http://www.afr.com.au/content/990312/inform/inform5.html Placating the public's misconceptions By John Davidson The only thing really lacking about internet security is public comprehension. Why is so much of the public so insecure about e-commerce, when it's perfectly willing to do far more reckless things like turn their TVs into answering machines for aliens? Maybe the fear is brought on by the IBM TV ads, saying the net isn't safe (unless you buy IBM software). Whatever's causing it, Eye Site believes web dread is largely misplaced. Even with only the most basic level of security - the weak encryption commonly used to secure the link between consumer and online merchant - the internet is still just about the safest place to hand over credit card details. But for some reason, people who gladly read their credit card details out loud over the phone eschew the internet. It doesn't make sense, as IBM says. Still, we must pander to cyber-sissies, and so Eye Site has been looking at new PC-based fingerprint authentication technology from the Lucent spin-off, Veridicom. Veridicom has produced a silicon chip that can tell who you are just by pressing on the back of it. The idea is that users lock up their digital certificates inside their PC or on their smartcard, so that they can only be accessed by someone with their fingerprints. Thus, any transaction done on the internet using the certificate must have been done by the certificate owner, or at least by someone with the owner's fingers. (Eye Site's suggestion: if someone steals your fingers, cancel your cards.) The interesting thing about this technology is not that it works - there's been electronic finger print security technology on the market for years - but that it works and it's expected to only add around $5 to the cost of a PC. At $5, there's no reason why it couldn't be incorporated on every PC or every modem connected to the internet.There are of course privacy concerns about standardising a biometric technology, but it is possible to roll out a system where no-one except the PC's owner keeps a copy of the prints, short circuiting any temptation the banks may have to pass those prints onto Athena the Starwoman for analysis. Will biometric technology make the internet a safer place? It hardly matters. All we need is something that relieves public anxiety. If someone could convince internet users that every PC had a secret number in it that revealed their identity over the internet, that could work too. Only, that's too ridiculous to contemplate. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:58 PDT