Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Simson Garfinkel

A View from Simson Garfinkel

Gated Net Community and SSL Decryption

Two articles in the current issue of eWeek magazine touch on the topic of Internet Security in a way that is accessible to even those outside the field.In The Gated Net Community, Paul Tinnirello, a CIO in the insurance financial…

  • October 16, 2003

Two articles in the current issue of eWeek magazine touch on the topic of Internet Security in a way that is accessible to even those outside the field.

In The Gated Net Community, Paul Tinnirello, a CIO in the insurance financial industry, argues that the deluge of spam and computer viruses is going to cause companies to set up a new Internet in which the price of admission is absolute accountability — presumably through the form of client-certificates and certified servers. Thus, the gated net community would really be an overlay network that would run on top of the existing Internet.

This is an interesting idea, but one that I think is destined to fail.

Let’s say we build a Gated Internet Community, which Tinnirello says would be conceptually similar to a private gated community. If the GIC is a really great place to be, more and more companies and people will want admission. And unlike the gated communities of Long Beach and Seattle (which I’ve visited), this GIC will be able to expand to accept the new immigrants. As the GIC gets larger and larger, some of the members will necessarily be some of the very same people that Tinnirello wishes to keep out. What’s to prevent a spammer from gaining admission to the GIC? What’s to prevent a spammer from paying a friend to get admission to the GIC, and then taking over that person’s account?

Indeed, the Internet itself was once a GIC. I remember back in the 1980s, you could really trust people on the Internet. You knew that basically everybody with an email address was honest, would not cheat you in financial transactions, wasn’t a crook, etc., because if they were, their account would be taken away by the school or business that was giving them access. And if somebody did cheat you, you could always retaliate by going to their sysadmin. That’s back when the Internet was a small town, with less than 100,000 residents.

The second article to check out in this week’s eWeek is Jim Rapoza’s column SSL Filtering Won’t Increase Security. Rapoza argues that companies that are deploying SSL decryption tools to use against their own employees are being stupid and possibly breaking the law.

Sorry, Jim. I know that SSL decryption sounds terrible, but if your company is going to be deploying SSL decryption tools and you don’t like it, don’t use their computers, or find another place to work. Until we want to pass some serious legislation in this country that protects a worker’s right to privacy, any attempts to use technology to get similar guarantees are bound to fail. That’s because technology vs. Technology is a simple arms race, and it’s a race that the people who own the computers and the network will invariably win against their users.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.