| The rise of the Internet has resulted in many | | | | the law does consider this to be a case of |
| important issues being raised. One of these | | | | defamation. |
| major issues relates to privacy and security | | | | |
| concerns. | | | | The ease of publication on the Internet and |
| | | | the difficulty in controlling it is also |
| These issues become important ones for | | | | evidenced by the fact that the article is now |
| organizations to consider for several | | | | posted on another web site (Bartlett). |
| reasons. Firstly, because private employee | | | | |
| information is recorded on computers, | | | | This situation is one that may find controls |
| secondly because organizations have their own | | | | placed on it in the future, controls that act |
| important information recorded on computers, | | | | as a safeguard for what can and cannot be |
| and thirdly because many organizations | | | | published on the Internet as fact. |
| conduct business over the Internet via an | | | | |
| informational home page or by Internet | | | | The guilty verdict in this case also leads |
| retailing. | | | | the way for other defamation claims to be |
| | | | made and defamation laws to be determined for |
| The question of security will become an | | | | the Internet. |
| important one for organizations and will | | | | |
| likely become the responsibility of the human | | | | While this is a case against a person, it is |
| resource department in many organizations, | | | | also possible that this same type of |
| with the questions of security and privacy an | | | | defamation could be carried out in regards to |
| extension of information systems generally | | | | an organization, its products or its |
| handled by the human resource department | | | | services. It is feasible that a disgruntled |
| (Bernardin & Russell). | | | | customer could publish damaging reports about |
| | | | the company. |
| In this paper, the privacy and security | | | | |
| issues that arise from the Internet will be | | | | More Possibilities |
| investigated. Recognizing that the Internet | | | | |
| is relatively new and rapidly changing, the | | | | The possibilities of using the Internet for |
| investigation will be completed with an eye | | | | illegal advantages include scams as new and |
| for looking forward to the future. | | | | ingenious as the Internet itself. |
| | | | |
| Firstly, I will discuss the modern history of | | | | One opportunity that is not currently |
| the Internet and how it relates to privacy | | | | illegal, though is concerning, is using one |
| and security concerns. I will then discuss | | | | piece of software as a means for distributing |
| several key security and privacy issues | | | | another. |
| relevant to organizations. I will then | | | | |
| briefly discuss the protection options | | | | One example that is causing universities |
| available to deal with these issues. | | | | concern is KaZaA, software that is used to |
| | | | store and swap video clips and MP3 files. |
| THE INTERNET AND PRIVACY & SECURITY | | | | This software is specifically targeted at |
| | | | students and is downloaded by large numbers |
| Privacy is not a new concept, but one that | | | | of students. It has been reported that this |
| has been of importance to people for | | | | software has "software attached to it that |
| centuries. | | | | could allow the company to use student |
| | | | computers and university bandwidth for |
| The advent of the Internet however, is taking | | | | commercial ventures, such as serving Internet |
| privacy issues to a new level. Privacy is | | | | advertisements or selling computer storage |
| described as "the ability of individuals to | | | | space" (Carlson). |
| determine for themselves when, how and to | | | | |
| what extent information about them is | | | | While this is not an illegal process, it is a |
| communicated to others" (IBM). | | | | misleading one for the user. It also shows |
| | | | how technology can be used for purposes other |
| Security also becomes of wider concern. With | | | | than that which we purchase them for. This is |
| the importance of the Internet and | | | | important because this is one way information |
| information technology to society, it becomes | | | | can be hidden within programs and there is |
| a tool that can be used against national | | | | potential for this to be used illegally in |
| security, against individuals or against | | | | the future. It is also said that universities |
| organizations. | | | | are specifically targeted because they have a |
| | | | considerable amount of unused hard drive |
| As well as this, the mass of information | | | | space (Carlson). This could apply equally to |
| available on the Internet can be misused. | | | | many organizations, so organizations may also |
| | | | become a target of these programs in the |
