 5C 30 9F 0B 00 .j..|U3.Q.R\0..
7C 11 91 7B 25 B6 66 10 - 24 B4 29 E1 14 88 12 00 |..{%.f.$.).... 49 03 E5 6A 10 99
37 24 - 98 B9 28 I..j..7$..(
A2 59 8D 70 B3 B0 44 D1 - C9 F9 54 EE CA 2E 4D 7C .Y.p..D...T...M| FE 39 72 7B F3
Page 56 of 94
C3 D6 87 - 64 EC 2A 5E AD ED D3 9D .9r{....d.*^.... 81 FC 40 CA DF 71 7A 97 - 42
26 FC 65 19 23 C6 08 ..@..qz.B&.e.#.. 76 7B AD CA 0A 71 F5 B2 - 51 DF 21 06 0A D9
0A 0E v{...q..Q.!..... EA 8D EA 14 88 C8 22 69 - B1 38 66 D1 89 DE 00 56 ......"i.8f...
V 0A F7 F6 C4 E9 57 B7 92 - BF E5 1C 58 8B 14 2F B7 .....W.....X../. 01 2F 00 CF 5E
06 69 4D - AD 43 F9 DC 94 ./ .^.iM.C...
The ciphertext produced is quite different even though the keys are
almost the same. In fact, each byte in the first ciphertext block is different from its
corresponding byte in the second ciphertext block.
When attempting to break a cipher this test is often one of the first to be
applied, namely, take some known plaintext and encrypt it with slightly different keys
and compare the resulting ciphertext to see whether a particular change in the key
produces a particular change in the ciphertext. With a strong cipher a change of a
single bit in the key will have a cascading effect, producing large changes in the
resulting ciphertext, as we see above.
As to the increase in size of the ciphertext in this case: Dolphin Encrypt
adds random bytes (a.k.a. garbage) to the ciphertext (this makes cryptanalysis of
the cipher more difficult), so very small files are increased. Larger ciphertext blocks (a
few Kb or more) are usually considerably smaller than the plaintext blocks because the
decrease in size resulting from compression is usually much more than the increase
resulting from interpolation of random bytes.
Selected Bibliography
Cryptology is an academic discipline which has implications for the

security of life and property, and thus there is a vast literature on the subject, often
highly technical in nature. Much of the research is secret and unpublished. The
following are just a few of the many books and journal articles available. The history of
codes and code-breaking is especially interesting. The best book on this subject is
David Kahn's The Codebreakers (the bound edition is recommended). Among the
following works those marked with an asterisk are more historical than technical and
tend to be somewhat easier reading. Those marked "#" contain commentary on some
contemporary political aspects of the civilian use of cryptography.
Andreassen, K.: Computer Cryptology, Prentice-Hall. Angluin, D. and Lichtenstein, D.:

Provable Security in Cryptosystems, Yale University, 1983. #Bamford, J.: The Puzzle
Palace, Penguin Books. #Barlow, J. P.: "Decrypting the Puzzle Palace",
Communications of the ACM, July 1992, pp. 25-31. Barker, W. G.: History of Codes
and Ciphers in the U.S., several volumes, Aegean Park Press, P. O. Box 2837, Laguna
Hills, CA 92654. Beker, H. and Piper, F.: Cipher Systems, Wiley, 1982. Bennett, J.:
"Analysis of the Encryption Algorithm Used in the WordPerfect Word Processing
Program", Cryptologia 11(4), pp. 206-210, 1987. Bergen, H. A. and Caelli, W. J.: "File
Security in WordPerfect 5.0", Cryptologia 15(1), pp. 57-66, January 1991. Biham, E.
and Shamir, A.: "Differential cryptanalysis of DES-like cryptosystems", Journal of
Cryptology, vol. 4, #1, pp. 3-72, 1991. Boyd, C.: "Anguish under Siege: High-Grade
Japanese Signal Intelligence and the Fall of Berlin", Cryptologia 8(3), July 1989, pp.
193-209. Brassard, G.: Modern Cryptology, Springer-Verlag, 1988. Deavours, C. A.
and Kruh, L.: Machine Cryptography and Modern Crypt- analysis, Artech House, 610
Washington St., Dedham, MA 02026, 1985. DeLaurentis, J. M.: "A Further Weakness in
the Common Modulus Protocol in the RSA Cryptoalgorithm", Cryptologia, 8(3), July
1984, pp. 253-259. Denning, D.: Cryptography and Data Security, Addison-Wesley,
1982. Diffie, W.: "The first ten years of public key cryptography", IEEE proceedings,
Page 57 of 94
76(5), 560--577, 1988. ---- and Hellman, M.: "Privacy and authentication: an
introduction to cryptography", IEEE proceedings, 67(3), 397-427, 1979. Feistel, H.:
"Cryptography and Computer Privacy", Scientific American, 228(5), pp. 15-23, 1973.
Flicke, W. F.: War Secrets in the Ether, Volumes 1 & 2, Aegean Park Press. Friedman,
W. F.: Solving German Codes in World War I, Aegean Park Press. ---- and Mendelsohn,
C. J.: The Zimmermann Telegram of 1917 and its Cryptographic Backround, Aegean
Park Press. Gaines, H. F.: Cryptanalysis, Dover, 1956. Garon, G. and Outerbridge, R.:
"DES watch: an examination of the sufficiency of the Data Encryption Standard for
financial institutions in the 1990's", Cryptologia 15(3), 1991, pp. 177-193. Hinsley, F.
H. et al.: British Intelligence in the Second World War, Cambridge U. P., volumes 1 - 4.
---- and Stripp, A. (eds.): Codebreakers: The Inside Story of Bletchley Park, Oxford
U.P., 1993. Held, G.: Top Secret Data Encryption Techniques, Sams Publishing, 1993.
Hellman, M.: "The mathematics of public key cryptography", Scientific American, pp.
130-139, 1979. Kahn, D.: The Codebreakers, Macmillan, 1967. ----: Seizing the
Enigma, Houghton Mifflin, 1991. Kochanski, M.: "A Survey of Data Insecurity
Packages", Cryptologia 11(1), pp. 1-15, 1987. ----: "Another Data Insecurity Package",
Cryptologia 12(3), pp.165-177, July 1988. Konheim, A. G.: Cryptography: A Primer,
John Wiley, 1981. #Kruh, L.: "The Control of Public Cryptography and Freedom of
Speech - A Review", Cryptologia 10(1), January 1986, pp. 2-9. Lysing, H.: Secret
Writing, Dover, 1974. Marotta, M.: The Code Book, Loompanics, 1987. Massey, J.: "An
Introduction to Contemporary Cryptology", IEEE Proceedings, 76(5), pp. 533-549, May
1988. Meyer, C. H., and Matyas, S. M.: Cryptography, John Wiley, 1982. #Pierce, K.
J.: "Public Cryptography, Arms Export Controls, and the First Amendment: A Need for
Legislation", Cornell International Law Journal, Vol. 17, No. 3 (Winter 1984), pp. 197-
236. Rivest, R. L., Shamir, A. and Adelman, L.: "A Method for Obtaining Digital
Signatures and Public-key Cryptosystems," Communications of the ACM, February
1979. Salomaa, A.: Public Key Cryptography, Springer-Verlag, 1990. Schneier, B.:
"Untangling Public Key Cryptography", Dr Dobb's Journal, May 1992, pp. 16-28. ----:
"The IDEA Encryption Algorithm", Dr Dobb's Journal, December 1993, pp. 50-56. ----:
Applied Cryptography, John Wiley & Sons, 1994. Simmons, G. (ed.): Contemporary
Cryptology: the Science of Information Integrity, IEEE Press, 1991. Smith, L. D.:
Cryptography, Dover, 1955. Weber, R. E.: United States Diplomatic Codes and Ciphers
1775-1938, Precedent, 1979. Welsh, D.: Codes and Cryptography, Claredon Press,
1988. Yardley, H. O.: The American Black Chamber, Ballantine 1981.
http://www.mycrypto.net/encryption/cryptography_intro.html
Private Key (Symmetric) Encryption
Private Key encryption, also referred to as conventional, single-key or

symmetric encryption was the only available option prior to the advent of Public Key
encryption in 1976. This form of encryption has been used throughout history by Julius
Caesar, the Navaho Indians, German U-Boat commanders to present day military,
government and private sector applications. It equires all parties that are
communicating to share a common key.
A conventional encryption scheme has five major parts:
Plaintext - this is the text message to which an algorithm is applied.

Encryption Algorithm - it performs mathematical operations to conduct
substitutions and transformations to the plaintext.
Page 58 of 94
Secret Key - This is the input for the algorithm as the key dictates the
encrypted outcome.
Ciphertext - This is the encrypted or scrambled message produced by
applying the algorithm to the plaintext message using the secret key.
Decryption Algorithm - This is the encryption algorithm in reverse. It
uses the ciphertext, and the secret key to derive the plaintext message.
When using this form of encryption, it is essential that the sender and
receiver have a way to exchange secret keys in a secure manner. If someone knows
the secret key and can figure out the algorithm, communications will be insecure.
There is also the need for a strong encryption algorithm. What this means is that if
someone were to have a ciphertext and a corresponding plaintext message, they would
be unable to determine the encryption algorithm.
There are two methods of breaking conventional/symmetric encryption -
brute force and cryptanalysis. Brute force is just as it sounds; using a method
(computer) to find all possible combinations and eventually determine the plaintext
message. Cryptanalysis is a form of attack that attacks the characteristics of the
algorithm to deduce a specific plaintext or the key used. One would then be able to
figure out the plaintext for all past and future messages that continue to use this
compromised setup.
http://www.mycrypto.net/encryption/private_key_encryption.html
Cracking Encryption Algorithms
Need for secure encryption algorithms
Good cryptographic systems should always be designed so that they are

as difficult to break as possible. Governments have always had concerns with strong
encryption fearing that it could be used against their countries by criminals.
Sophisticated technology is used by law enforcement agencies to decipher encrypted
information that might contain incriminating evidence. In theory one can break any
encryption algorithm by exhausting every key in a sequence. This brute force method
requires vast amounts of computing power as length of the key increase. For example
a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-
exportable version of RC4) takes 2^40 steps - this kind of computing power is
available in most universities and even small companies.
Encryption key lengths & hacking feasibility
Time & Cost/Key Time & Cost/Key

