dan farmer
EarthLink Network
zen@fish.com
Many people think of computer security as something arcane and complex, that has little or nothing to do with their own lives. Even for those who use a computers heavily, having a good computer password (if even that) is seen as the pinnacle of personal security consciousness and responsibility for the masses. That could be argued as true in today's society; over the next twenty years however, there will be significant differences in how we interact with and depend on computers. These changes will transform both our reliance on as well as our understanding of computer security; even those who don't directly use computers (a vanishing minority in the United States) will be profoundly affected.
To further understand this, recall the adage "a chain is as strong as its weakest link" - a phrase that could could serve as the official mantra of computer security. For if your computer is part of an computer network and can be compromised or harmed, it will have adverse effects on the security of the network as a whole. Never before have users been a more integral part of a network's security, and they will continue to rise in full importance.
The whole concept of computers and computer networks is steadily morphing from mechanical devices for email, word processing, and spreadsheets to a creature that is becoming more entrenched in every aspect of our lives. But don't think that it's simply an individual's own life becoming more entangled with the online realm; instead we must realize that they are becoming increasingly enmeshed with work, friends, and family. Computers and computer networks are popping up everywhere, and unless their security substantially improves or is understood more thoroughly, problems that happen to your computers can have direct and negative impact on nearly every facet of your life.
The past should be altered by the present as much as the present is directed by the past.
- T. S. Eliot
Years go by in the blink of an eye; this essay is an attempt to look back at the next twenty years. What will computing and computer security look like then? What are some of the main issues, and how will they be resolved?
Making predictions about computers and technology seems to be a favorite pastime of many technical writers, especially before the start of each new year. It is also, undoubtedly, one of the riskiest things that an expert can do. Fortunately, with technology changing faster than the future and memory fading more rapidly than even that, writers can continue to safely predict despite having a worse record than Jeane Dixon.
Of course, this is all predicated on the fact that computers and the Internet will still be relevant 20 years from now - consider steam engines, telegraphs, and other technologies that also changed the world in their time and then ask yourself where they are now. Certainly knowing how to send a message in Morse Code isn't a skill that gets many job offers these days. And while there are some things that are still important a long time after their invention - alphabets and mathematics among other things, for instance - it could be that computers are going the way of the dodo-bird. And this essay will also be what, to some, is appallingly US-centric. There are many reasons for this, but because the United States is one of the most computer saturated major countries in the world, mistakes and lessons learned here will be carefully watched (and, knowing human nature, promptly ignored).
Computer security is a field that depends less on innovation and change from within than as it does on technological advancements in other areas of computing. And unless there are fundamental changes in the technological environment, it seems clear that there will be some rather drastic technological mutations by 2020. And it may not be initially apparent why all these differences matter so much.
Perhaps the most drastic change will be the increase in the number of computers. The penetration will start to reach saturation levels with more and more people using, being exposed to, and relying on computers in more parts of their daily life. The United States Census Bureau reported in 1997 that about half of the United States population used computers that year - obviously the figure is much higher if you include the use of items with computers embedded in them, such as ATM's, microwaves, televisions, and the like. In 20 years this will start to close in on 100 percent. The less affluent may not understand computer security simply because it doesn't impact their lives so directly; few of the poor own computers, nor has our social infrastructure yet been fully computerized.
Increased processing power, connectivity, bandwidth, and wireless communications will further swamp the proletariats with technological gadgets and toys. Devices will not only talk to each other, but they'll do so at high speed and often without any physical wires connecting them. Your coffee maker, car, and communication devices might not be the same device, but they'll all be able to discuss electronic matters among each other. Having a hot cup of java when you get home after a cold drive might be desirable. And this means that we all will be much more closely tied to your friends, neighbors... and enemies.
The complexity of both hardware and software will skyrocket. Feature upon (useless) feature will be crammed into your portable phone, camera, and personal computer. As a matter of fact, all of those and more will be compacted into a single device. Even today, digital cameras can play video games, call modems and fax machines, and are build with almost as much CPU power as the original Cray supercomputer. Computers will be ultra personalized, having a greater idea of who you are and will be able to adapt to your usage patterns and behavior very quickly.
One of the least pleasant changes will be in advertising. The deluge of advertising will continue and become more and more focused, with "personalized" attention directed at individual consumers. You might not think advertising has much to do with technology and security, but if there was one thing that people might choose to protect themselves from (protection, of course, being one of the primary goals of security), unwanted advances from advertisers might be it. Will multimedia spam dominate the world (or the world's bandwidth) in 2020?
But by far the most important change with respect to computer security is that the social and economic structures will be placed further and further online. The things we take for granted in the physical world - banks, government, schools, friends, family, etc. - will be moving deeper and deeper into the electronic realm.
