Net guru: Encrypt everything
- By Susan M. Menke
- Oct 03, 2002
Ray Ozzie, seeker of a collaborative groove
Ray Ozzie believes in shared workspaces. The inventor of Lotus Notes collaboration software founded Groove Networks Inc. in 1997 because server-based architectures 'fundamentally could not address the dynamic collaboration requirements of a decentralized business environment.'
Ozzie has had a hand in groundbreaking applications, including Lotus 1-2-3 and VisiCalc. His current Groove Workspace software can extend collaboration services through enterprise firewalls.
'We have just begun to see the wide deployment of PCs and e-mail in the last five years,' Ozzie said. 'Imagine where things are going to be in 10, 20, 30 years. On the positive side, how will this affect our lives? On the negative side, how will our enemies use it against us?'
The crucial skill, he said, will be to master networking technology 'more effectively than our enemies.'
A University of Illinois computer science graduate, Ozzie worked in the 1970s as a systems programmer on the university's PLATO shared-learning system. He has said he is 'haunted by concepts rooted in online community that I experienced at PLATO.'
GCN chief technology editor Susan M. Menke interviewed Ozzie by telephone from his Beverly, Mass., office. GCN: What are the most important technology breakthroughs of the last two decades?
OZZIE: People tend to think of the personal technologies'PCs and e-mail'but they can also become a burden. I don't know about you, but I've got too many PCs and too much information to deal with on a daily basis.
We're at the beginning of what will be a hundred'a thousand years'of the Internet as a utility, a pipe. We're just at the beginning of learning to use it effectively to communicate.
We're stumbling a little right now. Maybe it'll be our kids or our kids' kids who have the rhythm down so that they can have a life and use technology, too.
There's ample opportunity to connect, but we need ample opportunity to disconnect. Mobile technologies let you disconnect yet continue working. The most challenging thing is finding the right balance between being highly responsive to people's expectations and not being overwhelmed by information.
We're all trying to juggle many projects and relationships. A lot of the reason I started Groove Networks was that I saw people trying to use technology to interact with one another. As technologists, we have to help them make the most of their attention and their time.GCN: Almost half of all e-mail now is spam. What's going to happen to e-mail?
OZZIE: Because there are no natural barriers to spam, we face the prospect of 10 times what we have now. If you asked most people what tool they use most to work with other people, they would say e-mail. The phone also, but mostly e-mail. Yet it's becoming an increasingly noisy and hostile environment.
We can be defensive and try to set up more barriers, but I've looked at the tools, and they commonly filter out things you need in your work. I'm seeing customers turning to weblogs and instant messaging'moving their interactions out of the e-mail environment into ones that are more appropriate, quiet or secure.
I don't think e-mail's going away by any means. It's the most convenient way of initiating a conversation. But once you're working with someone on a document or presentation, those interactions will move to other environments.GCN: Do you think e-mail will become subject to government regulation?
OZZIE: I think ultimately that, for the same reasons we have fax legislation, there will be e-mail legislation.
As a practical matter, however, it really won't stop spam. A lot of spam emanates from overseas and is difficult to identify. The protocols on which e-mail was based are 30 years old now, and they weren't really intended for this scale of traffic.
More and more, we're going to view e-mail more or less as we do postal mail'a daily pile of which 80 percent is unsolicited and commercial, and some of which we need to pay attention to, like bills.GCN: Is the PC going to evolve into a tablet?
OZZIE: There's a great migration happening right now from the desktop PC to the laptop, in one form or another. The notebook will represent the vast majority of devices for some time to come. The tablet PC is a logical extension of the notebook. It still has a keyboard, but if you feel like sketching, you can just flip the screen around.
A few years ago, we were on a path to make the PC a browser appliance. Now I think we're going in exactly the opposite direction. We're on a path to more and more PCs in our lives'at work, on the road, in the den at home, in the kitchen. The challenge now is helping users cope with synchronization and security.GCN: Will all or most networks eventually be wireless, and how do you fend off eavesdroppers?
OZZIE: I believe pretty much everything is moving to wireless, and manufacturers are building it in so it becomes easier.
I'm a bit of a contrarian: I don't believe we should be worrying so much about wireless network security. I believe we should be using software that automatically encrypts, whether it's over the air or over a wired network. Just because something's on the wire doesn't mean it's secure.
I have a theory, based on the 15 years I worked on Lotus Notes, about where the real systems security issues are. I keep thinking of complacency and insecurity'systems have to be designed to be secure even though the people who use them don't understand security.
We in the industry should build software that has security down to its core, out of the box. Anything that goes over wireless or wired networks should be encrypted automatically without anyone doing anything special to configure it.
Once at a conference, I witnessed a sniffer called EtherPeg watching all the graphics going by and displaying them on screen. We could see what the conference attendees were doing on that wireless network.
It's pretty bad. We should be more aware that everything we're doing on the Internet is tappable. The intelligence agencies of foreign governments are looking at what we're doing. If we focus too much on the wireless problem, we lose sight of the fact that it's a much deeper problem'and a fixable problem, if customers demand that it be fixed.
Encrypt everything. Software should just automatically encrypt everything that gets stored on disk, in case you happen to lose your laptop. Encrypt what goes over the wires. There's no reason not to'computers are very powerful now. They have a lot of extra CPU power that could be going into encryption.GCN: Which algorithm should be used? The government's Advanced Encryption Standard?
OZZIE: That's the primary one we use, but there are many algorithms appropriate for different uses'public-key algorithms, secret keys.
That's less important than the overall security design'getting security into products to begin with. Rather than mandate encryption for wireless, I'd much rather see the government mandate encryption within the software that people use.GCN: What are your thoughts on how the proposed Homeland Security Department should integrate its systems?
OZZIE: Any serious infrastructure changes are going to take tremendous amounts of money and years. We don't have that kind of time. To address the threats, we have to act now.
The first order of business is getting the employees to work effectively together. Who needs to work with whom? Ensure that the processes and practices at the edges of the organizations give people an incentive to work with one another dynamically and act on situations quickly.
The deeper IT systems related to merging the databases and doing unified analyses should be well thought out over a period of years. But we shouldn't overanalyze the problem now. We need to get the people working together effectively.GCN: How do you cobble together all the different networks, including radio networks?
OZZIE: Use decentralized technology, different from conventional server-based technologies. Decentralized technology'tunneling through firewalls'is key to connecting different security enclaves so that people can work together across enterprise boundaries.