From cheshire@setec.org Tue Nov  4 08:42:43 1997
Date: Tue, 4 Nov 1997 08:42:16 -0500 (EST)
From: The Cheshire Catalyst <cheshire@2600.com>
To: BcG <gracebc@...>
Subject: Electronic Commerce - one hacker's view

> On Sun, 2 Nov 1997, m0bius wrote:
>
> What has been your role in the development of the hacker community

And The Cheshire Catalyst humbly replied with a few URL's to keep
the kid busy, and off his back:

> Hi M0bius,
>
> Not much, actually. I just sat in New York City, and played with a few
> things. I wound up publishing TAP by default (see:
> http://spaceyideas.com/cheshire/tap.html)
>
> If you havent found them alread on my Home Page (in the "continuation" at
> http://spaceyideas.com/cheshire/#home) then look at 
> http://spaceyideas.com/cheshire/telex.html and
> http://spaceyideas.com/cheshire/sidebar.html


On 1997 November 04, m0bius then had the unmittigated GALL to request:

> i am doing a term paper - and was wondering whether you would like to be
> quoted or possibly give me your thoughts on the security of internet 
> commerce do you believe its safe - will it develop
> if you are busy please discard this: if you know someone else though who
> might help me... their email would be greatly appreciated
> thanks

Holding back his wrath, The Cheshire Catalyst graciously deigned to climb up on a soap-box and begin the following tirade:

Since I first began train-hopping in my dim and distant youth on the New York Central branch line that ran near my home, I've been interested in international transportation. I once longed to own a railroad caboose to live in. Later I developed plans to live in an Intermodal Freight Container, since it could travel on different modes of transport. My current "Lotto Fantasy" is to buy a Shorts "Skyvan", a small boxy cargo aircraft with a ramp in the back allowing you to drive a small British sports car up into it.

Richard Cheshire with the electric car he drove at
the 1997 Sun Day Challenge hosted by Epcot Center and
The Florida Solar Energy Center
When the Marisat (Maritime Communications Satellite) went up in 1976, I was living in New York City, whose residents don't often notice the vast infrastructure for international shipping and trade all around the "Port District of New York and New Jersey" (the Port Authority has a map available of the area marked with shipping terminals, and rail lines). I took an interest in shipping and it's communications, and have visited the libraries of the US Maritime Administration in New York City, and the vertical files at the US Merchant Marine Academy at Kings Point NY (there were some REALLY dopey "artists conceptions" of what a Marisat terminal would look like before Scientific Atlanta came up with one).

Anyway, the rail industry noticed many years ago that freight was getting from coast to coast over the tracks of many rail lines faster than the paperwork could keep up with it. The ridiculousness of the situation was that an invoice would be generated by one railroad, printed out by computer, put in an envelope, then mailed to the recipient who immediately had a clerk type the data from the invoice back into another computer.

Formats were created allowing mag-tapes to be sent from one railroad to another to reconcile their accounts. This was the start of Electronic Document Interchange, EDI.

EDI is the way of the future, IMHO (In My Humble Opinion). The problem is, authentication. A supplier of auto parts would be very happy to receive a message in the e-mail from General Motors with a "Transaction Set 840 Purchase Order" for one hundred thousand widgets. The trick is, you have to be certain that the message did NOT come from "Captain Hacker" on the night shift, who's looking for some overtime to help make his boat payments.

In this 30th anniversary year of the Alices Restaurant Masacree made famous by Arlo Guthrie, here's where I get to stop right here and say, "But that's not what I came to talk to you about". I came to talk about Encryption.

You can't have Electronic Commerce without strong encryption allowing for message authentication. If the US Government is going to keep trying to legislate the laws of Physics, then people will go elsewhere to buy their Encryption. Switzerland has for decades enjoyed a good reputation in this area.

I digress here, but the US Congress has a track record of trying to legislate dumb answers to technical problems. Cellular phone security (or the lack of it) comes readily to mind (and it's MY soap-box). Businessmen came to Congress, and said, "We have a problem. People can listen in to cellphone calls on simple 'police scanners'. We have to make this illegal!". The fools didn't realize that just because it was illegal, wouldn't stop people from listening, and gave their customers a false sense of privacy.

I have spoken to friends who were active in local politics, and advised them that their recent cell phone conversation was picked up on my new radio - and reminded them that their political enemies would NOT have informed them of the intercept in hopes of hearing more in the future!

Getting back to the subject, I think Electronic Commerce will flourish. It needs strong encryption allowing secure communications between buyer and seller, and it needs to authenticate electronic transactions so that both parties are assured they are not "spoofed" by anyone. While the National Security Agency, and the Department of Defense (sorry to be redundant) project a need to "break" encryption to protect National Security, they're standing in the way of global commerce.

I don't claim to know what the answers are, but I know there are some people working on the problems, and others who are standing in the way. It should all shake out in the next few years. By then, you'll have gone to the http://www.mastercard.com web site, and downloaded the SET (Secure Electronic Transaction Set) information, and gotten into setting up an Internet Shop.

And don't forget to check out the Data Interchange Standards Association (DISA), which is the coordinating body for the X12 series of American National Standards Institute (ANSI) EDI standards. And as to who to contact where you can use my name, well, There's a guy I knew in Boston who's a big shot on the SET Development Team, but we haven't been in touch for years, and were only passing acquaintances at that. It wouldn't be fair to the guy to sic you on him. :-)>

Good luck, kid. Mulder & Sculley may think "The truth is out there", but it ain't easy.

References: (now dead, timed out links - sorry)

http://www.mastercard.com/press/960626a.html
http://www.mastercard.com/press/970602a.html
http://www.mastercard.com/set/
http://www.mastercard.com/set/technologies.html
http://www.disa.org/


Keep Smiling,


     Cheshire

Richard Cheshire          http://spaceyideas.com/cheshire
The Cheshire Catalyst     mailto:cheshire@2600.com

       "I *must* be a 'Patron Saint' of hackers. 
               Wired Magazine said so!"
                       - The Cheshire Catalyst
                       http://spaceyideas.com/cheshire/beyondhope/#wired
                            ---

          Florida has a State Sponsored Religion.
      It's main sects are the Seminoles & the Gators.

Return to The Cheshire Catalyst's Home Page.


last updated: 97-11-04 12:42:23 UTC

This file can be found at http://cheshirecatalyst.com/edi.html

| Previous Page |   | Home Page |  | Table Of Contents |   | Next Page |