Type of Attacker Budget Tool
40 bit 56 bit
Scavenged computer Not feasible
Minimal 1 week
time
Regular User
38 years
$400 5 hours ($.08)
FPGA ($5,000)
1 556 days
Small Business $10,000 FPGA 12 min.($.08)
($5,000)
Corporate $300,000 FPGA 24 sec. ($.08) 19 days ($5,000)
Page 59 of 94
Department
2
ASIC 0.18 sec. ($.001) 3 hours ($38)
Large Corporation $10M ASIC 0.005 sec.($0.001) 6 min. ($38)
0.0002
Intelligence Agency $300M ASIC 12 sec. ($38)
sec.($0.001)
As key lengths increase, the number of combinations that must be tried

for a brute force attack increase exponentially. For example a 128-bit key would have
2^128 (3.402823669209e+38) total possible combinations. For example, to
theoretically crack the 128-bit IDEA key using brute force one would have to:
develop a CPU that can test 1 billion IDEA keys per second
build a parallel machine that consists of one million of these processors
mass produce them to an extent that everyone can own one hundred of these
machines
network them all together and start working through the 128 bit key space.
Assuming ideal performance and no downtime, one should be able to
exhaustively search the key-space in over 20,000 years. A common concern amongst
many is deciding what key length is secure. There is a metronome for technological
progress called Moore's Law which states that; "the number of components that can be
packed on a computer chip doubles every 18 months while the price stays the same" .
Essentially, this means that computing power per dollar doubles every eighteen
months. Using a derivative of this above law one can also say that, if a key length of
x is considered safe today, in 18 months the key length would have to be x+1
to keep up to par with the computing power. Recent studies performed by
independent scientists have shown that key lengths should be no less than 90-bits long
to ensure complete security for the next 20 years.
1
FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware
specifically designed for encryption/decryption.
2
ASIC (Application Specific Integrated Circuits) are also specialized hardware that can
test 200 million keys per second.
http://www.mycrypto.net/encryption/encryption_crack.html
Public Key Encryption
1976 saw the introduction of a radical new idea into the field of
cryptography. This idea centered around the premise of making the encryption and
decryption keys different - where the knowledge of one key would not allow a person
to find out the other. Public key encryption algorithms are based on the premise that
each sender and recipient has a private key, known only to him/her and a public key,
which can be known by anyone. Each encryption/decryption process requires at least
one public key and one private key. A key is a randomly generated set of numbers/
characters that is used to encrypt/decrypt information.
A public key encryption scheme has six major parts:
Plaintext - this is the text message to which an algorithm is applied.

Encryption Algorithm - it performs mathematical operations to conduct
Page 60 of 94
substitutions and transformations to the plaintext.

Public and Private Keys - these are a pair of keys where one is used for
encryption and the other for decryption.
Ciphertext - this is the encrypted or scrambled message produced by
applying the algorithm to the plaintext message using key.
Decryption Algorithm - This algorithm generates the ciphertext and the
matching key to produce the plaintext.
Selecting the Public and Private Keys
1. Select large prime numbers p and q and form n = pq.

2. Select an integer e > 1 such that GCD(e, (p - 1)(q - 1)) = 1.
3. Solve the congruence, ed 1 (mod (p - 1), (q - 1))
for an integer d where 1 < d < (p - 1)(q - 1).
4. The public encryption key is (e,n).
5. The private encryption key is (d,n).
The Encryption Process
• The process of encryption begins by converting the text to a pre hash code. This
code is generated using a mathematical formula.
• This pre hash code is encrypted by the software using the senders private key.
The private key would be generated using the algorithm used by the software.
• The encrypted pre hash code and the message are encrypted again using the
sender's private key.
• The next step is for the sender of the message to retrieve the public key of the
person this information is intended for.
• The sender encrypts the secret key with the recipient's public key, so only the
recipient can decrypt it with his/her private key, thus concluding the encryption
process.
1. Lookup the user's public key (e , n ).
2. Make sure that the message M is an integer such that 0 £M £n.
3. Compute, M ^ e C (mod n) where 0 £C £ n.
4. Transmit the integer C.
The Decryption Process
• The recipient uses his/her private key to decrypt the secret key.
• The recipient uses their private key along with the secret key to decipher the
encrypted pre hash code and the encrypted message.
• The recipient then retrieves the sender's public key. This public key is used to
decrypt the pre hash code and to verify the sender's identity.
• The recipient generates a post hash code from the message. If the post hash code
equals the pre hash code, then this verifies that the message has not been changed
en-route.
1. Use your private key (d , n ).
2. Receive the integer C, where 0 £C £n.
3. Compute, C ^ d R (mod n) where 0 £R £n.
4. R is the original message.
Page 61 of 94
Featured article:
A Primer on Public Key Encryption
by Charles C. Mann.
http://www.mycrypto.net/encryption/public_key_encryption.html
Encryption Algorithms
Different encryption algorithms use proprietory methods of generating

these keys and are therefore useful for different applications. Here are some nitty
gritty details about some of these encryption algorithms. Strong encyrption is often
discerend by the key length used by the algorithm.
RSA
In 1977, shortly after the idea of a public key system was proposed,
three mathematicians, Ron Rivest, Adi Shamir and Len Adleman gave a concrete
example of how such a method could be implemented. To honour them, the method
was referred to as the RSA Scheme. The system uses a private and a public key. To
start two large prime numbers are selected and then multiplied together; n=p*q.
If we let f(n) = (p-1) (q-1), and e>1 such that GCD(e, f(n))=1. Here e
will have a fairly large probability of being co-prime to f(n), if n is large enough and e
will be part of the encryption key. If we solve the Linear Diophantine equation; ed
congruent 1 (mod f(n)), for d. The pair of integers (e, n) are the public key and (d, n)
form the private key. Encryption of M can be accomplished by the following
expression; Me = qn + C where 0<= C < n. Decryption would be the inverse of the
encryption and could be expressed as; Cd congruent R (mod n) where 0<= R < n. RSA
is the most popular method for public key encryption and digital signatures today.
DES/3DES
The Data Encryption Standard (DES) was developed and endorsed by the
U.S. government in 1977 as an official standard and forms the basis not only for the
Automatic Teller Machines (ATM) PIN authentication but a variant is also utilized in
UNIX password encryption. DES is a block cipher with 64-bit block size that uses 56-bit
keys. Due to recent advances in computer technology, some experts no longer
consider DES secure against all attacks; since then Triple-DES (3DES) has emerged as
a stronger method. Using standard DES encryption, Triple-DES encrypts data three
times and uses a different key for at least one of the three passes giving it a
cumulative key size of 112-168 bits.
BLOWFISH
Blowfish is a symmetric block cipher just like DES or IDEA. It takes a

variable-length key, from 32 to 448 bits, making it ideal for both domestic and
exportable use. Bruce Schneier designed Blowfish in 1993 as a fast, free alternative to
the then existing encryption algorithms. Since then Blowfish has been analyzed
considerably, and is gaining acceptance as a strong encryption algorithm.
IDEA
Page 62 of 94
International Data Encryption Algorithm (IDEA) is an algorithm that was

developed by Dr. X. Lai and Prof. J. Massey in Switzerland in the early 1990s to replace
the DES standard. It uses the same key for encryption and decryption, like DES
operating on 8 bytes at a time. Unlike DES though it uses a 128 bit key. This key
length makes it impossible to break by simply trying every key, and no other means of
attack is known. It is a fast algorighm, and has also been implemented in hardware
chipsets, making it even faster.
SEAL
Rogaway and Coppersmith designed the Software-optimized Encryption

Algorithm (SEAL) in 1993. It is a Stream-Cipher, i.e., data to be encrypted is
continuously encrypted. Stream Ciphers are much faster than block ciphers (Blowfish,
IDEA, DES) but have a longer initialization phase during which a large set of tables is
done using the Secure Hash Algorithm. SEAL uses a 160 bit key for encryption and is
considered very safe.
RC4
RC4 is a cipher invented by Ron Rivest, co-inventor of the RSA Scheme.

It is used in a number of commercial systems like Lotus Notes and Netscape. It is a
cipher with a key size of up to 2048 bits (256 bytes), which on the brief examination
given it over the past year or so seems to be a relatively fast and strong cypher. It
creates a stream of random bytes and 'XORing' those bytes with the text. It is useful in
situations in which a new key can be chosen for each message.
http://www.mycrypto.net/encryption/crypto_algorithms.html
Cracking Encryption Algorithms
Need for secure encryption algorithms
Good cryptographic systems should always be designed so that they are

as difficult to break as possible. Governments have always had concerns with strong
encryption fearing that it could be used against their countries by criminals.
Sophisticated technology is used by law enforcement agencies to decipher encrypted
information that might contain incriminating evidence. In theory one can break any
encryption algorithm by exhausting every key in a sequence. This brute force method
requires vast amounts of computing power as length of the key increase. For example
a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-
exportable version of RC4) takes 2^40 steps - this kind of computing power is
available in most universities and even small companies.
Encryption key lengths & hacking feasibility
Page 63 of 94
Time & Cost/Key Time & Cost/Key

Type of Attacker Budget Tool
40 bit 56 bit
Scavenged computer Not feasible
Minimal 1 week
time
Regular User
38 years
$400 5 hours ($.08)
FPGA ($5,000)
1 556 days
Small Business $10,000 FPGA 12 min.($.08)
($5,000)
FPGA 24 sec. ($.08) 19 days ($5,000)
Corporate
$300,000
Department 2
ASIC 0.18 sec. ($.001) 3 hours ($38)
Large Corporation $10M ASIC 0.005 sec.($0.001) 6 min. ($38)
0.0002
Intelligence Agency $300M ASIC 12 sec. ($38)
sec.($0.001)
As key lengths increase, the number of combinations that must be tried

for a brute force attack increase exponentially. For example a 128-bit key would have
2^128 (3.402823669209e+38) total possible combinations. For example, to
theoretically crack the 128-bit IDEA key using brute force one would have to:
develop a CPU that can test 1 billion IDEA keys per second
build a parallel machine that consists of one million of these processors
mass produce them to an extent that everyone can own one hundred of these
machines
network them all together and start working through the 128 bit key space
Assuming ideal performance and no downtime, one should be able to
exhaustively search the key-space in over 20,000 years. A common concern amongst
many is deciding what key length is secure. There is a metronome for technological
progress called Moore's Law which states that; "the number of components that can be
packed on a computer chip doubles every 18 months while the price stays the same" .
Essentially, this means that computing power per dollar doubles every eighteen
months. Using a derivative of this above law one can also say that, if a key length of
x is considered safe today, in 18 months the key length would have to be x+1
to keep up to par with the computing power. Recent studies performed by
independent scientists have shown that key lengths should be no less than 90-bits long
to ensure complete security for the next 20 years.
1
FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware
specifically designed for encryption/decryption.
2
ASIC (Application Specific Integrated Circuits) are also specialized hardware that can
test 200 million keys per second.
http://www.mycrypto.net/encryption/encryption_crack.html
Encrypted Email
One of the most common uses of encryption is in electronic messaging.