We'd like to know a little bit about you for our files....
- Paul Simon
There is a movement to further enmesh our lives into a digital infrastructure, and an additional push to gather all of the various infrastructures into a single, unified network. So many facets of who we are in a social context are already on computers that the issue where - not whether - to stop the integration of this information that will become the main question, not if it will be done.
When I say everything is on computers already, consider all the medical and psychological records, police, employment and federal records that exist recording where you work, live, who you call, email, and send physical mail to, where you go online, your credit and financial records, etc., etc., etc. Eventually the more interesting question to consider is what information is not stored on a computer. Even mirrors of our physical nature, such as fingerprints, retinal scans, facial pictures, and other digital doppelgangers of our corporeal splendor are stored on computers. In recent years it has become commonplace to store your authority online as well - your power to approve transactions, purchases, and other trappings of power in a construct called a digital signature. Only your unexpressed internal thoughts and feelings are not on computers - and that may change as well.
You will be kept online, for all intents and purposes.
But as you can see, you don't have to own a computer to be affected by computer security - none of this information is necessarily stored on your own computer, but they certainly concern a great deal of your external life - in significant part they define who you are to others. Understanding this paradigm is the key to our society coming to understand computer security.
However, with the hardware revolution feeding the influx of personal Internet access devices such as home computers, palm pilots, cell phones, and automobiles, people are demanding not only the Internet-on-tap but expect their personal contact information, scheduling, work, and other important slices of life to be accessible by computer. This rise in the number of access points will have a tremendous impact on the amount of data stored centrally - people want to use computers, not worry about synchronization, organization, maintenance, storage, dissemination, integration, and backups.
Software is also a natural candidate for centralization - the memory capacity of client computers as well as the speed of the network have not been sufficient for transferring large software but this is changing rapidly. With bandwidth speed and memory rapidly increasing (even more so than the size of bloated software) the software and content will surely be kept on networks rather than individual devices.
The WWW in particular is an impressively easy medium into which large amounts of information can be tossed for easy retrieval. Web sites have been recently pushing software, email, calendar, and database access for both individuals and organizations - this can only become more widespread and important as time goes on.
Indeed, if security and privacy concerns were non-existent we'd already have all this information online. And as the hype and mystique - as well as the true functionality - of computing grows, the warnings of security doom-sayers will continue to be brushed aside as more and more information flows online. To think that all this personal data won't be online is naive.
The question then becomes - you guessed it - how to keep all of this secure. Unfortunately, access and ease of use are not the hallmarks of computer security. As operating systems continue to become more complex, specialized personal protection methods, like mini-firewalls, virus scanners and the like, should also flourish - all of which will, of course, be disseminated from central locations.
We will never be secure. We will never, ever have computer security.
We can't, because it is a fight against human nature that technology cannot win, and humans are not likely to change.
We will never be secure. Computer security is a fight - essentially tension between the desire for user or personal freedom (so users think) and the fear of a loss of control (or so the people in charge think). Computers, being a vehicle for expression - personal, financial, artistic, etc. - and these same expressions are anathema to computer security. What are usually thought as violations to computer security usually happen outside the computer.
There is a savage paucity of holistic information concerning computer security. How it all got conflated into rather mundane expositions about "secure" web servers and firewalls eludes me. However, since the main thrust of this essay concerns this very topic, I thought I'd give a definition - or, rather, a few definitions of what computer security is. Reduced to its simplest form:
A computer is secure when it performs as expected.
Security aside, it would certainly be wonderful if computers simply did what they were told to do. And at times, it doesn't seem like this is asking all that much. Unfortunately, computers are no more - or less - perfect than anything else in the world, so don't expect any great changes there. Security problems cause instability and uncertainty in a system, and the tension between control and freedom underlies all aspects of security.
The three main problems we try to solve to achieve security are hiding data, ensuring that systems run effectively, and keeping data from being modified or destroyed. In fact you could argue that most of computer security - more so than any other field in computer science - is simply the analysis of imperfection in these areas. Imperfection rather than perfection, because people seem to have a tendency to find what they seek; and (for the secular) finding insecurity (e.g. imperfections), alas, is nearly always more correct than stumbling upon security (e.g. perfection). Obviously computers are indefatigable, not invulnerable.
While some wags will (correctly) emphasize that no computer is 100 percent secure, and view this as an oversimplification that misses some of the more interesting problems and issues, sticking with these three main problems will actually cover most of the issue. Certainly no computer that operates effectively on a network will ever be totally secure, just as no valuable objets d'art or property are completely resistant to physical efforts to undermine their security in the tangible world. When we say something is secure we simply want to make it - secure enough, for lack of a better term. We want systems that insure or maximize predictability.
