News that hackers have steamed open the virtual envelope of e-mail has rocked the online world. Victor Keegan asks if we have any privacy left
The revelation that Microsoft’s Hotmail has been hacked into sent reverberations around the entire Internet community.
It was seen not only as the biggest security leak in the Internet’s history but as a wake-up call to all those naive Net users who thought that the information revolution was about giving information to us rather than to them.
Its importance should not be underestimated because of Microsoft’s position. Its operating system controls more than 90% of the world’s PCs and it is the largest company in the world in terms of stock market valuation. Every time punters use Hotmail they see a notice boasting about Microsoft’s commitment to privacy.
So if Microsoft with its amazing resources can’t prevent an easy hacking procedure that gives access to someone else’s e-mail, is anything safe? The answer for most people unfamiliar with encryption devices is no.
The digital revolution has brought about a more open society. We have unprecedented access almost instantaneously to a vast treasure trove of information. But the downside is that we have created a culture in which what we do or write is available to anyone with the time or ingenuity to find out.
We walk to work under the gaze of closed- circuit TV cameras; we have to use a swipe card before entering work where all our telephone calls are recorded and e-mails stored. When we browse the World Wide Web at work we leave traces that company executives can easily gain access to. Our cellphones send out regular signals from wherever we are. Big Brother is not just watching us from a hidden camera. He is everywhere.
The funny thing is that no one seems to mind. Or at least they didn’t until the world’s mightiest software company was hacked.
E-mail, seasoned Net users will tell you, shouldn’t be used for anything you wouldn’t put on a postcard, because it is almost like public property. It never occurred to Monica Lewinksy that her private e-mails to Linda Tripp would end up published for the whole world to read any more than Bill Gates expected private internal e-mails at Microsoft to be subpoenaed by the anti- trust authorities for their case against Microsoft four years later.
When an e-mail is written it is dispatched in separate electronic packages around the world before arriving at its destination, leaving many potential interception points, plus a copy on the service provider’s computer.
E-mail sent through Hotmail is accessed via the World Wide Web. This means that, unlike mail sent from most offices or homes, it can be accessed wherever you are in the world as long as you can get on the Internet.
The explosion of Internet cafs around the world can be traced directly to Web-based e-mail services such as Hotmail and Yahoo. They have become a backpacker’s paradise. But don’t expect a secure service. Even if you bother to take a popular encryption programme with you to assure confidentiality it is unlikely that a caf in, say, South America will let you load the software to make use of it.
Ironically, the entrepreneurs who started up Hotmail (before Microsoft bought it for a reported $400-million last year) devised it partly as a way of corresponding with each other in their previous employment without their bosses knowing. One of their early slogans was “e-mail your boss can’t read”.
That was true in the sense that by using the Internet you could avoid all the surveillance mechanisms set up by your employer, but it doesn’t mean that it is secure in itself. Indeed, Web-based services such as Hotmail have been blamed for viruses that are imported into otherwise secure corporate networks by outside mail.
So is anyone safe? Said Caspar Bowden, director of the Foundation for Information Policy Research: “This massive security breach [at Hotmail] illustrates that server-side vulnerabilities arising from the hectic pace of innovation mean Web- based e-mail services may be less secure than e-mail delivered to your machine.”
One of the key differences between Web- based e-mail and others is that your Web- based e-mail remains “online” in cyberspace for a long time waiting to be hacked, whereas most conventional service providers delete messages from their own storage computers after the message has been downloaded to your hard disk at home.
But even dial-up accounts can be hacked. Paul Cronin, from Centurycom, a company that hacks into systems to test their security, claimed that hardly anyone was invulnerable, even those with non-Web-based service providers. This was because in nine cases out of 10 people used passwords based on their loved ones or something else familiar.
His company has compiled an electronic dictionary to include such likely names as well as ordinary words. It can be plugged into a user access or news service to run through all likely combinations in a short time. He reckons that in nine cases out of 10 he can “compromise” the user’s security.
There are lessons from all this. If you are using e-mail for pleasure, you shouldn’t write anything that might embarrass you if it sees the light of day. This is true with bells on in offices because e-mail belongs to the company. Corporations argue that they pay for the computers and the phone time and managers regard audit trails of e-mails and phone calls as a legitimate tool to stamp out abuse (like e-mailing friends all day instead of working, or surfing the Web for pornography).