Encryption can be used to secure email on public and private networks. Unlike e-mail
Page 64 of 94
on a private system, which goes directly to a mail server and resides there until it is
retrieved, Internet e-mail bounces from server to server on its way to a recipient. This
makes the transmission channel impossible to secure and provides numerous
opportunities for interception. Here it makes sense to secure the message itself by
using encryption. But private networks are not immune to the need for higher security
and often employ encryption to guarantee the integrity of the message.
Sending plaintext email is like sending a postcard - what type of
information do you disclose when mailing a postcard? When do you consider putting
the letter in an envelope to resist tampering and to protect your privacy? Similarly,
encrypting email is the first step to securing the contents of your message. One of the
most popular methods of email encryption is the use of public key encryption.
The two most widely fielded methods of email encryption are
PGP(http://www.pgpi.org/) (Pretty Good Privacy) and Entrust(http://www.entrust.com/).
The former provides solutions for both individuals and corporations while Entrust
focuses on the larger enterprise based secure messaging solutions. Also availabe to
individual users/small businesses is encrypted email on a web based platform through
Hushmail. This service allows you to send and receive email from their website, never
having to buy any software or have the need for extra infrastructure.
Also available is S/MIME (Secure / Multipurpose Internet Mail Extensions)
- a protocol that adds digital signatures and encryption to Internet MIME messages.
The MIME format allows the body of the message to be text, graphics, audio/video, etc
allowing one to encrypt multiple forms of newsgroup communications.
Encrypted mail enables the 'little guy' to decide how much privacy they
want and when and where they want it. The Tools section has resources one could use
for encrypted and anonymous email.
http://www.mycrypto.net/encryption/secure_email.html
Virtual Private Networks (VPNs)
Recent technological advances in broadband and dial data access offer a

more cost-effective solution for supporting large numbers of remote users, as well as
unprecedented network scalability and flexibility. These technology advances have
created virtual private networks (VPN) using public links. They can be used to provide
mobile workers with remote access to the corporate network - at the price of a local
call. As with any use of public networks, one sacrifices privacy for cost and availability.
Except a VPN is a network tunnel created for data transmission between two or more
authenticated parties. A secure VPN encrypts data before passing it through the
network tunnel. This creates an encrypted "pipe" between the user and the access
device ensuring data integrity/authenticity, and user privacy. Apart from providing
connectivity for remote users, VPNs can also be used to interconnect servers and
complete networks, creating entities known as Extranets.
Page 65 of 94
Virtual Private Networks can be implemented by using propreitory

systems from Nortel Networks, Cisco, Datafellows, Intel, Nokia, Checkpoint, Lucent
and others. Point to point VPNs can also be created using imbedded protocols in
Operating Systems like Windows 2000/XP/Linux or even by applications like PGP.
IPSec
The IP Security Protocol (IPSec) working group has defined a set of

specifications for cryptographically-based authentication, integrity, and confidentiality
services at the IP datagram layer. This protocol is intended to secure data
communications on the Internet and is one of the fastest growing security standards
worldwide. IPSec supports multiple algorithms and key management systems within its
design architecture.
http://www.mycrypto.net/encryption/data_vpn.html
Encryption Tools
There are many free and paid encryption tools available on the Internet.
Some better than others, but nonetheless one can setup a secure messaging system
(email encryption), secure transactions (SSL enabled web browsers) and secure
connectivity (VPNs and SSH) on a very small budget. Some of the small
business/individual solutions available include:
EMAIL
PGP - this is the defacto secure messaging standard on the Internet.

Network Associates has dropped this product suite but fortunately the strong user base
of PGP means it is likely to stay as the most popular email encryption tool.
Hushmail - here is another way of adding encryption to your email. But
unlike software tools (say PGP) it is a service built into web based email. With free and
paid service, one can get the flexibility of a web based email account combined with
the security of 1,024-bit encryption, digital signatures and support for the OpenPGP
standard.
Page 66 of 94
FILE ENCRYPTION
Private File - Private File is a fast and easy way to protect yourself and
your company by encrypting your files before sending them. With a simple drag-and-
drop, or a menu point-and-click, your information is safe. And with the strongest
encryption, you can be sure that no one but your desired recipient will be able to use
your information.
F-Secure FileCrypto - developed by Datafellows Corp, this is a long
standing file encryption application that supports strong encryption. Also comes for
Pocket PC.
ShyFile - free and paid versions of a strong encryption application that
lets you create self-executable, encrypted packages.
VPNs
PGP - certain versions of this applications allow point to point encrypted

VPN sessions.
Windows NT/2000/XP & Linux - they allow 'secure' data transmssion
between two nodes using the PPTP protocol.
http://www.mycrypto.net/encryption/encryption_tools.html
Encryption Resources
Here are some books with good information on Encryption/Cryptography:
Cryptography: Theory and Practice - Douglas R. Stinson's Cryptography:

Theory and Practice is a mathematically intensive examination of cryptography,
including ciphers, the Data Encryption Standard (DES), public key cryptography, one-
way hash functions, and digital signatures. Stinson's explication of "zero- sum proofs"-
-a process by which one person lets another person know that he or she has a
password without actually revealing any information--is especially good.
SSH, The Secure Shell: The Definitive Guide - You can't go wrong with
thisO'Rielly book - and this one is a mustall Unix users/admins as SSH quickly becomes
a popular choice for securing remote transfers and connections.
Handbook of Applied Cryptography - A hefty handbook for both novices
and experts, introducing practical aspects of conventional and public-key cryptography
and offering information on the latest techniques and algorithms in the field.
Mathematical treatments accompany practical discussions of areas including
pseudorandom bits and sequences, stream and block ciphers, hash functions, and
digital signatures.
The Internet has thousands of encryption/cryptography related resources.

Here are a few that cover a broad range of topics:
Radius.net Software Archive(http://crypto.radiusnet.net/archive/) - Your one stop shop for

any and all encryption related software.
Phil Zimmermann's Homepage(http://www.philzimmermann.com/) - The creator of PGP
Page 67 of 94
and a cryptography pioneer.

PGP Distribution site(http://web.mit.edu/network/pgp.html) - MIT Distribution Center for
PGP (Pretty Good Privacy).
Hushmail - Web based email with strong encryption.
AES(http://csrc.nist.gov/encryption/aes/index.html) - Information on AES (Advanced
Encryption Standard) from NIST.
Cryptographic Toolkit(http://csrc.nist.gov/encryption/index.html) - NIST's cryptography
standard.
Encryption and Linux - The Linux Encryption-HOWTO Homepage.
Cipher(http://www.ieee-security.org/cipher.html) - IEEE security and privacy newsletter.
C.R.I.S. - The Cryptography and Information Security Research Laboratory.
Encryption in the workplace(http://www.viacorp.com/crypto.html) - How electronic
encryption works and how it will change your business.
Encryption and computer crime(http://www.cybercrime.gov/crypto.html) - Computer Crime
and Intellectual Property Section (CCIPS).
Revised U.S. Encryption Export Control Regulations - As of January 2000.
http://www.mycrypto.net/encryption/encryption_resources.html
Privacy
• George Orwell's 1984

• Internet Privacy
• Identity Theft
• Privacy Resources
George Orwell's 1984
George Orwell was born as Eric Arthur Blair on June

25, 1903 in Motihari, Bengal, India. He served in the Indian
Imperial Police in Burma, fought in the Spanish Civil War, worked
as a producer for the BBC and was a special correspondent for
the Observer and Tribune. And of course he was a prolific writer
with such classics as 1984, Animal Farm, Burmese Days and his
collection of essays. Nineteen Eighty-four (1949), is a profound
anti-Utopian novel that examines the dangers of totalitarian rule.
Although Orwell expressed leftist views, he was a staunch
individualist and political idealist, and was called by his
contemporaries the conscience of his age.
The setting for the book Nineteen Eighty Four is
Airstrip One in the superstate Oceania, ruled by the "Party" and headed by "Big
Brother". In a grim city and a terrifying society, where "Big Brother" is always
Page 68 of 94
watching, the "Thought Police" can practically read your mind, the streets are dirty,
people are packed in ghetto like flats, food is rationed, and there is only one brand of
cigarettes and synthetic vodka. Everyting is owned by "Big Brother" and his face is on
every wall and telescreen - telescreens are much like television sets except the Party
uses them to spy on the people and there is only one propaganda channel. The Party's
agents constantly rewrite history. The official language is "Newspeak" and the society
is dominated by such slogans as "War is Peace", "Freedom is Slavery", "Ignorance is
Strength", etc. There with no free speech, no privacy, no private ownership, not even
freedom of thought.
Though the year 1984 came and passed, at first glance we find ourselves
far from the squalor and hardship professed by Orwell. But, many of his points
regarding the lack of privacy and freedoms are coming true. They might not be as
blatant as in his book, but they are being passed as laws and implemented every day.
It is not just governments around the world that want to gain this control, but
corporations are also looking to gain profits by getting more and more information on
their customers. The questions most often put forward are, 'Is individual privacy
dead?' and 'What is the role of technology as we slip into this type of society?'.
Technology has helped us live longer, more fuller lives but its unchecked applications
are also threatning our privacy. Luckily, we can use technology to protect ourselves as
we go about our daily lives.
A few decades ago, only governments and diplomats used encryption to
secure sensitive information. Today, secure encryption on the Internet is the key to
confidence for people wanting to protect their privacy, or doing business online. E-
Commerce, secure messaging, and virtual private networks are just some of the
applications that rely on encryption to ensure the safety of data. In many companies
that have proprietary or sensitive information, field personnel are required to encrypt
their entire laptops fearing that in the wrong hands this information could cause
millions of dollars in damage.
http://www.mycrypto.net/privacy/george_orwell_1984.html
Internet Privacy
The Internet is a great tool. As it becomes woven into our day to day
fabric, there are many more tasks that can be done on it. It is convinient, most people
in the developed world have access to it. And many organizations/corporations are
providing users with the tools to get stuff done on the Internet. Everyone from
governments (records, applications, taxes), businesses (shopping, services, bill
payments, banking) and individuals (research, communication, entertainment) are
using the Internet to conduct transactions.
But the Internet is a public network. That is, the access routes are for
the most part open to other traffic and users. It is also a medium to obtain
information, legally or not on a wide variety of people and things. So how can we make
sure that the Internet can be used without compromising privacy of the users? A tough
proposition that is getting harder every day. Like or not, websites collect information
about their visitors (cookies, logs). Information that includes how often they visit, what
links they click on, what they buy, etc. If you entered your name, age, or any other
demographic information, there is a good chance that it might be provided to other
firms to sell products/services or for analysis. Many times, the users are unaware of
exactly what is being collected/monitored. What happens to this personal information if
Page 69 of 94
the company has financial diffuculties and has to liquidate its assets? Is this
information a company asset, free to be sold to the highest bidder?
Internet applications like IE/Netscape have not really kept up either.
Privacy issues have been put on the back burner in an effort to compete for market
share which is predominantly based on ease of use and standards. Privacy is that
uncomformable issue that most people wish would go away. There are many other
tools like Anonymizer, McAfee Privacy Services and others that can help users sanitize
their computers and get an upper hand on what information they want on their
computers. These applications allow you to select what personal information you wish
to divulge and how to clean up your computer so as to negate any information or
statistics that might be collected on you while surfing. These tools and a good personal
firewall along with an anti-virus software are essential for every Internet user.
The Internet is also a great tool to learn about increasing your privacy
and securing private information. Check the privacy resources section for some other
excellent links. A book like the Complete Idiot's Guide to Internet Privacy and Security
can also be a valuable resource as an online privacy primer.
http://www.mycrypto.net/privacy/internet_privacy.html
Identity Theft
Identity theft is a growing problem in today's society. It is relatively easy

