The postal service is a good example. For a nominal fee, you are able
to send a message anywhere in the world. If you want that message to be
private, you enclose it within an envelope. Tampering or changing the
message would require breaking the seal on the envelope and committing
Federal crime. If you wish to make sure that your message was received,
you ask for a return receipt. To make sure that the person who received
the message was the one you intended him to be, you might check his or
her signature. He or she might check yours.
Now imagine that someone has just constructed a brand-new postal
service from scratch. The service operates at blinding speed, sorting
and forwarding messages through various postal clearinghouses in
seconds instead of days. But the new service has some drawbacks. Anyone
can be a postmaster, and there is nothing to prevent a postmaster from
making copies of the mail as it passes through his clearinghouse.
Messages are written on postcards, and instead of signatures and return
receipts, all message identification is written in identical block
letters: ``This message is from John at ZDS.'' So the postcard-sorters
can't help but see entire messages; there is little to prevent a phony
message from being swapped out for a genuine one; there is no guarantee
that the persons on either end of the message exchange are the people
on the address; and there is no means of verifying that a message was
received.
Such a postal service exists today, and it is known as the Internet. By
design, the Internet allows wiretapping, and it is estimated that 20of the message traffic sent via the Internet is copied and stored
somewhere (by someone other than sender and receiver) for later
reference. Most messages are sent as plain block text... an intercepted
message can be read by different software platforms.
Businesses are now viewing the Internet as another possible
distribution channel that can inexpensively reach a vast, international
marketplace. Products can be attractively presented with rich graphics
and detailed descriptions, and customers can have a convenient, fast
communications channel in which to obtain a quotation and place an
order.
Security, however, continues to be a point of concern and a barrier for
commercial transactions over the Internet. The building block
architecture of the Internet dictates that, for the most part,
communications must pass though many computer systems to link the
parties in a transaction. Each interconnecting computer system
represents a potential security vulnerability. A security breach at any
point potentially has a wide reaching effect on a large number of users
and institutions. In addition, telecommunications facilities that
transmit price quotations, product plans, or other guarded information
are subject to penetration from unauthorized parties.
Several break-ins on government computers and those managed by Internet service providers have been well publicized. Most of these break-ins resulted from attackers exploiting vulnerabilities in host and network security that allow capture of a user's password. Such incidents raise concern among those using the Internet for non-commercial purposes, and they discourage businesses considering use of the Internet as a commercial channel. Unless security problems are fixed, companies whose survival may depend on proprietary trade secrets and closely guarded cost and price information, and financial institutions required to provide a payments infrastructure will not participate. Without the support of financial institutions, it will not be possible to gather the critical density of businesses necessary for a healthy marketplace to develop.