Technology not the only answer to online security, panelists say

Many lawmakers, consumers and federal agencies are looking to today's high-tech tools to facilitate trust in e-commerce and e-government, but technology alone will not adequately protect commercial, personal and governmental data, two security experts said Thursday.

Bruce Schneier, a cryptologist and chief technology officer of Counterpane Internet Security, told the audience at a forum sponsored by the Cato Institute that conventional wisdom surrounding the issue of digital security fundamentally is shifting.

As e-commerce was born, strong technological security was thought to be the key to a safe Internet, but with the proliferation of viruses, hackers and other agitators, it has become obvious that there is no such thing as a foolproof network, he said. Consequently, Schneier said he believes that government regulation is necessary to ensure the Internet's security and to protect personal data. "I can secure bits ... but it doesn't matter how good my crypto system is if the secretary gives the key to the first person who calls and asks," he said. "What we are learning is that security is about people."

Fellow panelist Steven Levy, author of Crypto: How the Code Rebels Beat the Government, Saving Privacy in the Digital Age, said in the 18 months since the government relaxed controls of encryption technology in the face of national security concerns, the commercial adoption of the technologies has been very slow.

"You look around and we still don't have cryptography on our e-mail built in," he said. "There's not a whole lot of products that have [cryptography] off the shelf."

The lack of consumer demand for encrypted products could be tied to a lack of awareness about the scope of the problem and how it could affect consumers, Schneier said.

Similarly, Levy noted that there are practical barriers to the wide consumer adoption of security tools. To encrypt e-mail, for example, he said, consumers, "have to make sure that the people [they] are communicating with have [a similar] program.

"You see these [types of privacy] regulations in Europe and Canada, and they do a lot of good," Schneier said. "In the U.S., we've been resistant and I suspect because of all the lobbying dollars. There are no lobbying dollars for privacy."

Ultimately, the online world is not very different from the offline world, Schneier said, and the measures that promote security in the offline world such as law enforcement will be the keys to protecting information on the Web.

"The reason we as a community are safe . . . is because we live in a safe society," he said. "We have police, we have a lawful society. ... I believe that same kind of thing will work on the Internet."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec