ON TECHNOLOGY

Last week I ranted about how those complaining about violations of privacy within Harvard Arts and Sciences Computer Services (HASCS) should realize that when it comes down to it, very little is truly private on the Internet. With enough hacking, almost anything that travels over the information superhighway can be snagged.

Almost anything, that is.

As I alluded to last week, information that is sent over the Internet is shared. Not only within systems, but also across systems. In fact, when you send an e-mail from fas.harvard.edu to minerva.cis.yale.edu, your message is broken up into "packets" which bounce from system to system as they make their way from Cambridge to New Haven. Instead of traveling over a direct line, Internet packets are passed along by numerous machines between the source and the destination.

At any point along the way, a crafty hacker might be able to piece together packets of information comprising your e-mail message and then reconstruct the original message. Don't ask me how this is done because I have no bloody clue. But it has been done in the past. So that love note you sent to Philippe in Jonathan Edwards College may have been deviously intercepted and read by Jacques, your ex at Brown!

Information is power, and on the Internet, the only way to keep the power to yourself and your intended recipient is to scramble the information. That's where cryptography comes in.

In traditional cryptographic applications, a scrambled message can be descrambled by the use of a special textbased code called a "key." If I have an "Alpha key" and you have an "Alpha key," then I can send you an e-mail message by first sticking my "Alpha key" into the "message scrambler" and then sending you the "Alpha-encoded" text. You can then read the message by sticking your "Alpha key" into the "message descrambler." Only you and I will be able to read the message.

But there is a problem with this method. It is only effective when you write to those people to whom you've given keys. How do you give the key to someone? E-mail it to them. But e-mail isn't private unless you encrypt it. We've come full circle without accomplishing anything.

Enter "public key" cryptosystems. Under such systems, every participant owns a "public" key and a "private" key, both of which are unique to that person. "Public" keys are just that--public--and so should be worn like a badge during your on-line travels.

If I want to send you an e-mail message using public key encryption, all I need to do is stick your personal public key (which you've made available to me) into the "message scrambler" and send you the encrypted message. Then, to read the message, you can stick your unshared private key into the "message descrambler" and out will pop the decoded message.

In fact, your private key is the only key that will decode messages encrypted with your public key. Thus, anyone can send you a message that only you will be able to read, and likewise, you can send anyone who has their own public key a message for their eyes only.

Moreover, I can post a public message on a bulletin board and at the bottom sign my name, encoded with my private key. You can then decode my signature using my public key and be confident that it was indeed me who posted the message. This kind of "message authenticity" is a powerful bonus of public-key encryption.

PGP (Pretty Good Privacy) is a popular public-key encryption system originally developed by computer nerd-turned-political activist Philip Zimmermann. Check it out on the World Wide Web at http://web.mit.edu/network/pgp.html for information on creating your own keys.

Eugene Koh '97 is Remote Staff Manager for America OnLine. His latest musical effort is the soundtrack to the CD-ROM flight simulator Renegade Legion: Battle For Jacob's Star, released this week by Strategic Simulations, Inc. His ramblings will return to this space in two weeks, on Wednesday, March 8, 1995.