Image provided by: Texas A&M University
About The Battalion. (College Station, Tex.) 1893-current | View Entire Issue (April 27, 2000)
Thursday, A SCIENCE TECHNOLOGY [ursday, April 27,2000 THE BATTALION Page 7 nnotl mate |l Guarding email privacy ncryption to find place in new University directory Plaintext e-mail "PUBLIC" KEY led off with a id the guards got tin len another group i le light got bigger# got to the point ofi lohn Barton, sprite! i Lupe Lozano, white inmatesjtus ut it was mostly tk ie inmates who were said. the prison's kitetaj re in the melee, erections officials 300 guards to sul ier of inmates, i around 6:30 pm ,)l by midnight, Baiti used a pepper spri; o subdue the red minor injuries ; that wentoffinl guards also were ere treated andreir said. 3. However, f jail because a:: Iding him for a pa The a BY DAVE AMBER , The Battalion Most Internet users know hackers can steal :dit card numbers and other information from :ecure Web transactions. But in everyday com- mications, how can one be sure somebody [nding a simple email is who he claims to be? One answer is to encrypt, or code, email and her files. Already an integral part of e-com- rce transactions on the Web, encryption is in- lasingly viable in email services. Now Texas A&M is trying to build an en- irption function into the new online directory mently being installed. The system would al- tv users to find keys for sending encrypted nail to anybody in the directory who has a key place. The University encourages encryption use, lid Thomas Putnam, director of Texas A&M imputing Information Services (CIS). “We’re living in a world where we will be see- more encryption,” he said. “It not only ensures lur privacy, but the important thing is that en- r ption allows you to have verification of origin.” Putnam said it is easy to fake the originating ■me and other information on an email. “If you get an email from a professor, how do you know it’s really from him?” he said. As a groundswell builds in Texas to implement general use of encryption and “digital signatures” for confirming email origins, the University wants to institutionalize the process here, so that one standard system is in place, Putnam said. Providing such a centralized and secure di rectory for public keys is one of the barriers faced by advocates of encryption technology. With the new University directory, a user could find the public key for another person list ed there and use it to encode a message to that person. At the other end, the message recipient would decipher the message with a private pass word key. Charles Boatwright, a CIS senior systems an alyst, said the University is laying the ground work for this system, but there are a number of hurdles. “The emphasis is on infrastructure,” he said. “We have to be careful. Are we talking about encrypting Web traffic or email? Will all operating systems be able to use it?” He said full implementation will not happen until these questions can be worked out. Encryption software is not new. PGP, or Pretty Good Privacy, code has been available for free on line since 1991, quickly becoming the standard. Another system, X.509, is used by the state ofTexas as the standard for encrypting state transactions. Ron Woessner, vice-president of Dallas- based Zixit, Inc. and an A&M former student, said his company’s new encryption software may be the solution to hard-to-use encryption systems. Zixit, a subsidiary of the Blockbuster Corpo ration, publicly unveiled its encryted email pro gram called “Zixmail” in March. PGP critics like Woessner said the common standards are difficult to use. Products like Zix mail are “as easy to use as email,” Woessner said. Putnam said CIS is looking into services like Zixmail. “If we are emailing back and forth be tween the University and a company, we have to keep students’ information private,” he said. “That’s a place we might use the Zixmail pack age, because you can set up a relationship with an individual or a specific company.” But, setting up a relationship is one of the problems with such software. Email users at both ends must use the same encryption software. Af ter July I, that will cost money for Zixmail users they will pay $ 12 per year for each email ad dress they want to encrypt. “You can’t underes- "Private" Key Plaintext E-Mail GABRIEL RUENES/Tm: Battalion How encryption works: Somebody can use another person’s public key to encrypt a message to that person. When the recipient receives the encrypted email, or cipher- text, he decrypts it with his personal “private” key that he stores on his computer. timate the secured delivery of it,” Woessner said. “Twelve bucks for a FedEx or 12 bucks for one year of service.” But this means each recipient of an encrypted email will also have to pay for the service. “A problem here is that people have to use the same systems,” said Alexander Fowler, policy director for the Electronic Frontiers Foundation. able claim Dn violati TON (AP)-Aco' eston County win i an April 11 runoff! id a lawsuit askif| be set aside bee ted violations, awsuit, Daniel Cc suits of then* in County Districts uarino said thereii quests for hisoffe election fraud rega: lie’s race. 21st century “Enigma” machines: regulations for exporting code In the movie U-571, which opened last week, World War II Allied forces race to cap ture an “Enigma machine” used by the Ger man navy to encode radio messages. The movie underscores the historical impor tance of encryption for message security, the value of breaking those codes and the reason some governments may be ner vous about sharing encryption technology. Until this year, email encryption tech nology had been a concern of the United States justice system. The Department of Justice (DOJ) feared encryption codes would fall into the hands of terrorists or spies from other governments. Putting encryption codes up on the Web, the government said, violated export con trols because nations restricted from re ceiving such information, like Libya, Cuba and Iran could “import" the software online. “It’s considered aiding and abetting the enemy,” said Don Tomlinson, a Texas A&M professor of journalism and media law. But he added the government’s enforce ment was impractical. "Cyberspace has no physical boundaries, so the usefulness of regulation is limited.” Until last year, the Justice Department held fast to regulations of overseas sales of encryption software, but in January, the White House eased export controls. Earlier this month, a Case Western Re serve University professor targeted by the DOJ for criminal investigation for posting en cryption codes on the Web won his case be fore a federal court of appeals. The court ruled that encoding software was protected under the First Amendment. As a result of the government’s loos ening of restrictions, programmers can now put their source code up on the Web providing they email the Commerce De partment the URL for the Web site. Diverse groups, ranging from First Amendment and human rights organiza tions to scientific associations, have been involved in the campaign to relax export controls. The National Academy of Sciences, for example, urged in a 1996 report that the federal government should promote com mercial use of encryption. And in terms of safeguarding original cre ative works, encryption offers a margin of safety for transferring literature, music or other original materials through cyber space. “Encryption is the best solution as a means of protecting intellectual property,” Tomlinson added. a consumer organization that monitors issues such as the privacy of electronic communica tions in cyberspace. “Is the public going to pay for that?” “The great advantage of PGP over services like Zixit’s is it’s free,” Putnam added. Encryption systems — free or not —still raise flags about security. While they encrypt emails and other files, the systems can also be used to en crypt materials that are illegal to transmit over the Web, like child pornography. “Encryption is a double-edged sword. If you are doing something illegal, you can hide it,” Putnam said. But Putnam said spying on messages is not a concern at the University. “The University has a policy not to look at anybody’s email unless it suspects illegal activity,” he said. “There’s a certain amount of paranoia about privacy. At the University we generate a million email messages a day. Imagine the work in volved if you wanted to go look at all of those,” he said. “If we suspected illegal activity, we would go to the police or FBI. It’s not us who ask” Putnam said.