Much of what security professionals examine and report on are such mundane things as configuration problems, correcting or catching misuse and misunderstandings, and computers that haven't gotten the latest patch or security fix from the vendor. Keep in mind that the more a computer is used and the older it is the less secure it generally becomes. For consistency is the key to security, and when a computer is used things change. And with the proliferation of information about how to break into computers continuing to rise, older computers and programs are often simply turned into road kill.
When examining the technical aspects of network transactions, we are typically concerned with examining two facets of a system to determine whether or not it is secure. The first is the security of the endpoints - e.g. who sent data and who received it - and the second concerns the the actual transmission of the information. If both of these are secure then we are in luck. However, both aspects must be secure in order for this to be true. If you send your credit card over the most secret and private of channels but the vendor keeps the card numbers on their web site for anyone to see, then you've got trouble. Similarly, it would be pretty foolish for a system to keep your data in either a physical or electronic vault, but would still allow anyone to observe the network traffic as it is being sent.
These, among other problems, mean it is pointless to look at any single solution to answer all our security needs. There is no silver bullet that will definitively and comprehensively terminate all of our security problems, nor will there ever be.
There is a saying in my field - "computer security through obscurity doesn't work." This refers to the fact that it is quite difficult to engineer a really secure system without external analysis and peer revue - electronic streets are strewn with the virtual bodies of poorly constructed security systems that were designed by amateurs as well as professionals who should know better. Most security systems fall apart with even a cursory examination of their mechanisms; some take longer to discover weaknesses in, but it is rare when a system can really stand up to close scrutiny without significant security flaws being discovered. As a result people think that by hiding the internal design they can prevent others from compromising the system.
Secrecy is an outstanding way of adding security to a well-designed system. Best of all it's free - you simply don't tell people how it works. Unfortunately it does little to stop someone from compromising most systems, it simply slows them down a little while giving an illusion of security to the people running it. Having no peer review or public critique is the best way to fool yourself into thinking that your system is well-designed. It isn't. Mostly it is a question of time and resources to crack a system - the lack of details of a design does make it more difficult to scrutinize it, but usually only in a cursory manner.
Every - and I mean every - popular security system (such as those designed by Microsoft, Netscape, Cisco, etc.) that has been used in the last few years has had serious security flaws discovered in it, and most have had several. The ones that have an open design - and, best of all, open source code (e.g. the real guts) - are typically the best because major flaws are quickly discovered, published, and fixed. The others limp along until someone takes the time to examine them. The truth is that there aren't that many things that are that interesting out there, and even less reward for the effort. The latter, of course, is changing. Given this, if you have the key to bypassing a system that leads to lucrative rewards there is little incentive to informing the vendor or others of the problem in order to get it fixed.
Despite this it seems to me inevitable that there will be a significant rise in secrecy - all the major commercial vendors and government systems use it in one form or another; this will continue to rise, to all of our detriment. People just don't comprehend that secrecy only really helps when a system is already secure. It can significantly cause harm elsewhere.
But all this is only the tip of the proverbial iceberg. Unfortunately for the geeks, securing data is primarily not a technical problem - the real downfall of security is people. You, me, and complacency, sloth, greed, pride, envy....
Human nature. We're fighting human nature.
Forty thousand headmen couldn't make me change my mind
If I had to take the choice between the deaf man and the blind
- Steve Winwood/Jim Capaldi/Traffic
Since we can't fix human nature I'll now talk a bit about the security of software - all things that run on a computer are programs, even the operating system (such as Windows 2000, Linux, etc.)
A computer program is composed of long lists of individual commands (called programming instructions or code) that tell the computer what to do. There are inevitably mistakes - or bugs - present; indeed, it is safe to say that virtually every program of any size or functionality has bugs (and almost always many). Because the programs are so large, though, they can still operate at a very high level of functionality. This is analogous to a printed book: while misspellings, problems in grammar, and other mistakes might make a work less readable, it is still able to convey its message. Computer programs don't typically self-destruct when they encounter problems, they simply don't work as well, and users, in turn, simply find ways to work around them ("don't hit that button when printing or the program will crash", etc.)
It is hard enough to write a good program when it stands alone in a corner, mumbling to itself. When you add in complex interactions with other factors and environments, such as communicating with other programs and networks, receiving email and news, and having contact with the WWW, as well as talking to programs and protocols that didn't even exist when it was written, it is remarkable that any programs work at all (admittedly, some don't.)