to pull off and very devastating for the victims. There are thousands of cases every
year where people see the fraudulent use of their identity to rack up credit card bills
and ruin their reputations and credit histories. The Internet is definitely a factor here
and is often pointed to as a culprit. But it can also be used to fight back and ensure
that ones privacy is maintained. Here are some simple on and offline steps to follow in
order to avoid identity theft.
ONLINE PRIVACY:
• Have you seen your credit report lately? You should check your credit report every 6
months to a year using one of many online credit report services.
• Use services and applications like Anonymizer or McAfee Privacy Services to control
what personal information is divulged to websites.
• Install a good personal firewall (Norton, Black Ice, etc) - here are some firewall
reviews.
• Use a good anti-virus software (Norton, McAfee, etc) and update signatures
regularly - here are some anti-virus reviews.
• Encrypt email communications using services like Hushmail.
• Have more than one email address, use free services like Yahoo!, Hotmail, or Spam
Bully (which has good anti-spam tools) for regular email.
• Upgrade your web browser and operating system to support strong (ie 128 bit +)
encryption.
• Do not divulge private information on the Internet, especially watch where you post
your resumes.
OFFLINE:
Page 70 of 94
• Get a secure mailbox/PO Box - one that won't allow someone to go through your
mail.
• Get an unlisted number and subscribe to caller id.
• Buy a shredder; destroy any and all unwanted documentation before discarding.
• Have access to legal representation to consult about your rights.
• Guard your Social Security Number (SSN).
• Diversify your assets and investments.
• Learn how to protect your customer privacy.
If you are an identity theft victim, contact your local police department ASAP and
implement all of the above suggestions. Check the privacy resources section for some
other excellent links. A good book like Identity Theft can also be a valuable resource as
an online privacy primer.
http://www.mycrypto.net/privacy/identity_theft.html
Privacy Resources
Here are some books with good information on protecting your privacy:
The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of
Surveillance. A nice change of pace from traditional analysis of algorithms and code,
instead the reader gets to see for him/herself just how the U.S. goverment is applying
them and the legislation on it. While most books on privacy and security issues in
cyberspace simply give accounts of debates on the issues, The Electronic Privacy
Papers documents the war - practically salvo by salvo.
How to be Invisible - This book is a must for anyone serious about protecting their
privacy. Has important information on privacy, asset protection, self-defense,
surveillance and more.
The Offshore Solution - NEVER PAY TAXES AGAIN! Learn why opening offshore bank
accounts might be in your best interest. Teaches you the basics about money.
Invasion of Privacy : How to Protect Yourself in the Digital Age - This book by Michael
Hyatt looks at how the government, industry, individuals, and interest groups have
access to personal information about you and how you can protect your personal
information.
The Internet has thousands of privacy related resources. Here are a few that
cover a broad range of topics:
Personal Firewall Reivew - Learn about some of the many personal firewall programs
available today. Compares them based on features and price.
Online Privacy Tools - Find reviews and comparisons of various online privacy tools and
services that allow somewhat anonymous web surfing.
Anonymous Surfering - Find how to surf the internet and send emails anonymously.
Check your Credit Reports - Have you seen your credit report lately? It should be
checked every 6-12 months to make sure that non-authorized transactions are not
tainting it.
Electronic Frontier Foundation - A special interest group working to make sure that
technology does not over-ride our fundamental rights.
Privacy Rights Clearinghouse - A nonprofit consumer education, research, and
Page 71 of 94
advocacy program.
Hushmail - Web based encrypted email - free and paid versions.
Electronic Privacy Information Center - Looks at the myriad of privacy issues faced in
the digital age.
Privacy.net - Another consumer information organization.
Personal Privacy - A privacy resource with archived articles, newsletters and more.
Andre Bacard's Privacy Page - Lists many privacy related resources.
Protecting Kids on the Internet - Keep your children safe on the Internet.
http://www.mycrypto.net/privacy/privacy_resources.html
Security
• Hacking
• Computer Security
• Operating Systems
• Security Resources
Computer Hacking and Security
With the rapid growth of the worldwide Internet user base, online
transactions are believed to reach well over a trillion dollars in the next three years.
With stakes this high, it makes sense for all parties involved to secure the Internet.
Haphazard handling of financial and personal information can lead to the Internet
being constantly associated with fraud and privacy abuses instead of being a viable
commerce medium. The goal for higher security starts with the individual user.
The term "hacker" has been around for a while. It originally referred to a
person not well versed with a computer trying different things to accomplish a task. To
hack was to figure out something through sheer trial and error or logical deduction.
Today, a hacker described as a person who breaks into computers for various reasons.
Crackers and script-kiddies are two other more commonly used terms describing those
involved in the break in or disruption of an online service.
Security problems can occur in any networked environment. Many of the
problems are related to the exploitation of the original design of the TCP/IP suite of
internetworking protocols, but the majority are due to configuration or operator errors.
Hackers are not just looking for websites or government computers to hack - utility
grids, emergency information systems, controls for dams and locks, financial
information, inter-banking information, military communications and much more
sensitive information travels on the Internet and other communication networks.
In broad terms, security threats can be classified as active and passive.
ACTIVE HACKING:
Active attacks involve the modification of transmitted data and attempts

to gain unauthorized access to systems. Data communication is based on a set of
handshakes to ensure the smooth and reliable flow of information. A hacker that is
Page 72 of 94
between a client and a server and is able to spoof (illegally duplicate) the IP address
and sequence numbers, can attack either machine in several ways. The hacker can
disable one of the machines and take the identity of the other, or the hacker can mimic
either machine and carry on conversations impersonating the other.
A hacker could also attach additional information to a client request and
strip the corresponding additional response from the packet before forwarding the
remaining response to the client's original request. All this while having access to
information that is assumed to be going back and forth between two 'trusted' systems.
Computer viruses and trojans are also examples of active attacks. They can disable
machines or in the case of trojans allow malicious hackers access to senstive
information by creating a back door.
PASSIVE HACKING:
Passive attacks have to do with evesdropping and monitoring

transmissions. All electronic transmissions (email, WWW, telenet, etc) can theoretically
be monitored. Since most computers (and the whole Internet) is part of network(s),
spying on data transmissions is a major concern. One of the earliest and most
sophisticated passive evesdropping example comes to us from the Cold War. The US
Navy was able to 'tap' into Soviet undersea fiber optic lines by using special submaries
and for years had complete knowledge of that set of communications. On the Internet,
protocols like HTTP, FTP and telnet are non-encrypted modes of communications that
can easily be compromised. Therefore, encrypted versions (HTTPS, SSH, etc) should
be used when transmitting sensitve information.
Refer to the resources section for other interesting links and sources,
consider a personal firewall router and check these personal firewall reviews.
http://www.mycrypto.net/underground/hack.html
Computer Security
There are three data security concerns that need to be addressed -

confidentiality, authentication, and non-repudiatability. Confidentiality ensures that the
data is readable only by the intended recipients. Authentication provides protection
against unauthorized access or forgeries. Non-repudiatability ensures that someone
cannot deny having conducted a transaction . The steps needed to curb the security
concerns on the Internet are three fold. First is a balance between industry self-
regulation and laws to deter unscrupulous practices. Second would be the education of
the Internet user base on their rights and tools to ensure their protection while online.
Lastly, the continuous advent of technology as it matures the Internet and provides us
with newer more powerful tools that will enhance the current economic boom that
many regard as an Internet phenomenon.
So how do you secure sensitive data? Well if it is so sensitive that it

cannot be comprimised under any circumstances, then the only sure fire security
precaution is to take it off any networks. There must be an "air gap" between this
system and the rest of the network. But first one would be to ensure that the physical
location has been secured. Access to the network would be limited to those who need
it and control be exercised by a combination of security methods (passwords,
smartcards, biometrics). Biometrics always brings up the question of privacy. And in
Page 73 of 94
applications where the masses would be affected, this is a valid concern. But
biometrics can be very useful if one is trying to control access or verify the identity of a
smaller number of people. This is also advisable due to the error rates currently seen
in biometric systems (~ 0.01%). And the answer to securing data during transmission
is Encryption.
When it comes to personal computers, ensuring security is a more
manageble matter. If you store sensitive material on your home computer you should
consider using an encryption program like PGP or Private File. Any computer that is
connected to a broadband (DSL/Cable/Satellite) connection requires an extra layer of
protection. You should consider either a good personal firewall and/or a firewall router
- the firewall router will also allow you to share your internet connection with other PCs
in your home.
Featured security articles:
• Fortress mentality fails

By Tyler Hamilton.
• Cable modem hacking goes mainstream
By Kevin Poulsen.
• Are You Safe? What You Need To Know To Protect Yourself And Your Business
By Phillip Jen.
Fortress mentality fails
Tyler Hamilton
Why should protecting a computer network be any different than

