Install

Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

WEB WATCH: Web Banking: Cryptic Problem




Home-country money management for expats has become notably easier in recent years with the advent of Internet banks and online account management services accessible via the Worldwide Web. However, many people have complained to me that they are unable to use their bank's services and face error messages indicating that their web browser is not sufficiently "secure" for access to the system.


Most banks rely on special web server software that uses the industry standard "Secure Socket Layer," or SSL, technology to establish an encrypted connection with the customer's browser whenever sensitive data is transmitted. In Netscape, you can tell that you have an SSL-encrypted connection with a website when the key-shaped icon in the bottom left corner of the screen lights up.


The problem is that United States export laws classify encryption technology as a form of munitions and require that software available for free download on the Internet or other means of "export" across U.S. borders must contain watered-down encryption features, or a maximum 40-bit "key." That includes web browsers such as Netscape and Microsoft Internet Explorer.


While 40-bit keys are more or less secure, they have been broken and can be compromised by the latest RISC-chip workstations in just a few days. Cryptography experts thus recommend use of at least 90-bit keys to assure full security. Most online consumer sales sites will work with a 40-bit encrypted connection, but more cautious banks typically require 128-bit encryption for access to account information.


It is very difficult and requires active misrepresentation to download a domestic-grade, 128-bit web browser from outside the United States, and to do so would make one guilty of fraud and an illegal arms transaction subject to severe criminal penalties under U.S. law. If you installed a domestic-grade browser on a laptop while in the U.S. and subsequently brought it to Moscow, you may also have unwittingly violated the encryption export regulations.


However, law-abiding citizens take heart: You can access secure bank systems with the help of a simple and perfectly legal Australian product called Fortify, available for free download at http://www.fortify.net. This software modifies the code in Netscape versions 3.0 and higher, equipping the browser with necessary elements for 128-bit encryption.


Because the product is from Australia, its use does not violate the U.S. export restrictions and demonstrates the futility of such laws. Easy access to reliable encryption is essential to the development of electronic commerce and vitally important to ordinary people as the privacy of personal information and communication comes under increasing threat.


Criminals will be able buy the best available technology in any case, and so the laws serve only to annoy ordinary people and hurt American software companies that lose lucrative international markets for encryption products.


Another interesting argument used in several pending lawsuits asserts that encryption formulas are simply words, numbers and knowledge in the purest fo rm and thus immune from suppression as "speech" protected by the First Amendment of the U.S. Constitution. All of these positions seem painfully obvious to most industry players and many consumers, yet law enforcement and government seek ever new ways to restrict and regulate encryption.


You can follow many of the policy debates on websites such as http://www.crypto.com, http://www.privacy.org, and the Electronic Privacy Information Center at http://www.epic.org.


Now that your browser is equipped with bank-grade encryption, you may want to investigate online money management possibilities if you have not already done so. The clickable map at http://www.bankonline.com generates regional lists of mostly small U.S. banks that offer web services. The site of the industry newsletter "Online Banking Report" (http://www.onlinebankingreport.com) keeps more complete lists, at last check 184 U.S. banks, 67 U.S. credit unions, and 57 banks in other countries that offer transaction or balance reporting service on the web.


Among international banks in this region only Estonian Forexbank (http://www.forex.ee) and Hansabank (http://www.hansa.ee) along with Latvia's Trasta Komercbanka (http://www.tkb.lv) have made the list so far, perhaps due to their close ties to Finland, which has become one of the world's most "wired" societies.


Another site at http://www.gomez.com contains rankings of individual Internet banking services. A consistent leader across every category is Security First Network Bank (http://www.sfnb.com), "the world's first Internet bank" established back in 1995.


Originally based in the little hamlet of Pineville, Kentucky, and now Atlanta, Georgia, SFNB is unique in that it has just one branch and aspires to offer every possible service on-line, providing national service while avoiding the overhead costs of multiple branch offices and teller operations. While it can't compete with the sheer resources of the banking behemoths that continue to merge and gobble up smaller banks across the U.S., its size has allowed it to provide more user-friendly, flexible and rapidly evolving services.


Bill Fick welcomes any tips on interesting web sites or questions concerning the Internet for this column. Fick is co-founder of Samovar Internet Consulting, LLC. Web: http://www.samovar.ru e-mail: bill@samovar.ru