| The rise of the Internet has resulted in many important | | | | a case of defamation. |
| issues being raised. One of these major issues relates | | | | The ease of publication on the Internet and the |
| to privacy and security concerns. | | | | difficulty in controlling it is also evidenced by the fact |
| These issues become important ones for | | | | that the article is now posted on another web site |
| organizations to consider for several reasons. Firstly, | | | | (Bartlett). |
| because private employee information is recorded on | | | | This situation is one that may find controls placed on it |
| computers, secondly because organizations have their | | | | in the future, controls that act as a safeguard for what |
| own important information recorded on computers, and | | | | can and cannot be published on the Internet as fact. |
| thirdly because many organizations conduct business | | | | The guilty verdict in this case also leads the way for |
| over the Internet via an informational home page or by | | | | other defamation claims to be made and defamation |
| Internet retailing. | | | | laws to be determined for the Internet. |
| The question of security will become an important one | | | | While this is a case against a person, it is also possible |
| for organizations and will likely become the | | | | that this same type of defamation could be carried out |
| responsibility of the human resource department in | | | | in regards to an organization, its products or its |
| many organizations, with the questions of security and | | | | services. It is feasible that a disgruntled customer could |
| privacy an extension of information systems generally | | | | publish damaging reports about the company. |
| handled by the human resource department (Bernardin | | | | More Possibilities |
| & Russell). | | | | The possibilities of using the Internet for illegal |
| In this paper, the privacy and security issues that arise | | | | advantages include scams as new and ingenious as |
| from the Internet will be investigated. Recognizing that | | | | the Internet itself. |
| the Internet is relatively new and rapidly changing, the | | | | One opportunity that is not currently illegal, though is |
| investigation will be completed with an eye for looking | | | | concerning, is using one piece of software as a means |
| forward to the future. | | | | for distributing another. |
| Firstly, I will discuss the modern history of the Internet | | | | One example that is causing universities concern is |
| and how it relates to privacy and security concerns. I | | | | KaZaA, software that is used to store and swap |
| will then discuss several key security and privacy | | | | video clips and MP3 files. This software is specifically |
| issues relevant to organizations. I will then briefly | | | | targeted at students and is downloaded by large |
| discuss the protection options available to deal with | | | | numbers of students. It has been reported that this |
| these issues. | | | | software has "software attached to it that could allow |
| THE INTERNET AND PRIVACY & SECURITY | | | | the company to use student computers and university |
| Privacy is not a new concept, but one that has been | | | | bandwidth for commercial ventures, such as serving |
| of importance to people for centuries. | | | | Internet advertisements or selling computer storage |
| The advent of the Internet however, is taking privacy | | | | space" (Carlson). |
| issues to a new level. Privacy is described as "the | | | | While this is not an illegal process, it is a misleading one |
| ability of individuals to determine for themselves when, | | | | for the user. It also shows how technology can be |
| how and to what extent information about them is | | | | used for purposes other than that which we purchase |
| communicated to others" (IBM). | | | | them for. This is important because this is one way |
| Security also becomes of wider concern. With the | | | | information can be hidden within programs and there is |
| importance of the Internet and information technology | | | | potential for this to be used illegally in the future. It is |
| to society, it becomes a tool that can be used against | | | | also said that universities are specifically targeted |
| national security, against individuals or against | | | | because they have a considerable amount of unused |
| organizations. | | | | hard drive space (Carlson). This could apply equally to |
| As well as this, the mass of information available on | | | | many organizations, so organizations may also |
| the Internet can be misused. | | | | become a target of these programs in the future. |
| The Internet has become a profound part of our | | | | SECURITY AND PRIVACY PROTECTION |
| society, impacting on every aspect of it. With this wide | | | | Security Programs |
| impact, security issues reach out across various topics | | | | Security programs currently consist of two main types. |
| and take on various forms. | | | | The first are virus programs that prevent damaging |
| Also relevant is the fact that the Internet remains in its | | | | computer viruses from being received. One of the |
| infancy, with the Internet revolution described as "one | | | | most interesting things about these programs is that |
| that experts estimate is less than 10 percent complete" | | | | they require constant updating. |
| (IBM). | | | | These constant updates illustrate how quickly virus |
| As the Internet grows and changes, new security and | | | | concerns change. Essentially, one group of people are |
| privacy issues will appear. As the environment | | | | constantly creating new viruses, while a second group |
| changes, the privacy and security issues will be | | | | remain alert to these viruses and create antidotes for |
| reconsidered. | | | | the viruses. |
| There is no doubt that the issues the Internet creates | | | | The second type of security program is firewall |
| are likely to change, as the Internet and society | | | | software. Firewall software prevents hackers from |
| continue to adapt to each other. Even recognizing this, | | | | accessing a computer. Just like viruses, these |
