August 1998

Internet Besieged

This collection looks at trust from the perspective of security, rather than privacy. It begins with a detailed overview of the history and technology of the Internet by Peter Denning in chapter one, and of an overview of the main types of attacks on computer systems by Dorothy Denning in chapter 2. After reading these two chapters, which provide good background information, the novice -- that would be me -- in the world of Internet security, can better move around and about the book as interest dictates.

In fact, the book's arrangement is one of its strengths. Denning and Denning invite readers to read in an order that suits them, comparing the book to "symposium in a large hall with high, arching ceilings" (xi) where one can move from speaker to speaker as interest and prior knowledge dictate. Like a good symposium, the speakers in this collection are articulate and knowledgeable, but without being exclusive. Even though many of the pieces address highly technical areas, some downright arcane, they do so intelligibly. My only wish on this score would have been to include a glossary of key terms and acronyms. Since many of the pieces originally appeared in computer publications and newsletters, there is a tendency for acronyms to appear without explanation in some of the pieces. So for a complete novice, the book would need to be accompanied by a good acronyms dictionary and glossary of computer terms, but then, these resources would be good for a novice already to have on hand.

Since most of the pieces in the collection are reprinted from other sources, there's a mix of writing genres. Thus Ted Doty's review of SATAN (System Analysis Tool for Auditing Networks) in chapter 15 is reprinted from the Computer Security Journal focuses solely on the software without reference to other sources. Meanwhile, working back, in chapter 14 we find a conference paper on DIDS (Distributed Intrusion Detection System) from the October 1991 proceedings of the National Computer Security Conference with moderate amount of citations. Moving further back to chapter 13, is a paper originally published by the Purdue Research Foundation that provides a case study in integrity monitoring and has a fair number of notes and a bibliography with 29 sources. Other chapters include speeches and reprints of acceptable use policies.

However, the diversity of types does not make this reader uneven. This is owed to smart editorial choices by Denning and Denning. They've grouped the collection into five parts and provide good introductory pieces for each section, explaining why the pieces are grouped where they are and what themes tie them together. The divisions are The World Wide Network, Internet Security, Cryptography, Secure Electronic Commerce, and Law, Policy, and Education.

What makes this book ultimately successful, however, is that even though much of it is concerned with details of the technologies in question, all the writers bring their concerns for security back to the people involved--the people the information represents--and their need for protection.

The book complicates protection by offering, especially in its section on Law, Policy, and Education, thinking on how ethics and commerce might be maintained on computer networks by looking at the role rules and govern- ment play in fostering both. This section has arguments for and against the clipper chip, including comments from Attorney General Janet Reno on law enforcement in the digital realm (Clinton's clipper chip proposal is part of this) and Dorothy Denning (who favors some form of key-encryption). Reno and Denning are balanced by a talk given by Bruce Sperling (chapter 29) that opposes key encryption. The debate ultimately comes down to finding the balance be- tween security and freedoom, and that agreement can't be reached so easily is telling.

Sperling's arguments are more convincing, philosophically than the reasons generally ascribed to business that oppose the government's encryption policies because they fear that those policies will interfere with their ability to do business. Denning offers a compelling argument for why and how business could benefit from key encryption. Sperling argues that what really matters is how tolitarian governments can abuse the system to thwart human and artistic rights.

Essentially, says Sperling, encryption is a global issue, not merely a U.S. economic and national security issue, and key-encryption will hurt freedom, and ironically enough, national security far more than it protects freedom and security because it can empower our enemies.

Taken as a whole, this final section sheds a different light on technology and security (and privacy) than that offered by Technology and Privacy. Sperling's warning resonates because it reminds us that what can be used for us can easily be turned against us. What Internet Besieged as a whole seeks to do, however, is to describe ways and rationales for making sure that security technology does work for us. Underlying the arguments of most of the essays is an ethic that says security matters because it protects people.

The question remains, however, how much protection do people need and at what cost?

Read a complete review of Technology and Privacy

Contents Archive Sponsors Studies Contact