Internet Theft Is Avoidable

Article excerpt

If the private sector cannot protect their sensitive information, citizens will turn to the courts. But internet theft easily can be avoided.

The number of recent, major breaches of computer security is alarming. Despite all the publicity, the situation appears to be getting worse, not better. This growing problem is affecting the legal system in particular as well as society in general. At the rate at which the problem is accelerating, the courts may soon be flooded with lawsuits based on security breaches or identity thefts and alleging statutory violations and commonlaw causes of action.

Since more and more consumers are losing faith in businesses' ability to protect their sensitive information, they are forced to resort to self-protection, sometimes daily checking their credit rating. Over time, this mass loss of faith will create a nightmare for the courts. If the private sector cannot protect their sensitive information and self-protection proves inadequate, predictably citizens will turn to the courts.

These facts strongly suggest that the current paradigm of computer security is ineffective; and all indications are that the situation will continue to worsen until we adopt a new paradigm. What would be the elements of a new approach? To begin with, companies and agencies ought to require a further authentication before permitting someone to access a specific database maintaining sensitive information. Many require a password at the initial logon but nothing later. Moreover, we should make much more extensive use of encryption and not limit its use to the sending of information.

Simply stated, encryption modifies the form of computerized data by arithmetic means to render it useless to unauthorized persons. Authorized persons can access the information in useable form because they have a "key." The key unlocks the data; it is a mathematical tool for recovering the data in its original, unencrypted form. There are several varieties of encryption, and some are more effective than others. The National Institute of Standards and Technology has developed Federal Information Processing Standards (FIPS) 140-2 as a model for storing data.

There are several major advantages to widespread utilization of encryption. …