| by assessing the issues now we can begin to see | | | | programs are under constant upgrading to keep up |
| their current impact and also their future direction. | | | | with hacker technology changes. |
| SECURITY AND PRIVACY ISSUES | | | | Security and Privacy Consultants |
| Hackers | | | | Security and privacy concerns have also created a |
| Everyone is under threat from hackers, from the | | | | new industry of consultants, who offer advice, |
| organization, to government information, and through to | | | | personnel and systems to governments, organizations |
| individuals. The reason for hacking varies as widely as | | | | and also individuals. |
| those that become victims of hacking, | | | | An example of one of these firms is Rent-A-Hacker, |
| "crackers are not necessarily after secret files or | | | | whose company profile reads as follows: |
| valuable corporate data, many just want a machine - | | | | "Rent-A-Hacker was formed to afford anyone the |
| fast. Most victimized machines are merely launch pads | | | | means to protect their valuable information assets. |
| for other attacks" (Tanase). Essentially, hackers hide | | | | Unlike most Cybersecurity firms whose goal is to sell |
| themselves by operating through a chain of machines. | | | | you security products, our focus is on auditing, |
| Reasons for hacking are extremely varied and can | | | | detection and proactive prevention" (Rent-A-Hacker). |
| include accessing information, changing information | | | | To achieve these goals, the organizations makes use |
| records and launching viruses. | | | | of experts in Internet security and in hacking. This |
| For the organization, information may be extracted to | | | | organization is an example of where the future of |
| be used against the organization. This information could | | | | Internet security may lead. |
| then be used in various way. Disgruntled employees | | | | With experts developing new ways to breach Internet |
| may seek information to use against the organization. | | | | security, software programs may no longer be enough. |
| The threat of misuse also depends on the nature of | | | | A defence system of equally effective experts may |
| the organization. A university for example has a threat | | | | be the only way to combat hackers and other |
| of students changing their results records, while an | | | | breachers of both security and privacy. |
| organization involved in controversial issues, such as a | | | | Government Actions |
| gun manufacturer may be threatened by anti-gun | | | | The Government plays an important role in effecting |
| protesters. Hackers may also operate by damaging | | | | privacy and security concerns and does this on two |
| company web sites. | | | | levels. The first is in their role in setting the rules for the |
| The reasons and form of Internet hacking crimes are | | | | private sector. The second is in establishing guidelines |
| just as varied as typical crimes. | | | | for the government's own use of information (IBM). |
| As the Internet becomes more widespread, Internet | | | | With the broad implications of the Internet it is also |
| crimes may come to mirror all crimes. For example, | | | | recognized that government control becomes |
| just as a disgruntled employee may vandalize their | | | | essential, "the growing interconnectedness of society |
| place of employment, a disgruntled employee may | | | | underscores the need for government officials to |
| vandalize the organization's web site. | | | | understand the broad implications of the Internet and |
| Current Effect on Business | | | | the information technology revolution (IBM). |
| Hacker attacks are the largest threats for | | | | The government meets this challenge by producing a |
| governments and businesses, with ninety percent of | | | | set of internationally-accepted principles, with these |
| business and governments suffering hacker attacks | | | | principles developed by the Organization for Economic |
| each year (Krebs). | | | | Cooperation and Development and are known as the |
| Of those businesses, only one third were willing to | | | | OECD guidelines (IBM). |
| report the attacks to the FBI (Krebs). | | | | These guidelines include 'fair information practices' for |
| Eighty percent reported financial losses as a result but | | | | organizations that outline appropriate security of data |
| the majority were not willing to quantify these financial | | | | and disclosure of data practices (IBM). |
| losses (Krebs). | | | | IBM describes the US security and privacy measures, |
| The majority of organizations and government | | | | saying: |
| departments do suffer from security breaches. Also | | | | "The US has legislatively-required protections in focus |
| noted is that this is not all from hackers, a major | | | | areas: government, credit reporting, banking and |
| component is also from company staff. The fact that | | | | finance, health, and children's information. In other |
| the majority are not willing to report or verify the | | | | commercial areas, such as retail and online marketing, |
| problems, is an indication that this is a problem that is | | | | the US relies on its common-law traditions coupled with |
| thought to be significant as well as damaging. | | | | industry responsibility and leadership to chart the way" |
| Organizations generally avoid reporting such problems | | | | (IBM). |
| to avoid alarming shareholders, while government | | | | Legal Protection |
| departments avoid public concern. With shareholders | | | | The legal component of the Internet is handled largely |
| and the public warranted in their right to know of these | | | | by the Computer Crime and Intellectual Property |
| breaches, there is a future likely, where such breaches | | | | Section of the Department of Justice. The actions of |
| will be required to be reported. | | | | the section are described, saying: |
| The reality is that these threats cannot be ignored. A | | | | "Section attorneys advise federal prosecutors and law |
| study by the National Institute of Standards and | | | | enforcement agents; comment upon and propose |
| Technology recognized that "information and the | | | | legislation; coordinate international efforts to combat |
