Internet Security Is the Subject of Mar. 3 Forum

Does government regulation help or hinder private efforts to make communications on the Internet secure? If what it's doing is constitutional, is it also in the nation's best interests?

Those are essential questions for participants in a day-long Columbia conference on "Cryptography: Technology, Law and Economics" Mar. 3 in Uris Hall. It is sponsored by the Columbia Institute for Tele-Information (CITI).

Registration is at 8:30 A.M., and the first presentation begins at 9:00 A.M. An attendance fee will be charged of $95 at the corporate rate and $35 at non-profit and academic rate. Admission will be free for CITI affiliates. For information, call (212) 854-4222, or send e-mail to citi@research.gsb.columbia.edu.

High-tech criminals routinely steal credit card and telephone numbers, among other information, from private computers. "The Internet was not designed to protect privacy," said John Kasdan, lecturer at Columbia School of Law and organizer of the conference.

"Would you like your credit card number posted on a billboard in Times Square? That's how secure the Internet is," he said.

But advances in computer hardware and software have allowed some private firms to encode the information they send over public telephone lines.

Virtually any piece of information--a cellular telephone conversation, medical record, television program or bank account--can be translated into digital form and protected with electronic codes.

The American banking industry currently transmits some $350 trillion a year via encrypted wire transfers, and encrypted commerce on the Internet is burgeoning. The leap forward in cryptography has created problems for the National Security Agency, the federal agency that regulates the private use of encryption codes.

One commercially available software package, called P.G.P. for "Pretty Good Privacy," is thought to protect data even from the NSA's code-cracking computers. It uses a coding formula developed by three researchers who founded RSA Data Security Inc.

One of the three, Ronald L. Rivest, E.S. Webster Professor of Computer Science and Engineering at MIT, will speak on encryption as an aid to Internet commerce. Other panelists will be Eli Noam, professor at Columbia's Graduate School of Business and director of CITI; Stuart Haber, co-founder of Surety Technologies Inc., Chatham, N.J., and Matthew Blaze, senior research scientist at AT&T Bell Labs, Holmdel, N.J.

The NSA in 1993 proposed inserting a Clipper Chip, which would have given it "trap door" access to encoded information, into computers using encryption.

But Blaze demonstrated last year that the chip's key algorithm did not work, and the Clinton Administration abandoned the plan.

The State Department also enforces federal export restrictions on encryption technology, which require a special munitions export license normally issued for weapons sales. Such regulations put American computer companies at a disadvantage to foreign competitors, who abide by no such restrictions, the companies say.

Papers on encryption are published in academic journals, making export regulations outmoded, Kasdan and others maintain. More importantly, others say, federal encryption regulations are a threat to free speech.

"The right to speak P.G.P. is like the right to speak Navajo," said Eben Moglen, professor at Columbia School of Law. "The government has no particular right to prevent you from speaking in a technological manner, even if it is inconvenient for them to understand."


Columbia University Record -- February 24, 1995 -- Vol. 20, No. 18