Computers are becoming more complex and sophisticated with every new release of hardware and software. Windows 2000 is rumored to have over forty million lines of programming code in the kernel alone (the most critical and sensitive part of the operating system that usually controls such things as the disks, memory, network, and other important aspects of a computer) - this is roughly equivalent to writing not simply a single novel, but rather an entire bookcase full of programming instructions. It will probably be the most insecure network operating system ever created - not because of any lack of skill that the Microsoft designers and programmers have (some two thousand or so of them on this single project), but because of the overwhelming volume of the program.
The best programmer I know (in terms of quality and security of code produced) reports about one bug per thousand lines of code for small to medium sized projects, a really amazingly low rate. Although this is a hard number to measure, all significant projects probably have at least as many errors. Even if Microsoft hired an army of programmers like my friend, there would still be trouble - it's easy to come up with a back-of-the-envelope calculation on the number of bugs in a program's core. The Windows 2000 kernel will have at least 40,000 bugs (unfortunately this is not a typo). Mind you, these errors are in the most sensitive area of the program - any one of them could give illicit access or unwanted permissions to an interloper, although some of the most egregious problems are caught by testers before the public sees the product.
For some idea of how software complexity differs from system to system, here are some (very) approximate numbers of lines of code from various recent operating system kernels:
System lines of code BSD/OS 3.0 310,000 FreeBSD 2.2.5 430,000 Redhat Linux 5.0 590,000 Redhat Linux 5.2 820,000 Redhat Linux 6.1 1,500,000 Solaris 8 1,500,000 Windows 2000 40,000,000
There are a lot of bugs in each of these systems. How large Windows 2020 will be (or any similar operating system, if it exists twenty years from now) is anyone's guess, but it seems conservative to think that it will be at least fifty times as large. At some point in time, the number of bugs in large systems will make the number of lines of code in Windows 2000 look small indeed. The basic functionality of all these systems is roughly equal - it's mostly the bells 'n' whistles that add all the size. It's not surprising, then, that FreeBSD and BSD/OS, which are regarded as some of the more secure operating systems currently available, have the fewest lines of code. That its kernel is less than one percent of the size of Windows 2000's kernel is truly remarkable. Redhat, which markets the most popular version of Linux available, has caught up to Sun's Solaris in terms of sheer size (this is not something to vie for) and seems assured to pass them up in their next release. One of the final problems with increasing code size is that error rates also increase as the size of the product grows, due to the increasingly complex interactions between all the components of the program. Always keep in mind - increasing a program's length is antithetical to its security.
Thankfully (for us users) most bugs are never found, and most aren't truly significant from a security standpoint. People never see all of the bugs in a program because either the many paths in the maze of computing instructions that make up a program are never executed or - quite frequently - the program is so poorly documented or designed that a user doesn't even recognize they have encountered a bug unless something terribly wrong occurs.
Catastrophic problems will cause the program, or the computer that runs the program, to crash, lose or destroy data, or otherwise perform very undesirable actions. Anyone who has used a computer at all has run into such behavior - that we're so conditioned to these errors speaks volumes about both the quality of the software engineering practice at large and about the difficulty of writing good programs. Just try to write a book without a single typo! And while there are methods and tools that can be used to increase the reliability of software, they take time, effort, and discipline, none of which are rewarded by the ever-faster world of the Internet. As a historical note, the original Unix operating system consumed 16K bytes for its system and 8K bytes for the user programs, which, to put things in perspective, is significantly shorter than this essay! Times have certainly changed.
It is a well-known fact that no other section of the population avail themselves more readily and speedily of the latest triumphs of science than the criminal class. - Inspector John Bonfield (Chicago Police, 1888)
One of the more persistent aspects of human behavior is the amount of effort people will expend to fuck over their fellow humans. The future will, presumably, be no different, but with the advent of technology there will be both have new vehicles for doing so and, in some cases, greater rewards. Since we've briefly covered security, let's examine the other side of the coin. I could never cover all the possibilities of online mischief, but I'll attempt to cover some of the major ones.
To give some idea about what is at stake here, consider what the Gartner Group (an large business technology advising company) testified last year to the United States Congress. They claim that within five years, there will be a seventy percent chance of a theft of greater than one billion dollars being made public knowledge. Of course, who knows how many more thefts will go unreported. As they say:
Clearly a billion dollars is a huge sum of money; however, compared with the $11 trillion in annual volume of financial electronic data interchange during 1998 (which is growing some 40 percent annually), it represents only 0.009 percent.
Such sums of money such as these will possibly attract a more motivated, perhaps more intelligent, certainly better funded and more lucrative breed of computer criminal than what we've seen so far.
