| The rise of the Internet has resulted in | | | | The ease of publication on the Internet |
| many important issues being raised. One | | | | and the difficulty in controlling it is |
| of these major issues relates to privacy | | | | also evidenced by the fact that the |
| and security concerns. | | | | article is now posted on another web |
| These issues become important ones for | | | | site (Bartlett). |
| organizations to consider for several | | | | This situation is one that may find |
| reasons. Firstly, because private | | | | controls placed on it in the future, |
| employee information is recorded on | | | | controls that act as a safeguard for |
| computers, secondly because | | | | what can and cannot be published on the |
| organizations have their own important | | | | Internet as fact. |
| information recorded on computers, and | | | | The guilty verdict in this case also |
| thirdly because many organizations | | | | leads the way for other defamation |
| conduct business over the Internet via | | | | claims to be made and defamation laws to |
| an informational home page or by | | | | be determined for the Internet. |
| Internet retailing. | | | | While this is a case against a person, |
| The question of security will become an | | | | it is also possible that this same type |
| important one for organizations and will | | | | of defamation could be carried out in |
| likely become the responsibility of the | | | | regards to an organization, its products |
| human resource department in many | | | | or its services. It is feasible that a |
| organizations, with the questions of | | | | disgruntled customer could publish |
| security and privacy an extension of | | | | damaging reports about the company. |
| information systems generally handled by | | | | More Possibilities |
| the human resource department (Bernardin | | | | The possibilities of using the Internet |
| & Russell). | | | | for illegal advantages include scams as |
| In this paper, the privacy and security | | | | new and ingenious as the Internet |
| issues that arise from the Internet will | | | | itself. |
| be investigated. Recognizing that the | | | | One opportunity that is not currently |
| Internet is relatively new and rapidly | | | | illegal, though is concerning, is using |
| changing, the investigation will be | | | | one piece of software as a means for |
| completed with an eye for looking | | | | distributing another. |
| forward to the future. | | | | One example that is causing universities |
| Firstly, I will discuss the modern | | | | concern is KaZaA, software that is used |
| history of the Internet and how it | | | | to store and swap video clips and MP3 |
| relates to privacy and security | | | | files. This software is specifically |
| concerns. I will then discuss several | | | | targeted at students and is downloaded |
| key security and privacy issues relevant | | | | by large numbers of students. It has |
| to organizations. I will then briefly | | | | been reported that this software has |
| discuss the protection options available | | | | "software attached to it that could |
| to deal with these issues. | | | | allow the company to use student |
| THE INTERNET AND PRIVACY & SECURITY | | | | computers and university bandwidth for |
| Privacy is not a new concept, but one | | | | commercial ventures, such as serving |
| that has been of importance to people | | | | Internet advertisements or selling |
| for centuries. | | | | computer storage space" (Carlson). |
| The advent of the Internet however, is | | | | While this is not an illegal process, it |
| taking privacy issues to a new level. | | | | is a misleading one for the user. It |
| Privacy is described as "the ability of | | | | also shows how technology can be used |
| individuals to determine for themselves | | | | for purposes other than that which we |
| when, how and to what extent information | | | | purchase them for. This is important |
| about them is communicated to others" | | | | because this is one way information can |
| (IBM). | | | | be hidden within programs and there is |
| Security also becomes of wider concern. | | | | potential for this to be used illegally |
| With the importance of the Internet and | | | | in the future. It is also said that |
| information technology to society, it | | | | universities are specifically targeted |
| becomes a tool that can be used against | | | | because they have a considerable amount |
| national security, against individuals | | | | of unused hard drive space (Carlson). |
| or against organizations. | | | | This could apply equally to many |
| As well as this, the mass of information | | | | organizations, so organizations may also |
| available on the Internet can be | | | | become a target of these programs in the |
| misused. | | | | future. |