| The Internet has become a profound part of | | | | future. |
| our society, impacting on every aspect of it. | | | | |
| With this wide impact, security issues reach | | | | SECURITY AND PRIVACY PROTECTION |
| out across various topics and take on various | | | | |
| forms. | | | | Security Programs |
| | | | |
| Also relevant is the fact that the Internet | | | | Security programs currently consist of two |
| remains in its infancy, with the Internet | | | | main types. The first are virus programs that |
| revolution described as "one that experts | | | | prevent damaging computer viruses from being |
| estimate is less than 10 percent complete" | | | | received. One of the most interesting things |
| (IBM). | | | | about these programs is that they require |
| | | | constant updating. |
| As the Internet grows and changes, new | | | | |
| security and privacy issues will appear. As | | | | These constant updates illustrate how quickly |
| the environment changes, the privacy and | | | | virus concerns change. Essentially, one group |
| security issues will be reconsidered. | | | | of people are constantly creating new |
| | | | viruses, while a second group remain alert to |
| There is no doubt that the issues the | | | | these viruses and create antidotes for the |
| Internet creates are likely to change, as the | | | | viruses. |
| Internet and society continue to adapt to | | | | |
| each other. Even recognizing this, by | | | | The second type of security program is |
| assessing the issues now we can begin to see | | | | firewall software. Firewall software prevents |
| their current impact and also their future | | | | hackers from accessing a computer. Just like |
| direction. | | | | viruses, these programs are under constant |
| | | | upgrading to keep up with hacker technology |
| SECURITY AND PRIVACY ISSUES | | | | changes. |
| | | | |
| Hackers | | | | Security and Privacy Consultants |
| | | | |
| Everyone is under threat from hackers, from | | | | Security and privacy concerns have also |
| the organization, to government information, | | | | created a new industry of consultants, who |
| and through to individuals. The reason for | | | | offer advice, personnel and systems to |
| hacking varies as widely as those that become | | | | governments, organizations and also |
| victims of hacking, | | | | individuals. |
| | | | |
| "crackers are not necessarily after secret | | | | An example of one of these firms is |
| files or valuable corporate data, many just | | | | Rent-A-Hacker, whose company profile reads as |
| want a machine - fast. Most victimized | | | | follows: |
| machines are merely launch pads for other | | | | |
| attacks" (Tanase). Essentially, hackers hide | | | | "Rent-A-Hacker was formed to afford anyone |
| themselves by operating through a chain of | | | | the means to protect their valuable |
| machines. | | | | information assets. Unlike most Cybersecurity |
| | | | firms whose goal is to sell you security |
| Reasons for hacking are extremely varied and | | | | products, our focus is on auditing, detection |
| can include accessing information, changing | | | | and proactive prevention" (Rent-A-Hacker). |
| information records and launching viruses. | | | | |
| | | | To achieve these goals, the organizations |
| For the organization, information may be | | | | makes use of experts in Internet security and |
| extracted to be used against the | | | | in hacking. This organization is an example |
| organization. This information could then be | | | | of where the future of Internet security may |
| used in various way. Disgruntled employees | | | | lead. |
| may seek information to use against the | | | | |
| organization. | | | | With experts developing new ways to breach |
| | | | Internet security, software programs may no |
| The threat of misuse also depends on the | | | | longer be enough. A defence system of equally |
| nature of the organization. A university for | | | | effective experts may be the only way to |
| example has a threat of students changing | | | | combat hackers and other breachers of both |
| their results records, while an organization | | | | security and privacy. |
| involved in controversial issues, such as a | | | | |
| gun manufacturer may be threatened by | | | | Government Actions |
| anti-gun protesters. Hackers may also operate | | | | |
| by damaging company web sites. | | | | The Government plays an important role in |
| | | | effecting privacy and security concerns and |
| The reasons and form of Internet hacking | | | | does this on two levels. The first is in |
| crimes are just as varied as typical crimes. | | | | their role in setting the rules for the |
| | | | private sector. The second is in establishing |
| As the Internet becomes more widespread, | | | | guidelines for the government's own use of |
| Internet crimes may come to mirror all | | | | information (IBM). |