It doesn't take a direct electronic assault on a bank to reap ill-gotten gains, however. Stocks and other speculative markets are incredibly volatile, and according to the National Association of Securities Dealers, about 75 percent of current securities fraud involves some type of interaction with the Internet. A single news item or "hot tip" can change prices drastically. How much do you think Microsoft's stock price would change if it were believed that Bill Gates had died? What if there was a relatively innocuous sounding news report claiming that there was an early frost in Florida - how would the prices of orange futures be affected? The possibilities for misinformation are nearly limitless, the consequences or chances for being caught small, and the direct financial rewards vast.
Fraud and theft have been around longer than money and there is no reason to expect that this will change. Computer security simply allows fraud and theft to be perpetrated by more people on a wider range than ever before. Perhaps the legacy of computers is a Promethean one, giving these gifts more readily to the common woman and man.
Elsewhere, online voting for presidential primaries is slated to begin in march of next year in Arizona. Voting is one of the more obvious places where it is beyond crucial to have accurate counts and fair representation of people; indeed, voting goes beyond mere personal identity - from it springs the concrete manifestation of our government.
Yet we still haven't learned to secure systems in a practical sense. Both the government and private sector have, time and again, shown themselves to be incapable of running secure computers even - or especially - in the most critical systems and services. Limited resources, heavy usage, and performing complex tasks are all antithetical to good security, as witnessed by the constant headlines announcing the latest famous site that has fallen to system crackers around the world.
Can we risk giving system crackers - perhaps hired by political parties or special interest groups - the ability to easily modify voting data? Is it worth allowing more affluent young people the triviality of one-click voting (if Amazon.com Inc. and their patent allow this) giving ethnic minorities even less representation? Doesn't the prospect of trivially being able to buy, bribe, blackmail, or stealing people's vote cause consternation in you?
This isn't democracy, this is pernicious favoritism and a desire for control as well as technological folly. It might well be possible to do this reasonably, fairly, and securely in twenty years, but the saturation of both computers and computer knowledge that I predict will have to become truth first.
And on a purely negative financial bent, according to Computer Economics, Inc., malicious computer viruses and worms, which take advantage of both user mistakes and complexities and features in computer capabilities, cost over a billion dollars per month in the first half of 1999. This was due to lost productivity from disabled computers - certainly the dramatic increase in computers and their complexity will make things worse. I predict computer plagues and seasonal diseases will become commonplace - we'll hear conversations such as:
Shasta: My toaster has the Hungarian flu!
Chen: Oh yes, there's a lot of that going around...
After all - the more complex computers become the more they tend to imitate life. Someday we'll wonder if it is imitation; perhaps computers will become more significant than their creators.
I hope you know that this will go down on your permanent record
- Gordon Gano/Violent Femmes
After the financial industry perhaps the most successful online ventures have been members of the sex industry. Many businesses operate solely online, with both their content and sales channels exclusively on the Internet. As such they are the purest examples of electronic commerce that we have. People enjoy what they perceive to be a fairly anonymous way to investigate and purchase sexual content, fueled by the lack of social (and sometimes legal) approbation of doing so in more public venues.
Sexually oriented and explicit material probably consumes more bandwidth than any other type of traffic on the Internet, and as technology allows it to become more and more immersive and interactive, the amount of traffic it generates will increase correspondingly. Countries all over the world have already passed, or have tried to pass laws banning certain types of sexual expression, from child pornography to restrictions on downloading any sexually explicit media.
In several countries, simply possessing pornography is a crime. Innocent people can get unwittingly trapped by this sort of law however, because browsers and email programs automatically save pictures and other content to your hard disk. Even if you can figure out how to delete the offending material, the odds are good, because of the methods computers store information, that at least some of it still remains on your system. Nearly everyone has followed a link looking for non-illicit material only to find that it had pornographic images or other content of an undesirable nature. Many purveyors of porn also hide material inside seemingly innocuous images and programs, as well as space typically used by deleted files on a disk. If someone were to examine your hard disk (which is becoming more common at airports, computer repair shops, and the like) after you have encountered such materials they would discover this potentially illegal data of which you may be totally unaware of.
Some recent examples of how people are affected by pornography laws include rock star Gary Glitter (who has sold some 18 million albums in his career), who downloaded images to his computer and was placed under investigation for child pornography after the computer repair shop reported him to the police. In another case, an English school teacher received a four-month sentence for downloading pornography and printing it; the printing was ruled equivalent to "making" photographs of children. And in Japan, a businessman hanged himself after police found some pornographic images on his PC and arrested him on suspicion of distributing them.
The medical and psychiatric fields are both exploding in popularity online and are areas that have serious privacy and anonymity issues for doctors, insurance companies, and the patients themselves. Unfortunately, in our society many diagnoses have significant social stigmas or financial implications attached to them. For example, being diagnosed as being HIV positive, alcoholic, depressed, or if you've had a past abortion can have a significant impact on your social standing if it is widely known.