| The Internet has become a profound part | | | | SECURITY AND PRIVACY PROTECTION |
| of our society, impacting on every | | | | Security Programs |
| aspect of it. With this wide impact, | | | | Security programs currently consist of |
| security issues reach out across various | | | | two main types. The first are virus |
| topics and take on various forms. | | | | programs that prevent damaging computer |
| Also relevant is the fact that the | | | | viruses from being received. One of the |
| Internet remains in its infancy, with | | | | most interesting things about these |
| the Internet revolution described as | | | | programs is that they require constant |
| "one that experts estimate is less than | | | | updating. |
| 10 percent complete" (IBM). | | | | These constant updates illustrate how |
| As the Internet grows and changes, new | | | | quickly virus concerns change. |
| security and privacy issues will appear. | | | | Essentially, one group of people are |
| As the environment changes, the privacy | | | | constantly creating new viruses, while a |
| and security issues will be | | | | second group remain alert to these |
| reconsidered. | | | | viruses and create antidotes for the |
| There is no doubt that the issues the | | | | viruses. |
| Internet creates are likely to change, | | | | The second type of security program is |
| as the Internet and society continue to | | | | firewall software. Firewall software |
| adapt to each other. Even recognizing | | | | prevents hackers from accessing a |
| this, by assessing the issues now we can | | | | computer. Just like viruses, these |
| begin to see their current impact and | | | | programs are under constant upgrading to |
| also their future direction. | | | | keep up with hacker technology changes. |
| SECURITY AND PRIVACY ISSUES | | | | Security and Privacy Consultants |
| Hackers | | | | Security and privacy concerns have also |
| Everyone is under threat from hackers, | | | | created a new industry of consultants, |
| from the organization, to government | | | | who offer advice, personnel and systems |
| information, and through to individuals. | | | | to governments, organizations and also |
| The reason for hacking varies as widely | | | | individuals. |
| as those that become victims of hacking, | | | | An example of one of these firms is |
| "crackers are not necessarily after | | | | Rent-A-Hacker, whose company profile |
| secret files or valuable corporate data, | | | | reads as follows: |
| many just want a machine - fast. Most | | | | "Rent-A-Hacker was formed to afford |
| victimized machines are merely launch | | | | anyone the means to protect their |
| pads for other attacks" (Tanase). | | | | valuable information assets. Unlike most |
| Essentially, hackers hide themselves by | | | | Cybersecurity firms whose goal is to |
| operating through a chain of machines. | | | | sell you security products, our focus is |
| Reasons for hacking are extremely varied | | | | on auditing, detection and proactive |
| and can include accessing information, | | | | prevention" (Rent-A-Hacker). |
| changing information records and | | | | To achieve these goals, the |
| launching viruses. | | | | organizations makes use of experts in |
| For the organization, information may be | | | | Internet security and in hacking. This |
| extracted to be used against the | | | | organization is an example of where the |
| organization. This information could | | | | future of Internet security may lead. |
| then be used in various way. Disgruntled | | | | With experts developing new ways to |
| employees may seek information to use | | | | breach Internet security, software |
| against the organization. | | | | programs may no longer be enough. A |
| The threat of misuse also depends on the | | | | defence system of equally effective |
| nature of the organization. A university | | | | experts may be the only way to combat |
| for example has a threat of students | | | | hackers and other breachers of both |
| changing their results records, while an | | | | security and privacy. |
| organization involved in controversial | | | | Government Actions |
| issues, such as a gun manufacturer may | | | | The Government plays an important role |
| be threatened by anti-gun protesters. | | | | in effecting privacy and security |
| Hackers may also operate by damaging | | | | concerns and does this on two levels. |
| company web sites. | | | | The first is in their role in setting |
| The reasons and form of Internet hacking | | | | the rules for the private sector. The |
| crimes are just as varied as typical | | | | second is in establishing guidelines for |
| crimes. | | | | the government's own use of information |
| As the Internet becomes more widespread, | | | | (IBM). |
| Internet crimes may come to mirror all | | | | With the broad implications of the |
