- The Washington Times - Thursday, October 26, 2006

The Hewlett-Packard e-mail scandal and reports of hackers stealing thousands of credit-card numbers off the Web, not to mention the government’s unending surveillance schemes, have brought me to this, the formulation of Fred’s Principle: If a computer can be connected to the Internet, regard everything on it as being in the public domain.

Sure, you can take common security measures (and should) to reduce risks from spyware, viruses and “phishing.” Most of us probably have little that we need to keep secret. But the whole structure of computation today — the Internet, operating systems, software and so on — is so inherently porous that even security specialists can’t be sure they haven’t been compromised. Read, for example, SecurityFocus.com, and you find a constant stream of new attacks on security.

Consider Web bugs, which are simple, common and well-known among geeks — but probably known only to a minute fraction of ordinary computer users.

When you go to a Web site, the page you see will almost always consist of several files separately downloaded from the remote computer that hosts the Web page. The text consists of at least one file, and each photo is a file. This is why parts of a page appear before others. E-mail using HTML (hypertext markup language), which is very common, can also contain files.

It is easy to make a small, invisible file. Suppose that I send you an e-mail containing such a file. When you open the e-mail, your computer has to download the invisible file from my server. The server automatically records that you downloaded the hidden file, the time and your IP address. You forward the e-mail to Sally, whereupon her computer downloads the hidden file, and my server notes her address, time and so on. I can thus track my e-mail as it is forwarded.

Now, you can detect Web bugs if you can read HTML source code and disable them in mail by turning off HTML. However, here we run into a fundamental problem of security with computers: To increase your level of security, you have increase your level of technical knowledge of computers, networks, the Internet and the Web.

While few ideas in computing are very difficult in themselves, there is a great deal to know. You pretty much have to make a hobby of it to have even a marginally useful grasp. Most of us have other interests and other demands on our time. Furthermore, the people who figure out ways of compromising your security are often formidably intelligent and work in the field.

We mere mortals cannot compete in this game. There are countless ways of hijacking distant computers or installing various forms of spyware. Intercepting messages in transit across the Internet is easy for governments that are willing to do it. Corporate networks are susceptible to prying by management.

While you can sometimes be sure you are being spied on (if you find the spyware, for example) you can never be sure that you are not. You could use encryption software, but unless you have the source code, and are competent in cryptology, you can never be sure that there is no “back door” built in to make it easy to decode. You can’t be sure what your operating system really does. For most of us, this borders on paranoia, but any intelligence agency in the world would be delighted to have surveillance code inserted into, say, Windows.

If you really don’t want anybody to know about it, don’t put it in a computer.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide