Thursday, A
SCIENCE TECHNOLOGY
[ursday, April 27,2000
THE BATTALION
Page 7
nnotl
mate |l Guarding email privacy
ncryption to find place in new University directory
Plaintext
e-mail
"PUBLIC"
KEY
led off with a
id the guards got tin
len another group i
le light got bigger#
got to the point ofi
lohn Barton, sprite!
i Lupe Lozano,
white inmatesjtus
ut it was mostly tk
ie inmates who were
said.
the prison's kitetaj
re in the melee,
erections officials
300 guards to sul
ier of inmates,
i around 6:30 pm
,)l by midnight, Baiti
used a pepper spri;
o subdue the
red minor injuries
; that wentoffinl
guards also were
ere treated andreir
said.
3. However,
f jail because a::
Iding him for a pa
The a
BY DAVE AMBER
, The Battalion
Most Internet users know hackers can steal
:dit card numbers and other information from
:ecure Web transactions. But in everyday com-
mications, how can one be sure somebody
[nding a simple email is who he claims to be?
One answer is to encrypt, or code, email and
her files. Already an integral part of e-com-
rce transactions on the Web, encryption is in-
lasingly viable in email services.
Now Texas A&M is trying to build an en-
irption function into the new online directory
mently being installed. The system would al-
tv users to find keys for sending encrypted
nail to anybody in the directory who has a key
place.
The University encourages encryption use,
lid Thomas Putnam, director of Texas A&M
imputing Information Services (CIS).
“We’re living in a world where we will be see-
more encryption,” he said. “It not only ensures
lur privacy, but the important thing is that en-
r ption allows you to have verification of origin.”
Putnam said it is easy to fake the originating
■me and other information on an email. “If you
get an email from a professor, how do you know
it’s really from him?” he said.
As a groundswell builds in Texas to implement
general use of encryption and “digital signatures”
for confirming email origins, the University wants
to institutionalize the process here, so that one
standard system is in place, Putnam said.
Providing such a centralized and secure di
rectory for public keys is one of the barriers
faced by advocates of encryption technology.
With the new University directory, a user
could find the public key for another person list
ed there and use it to encode a message to that
person. At the other end, the message recipient
would decipher the message with a private pass
word key.
Charles Boatwright, a CIS senior systems an
alyst, said the University is laying the ground
work for this system, but there are a number of
hurdles. “The emphasis is on infrastructure,” he
said. “We have to be careful. Are we talking
about encrypting Web traffic or email? Will all
operating systems be able to use it?”
He said full implementation will not happen
until these questions can be worked out.
Encryption software is not new. PGP, or Pretty
Good Privacy, code has been available for free on
line since 1991, quickly becoming the standard.
Another system, X.509, is used by the state ofTexas
as the standard for encrypting state transactions.
Ron Woessner, vice-president of Dallas-
based Zixit, Inc. and an A&M former student,
said his company’s new encryption software
may be the solution to hard-to-use encryption
systems.
Zixit, a subsidiary of the Blockbuster Corpo
ration, publicly unveiled its encryted email pro
gram called “Zixmail” in March.
PGP critics like Woessner said the common
standards are difficult to use. Products like Zix
mail are “as easy to use as email,” Woessner said.
Putnam said CIS is looking into services like
Zixmail. “If we are emailing back and forth be
tween the University and a company, we have to
keep students’ information private,” he said.
“That’s a place we might use the Zixmail pack
age, because you can set up a relationship with
an individual or a specific company.”
But, setting up a relationship is one of the
problems with such software. Email users at both
ends must use the same encryption software. Af
ter July I, that will cost money for Zixmail users
they will pay $ 12 per year for each email ad
dress they want to encrypt. “You can’t underes-
"Private"
Key
Plaintext
E-Mail
GABRIEL RUENES/Tm: Battalion
How encryption works: Somebody can use another person’s public key to encrypt a
message to that person. When the recipient receives the encrypted email, or cipher-
text, he decrypts it with his personal “private” key that he stores on his computer.
timate the secured delivery of it,” Woessner said.
“Twelve bucks for a FedEx or 12 bucks for one
year of service.”
But this means each recipient of an encrypted
email will also have to pay for the service.
“A problem here is that people have to use the
same systems,” said Alexander Fowler, policy
director for the Electronic Frontiers Foundation.
able claim
Dn violati
TON (AP)-Aco'
eston County win
i an April 11 runoff!
id a lawsuit askif|
be set aside bee
ted violations,
awsuit, Daniel Cc
suits of then*
in County Districts
uarino said thereii
quests for hisoffe
election fraud rega:
lie’s race.
21st century “Enigma” machines: regulations for exporting code
In the movie U-571, which opened last
week, World War II Allied forces race to cap
ture an “Enigma machine” used by the Ger
man navy to encode radio messages. The
movie underscores the historical impor
tance of encryption for message security,
the value of breaking those codes and the
reason some governments may be ner
vous about sharing encryption technology.
Until this year, email encryption tech
nology had been a concern of the United
States justice system. The Department of
Justice (DOJ) feared encryption codes
would fall into the hands of terrorists or
spies from other governments.
Putting encryption codes up on the Web,
the government said, violated export con
trols because nations restricted from re
ceiving such information, like Libya, Cuba
and Iran could “import" the software online.
“It’s considered aiding and abetting the
enemy,” said Don Tomlinson, a Texas A&M
professor of journalism and media law.
But he added the government’s enforce
ment was impractical. "Cyberspace has
no physical boundaries, so the usefulness
of regulation is limited.”
Until last year, the Justice Department
held fast to regulations of overseas sales
of encryption software, but in January, the
White House eased export controls.
Earlier this month, a Case Western Re
serve University professor targeted by the
DOJ for criminal investigation for posting en
cryption codes on the Web won his case be
fore a federal court of appeals. The court
ruled that encoding software was protected
under the First Amendment.
As a result of the government’s loos
ening of restrictions, programmers can
now put their source code up on the Web
providing they email the Commerce De
partment the URL for the Web site.
Diverse groups, ranging from First
Amendment and human rights organiza
tions to scientific associations, have been
involved in the campaign to relax export
controls.
The National Academy of Sciences, for
example, urged in a 1996 report that the
federal government should promote com
mercial use of encryption.
And in terms of safeguarding original cre
ative works, encryption offers a margin of
safety for transferring literature, music or
other original materials through cyber
space.
“Encryption is the best solution as a
means of protecting intellectual property,”
Tomlinson added.
a consumer organization that monitors issues
such as the privacy of electronic communica
tions in cyberspace. “Is the public going to pay
for that?”
“The great advantage of PGP over services
like Zixit’s is it’s free,” Putnam added.
Encryption systems — free or not —still raise
flags about security. While they encrypt emails
and other files, the systems can also be used to en
crypt materials that are illegal to transmit over the
Web, like child pornography.
“Encryption is a double-edged sword. If you
are doing something illegal, you can hide it,”
Putnam said.
But Putnam said spying on messages is not a
concern at the University. “The University has a
policy not to look at anybody’s email unless it
suspects illegal activity,” he said.
“There’s a certain amount of paranoia about
privacy. At the University we generate a million
email messages a day. Imagine the work in
volved if you wanted to go look at all of those,”
he said.
“If we suspected illegal activity, we would go
to the police or FBI. It’s not us who ask” Putnam
said.