Here lies one whose name was writ in water.
- John Keats
Anonymity has always been a sticky electronic issue. Chat rooms and groups, Usenet news, and IRC have been around for quite some time, with people often using online aliases or identity laundering services to disguise their true identity when discussing very personal issues. There are good reasons for desiring anonymity in some cases - for instance, it gives incest and rape survivors, illegal substance addicts, and many others the power to discuss topics in great detail that they would never want to be revealed about themselves. It's fairly easy, in a technical sense, to provide anonymity - but it's even easier to abuse it. Think of the possibilities anonymity provides child pornographers, online harassers, system crackers....
There is a movement for a loss of permanence in our society; digital records are so easily modified or deleted and yet so easily accessed and readily believed that it has become difficult to persuade people when their computer conflicts with their own version of reality. We have all gone through the trauma convincing record keeping acolytes who control our personal records that we know more accurate information about ourselves than their stupid databanks do. This ably reflects our dismissiveness for the past as well as our lust for newness and technology.
The lack of physical boundaries, wireless communication, the increase in discontinuity and anonymity - they all allow attackers to feel less empathy for the victim, thereby increasing the potential for horrific actions. In Viet Nam the American bomber crews - who never saw their victims - suffered least from the stress of killing people (an emotion which is near omnipresent among non-psychopaths). The grunts, who saw the ruin face to face, had the most frequent and worst degree of psychological damage. Never understanding - or seeing - the harm you do is a powerful antidote to conventional morality.
Recently, presidential hopeful Senator John McCain released his medical records to quell negative rumors concerning his mental and physical health. This sort of revelation is not always voluntary, however; Simson Garfinkel reports in his upcoming book _Data Nation_ that U.S. Representative Nydia Velazquez testified to the following to the Senate in 1994:
... the Post had received an anonymous fax of my records from St. Claire Hospital. The records showed that I had been admitted to the hospital a year ago, seeking medical assistance for a suicide attempt. He told me that other newspapers across the city had received the same information and the New York Post was going to run a front-page story the next day. My records were leaked for one purpose only, to destroy my candidacy for the U.S. House of Representatives by discrediting me in the eyes of my constituents.... I felt violated. I trusted the system, and it failed me.
Most states don't have any laws against releasing medical records - indeed, the majority of states don't even have laws that allow you access to your own records. But the risks and implications of disclosure - whether accidental and malicious - are becoming greater with every bit of information about individuals that gets put online.
People are easily swayed - alarmingly so - and negative personal information can have an enormous impact on how people are treated by others or where public opinion lies. As personal information dissemination about both public and private figures becomes increasingly common, it will become correspondingly problematic to validate the truth of the reports. When it's possible to break into the New York Times, CNN, or Reuters and modify stories or inject false ones, who can be safe from misinformation? And it doesn't take a headline story, either, it could be online archives of news and stories. Consider the impact a page three article of an electronic local newspaper could have if it revealed - falsely - that an interior decorator was driven out of the last town that she lived in because of an arrest for child molestation. It could finish or seriously damage her career. The story, of course, would be passed quietly, from person to person, and she would quite possibly never even see it. Even if she found out, how can you fight disinformation? The paper could print a retraction, but the rumors and electronic whispers could continue. And as politicians know - time spent denying something starts to associate you and that negative thing, irrespective of the truth.
But it goes beyond mere reputation or social stigma. Recent studies at the University of Toronto showed that "adverse reactions to prescription and over-the-counter medicines kill more than 100,000 Americans and seriously injure an additional 2.1 million each year." If your online medical records were tampered with by an enemy or a playful system cracker, who would know - or be liable - for yet another prescription induced medication death? Online assassinations might not only become viable but a downright attractive alternative to the more laborious physical process; certainly the risk of being caught is significantly less. As pharmacies, hospitals, and even operating rooms get more and more information directly from networked computers, such scenarios grow easier to imagine. In an emergency, a doctor wouldn't care where the information came from, simply that she or he would get accurate information on demand. Computers and networks seemingly offer this potential.
A victim can be killed only once, the crime scene a thousand times
- police detective saying
With all this potential for computer chicanery, what are the prospects for catching miscreants? Certainly every action performed on a computer leaves some trace - a digital ghost, as it were - in its wake. In the physical world, forensic experts examine the scene of the crime for fingerprints, cigarette butts, tire tracks, and other signs that might give them clues to reconstructing the past. There are similarities in the electronic world, but, unfortunately they are much less widely understood.
In ways that are analogous to the physical world, digital evidence disappears over time. As other activity goes on, fingerprints get smudged, debris gets swept up, and rains come and wash away any traces of activity. This is the reason why police immediately cordon off an area, so they can analyze the scene and gather potential items of interest.
