By Kurt Seifried, [email protected], Copyright Kurt Seifried
Anything you do or say on the Internet (or even a corporate LAN or university LAN) can end up as front page news. Nowadays with everyone's computer connected to a multitude of other computers (and usually to the Internet as well) the chances of someone else being able to monitor and / or copy the information you interact with are quite high. In addition to this many corporations and other organizations have policies that result in email, and other forms of network traffic being logged, and sometimes the actual content stored. A good example of this is the embarrassing email that Microsoft sent internally that was later used during the trial against them. Also without cryptography anyone can easily impersonate you, how do you think co-workers (or your mom) would react if they received an email from you that was asking for the location of child pornography sites. Even if it was later proven that you had not sent it you would still have suffered because of it.
Even more scary then this is the potential for data stored on your personal computer to be exposed to a court of law. In February of 2000 Northwest Airlines succesfully got a warrant to search the home computers of employees for evidence of a planned "sick-out" (a type of strike). These are machines that are the personal property of people and not corporate machines. If this trend continues then anyone that works for a company may have their personal privacy invaded when a court ordered search takes place and data is taken into evidence. Cryptography, properly installed and used would render the information stored completely inaccesible.
Cryptography allows you to communicate securely with other parties. This not only includes the ability to encrypt a message so that only the person the data is meant for can read it, but also the ability to prove you sent a message, and that the message wasn't tampered with and so on. The Internet, and the services it offers (especially Email) have become ubiquitous. Sensitive information is routinely sent via email, with little or no protection used to verify who sent it, that it wasn't modified while in transit, or that only the recipient can actually read it. Historically cryptography has been very difficult for end users, with little or no integration into existing programs and operating systems, fortunately this has changed in the last few years, and now anyone can easily get, install, configure and use strong cryptographic software.
Another area where cryptography shines is in providing an additional, strong layer of security to networks. Most current services on the Internet send data in unprotected forms (called "clear text" hyperlink to glossary), that anyone can read. Many network services (such as email) require a username and password to access, an attacker can easily pick that data off of the network and then use it (to access your email, impersonate you, or for other actions). By encrypting your network data (using a Virtual Private Network, such as IPSec hyperlink to glossary) you can virtually eliminate this threat. As corporations allow wider access to their networks (for example home users with ADSL or cablemodems), protecting the data moving across public networks becomes a serious issue. Again historically this type of protection was ridiculously expensive, or simply unobtainable, however in the last few years there has been an explosion of software to make this possible.
Consider every single email message you have ever sent or received falling in to the hands of your competitor.