securing your home, the neighbourhood jewelry store or the local bank? It's a simple
question, one that computer security expert Bruce Schneier posed to his audience
during a seminar in Toronto last week.
As far as Schneier is concerned, most companies miss the mark when it
comes to computer security. They treat their networks like a village fortress, where the
good guys hide behind a large wall —— a software firewall —— created to keep out the
bad guys. The dangerous assumption here is that all the good guys really are good
guys. It doesn't address the problem of rogue employees, or the fact that mistakes do
happen, or what happens when the wall crumbles.
"Everyone is trying to regain a fortress around their computer centre,"
said Schneier, adding that much of the security technology on the market these days
either creates these fortresses or attempts to plug up their holes. "This is failing
miserably." Schneier, founder and chief technical officer of Counterpane Internet
Security Inc. in Cupertino, Calif., said organizations have to view networks in the
context of modern-day communities, where good and bad folks mingle together and
where threats lurk around every corner. A place is unpredictable, as are the people in
it —— this remains true whether there's a wall around it or not.
For this reason, cities call for multiple levels of security, requiring a
combination of people (security firms, the police, firefighters, health-care workers),
processes and procedures that technology alone can't provide. Schneier says the same
thinking should apply to networks. Cure-alls such as firewalls or encryption can't do it
all. He didn't always hold this view. Schneier, a veteran cryptographer, once held the
Page 74 of 94
belief that all security and privacy concerns could be solved through mathematics and
the application of encryption technology.
It's a view he espoused in his classic work Applied Cryptography,
published in 1993. But he had a change of heart in the late 1990s after realizing that
technology is prone to failure and encryption offers no guarantees. This led to his book
Secrets & Lies, published in 2000, which he wrote to "partly correct a mistake" —— his
belief at the time that cryptography was the great "technological equalizer," capable of
giving a person with a cheap computer the same security as the National Security
Agency.
"It's just not true," he wrote. "Cryptography can't do any of that . . .
cryptography doesn't exist in a vacuum." He repeated this message last week in
Toronto, emphasizing the important role that we humans play in this complicated
equation. "Automated security is flawed," he said. "Only humans can react to new
situations and threats."
Take your home. Is locking the doors and windows enough these days
to keep out burglars? A locked door might be a slight deterrence, but once somebody
decides to break through, then what? The same can be said for a home security
system. When the window is broken and the alarm goes off, what's stopping the thief
from taking your stuff? The answer is "people." Somewhere in a security strategy there
must be a human, 24 hours a day, who can be notified of a situation, who can analyze
it, and who can respond accordingly. It may be the owner of the house, aided by a
24/7 home security firm hired to monitor all alarms. The ultimate backup is the local
police or fire department.
It's not enough to try to prevent an attack or break-in. An assumption
should be made that one is possible —— and likely —— turning attention to response.
"What matters at the moment of the attack is who is defending you?" In this regard,
Schneier says there hasn't been much change with respect to the terrorist attacks on
Sept. 11 and promises to beef up security in the aftermath.
"There's a whole lot of smoke and not a lot of actual stuff being done,"
he says. "I've heard a whole lot of rhetoric, a whole lot of companies saying `Buy my
technology and it will magically make you safe again.' "In our society it's very much
give me the pill that will make me better. Give me the technology and make me safer.
We want to go to the store, put down a credit card and buy the answer. And,
unfortunately, the answer is more complicated than that."
Touching on the topic of airline security, he said it won't be facial
recognition software and fancy scanners that will save the day, nor will it be increased
government surveillance, more data-gathering by the FBI or a move to centralize all
government databases. "The two most effective security measure post-9/11 is
reinforcing cockpit doors and teaching the passengers to fight back," he said.
The latter point refers to the passengers on the United Airlines flight that
crashed in Pennsylvania. After learning that two other planes had been hijacked and
crashed into the World Trade Center, they altered their behaviour to meet the
demands of a situation. Normally, passengers are inclined — indeed, they are told — to
remain calm until a hijacked plane is safely landed, which happens most of the time.
This is likely what the passengers of the other three jets were thinking.
Those on the fourth jet adapted, based on new information. "It's a perfect example of
the human consciousness reconfiguring itself live, in real-time to a new threat," said
Schneier. "If that was a software change, it would still be in beta now."
The fourth plane did crash, but the actions of those brave passengers
likely prevented many more deaths. An assumption was made at the time that damage
had already been done. The reaction was to minimize the damage. Network security
needs the same approach. Companies should start thinking less about protecting their
Page 75 of 94
networks 100 per cent of the time, and start thinking more what they would do if their
networks were breached.
"Complex systems are insecure, and that's not going away," said Schneier. (The
Toronto Star)
http://www.mycrypto.net/underground/security_fortress.html
Cable Modem Hacking
Kevin Poulsen
An ambitious hackware project promises to bring illicit broadband

"uncapping" to the masses, and with it the risks that come with high-speed hijinks.
From a pitiable 56kbps AOL dial-up somewhere in suburban Colorado, 19-year-old
Myko Hein would like to tap out this sad, regretful message to the powers-that-be at
his former cable Internet provider, AT&T Broadband: I was wrong. It'll never happen
again. Please take me back.
Just last month Hein thought of AT&T's service as unbearably slow --
acceptable, perhaps, for sending e-mail, but pure molasses when it came to trading
software in Internet chat rooms. Hein's thirst for speed finally drove him to employ a
sophisticated hack that "uncapped" his cable modem, obliterating the bandwidth limit
imposed by the company, and granting him speed beyond the dreams of hotwired
youth.
But it only took six hours for AT&T to catch Hein, cut him off, and ban
him from their network for life. "They said they considered it theft of service," recalls
Hein. "There were no second chances."
It's easy to see the hot rod appeal of tinkering with one's cable modem
to tap into ridiculously high data speeds, and uncapping has become a popular exercise
in the bandwidth-hungry "warez" and movie-trading underground. Today, the most
common target is Motorola's popular Surfboard line of cable modems. Hackers
generate a replacement configuration file for the modem that omits the capacity limits
installed by the service provider. They then trick the modem into accepting the bogus
file.
In addition to violating the typical broadband service agreement, there
can be an anti-social aspect to uncapping. Providers put capacity limits in their
subscriber's modems to prevent each user from taking more than their fair share of
the bandwidth available on each node. In other words, if a user uncaps his or her
modem and starts hogging bandwidth during peak hours, neighbors will suffer reduced
performance. Uncapping sometimes robs Peter to pay Paul.
Instructions for pulling off the configuration file hack have been on the
Web for at least a year, and chat rooms and Web boards are crowded with uncappers
trading tips and experiences. But AT&T Broadband describes it as a minor problem, at
worst. "I don't think it's something that's rampant," says spokesperson Sarah Eder.
"It's not widespread."
Uncapping Prometheus
If cable modem hacking hasn't become a huge problem for service

providers, it's probably because the process remains intimidating for non-technical
Page 76 of 94
users. The subscriber has to program a DOCSIS configuration file with a special editor,
run their own TFTP server, change their IP address and run an DHCP server that tricks
the modem into pulling the config file from their host. Dedicated hobbyists have
refined the procedure and written tools to automate key portions of it, but pitfalls and
caveats abound.
But that's all about to change, with the pending release of "OneStep," a
user-friendly all-in-one tool that promises to make cable modem uncapping a point-
and-click sport.
The work of a dangerously unemployed U.S. coder who calls himself
"DerEngel," working with a colleague named "Byter", OneStep is described as a 30
megabyte monster of a program that rolls up all the various servers and spoofers
needed to pull off a cable modem hack. It then hides it all behind a pretty interface
with pull-down menus for selecting your service provider, modem make and model,
and even the new speed limit you'd like to put on your modem -- in case you don't
want the full 10 Mbs Ethernet speed.
So far, the beta version is closely held, but few in the uncapping scene
dismiss OneStep as vaporware. DerEngel is already famous as the underground
Prometheus of super-broadband -- the author of several publicly released programs
that automate some of the steps in the uncapping process, and the host of a popular
how-to site and chat system dedicated to uncapping. In an IRC interview, DerEngel
said he plans to release OneStep in late May, and he expects it to open up the arcane
art of uncapping to the masses. "It will be the first program of its kind," says the
coder.
Speed Kills?
But what about the consequences? Myko Hein suffers a low-bandwidth

exile as a result of his six hours of living dangerously. His father, who shared the
household cable modem, now has to slog into work every day -- the dial-up is too slow
for telecommuting. The only other broadband available in his neighborhood is IDSL
service from the phone company, which would break his family's budget at over $100
a month.
Hein insists he didn't even know he was violating his service agreement,
and claims the uncapping was done by an automated script passed to him by a friend
on IRC -- a kind of OneStep Lite, written specifically for his service provider, modem
and operating system, which he mistook for a perfectly normal connection optimizing
tool. Without commenting on any particular case, AT&T Broadband claims it doesn't
automatically ban a user for uncapping, and wouldn't have cut Hein off without
warning unless there were aggravating factors. "We handle this on a case-by-case
basis, and if someone is uncapping their service they could have their service
terminated," says AT&T's Eder. "But there are all kinds of things that we have to take
into account in an investigation."
DerEngel says smart uncappers know how to avoid detection. In any
case, OneStep will provide disclaimers and warning statements so that the easy-to-use
program will not tempt the truly innocent. Hein, who wanted more and wound up with
far less, offers this advice: "Don't uncap your stuff," he says miserably. "Just don't."
(SecurityFocus)
http://www.mycrypto.net/underground/cable_modem_hacking.html
Page 77 of 94
What You Need To Know To Protect Yourself And Your Business
Phillip Jen
With the advent of the computer and Internet age, computer security
and Internet safety has suddenly become a major concern for all users. No longer is
your information safe and secure behind locked doors or safe deposit boxes.
Information can be stolen from within your computer system using just a few simple
commands and unscrupulous people can invade your homes or businesses via the
Internet.
Personal computers, commercially available operating systems (that
would be Windows!) and e-mail contain no effective protection against unauthorized
access or theft of your confidential data stored on data disks and hard drives. A clever
(read devious) hacker can read and steal your confidential data while you check your
e-mail or while your are away from your computer. Enormous financial losses through
theft of proprietary information have been reported and are increasing at intolerable
rates. More alarmingly, countless undetected incidences of theft are continuously
occurring and only detected when it is too late.
How then can you protect your data while at lunch, on vacation or
business trips? Answers to these questions are many and involve the most
rudimentary solutions to high tech gadgetry. The following are 9 ways to protect
yourself going from the least practical to best option.
9. Locking your computer within theft secure cabinets or closets is an effective way of
safeguarding your data (I did say rudimentory!). This method is an option only if you
have the energy, time and a safe and secure place to store your computer.
8. You may have the option of removing your hard drive from your personal computer
and taking it with you. This method is very effective in preventing data theft but is
laborious and also places you in danger of accidentally loosing your most prized
information. Further, in today's on- the-go business environment, not many people are
willing to sacrifice their time and energy to remove the hard drive every time they step
away from their desks.
7. You may also take your computer with you. However, similar to the method of
removing your hard drive your may run the risk of loosing your computer.
6. You may also place all your sensitive files onto a floppy disk or other data storage
device (e.g. Jaz, Zip etc.) and take it with you. Again, this method is effective but is
also laborious and is not immune to simple human error such as loosing your disks.
5. A bios lock is effective against intrusion attempts by novices but this method can
easily be bypassed by simple manipulation of hardware.
4. A simple power lock designed to attach to your power source can be used to prevent
data theft. This method may be effective for desktop computers during short trips
away from your desk but it is not the answer for all other battery- powered computers.
3. Computer security programs (software only) are available to prevent unauthorized
access by using a password based security procedure. However, software-based
systems are only effective against break in attempts by novices and can be by-passed
with simple software manipulation.
2. Hardware/software systems are available to protect your computer more securely
than software only systems. They comprise dual security functions of software and a
hardware key that makes unauthorized access more difficult. Nevertheless, these
systems are designed for modest protection from data theft and are most effective for
blocking unauthorized access when you step away from your computer for a short
Page 78 of 94
period of time. These security systems are usually based on a blocking screen format.
Once the system is activated (via password or by removing the smart card or token
from their respective readers) the blocking screen will appear and eliminate the
possibility of unauthorized users accessing data files. These systems are solutions for
moderate security but can be bypassed given enough time alone with the computer.
VirtualGate is one example of this type of security system. For more information go to
http://www.armadillo.com.hk/virtualgate.htm
1. Encryption software and/or crypto-hardware/software systems are very effective
against data theft and are commonly used by financial institutions, governments and
large corporations. This is by far the best solution as it combines many of the
advantages of the previous systems. For more information check out GateKeeper at
http://www.armadillo.com.hk/gatekeeper.htm.
Dr. Phillip Jen Ph.D. Professor at CUHK (Chinese University of Hong Kong)
http://www.mycrypto.net/underground/protection.html
Operating Systems Security
Needless to say, all operating systems are not created equal. None most
popular operating systems of today were developed with secure electronic commerce
in mind.
Unix is the oldest and most widely used networking operating system in
use today. Unix has the advantage of having been hacked and patched by hackers and
crackers for decades. One of the most popular Unix derivatives is Linux, developed by
Linus Torvalds and now maintained by thousands of volunteers and many software
companies. But Linux still has flaws that are being discovered every day. It is
extremely important to monitor these occurances and apply the necessary patched
when they are made available.
Microsoft's Windows platform has seen unprecidented growth as a server
and client platform. Whether it be in the millions of home PCs, on the Internet or on
corporate LANs, its popularity has caught the fancy of many hackers.
Refer to the security resources page for more helpful links and ideas on
securing operating systems.
Computer Security Resources

