Privacy Compromise
The hacker community is extremely large and robust. With the ease of availability of hacking information and teaching manuals, it's obvious why we have seen many more news stories involving hacker activity. It does not take a genius anymore to compromise a Web site and gain consumer credit card information. Several sites dedicated to information about security breaches and teaching hacker techniques include the following:
| Security Focus | http://www.securityfocus.com |
| PacketStorm | http://packetstorm.securify.com |
| Windows IT Security | http://www.ntsecurity.net |
| Security Bugware | http://oliver.efri.hr/~crv/security/security.html |
| Foundstone | http://www.foundstone.com/advisories |
Attrition.org (http://www.attrition.org/) used to mirror hacked Web pages but has recently stopped because keeping track of all the hacked sites was becoming too much work. Some have said the popularity of being on Attrition.org encouraged hackers to deface Web sites. Through the increase in hacker skills and availability of automated tools to compromise Internet-connected companies, accessing private consumer information is easier than ever.
Tracking user information legally (it's pretty hard to track user information illegally with the weak laws that are in place) is a form of privacy compromise. A hacker doesn't have to break into your home system or some company site for your information to be abused. The Network Advertising Initiative (NAI) Principle, which is a response to advocacy groups trying to limit online profiling (the collection of information about Internet surfing behavior within an advertising network for the purpose of formulating a profile or representation of users' habits and interests), has been severely criticized for not actually being capable of curbing online profiling. Cookies have been the main culprits of capturing user information for profiles and linking data. The cookies allow information about user behavior to be collected, analyzed, and stored. The problem of online profiling was first presented to Congress in testimony before the Senate Commerce Committee in July 1999. The principles place the burden of privacy protection on the consumer, with opt-out strategies being the main force behind them. The consumer must be cognizant of her rights and abilities to opt out, which is generally very difficult for the consumer.
Selecting to opt-out of one company's database doesn't seem to make a dent in the data capture capabilities of the company after your personal information. A more intrusive manner of tracking Internet users takes place through the use of Web bugs, invisible images that also place cookies on users' computers. One newsworthy item was the use of bugs by DoubleClick. DoubleClick, the largest network advertiser, placed Web bugs on more than 60,000 Web pages. It presented advertisements for thousands of clients and placed billions of advertisements in one month. DoubleClick then wanted to link consumer names to information collected through cookies; however, it was severely attacked by privacy groups. The company dropped its plans because of the uproar, but it is estimated that DoubleClick has profiled millions of Internet users. DoubleClick is just one of many such advertisers collecting consumer information. It seems that companies do not change their policies and practices unless they are caught in the act and privacy groups become a nuisance to them.
We have all heard about viruses and worms that damage your system. Worms replicate themselves and send themselves to other computers. A new breed of worm is being used to either try to fix a problem or ferret out the bad guys. One such worm that was recently discovered (in June 2001) infects computers using Microsoft Outlook. It searches the infected computer for image files containing child pornography and alerts government agencies if any suspicious files are discovered. The alert e-mail contains an attached copy of one of the files that allegedly contains child pornography discovered during the worm's search of infected hard drives and also identifies the porn possessor's e-mail address. This is a serious invasion of privacy, even if the worm attempts to perform a public service. What if you had a file with a name the worm thinks is child pornography? It would send an e-mail to government agencies, and you could have someone knocking on your door. If the author took it another step further and just deleted all your files in retribution for assuming you had child pornography, you would lose all your personal data.
Compromise of information not only affects corporations and consumers. The government is at risk just as much as the rest of us. The National Infrastructure Protection Center was created in February 1998 to thwart cybercriminals. The new agency pursues criminals who attack or employ global networks and attempts to better secure the nation. After three years, the NIPC was found to be poorly organized and an ill-conceived agency that is ignored by other agencies. The General Accounting Office analyzed the NIPC and found that
It's not clear where the agency belongs.
Nobody seems to listen to the NIPC.
Information is not shared with them.
They can't define threats to national security.
They are not reacting quickly enough to the needs of the government.