Page 294

• Many communications are carried over channels (e.g., satellites, cellular telephones, and local area networks) that are easily tapped. Tapping wireless channels is almost impossible to detect and to stop, and tapping local area networks may be very hard to detect or stop as well. Other electronic communications are conducted through data networks that can be easily penetrated (e.g., the Internet).

• Approximately 10 billion words of information in computer-readable form can be scanned for $1 today (as discussed in Chapter 1), allowing intruders, the malicious, or spies to separate the wheat from the chaff very inexpensively. For example, a skilled person with criminal intentions can easily develop a program that recognizes and records all credit card numbers in a stream of unencrypted data traffic.1 The decreasing cost of computation will reduce even further the costs involved in such searches.

• Many users do not know about their vulnerabilities to the theft or compromise of information; in some instances, they are ignorant of or even complacent about them. Indeed, the insecurity of computer networks today is much more the result of poor operational practices on the part of users and poor implementations of technology on the part of product developers than of an inadequate technology base or a poor scientific understanding.

In the early days of computing, the problems caused by information vulnerability were primarily the result of relatively innocent trespasses of amateur computer hackers who were motivated mostly by technical curiosity. But this is no longer true, and has not been true for some time. The fact that the nation is moving into an information age on a large scale means that a much larger number of people are likely to have strong financial, political, or economic motivations to exploit information vulnerabilities that still exist. For example, electronic interceptions and other technical operations account for the largest portion of economic and industrial information lost by U.S. corporations to foreign parties, as noted in Chapter 1.

Today, the consequences of large-scale information vulnerability are potentially quite serious:

• U.S. business, governmental, and individual communications are

1 The feasibility of designing a program to recognize text strings that represent credit card numbers has been demonstrated most recently by the First Virtual Corporation. See press release of February 7, 1996, "First Virtual Holdings Identifies Major Flaw in Software-Based Encryption of Credit Cards; Numbers Easily Captured by Automated Program," First Virtual Corporation, San Diego, Calif. Available on-line at release2_7_96.html.

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement