, Research Paper
The security and privacy of all computer users has been compromised by the advancement of computer technology. As the complexity and potential of computers, computer hardware, and computer software increases, so is seen a steady increase in the loss of privacy and security of all computer users ranging from home users and reaching as far as the corporate sector. As technology advances at incredible speeds, it is widely believed that every eighteen months technology doubles in speed, capacity, or efficiency, while reducing its physical size by half. Every generation knows more about computers than the previous and at much earlier ages. The advent of the Internet has led to a new generation and genre of crime known as computer crime. Such crimes include fraud, theft, eavesdropping, privacy infringement, etc Many crimes of these types have been committed in the last fifteen years, some of which recorded losses in excess of ten million dollars. Huge corporations like Southern Bell, Microsoft, Motorola, and NEC have been the victims of computer crime, despite the precautions and safety measures that were in place. Such staggering facts lead to the question: if it has not already, when will technology go too far in enabling the invasion of society s privacy and security?
In modern society computers play a key role. Day by day more and more of what society uses, interacts with, and relies on is a computer itself or a part of a larger computer unseen to the human eye. Banks, traffic signals, phones, some modern cars, the Internet, and many others all rely on computers to manage and govern day-by-day operations. As society becomes part of those operations, so do society s demographics. When logged on to the Internet, the users, in essence, expose themselves and their personal information to all other users of the Internet, and
often become victims of computer crime. Fortunately, the majority of the users of the Internet is not interested in other people s personal information, and is therefore not versed in acquiring such information, but it is that small minority that is willing and able, that safeguards need to be taken against. Conversely, there are also legitimate instances when the release of personal information is necessary and, indeed, proper. Such instances include secure online shopping and banking, and various organizations that block and prevent the viewing of sites by unauthorized users. Also, with the advent of online commerce, people are giving more and more of their information away, including credit card numbers, social security numbers, etc It is therefore imperative that a middle ground be reached, one that allows for the most conveniences provided in the safest possible setting.
Discussion of Research
A disturbing number of Web-based businesses lack effective security, and several major international sites have been probed and hacked. Inadequate standards and security fissures at sites whose servers contain sensitive data compromise privacy. Experts say the problem is due to managers and top officials rushing to establish a Web presence without considering security issues. Companies are not willing to spend time and capital to plan and implement secure sites. Hacking crimes intensify as the Internet grows and with it the enticement to hack. Western Union Financial Services Inc had 16,000 customers’ credit and debit card information compromised, and hackers stole personal data from a database belonging to Ikea International A/S. A protester defaced the OPEC site as well (Berinato 1Q). Victimized companies downplay the situation or blame it on someone else, but experts say they are not disciplined with security
practices. Internet security is not widely implemented, and even awareness of the technology is low.
For nine hours, the New York Times newspaper was forced to temporarily shut down its Internet World Wide Web site because of a breach in computer security by computer hackers. One type of computer crime is committed solely because of the desire do gain publicity and fame. Such crimes are referred to as publicity crimes. In such instances a web site is hacked, or broken into, with no malicious intent, but rather with the sole purpose of expressing some sort of message. Often times the site is changed or altered in a manner that is not destructive in nature and does not significantly alter the sites operation. No information was stolen as the result of the break-in of the New York Times website, but the incident is descriptive of the need for business enterprises and corporations to remain alert because of the constant potential of a similar incident involving their sites despite the installation of advanced security systems (Roberts 1). Information Systems managers have to stay vigilant to prevent clever hackers from breaking into their systems because criminals find cracking the latest security technologies a constant challenge. Encryption, firewalls, intrusion detection software, and authentication are all useful tools, but the ultimate responsibility for security rests with the user. Victims of computer crimes and attacks include prestigious and modernized firms such as NEC and Motorola Inc. Products to combat such attacks were already available at the time, but there is usually a time gap between the newest hacking methods and the introduction of countermeasures to combat those methods. The Internet is popular, but is also a serious security and privacy risk (Littman 1). Hacking and the creation of computer viruses are not limited to the United States. Computer crime exists all over the world, but is sometimes limited to the resources of a particular area. Theft of personal
information, illegitimate bank transfers, etc is prevalent all over the world, and Russia is no exception. Citibank lost $10 million to online thief Volodya Levin of St. Petersburg, who awaits extradition for trial. Internet access theft is so ubiquitous and widespread that America Online has abandoned the country (Caryl 58).
The Justice Department responded to a hacker attack on its Web site in 1996 by devising an anti-hacker strategy that focuses on often-overlooked systems security improvements. Mark Boster, Justice’s deputy CIO identified eleven rules for agencies to follow for Web site security. The rules stated exist to ensure the utmost level of security and privacy for all users, and to ensure the integrity and confidentiality of documents within a users computer. These include controlling contractor access, responding to changing technology, proceeding slowly on new technology and managing expectations, centralizing management, not relying too much on firewalls, backing up log-in data, running a backup server, maintaining accurate system clocks, and not keeping tools on the Web server. Boster adds that agencies should also encrypt internal communications and assist each other in maintaining systems security. It is important, he says, that organizations abandon the current culture of mistrust so that a unified anti-hacker effort can be successful (Breeden 3).