| crimes. For example, just as a disgruntled | | | | |
| employee may vandalize their place of | | | | With the broad implications of the Internet |
| employment, a disgruntled employee may | | | | it is also recognized that government control |
| vandalize the organization's web site. | | | | becomes essential, "the growing |
| | | | interconnectedness of society underscores the |
| Current Effect on Business | | | | need for government officials to understand |
| | | | the broad implications of the Internet and |
| Hacker attacks are the largest threats for | | | | the information technology revolution (IBM). |
| governments and businesses, with ninety | | | | |
| percent of business and governments suffering | | | | The government meets this challenge by |
| hacker attacks each year (Krebs). | | | | producing a set of internationally-accepted |
| | | | principles, with these principles developed |
| Of those businesses, only one third were | | | | by the Organization for Economic Cooperation |
| willing to report the attacks to the FBI | | | | and Development and are known as the OECD |
| (Krebs). | | | | guidelines (IBM). |
| | | | |
| Eighty percent reported financial losses as a | | | | These guidelines include 'fair information |
| result but the majority were not willing to | | | | practices' for organizations that outline |
| quantify these financial losses (Krebs). | | | | appropriate security of data and disclosure |
| | | | of data practices (IBM). |
| The majority of organizations and government | | | | |
| departments do suffer from security breaches. | | | | IBM describes the US security and privacy |
| Also noted is that this is not all from | | | | measures, saying: |
| hackers, a major component is also from | | | | |
| company staff. The fact that the majority are | | | | "The US has legislatively-required |
| not willing to report or verify the problems, | | | | protections in focus areas: government, |
| is an indication that this is a problem that | | | | credit reporting, banking and finance, |
| is thought to be significant as well as | | | | health, and children's information. In other |
| damaging. | | | | commercial areas, such as retail and online |
| | | | marketing, the US relies on its common-law |
| Organizations generally avoid reporting such | | | | traditions coupled with industry |
| problems to avoid alarming shareholders, | | | | responsibility and leadership to chart the |
| while government departments avoid public | | | | way" (IBM). |
| concern. With shareholders and the public | | | | |
| warranted in their right to know of these | | | | Legal Protection |
| breaches, there is a future likely, where | | | | |
| such breaches will be required to be | | | | The legal component of the Internet is |
| reported. | | | | handled largely by the Computer Crime and |
| | | | Intellectual Property Section of the |
| The reality is that these threats cannot be | | | | Department of Justice. The actions of the |
| ignored. A study by the National Institute of | | | | section are described, saying: |
| Standards and Technology recognized that | | | | |
| "information and the systems that process it | | | | "Section attorneys advise federal prosecutors |
| are among the most valuable assets of any | | | | and law enforcement agents; comment upon and |
| organization. Adequate security of these | | | | propose legislation; coordinate international |
| assets is a fundamental management | | | | efforts to combat computer crime; litigate |
| responsibility" (NIST). | | | | cases; and train all law enforcement groups. |
| | | | Other areas of expertise possessed by CCIPS |
| The report by the National Institute of | | | | attorneys include encryption, electronic |
| Standards and Technology provides a framework | | | | privacy laws, search and seizure of |
| for determining a security system program. | | | | computers, e-commerce, hacker investigations, |
| The needs of the programs are twofold: | | | | and intellectual property crimes" (CCIPS). |
| | | | |
| "Agency programs must: 1) assure that systems | | | | Legal protection in the US is wide and |
| and applications operate effectively and | | | | varied, covering a variety of issues that the |
| provide appropriate confidentiality, | | | | Internet relates to. |
| integrity, and availability; and 2) protect | | | | |
| information commensurate with the level of | | | | This includes the considerations of |
| risk and magnitude of harm resulting from | | | | e-commerce, covering topics including |
| loss, misuse, unauthorized access, or | | | | Internet gambling, online sales of healthcare |
| modification" (NIST). | | | | products and consumer protection (CCIPS). |
| | | | |
| This considered system and approach to | | | | Laws are also existent relating to computer |
| determining may mirror how organizations will | | | | crimes. These crimes include cyberstalking, |