Here are some books with good information on Hacking/Security:
The CERT(R) Guide to System and Network Security Practices - This book guides you
through the step-by-step process of developing a comprehensive security program.
Auditing and Security: AS/400, NT, UNIX, Networks, and
Disaster Recovery Plans - A one stop shop for those who want to secure their IT
systems. Ideal for sysadmins, IT managers, auditors and CIOs.
Hacking Exposed: Network Security Secrets & Solutions - A good book for those still
learning their way around - takes an offensive approach to hacking and finds
interesting ways to drive home the important points.
The Internet has thousands of hacking/security related resources. Here are a

few that cover a broad range of topics:
Anti-Virus Review (http://www.teleworker.org/tools/virus.html) - Read about various
Page 79 of 94
anti-virus software packages, including their features and prices.

Remote Access Software Review
(http://www.teleworker.org/tools/remote_access.html)- Compares some of today's
best remote access software packages and services based on price and features.
Security Resources - Site with information on network/computer security, operating
system vulnerabilities and encryption.
Security Alerts - Sites that list security alerts for all operating systems, hardware and
software.
NT Security News - News, alerts, resources and information concerning NT security
issues.
Unix Network Security Tools - Freeware/opensource tools.
Introduction to Network Security - The original (1997) text available online.
Home Network Security - A must read for every Internet user.

Terrorism Research - Follows the other important aspect of security - terrorism,
including its history and cyberterrorism.
Linux Documentation Project - Central source for manuals, guides, man pages,
HOWTOs, FAQs, etc.
Firewall Forensics - Find out what your firewall logs are really saying.
Page 80 of 94
http://www.darkreading.com/
Computer Security's Six Most Important Words Of 2008
For good or ill, these six words were top of mind for security pros -- and hackers -- in
the past year
By Tim Wilson, DarkReading

Dec. 24, 2008
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=212501928
OK, here they are, in alphabetical order, the six most important words in
IT security in 2008: botnets, cyberwar, downturn, DNS, enablement, and Obama.
That's it. You can go about your business now.
Still here? OK, maybe you want a little explanation as to why these
words were so important in 2008. Geez, you're a hard person to satisfy.
Well, if you must know, 2008 was a year of tectonic shifts in IT security.
The technologies changed, the economy changed, and the role of security changed.
Heck, even the people who make the laws about security changed. You could hardly
swing a dead server without hitting some major security-shifting event, and most of
those events will continue to have repercussions throughout the new year.
Howzzat? Still not enough? Fine. If you need somebody to spell it out for
you, we will. Let's look more closely at the six words and what they meant for security
in the past year.
Botnets
No, botnets weren't new in 2008. (Dang, we've hardly started, and
you're already arguing with us. Do we have to turn this car around and go home?) But
in 2008, botnets emerged as a chief method for delivering unwelcome attacks, from
malware infections to simple spam. In 2008, we saw how big botnets could become.
We started out the year with Storm, a holdover from 2007 that was just
hitting its stride as we began 2008. In the first half, Storm was blamed for a wide
range of crimes, including widespread phishing attacks and illegal pharmaceutical
sales. In the end, Storm became more of an ill wind than a hurricane, but it gave us an
idea of what a "botnet for hire" can do.
The year also brought the resurgence of other botnets, including Kraken
and Srizbi, which both found ways to outdo Storm. The industry also saw how
pervasive botnets had become when, on two occasions, the rugs were pulled out from
under them. The shutdown of two botnet "carrier networks" -- Atrivo and McColo --
made a significant impact on botnet operations, and actually caused temporary
slowdowns in the distribution of spam and malware.
Page 81 of 94
Cyberwar
We know, we know, cyberwar didn't start in 2008. (Doggone it, will you
just sit down and be quiet? You're going to put someone's eye out.) But the attacks by
Russian entities on Estonian government Websites and computers in the spring of 2007
opened a new can of worms that governments and researchers across the world were
wrestling with through much of 2008.
For one thing, the attacks from Russia extended to other former Soviet
republics, including Lithuania and the Republic of Georgia. Such events, along with
ongoing cyberattacks in Iraq and other warring regions, helped demonstrate that
cyberwarfare is becoming as standard-issue for modern armies and terrorist
organizations as guns and grenades. In fact, as the Russia-Georgia conflict proved,
cyberattacks can be a precursor to more tangible military action.
These heated cyberconflicts have led to a wide range of "test" attacks
between governments. China, especially, has been accused of wielding its
cyberweapons against governments across the world, from neighboring Taiwan to sites
in Pennsylvania. The governments of Australia, France, Germany, and the United
Kingdom. have also reported successful attacks from China during the past year or so,
though the Chinese government generally denies any involvement.
Here in the United States, a number of hearings and reports in 2008
warned that the American infrastructure is not ready to defend itself against
sophisticated cyberattacks from other countries. The "big one" didn't come this year,
but some experts say it's only a matter of time.
Downturn
Like every other aspect of business across the globe, IT security has
been affected by the historic economic shifts that have occurred during the past year.
Aside from the obvious re-evaluations of security spending and the predictions of
security market consolidation, perhaps the most game-changing aspect of the
economic downturn is the rapid rise of financially motivated cybercrime.
In a nutshell, experts say, a poor economy brings higher rates of crime;
as the market for legitimate technologies decreases, the market for criminal exploits
increases. These criminal exploits might come from outside the company, or they
might be seen in the form of internal attacks from employees and trading partners.
Both types of attacks increased in 2008.
Most pundits agree that 2008 represents only the beginning of the
increase in cybercrime rates. As long as the economy is in a tailspin, they say, the
instance of computer crime will continue to skyrocket.
DNS
A look back at IT security developments in 2008 would hardly be

complete without mentioning the Kaminsky vulnerability, a design flaw in the
Internet's Domain Name Server (DNS) functionality that could potentially allow
attackers to hijack sessions and send users to sites that are unintended or malicious.
Security researcher Dan Kaminsky, who discovered the flaw, outlined some very real
threats posed by the DNS flaw when he finally revealed its details in August.
Page 82 of 94
Kaminsky's process for revealing the flaw might have been as important
as the details of the vulnerability itself. For the first time ever, he gathered the major
DNS vendors, revealed the flaw to them simultaneously, and then agreed to try to
keep the details under wraps until they all had a chance to develop and deploy
patches.
The slow rollout of the DNS vulnerability was only partially successful,
but it set a new precedent for disclosure that was later used by other researchers
during the year, as well. And it raised a firestorm of discussion in the security
community as to when vulnerabilities are important enough to merit special disclosure
treatment.
Enablement
It's hard to pinpoint a single event that sparked it, but 2008 was clearly
marked by a new message about IT security: It's no longer about limiting access -- it's
about enabling it. Security vendors and IT managers alike have embraced this
message, setting up the security manager as the guy who sometimes says "yes"
instead of always saying "no."
One company that has been consistently preaching this sermon during
the past year is Palo Alto Networks, a next-generation firewall vendor that promises to
help companies build enforceable security policies by tracking and controlling
application access across the enterprise. However, Palo Alto is far from the only vendor
now using this message: Industry giants such as Symantec, McAfee, and many others
are now using the term "security enablement" broadly in their road maps and product
literature.
What's important about the buzzword is that it reflects a shift in strategy
around IT security. Rather than building perimeters and shoring up defenses, security
departments are now consciously looking for ways that they can give employees
access to more data from more places, without creating additional risk. This shift in
attitude affects everything from security architecture to mobile and remote access, and
may help security managers break down the wall between IT security goals and overall
business goals.
At least, that's the idea we saw in 2008. We'll have to wait until 2009 --
or beyond -- to see whether it has legs.
Obama
The final word that was on everybody's lips -- and everybody's keyboard
-- in 2008 was Barack Obama. (OK, that's two words. Sue us.) The upstart presidential
candidate swept offices and Websites into a storm of discussion throughout the year,
ultimately climaxing in his November victory.
Much of the security discussion focused on the integrity of candidates'
Websites, the rapid rise of spam, phishing, and malware attacks linked to election
news and events, and the vulnerabilities surrounding electronic voting machines.
Obama's rivals, John McCain and Sarah Palin, both suffered hacking incidents.
Now that the elections are over, however, many security experts are
asking more weighty questions about Obama's presidency. A blue-ribbon panel has
already made recommendations on what the new president should do about key
cybersecurity issues. Further questions about new cabinet posts, including a CTO and
Page 83 of 94
cybersecurity czar, also show a growing interest in the new president's initiatives on
cyberwarfare, e-commerce security, personal data protection, and user privacy.
And whether you're Barack Obama or the average IT security manager,
it's clear that 2009 will be at least as eventful as 2008.
New 'Stealth' Technology Secures Data On Shared Networks
Unisys combines encryption and bit-splitting to keep data all in the workgroup
By Tim Wilson, DarkReading

