EDITORIAL

US ANTI-ENCRYPTION CAMPAIGN IS WRONG

The Clinton administration has been told in the clearest terms that its attempts to impose key recovery on encryption are astronomically expensive and just plain wrong. The encryption genie is out of the bottle and Clinton's quixotic attempts to control it would cost corporates a frightening $7.7bn (#4.8bn) a year, according to a report from eight industry chief executives.

Eric Schmidt and Bill Gates' meeting with FBI Director Louis Freeh, which led to such an extraordinary meeting of minds, must have been more entertaining than "Tales from the Arabian Nights". When even Clinton's commerce secretary admits the administration's encryption policy is failing, just what will it take for the latter-day Sultan to see? Network administrators want encryption without red tape and without having to place reliance on trusted third parties. Clinton should allow that corporate secrets to be kept as safe by encryption tools as sexual secrets are by secret service agents.

CYBER-TERRORISM POSES A REAL THREAT

It's time for a reality check. Not a new fangled virtual reality check, but a good old fashioned reality check. The cyber world out there is becoming increasingly integrated with the real world, and the results are chilling.

An international group of hackers virtually broke into a top-secret Indian nuclear facility, where they claim to have stolen details of atomic weapons testing. The security breach came at a critical time, as India and Pakistan are engaged in potentially catastrophic nuclear brinkmanship. The internet made that breach possible.

The internet is a tool; it is technology descended from the stone axe used to skin woolly mammoths and the little plastic widget that keeps your canned beer frothy. In this light it is impossible to say that the internet is intrinsically good or bad, although, as a technology, it makes your beer go flat.

The sobering fact is that a country capable of developing weapons of mass destruction is not able to secure a web server from teenage hackers.

The nuclear research plant is surrounded by armed government guards, but its computer systems evidently did not enjoy the same degree of protection.

For anyone connecting systems to the internet, security should be addressed.

But for a government nuclear plant, it should be paramount.

The point is, security should be a dynamic process. As the guards patrol the perimeter fences, so the IT staff should patrol the network. Brick walls should go hand in hand with firewalls. Whether armed with a gun, a bomb or a computer, a terrorist is a terrorist. There is nothing virtual about the threat.