Balancing Security and Liberty
technology explosion of the past 30 years has complicated both government's
role in, and citizens' desire for, privacy. Citizens demand safety while
law enforcement believes it needs timely access to information that
flows over networks. With the availability of cryptographically sophisticated
mechanisms such as public key systems, we have a world where a vast
amount of personal and public information streams wildly over digital
systems such as the Internet, POTS (plain old telephone systems), wireless,
After the tragic attack of September 11th, the Bush administration is
calling for, and receiving, increased powers to listen to our conversations,
monitor our e-mail, see who and where we visit in cyberspace
all with the stated intention of protecting us from terrorists. I could
fill this column with the implications of the mechanisms that have been
proposed for aiding law enforcement. As with any legislative mechanism
behind which there is so little technical understanding, many of the
changes may create greater dangers than they hope to eliminate. I would
like, however, to focus on the security of the basic communications
infrastructure we count on.
was built in a university research atmosphere where the problems of
creating a working system took priority. As the Internet grew, developers
had neither time nor energy to address security. Suddenly we had an
insecure network underpinning our industrial might and daily lives.
what would have happened if, in addition to the attacks on New York
and Washington, a concentrated physical and cyber attack had been made
on the Internet. As the people who are technically responsible for the
network, we'd better make sure such an atttack does not happen.
suggest that we patch the holes to fix the vulnerabilities, but most
discussions on Internet security find turtles upon turtles security
problems on security problems. So what do we do? For the current-generation
Internet, patches might be the only answer. Or perhaps regulatory authorities
should demand Internet-wide management mechanisms. (I suggest this with
real hesitation, but it may be the only path). That does not mean, however,
that we should not strongly support holistic research attacks on the
security issues to see if out-of-the-box thinking can help.
Untangling the Contradictions
We are about to take a dramatic technical step forward in communications
technology with the arrival of end-to-end optical communications links.
The very speed of these links (~60 Gbytes/wave) and vast number of waves
possible demand a new examination of the Internet's structure and of
the architectures of computer hardware and operating systems. This is
an excellent time to make security fundamental to any real next-generation
network. Information security and network resource protection must be
a requirement, not an option.
I started this column talking about the privacy implications of 9/11
with respect to law enforcement. I close with a plea for end-to-end
security for future networks. These might seem like contradictory aims,
but they both seem to be requirements in the post-9/11 world. The technical
community must provide the research needed to understand the nature
of the contradictions and to find the path forward. It is equally important
that we involve ourselves in continuing efforts to preserve liberty
as well as safety.