Security and Privacy of Information
Security threats to technology systems continue to grow, with more than 76,000 security incidents identified in the first six months of this year compared to about 82,000 for all of 2002. Users are increasingly demanding authorized access and use only, while most companies report having at least the fundamentals of IT security in place, including firewalls (81%), antivirus software (79%) or using virus protection access management and other security applications (71%). It is estimated that an average of 5.4% of IT budgets will be spent on security in 2003. Many tools are helping to manage access and determine what's on the network, but in no way has the problem been solved. Many serious consequences have resulted due to the lack of security, including:
Identity theft. Individuals are buying millions of dollars worth of merchandise using other people's credit cards. As stated in InformationWeek (Aug. 4, 2003), about 7 million individuals found themselves guilty of identity theft, an increase of nearly 80% over the 1.9% rate reported in February 2002. According to research and advisory firm Gartner Inc., only one in 700 of these thieves may be identified because this crime is often misclassified. A presidential commission has recommended that the U.S. Postal Service (USPS) work with the Department of Homeland Security to develop sender identification technology such as personalized stamps that embed digital identification information. However, civil liberties groups and others are objecting to what's being called "intelligent mail" for all users. USPS has not accepted the commission's report, but d'es intend to award a contract in November for mobile data-collection devices that could serve as intelligent mail scanners.
Student access to data. Loaded with course grades, credit card numbers, home addresses and social security numbers, educational records hold particular fascination for hackers, most of whom are curious students. According to the National Center for Education Statistics, 99% of all public schools have access to the Internet. Most schools rely solely on teacher monitoring and a student honor code. Many schools even allow students to manage their own accounts, register for classes and pay tuition online. Thus, data such as student and alumni records, social security numbers, credit card numbers and other personal information must be secured.
Abundance of spam. Unsolicited e-mail advertisements, commonly known as spam, are estimated to cost about $875 for each employee per year. One statistic states that 49% of users spend from 40 minutes to almost four hours a week deleting spam. Many users are installing anti-spam software, but legally there is very little that can be done against spammers directly. Several bills are being discussed in Congress, but bickering between Democrats and Republicans is delaying the process. Conversely, the European Union has declared that an e-mail account is more private than a mailbox, and a business needs explicit permission before sending an e-mail message.
Filtering devices. Filtering software is being installed in more networks and on more computers, but it is also raising some questions as to what, when and how to filter. For example, librarians are challenging the way filters are used, while school administrators have transferred their decision-making authority to private companies with little public disclosure and credibility for their decisions. Therefore, override capabilities should be made available to educators.
We know the problem of security and privacy of information will not go away. It is recognized as a serious problem that requires top priority. For example, in the Palo Alto Unified School District in California, where wireless computer connections are used throughout its offices and on various campuses, a reporter from the Palo Alto Weekly was able to obtain students' grades, home phone numbers, addresses, medical information, psychological information and full-color photos of the students using a laptop and wireless connection card. This situation has been given top priority by the district.
However, what extreme situations are we willing to tolerate. When public schools in Biloxi, Miss., opened last month, the district had digital cameras recording each minute of every classroom lesson. Now, hundreds of Internet-wired cameras are running all day in an effort to deter crime and general misbehavior among the district's 6,500 students and teachers. The system lets principals and security officers view a classroom from any of the school's computers by using a password.
We must all be fully aware of what is happening to information, which we previously thought was private and secure. Perhaps, we need more education as to what we should and should not do.
This article originally appeared in the 09/01/2003 issue of THE Journal.