The Web Is Always Insecure

Uncle Sam’s Web

By Gwydion M. Williams

Just you, your trusted friends and a whole gaggle of police spies.  That’s how ‘libertarian’ the new technology of the Internet actually is.

The entire computer industry is a spin-off from the USA’s Military-Industrial Complex.  A continuation of the methods that won the Cold War for the West.  In the Anglo-American view of things, ‘production for use’ is normally seen as a burden on productive profit-making industries.  But when the aim is warfare, it’s accepted as a necessary.  So technologies like microprocessors and memory chips were developed first for the military, long before there was any market demand.

Something like the Internet was long imagined.  Even ‘virtual reality’ was imagined by Olaf Stapleton in Starmaker in the 1930s, while Zelazney’s Creatures Of Light And Darkness already has most of the ideas later floated as ‘Cyberpunk’.

Back in the days when the Post Office still ran telephones, there was Prestel Viewdata, exactly the same idea, only before the technology was ready for it.  There was also the French Mintel, a much more successful system that is now being integrated into the World Wide Web.

The breakthrough technology that led to the modern Internet was a spin-off from a military idea for a decentralised data transmission system that might survive a nuclear strike.  Only people started using it for just about anything.

So why was it allowed?

Anything their bosses would allow, that is.

Simple chat turned to matters like alt.sex, anonymous discussion that suited some of the clever shy individuals found in technical and engineering circles.  And from there it took off.

Sex was not the only area of interests.  Accounts of the discovery of the proof of Fermat’s last Theorem reveal that mathematical research was also well suited to e-mails and cheap world-wide communication.  If there had been early steps to purge the Internet of explicit sex, it would still have grown.  Only rather more slowly.

I suspect it was mainly because the fight over explicit sex had already been fought and lost.  With video players standard and video cameras widespread, controls are quite difficult.  And with the new DVD technology, it will be even harder.  Videos are at least vaguely detectable, they are large and light and rattle when shaken.  DVDs look just like CDs, and illicit ones could easily be disguised by printing something innocuous on them.

Videos plus the normal post and phone networks provides a system that is already impossible to control.  Photocopiers are also potentially subversive  – the former Soviet Union restricted them, but could not really control the flood of data.

The Internet is both more useful and more controllable that the classic links.  Your Internet Service provider undoubtedly knows everywhere you’ve been.  So, most likely, does your telephone company.  At least they can find out, since all of those packages of data go along their wires.

Those of you who have Internet access at work would be wise to use it just for that.  Modern office switchboards can track what calls you make: this was probably begun to catch characters who were making enormously expensive international calls, but anyone can be spotted once the system is in place.

Microsoft, at least, make their software with the viewpoint of a big business aiming mostly at sales to big business.  And the ‘history’ function gives excellent control, at least on Internet Explorer 4 and 5.

You can switch off ‘history’ on your home machine, but probably have no such rights on the work machine.  Possibly someone with more technical knowledge than I have would be able to erase those bits of ‘history’ they didn’t want their employer to know about.  But I’d also be surprised if that were all.  As I said, I have no deep Internet or PC knowledge, but years ago I worked on a small stock-keeping and dispensing system for a mainframe machine used by a hospital pharmacy.  I included both overt security and some covert recording to spot anyone who tried to be smart.

No misbehaving individualist should be surprised if their employer asks why they’ve been visiting ‘Lesbian Grandmother Performs Sex Acts With A Baseball Bat’, or whatever.  Their boss might ask what it has to do with motor insurance, say.

The offender could claim they got the site accidentally while checking a dubious claim that mentioned a ‘Ford Baseball’.  This could happen, quite genuinely.  But such a person should not be surprised if their boss was then to point out that they’d visited it 127 times over the past 9 working days, which would be a little hard to explain.

That’s work.  Under British law, I don’t think there’s any law to stop you accessing anything you like for private use, apart from underage sex.  You could access a site devoted to erotic photos of one-armed one-legged women, say.  Or a discussion group on Marilyn Monroe’s underwear.  Or you could look for the more serious stuff, political and social and economic and scientific comment, which is proliferating at a great rate.

