US government policies and consumer practices present a worldwide threat to individual privacy in cyberspace, according to panelists at the Usenix Security Symposium here last week.
"People are rightfully getting very uneasy about the lack of privacy on the Internet," says Mary Connors, a representative for Computer Professionals for Social Responsibility, who noted that a lack of government regulations to monitor what is done with personal data on the Internet is a widespread worry for Americans and Europeans.
The Europe Commission has laws that safeguard the individual when it comes to personal data, but in the US, such information is readily bought and sold to marketing firms and private individuals, says Connors. "Europeans want the US to get with the programme" and are often unsure about what will happen with their personal data if a US address-sales company gets a hold of it, she says.
"I was astonished to learn that privacy is so threatened in the US and that your personal data is unprotected," says Magda de Jong, managing consultant in application services for Hewlett-Packard Netherlands, who was at the symposium to learn more about ways the US and Europe can collaborate on encryption policies. "Trading secure information between countries is hindered by the US's export policies on encryption," says de Jong. "The US and Europe should be working toward collaboration and cooperation. Otherwise, big disasters will happen, such as fraud and people losing lots of money."
An Australian attendee agrees that US encryption policies are a hindrance to global co-operation, especially when it comes to electronic commerce. Most Australian individuals don't feel comfortable doing online business with US companies because Australians can't use the highly secure version of a US encryption product to transmit their credit card information, says David Purdue, secretariat on the executive committee for AUUG, an Australian Unix division of SunSoft.
In a system where both parties need to use a local copy of the same encryption product to send and receive secure data, overseas users get the short end of the stick because they are limited to a 40-bit version, says Purdue. "The real problem is the stupidity of the US government," says Purdue, who says that he believes the export ban will be lifted in the next year.
"We can no longer be certain that any information is private on the Internet," says Peter Neumann, a cryptography researcher at Stanford Research Institute, during a panel discussion on Internet Privacy Issues. "The information society is putting too much information out there that we can't protect," says Neumann, who says that the US has to come up with stricter laws to prosecute hackers, but must slacken the laws on encryption in order to protect individuals.