Security and privacy

What are the crucial innovations in the history of security and privacy? The crucial innovations are related to our ability to make boundaries where there are none. We understand this now, but we haven’t for very long. In the electronic world, there are no natural boundaries, whether we are talking about national boundaries, corporate boundaries, or even the difference between my e-mail and me and my life and my privacy. All of those things are, at least at the outset, undifferentiated, because there are almost no costs to reproducing electronic information, and there are almost no boundaries to contain it. Clearly, you are aware of when you cross the border between Germany and Poland, walk Security and privacy have received a lot of attention recently. Fueled by the worldwide availability of information, restricting access to your own data becomes an issue relevant to both business and personal privacy. At the same time, the variety of attacks on and breaches of this privacy has become a real and common danger to everyone. The impact of being able to access any information from anywhere in the world is revolutionary and creates many opportunities for mankind. Unfortunately, it has also opened up opportunities for criminal and unethical individuals and groups. It lets people from countries with unregulated cyberlaws attack businesses and intrude on other people’s privacy. Early attacks on government and bank data were rather limited geographically or through the use of controlled channels, such as leased lines. They were also less visible and, once detected, easy to counteract. Today, attacks on any prominent Internet service can easily impact your needs, making them more noticeable. The impact on businesses can be even more dramatic. Recent denial of service attacks on Yahoo and other Internet companies cost millions of dollars. The companies that rely on the Internet for everyday business can not afford to go offline, let alone for long periods of time due to security breaches. Even as I was writing this introduction another virus— actually a worm—appeared on the Internet: ILOVEYOU. If started, it will, among other things, overwrite some system configuration files and then send emails to all the e-mail aliases in your Outlook address book, spreading itself further. This kind of virus both breaches security (it can destroy your configuration) and privacy (it uses your e-mail aliases and can hence send any other information). An even bigger problem is related to privacy. The Internet lets you easily access your own data but also lets others track your behavior, movement, and habits. The implications are numerous. Many companies realize that this is valuable information that they can trade to track what you buy and browse, from where you connect to the Internet, and so on. The world of wireless communication with all kinds of gadgets and innovative toys will open up even more opportunities for attacks. All of this creates many challenges for security and privacy experts today. Some are technical, such as scalability, more efficient cryptographic techniques, safe languages, and better secret key distribution. Social and legal aspects pose more challenges. People must be educated about what is socially acceptable behavior on the Internet, what is criminal, and what is legally binding. We need some strictly enforced regulations as well as some commonly accepted unwritten rules as soon as possible. Unfortunately, not all governments necessarily have the same interests as users. I’ve raised only some of the challenges of the security and privacy field. These interviews bring up many more interesting examples from the top experts in the field. Dan Geer is the CTO of @stake and the president of Usenix. Li Gong is the Director of Server Products at the Consumer and Embedded division of Sun Microsystems. Clifford Neuman is a professor at the University of Southern California and chief scientist at CyberSafe. Marcus Ranum is the CTO of Network Flight Recorder. Mary Ellen Zurko is a security architect at Iris Associates and is currently responsible for Lotus Notes’ active content security.