Corporations have good reason to be concerned about data theft via hacking and other unauthorized access activities because hacking incidents are increasing as companies and government agencies begin relying on vulnerable private networks and the Internet. A recent poll reveals that computer viruses or hackers have victimized nearly half of US companies. In response, most companies are installing expensive firewalls as the first barrier to sensitive data. Firewall software ensures that users attempting to access a network from an outside location
have the correct password and are only able to see pre-determined types of data. Firewalls are not foolproof because users often choose obvious passwords, and new technology can be exploited to bypass the firewall. Some corporations are augmenting firewalls with encryption software that renders data unintelligible unless a party possesses the code necessary for translating the information (Rothfeder 170).
It has become easy for personal information to be distributed over the Internet to almost any business or individual looking for it. Only a Social Security number is required to retrieve credit histories, driving records, employment information, addresses, phone numbers, arrest records, property ownership and other public records. If a person s social security number fell into the hands of a skilled hacker, that hacker would have access to a wide array of personal information that is otherwise restricted. Young & Rubicam’s KnowledgeBase Marketing division has a database with profiles of more than 200 million people in the US. New federal regulations protect medical records in the US, but government health agencies have unrestricted access to the information for various purposes. Biometric identification such as fingerprints and iris patterns will likely begin to appear in databases as more banks and financial institutions collect thumbprints from non-customers. DNA collection poses serious threats to personal privacy because of all the genetic information the samples contain. People should only provide their Social Security number when absolutely necessary, and businesses should avoid using Social Security numbers as ID codes. Paper shredders should be used at home and in offices, and toll-free numbers should not be used for sensitive calls because the receiving party can identify the calling number even with Caller ID blocking activated (Ziff 94).
Internet technology brings the world to our PCs, but it also delivers our private information to the world. The electronic commerce practice of profiling, or gathering information about customers, is a threat to personal privacy, even though most e-commerce vendors intend only to serve their customers better. Amazon.com generates customized lists of recommended books, CDs, and videos based on an individual’s past purchases. The company’s One-Click shopping feature replaces the checkout line with a saved address and credit card number to promote impulse buys. When only one company is tracking information about a customer its profiling databases are relatively harmless, but once the information begins to circulate on the Internet as companies share databases, online retailers can create in-depth profiles about individuals. The information is provided voluntarily by consumers, so people should be leery of giving e-commerce web sites such information as their date of birth, marital status or annual income. They should also beware when registering new software or completing product warranty cards. When a person fills out an online registration card for a product purchased, information irrelevant to the warranty is asked for simply for the purpose of demographics. Many government databases with birth and death records, marriages, divorces, property sales, business licenses, driving records and other information are being put online with few security precautions (Bott 80). The security of personal information posted on the Internet can be a problem for many users. Access to different types of data has become so easy that so-called identity thieves can steal others’ Social Security numbers, addresses, birthdays and motor vehicle records without much difficulty. To protect themselves from such invasion of their privacy, individuals should always be aware of who they are communicating with and avoiding to divulge personal information on the Net. They should also evaluate the online privacy policies
of companies, which are usually indicated in their Web sites. Individuals should also keep a low profile by requesting that information about them be removed from online directories. Other precautionary measures are protecting their passwords, carefully choosing what they download and write in e-mail, filtering out junk e-mail, remaining anonymous, avoiding fraudulent scams, and always staying informed. E-mail users can take measures to protect themselves and ensure their privacy. First, users should limit their contacts and encrypt their e-mail by obtaining an encryption program. The government could ultimately gain access to a user’s e-mail by accessing data with a copy of the encryption key. Privacy advocates say this represents invasion, but the government says it needs to monitor terrorists and other damaging organizations. Encryption software and anonymous re-mailers can help users to reduce the risk of unauthorized access. Users can halt the transmission of cookies by deleting the file and replacing it with a write-protected, zero-length file that lists the same name. Electronic commerce over a secured site offers protection against identity theft. Cookie files are used by Web sites to store information on visitors to the site. The information is stored on the user’s hard disk, a practice that saves storage space on the server, to provide personalized service when the user revisits the Web site. An online bookstore, for instance, can greet the user by name and offer a list of books that may be of personal interest, based on the information in the cookie file. Privacy issues become a concern when cookie files from Web sites the user has not visited start appearing on their hard drive. Most browsers offer security preferences that can be set to warn the user when a cookie file is being sent to their hard disk. The Web’s HyperText Transfer Protocol (HTTP) is supposed to prevent one site from depositing a cookie for another, but this rule has been circumvented because the banner advertisements included on most professional sites actually come from
another site. Anti-cookie software is available for controlling the cookie files that attempt to access a hard drive. Medical professionals did not consider the dangers to medical record confidentiality before increasing use of the Internet for various aspects of health care delivery. According to organizations providing medical records and services online, their security standards do protect patient confidentiality, but this is open to question. Health care insurers and others who sell individuals’ medical information to make a profit are the most blatant violators. Internet users often feel that they are exploring cyberspace with anonymity, but they are actually highly visible and leave an electronic trail for marketing firms and snoops. All types of information is gathered from Internet users, including an individual’s name, address, and purchasing practices. The Internet’s open-ended nature is one reason for the absence of privacy. The Internet does not have rules to define what data is personal or to limit information usage by third parties. A combination of careless usage and weak security schemes makes Internet-based financial transactions and e-mail messages easy to intercept.
