Internet Besieged Countering Cyberspace Scofflaws

reviewed by Bob Bruen

edited by Dorothy Denning and Peter Denning. ACM Press 1998.
547 pages. Biographies of Contributers. Index. $34.95
ISBN 0-201-30820-7. LoC HV6773.I57

This is a fairly hefty book with five major sections containing thirty-four papers by well known members of the security field and few others. It is a good collection of papers that should be read by those interested in the internet and security, but read from the point of view of history. The majority of the papers have published in journals, on the web or given as a speech somewhere, covering the early to mid part of the 1990s.

Some of the papers are good technical presentations, such as Woo and Lam's Authentication for Distributed Systems (1992) and Kent's Internet Privacy Enhanced Mail (1993). Others are detailed explanations on practical matters such as Kim and Spafford's Tripwire: A Case Study in Integrity Monitoring and Test Driving SATAN by Doty. Then there are those that I am forced to ponder the reason for inclusion, like a speech by Janet Reno: Law Enforcement in Cyberspace address and the two policy statements for acceptable use at the home universities of the editors. Another excellent group of papers is represented by Cheswick's An Evening with Berferd (1994) which are anecdotal in nature, but very instructive.

In general the book is enjoyable, meaningful reading, although given the title and the tone, I feel the editors are pushing their agenda that the world is under a threat so great from the net that only more law enforcement intrusion into our private lives will save us. The editors have made no secret of their support for key escrow, the clipper chip and restrictions of the availability of strong crypto to the masses. There are several papers in the book by the editors covering key recovery systems, encryption policy, etc. that reflect this point of view.

Let me offer the editors some advice: The net is the next big step in human communication capability. Human interaction carries problems that began at the first meeting of a couple of humans, so the net is no different in that respect. We are on the verge of a many to many communication mesh that will involve anyone who wishes to be involved, where everyone will have the ability to talk, not just those with great resources. It is one of the greatest mechanisms of freedom and equality since the creation of democracy. Naturally there will be some serious bumps in the road because not everyone is a nice person, but trying to prevent freedom from spreading because of a few pain in the neck hackers is simply not the right choice. And it will not work anyway.

The five sections of the book are:

  1. The Worldwide Network
  2. Internet Security
  3. Cryptography
  4. Secure Electronic Commerce
  5. Law, Policy, and Education

The first section was mediocre, the second was the best in the book, also had the most papers (10), the Crypto section had good papers, but only five, limiting an otherwise interesting interesting section. The commerce section was satisfactory in size and scope. The last section has eight papers, little actual content, and certainly one sided, however, with one gem at the very end by Major Gregory White and Captain Gregory Nordstrom covering a course they teach in hacking/security at the Air Force Academy (at least in 1996). It would be worth reading/writing a more detailed account of the course than this short paper provides, as well as the experience over several years of teaching the course. There is a definite shortage of security related courses built into computer science programs of our colleges and universities making this one a member of an small, elite group.

Overall, in spite of a few shortcomings, this collection of papers is a book I can recommend for content, style and educational value. There is no requirement to agree with the viewpoints of others to appreciate their contributions to the field. Bringing together this book was one of those contributions.