| crimes. For example, just as a | | | | Internet it is also recognized that |
| disgruntled employee may vandalize their | | | | government control becomes essential, |
| place of employment, a disgruntled | | | | "the growing interconnectedness of |
| employee may vandalize the | | | | society underscores the need for |
| organization's web site. | | | | government officials to understand the |
| Current Effect on Business | | | | broad implications of the Internet and |
| Hacker attacks are the largest threats | | | | the information technology revolution |
| for governments and businesses, with | | | | (IBM). |
| ninety percent of business and | | | | The government meets this challenge by |
| governments suffering hacker attacks | | | | producing a set of |
| each year (Krebs). | | | | internationally-accepted principles, |
| Of those businesses, only one third were | | | | with these principles developed by the |
| willing to report the attacks to the FBI | | | | Organization for Economic Cooperation |
| (Krebs). | | | | and Development and are known as the |
| Eighty percent reported financial losses | | | | OECD guidelines (IBM). |
| as a result but the majority were not | | | | These guidelines include 'fair |
| willing to quantify these financial | | | | information practices' for organizations |
| losses (Krebs). | | | | that outline appropriate security of |
| The majority of organizations and | | | | data and disclosure of data practices |
| government departments do suffer from | | | | (IBM). |
| security breaches. Also noted is that | | | | IBM describes the US security and |
| this is not all from hackers, a major | | | | privacy measures, saying: |
| component is also from company staff. | | | | "The US has legislatively-required |
| The fact that the majority are not | | | | protections in focus areas: government, |
| willing to report or verify the | | | | credit reporting, banking and finance, |
| problems, is an indication that this is | | | | health, and children's information. In |
| a problem that is thought to be | | | | other commercial areas, such as retail |
| significant as well as damaging. | | | | and online marketing, the US relies on |
| Organizations generally avoid reporting | | | | its common-law traditions coupled with |
| such problems to avoid alarming | | | | industry responsibility and leadership |
| shareholders, while government | | | | to chart the way" (IBM). |
| departments avoid public concern. With | | | | Legal Protection |
| shareholders and the public warranted in | | | | The legal component of the Internet is |
| their right to know of these breaches, | | | | handled largely by the Computer Crime |
| there is a future likely, where such | | | | and Intellectual Property Section of the |
| breaches will be required to be | | | | Department of Justice. The actions of |
| reported. | | | | the section are described, saying: |
| The reality is that these threats cannot | | | | "Section attorneys advise federal |
| be ignored. A study by the National | | | | prosecutors and law enforcement agents; |
| Institute of Standards and Technology | | | | comment upon and propose legislation; |
| recognized that "information and the | | | | coordinate international efforts to |
| systems that process it are among the | | | | combat computer crime; litigate cases; |
| most valuable assets of any | | | | and train all law enforcement groups. |
| organization. Adequate security of these | | | | Other areas of expertise possessed by |
| assets is a fundamental management | | | | CCIPS attorneys include encryption, |
| responsibility" (NIST). | | | | electronic privacy laws, search and |
| The report by the National Institute of | | | | seizure of computers, e-commerce, hacker |
| Standards and Technology provides a | | | | investigations, and intellectual |
| framework for determining a security | | | | property crimes" (CCIPS). |
| system program. The needs of the | | | | Legal protection in the US is wide and |
| programs are twofold: | | | | varied, covering a variety of issues |
| "Agency programs must: 1) assure that | | | | that the Internet relates to. |
| systems and applications operate | | | | This includes the considerations of |
| effectively and provide appropriate | | | | e-commerce, covering topics including |
| confidentiality, integrity, and | | | | Internet gambling, online sales of |
| availability; and 2) protect information | | | | healthcare products and consumer |
| commensurate with the level of risk and | | | | protection (CCIPS). |
| magnitude of harm resulting from loss, | | | | Laws are also existent relating to |
| misuse, unauthorized access, or | | | | computer crimes. These crimes include |
| modification" (NIST). | | | | cyberstalking, Internet fraud, child |
| This considered system and approach to | | | | pornography and identity theft (CCIPS). |