Nov. 18, 2008
The problem seems simple: How can data be transmitted over a large,
shared network, yet restricted so that only a small group of individuals on the network
can read it?
The possible answers, as most security professionals will tell you, are
anything but simple.
Unisys today took a crack at this complex problem with the introduction
of Stealth Solution for Network, a patented method of encrypting and "bit-splitting"
data into smaller pieces while encrypting them again.
The idea behind Stealth is to allow organizations to restrict the exchange
of sensitive data to a fixed group of individuals who have the keys to encrypt and
decrypt it --without forcing them to use a discrete network. Stealth can be used on an
enterprise network to prevent other groups in the organization from viewing data, or it
can be used over virtual networks or the Internet to help protect sensitive data from
being accessed by outsiders, Unisys says.
Stealth can also be used to keep users from straying outside their secure
communities, Unisys states. By assigning a digital workgroup key to each community
of interest, Stealth can ensure that users cannot access data outside of their assigned
communities, the company says. "Stealth delivers the right information to the right
people at the right time," says Ted Davies, president of Unisys Federal Systems. "Our
government clients have been asking for a security solution like this for years. With
Stealth, we can help them to simplify their networks without sacrificing security, while
delivering significant cost savings."
Initially, the Stealth technology is being targeted at defense and other
government environments, but Unisys says it expects its new approach to catch on in
commercial environments, where retailers, financial institutions, and healthcare
providers are seeking to build "trusted networks" that allow the exchange of data with
less fear of attack by hackers or identity thieves.
Stealth, which was developed in a partnership with security vendor
Security First, has been in development and testing for more than four years, Unisys
says. It encrypts data, "bit-splits" that data into multiple packets as it moves through
the network, and then reassembles the information packets for delivery to authorized
users. These packets are proved secure through the use of certified encryption and
unique bit-level splitting of the encrypted data.
Stealth is a combination of software that resides on users' personal
computers and -- for now -- a Dell 1950 server that manages and provides the
Page 84 of 94
workgroup license keys. Once authorized and granted workgroup keys, users create
peer-to-peer encrypted tunnels vis available networks to share information, Unisys
says.
Unisys isn't giving details on Stealth products or prices yet, but the
company plans a broad rollout next year. The new line will also include Stealth Solution
for Storage Area Networks (SAN), which will extend the encryption and bit-splitting
concept to the SAN environment.
How Companies Can Use IT Security To Protect Against Insider

Attacks
Tough economic times present increased motivation for cybercrime. Experts from
Gotham Digital Science share tactics that companies can use to protect against
security attacks executed by disgruntled or former employees
By Gotham Digital Science , DarkReading

Dec. 11, 2008
New York, NY, December 11, 2008 - Companies are vulnerable to IT

attacks from criminals and competitors during the best economic climate and face
increased risk when times are hard. According to Gotham Digital Science, an
information security consulting firm that works with clients to identify, prevent, and
manage security risks, the current downturn puts organizations at increased risk for
attacks not only from anonymous criminals but from disgruntled or former employees.
"Desperate times sometimes call for desperate measures. In an
economic downturn, IT workers can be tempted to utilize their knowledge of an
employer," said Matt Bartoldus, Director with Gotham Digital Science in London. "A
disgruntled or laid off employee can be motivated by revenge or financial necessity to
steal and/or sell data or cause work disruptions, and has familiarity that can be
devastating to an organization."
Gotham Digital Science, which helps clients assess risk in order to
protect against and prevent cyber attacks that can lead to loss of money, intellectual
property, customer information, and reputation, recommends a number of actions a
company can take to thwart attacks.
Manage Access: A disgruntled employee with knowledge of sensitive
information can wreck havoc in minutes. Manage all the users on your network from a
single source such as Windows Active Directory. This will enable you to both disable
access to confidential information if an employee leaves or is laid off as well as to
easily perform a routine audit to ensure that only authorized users are accessing the
network.
Protect your Data: Sensitive business information is often accessible to a
wide range of employees, all of whom have the potential to copy and steal valuable
information such as customer data, intellectual property, and financial information.
Databases and shared network files (spreadsheets, word documents, reports
containing charts and tables) often contain confidential information. Distribute
sensitive data on a need to know basis and review network file storage to ensure
access is limited to those who need it. Systems should be regularly reviewed and any
Page 85 of 94
unnecessary or outdated files should be removed. For highly confidential information,

limit document printing and the use of cell phones with cameras.
Restrict Data Transmission: In addition to limiting access to information,
manage the methods through which data can leave the premises. Limit internet
services to necessary sites, restrict use of unauthorized websites to prevent access to
personal sites, and disable removable media to prevent sensitive date from being
copied onto USB thumb drives or mobile phones. The same policy should be applied to
CD/DVD writers to pre-empt the chance of sensitive information walking out the door.
Think like an IT security specialist: IT staff, developers and system
administrators have knowledge of and access to the systems that run your company.
Make sure to change passwords and remove access whenever one of these employees
leaves, and run a scan to check for "backdoors" that allow undetected remote network
access and other malicious programs that can cause damage.
Keep Track of Information: Should a security breach occur, identifying

the source will help understand the scope of the problem and solve it more quickly.
Archiving emails and phone records, saving deleted emails, and recording and logging
phone calls will enable you to trace the origin.
"In reality, these are things that companies should be doing regardless
of the economic climate," said Brian Holyfield, a Director with Gotham Digital Science
in New York. "But they become even more critical during a downturn. With these small
steps, companies can protect themselves against a wide range of possible threats."
Notes to Editors
* Earlier this month IBM's ISS X-Force research team identified a 30%
increase in network and web-based security events over the last 120 days, with the
total number rising from 1.8 billion to more than 2.5 billion worldwide per day,
according to data pulled from its managed security services client base of
approximately 3700 clients worldwide.
* According to another December study, "The Global Recession and its
Effect on Work Ethics", by IT security data experts Cyber-Ark Software, more than half
of 600 surveyed office workers from New York's Wall Street, London's Docklands and
Amsterdam, Holland, have already downloaded competitive corporate data and plan to
use the information as a negotiating tool to secure their next post.
* According to the Ponemon Institute's "2007 Annual Study, The Cost of
a Data Breach," the average total cost per data breach is more than $6.3 million to a
US company.
* According to new research from IT services company Vistorm, UK
companies claim to understand the security challenges their businesses face and the
consequences of non-compliance, yet only 48% do anything about it. Of 100 UK
businesses surveyed, 79% of companies knew which of their assets were business-
critical and 91% understood the consequences of non-compliance. It also found that
43% of companies have inadequate security controls in place for protecting mobile
data.
About Gotham Digital Science
Gotham Digital Science (GDS) is an information security consulting firm

that works with clients to identify, prevent, and manage security risks. GDS specializes
in security testing, software security, and risk management and compliance. GDS
Page 86 of 94
develops tools that solve specific security issues and offers a number of security
training programs for IT professionals. With offices in New York and London, Gotham
Digital Science can seamlessly assist clients on both sides of the Atlantic. For more
information, visit our website at www.gdssecurity.com.
The 2009 Security Tsunami
By Rob Enderle, DarkReading

Dec 19, 2008
URL: http://www.darkreading.com/blog/archives/2008/12/the_2009_securi.html
Many in the United States think the party in power has sacrificed too
much privacy and liberty in order to address security concerns, particularly in regard to
terrorism. The incoming administration is likely to undo a lot of this, but, at the same
time, a massive number of very upset people with and without tech skills are going to
find themselves jobless.
Unfortunately, some of these people will make up for their income gap
by engaging in illegal activities. This suggests security exposures are likely to spike in
2009 and that initial cuts in security spending both for the public and private sectors
may have to be reversed around midyear.
2009: The Scary Year Ahead
We've already had laid-off workers take over a plant and several
instances where others have shot their co-workers and managers -- the most recent at
a company Christmas party in Canada. Violent responses to large-scale downsizings
are likely to increase dramatically in 2009 as waves of layoffs cast people into a
market with nothing to offer. With a down stock market effectively eliminating their
financial reserves, many will be extremely angry.
In the past, laid-off employees have vandalized their companies, and the expected
large number of IT-trained employees expected to be laid off in 2009 should result in
several instances of cybervandalism. While defacing Web pages probably will be the
most common, there undoubtedly will be several instances of serious and material
damage done to systems by ex-employees who still have access to critical systems.
As mentioned above, theft will increase sharply and range from petty
theft of office supplies, equipment, and personal property to large-scale financial theft,
home and business invasions, and identity theft. Financial desperation generally leads
to some really bad decisions, and a large number of people will make them.
Finally, financial downturns typically lead to a massive increase in
financial scams. Folks in critical need for funds can be more easily tricked, and we will
likely see a mix of both traditional phone-based attacks, phishing attacks, and full-on
cyberfraud unlike anything we have ever seen in a given year.
2009: The Year Of Vigilance
Page 87 of 94
So many of the major security problems we will likely see in 2009 can be
mitigated by just ensuring that employees know what to do, using good layoff
practices, and making sure the company doesn't do anything stupid. A lavish executive
party using corporate jets right after a big layoff would fall into the paint-a-target-on-
my-back-stupid category, for instance.
With regard to vigilance, employees should be asked to keep their eyes
open and report suspicious activities. People who are very upset are seldom very
careful, and often their behavior can be noted with enough time to evacuate a building,
call the authorities, or at least lock a door. If an employee hears another make violent
threats, that person should be encouraged to report it; an anonymous method for
doing so would be advised.
In anticipation of layoffs, practices to remove IT access at termination
and the overall security process during a layoff should be reviewed. Many companies
haven't done big layoffs in a while, and those that learn by doing will likely find the
experience both excessively expensive and unacceptably dangerous. It would be wise
to do security audits and tests to ensure that the company is prepared for what will
likely happen in 2009. Firms like RSA, which has already been engaged in countering
attacks in the financial community, could become invaluable in preparing for some of
these issues.
However, I still recommend that employees be brought in as part of the solution. If

they know what to do, particularly in the face of a violent event, much of the damage
can be mitigated and possibly even avoided. Done right, employees are forced to think
of the repercussions. Sometimes that is enough to keep the employee from doing
something unfortunate.
Wrapping Up
We are forewarned that 2009 will be filled with employee issues and that
already many are drifting toward violence. Not being prepared for this eventuality will,
in hindsight, look negligent, and I know the law firms, which are also under financial
pressure, are setting up for a heavy litigation year. Do the work to ensure that your
company, your employees, and you are safe, and it will pay high dividends next year
by keeping you and your firm out of the headlines.
Page 88 of 94
BOOKS ON SECURITY
A. Internet Privacy
1. Internet and Online Privacy: A Legal and Business Guide

Author: Andrew Frackman, Claudia Ray Published By: Alm Publishing Trade Paperback
ISBN:097059707X Published: May 2002
2.Computer and Internet Use on Campus: A Legal Guide to Issues of Intellectual Property,
Free Speech, and Privacy
Author: Constance Hawke, Constance S Hawke Trade Paperback
ISBN:0787955167 Published: October 2000
3.Complete Guide to E-Security: Protect your Privacy on the internet

Author: Michael Chesbro Published By: Citadel Press Trade Paperback
ISBN:0806522798
4.Internet Privacy For Dummies
Author: John Levine, John R. Levine, Levine Published By: Hungry Minds Trade Paperback
ISBN:0764508466 Published: July 2002
5.The Complete Idiot's Guide to Internet Privacy and Security

Author: Preston Gralla Published By: Alpha Books Trade Paperback
ISBN:0028643216 Published: January 2002
6.The Hundredth Window: Protecting Your Privacy and Security in the Age of the Internet
Author: Charles Jennings, Lori Fena Published By: Free Press Hardcover
ISBN:068483944X
Published: April 2000
7.I Love The Internet, But I Want My Privacy, Too!

