Section 2.1. Information and Its Controls

2.1. Information and Its Controls

Information security is almost as old as information itself. Whenever people develop new methods of recording, storing, or transmitting information, these innovations are almost inevitably followed by methods of harnessing the new technologies and protecting the information they process. They're also followed by government investigations and controls. For example:

  • In 1793, the first commercial semaphore system (use of mechanized flags) was established between two locations near Paris. Semaphore signaling came to be used throughout France, Italy, Germany, and Russia. Thousands were employed manning the stations, which operated at a speed of about 15 characters per minute. Code books were used so that whole sentences could be represented by a few characters. Semaphores weren't very successful in England because of fog and smoke, but in the United States, systems of this kind are the reason so many communities have geographic names such as Signal Hill, Beacon Rock, Signal Butte, and Semaphore Pointe.

  • With Samuel F.B. Morse's introduction of the telegraph came concerns for protecting the confidentiality of transmitted messages. In 1845, just a year after the invention, a commercial encryption code was developed to keep the transmitted messages secret.

  • Within five years of the introduction of the telephone in 1881, a patent application was filed for a voice scrambler.

  • In the 1920s, the use of telephone wiretaps by both government and criminal forces resulted in a public outcry, Congressional hearings, and, ultimately, legislation prohibiting most wiretapping.

  • In the 1930s, Title VI of the Communications Act of 1934 prohibited unauthorized interception and publication of communications by wire or radio, while giving the President certain powers to deal with communication matters in the event of war or other national emergency.

  • In the 1940s, concerns about controlling the proliferation of information about atomic energy led to the Atomic Energy Act of 1946. This act created a Restricted Data category of information requiring special protection and penalties for dissemination. Similar controls have been imposed on new advances in other scientific fields.

  • In the 1980s, the Defense Authorization Act specified controls on technical information about emerging military and space technologies.

  • In the 1990s, attention turned to not just keeping out the bad guys, but keeping out the bad codes. Viruses had been around for some time, but it took dramatic increases in the number of home and business computers to make viruses a plague for every one.

  • In the 2000s, viruses have diverged into spyware, which detects and reports a user's Internet activities, adware, which presents the user with targeted advertisements for goods and services, and malware, which is code designed to cause harm or further the illicit ends of the perpetrator.

  • In the months following the terrorist attacks on 9/11, the Homeland Protection Act granted broad executive powers related to gathering of information from private communications.

Like any other new technology, computers have raised substantial questions about the degree to which the technology should be controlledand by whom. Even newer technologiesfor example, imaging systems that may impact the integrity of legal and financial documents, including U.S. currencywill no doubt raise the same types of complex issues. Widely available software that allows users to doctor electronic photographs makes it hard to determine what is real and what is designed to entertain or to persuade. Computers and wireless communications also make it easy to eavesdrop.

One ongoing debate in the computer security world is over the government's restriction of technological information. Government needs to protect certain kinds of information, such as national defense data and the take from intelligence gathering activities. Particular security technologiesfor example, cryptographic products are very effective at safeguarding such information. Should the government be able to control who can and cannot buy such technologies? Should there be any limits on such sales? For example, should enemy governments be able to buy cryptographic products that may make it more difficult for U.S. intelligence operations to monitor these nations' communications? What about information concerning the technologies themselves, for example, technical papers about cryptographic algorithms? Should these have to be submitted for government examination and possible censorship? Encryption technologies have been variously classified as munitions or as a normal part of software. Is there a need to stifle the development of products developed privately that may inadvertently mimic (or possibly outperform) existing or proposed government communications technologies? Can technology and the free exchange of intellectual data flourish in an environment that tries to control certain kinds of intellectual exchanges?

A somewhat more alarming trend has been the government role in limiting or suppressing the use of cryptographic techniques between private parties in the United States. One such method, Pretty Good Privacy (PGP), was promulgated at tremendous sacrifice to its developer. At length, PGP prevailed, but some in the cryptographic community are concerned that its commercialization may have encouraged a government-sponsored backdoor that allows easy transmission decoding within the constraints of the legal system. A similar situation has been seen in the telecommunications industry: "law-enforcement ports" have begun to appear in commercial telephone switchgear, creating the possibility of wiretapping without due process.

Another debate concerns the involvement of the government in mandating the protection of nongovernment information. Should the government have any control over the protection of such information? Who gets to decide whether information such as productivity statistics, geological surveys, and health information must be protected from public scrutiny? From whom is it being protected? In 2003, a graduate student compiled a list of all the connections into and out of a major city using publicly available data. Debate ranged from whether the document should be classified to whether the student had gone beyond the scope of a standard research paper and had in fact committed a crime by assembling such a document. Should the government impose the same security standards on systems used to process commercial information as those imposed on systems for government information? The importance of the commercial infrastructure to the economy suggests that the commercial infrastructure deserves attention, similar to a bridge, tunnel, or airport.

As you'd expect, different people have a variety of opinions about these questions. We'll discuss such questions and representative opinions throughout this book.

Computer Security Basics
Computer Security Basics
ISBN: 0596006691
EAN: 2147483647
Year: 2004
Pages: 121

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: