| The rise of the Internet has resulted in
| |
| | also evidenced by the fact that the
|
| many important issues being raised. One
| |
| | article is now posted on another web site
|
| of these major issues relates to privacy
| |
| | (Bartlett).
|
| and security concerns.
| |
| | This situation is one that may find
|
| These issues become important ones for
| |
| | controls placed on it in the future,
|
| organizations to consider for several
| |
| | controls that act as a safeguard for what
|
| reasons. Firstly, because private
| |
| | can and cannot be published on the
|
| employee information is recorded on
| |
| | Internet as fact.
|
| computers, secondly because organizations
| |
| | The guilty verdict in this case also
|
| have their own important information
| |
| | leads the way for other defamation claims
|
| recorded on computers, and thirdly
| |
| | to be made and defamation laws to be
|
| because many organizations conduct
| |
| | determined for the Internet.
|
| business over the Internet via an
| |
| | While this is a case against a person, it
|
| informational home page or by Internet
| |
| | is also possible that this same type of
|
| retailing.
| |
| | defamation could be carried out in
|
| The question of security will become an
| |
| | regards to an organization, its products
|
| important one for organizations and will
| |
| | or its services. It is feasible that a
|
| likely become the responsibility of the
| |
| | disgruntled customer could publish
|
| human resource department in many
| |
| | damaging reports about the company.
|
| organizations, with the questions of
| |
| | More Possibilities
|
| security and privacy an extension of
| |
| | The possibilities of using the Internet
|
| information systems generally handled by
| |
| | for illegal advantages include scams as
|
| the human resource department (Bernardin
| |
| | new and ingenious as the Internet itself.
|
| & Russell).
| |
| | One opportunity that is not currently
|
| In this paper, the privacy and security
| |
| | illegal, though is concerning, is using
|
| issues that arise from the Internet will
| |
| | one piece of software as a means for
|
| be investigated. Recognizing that the
| |
| | distributing another.
|
| Internet is relatively new and rapidly
| |
| | One example that is causing universities
|
| changing, the investigation will be
| |
| | concern is KaZaA, software that is used
|
| completed with an eye for looking forward
| |
| | to store and swap video clips and MP3
|
| to the future.
| |
| | files. This software is specifically
|
| Firstly, I will discuss the modern
| |
| | targeted at students and is downloaded by
|
| history of the Internet and how it
| |
| | large numbers of students. It has been
|
| relates to privacy and security concerns.
| |
| | reported that this software has "software
|
| I will then discuss several key security
| |
| | attached to it that could allow the
|
| and privacy issues relevant to
| |
| | company to use student computers and
|
| organizations. I will then briefly
| |
| | university bandwidth for commercial
|
| discuss the protection options available
| |
| | ventures, such as serving Internet
|
| to deal with these issues.
| |
| | advertisements or selling computer
|
| THE INTERNET AND PRIVACY & SECURITY
| |
| | storage space" (Carlson).
|
| Privacy is not a new concept, but one
| |
| | While this is not an illegal process, it
|
| that has been of importance to people for
| |
| | is a misleading one for the user. It also
|
| centuries.
| |
| | shows how technology can be used for
|
| The advent of the Internet however, is
| |
| | purposes other than that which we
|
| taking privacy issues to a new level.
| |
| | purchase them for. This is important
|
| Privacy is described as "the ability of
| |
| | because this is one way information can
|
| individuals to determine for themselves
| |
| | be hidden within programs and there is
|
| when, how and to what extent information
| |
| | potential for this to be used illegally
|
| about them is communicated to others"
| |
| | in the future. It is also said that
|
| (IBM).
| |
| | universities are specifically targeted
|
| Security also becomes of wider concern.
| |
| | because they have a considerable amount
|
| With the importance of the Internet and
| |
| | of unused hard drive space (Carlson).
|
| information technology to society, it
| |
| | This could apply equally to many
|
| becomes a tool that can be used against
| |
| | organizations, so organizations may also
|
| national security, against individuals or
| |
| | become a target of these programs in the
|
| against organizations.
| |
| | future.
|
| As well as this, the mass of information
| |
| | SECURITY AND PRIVACY PROTECTION
|
| available on the Internet can be misused.
| |
| | Security Programs
|
| The Internet has become a profound part
| |
| | Security programs currently consist of
|
| of our society, impacting on every aspect
| |
| | two main types. The first are virus
|
| of it. With this wide impact, security
| |
| | programs that prevent damaging computer
|
| issues reach out across various topics
| |
| | viruses from being received. One of the
|
| and take on various forms.