The Web is a powerful tool in education, but contains sites peddling hatred, violence and pornography alongside educationally valuable tools. Parents and teachers have a responsibility to protect children from the steamy side of the Internet. Educators and parents can take a number of proactive steps to reduce the problem of students accessing pornography on the Internet. Schools should post their policies on their Web sites, send them home to parents and teach them to students. Some schools require students to sign the Acceptable Use Policy, often before granting free Internet access. Standard browser and server technology can also be employed to restrict access to objectionable material. In order to activate programs that filter out questionable sites, and therefore prevent their viewing by unauthorized users, personal information is
required. But valid instances such as this are few and far between. There exists a constant balance between what information is appropriate and needs to be provided, and that information which is private and not available to public scrutiny. Filtering software is a poor solution for a problem that is better solved by teachers and pupils at the classroom level. First, these Internet access software programs send a negative message to students, signaling that they are not deemed trustworthy. Secondly, such draconian measures ignore the simple fact that a capable teacher is able to provide Internet guidance for the student in the course of administering the lesson. Another factor that is not weighed in the hysteria over pornography is that the typical student is not apt to seek access to such material in a public forum such as the classroom. Filtering programs also block out many valid and educational sites on the basis of certain words or topics, restricting the student’s research potential.
The compromise of security and privacy has existed since as long as fifteen years ago. The first time that such a breach occurred was in 1985 when an insurance and investment firm employee deleted the records of some 168,000 workers. The software used is called a time bomb, a program designed to wait until a pre-designated date when the software activates. Such programs led to the coining of the word virus. The first virus appeared in 1986 and spread on pirated and illegal copies of software such as Lotus 1-2-3 and WordPerfect. The first evidence of computer theft occurred in 1992 when a group of people infiltrated the security of such organizations as telephone and credit card companies. Southwestern Bell alone assessed their loss at approximately $370,000. The most successful such theft took place in 1995, when over $10 million was funneled and shifted into various bank accounts (Ahuja 15-17). If such crimes are possible on the corporate level, where the security is undoubtedly better than on home
computers, it is only reasonable that for the trained hacker, the acquisition of private information from home users is like a walk in the park.
It is obvious that the Internet is here to stay. As the Internet grows and more and more of our everyday activities and errands become available on the Internet, so will the necessity for disbursement of more personal information. This is turn will make hacking, computer crime, Internet break-ins, information theft, and security infiltration more widespread. Action needs to be taken to remedy this problem, and insure the privacy and security of all computer and Internet users, as well as corporate companies and their assets. It is imperative that the safety and privacy of people be preserved, and the integrity of the Internet is assured for future generations. As the largest network in the world and a seemingly endless tool of education, information, amusement, management, communication, convenience, and commerce, it is likely that the Internet is the greatest evolution and revolution in the last 50 years. In this age where almost everything you ever wanted to know about someone can be found on a computer, companies need to ensure that the people whose information they are collecting and using know what is being collected and how and why it is to be used. Security and privacy on the Internet is both simple and complex at the same time. Simple because the problem that plagues the Internet and its security is easy to identify. Complex because at this point in time there exists no way to solve all of the problems and security concerns (Stein 1). The world’s accessibility to the Internet makes the development of global standards and privacy codes difficult – but imperative.
Ahuja, Vijay. Network and Internet Security. Boston: AP Professional, 1996.
Berinato, Scott. Hack alert: Where’s the Outrage? IT managers, in rush to create Web presence, leave sites vulnerable (Industry Trend or Event). eWeek Sept. 2000: 1.Q.
Bott, Ed. We Know Where You Live Work Shop Bank…And So Does Everyone Else! Here’s How to Protect Yourself and Your Business. PC/Computing Mar. 2000. p80.
Breeden, John II. Justice offers a victim’s perspective on hacking (Government Activity). Government Computer News Apr. 1997: v16, n10, p3(2).
Caryl, Christian. Russia’s hackers: reach out and rob someone. U.S. News & World Report Apr. 1997: v122, n15, p58(1).
Littman, Jonathan. Hacked, cracked and phreaked. PC Week Jan. 1997: v14, n4, p1(2).
Roberts, Sally. Hacking incident moves Web security to front page. Business Insurance Sept.1998: v32, n38, p1(2).
Rothfeder, Jeffrey. Hacked! Are your company files safe? PC World Nov. 1996: v14, n11, p170(7).
Stein, Lincoln D. Web Security: A Step-by-Step Reference Guide. Reading: Addison-Wesley, 1998.
Ziff, Davis. The Feds Are following You. PC/Computing Mar. 2000 1996: p94.