SCN: Security
Steve
steve at advocate.net
Thu Dec 7 23:40:36 PST 2000
x-no-archive: yes
=======================
(John Schwartz, NY Times)---Trust us. Please?
That is the message from leaders of high-technology businesses
and advocacy groups at SafeNet 2000, a Microsoft-sponsored
conference on computer security and privacy.
The stated purpose of the conference, which opened here today, is
to reach a consensus on issues like when and how to publicize
vulnerabilities in a vendor's software like, say, Microsoft's that
could compromise privacy or data security.
But the freewheeling panel discussions today touched on all the
major policy issues facing high technology companies. And it
showed, as Microsoft's chairman, William H. Gates, said in a
keynote address, that privacy and security "are tied together in a
very deep way."
Announcing a Microsoft initiative on consumer privacy, Mr. Gates
said the next version of the company's Internet Explorer software for
browsing the Internet would incorporate a technology that could
make it easier to ascertain the privacy policies on Web sites.
The conversation at the conference was remarkably frank, and
sometimes quarrelsome. In a discussion of privacy issues, Nick
Mansfield of Shell Services International, a computer services
subsidiary of the Royal Dutch/Shell Group, praised consumer
privacy rules passed by the European Union and said that in
contrast, "I don't see anything intelligent in the privacy field in North
America."
The comment elicited a murmur of irritation in the packed meeting
room, but a few minutes later, Microsoft's own chief privacy officer,
Richard Purcell, said much the same thing. Consumers, he said,
merely see an industry that is squabbling over position in the
market, not one that is moving forward with any coherence on
privacy issues.
"How do we get to that vocabulary, that purpose and that channel of
communication," he asked, "that assures consumers that we aren't
a lot of evil-headed monsters?"
It was notable, though little remarked by the attendees, that the
conference's host has often been at the center of the privacy and
security debate. Some of the most prominent computer virus
attacks, including the "I Love You" program started early this year in
the Philippines and the Melissa program last year, took advantage
of the vulnerability of Microsoft's wares and their near- ubiquity
around the globe.
Some who did not attend the conference were not so gentle. "The
irony of it is amazing," Jeff Bates, editor of the online technology
news site known as Slashdot, said in an e- mail interview. He
accused Microsoft of being "a company that leaves me vulnerable to
security holes so that it can make my screen look prettier."
Others at the conference noted that one of the meeting's goals to
come up with standard procedures for reporting software flaws
would serve Microsoft well, since it has long been the victim of
"gotcha" announcements that describe bugs before the company
has had a chance to fix them.
A former hacker who goes solely by the name of Mudge, who now
works as a security consultant, defended Microsoft for having
changed since the days when he and his friends would gleefully
publish examples of its software flaws on the Internet. "There was a
time when they would treat an information release quite differently,"
he said, by trying to sweep the problem under a rug. In recent years,
Microsoft has poured money and personnel into responding to bugs,
and has improved its relations with those who publicize them,
Mudge said.
Describing the new privacy features in Internet Explorer, Mr. Gates
said they would let consumers decide what level of privacy
protection they need whether, for example, the machine should
accept cookies, the software deposited in consumers' PC's by Web
sites to track visitors. The system, known as Platform for Privacy
Preferences Project, or P3P, has long been under independent
development.
But the announcement means that Microsoft is pulling back from a
simpler approach to giving consumers more control over their
cookies by letting them block all "third party" cookies, those
originating from sites other than the one that the Web surfer is
visiting. Such cookies irk many privacy advocates, who say that
they expose consumers to scrutiny by advertising firms, for
example, without their knowledge or consent.
On the security side, Mr. Gates said Microsoft, which suffered an
embarrassing series of hacker intrusions in October, had been
trying to act as a model for other companies by instituting a pilot
program using "smart cards" to restrict access to the inner workings
of the company's computer networks. The project put the cards into
the hands of about 1,000 system administrators, who must insert
them into special readers on their computers to make any changes
on the company's networks.
Barry Steinhardt of the American Civil Liberties Union said the
example showed the frequent tension between privacy and security,
since the technology allows a person's movements to be tracked
when a door is opened or a PC used. Smart cards, he said, "have
value as security technology, but they are very destructive of
privacy you're identified everywhere you go."
Mr. Gates called for enhancing network security systems to help
people get the information they want, block the mail they do not want
and prevent computer intrusion. Moments after his speech,
Microsoft's public relations firm sent out press releases announcing
that the kinds of security software described by the Microsoft
chairman were available from Microsoft.
Copyright 2000 The New York Times Company
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list