Privacy and Security Within

Privacy and Security within

the Government and the Workplace

April 9 – April 13

Privacy:
Privacy and Employees:
Employees have concerns about their information from the time they begin working with an organization (p. 356).
They will know your personal information from your application.
They might check your credit rating.
They might check talk to your previous employer.
They might ask you to take drug and psychological tests.

Businesses have a good reason for seeking and storing personal information on employees (pp. 357-358):
They want to hire the best people possible.
They want to ensure that employees are conducing themselves appropriately and not wasting company resources.
Cyberslacking is a form of misuse of organizational resources, includes visiting pornographic sites and news sties, chatting, playing games, shopping, sports scores, etc.
They can be held criminally liable for the actions of their employees.

Privacy and Consumers:
Your customers are picky bunch. Customers want businesses to know who they are, but at the same time, they want them to leave them alone. They also want businesses to provide what they want, but at the same time, they don’t want businesses knowing too much about their habits and preferences (p. 359).
A company may collect its own information about you when you visit their Web site. It may collect information from other sources, such as credit card companies or web tracking companies (p. 359).

Cookies:
A cookie is a small file that contains information about you and your Web activities, such as which Web sites you visit (p. 361).
A cookie has many uses (p. 360):
It keeps your logon name and password information.
Stores the contents of electronic shopping carts.
Tracks your Web activity.

Spam:
Spam is unsolicited e-mail from businesses that advertise goods and services (p. 360).
There are filters to block out spam, but spammers are clever and are constantly figuring out ways to beat the filters (p. 360).
For example, spammers figure out ways to disguise the e-mails (p. 361).
2/3s of all e-mail is spam (p. 361).
Congress passed the CAN-SPAM Act in 2003. However, it has little chance of success because spammers spoof their e-mail (p. 361).

Adware:
Adware is software to generate ads that install themselves on your computer when you downloaded some other program from the Web (p. 362).
Generally, most people actually agree to install adware on their computers. They agree by clicking “I Agree” without actually reading the license agreement.

Spyware is software that comes hidden in free downloadable software and tracks your online movement, mines the information stored on your computer, or uses your processor and hard drive storage to perform some other task you know nothing about (p. 362).
Spyware can stay on your computer long after you remove the original software (p. 362).

Privacy and Government:
The government is a major source of maintaining personal information about individuals and maintains over 2000 databases (p. 363).
The government needs this information to maintain its various social programs (p. 363).
The government also needs this information for the purposes of law enforcement (p. 363).
For example, the NationalCrimeInformationCenter (NCIS) database contains information on the criminal records of more than 20 million people. It stores information about outstanding warrants, missing children, gang members, juvenile delinquents, stolen guns, etc. (p. 363).

The FBI uses a tool known as DCS-1000 to trap all e-mail sent and received by the target of the investigation. DCS

requires a court order (p. 364).

The National Security Agency (NSA) uses a system called Echelon that uses a global network of satellites and surveillance stations to trap phone, e-mail, and fax transmissions (p. 364).
Some law enforcement agencies also use cameras along with facial recognition software to compare faces with pictures in a database of pictures of suspected criminals and terrorists (p. 365).

The U.S. Government has a large number of laws concerning information privacy. Several are listed on p. 367:
Health Insurance Portability and Privacy Act (HIPAA) is a series of rules that help keep patient information confidential.
The Freedom of Information Act allows any person to examine government records unless it would cause an invasion of privacy.
TheUSA Patriot Act allows law enforcement broad access to any information when investigating terrorist or hostile acts.

Security:
Most press reports focus on outside attacks on computer systems, but actually, companies are in far in more danger from employee misconduct than they are from outsiders (p. 369).
Fraud examiners have a rule of thumb. In any group of employees, about 10 percent are completely honest, 10 percent will steal, and for the remaining 80 percent, it will depend on the circumstances. Most theft is committed by people who need money, have access to funds that are poorly protected, and perceive a low risk of getting caught (p. 370).
Companies also focus on threats from outside the organization 85 percent of large companies and government agencies were broken during 2001, but only 35 percent wanted to put a figure on the loss (p. 371).
Hackers are generally very knowledgeable computer users who use their skills to invade other people’s computers (p. 372):
White-hat hackers find vulnerabilities in systems and plug the holes.
Black-hat hackers break into other people’s computers and do harm.
Hacktivists break into systems for political and philosophical reasons.
Cyberterrorists are those who seek to cause harm to people or to destroy critical systems or information.

Security Precautions:
The only truly safe computer is one that is never connected to another computer (p. 373).
Precautionary measures you will definitely want to consider are anti-virus software, access authentication (password, biometric identification, etc.), backups, encryption, etc.