Electronic security

Abstract

Electronic security in this day and age covers a wide variety of techniques. One of the most important areas that must be addressed is that of commerce on the Internet. The Internet is an insecure medium to say the least. Every message sent must pass through many computers that are most likely controlled by unrelated and untrusted organizations before it ultimately reaches the final destination. At any one of these relays the information within the message can be scrutinized, analyzed and/or copied for later reference. There are documented and suspected instances of surveillance of Internet traffic. It has been suggested that several of the major communication switches (through which 90% or more of Internet traffic must pass) have permanent surveillance in place.

Another insidious but less obvious fact about Internet use is that messages once sent, are not discarded nor do they disappear forever. Usually, at one or more relays, copies of messages are archived and kept for differing time periods. Most ordinary users are not aware that messages sent six months ago may be able to be retrieved. That fact could have serious legal ramifications for the sender.

At this time cryptography is really the only effective method that can be used to protect Internet transactions and communications from unauthorized interception. Unauthorized means anyone who you have not expressly given permission to read your private communications. Cryptography is the art or science of hidden writing. Plain text (your message in readable form) is modified using an algorithm (like a mathematical equation) that requires at least one special variable (your special private key that no one else knows) to create ciphered text (your message in unreadable form). At the destination the person who the message is meant for must have the “special key” in order to be able to unlock the ciphered message.

All encryption is not created equal nor does it necessarily provide equivalent security. It would be wrong to intimate that merely using “encryption” to protect your communication is enough. There are other factors at work here as well and they have to do with the politics of privacy. I have often heard it said in New Zealand that “if you have nothing to hide then it shouldn’t matter who reads your communications”. Of course, that opinion is naïve and does not represent reality in any meaningful way.