IBM Chairman and CEO Lou Gerstner yesterday called for unrestricted levels of U.S. domestic encryption technology so that corporate networks can be better protected from hackers and others who seek to breach security, and also urged the U.S. government to work closely with other nations on a global encryption policy.
Speaking during an information security policy forum sponsored by former U.S. Senator Sam Nunn at the Georgia Institute of Technology here, Gerstner said that the public's right of privacy can be measured against the right, and need, of companies and governments to control access to sensitive networks. He did not address the question of precisely how that balance can be reached.
He did said, however, that "the government seems to be listening to industry's call for reform" of current export policies regarding encryption, which place limits on the technology that can be sent to other nations. And while businesses and government have to work together, he said, "industry can and should do most of the heavy lifting" when it comes to developing technology and pushing particular policies.
This annual forum is designed to provide a starting point in that effort, bringing together business leaders, university professors and policy makers. Forum participants also testify before the U.S. Congress on issues related to technology and produce papers on the range of topics discussed.
This year's session has focused on information security, with U.S. President Clinton's recent Commission on Critical Infrastructure Protection report a key element of the discussions. Participants this year include Robert Marsh, chairman of the commission, and George Tenet, director of the U.S. Central Intelligence Agency.
During a question-and-answer session after his talk, Gerstner dismissed the suggestion that any global encryption policy will inevitably clash with different cultures involved.
"In fact, there is no culture to it," Gerstner said of encryption. "It's math, and math is the same everywhere in the world."
As for privacy and security issues, he said that corporations need to take a hard look within their own offices because most security holes result from lax enforcement of existing policies. For instance, employees write their computer network passwords on the bottoms of mousepads or leave them written out in spots as easy to access as a desk drawer, Gerstner said. Some companies also allow workers to bring and use floppy disks from home, increasing the likelihood of introducing a virus into networks, he said.
Even old-fashioned security devices like door locks have a place in the security arrangement, if they're properly used, Gerstner suggested. "I suspect that there are still data centres where the door is open because it's hot," he said. "It's hot, so the door is propped open with a chair."
Computer networks are creating yet another revolution in IT and also are forcing issues like privacy, Internet taxation and policy into the fore, said Gerstner. He and others here suggested this morning that contemplating those issues is good, but that the U.S. has to take the lead, particularly in setting policy. And where policy has been set, lawmakers have to make certain those regulations are being enforced.
"In the U.S. we've got to get on with the implementation of the Communications Act of 1996," Gerstner said, adding that people need inexpensive access to telephones -- a capability that would help foster electronic commerce by allowing more residents to easily use the Internet.
While legislators work to ensure policies are enforced, industry has to take the lead to make people feel comfortable that the Internet is a safe place to transact business and that their credit card numbers and other personal information will be protected.
"Our job," Gerstner said, "is to make sure that when people and enterprises go to the Internet, they never have to pause to say, 'Is it safe?' " Benn Konsynski, a professor of business administration at Emory University, said he was not bothered by the lack of specific suggestions for how to bring U.S. and other governments together for a global encryption policy. The forum, bringing together business leaders, educators and lawmakers, is an important starting point, in his opnion.
He also was intrigued by how to weigh security concerns against privacy issues. "We always have the tension," he said, adding that people need to feel a measure of control in order to establish trust in using the Internet.