Security clouds Web data proposal http://www.news.com.au/news_content/breaking_content/4099656.htm From TED BRIDIS of AP in Washington 12oct99 1.45pm (AEST) ENGINEERS designing a new way to send information across the Net want to include a unique serial number from each personal computer within every data parcel, an idea that privacy advocates fear could lead to tracing senders' identities. Critics warn that, if adopted, the move could potentially strip away a measure of anonymity and security enjoyed by tens of millions of home computer users. The issue also illustrates the danger of the unintended potential consequences from arcane design decisions aimed at ensuring the Internet's stability into the 21st century. The proposal by the Internet Engineering Task Force, an international standards body, would include the unique serial number for each computer's network connection hardware as part of its expanded new Internet protocol address. These IP addresses, planted within e-mails and all other information flowing across the Internet, must be as unique as telephone numbers to distinguish each computer on the global network and to guide the billions of bits and bytes flowing among them. The IETF's top engineers acknowledge some implications for online privacy, but "I think the privacy concerns are overrated," said Fred Baker, the task force's chairman. But some privacy experts said they were appalled that IETF engineers would consider the idea. The new address scheme, called "IPv6," would not become widely used for years but ultimately would affect every Internet user. Critics warned that commercial Internet sites, which already routinely record IP addresses, could begin to correlate these embedded serial numbers against a consumer's name, address and other personal details, from clothing size to political affiliation. The task force itself will ultimately decide whether to include the identifying numbers in the new IP addresses. The timing on that decision is unclear. Baker said the task force is also envisioning ways to configure Internet devices manually so addresses won't contain the sensitive numbers. "Those folks concerned about the privacy issue could use this (alternate) technique," said Thomas Narten, an IBM software engineer working with the IETF. Most home computer users currently are assigned a different IP address each time they connect to the Internet through a telephone line, which affords some extra security and anonymity. It's akin to a person using a different phone number every day to shield his identity and avoid prank phone calls. But under the IETF proposal, a portion of even those somewhat randomly assigned addresses could include the consumer's unique serial number and that information would be stamped on every piece of information sent from his computer. "I'm just winding the tape forward here five years, when we all say, 'Oh, my God!"' said Richard Smith of Brookline, Massachusetts, a security expert who was among the first to question the plan. "There's no doubt there are serious privacy concerns," said Marc Rotenberg of the Washington-based Electronic Privacy Information Centre. The latest controversy also follows criticism of Intel Corp, the world's largest manufacturer of computer processors, which designed its new Pentium III chips to transmit a unique serial number internally and to Web sites that request it to help verify the identity of consumers. ************************************************************************* This posting is provided to the individual members of this group without permission from the copyright owner for purposes of criticism, comment, scholarship and research under the "fair use" provisions of the Federal copyright laws and it may not be distributed further without permission of the copyright owner, except for "fair use." -- Leftlink - Australia's Broad Left Mailing List mailto:[EMAIL PROTECTED] http://www.alexia.net.au/~www/mhutton/index.html Sponsored by Melbourne's New International Bookshop Subscribe: mailto:[EMAIL PROTECTED]?Body=subscribe%20leftlink Unsubscribe: mailto:[EMAIL PROTECTED]?Body=unsubscribe%20leftlink