| |
| | most interesting things about these
|
| Also relevant is the fact that the
| |
| | programs is that they require constant
|
| Internet remains in its infancy, with the
| |
| | updating.
|
| Internet revolution described as "one
| |
| | These constant updates illustrate how
|
| that experts estimate is less than 10
| |
| | quickly virus concerns change.
|
| percent complete" (IBM).
| |
| | Essentially, one group of people are
|
| As the Internet grows and changes, new
| |
| | constantly creating new viruses, while a
|
| security and privacy issues will appear.
| |
| | second group remain alert to these
|
| As the environment changes, the privacy
| |
| | viruses and create antidotes for the
|
| and security issues will be reconsidered.
| |
| | viruses.
|
| There is no doubt that the issues the
| |
| | The second type of security program is
|
| Internet creates are likely to change, as
| |
| | firewall software. Firewall software
|
| the Internet and society continue to
| |
| | prevents hackers from accessing a
|
| adapt to each other. Even recognizing
| |
| | computer. Just like viruses, these
|
| this, by assessing the issues now we can
| |
| | programs are under constant upgrading to
|
| begin to see their current impact and
| |
| | keep up with hacker technology changes.
|
| also their future direction.
| |
| | Security and Privacy Consultants
|
| SECURITY AND PRIVACY ISSUES
| |
| | Security and privacy concerns have also
|
| Hackers
| |
| | created a new industry of consultants,
|
| Everyone is under threat from hackers,
| |
| | who offer advice, personnel and systems
|
| from the organization, to government
| |
| | to governments, organizations and also
|
| information, and through to individuals.
| |
| | individuals.
|
| The reason for hacking varies as widely
| |
| | An example of one of these firms is
|
| as those that become victims of hacking,
| |
| | Rent-A-Hacker, whose company profile
|
| "crackers are not necessarily after
| |
| | reads as follows:
|
| secret files or valuable corporate data,
| |
| | "Rent-A-Hacker was formed to afford
|
| many just want a machine - fast. Most
| |
| | anyone the means to protect their
|
| victimized machines are merely launch
| |
| | valuable information assets. Unlike most
|
| pads for other attacks" (Tanase).
| |
| | Cybersecurity firms whose goal is to sell
|
| Essentially, hackers hide themselves by
| |
| | you security products, our focus is on
|
| operating through a chain of machines.
| |
| | auditing, detection and proactive
|
| Reasons for hacking are extremely varied
| |
| | prevention" (Rent-A-Hacker).
|
| and can include accessing information,
| |
| | To achieve these goals, the organizations
|
| changing information records and
| |
| | makes use of experts in Internet security
|
| launching viruses.
| |
| | and in hacking. This organization is an
|
| For the organization, information may be
| |
| | example of where the future of Internet
|
| extracted to be used against the
| |
| | security may lead.
|
| organization. This information could then
| |
| | With experts developing new ways to
|
| be used in various way. Disgruntled
| |
| | breach Internet security, software
|
| employees may seek information to use
| |
| | programs may no longer be enough. A
|
| against the organization.
| |
| | defence system of equally effective
|
| The threat of misuse also depends on the
| |
| | experts may be the only way to combat
|
| nature of the organization. A university
| |
| | hackers and other breachers of both
|
| for example has a threat of students
| |
| | security and privacy.
|
| changing their results records, while an
| |
| | Government Actions
|
| organization involved in controversial
| |
| | The Government plays an important role in
|
| issues, such as a gun manufacturer may be
| |
| | effecting privacy and security concerns
|
| threatened by anti-gun protesters.
| |
| | and does this on two levels. The first is
|
| Hackers may also operate by damaging
| |
| | in their role in setting the rules for
|
| company web sites.
| |
| | the private sector. The second is in
|
| The reasons and form of Internet hacking
| |
| | establishing guidelines for the
|
| crimes are just as varied as typical
| |
| | government's own use of information
|
| crimes.
| |
| | (IBM).
|
| As the Internet becomes more widespread,
| |
| | With the broad implications of the
|
| Internet crimes may come to mirror all
| |
| | Internet it is also recognized that
|
| crimes. For example, just as a
| |
| | government control becomes essential,
|
| disgruntled employee may vandalize their
| |
| | "the growing interconnectedness of
|
| place of employment, a disgruntled
| |
| | society underscores the need for
|
| employee may vandalize the organization's
| |
| | government officials to understand the
|
| web site.
