[NOISE] Credit Card security in the New York Times

anonymous-remailer at shell.portal.com anonymous-remailer at shell.portal.com
Tue Nov 14 13:24:49 PST 1995 

On Mon, 13 Nov 1995, Nelson Minar wrote:

> Today's New York Times has a nice article in the business section
> about credit card security on the Internet. It's more of an editorial
> than an article, but it's an editorial with the (IMNSHO) right spin:
> shipping a credit card number over the Internet, even unencrypted, is
> no less secure than giving it out over the phone.

I haven't picked up the paper and looked at the article.  Once in a blue
moon, I might pick up the International Herald Tribune, but only on the
rarest of rare circumstances, but this worries me.  

And it really should worry everyone who might have some interest in harm
reduction. 

If someone in the Business Section of the New York Times is writing as you
say -- writing that shipping a credit card number UNENCRYPTED over the
Internet is no less secure than giving it out over the phone, then we have
a SERIOUS communications/understanding gap to overcome. 

It seems like not only the NY Times, but the "You Will" folk at AT&T don't
quite "get" it.  (The AT&T swipe, is for the idjit that sent me email on
postcard via bucket brigade, and then asked me to please keep it
"private".)

A simple understanding is necessary if we're going to use this 
snazzy new technology, and not kill the goose that lays the golden 
egg.  An understanding that the NY Times, or its *experts* don't seem to 
have.

A telephone connection goes from one point to another.  It's like a 
football pass.  An internet connection is different, it's like an old 
fashioned bucket brigade.

Now, if you were to write a message on a football, and throw it, while
their is a "risk" of inteception you can be reasonably certain that the
message on the ball will be "reasonably" safe while flying through the 
air.  This is the phone call "football" analogy..

The net however does not establish a direct connection like a telephone
call.  It works like the old "bucket brigade" of volunteer fire
departments.  Your message is handed off -- handed to the next person in a
chain, who then hands it to the next, and so on. 

Your "message" (or credit card number) is effectively written on a
postcard and passed around from person to person, before it gets to your
final destination.  This makes it completely different than the telephone
call.  Orders of magnitude different.

So here's the question ... and here's the comparison.  Would you, if you
were in New York, buy something with your credit card using the following
payment method. 

Would you, write your credit card number on the back of a postcard, and
leave it with your neighbour, with instructions to give to the doorman,
who's supposed to flag a cabbie and tell him to take it to a building, to
then give it to another doorman, who will leave it with the business next
door to give to the person or business that you want to have your credit
card number?? 

Why not??  Does this strike any reader as something really silly??  

Because, this is actually the way the Internet works.  This is exactly how
any message, whether its your email, or your credit card number gets from
Point A to Point B.  A message that is going from one computer, even to
one just down the block, might end up going through twenty or third
"hands" before being delivered. 

This is what makes the Internet rather unsafe, far more unsafe than a
telephone call.  And this lack of understanding, the lack of understanding
in the press is what makes the Internet even unsafer.  It is people being 
very cavalier.

Many people trust the NY Times to "get it right", then again, the  investor
also trusts that these companies actually know what they're doing. 

The public deserves better.

> The NYT has been doing a nice job covering computer issues in the past
> few months, in the Monday's business section. Worth reading if you
> want to keep an eye on intelligent media coverage of the net.

If this is the "intelligent media coverage", then how on earth are they
going to be able to cover "taking down" the Internet for some repairs?? 

And how are they gonna cover the inevitable, Internet crime of the
century? 



Alice de 'nonymous ...

                                  ...just another one of those...
                                                   ...hunters...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.

More information about the cypherpunks-legacy mailing list