| determining may mirror how organizations | | | | Insurance Protection |
| will approach security considerations in | | | | Another industry that reflects the |
| the future. | | | | rising importance of Internet security |
| It is also noted that "many | | | | is the insurance industry. |
| organizations and consumers are only | | | | Policies purchased for 2001 were just |
| just beginning to realize the value of | | | | under $100 million in 2001, with it |
| applied information technology and the | | | | expected to rise to at least $1 billion |
| increased efficiency and effectiveness | | | | by the year 2007 (Salkever). |
| of innovations in data collection and | | | | The policies available for organizations |
| management" (IBM). | | | | include protection from "virus attacks, |
| With increased realization will come | | | | denial-of-service assaults, cracking |
| increased use of information by | | | | into company systems, and Web-site |
| organizations, and with this increased | | | | defacements. Some companies even write |
| use will come a greater need for privacy | | | | policies that cover cyber-extortion, |
| and security considerations. | | | | where an online intruder or an insider |
| Information on the Internet | | | | steals crucial data such as customer |
| The Internet is also capable of | | | | credit-card files and demands a payoff. |
| infringing on a person's privacy as a | | | | The rising tide of lawsuits against |
| publisher of information. | | | | companies whose employees have used |
| We can see the Internet as a tool for | | | | corporate e-mail inappropriately has |
| communicating information, just as | | | | also caught the attention of e-insurers" |
| television, newspapers and other media | | | | (Salkever). |
| are. | | | | It is also noted that with the insurance |
| The difference with the Internet is that | | | | industry becoming a major part of |
| the information published is not as well | | | | Internet security, they will have the |
| controlled. | | | | opportunity to shape the computer |
| With television and newspapers, controls | | | | security business. |
| are in place to determine what will be | | | | This will occur by insurance companies |
| communicated. It is generally not | | | | defining what types of security products |
| possible for a person to publish | | | | and practices are acceptable. Following |
| information without it being verified in | | | | this, premiums will differ based on what |
| some way. | | | | software protection systems are used, |
| However, with the Internet, a person can | | | | effectively rating product systems and |
| publish and communicate messages to | | | | influencing the business consumers |
| people from all over the world with no | | | | choice. |
| requirement to have checks on the | | | | This is also expected to effect |
| information. | | | | business, with e-insurance becoming a |
| Essentially, the Internet allows anyone | | | | requirement, "as cyber-insurance goes |
| to say anything, and to say that | | | | from exotica to a business necessity, |
| anything to a lot of people. | | | | the computer-security industry will have |
| This leads to the Internet being capable | | | | to adapt to keep the insurers happy" |
| of being used as a tool to defame | | | | (Salkever). |
| others. | | | | There is certainly potential for |
| A recent court case shows that this does | | | | insurance companies to influence both |
| happen, where the case is described as | | | | the coverage required by organizations |
| follows: | | | | and the products and actions required to |
| "A state-court jury awarded $3-million | | | | attain this coverage, "that's the wave |
| Tuesday to a University of North Dakota | | | | of the future, as insurers exert even |
| physics professor who sued a former | | | | more pressure on the technology |
| student for libel after she accused him | | | | practices of any company wishing to |
| in an online article of being a | | | | insure this increasingly important facet |
| pedophile. The professor, John L. | | | | of business" (Salkever). |
| Wagner, 41, filed his lawsuit after an | | | | Also recognized is the possible |
| article titled "Kinky, Torrid Romance by | | | | relationship between insurance companies |
| Randy Physics Professor" was published | | | | and security products with it being |
| on the Web site Undnews.com" (Bartlett). | | | | argued "that insurers will demand |
| This example shows how information on | | | | responsibility from software companies |
| any subject can be widely published on | | | | for flaws in their products -- and that |
| the Internet. The guilty verdict | | | | they'll have the legal firepower to hold |
| indicates that the law does consider | | | | the software outfits accountable" |
| this to be a case of defamation. | | | | (Salkever). |