General
Computer Question 11: Are there privacy issues when using
computers and the internet?
Answer: With the increased use of computers for storing
large databases of information about individuals, the problem of privacy has
become a real concern. The government, as well as a number of businesses and
organizations, have compiled databases containing a variety of personal
information about each of us. The collection of information begins at the
moment of our birth and continues throughout our lives. Almost any activity
that requires the use of a computer, including registering to go to a school,
applying for a job, applying for a loan or credit card, entering a contest, or
getting a marriage license can result in your name ending up in somebody's
computer data file. The government itself has a variety of agencies that
collect information on its citizens: the Internal Revenue Service has an
electronic record of all of our tax returns, the Civil Service Department has
records on hundreds of thousands of government employees, and the Department of
Health, Education and Welfare keeps records on anyone who has received social
security, medicaid, medicare, or welfare benefits.
Most people understand the benefits
derived from electronic databases. For example, they understand that there must
be a computerized record if they are to receive their Medicare payment. But
some fear that this information could be misused. More and more personal
information is now accessible via the internet. There are occasionally reports
that agencies sell personal information for use as mailing lists by sales
organizations. Would you be concerned if, for example, the motor vehicle
department in your state began selling descriptive information gleaned from
your driver's license application? In some states, this type of information is
already available to businesses who specialize in putting together mailing
lists based on personal characteristics and preferences of value to businesses
who want to market their goods and services.
Nongovernmental agencies, such as
credit bureaus, also maintain databases that contain personal information about
us. Recently, some of these agencies have come under fire for selling our
personal information to businesses for marketing purposes. Businesses are
always looking for mailing lists that target people with particular
characteristics, and there is often some company or group willing to sell this
type of information. If you subscribe to a particular type of magazine, say a
computer magazine, you can almost bet you'll receive a subscription offer for
every other computer magazine that comes along. Or, if you enter a contest to
win a car, don't be surprised if you receive a phone call telling you about a
new condominium development in your area. Although, some of these agencies have
decided that a person's right to privacy takes precedence over a company's right
to make money, many agencies are still selling this kind of information.
Some people are also concerned that
by pulling together information from a variety of databases, it is possible for
individuals to obtain comprehensive information about us. Many feel that it is
one thing for someone to have information about our credit record, but it is
another thing altogether if someone is able to collect all of the personal data
that is available in all of the various databases and gather it into one computer
record.
In response to problems related to
privacy issues and computers, a number of laws have already been passed. The Freedom
of Information Act, passed in 1970, requires that government agencies allow
citizens to know what information is filed on them. The Fair Credit
Reporting Act, also passed in 1970, requires credit bureaus to allow people
to inspect and challenge any information in their credit records. The Privacy
Act of 1974 makes it illegal for government agencies to collect information
on citizens for illegitimate reasons. The Comprehensive Crime Control Act of
1984 made it a crime to access computers without authorization in order to
obtain classified information and protected financial information. The Electronic
Communications Privacy Act of 1986 provides privacy protection for computer
communications, including electronic mail. This act makes it a federal crime to
intercept these kinds of computer-based transmissions. Since these original
laws were enacted, a number of other follow-up acts have been introduced to
expand and clarify them at both the national and state level.
Answer: Along with the potential for the misuse of
personal information stored in computer databases, there are a number of areas
where there is potential for criminal activity related to the use of computers.
For example, because many computers are both valuable and transportable, they
are frequently targeted by criminals who steal them for their personal use or
to sell. When computers are stolen, it can be devastating both to individuals
and to businesses and other organizations because their important data is often
stolen along with the computer. The data stored in the computer can represent
hours and hours of irretrievable work. Because there is a real potential for
computer theft, it is important to follow certain security precautions. As
described below, the type of computer used (and the way it is used) should help
determine the type of security procedures that should be implemented.
It is particularly important to bolt
down light-weight microcomputers and peripheral devices. A number of different
manufacturers have produced security products that can be used to secure
hardware. Although, bolting down equipment will not always keep it from being
stolen, it does make the equipment less attractive to thieves and may encourage
them to look for an easier target.
Computer equipment can be protected
from theft to some extent by installing it away from high traffic areas in
windowless rooms behind locked doors. Although this may not be practical for
microcomputers which are generally installed on the desks of individual users,
it is possible to secure expensive mainframe computers or minicomputers in this
way. Because these large computers are generally controlled and operated by
computer professionals, it is possible to limit access to the equipment to
those people who are directly responsible for maintenance and operations. Doors
can have built-in security systems which require magnetically encoded cards to
be used or special codes to be entered before someone can gain access to the
room. Closed-circuit television cameras can be used to determine who has gained
access.
It is also important to set up some
kind of system to identify computer equipment in case it is stolen. A number of
methods can be used to permanently label computers and peripheral devices with
a unique identification number. Most computer equipment has serial numbers
which can be used for this purpose, but often these numbers are on plates that
can be removed from the computer. A descriptive list of all equipment,
including serial numbers, should be kept for insurance purposes. These numbers
can also be used to identify a computer if it is stolen and then recovered by
police. The list of equipment showing identification numbers should be stored
in a safe place. It is also helpful to have photographs of equipment to show to
insurance companies in case of theft and to maintain sales receipts or other
types of proof of purchase.
The theft and illegal use of data
is most often associated with large computer systems that are shared by many
users. This type of crime may entail the access of data by unauthorized users
or the illegal use of data by authorized users. Although many organizations
work hard to protect their data from illegal access by someone outside their
organization, statistics show that most often the person committing a crime
related to data is an employee of the organization, an insider. People who
access computers illegally from outside of the organization have been
nicknamed hackers, but computer hobbyists who like to
explore the lesser-known capabilities of computers are also referred to as
hackers. It is probably more appropriate to refer to those who access data
illegally simply as computer criminals. What happens once the criminal breaks
into a system depends on their motivation. For some it may be enough just to
know they were able to get past the security measures and gain access to the
system. For others, the intent is to make an illegal copy of the data stored in
the system, alter it, or even erase it. The computer criminal's purpose may be
to sell the data or use the information illegally. There are also ways to
profit from gaining access to banking or credit information. In some cases, the
criminal may be trying to damage the organization that stored the data by
damaging the data itself.
Most organizations protect their
important data by requiring each employee to enter a special password each time
they use the data system. This password protection not only limits access to
the data, but it also identifies each user each time the data system is used.
However, someone with a great deal of knowledge about computers might find a
way into an organization's data system despite a password protection system.
Upon analysis, many organizations have been found to store important information
in computers without the use of any data protection system. It is especially
common to find unprotected data stored on microcomputers on individual desks.
Even when important data is protected on a large computer with a secure
password system, legal users of the data may have downloaded the data to a
personal computer's storage system, leaving it unprotected.
No comments:
Post a Comment