The great Web security debate
But, as the E-Commerce Summit at Internet Showcase showed here in San Diego Friday, there's a fundamental disagreement about which model of security will work on the Internet, where intellectual property flows like water.
"The big media companies don't mind the word 'copy,' but they don't like to hear they're not making money per copy," said Clifford H. Freeman Sr., managing director of Bear Stearns & Co., summarizing the reason record and movie companies, for example, aren't taking quickly to the Net.
"You must give the major media companies, brands, and content providers the comfort that things can go through these pipes unfettered, and [that] they will have protection of their copyright."
The approaches, as Freeman posed them: Do you secure the pipe? Or do you secure the content? Or both?
For example, the present retail distribution system for, say, music CDs is an example of a secure pipe.
The discs go from the manufacturer, to a trusted distributor, to a store, where a customer pays for them. If the CDs are stolen from the warehouse, or fall off the truck, there's nothing to stop anyone from listening to them.
Such is the case with content on the Net. It's as though it fell off the truck. There's no assurance that anyone will pay for it.
Nearly everyone agrees on what a payment infrastructure should do. As described by David Maher, head of AT&T's Secure Systems Research Dept., anyone should be able to conveniently buy and receive any content they're interested in, and easily share it with other people, each paying their fees to the copyright owners -- and all online.
The problem is there's still no accord on how to make that happen.
 |
| Ullas Naik, David Van Wie and Charlie Finnie debate which approach to take in creating a "global trust architecture." |
 |
One company hoping to make this system a reality is InterTrust Technologies Corp. of Sunnyvale, Calif., which makes a technology for securing the content, and allows for the notorious leakiness of the Internet pipe.
InterTrust's model "wraps" the content in a secure layer, so that, theoretically at least, only those who have paid can access it: "The content is free to go anywhere, as long as someone's willing to pay for it," said David Van Wie Sr., InterTrust's vice president of research.
InterTrust's model has found the beginnings of a market with corporate interests such as Universal Music. V'ger Technologies, a small Tennessee-based company, is marketing InterTrust's technology to the trillion-dollar health care market. The InterTrust method, it argues, will make records more accessible without compromising patients' privacy.
To be widely used, any secure-content model will have to reach the level of safety of the older secure-pipe systems, such as EDI (electronic data interchange). But to build such a system, and make it work, promises to be an uphill battle.
"It's a difficult business," said Charlie Finnie, a research analyst with Volpe Brown Whelan & Co. "The barriers to entry related to technology, to build a trusted infrastructure, are enormous."
Despite questions on how next-generation e-commerce systems will be developed, in the long run they will probably use elements of both secured content and secured lines.
"In the end, it's all part of the same thing," said David Coursey, the summit's host. "If I send encrypted content over the Internet, is the content secure or is that part of the Internet a secure pipe, just for a short time? It sort of depends, in a way, on how you choose to describe the Internet."