Unfortunately, the science of forensic computing is still in its infancy, and the methods and tools for collecting and analyzing electronic evidence are either non-existent or very primitive. To make matters worse, it is extremely easy to destroy, damage, or hide data on a computer (manipulating information is what computer were, after all, created to do.) But what makes the task nearly impossible is that any activity on a network - by definition - interacts with two or more computers. The problem with this is that in the majority of cases you won't own or have immediate, legitimate access to all the computers involved in the incident and therefore cannot gather evidence before it dissipates. Even if you bring forth legal power or otherwise get permission to do so, the evidence will often be long gone - especially since many of the computers involved will be in different countries or jurisdictions. And while other system owners are frequently willing to help out, you have yet another set of difficulties there, such as reaching them in a timely fashion, finding someone who is knowledgeable about gathering evidence, and even trusting the data they might provide (after all, it could be they who are attacking or sabotaging you in the first place!)
And if you understand that intruders "hop" from computer to computer through tangled webs of phone systems, PBX's, cell phones, and other devices and locations to get to a single target, then you can start to appreciate the difficulty of the task.
To put it plainly - as things currently stand, it is almost impossible to catch even modestly talented system crackers if they break into a computer, do some dastardly deed, and then get out again in a short time period using due diligence and good tools. Unless, that is, they brag to their friends or continue to come back and further molest the system. This is true regardless of the security of the target system, whether it be the White House, the FBI, or a individual security expert's computer. Miscreants will simply not be apprehended unless they are foolish. Indeed, the odds are great that, unless they do something extremely rash or bold, they will never be noticed, let alone reported (DISA and the GAO, which audit and report on United States government computers, has said that only one in 150 attacks on military sites are ever detected and reported!)
In time, the situation will get both better and worse. Obviously, we will have significant advances in tools and methodologies to catch or reconstruct illicit activities. These same advances, will, of course, afford people a better chance to spy on or examine anyone's activity, for better and for worse. Do you want to know what your employees are doing during the day? Your spouse? Soon it might be discernible that that the user on the other side of the chat room is, in fact, the proverbial dog.
Likewise, however, there will be an increase in attack, subterfuge, and destruction technology - for as the gains to be had in the online arena increase, the motivation for better machinery to carry out nefarious plans will intensify as well. In many cases it will be the haves vs. the have-nots, and woe befall someone who has neglected their defenses.
Normally when I see education on a list of future actions I think of it as someone telling the masses to brush their teeth or quit smoking - they message may be delivered with passion, but the desired effect simply won't happen. Things are different in this case, though, because education via a conduit of self interest is the most effective way to enlighten people. Mind you, I'm referring to both the computer mavens and the lumpen proletariat - everyone has a great need to learn and understand both the potential and power of computers and how it can impact people on a visceral level.
The truth is that we know very little about the ethics, morality, and social as well as personal implications of computer security. Philosophical, social, legal, and political study is mandatory for further understanding these very important questions. Also, as previously said, the technical aspects of protection, forensics, and auditing - among others - also require additional research. As computers are more fully integrated into our lives, we will have a vast amount of pop psychology, scare tactics, and computing canards to wade through - hopefully we shall also have a fair amount of serious study of the problems as well. Without this, education will have a much harder time of it. Even basic questions like how to gain computer access for all and what - if anything - should or should not be placed online, must be answered, and soon.
Laws. Most computer people seem to be decidedly against legislation of the Internet - or, at the very least, against unnecessary legislation (which many feel covers almost everything related to computers or the Internet!) But not all laws are bad, and the best laws - like (if I may be so bold and patriotic as to say so) those in the United States constitution - are flexible, easily adapted to new or unforeseen situations, nearly timeless, and designed to be equitable. The entire legal structure seems to be scrambling for footing on this turbulent new global infrastructure, but I hope that things will become more stable as time goes on. There are poor laws that exist, still more abysmal laws that have been proposed, and perhaps even one or two good laws out there somewhere. Laws have the tremendous power to influence people via personally punitive measures; if done poorly they can be destructive, but if created with true genius or vision they can help people. Which sounds vaguely something like something else I've been discussing... the Internet.
Unfortunately, putting together good, clear, concise, unambiguous, and fair laws about computers and the Internet has turned out to be a very difficult task indeed. Since the technology is changing so rapidly and the issues involved are not fully understood (by anyone!), training tends to be overly specific and the language of laws tends to be overly broad, vague, and difficult to enforce. All said, it seems relatively certain that the next Watergate will not take place in a hotel - e-Gate will be where the action is.
