North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Carnivore Update - Public Does Not Care

  • From: Quark Physics
  • Date: Sun Nov 26 09:05:15 2000

> extra trouble to install it. The proof is the market penetration of PGP.
> Only the geeks tend to use it and SSH is only used by SA geeks. The general
> market DOESN'T CARE!

As part of a side business, we do an incredible amount of real e-commerce,
mostly electronic funds tranfer via the Federal Reserve Banking system
(ACH batch processing - Qdebit.com).

We see roughly several levels of clients:

70% - "Huh? We're secure, only I have the root password" (actual quote)

10% - Encryption is hard, how about we ZIP the file we send via FTP?
      (not bad, it helps...)

10% - SSL encrypted XML posts.  

5%  - SCP (SSH) file transfer, known keys on each side + passwords.

5% - Hardware encryption, leased line, keys for hardware encryption
     and passwords delivered in seperate parts by different people
     after identity verification. No physical connections to gateway
     systems. (Federal Reserve, Chase Manhatten Bank...)

We even had one client swear his IBM MQ Series system he used for
transfering data and files over the 'net was IDEA encrypted, and we should
not worry about the large batches of name,address,SSN,routing,account#...
information. Plugged in a sniffer and watch it all pass in plain text.

I also blame the difficulty level to install basic encryption software,
but if my 16 year old "skateboard head"  son and 19 year old "art major'
daughter can install PGP and encryption programs to keep their old man
(me) from reading their e-mail and opening up their files on the home and
school network... It can't be that hard.

Until real data encryption is built into the Operating Systems and all
software... --mike--