Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Can our cell phones, laptops and pagers ever really be secure? Or are our phone calls, the data on our hard
drives, and the messages that we receive inevitably going to be an open book for any suitably motivated government spy-or teenaged hacker?

Certainly, nothing can ever be 100 percent protected. Sadly, though, the makers of portable computing devices and wireless communications systems have led us down a false path by failing to make security a top priority. For more than a decade, cryptographers have possessed strong encryption techniques that could virtually guarantee that data falling into the wrong hands-through a stolen laptop, say, or an intercepted radio signal-would be impossible to decode. Unfortunately, these techniques have not made it from the lab into the mainstream.

As a culture, we have little experience with secure communications-and a lot of experience with communications security gone sour. Time and again, wireless equipment vendors and providers have been shamed by the security failings of their products. The analog cellular telephone systems of the early 1980s lacked any protection at all; a $200 scanner from Radio Shack would let you listen in on anybody’s cell-phone conversation.

Rather than endow their products with strong encryption, the wireless companies turned to Washington for help. The result was the 1986 Electronic Communications Privacy Act, which effectively made it illegal to listen in on cellular-phone calls. But the legislation didn’t stop snooping: after the law’s enactment, House Speaker Newt Gingrich, Virginia governor Douglas Wilder and even Prince Charles all had their wireless communications intercepted.

The cellular industry paid dearly for its decision to seek security from Congress rather than cryptographers; just as phone calls were sent through the airwaves without encryption, so were the account numbers used for billing. The 1990s saw an explosive rise in the incidence of cellular fraud, with thieves sniffing account information in order to “clone” phones-that is, have one phone bill to another phone’s account. According to industry estimates, phone cloning was costing the industry several hundred million dollars each year by 1997.
Unfortunately, many decision-makers have learned the wrong lesson from these chronic failings: instead of resolving to deliver more secure systems, many seem to have concluded security and privacy are elusive at best-and that scarce resources are better spent on other goals. This spells real danger as wireless devices become a greater part of our economy. All of the large-scale wireless paging and data networks deployed in the 1980s and ’90s repeated the cell-phone industry’s mistake and eschewed encryption. Today these networks are the basis for popular wireless products like pagers and the Palm VII personal digital assistant. Messages sent using these systems can be-and are-intercepted with ease.

What’s worse, it can be nearly impossible for a consumer to make an informed decision about a product’s security. Consider the Palm: all PalmOS-based computers let you make certain records “private,” meaning that they shouldn’t be visible unless a password is entered. This password could be enforced with encryption, but it isn’t: last September, the Cambridge, MA, computer security firm @Stake announced that anyone with physical possession of a person’s Palm could reverse-engineer the password.

0 comments about this story. Start the discussion »

Tagged: Communications

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me