The Path to Privacy
The path your information follows as you use various technologies leaves many points of access open to information compromise. On the Internet, submitting your information to a Web site, such as when applying for a brokerage account, sends your information through a variety of public channels. All along the way, system administrators or hackers can track down and even watch your information. When you use your wireless laptop to connect to your office, anyone in your vicinity can attempt to capture your wireless traffic and hack into your wireless network with your information. All your data being stored along these access paths will linger for years and be accessible by many people. Different companies have different strategies as to how your data is stored, secured, and used.
If we examine the brokerage account sign-up process, we can see several points of information compromise:
Web browser— When you open your Web browser, whether it is Netscape, Internet Explorer, Opera, or any other browser, you are surfing the Web with unencrypted traffic. As we will discuss in detail later, unencrypted traffic can be viewed by anyone who can capture your traffic along the path to its final destination. If the Web site you are browsing is not encrypting traffic, a hacker on the local segment from which you are surfing, such as your neighbor using the same cable company to connect, can see your traffic and all the information you type in a browser window, such as your name, phone number, and Social Security number.
Web administrator— On the other side of the transaction are administrators who have complete access to all your information. Companies have to place trust in these people because without them, nothing would function. You have to assume that the company has hired ethical administrators and monitors actions so no rogue administrator can steal information and use it for evil purposes.
Site security— The technological aspects of your information security are the most frequent points of attack. If the brokerage site does not implement strong security measures, an attacker can remotely gain access to databases that store your information.
Your home security— As many brokerage companies are moving to completely electronic trading procedures, from making a trade on the Web site to receiving an e-mail confirmation rather than a hardcopy letter, you will store more personal and sensitive information on your system. If your home computer gets hacked, and the attacker has access to your e-mail, he can find very valuable information about you and access your brokerage account.
Your ISP— Your Internet service provider (ISP) can be hacked and compromised just like any other company. If a hacker has a foothold on the ISP systems, he can install packet capture software that retrieves user information and login IDs and passwords.
The multitude of places where your information is stored and who can have access to it means that even if one entity has defined your privacy right with a privacy policy, all the other entities in any transaction you make have not agreed to keep your data secure. If you send your information to a brokerage site that has a good privacy policy, there is no guarantee that the ISP you are using is not watching your traffic or that the system administrator won't quit and steal all the user information. Your expectations of privacy must be tempered with the knowledge that there is no real guarantee that all these various points of access to your data will be secure and adhere to laws and privacy statements.
A false sense of security is probably worse than having no security at all. If a site says it requires a login and password from members, it might be somewhat secure. A user will feel that not everyone on the Internet will have access to her information. But that is wrong. What is to prevent a valid user on the system from taking your information and spreading it through other completely public forums?
One example of having a false sense of security is the compromise of the ICQ logs of the CEO of eFront. Private messages over ICQ were made public by a hacker. There were several things wrong with the use of ICQ in this case. First, ICQ is by default insecure. The messages are not encrypted, and data can be captured on the wire. Second, the log files are stored on the computer running ICQ and can be retrieved by someone with malicious intents. Lastly, there is no guarantee that the other party will not disclose your personal information and communications. Personal communications can be made public, such as in this book (see Figure 2.1), because there is no law or guarantee saying that the other party will not disseminate your information. It was easy for us to post a private ICQ message session.
Figure 2.1. ICQ log message.
Cases such as the ICQ log fiasco should not be a surprise to anyone because there was no expectation of privacy. It's true that a hacker made the logs available, but it could just have easily been one of the users of ICQ making the logs available. (Are you scrambling to erase your ICQ logs now?) Of course, for every problem there is a solution. eFront could have used secure messaging solutions; many are available, such as from Mercury Prime (http://www.mercuryprime.com). If the management team at eFront had better understood the security issues involving the programs they were using, they would have probably used a secure technology. Expectations of privacy were not in line with the actual use of the technology.
The flip side of this expectation of privacy is actual laws or policies that tell the user she can expect her information to be secure. The Federal Electronic Communications Privacy Act (ECPA) makes it unlawful for anyone to read or disclose the contents of an electronic communication (18 USC § 2511). E-mail service provided by online services is covered by this act. As mentioned earlier, this same act also provides for loopholes around the privacy safeguards. Three exceptions to the security of your e-mail messages are
The provider can view private e-mail if it suspects damage or harm by the sender.
The provider can legally view and disclose private e-mail if either the sender or the recipient of the message consents to disclosure.
If an employer owns the e-mail system, the employer can inspect e-mail on the system.
Interpretations of these exceptions can just as easily disclose your personal e-mail messages as any hacker would. This is just a legal means of reading your personal e-mail. ECPA also provides for law enforcement to access e-mails with a court order. The points of access where your information is stored are all subject to these types of exceptions.