There is little doubt that Y2K will hurt quite a few people - the United States alone will have spent close to a trillion dollars to ensure that its computers will operate effectively in the new year - but it won't be a global disaster that will destroy the world. People will lose jobs, public utilities will fail, firms will go out of business, and, yes, some people will die - hopefully in very small numbers. But the long-lasting legacy of Y2K will be quite different from the immediate impact of the situation. Primarily Y2K will improve computer security - it will be an educational experience and on a grand scale. When your lights go out because of a computer error, when your relative loses her job at the plant that has been ruined financially, when the IRS loses your tax debt... wait, some good could come from this, after all! Most important: people will remember all of this - and Y2K is a taste of what is to come on a larger scale.
There has already been a slight raising of consciousness about computers and programming in general, due to the massive media coverage about the problem. For the first time, however, people will get the opportunity to see and understand on a first-hand basis what the failure of computers can bring upon us. And this is precisely why I believe the effects will be long-lasting.
We're lucky to have this happen now, rather than in 5 or 10 years, when our reliance on computing systems will be even greater. However, don't be deceived - there will be other Y2K's! Not necessarily with dates (and if Y10K ever comes I won't be around to care), but with other widespread problems with programming paradigms - for that's all Y2K was, a poorly implemented widespread approach to a fundamental problem.
Y2K, for better or for worse, will give the lawyers and politicians - who will have a significant hand in driving future computing - the chance to peer down the throat of the beast. It is up to the techno-savants (you, my dear reader) to keep them educated, rather than afraid, so that they will not try to dismantle or stall the Internet machinery.
We know too much and are convinced of too little.
- T. S. Eliot
The world is racing to go online, and people believe that it is a good thing, for better or worse. This mystique is amply demonstrated not only by writings and opinion polls but by the phenomenal financial performance of Internet stocks around the globe and our human predilection for embracing new technology even when it has no discernible advantage over existing methods.
If good computer security truly is impossible to achieve, and computers become as important in the world as they seem to be heading, then people will have to learn about it . It isn't necessary to understand the underlying technical mechanisms to understand the implications of how computers and computer security will impact our lives - it will be a sheer survival mechanism, and it is inevitable. Humans are marvelous at adapting to new situations.
People aren't afraid of risk, simply of loss, and will go to great lengths to avoid it. While risk cannot be eliminated, the potential losses of computers can be minimized by judicious application of practical understandings.
As global economic pressures rise and fall, so will the security of the world. Ultimately, computer security will have a strong correlation to the financial health and social happiness of the world. Now that's a sobering thought.
Computer security will never be achieved or solved - it's simply a continual process, just like the physical world. Good luck, and may we all see 2020 together, look back, and laugh.
Design of the Unix Operating System, Marice J. Bach, 1987, Prentice Hall.
Against the Gods : The Remarkable Story of Risk, Peter L. Bernstein, 1998, John Wiley & Sons.
"Arizona democrats select host for first binding Internet vote", Dan Caterinicchia, http://cnn.com/1999/TECH/computing/12/20/votation.rocks.the.vote.idg/index.html
Selected Essays, 1917-1932, T. S. Eliot, 1950, Harcourt Trade Publishers.
Shall We Dust Moscow? (Security Survey of Key Internet Hosts & Various Semi-Relevant Reflections), Dan Farmer, 1996, http://www.fish.com/survey
The Complete Essays of Montaigne, translated by Donald M. Frame, 1976, Stanford University Press.
Database Nation, The Death of Privacy in the 21st Century, Simson Garfinkel, Jan 2000 (est.), O'Reilly.
"Unseen, obscene and dangerous - Are you accidentally downloading porn?", Clive Grace, Thursday November 18, 1999, Guardian Unlimited Network, http://www.guardianunlimited.co.uk/Archive/Article/0,4273,3931385,00.html
Rapid Development, Steve McConnell, 1996, Microsoft Press.
Computer-Related Risks, Peter G. Neumann, January 1995, Addison-Wesley Pub Co.
"Year 2000 and the Expanded Risk of Financial Fraud", Joseph C. Pucciarelli, 4th August, 1999. (U.S. House of Representatives Science Committee's Subcommittee on Government Management Information and Technology).
"Study: Drug reactions kill an estimated 100,000 a year", Dr. Steve Salvatore, April 14, 1998, CNN.
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-Line Pioneers, Tom Standage, October 1999, Berkley Pub Group.
"SEC seeks securities fraud sniffer", L. Scott Tillett, Federal Computing Week, Nov/1999.
Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (Chapter Report, 05/22/96, GAO/AIMD-96-84).
"Computer Virus Attacks Have Cost Businesses $7.6 Billion in 1999", Computer Economics, Inc., Computer Economics, Inc., http://www.compecon.com/new4/pr/pr990618.html