At noon yesterday, Phil Brandenberger of Philadelphia went shopping for a compact audio disk, paid for it with his credit card and made history.
Moments later, the champagne corks were popping in a small two-story frame house in Nashua, N.H. There, a team of young cyberspace entrepreneurs celebrated what was apparently the first retail transaction on the Internet using a readily available version of powerful data encryption software designed to guarantee privacy.
Experts have long seen such iron-clad security as a necessary first step before commercial transactions can become common on the Internet, the global computer network.
From his work station in Philadelphia, Mr. Brandenburger logged onto the computer in Nashua, and used a secret code to send his Visa credit card number to pay $12.48, plus shipping costs, for the compact disk “Ten Summoners’ Tales” by the rock musician Sting.
“Even if the N.S.A. was listening in, they couldn’t get his credit card number,” said Daniel M. Kohn, the 21-year-old chief executive of the Net Market Company of Nashua, N.H., a new venture that is the equivalent of a shopping mall in cyberspace. Mr. Kohn was referring to the National Security Agency, the arm of the Pentagon that develops and breaks the complex algorithms that are used to keep the most secret electronic secrets secret.
Even bigger organizations working on rival systems yesterday called the achievement by the tiny Net Market a welcome first step.
“It’s really clear that most companies want the security prior to doing major commitments to significant electronic commerce on the Internet,” said Cathy Medich, executive director of Commercenet, a Government and industry organization based in Menlo Park, Calif., that hopes to establish standards for commercial transactions on the Internet and other networks.
The idea is to make such data communications immune to wiretaps, electronic eavesdropping and theft by scrambling the transmissions with a secret code — a security technique known as data encryption.
While Commercenet and other organizations have been working to develop a standard for the automated data encryption of commercial transactions, the small band of recent college graduates who formed the Net Market Company in New Hampshire appear to be the first to implement such technology successfully.
Tests of Commercenet’s encryption system, which is based on algorithms — mathematical formulas — developed by RSA Data Security Inc. of Redwood City, Calif., are expected to begin this fall.
Commercenet hopes to create an easy-to-use industry standard for protecting Internet transactions.
For now, Net Market’s approach is available to the limited number of computer users who have work stations running the Unix software operating system and a sophisticated Internet navigational program called X-Mosaic. The data encryption program is called PGP, for Pretty Good Privacy, which is based on the same RSA algorithms used by Commercenet.
PGP is available free, but it requires technical expertise to download it from the Internet. But within a few months commercial versions of PGP are expected to be available for personal computers using the Windows and Macintosh operating systems, which comprise the vast majority of computers in North America. Security Breaches Reported
The widespread adoption of standard data encryption tools cannot come too quickly for many Internet entrepreneurs, who hope to foster new levels of commerce on the rapidly growing network.
Alarmed by increasing reports of security breaches on the Internet, many people and businesses are reluctant to transmit sensitive information, including credit cards numbers, sales information or private electronic mail messages, on the network.
But the use of standard data encryption software, which scrambles messages so they can be read only by someone with the proper software “key,” has been hindered by a combination of Government regulations and software patent disputes.
Experts say the PGP encryption software used by Net Market is at least as robust as the so-called Clipper encryption technology that the Clinton Administration has been pushing as a national standard. But unlike the Clipper system, the software keys for opening and reading PGP-encrypted documents is not controlled by the Government.
A version of PGP for individuals is available free through the Massachusetts Institute of Technology, but users must retrieve it from an M.I.T. computer through the Internet.
Organizations wanting to use PGP for commercial purposes must obtain it on the Internet from a company in Phoenix called Viacrypt, a maker of computer security software and hardware tools. Prices for PGP begin at $100 a copy. A Browsing Feature
One achievement of the young programmers at Net Market was to incorporate PGP into X-Mosaic, the software that many Internet users rely on for browsing through the global network.
X-Mosaic is a software tool that allows the users of Unix computers to browse a service of the Internet called the World Wide Web, where companies can post the electronic equivalent of a glossy color brochure with supporting sales or marketing documents.
In the case of Noteworthy Music, the record retailer that leases a “store front” in Net Market’s Internet computer, a shopper can look at color pictures of CD album covers.
Mr. Kohn, a 1994 honors graduate in economics from Swarthmore College, came up with the idea for Net Market during his junior year abroad, at the London School of Economics. There, he persuaded an American classmate, Roger Lee, to join his venture.
Mr. Lee, who graduated from Yale this past spring with a degree in political science, is president of the company. For technical expertise, they recruited two other partners from Swarthmore, Guy H. T. Haskin and Eiji Hirai.
The four men live upstairs in the house in Nashua, commuting downstairs each morning to run the business. Because of the pressures of running the system and debugging the software, they rarely venture outside, even though they have a backyard swimming pool.
“We don’t get much sun,” Mr. Kohn said, “but we’re down to a case of Coke a day.” ‘An Important Step’
Although Net Market has been selling various products like CD’s, flowers and books for several months on behalf of various merchants, yesterday was the first time they had offered digitally secure transactions.
“I think it’s an important step in pioneering this work, but later on we’ll probably see more exciting things in the way of digital cash,” said Philip R. Zimmermann, a computer security consultant in Boulder, Colo., who created the PGP program.
Digital cash, Mr. Zimmermann explained, is “a combination of cryptographic protocols that behave the way real dollars behave but are untraceable.”
In other words, they are packets of worth that have value in cyberspace, the same way dollars have value in the real world, except that they have the properties of anonymity, privacy and untraceability. Many details remain to be worked out, Mr. Zimmermann said.
For now, Mr. Brandenberger, despite his historic transaction yesterday, will be paying with plain old dollars, when he gets his credit card bill. And sometime today, the Sting CD will arrive by fairly conventional means — shipped FedEx from the Noteworthy Music warehouse in Nashua.
Photo: A system from the Net Market Company allows credit card shopping on the Internet in total privacy. Net Market’s chief executive, Daniel M. Kohn, foreground, worked at the company’s office in Nashua, N.H., yesterday. Behind him, from left, were the president, Roger Lee; program developer, Mark Birmingham; senior program developer, Guy H. T. Haskin, and chief information officer, Eiji Hirai. (MacArther S. McBurney for The New York Times)
Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/ZlExz573eEk/attention-shoppers-internet-is-open.html