Author: Debbie Olsen Published By: Prima Publishing Trade Paperback
ISBN:0761514368 Published: August 1998
8.Privacy & Rights to the Visual: The Internet Debate

Author: Jacques N. Catudal Published By: Rowman & Littlefield, Publishers, Incorporated
Trade Paperback
9.Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet
Author: Robert Ellis Smith Published By: Privacy Journal Trade Paperback
ISBN:0930072146 Published: June 2000
10.The E-Privacy Imperative: Protect Your Customers' Internet Privacy and Ensure Your
Company's Survival in the Electronic Age
Author: James Breithaupt, Mark S. Merkow Published By: Amacom Trade Paperback
Page 89 of 94
ISBN:0814406289 Published: May 2001

Hardcover
12.Internet Privacy Kit

Author: Marcus Golcalves Published By: Que Hardcover ISBN:0789712342 Published:
January 1997
13.Protect Your Privacy on the Internet
Author: Bryan Pfaffenberger Published By: John Wiley & Sons, Canada Paper Text
ISBN:0471181439 Published: April 1997
B. Privacy Law
1. In Pursuit of Privacy: Law, Ethics, & the Rise of Technology

Author: Judith W. DeCew Published By: Cornell University Press Trade Paperback
2.Confidentiality & Privacy in Social Work: A Guide to the Law for Practitioners & Students
Author: Donald J. Dickson Published By: Free Press Hardcover
3.Privacy and Employment Law

Author: John, D.R. Craig Published By: Hart Publishing Hardcover
ISBN:1841130591 Published: December 1999
4.Philosophical Law: Authority, Equality, Adjudication, Privacy
Edited By: Richard Bronaugh Published By: Greenwood Publishing Group, Incorporated
Hardcover
5.The Law of Privacy Explained

Author: Robert E. Smith Published By: Privacy Journal Trade Paperback
6.Make It Legal: Copyright, Trademark, & Libel Law: Privacy & Publicity Rights
Author: Lee Wilson Published By: McGraw-Hill Ryerson, Limited Trade Paperback
7.Privacy, Law & Public Policy
Author: David M. O'Brien Published By: Greenwood Publishing Group, Incorporated
Hardcover ISBN:0275904032 Published: January 1979
Page 90 of 94
8.Surveillance, Privacy, and the Law

Author: John Gilliom Published By: University Of Michigan Press Hardcover
9.Surveillance, Privacy, and the Law

Author: John Gilliom Published By: University Of Michigan Press Trade Paperback
ISBN:047208416X Published: July 1996
10.Privacy & Loyalty: In the Law of Obligations
Edited By: Peter Birks Published By: Oxford University Press Hardcover
ISBN:019876488X Published: January 1997
11.Personal Information: Privacy & the Law

Author: Raymond I. Wacks Published By: Oxford University Press Trade Paperback
C. Internet Identity Theft
1. Internet and Online Privacy: A Legal and Business Guide

Author: Andrew Frackman, Claudia Ray Published By: Alm Publishing Trade Paperback
ISBN:097059707X Published: May 2002
2.Computer and Internet Use on Campus: A Legal Guide to Issues of Intellectual Property,
Free Speech, and Privacy
Author: Constance Hawke, Constance S Hawke Trade Paperback
3.Complete Guide to E-Security: Protect your Privacy on the internet

Author: Michael Chesbro Published By: Citadel Press Trade Paperback
ISBN:0806522798 Published: November 2001
4.Internet Privacy For Dummies
Author: John Levine, John R. Levine, Levine Published By: Hungry Minds Trade Paperback
5.The Complete Idiot's Guide to Internet Privacy and Security

Author: Preston Gralla Published By: Alpha Books Trade Paperback
6.The Hundredth Window: Protecting Your Privacy and Security in the Age of the Internet
Author: Charles Jennings, Lori Fena Published By: Free Press Hardcover
ISBN:068483944X Published: April 2000
Page 91 of 94
7.I Love The Internet, But I Want My Privacy, Too!

Author: Debbie Olsen Published By: Prima Publishing Trade Paperback
ISBN:0761514368 Published: August 1998

Trade Paperback
9.Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet
Author: Robert Ellis Smith Published By: Privacy Journal Trade Paperback
10.The E-Privacy Imperative: Protect Your Customers' Internet Privacy and Ensure Your
Company's Survival in the Electronic Age
Author: James Breithaupt, Mark S. Merkow Published By: Amacom Trade Paperback

Hardcover
12. Internet Privacy Kit
Author: Marcus Golcalves Published By: Que Hardcover
13.Protect Your Privacy on the Internet

Author: Bryan Pfaffenberger Published By: John Wiley & Sons, Canada Paper Text
ISBN:0471181439
D. Firewalls
1.Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and
Intrusion Detection Systems: The Definitive Guide to Firewalls, Virtual Private Networks
Author: Scott Winters Published By: Sams Trade Paperback
2.Red Hat Linux Firewalls

Author: Bill McCarty, McCarty Published By: Wiley Trade Paperback
ISBN:0764524631 Published: November 2002
3.Firewalls: The Complete Reference

Author: Gary Rollie, Keith Strassberg, Richard Gondek Published By: Osborne Trade
Paperback
Page 92 of 94
4.Computer Security Policies & Sunscreen Firewalls

Author: Kathryn M. Walker Published By: Prentice-Hall Canada, Incorporated Paper Text
5.Firewalls 24seven
Author: Matthew Strebe Published By: Sybex Trade Paperback
ISBN:0782140548 Published: March 2002
6.Linux Firewalls
Author: Robert Ziegler Published By: Sams Trade Paperback
7.Cisco Security Spcialist's Guide to PIX Firewalls
Author: Callisma Published By: Syngress Trade Paperback
8.Configuring Isa Server 2000: Building Firewalls For Windows 2000

Author: Thomas Shinder Published By: Syngress Book & CD-Rom
9.Personal Firewalls for Administrators and Remote Users

Author: Lisa Yeo Published By: Prentice Hall PTR Trade Paperback
10. Protecting Your Web Sites with Firewalls
Author: Marcus Gon Calves Published By: Prentice-Hall Canada, Incorporated Hardcover
11.Guia Avanzada Firewalls Linux

Author: Robert Ziegler Published By: Prentice Hall PTR Book & CD-Rom
ISBN:8420529494 Published: September 2001
12.Absolute Beginner's Guide to Personal Firewalls

Author: Jerry Ford Published By: Que Trade Paperback
13.Building Internet Firewalls
Author: Elizabeth D Zwicky Published By: O'Reilly & Associates Trade Paperback
ISBN:1565921240 Published: September 1995
14.Firewalls and Internet Security: Repelling The Wily Hacker

Author: William Cheswick Published By: Addison Wesley Professional Trade Paperback
Page 93 of 94
15.Firewalls For Dummies

Author: Brian Komar, Joern Wettern, Ronald Beekelaar Published By: For Dummies Trade
Paperback
16.Internet Security and Firewalls
Author: NIIT, Inc. Published By: Premier Press Trade Paperback
17.Building Internet Firewalls

Author: Elizabeth Zwicky Published By: O'Reilly & Associates Trade Paperback
18.Cisco Secure PIX Firewalls

Author: David Chapman Published By: Cisco Press Hardcover
19. Firewalls & Internet Security

Author: William Cheswick, William R. Cheswick Published By: Addison Wesley Professional
Paper Text
ISBN:020163466X Published: December 2004
20.Checkpoint Firewalls Administration Guide
Author: Marcus Goncalves Published By: McGraw-Hill Ryerson, Limited Trade Paperback
ISBN:007134229X Published: November 1999
Page 94 of 94

Internet Security and Privacy - Inside, p.94

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Internet Security and Privacy - Inside, p.94

Transféré par

Droits d'auteur :

Formats disponibles

Personal Privacy in the Digital Age

Personal Information and Technology

Computers are, above all, representational machines—they manipulate

As a person goes through the day, therefore, representations of his or

Privacy Violations and Crime

The large amount of personal data floating around in society today

A new level of concern over abuse of informational technology has

Fear of “Big Brother”

Threats to privacy can also arise from abuse of personal information by

Potential solutions to the loss of informational privacy can be grouped

government has allowed private companies to regulate themselves. In the area of

About the author: Philip E. Agre is an associate professor of information studies at

Source: Encarta Yearbook, December 1998.

Privacy in the Digital Age: Work in Progress

Jerry Berman & Deirdre Mulligan

The Internet is at once a new communications medium and a new locus

type of constitution do we want? Will it be pluralistic and democratic? Will it

II. WHAT MAKES THE INTERNET DIFFERENT?

If we are to design systems that protect privacy on the Internet--a

A. Increased Data Creation and Collection

The Internet accelerates the trend toward increased information

B. The Globalization of Information and Communications

On the Internet, information and communications flow unimpeded across

C. Lack of Centralized Control Mechanisms

While developing appropriate domestic policy may be sufficient in a

In addition to the difficulty of enforcing rules, governments around the

III. WHAT DO WE MEAN BY PRIVACY? AND HOW IS IT BEING ERODED?

Privacy means many things to many people and different things in

A. The Expectation of Anonymity

Imagine walking through a mall where every store, unbeknownst to you,

B. The Expectation of Fairness and Control Over Personal

When individuals provide information to a doctor, a merchant, or a bank,

There are multiple examples of companies using and disclosing personal

C. The Expectation of Confidentiality

When individuals send an e-mail message, they expect that it will be

IV. WHERE DO WE GO FROM HERE?

A. Maintain a Consistent Level of Privacy Protection for Communications and

Increasingly, our most important records are not "papers" in our

B. Raise the Legal Protections Afforded to Transactional Data When it is

Where information is needed, we must ensure that it is protected from

of personal patterns of association. For example, addressing information was no longer

C. Encourage Technologies that Limit the Collection of Personally Identifiable

The ability to engage in cash-like transactions in the online environment

D. Establish Rules and Implement Technologies That Give Individuals Control

We must adopt enforceable standards, both self-regulatory and

E. Create a Privacy Protection Entity to Provide Expertise and Institutional

F. We Must Question Our Tendency to Rely on Government as the Central and

In the decentralized and global environment of the Internet, the law's

No doubt, privacy on the Internet is in a fragile state, however, there is

CERT® Coordination Center

Home Network Security

Appendix: References and additional information

Document Revision History

Computer security is the process of preventing and detecting

B. Why should I care about computer security?

We use computers for everything from banking and investing to

C. Who would want to break into my computer at home?

Intruders (also referred to as hackers, attackers, or crackers) may not

Intruders may be able to watch all your actions on the computer, or

D. How easy is it to break into my computer?

Unfortunately, intruders are always discovering new vulnerabilities

This section provides a basic introduction to the technologies that underlie