Your right to privacy is more like a right to some privacy, until you get hacked, the government decides it's necessary to view your personal information, or you unknowingly give it away. Everything you do online can be tracked or stored on some server somewhere in the vastness of cyberspace. There are no limitations on the amount of data that can be stored or how long it will exist. Even casual browsing of Web sites can capture information about your interests, where you are surfing from, and the type of software you are using. Web sites can use cookies to track your activity on their sites and remember you from the last time you visited them. Cookies are small text files containing user information collected by a Web site and sent by the user's browser to the site's server, and vice versa. The Netscape cookie.txt file saves information about your access to the site. We will discuss in detail what this file is actually doing in Chapter 7, “Understanding the Online Environment: Web Surfing and Online Payment Systems,” and Chapter 8, “E-mail Security.” The following example is a shortened cookies file:
# Netscape HTTP Cookie File # http://www.netscape.com/newsref/std/cookie_spec.html # This is a generated file! Do not edit. .euniverseads.com TRUE / FALSE 1293839999 RMID ce8739a23a097b70 ww2.weatherbug.com FALSE / FALSE 2114399909 WeatherBugAff Value=1345100&Check=CHECK 216.60.197.200 FALSE / FALSE 2137622455 CFID 57776 216.60.197.200 FALSE / FALSE 2137622455 CFTOKEN 85398937 www.webfn.com FALSE / FALSE 1262304053 UUID 77964445-b5c2-11d4-80f2-00508b72c54e .msnbc.com TRUE / FALSE 1893456052 MC1 GUID=517C7F0920764BB08CC39E24E442CEA0 .msn.com TRUE / FALSE 1065294053 MC1 V=2&GUID=517C7F0920764BB08CC39E24E442CEA0 .msnbc.com TRUE / FALSE 1893456052 P1 0 .avis.com TRUE / FALSE 1293840056 RMID ce8739a23a0ae410 www.avis.com FALSE / FALSE 1293840056 AnalysisUserId 247973792274 .focalink.com TRUE / FALSE 1293796800 SB_ID 097379227600004952481660966006 ads.link4ads.com TRUE / FALSE 1893456066 uid 0xd3cb1fad3.0xce8739a2 .dell.com TRUE / FALSE 1293789606 Profile %7B042D91E4%2D852E%2D11D4%2DA7CD%2D00D0B746BE7A%7D .dell.com TRUE / FALSE 1132094802 MenuState 6 hc2.humanclick.com FALSE / FALSE 1005844596 HumanClickID 206.135.57.162-89709977 .mediaplex.com TRUE / FALSE 1245629120 svid 9743269150407631373464968610 .highschoolalumni.com TRUE / FALSE 1074326979 ATA highschoolalumni.974327316640.206
Using the information about what you are looking at and keywords you are searching for, sites can develop patterns of usage and tailor ads and marketing material to these patterns. Do you expect this type of information to be kept private? Just from browsing Web sites, companies can track what items are being searched for, where people are coming from, and how they are using the Web. Figure 2.2 shows a sample of the information that can be collected from browsing a company Web site and tracking what users are doing. Using Web log analysis software, such as Webalizer, we can see the ISPs surfers are using.
Figure 2.2. Webalizer view of users' ISPs.
There are no guarantees or laws to provide anonymity through browsing or a host of other features you use on the Internet, such as chat rooms, message forums, and FTP (File Transfer Protocol). Companies can track how you use the features they provide to you and build profiles of your activities.
Privacy Policy Usage
Companies are defining your rights for you in their privacy policies. Because the laws are still very vague, the Internet industry is performing self-regulation. This does not mean users will receive the best care when it comes to their personal information. Advocacy groups and several laws are paving the way for the industry to develop privacy policies and secure your data, but the implementation and interpretation is still up to each company. The Federal Trade Commission is encouraging sites to post privacy policies, but it does not have the power to enforce privacy polices based on any current laws. Several organizations that are actively encouraging privacy polices are TRUSTe (www.truste.org), the Council of Better Business Bureaus (BBB, at www.bbbonline.org), the American Institute of Certified Public Accountants WebTrust program (www.aicpa.org/webtrust/index.htm), and a coalition of companies called the Online Privacy Alliance (www.privacyalliance.com). These organizations and others feel we have a right to privacy and are trying to develop standards for those rights.
Privacy polices define what rights you have on each site you visit. They can range from absolute security and privacy of your data to giving away all rights to your data to the company, who can then do whatever they want with it. One example of a privacy policy that both keeps your personal information private yet gives the company the right to resell it is from iWon (www.iwon.com). Among its many features, this Internet portal gives away prizes. When you sign up for iWon, your preferences and personal information are stored. Part of the privacy policy says the following:
“We disclose our privacy policies and procedures in this document. We do not sell or rent your personally identifiable information to third parties for marketing purposes without providing you with a choice to opt out from such disclosure, which you can exercise at the “My profile” page. We allow all users to opt out at any time from receiving e-mail messages from iWon and third parties including selected iWon partners or from having information shared for marketing purposes with third parties including selected iWon sponsors or business partners. We allow users to access their user profiles and change information as they deem necessary.”
This policy is securing your information, but by default you have opted to let iWon give your personal information and preferences to business partners for targeted advertisements. To change this, you have to modify your profile and opt-out of the marketing blitz. This type of opt-out strategy is popular with many product companies that generate revenue from sales or advertisements. They are saying you have a right to privacy, but only if you figure out that you can keep your information private. They are not making great efforts to keep your data out of the hands of the mass marketers. In many cases, they are going to make money if they are able to gather more information about you.
You might have a right to privacy, but that doesn't mean it will actually happen. Laws have been enacted and proposed that both restrict our privacy rights and secure them. Our right to privacy is an on-going battle that we as consumers must take part in if we want to keep our information from prying eyes.