In a recent interview with a high school student I was asked to answer some questions about Internet security and my opinion on the rather controversial topic. The conclusions of that interview were not only relevant to a single audience, but to anyone effected by the issue of security in modern technology.

I decided to take my responses, and expand upon them, writing an entire essay on Internet security. It's something that affects all of our lives, and we must be aware of the many issues surrounding this topic.

I believe that Internet security is something that has greatly developed over the last couple of years to make secure communications a possibility. However today's security on the Internet is greatly dependant upon each network-related program having been designed with security in mind. Many existing applications and even up-coming programs are still designed for speed and features, but leave out the important aspect of security. With such examples as Hotmail having it's database open to the public, and Network solutions having assigned automatic passwords to accounts that left them open to anyone, this is really a genuine concern for the growing transaction of information. Operating systems themselves have not been designed with a network-structure in mind, as is apparent by the numerous attacks against systems that are made possible by flawed security architecture.

The advancement of encryption technology really offers great potentials in heightening secure communications through network mediums; however many products either do not utilize these powerful technologies to their proper degree, or have inherent flaws brought over from their non-network optimized roots. The restrictions on North American developed encryption technologies make it difficult for native products to be used anywhere but the in the locale. If the global community is to become a possibility, the governments must eradicate its cold war mentality and remove the current restrictions on encryption technology.

A new proposal by the US Government is AES, a high level encryption scheme that would become a nationally recognized standard; however like all encryption standards, it's only as good as the hackers that figure it out. One of the major problems as mentioned above is the export restriction on any encryption scheme developed in North America, and AES being a project of the US Government would most definitely fall under those restrictions. Restrictions aside the plain and simple fact is the higher the encryption the longer it will take to crack, but also the faster the computers get the faster hackers can work. It's an ongoing venture, and will probably never end. Current encryption schemes with bit rates between 128 and 512 really are quite secure, the problem is not the encryption, it's the usage of it, and proper implementation is important!

I believe that the government's paranoia surrounding security related issues has gone far overboard however, the best example of this being the imprisonment of Kevin Mitnick without a trial, and a handful of flaky charges, none of which can excuse the five years he has been held in prison. It's absolutely amazing to me that he was kept in prison this long, when the courts finally let him go, that is no compensation for the last five years of his life that he has spend behind bars. If there had not been so much public pressure on the system, I'm sure Kevin would have been forgotten, and left in prison as a warning to others not to become involved in the game of hacking. This I find completely inexcusable and reprehensible. The government's blatant abuse of their power is obvious in this situation.

The definition of hacker has been complicated and confused by so many stereotypes and a lot of people do not understand the large and intricate culture that has arisen from this various aspects of this issue. In the traditional sense of the word, a hacker was someone who understood technology to the point where they could manipulate an information or communications system to perform beyond its original scope and allow them to mold it into their own specifications, expand it to beyond what it was designed for. They found the flaws, they found the secrets, and they used the information not for personal profit or to damage others but to advance technology in general. In a lot of ways you could say they were the architects of computer security. They were the dreamers of dreams, and by stretching the existing technology to its limits were able to make their dreams into reality.

Many hackers have indeed retired from their days of breaking into remote systems and began businesses of dealing with computer security in a professional manner, but still retain that aspect of creativity and exploration that make them the most powerful people on this planet. They are the software engineers, the system analysts, the security auditors, and the technology gurus. They are the movers and the shakers of the communications-information age.

The sort of hackers that design viruses, and break into systems in order to steal confidential information for the use of their own profit - these same people who use the flaws in systems to create exploits able to bring down a system simply for the sake of brining it down, they are the ones who are criminal in nature. They are not advancing our technology with their skill, but using it for damaging and rather immature ends in most cases. The difference between the two sides is like the difference between someone who can get into his car if he locked the keys inside, and someone who smashes the windows out of cars in order to steal the stereo; it is like someone who studies a building's architecture to help make the building stronger, rather than to find it's weakness in order to take advantage of for their own monetary profit. They are not the same, and should not be treated the same.