THE VIOLATION OF PRIVACY DURING INFORMATION WARS

 < Day Day Up > 



Privacy—who could possibly be against it? Not IBM, which has vowed to yank all its ads from Web sites that fail to post a clear privacy policy. Not America Online, which promises never to disclose information about members to “outside companies.”

And certainly not Microsoft, which in 1999 threw its weight behind a plan that could one day let people skip automatically past sites that don’t meet their privacy standards. The biggest collectors of information, it seems, are suddenly in the forefront of the campaign for our right to be let alone.

Privacy protection is good for business (see sidebar, “Cyberattack Protection Plan”). But it may not be quite that simple. True, millions of Americans are wary of the Internet, and surveys suggest that many are hanging back because of confidentiality concerns.

start sidebar
Cyberattack Protection Plan

Privacy advocates in 2000 raised red flags before a U.S. Senate Judiciary Subcommittee looking into privacy implications of a plan to safeguard critical systems against cyberattacks. Critics of the plan charged specifically that it relies too heavily on monitoring and surveillance, instead of simply focusing on making systems more secure.

Called the “National Plan for Information Systems Protection,” the plan will eventually loop in critical systems for communications, transportation, and financial services. There is disagreement as to whether an intrusive, government-directed initiative that views computer security as almost solely defending cyberspace from foreign assault is the right way to go.

The Electronic Privacy Information Center (EPIC) especially took exception to the plan’s inclusion of a Federal Intrusion Detection Network (FIDNet). Under the plan, a single government agency would be allowed to monitor communications across all federal networks.

FIDNET would require notification to all users of federal systems, including government employees and the public, or would break various privacy statutes including wiretapping guidelines. EPIC officials indicated that the government’s security policy overall has been inconsistent because it has prevented availability of some encryption and security tools.

The plan is designated Version 1.0 and subtitled “An Invitation to a Dialog” to indicate that it is still a work in progress and that a broader range of perspectives must be taken into account if the plan is truly to be national in scope and treatment. Part of the unfolding plan calls for a partnership between Fortune 500 companies and all levels of government to work out details for safeguarding computers.

Privacy must play a key part in any efforts to hone details of the plan. The government is just now digging itself out of the many mistakes that were made over the past decade with computer security policy. This is not the best time to be pushing an outdated approach to network security.

end sidebar

However, the recent frenzy of corporate initiatives is only partly about building public trust. It’s also about fending off legislation. Corporate America is mobilizing against the threat of a broad federal privacy-protection law. In particular, businesses are disturbed by one likely element of such a law: a subject access provision that would allow citizens to find out what companies know about them and how the information is being used.

To comply with such a measure, corporate information systems would have to be retrofitted to serve a purpose for which they weren’t designed—a vastly expensive undertaking that worried executives liken to the year 2000 problem. The technological costs, however, could be exceeded by the psychological costs.

Junkbusters

If subject access becomes law, Americans will be stunned to discover how much data large corporations have on them. People are going to be horrified.

So far, the United States has addressed the subject on a case-by-case basis. The confidentiality of video rentals is protected, for example, because a reporter got hold of Robert Bork’s rental records during the fight over his failed nomination to the Supreme Court. Otherwise, corporate lobbyists have sold Republican and Democratic leaders alike on their view of the Internet economy as a tender, if vital, young thing needing protection from the regulatory mechanisms of the past.

The market can do the job. In addition, companies are banding together to develop privacy guidelines, hoping to show that they can regulate themselves. That premise, however, is under mounting attack on two fronts, domestic and foreign.

The immediate pressure is coming from Europe. A European Union privacy directive that took effect in October not only includes subject access but also requires that, when soliciting information from people, companies clearly spell out what they intend to do with it. This concept is anathema to many large U.S. companies. Accustomed to collecting data for hazy purposes (a “personalized experience”), businesses reserve the right to discover more specific uses or sell the information later on.

But the most annoying element of the EU directive, as far as U.S. corporations are concerned, is a ban on transborder shipment of data to countries that don’t offer “adequate” privacy guarantees. The Sabre Group, a Texas-based airline-reservation network, is fighting in Swedish court for the right to maintain in its global data bank such facts as a passenger’s wheelchair use or preference for kosher meals. Prodded by Sabre and other large information-oriented companies, the U.S. government is trying to convince European officials that the argument isn’t really over the degree of privacy protection, but over two different “cultural perspectives.” The Europeans have gone to ridiculous extremes, creating privacy commissions and “privacy czars” to deal with such trivialities as L. L. Bean’s decision to send out a catalog of their home products as opposed to their clothing products.” Literally interpreted, the EU directive would bar a traveling American business executive from flying home with the names and phone numbers of European clients in his laptop.

Double Standard

Such fears are overwrought. But the European officials point to deep historical reasons (including Nazism) for their view of privacy as a basic human right. The White House is not in any position to cut deals on that, any more than the British are in a position to cut deals on the U.S.’s First Amendment. But if Washington has to make concessions, U.S. multinationals could find themselves in the ticklish position of explaining why they have granted rights to Europeans that they are trying to withhold from Americans. The self-regulation concept has already suffered a series of embarrassments at home. In 1999, Microsoft was discovered to be collecting data on users who had expressly requested anonymity.

Privacy advocates agree that there are informal and technological fixes for many of the problems. On-line privacy protection has the potential to become a significant industry in itself. But it will grow much faster with legal incentives. In the absence of sanctions, the privacy commissioner of Hong Kong claims that self-regulation amounts to putting Count Dracula in charge of the blood bank.

Oddly enough, the concept of subject access originated in the United States, with the Fair Credit Reporting Act of 1971. Credit companies have been living quite profitably with the rule for over 30 years.

Many of the same companies that have been battling against a federal privacy law, have pressed Congress to enact more stringent copyright and patent laws. They’re only against regulation when it’s something they don’t like.

Exposed on-line? On the Web, your personal life is merely marketable data. Learn how to protect your personal information on-line next.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net