Security, Privacy Issues Ride Info Highway
PITTSBURGH — AS it prepares to build a national information network open to all its citizens, the United States is heading into a hornet's nest of security and privacy issues.
These problems are only dimly perceived by the general public and businesses right now. But that could change rapidly if the Clinton administration botches security and privacy measures in its proposed National Information Infrastructure (NII) or information superhighway, as it is commonly called
``If the NII is not designed with privacy protections built in, it's not going to get them,'' says David Banisar, policy analyst for Computer Professionals for Social Responsibility. ``This isn't the kind of thing you can slap on afterward.''
If privacy and security are overlooked, warns Michel Kabay, director of education for the National Computer Security Association (NCSA) in Carlisle, Pa., ``we will have a period of great enthusiasm followed, I think, by social revulsion, which I think will greatly harm the free flow of information.''
The greatest strength of the NII is also its greatest weakness. It will transmit information electronically, which makes life simpler, but electronic data are subject to abuse.
``The more our society moves to an information economy, the more security inherently becomes an issue,'' says Ted Phillips, telecommunications security specialist at Booz Allen & Hamilton Inc., a consulting company.
E-mail like a postcard
Says Mr. Banisar: ``If you send E-mail from one person to another, it's like sending a typed postcard. Anybody can read it along the way.''
Security and privacy cover a broad range of issues. Some of these are obvious problems, such as losses from credit-card fraud and breaches of corporate security. When Ernst & Young surveyed 819 companies last fall, it found that more than 1 in 4 had suffered financial losses from security breakdowns.
But other issues are more subtle. For example, should access to the digital world be limited? ``There are people who feel very strongly about what others should be allowed to read,'' Mr. Kabay says. ``So what are they going to think when an eight-year-old logs onto the transsexual discussion group?''
A related question: Should users be held accountable for what they load onto the system? A few years ago, a hacker put on the Internet - a prototype of the NII - directions on how to build a bomb from household materials. Last month, two Canadian boys were severely injured as they used those directions to build a bomb.
The hacker claims that the directions were already published in other places, Kabay says. But Kabay points out that had the two boys checked such a magazine out of the library, the librarian may have been in a position to ask questions. Another complication of the electronic world: Once the directions were published on the Internet, the hacker couldn't have retracted them even if he wanted to. Electronic files are readily copied and distributed.
``We're going to have to integrate the Internet with our moral universe,'' Kabay says.
The information superhighway also poses a huge challenge to individual privacy. Already, electronic transactions give businesses some important knowledge about individuals. Con- sumers today can pay cash, Banisar says, but ``on this information superhighway, that trail is going to be following you everywhere: every show that you watch, the persons whom you communicate with.''
Many lack concern
Individuals and businesses appear woefully uninformed about this aspect of the information age. In the Ernst & Young study, almost as many businesses pooh-poohed security as reported losses. ``The thing that dismayed me the most ... is that almost a quarter of the respondents didn't think information security was important,'' says Daniel White, the company's national director of information security.
``Security has not been talked about, has not been recognized,'' says Sanford Sherizen, president of a Natick, Mass., computer-security consulting firm. Businesses may catch on faster than individuals, he says, because the Justice Department is proposing that senior executives would be liable for computer crime at their corporations.
There are some encouraging signs that public ignorance won't last. After a long campaign against illegal copying of computer programs, the Software Publishers Association has seen software piracy decline in the US. The Clinton administration has won high marks for at least raising some of these issues. The US Commerce Department has asked the NCSA to host a meeting of security officials later this month to address such problems.
And BellSouth Telecommunications Inc. is trying to educate youngsters that the rules against stealing someone else's work or reading their mail also hold true for electronic data. The company is sending a video and instructional materials to some 7,500 public and private middle schools in its nine-state service area.