| |
| | broad implications of the Internet and
|
| Current Effect on Business
| |
| | the information technology revolution
|
| Hacker attacks are the largest threats
| |
| | (IBM).
|
| for governments and businesses, with
| |
| | The government meets this challenge by
|
| ninety percent of business and
| |
| | producing a set of
|
| governments suffering hacker attacks each
| |
| | internationally-accepted principles, with
|
| year (Krebs).
| |
| | these principles developed by the
|
| Of those businesses, only one third were
| |
| | Organization for Economic Cooperation and
|
| willing to report the attacks to the FBI
| |
| | Development and are known as the OECD
|
| (Krebs).
| |
| | guidelines (IBM).
|
| Eighty percent reported financial losses
| |
| | These guidelines include 'fair
|
| as a result but the majority were not
| |
| | information practices' for organizations
|
| willing to quantify these financial
| |
| | that outline appropriate security of data
|
| losses (Krebs).
| |
| | and disclosure of data practices (IBM).
|
| The majority of organizations and
| |
| | IBM describes the US security and privacy
|
| government departments do suffer from
| |
| | measures, saying:
|
| security breaches. Also noted is that
| |
| | "The US has legislatively-required
|
| this is not all from hackers, a major
| |
| | protections in focus areas: government,
|
| component is also from company staff. The
| |
| | credit reporting, banking and finance,
|
| fact that the majority are not willing to
| |
| | health, and children's information. In
|
| report or verify the problems, is an
| |
| | other commercial areas, such as retail
|
| indication that this is a problem that is
| |
| | and online marketing, the US relies on
|
| thought to be significant as well as
| |
| | its common-law traditions coupled with
|
| damaging.
| |
| | industry responsibility and leadership to
|
| Organizations generally avoid reporting
| |
| | chart the way" (IBM).
|
| such problems to avoid alarming
| |
| | Legal Protection
|
| shareholders, while government
| |
| | The legal component of the Internet is
|
| departments avoid public concern. With
| |
| | handled largely by the Computer Crime and
|
| shareholders and the public warranted in
| |
| | Intellectual Property Section of the
|
| their right to know of these breaches,
| |
| | Department of Justice. The actions of the
|
| there is a future likely, where such
| |
| | section are described, saying:
|
| breaches will be required to be reported.
| |
| | "Section attorneys advise federal
|
| The reality is that these threats cannot
| |
| | prosecutors and law enforcement agents;
|
| be ignored. A study by the National
| |
| | comment upon and propose legislation;
|
| Institute of Standards and Technology
| |
| | coordinate international efforts to
|
| recognized that "information and the
| |
| | combat computer crime; litigate cases;
|
| systems that process it are among the
| |
| | and train all law enforcement groups.
|
| most valuable assets of any organization.
| |
| | Other areas of expertise possessed by
|
| Adequate security of these assets is a
| |
| | CCIPS attorneys include encryption,
|
| fundamental management responsibility"
| |
| | electronic privacy laws, search and
|
| (NIST).
| |
| | seizure of computers, e-commerce, hacker
|
| The report by the National Institute of
| |
| | investigations, and intellectual property
|
| Standards and Technology provides a
| |
| | crimes" (CCIPS).
|
| framework for determining a security
| |
| | Legal protection in the US is wide and
|
| system program. The needs of the programs
| |
| | varied, covering a variety of issues that
|
| are twofold:
| |
| | the Internet relates to.
|
| "Agency programs must: 1) assure that
| |
| | This includes the considerations of
|
| systems and applications operate
| |
| | e-commerce, covering topics including
|
| effectively and provide appropriate
| |
| | Internet gambling, online sales of
|
| confidentiality, integrity, and
| |
| | healthcare products and consumer
|
| availability; and 2) protect information
| |
| | protection (CCIPS).
|
| commensurate with the level of risk and
| |
| | Laws are also existent relating to
|
| magnitude of harm resulting from loss,
| |
| | computer crimes. These crimes include
|
| misuse, unauthorized access, or
| |
| | cyberstalking, Internet fraud, child
|
| modification" (NIST).
| |
| | pornography and identity theft (CCIPS).
|
| This considered system and approach to
| |
| | Insurance Protection
|
| determining may mirror how organizations
| |
| | Another industry that reflects the rising
|
| will approach security considerations in
| |
| | importance of Internet security is the
|
| the future.