The lesson for business users is to avoid using Web-based e-mail for commercial transactions and to use encryption for anything confidential.
And the security services are not disinterested either. In Britain there is pressure from the police for service providers to keep all e-mail for up to six months in case it is needed for investigations. Service providers are resisting, partly for reasons of civil liberties but more because the storage space needed would be too expensive.
United States National Security Agency computers are reported (although this is unconfirmed) to be able to search through every word that flies through cyberspace. It is unlikely that this extends to the latest “uncrackable” encryption codes employing large prime numbers. But, in any case, these are not on tap for the ordinary Hotmail user. If anyone knows of a solution, write to the relevant authorities. On a postcard.
@African media share digital audio database
Sarah MacGillivray and Trusha Reddy
Broadcasters in eight francophone African states have developed a shared digital audio database of broadcast material, accessed via the Internet.
The initiative is one example of how African media organisations are making increasing use of the Internet, according to Roland Standbridge, co-ordinator of the annual Highway Africa new media conference. The conference will run at Rhodes University from September 5 to 8.
The digital audio Bank of Radio Programmes is a collaborative project between the Panos Institute and OneWorld. Established in 1998, the database was originally shared by privately owned radio stations.
Project leader Johan Deflander, based in Mali, says several of the stored African radio programmes are now being offered to radio stations around the world.
The network of correspondents in 20 African countries, and nearly 100 private and public radio stations receive the programmes free, through the use of RealAudio software.
“The network’s intention is to promote the decentralisation of production capacities and to ensure access to a large bank of programmes stored on this particular website,” Deflander added.
The project reflects the intentions of the 1997 Dakar Declaration, which called for information technology-based co-operation between African radio stations.
OneWorld, www.oneworld.org, is the Internet wing of the OneWorld Broadcasting Trust, a United Kingdom human rights charity. It has also established a project to help NGOs across Africa represent themselves on the Web, challenging the flood of information coming from northern countries.
“Over time, we’ll have a much stronger African presence and a truly south to north information flow about vital issues,” says representative Mark Lynas.
Those running such programmes hope they will communicate to the rest of the world the effect of the World Bank and International Monetary Fund structural adjustment programmes, considered by many to be unduly onerous.
The Internet has also expanded the debates carried by African newspapers.
Seydou Sissouma, editor of the government- owned Dakar daily LeSoleil, says: “Before the development of online media here, Senegalese citizens living abroad were generally excluded from participating in important societal debates, which were confined within our borders. Now we find that debates are often sparked by comments from citizens elsewhere in the world.”
Africa News Online is another invaluable resource for journalists and media across the continent. More than 40 African news organisations contribute. Although operating from the United States, it is in partnership with Africa’s leading news agencies and publications.
The most famous example of Internet media collaboration in the southern hemisphere is the Media Institute of Southern Africa (Misa), based in Windhoek.
Since 1994, Misa has connected media institutions throughout the Southern Africa Development Community. Misanet, www.misanet. org, has replaced slow and inefficient postal services and avoids high phone and fax costs.
It has developed into a comprehensive online source of Southern African information. About 18 newspapers and news agencies, including the Mail & Guardian, contribute between 300 and 400 stories a week.
Sissouma feels the Internet is a welcome threat to autocratic governments, making it difficult to curb a free flow of information.
But it is easy to be too buoyant about the new technology. Lynas cautions that the pitfalls lie in not appreciating the Internet’s limits. “It won’t solve poverty. It won’t help farmers get their crops to market. It won’t help education and health where these services are suffering from spending cuts.”
Sissouma also warns it is a mistake to believe that “new technologies will reduce, as a magician can, the gap between north and south”.
State control of telecommunication industries, poor infrastructure and the comparatively high costs of equipment will slow the Internet’s development as a mass medium in Africa.
Currently, it is an elite medium, benefiting mostly those with an education, money to spend on hardware, and a good knowledge of English.
The trick will be expanding it in a way that erodes these divisions, rather than simply reflecting them.
August
Link to the day
20 13 06
20