The Internet Is Broken

Continued from page 5

A second set of technologies could help authenticate Internet communications. It would be a huge boon to Internet security if you could be sure an e-mail from your bank is really from your bank and not a scam artist, and if the bank could be sure that when someone logs in to your account, that person is really you and not someone who stole your account number.

Today, the onus of authentication is on the Internet user, who is constantly asked to present information of various kinds: passwords, social-security numbers, employee ID numbers, credit card numbers, frequent-flyer numbers, PIN numbers, and so on. But when millions of users are constantly entering these gate-opening numbers, it makes it that much easier for spyware, or a thief sniffing wireless Internet traffic, to steal, commit fraud, and do damage.

One evolving solution, developed by Internet2 -- a research consortium based in Ann Arbor, MI, that develops advanced Internet technologies for use by research laboratories and universities -- effectively creates a middleman who does the job. Called Shibboleth, the software mediates between a sender and a recipient; it transmits the appropriate ID numbers, passwords, and other identifying information to the right recipients for you, securely, through the centralized exchange of digital certificates and other means. In addition to making the dispersal of information more secure, it helps protect privacy. That's because it discloses only the "attributes" of a person pertinent to a particular transaction, rather than the person's full "identity."

Right now, Shibboleth is used by universities to mediate access to online libraries and other resources; when you log on, the university knows your "attribute" -- you are an enrolled student -- and not your name or other personal information. This basic concept can be expanded: your employment status could open the gates to your company's servers; your birth date could allow you to buy wine online. A similar scheme could give a bank confidence that online account access is legitimate and conversely give a bank customer confidence that banking communications are really from the bank.

Shibboleth and similar technologies in development can, and do, work as patches. But some of their basic elements could also be built into a replacement Internet architecture. "Most people look at the Internet as such a dominant force, they only think how they can make it a little better," Clark says. "I'm saying, 'Hey, think about the future differently. What should our communications environment of 10 to 15 years from now look like? What is your goal?'"