What, though, can you do on the web that you can’t do on paper?  It’s faster, indeed, and better – but also far more vulnerable, at least if you are doing anything the Secret Services are likely to be interested in.

There are ‘Search engines’ that can look for key words and phrases in a way no human could match.  This does lead to absurdities, like discussions of ‘naked eye astronomy’ getting listed as pornography.  And serious conspiracies always use code words   There has however been talk of automated systems to pick up key words, maybe on phones, and also perhaps on e-mails.  Serious libertarians could of course swamp any such detections.  I do not suggesting people start pretending to be engaged in conspiracy or illegal plots, this may be illegal and one must definitely allow for police being generally unimaginative, paranoiac and often quite stupid. But a legitimate discussion of the fact the search engines could pick up a phrase like ‘assassinate the President of the USA’ would itself be picked up, and such results would swamp the system.

Ordinary e-mail about business that is private though not illegal is probably rather more vulnerable than ordinary phones and ‘snail-mail’.  Except for those with special technical knowledge – a lot more than I have – no one is proof against a decent private detective, let alone any national security agency.  And of course people who know the more sophisticated tricks draw attention to themselves just by their use of those tricks.

Encryption I’d see as a bit of a red herring.  The significance on the Internet is mostly where you’ve been, not what you say.  Encryption can also be a give-away.  Data on a PC is stored in bytes, typically ASCII, 256 different codes, of which 52 stand for upper and lower case letters.  An expert can look at the mix of codes on a file, and know what is text or else one of the image storage systems.  But if it’s a mix of all 256 signs, it’s either random nonsense or else encrypted worth trying to crack.

Conspirators could of course fake their links under some innocuous name.  But if a chat room supposedly for polite discussion of the works of Jane Austen started buzzing with highly encrypted messages, you wouldn’t need to be Sherlock Holmes to realise that something was up.  Or a genuine fan of Jane Austen might find the site accidentally and then report it when they realised it was not what it seemed.

In my view, encryption would not protect the ordinary person, nor even the ordinary customer for illegal goods and services.  What it would protect would be maybe a few networks of technologically sophisticated outlaws, plus professional criminals.

Professional criminals are likely to do very well, if the present unregulated pattern continues.  With the more serious criminals, the police often know just what they’re doing but cannot easily prove it.  Deep encryption might make it very much harder.

What about people living under authoritarian regimes?  Citizens of the Repressive Regime of Ruritania, say.  They would of course be vulnerable to all of the tricks mentioned above, plus some I don’t know about, most likely.  The smart way would be to write things on paper, scan the paper as a photographic image and then send the image along with some innocuous holiday snaps.  I can’t swear such a method is uncrackible, but it is at least safe against search engines.

It cuts both ways, of course.  A privately rebellious Ruritanian who gets a subversive e-mail from a group of self-styled dissidents would be wise to report it to the authorities at once, it might well be the Ruritanian Secret Police checking them out.

The thing that most worries me about the Internet is that it is essentially a US creation, and must be basically under their control.  The specific power of Microsoft over Internet software is not of huge significance, what matters is that all of it came from a technology made in the USA and controlled by them.  They can probably make their own communications secure and also snoop on anybody else’s.  There has been talk of US security agencies turning to massive industrial espionage and giving US firms a sudden advantage over their European and Japanese rivals.  It is rather remarkable how relative economic performance turned around once the USA no longer had to fear its existing allies defecting to any superpower rival.

The nominal anarchy of the Internet means in practice dominance by the strongest, basically the US military-industrial complex.  Some form of global regulation and minimum standards would be much more a protection than a limit.

I published this under the pen-name “Dan Ackroid” in April 2000.  Since then, many of the experts have dropped their previous belief that the web would solve everything.  The efficiency of Chinese web controls is generally acknowledged.  And it has been discovered that the USA makes extensive use of it for snooping.

See also The Internet as Secret Policeman’s Friend.