Yesterday at a computer class the instructor tried to explain how passwords are kept on the internet. When you create a password, an encryption process (we were told about a process called ‘MD5’) changes it into a ‘random’ string of numbers and letters. When you log on with a password, the same process checks your string versus the original string.
In this simplistic description of the encryption and security of the internet, learning the algorithm that creates the random string of numbers would compromise many passwords. (Wikipedia claims MD5 has already been hacked.) The benefit of the algorithms, however, is that they work quickly in one direction – ‘password’ can be encoded into 64 letters and numbers quickly but turning 64 letters and numbers into ‘password’ is a slow, computation intensive process.
Adding multiple levels of these encryptions (such as Paypall and credit card sites) makes it harder still, but the same concept is still in place. Moreover, what is programmed into a computer can be understood by another computer – and the second computer could be faster. All in all, the public encoding that protects our passwords is complex enough to baffle most of us (this left me confused), which – I guess – makes the internet ‘secure.’
Why do we care? Two recent articles bring this point home to policy school: “Plucking IT Talent” from NextGov.com and “Cyberattacks Jam Government and commercial Web Sites in US and South Korea” from the NY Times. NextGov quotes an estimate that 12,000 to 20,000 government IT jobs will open in the next two years “with the number rising as the Obama administration makes good on its promise to leverage technology to increase government accountability and transparency.” Local, state, and tribal governments will likewise be pushing to use the new technology and improve access to services. Even outside of government, understanding the technology we now rely on is an important aspect of public policy.
The NY Times article, which discusses the coordinated hack on many agencies’ websites, shows that internet security is not just for some branches of government. Government services were not interrupted, this time. Security must be thought about throughout the website planning process.
…and I thought programming Stata was hard.