Businesses Seek Simple Standard for Internet Privacy
PITTSBURGH — Ask consumers to buy something on the Internet and their palms get sweaty.
''You mean, like, typing in your credit-card number?'' asks Bill Cameron, a drama professor in Washington, Pa. ''I'd be nervous about it.''
That's why businesses are working hard to develop a set of standards that will make on-line commerce at least as secure as other industries. ''People are going to move to solve their business problems,'' says Jill Leukhardt, senior vice president of Information Resource Engineering Inc., a Baltimore-based electronic-security company.
The current problem with the Internet is not that there are too few security options. There are too many. It's like having to get a new credit card every time you go to a new store.
Security companies are pitching all kinds of methods to make digital commerce thief-proof. Some rely on encryption, a mathematical system of scrambling data. Others use a hybrid of computer and telephone communication to transmit the most sensitive data. Until on-line merchants agree to use one or two methods of security - and they are as easy to use as placing a phone order today with a credit card - on-line commerce can't flourish, security experts say.
Earlier this year, the Internet community took a significant step by agreeing to back two encryption protocols that had been competing against one another. ''The foundation is there,'' says Kurt Stammberger, director of technology marketing for RSA Data Security Inc., a Redwood City, Calif., encryption firm. ''Now, more sophisticated features are coming.''
Among the unresolved issues is how to verify someone's identity on-line. On today's Internet, it's impossible to tell if people really are who they say they are. Companies will have to figure out what kind of electronic ID to issue (Cyberspace passports? Info-highway licenses?) and who will issue it.
Then there's the question of how consumers will apply security measures on their personal computers. Will they use software, such as the popular ''browsers'' that display the Internet's graphical World Wide Web? Or will they need special hardware? Many security experts argue that hardware is more secure. They suggest consumers may move to ''smart cards,'' which look and work like credit cards except that they include a security-enhancing computer chip.
Of course, consumers would have to buy this extra hardware and install it on their computers. The price of such technology is falling. Two years ago, such a system cost the consumer $800, says Ms. Leukhardt. Today, the price is down to $200 to $300. ''The next generation of this will move that [price] from $200 to $300 into the consumer range,'' she says.
''If there is a standard encryption code, it would be very simple for us to layer it'' on top of the current system, says Beverly Parenti, the company's director of consumer marketing. But ''it's got to be simple and until there is a simple solution, I don't think it's going to blossom.''