| systems that process it are among the most valuable | | | | computer crime; litigate cases; and train all law |
| assets of any organization. Adequate security of | | | | enforcement groups. Other areas of expertise |
| these assets is a fundamental management | | | | possessed by CCIPS attorneys include encryption, |
| responsibility" (NIST). | | | | electronic privacy laws, search and seizure of |
| The report by the National Institute of Standards and | | | | computers, e-commerce, hacker investigations, and |
| Technology provides a framework for determining a | | | | intellectual property crimes" (CCIPS). |
| security system program. The needs of the programs | | | | Legal protection in the US is wide and varied, covering |
| are twofold: | | | | a variety of issues that the Internet relates to. |
| "Agency programs must: 1) assure that systems and | | | | This includes the considerations of e-commerce, |
| applications operate effectively and provide | | | | covering topics including Internet gambling, online sales |
| appropriate confidentiality, integrity, and availability; and | | | | of healthcare products and consumer protection |
| 2) protect information commensurate with the level of | | | | (CCIPS). |
| risk and magnitude of harm resulting from loss, misuse, | | | | Laws are also existent relating to computer crimes. |
| unauthorized access, or modification" (NIST). | | | | These crimes include cyberstalking, Internet fraud, child |
| This considered system and approach to determining | | | | pornography and identity theft (CCIPS). |
| may mirror how organizations will approach security | | | | Insurance Protection |
| considerations in the future. | | | | Another industry that reflects the rising importance of |
| It is also noted that "many organizations and | | | | Internet security is the insurance industry. |
| consumers are only just beginning to realize the value | | | | Policies purchased for 2001 were just under $100 |
| of applied information technology and the increased | | | | million in 2001, with it expected to rise to at least $1 |
| efficiency and effectiveness of innovations in data | | | | billion by the year 2007 (Salkever). |
| collection and management" (IBM). | | | | The policies available for organizations include |
| With increased realization will come increased use of | | | | protection from "virus attacks, denial-of-service |
| information by organizations, and with this increased | | | | assaults, cracking into company systems, and |
| use will come a greater need for privacy and security | | | | Web-site defacements. Some companies even write |
| considerations. | | | | policies that cover cyber-extortion, where an online |
| Information on the Internet | | | | intruder or an insider steals crucial data such as |
| The Internet is also capable of infringing on a person's | | | | customer credit-card files and demands a payoff. The |
| privacy as a publisher of information. | | | | rising tide of lawsuits against companies whose |
| We can see the Internet as a tool for communicating | | | | employees have used corporate e-mail inappropriately |
| information, just as television, newspapers and other | | | | has also caught the attention of e-insurers" (Salkever). |
| media are. | | | | It is also noted that with the insurance industry |
| The difference with the Internet is that the information | | | | becoming a major part of Internet security, they will |
| published is not as well controlled. | | | | have the opportunity to shape the computer security |
| With television and newspapers, controls are in place | | | | business. |
| to determine what will be communicated. It is generally | | | | This will occur by insurance companies defining what |
| not possible for a person to publish information without | | | | types of security products and practices are |
| it being verified in some way. | | | | acceptable. Following this, premiums will differ based on |
| However, with the Internet, a person can publish and | | | | what software protection systems are used, |
| communicate messages to people from all over the | | | | effectively rating product systems and influencing the |
| world with no requirement to have checks on the | | | | business consumers choice. |
| information. | | | | This is also expected to effect business, with |
| Essentially, the Internet allows anyone to say anything, | | | | e-insurance becoming a requirement, "as |
| and to say that anything to a lot of people. | | | | cyber-insurance goes from exotica to a business |
| This leads to the Internet being capable of being used | | | | necessity, the computer-security industry will have to |
| as a tool to defame others. | | | | adapt to keep the insurers happy" (Salkever). |
| A recent court case shows that this does happen, | | | | There is certainly potential for insurance companies to |
| where the case is described as follows: | | | | influence both the coverage required by organizations |
| "A state-court jury awarded $3-million Tuesday to a | | | | and the products and actions required to attain this |
| University of North Dakota physics professor who | | | | coverage, "that's the wave of the future, as insurers |
| sued a former student for libel after she accused him | | | | exert even more pressure on the technology practices |
| in an online article of being a pedophile. The professor, | | | | of any company wishing to insure this increasingly |
| John L. Wagner, 41, filed his lawsuit after an article titled | | | | important facet of business" (Salkever). |
| "Kinky, Torrid Romance by Randy Physics Professor" | | | | Also recognized is the possible relationship between |
| was published on the Web site Undnews.com" | | | | insurance companies and security products with it |
| (Bartlett). | | | | being argued "that insurers will demand responsibility |
| This example shows how information on any subject | | | | from software companies for flaws in their products -- |
| can be widely published on the Internet. The guilty | | | | and that they'll have the legal firepower to hold the |
| verdict indicates that the law does consider this to be | | | | software outfits accountable" (Salkever). |