| |
| | insurance industry.
|
| It is also noted that "many organizations
| |
| | Policies purchased for 2001 were just
|
| and consumers are only just beginning to
| |
| | under $100 million in 2001, with it
|
| realize the value of applied information
| |
| | expected to rise to at least $1 billion
|
| technology and the increased efficiency
| |
| | by the year 2007 (Salkever).
|
| and effectiveness of innovations in data
| |
| | The policies available for organizations
|
| collection and management" (IBM).
| |
| | include protection from "virus attacks,
|
| With increased realization will come
| |
| | denial-of-service assaults, cracking into
|
| increased use of information by
| |
| | company systems, and Web-site
|
| organizations, and with this increased
| |
| | defacements. Some companies even write
|
| use will come a greater need for privacy
| |
| | policies that cover cyber-extortion,
|
| and security considerations.
| |
| | where an online intruder or an insider
|
| Information on the Internet
| |
| | steals crucial data such as customer
|
| The Internet is also capable of
| |
| | credit-card files and demands a payoff.
|
| infringing on a person's privacy as a
| |
| | The rising tide of lawsuits against
|
| publisher of information.
| |
| | companies whose employees have used
|
| We can see the Internet as a tool for
| |
| | corporate e-mail inappropriately has also
|
| communicating information, just as
| |
| | caught the attention of e-insurers"
|
| television, newspapers and other media
| |
| | (Salkever).
|
| are.
| |
| | It is also noted that with the insurance
|
| The difference with the Internet is that
| |
| | industry becoming a major part of
|
| the information published is not as well
| |
| | Internet security, they will have the
|
| controlled.
| |
| | opportunity to shape the computer
|
| With television and newspapers, controls
| |
| | security business.
|
| are in place to determine what will be
| |
| | This will occur by insurance companies
|
| communicated. It is generally not
| |
| | defining what types of security products
|
| possible for a person to publish
| |
| | and practices are acceptable. Following
|
| information without it being verified in
| |
| | this, premiums will differ based on what
|
| some way.
| |
| | software protection systems are used,
|
| However, with the Internet, a person can
| |
| | effectively rating product systems and
|
| publish and communicate messages to
| |
| | influencing the business consumers
|
| people from all over the world with no
| |
| | choice.
|
| requirement to have checks on the
| |
| | This is also expected to effect business,
|
| information.
| |
| | with e-insurance becoming a requirement,
|
| Essentially, the Internet allows anyone
| |
| | "as cyber-insurance goes from exotica to
|
| to say anything, and to say that anything
| |
| | a business necessity, the
|
| to a lot of people.
| |
| | computer-security industry will have to
|
| This leads to the Internet being capable
| |
| | adapt to keep the insurers happy"
|
| of being used as a tool to defame others.
| |
| | (Salkever).
|
| A recent court case shows that this does
| |
| | There is certainly potential for
|
| happen, where the case is described as
| |
| | insurance companies to influence both the
|
| follows:
| |
| | coverage required by organizations and
|
| "A state-court jury awarded $3-million
| |
| | the products and actions required to
|
| Tuesday to a University of North Dakota
| |
| | attain this coverage, "that's the wave of
|
| physics professor who sued a former
| |
| | the future, as insurers exert even more
|
| student for libel after she accused him
| |
| | pressure on the technology practices of
|
| in an online article of being a
| |
| | any company wishing to insure this
|
| pedophile. The professor, John L. Wagner,
| |
| | increasingly important facet of business"
|
| 41, filed his lawsuit after an article
| |
| | (Salkever).
|
| titled "Kinky, Torrid Romance by Randy
| |
| | Also recognized is the possible
|
| Physics Professor" was published on the
| |
| | relationship between insurance companies
|
| Web site Undnews.com" (Bartlett).
| |
| | and security products with it being
|
| This example shows how information on any
| |
| | argued "that insurers will demand
|
| subject can be widely published on the
| |
| | responsibility from software companies
|
| Internet. The guilty verdict indicates
| |
| | for flaws in their products -- and that
|
| that the law does consider this to be a
| |
| | they'll have the legal firepower to hold
|
| case of defamation.
| |
| | the software outfits accountable"
|
| The ease of publication on the Internet
| |
| | (Salkever).
|
| and the difficulty in controlling it is
| |
| |
|
