Series Title | European Voice |
---|---|
Series Details | 13/02/97, Volume 3, Number 06 |
Publication Date | 13/02/1997 |
Content Type | News |
Date: 13/02/1997 By YOU have to admire Yves Le Roux - or pity him. His main aim in life is to explain encryption, or the mathematical scrambling of information, to people who are unsure whether they need it or even want to know what it is. Le Roux, who works on data security for US information technology giant Digital Equipment, does not see it that way. For him, teaching this most mysterious of subjects to non-specialists is not only essential, but also more simple than people think. “People often seem to start from the wrong place,” he says. “They assume that encryption is needed and then move on to explain all the different types of technologies that are available. What we should explain is why encryption is necessary at all.” As the European Commission and the Organisation for Economic Cooperation and Development (OECD) wrestle with the policy and security conundra thrown up by encryption, elementary-level teachers are exactly what the rest of us need. Armed with 18 slides operated by his laptop computer, Le Roux sets out to educate business executives on why they cannot afford to be without encryption. In developed countries, people are increasingly using advanced information technology in their everyday lives. “If companies want to use their own secure networks, they will need a leased line, which is expensive,” says Le Roux. “So now people are starting to use the Internet as a medium, using it as if it were their own network, at a tenth of the cost.” With the Internet in the middle of the web, the customer can talk to the factory, which can communicate with the supplier, and the finance department can discuss terms with the bank, and so on. The problem is that the Internet, which links more than 3 million computers to 50,000 networks in 80 countries, is an open system. As companies move increasingly into electronic commerce, they need to know that their information is secure. Imagine a postal system where anybody could delve into private letters and confidential contracts. It would not be used. This is where encryption technologies come in. They are designed to ensure that information can only be read by those to whom it is addressed ('confidentiality'), guarantee that the full text posted by the sender is received ('integrity') and allow for 'authentication' by each contracting party of the other's good faith. “In electronic commerce, the buyers need to know that the sales point they have found is genuine,” says Le Roux. “If I am going to hand over my name, address and credit card details to you, I need to be certain that you are Neckerman and not someone else. “If we have authentication and integrity, we have a contract,” he explains. “I can be sure that the right thing has been sent and that you are you. So now I can sign on the dotted line.” So what is preventing the wider use of encryption? The answer is national security concerns. Law-enforcement agencies throughout the world are worried about the use of such technologies by organised crime or terrorists, and have maintained import, export and usage controls. Industry has long been pressing for strong encryption technologies to be exportable, importable and designed for their users and not for national intelligence agencies. At the moment, the most powerful technology which can be exported from the US is 56-bit. Le Roux points out that although it would take a low-cost attacker several years to crack this scrambling technique, it would take a determined commercial rival just three weeks and a government agency precisely 12 seconds. “Those who oppose the removal of these restrictions are looking at the wrong threat,” says Le Roux. “Economic warfare is far more important than terrorism. I doubt that many terrorists use encryption, but our competitors do and will increasingly use information technology to make themselves more competitive. The opponents must consider the idea that their countries will be jeopardised by economic warfare, but their own industry will not be allowed the right to encryption and confidentiality.” Le Roux is helping to draft OECD guidelines for a global cryptography policy, which would try to iron out the differences between countries' regulatory regimes and place industry on an equal footing. The document is due to be published in June. “This is a consensus document - lots of 'shoulds' and 'mays',” he admits. “What we are facing is a national sovereignty problem. There are several powerful organisations which think that this is a purely national security issue and will not accept EU or OECD competence.” |
|
Subject Categories | Business and Industry, Culture, Education and Research |