| approach security considerations in the | | | | Internet fraud, child pornography and |
| future. | | | | identity theft (CCIPS). |
| | | | |
| It is also noted that "many organizations and | | | | Insurance Protection |
| consumers are only just beginning to realize | | | | |
| the value of applied information technology | | | | Another industry that reflects the rising |
| and the increased efficiency and | | | | importance of Internet security is the |
| effectiveness of innovations in data | | | | insurance industry. |
| collection and management" (IBM). | | | | |
| | | | Policies purchased for 2001 were just under |
| With increased realization will come | | | | $100 million in 2001, with it expected to |
| increased use of information by | | | | rise to at least $1 billion by the year 2007 |
| organizations, and with this increased use | | | | (Salkever). |
| will come a greater need for privacy and | | | | |
| security considerations. | | | | The policies available for organizations |
| | | | include protection from "virus attacks, |
| Information on the Internet | | | | denial-of-service assaults, cracking into |
| | | | company systems, and Web-site defacements. |
| The Internet is also capable of infringing on | | | | Some companies even write policies that cover |
| a person's privacy as a publisher of | | | | cyber-extortion, where an online intruder or |
| information. | | | | an insider steals crucial data such as |
| | | | customer credit-card files and demands a |
| We can see the Internet as a tool for | | | | payoff. The rising tide of lawsuits against |
| communicating information, just as | | | | companies whose employees have used corporate |
| television, newspapers and other media are. | | | | e-mail inappropriately has also caught the |
| | | | attention of e-insurers" (Salkever). |
| The difference with the Internet is that the | | | | |
| information published is not as well | | | | It is also noted that with the insurance |
| controlled. | | | | industry becoming a major part of Internet |
| | | | security, they will have the opportunity to |
| With television and newspapers, controls are | | | | shape the computer security business. |
| in place to determine what will be | | | | |
| communicated. It is generally not possible | | | | This will occur by insurance companies |
| for a person to publish information without | | | | defining what types of security products and |
| it being verified in some way. | | | | practices are acceptable. Following this, |
| | | | premiums will differ based on what software |
| However, with the Internet, a person can | | | | protection systems are used, effectively |
| publish and communicate messages to people | | | | rating product systems and influencing the |
| from all over the world with no requirement | | | | business consumers choice. |
| to have checks on the information. | | | | |
| | | | This is also expected to effect business, |
| Essentially, the Internet allows anyone to | | | | with e-insurance becoming a requirement, "as |
| say anything, and to say that anything to a | | | | cyber-insurance goes from exotica to a |
| lot of people. | | | | business necessity, the computer-security |
| | | | industry will have to adapt to keep the |
| This leads to the Internet being capable of | | | | insurers happy" (Salkever). |
| being used as a tool to defame others. | | | | |
| | | | There is certainly potential for insurance |
| A recent court case shows that this does | | | | companies to influence both the coverage |
| happen, where the case is described as | | | | required by organizations and the products |
| follows: | | | | and actions required to attain this coverage, |
| | | | "that's the wave of the future, as insurers |
| "A state-court jury awarded $3-million | | | | exert even more pressure on the technology |
| Tuesday to a University of North Dakota | | | | practices of any company wishing to insure |
| physics professor who sued a former student | | | | this increasingly important facet of |
| for libel after she accused him in an online | | | | business" (Salkever). |
| article of being a pedophile. The professor, | | | | |
| John L. Wagner, 41, filed his lawsuit after | | | | Also recognized is the possible relationship |
| an article titled "Kinky, Torrid Romance by | | | | between insurance companies and security |
| Randy Physics Professor" was published on the | | | | products with it being argued "that insurers |
| Web site Undnews.com" (Bartlett). | | | | will demand responsibility from software |
| | | | companies for flaws in their products -- and |
| This example shows how information on any | | | | that they'll have the legal firepower to hold |
| subject can be widely published on the | | | | the software outfits accountable" (Salkever). |
| Internet. The guilty verdict indicates that | | | | |