Kitsap Peninsula Business Journal Article - News, Business, Homes, Politics, Automotive, Reviews, Bremerton, Silverdale, Poulsbo, Gig Harbor, Port Orchard, Bainbridge

2-4-2004

Guess what ‘they’ know about you…
Online privacy may appear to be fading
but experts say there is hope
By Rodika Tollefson

With home invasion, robberies and other crimes being so prevalent today, anyone would consider leaving a door unlocked or a purse visible in a car less than prudent. Consumers arm themselves with home security systems, buy weapons for personal protection, up martial arts training, or use those blasted car noisemakers they call alarms.

But while being street smart and savvy about personal protection, those same people are completely oblivious about a new breed of criminals, one that the Information Age has nurtured and educated, then unleashed out in an invisible world that crosses borders, cultures and languages. For the average American, the Internet has become part of a lifestyle, an undisputed necessity like a morning cup of coffee or the daily news. And what those Americans are not aware of is that on a daily basis, they are leaving their front doors open, the security alarm disconnected, and virtually inviting in the criminals —cybercriminals.

“Most consumers are not aware of it, because they just want to travel the Internet freely, said John C. Myung, vice president of product marketing at RedCannon, a security software developer. “Security software can be intimidating and most times you can become a victim and not even know it.”

What information are consumers advertising on the great information superhighway? For starters, how many never check — or don’t even know how — whether a site is encrypted while transmitting personal data like Social Security Number, credit card accounts, mother’s maiden names? Even the SSN of Attorney General John Ashcroft can be – and was — bought by anyone with a spare 26 bucks, a computer, and a little know-how.

Closer to home, one local, prominent car dealer takes credit applications online on an unsecured site. If that information gets intercepted during transmission, those would-be buyers too can expect to have their private data on a virtual billboard on Cyberroute 66 displayed for anyone looking.

The problem is those consumers behave online the same way they behave “offline,” leaving a digital paper trail that can be swept up, archived, and recycled indefinitely. Anything from buying habits, income, number of children, age is up for grabs for marketers (yes, spammers), Social Security and credit card number peddlers, or just anyone curious to know more about thy neighbor.

“Ten years ago when most information was kept offline, individuals were less concerned about their privacy. Offline data is hard to move around,” said Richard Purcell, former chief privacy officer at Microsoft who is now the CEO of the Corporate Privacy Group. “That friction has been reduced by our technology, and that does not mean we should not have been concerned about it 10 years ago, we just didn’t see it as much.”

Not only has technology given “the bad guys” new gadgets and tricks for their dealings, it has also made it much easier for them to hide. It’s not uncommon for hackers to be operating from some place like Russia or Eastern Europe, targeting consumers and companies in the United States.

The gadgets used vary. Spyware cookies or actual spyware, for example, can collect information such as IP address that identifies each computer that uses the Internet, and is commonly embedded on Web pages or in HTML (rich text) e-mail. Most collect limited information, such as how much money did someone spend after a particular advertisement, but many get a lot more aggressive. And the problem is that if someone releases one bit of information to one company, and a different bit to another while using the same e-mail, that information can eventually be cross-referenced, and a profile with a name, buying and surfing habits, travel choices and diet preferences becomes stored in some database.

Spyware is a particularly pesky creature, as it cannot be detected by virus software, can sneak past some firewalls, and can only be sniffed out or stopped by spyware removal software. Other nuisances, some more serious than others, include keyloggers that can read keyboard strokes and send back passwords and other information; worms that do the most harm by disabling a lot of computers and networks and creating huge confusion amid uneducated users; and secondary software that comes with downloading free programs that next thing you know camps out on the hard drive using the spare power of the PC to process some mathematical problem. Sure, the software provider states clearly in the “terms of service” that such intrusion is imminent by using its “freebie” — but how many people would hire their lawyer to read through the tomes of disclosure terms and translate them into something like …say…English?
Security experts recommend the bare minimums for online protection such as virus detection software and firewalls. The trick is they have to be up to date, so just installing them on a machine five years ago is like having a blind and deaf dog guarding a house. More companies recognize now that consumers don’t want to bother with keeping up with one more task, so they include automatic update retrievals for the software, and toss in additional benefits like patching up a system like Microsoft Windows with one click. Poulsbo-based eAcceleration, for example, is offering the whole nine yards in its package, from virus and spyware detection to automatic updates and firewall to spam and pop-up busters and, soon, easy patches of security holes. Myung’s RedCannon has a similar package with easy to make software updates, as do other software retailers trying to make basic protection painless.
Got all that done? It’s not time to relax just yet. The biggest threat out there yet, some experts say, are those living and working next to you — neighbors, friends, co-workers, bosses. “Many people are worried about the government snooping but …they should consider threats most immediate to them,” said Dean Krent of Chicago-Kent College of Law, a constitutional scholar and expert on privacy issues who was part of the Illinois Institute of Technology team that evaluated the government’s e-mail surveillance system formerly known as Carnivore. “Do you know all the sites your son and daughter visit? Do you read your husband’s e-mail? In most work places, the employer has the right to monitor you…”

And then there is the big fish, companies that do business with thousands or millions of consumers. Not even online giants like Amazon or eBay are immune, as past hacking incidents have shown.

“Most hackers are broadly scanning the Internet and when they see a computer that is not patched,” they can invade the machine and most time go undetected for months, said Ryan Kalember, senior consultant at Guardent, a security consultant company. “I wouldn’t say they are totally random. Home users are most vulnerable ….but most times they are of little value. The biggest risk is for corporations, because it’s a bigger pot of gold to crack a database with 25,000 credit card numbers.”

So now that the situation is out of an individual’s hands, should everyone just look the other way and trust that companies will fix it, eventually? Not really, experts say. While with time people may become accustomed to live in a much less private environment, tolerating criminal behavior, online or off, is just not an option, and neither is giving up personal freedoms in the name of security.

“There will always be people who break the law to cut corners, through malice or stupidity, and it doesn’t matter what technology they use,” Purcell said. “…Today’s issue of cookies and spam will look silly five years from now. There are more important things like cell phone tracking and so on.”.