Monday, October 14, 2013

Online security: We must secure the internet for personal use

Ezra Klein, of the Washington Post's Wonk Blog, declared on Morning Joe that the rollout of Obama Care is a disaster. Problems were to be expected on the first few days, he said, but not by the third week. 

Klein is more an economics wonk than a computer geek, while I am more the latter. I agree with him whole-heartedly on this, but the situation goes far beyond the Obama Care web site, The problems with the web site are multiplied a million times in the internet itself. The difficulties concern, not the mechanics of the site, which is basically a simple site into which a user puts his or her data and the program draws conclusions based on the data. The problem lies in web security itself, which is very broken indeed and gets worse with each passing day.

Before the internet was invented, online traffic consisted of users within a single computer, generally a mainframe. Each user had a single password. His or her security was protected by the internal security of the mainframe itself. Access was controlled by a human being who had to set up accounts for any new users. These users operated within a walled garden, which is to say there was no access to the computer from outside the institution to which it belonged.

The invention of the internet changed all this. Today, millions of people log onto the internet each day. Each person may have dozens of accounts, each with a password and each with the risk of being hacked into by one of the other millions of users. Furthermore, there are thousands of programs that act like humans which roam through the internet much like flies seeking nourishment from a carcass. Most of these programs are benign, like the google programs that keep track of web sites and enable people to find what they are looking for. Other programs are malicious, some looking to take over your computer or steal all the data on it, or even clean out your bank account before you know what is going on.

The Federal government is not to blame for the bugs in the Obama care web site. A cursory examination leads me to suspect that all of these bugs are in the security system, the basic information each user needs to use to log on. This is hardly surprising because there is no standardized system for guaranteeing privacy on the internet.

The free market is to blame. Let me repeat. The free market is to blame for the chaos of the internet. Each web site or company must handle its own security. Some web sites are woefully inadequate to this task. Meanwhile, many people spend their entire lives looking for security leaks and ways to profit from the sloppy coding of others. Many of the people who are doing this have a big advantage over casual users because they work for governments. In short, they are not constrained by the free market but are free to spend their entire time devising devilish computer programs.

The NSA is the best-known computer security organization in this country, but many other countries have their own versions. All these operations have one thing in common. No one knows what they are doing or when they will release it on the rest of us.

The Solution:
The U.S. Government--most likely through a contractor--needs to develop a security system that is available to all of us and protects us whenever we go online. There are many suggestions on how to do this. Many of them use some trait peculiar to the individual, such as the voice, the fingerprint, or the iris. The science of these systems is not advanced enough to be foolproof, however. Each of them requires a special attachment to the computer and therefore is difficult to transfer from one computer to another.

The most likely security method is one already in use for online transactions with banks. The user has a personal password and a device that provides a new extension to the personal password--usually a 6-digit number--every minute. The device is about the size of a digital watch. The site being protected has a copy of this password, which is unique, or nearly unique, for each user. A hacker who wishes to break this system would need to know(a) the personal password, (b) the time the system started, and (c) the sequence of numbers being used to generate new password.

Until each of us has such a device that permits us to log onto the internet, we all run a risk of having our personal information stolen along with our cash. This is the lesson we should take from the failure of the Obama care rollout.

No comments: