Viewpoint: Don't rely too much on Net encryption

Electronic commerce is at the heart of today's visions for the World Wide Web. It implies electronic money, circulating on a network that is about as secure as my garden shed. That's no problem - we have cryptosystems for signing, sealing and encrypting transactions that make electronic money safe.

But do we? What happens if we're wrong? Perhaps history can help us.

In 1938, the US crypt-analyst Abraham Sinkov described the then most modern machine ciphers as almost unbeatable.

'So far as present crypt-analytic methods are concerned,' he argued, 'the cipher systems derived from some of these machines are very close to practical unsolvability.'

One of those machines was the Third Reich's Enigma; only two years after Sinkov's words it was being broken almost continuously, not by extraordinary new technology but by new ways of solving mathematical problems. Enigma was a modern cipher, not unlike DES, depending upon large numbers of combinations for its security. The comfort of large numbers proved insubstantial.

The only practical cryptosystems for use in electronic commerce over the Internet are public key systems - which depend for their security on the theoretical difficulty of reversing some problem. The recent history of this is not impressive. Many such schemes were proposed in the 1980s and quickly broken. The mathematics of current algorithms, like RSA, appear very strong; but then so did the mathematics of Enigma.

In electronic commerce over the Internet, total trust will be placed in the system of encrypting information. After all, we know we cannot trust the network.

What would happen if the cryptosystem were to be broken - or even just thought to be broken? We could no longer trust money, our sole medium of exchange. The world economy depends on trust in this exchange and the institutions that govern it.

In 1931, the Credit Anstalt bank went bankrupt and triggered a series of other bank collapses that helped to bring on the worldwide depression, German hyper-inflation and the Second World War. This is the Doomsday scenario.

Many of the operators of current IT systems show little willingness to pay for good IT security prac-tices now - why should they be trusted with the future of the world's economy?

Worldwide electronic commerce is primarily a social, political and economic issue, not a technical one, and must be subject to social and political debate to assess the risks, safeguards and benefits. Our technological abilities and enthusiasm must be tempered by social responsibility and a healthy appreciation of our limitations.

? Geof Talbot is a director of Information Systems Security Consulting.