Financial Times
- Someone broke into the business-to-business Web site fro SalesGate.com and stole abut 3,000 customer records, including credit card numbers and other personal information. He posted some of the information on the Internet.
Telegraph
- Convicted criminal hacker Kevin Mitnick testified before Congress. He told them that social engineering is a major security vulnerability. He can often get passwords and other secrets just by pretending to be someone else and asking.
The Independent
Current Situation:
Personal privacy today is a controversial and complex topic, which is influenced by a number of factors. There is an integral role that databases play in this highly debated topic. The fact that many people now carry out their transactions electronically is another important factor. There is also pressure on personal privacy for increased national security around the world to combat terrorism. In addition, personal privacy is even threatened by commercial factors and the Internet.
As technological possibilities to collect, store, analyse and distribute information about virtually every aspect of an individual’s life have become almost unlimited, this power risks being greatly diminished. Especially in today’s public communication networks that include not only fixed telephone networks but also mobile networks and the Internet, personal information can be transferred with great ease and even largely invisibly.
The Government: As a result of new national security concerns several nations have adopted laws
that allow the government to monitor your computer without your knowledge or consent.
Examples:
Bar owners are harvesting personal data from driver's licenses
The story talks about a device the bars can use to scan the license, determine whether it's valid, and whether the patron is older than the legal drinking age. So far, no problem but the device can also collect the owner's name, address, date of birth, height, weight, eye colour, and sometimes Social Security number from the magnetic stripe on the license. According to the article, about 40 states now include variations on this information on their licenses.
The bar owners know they've found a treasure trove, allowing them to mine the data to see how many 25-year-olds from the suburbs come in on a particular night or what the ratio of male to female is. But some are going beyond aggregate data and are already planning to use the data to build mailing lists to market themselves to certain groups.
The main problem is that those people who hand over their licenses think it is only to determine whether they can enter. Perhaps few realise that they are turning over data that could be assembled and sold to outside businesses for more aggressive marketing.
The devices are spreading beyond the bars, according to The Times, and are popping up in convenience stores as well as a variety of other operations. More places are expressing interest.
The New York Times (August2003)
Use of IT
Information Technology (IT) is defined in the dictionary as:
"Any equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources."
In essence Information Technology (IT) is your PC, telephone, fax machine, printer and much, much more. From the software applications you use to write emails and letters through to the massive systems that make up the World Wide Web, Information Technology is in use everywhere.
Although no one can guarantee a country's total security, technology could potentially come close. As advanced technology creates problems for the protection of privacy, it can also provide a large part of the solutions. Networks, hardware and software can and should be designed, or redesigned, to put the user in control of his own personal information and his private sphere. But given the considerable commercial and state interests in the collection of personal data, this will only happen with a clear, enforceable legal framework guaranteeing the individual’s right to privacy and regulating the measures to achieve it.
Ethical issues & Legal boundaries
Most countries have laws protecting individual privacy. The EU has the Data Protection Act of 1995. Organisation that collects personal data must register with the government, and take precautions against misuse of that data. They are also prohibited from the collection, use and dissemination of personal information without the consent of the person.
Organisations also have the duty to tell individuals about the reason for the information collection, to provide access and correct inaccurate information, and to keep that information secure from access by unathorised parties. Within Europe, the individual’s right to privacy is firmly embedded in the European Convention on Human Rights & Fundamental Freedoms
Cultural relativism is a view that says what is “good” is the equal to what is “socially approved” by the majority of a culture. Given this, what is considered ethically good really depends on the context of a given culture. What is “good” for one culture does not mean that the same is true for another. In the case of databases versus personal privacy, such a view can be of merit.
The way that data is viewed by the culture in Europe is much different than that of the U.S. Europeans take privacy very seriously. This attention to privacy is likely the result of the Nazis using commercial and government files to track down Jews, communists, resistance fighters, and the mentally ill in World War II. Whereas the U.S. inherently hasn’t paid much attention to database privacy until standards were put forth by the EU.
Even so, companies are reluctant to adopt EU standards. A group of 10 American companies, who call themselves as the Global Privacy Alliance (GPA), protested that strict EU privacy laws hindered the flow of information between companies. The list of companies includes IBM, Oracle, and VeriSign. They claim that the EU directive makes it difficult for companies to engage in the kind of dataflow that they claim is vital to modern e-enabled businesses. There is an obvious gap between the two cultures, one that is market driven, versus one that emphasises personal privacy. Nonetheless, exporting databases to the U.S. is not something that European companies feel comfortable about.
With respect to national security, governmental databases would also need to exchange data among databases similar to companies in the GPA. Large amounts of information from autonomous systems would be amassed into a huge collective system. The end result would be reduced privacy. From a cultural relativist point of view, these two cultures have different priorities when it comes to databases and privacy. The U.S. is less concerned with personal privacy, which is reflected by a government that is moving toward an integrated database system. On the contrary, European countries hold privacy in high regard, and many are going with a less intrusive implementation of national ID cards.
Recommendation:
The issue of databases and privacy involves a delicate balance between security versus personal privacy. This is an issue that affects everyone around the world and requires awareness. Privacy is something that we all have a right to, but it is also something that is increasing difficult to maintain.
Our society is constantly becoming more electronic in nature. All of our information concerning births, marriages, divorces, property ownership, voter registration, workers compensation, etc. are already stored in databases. Transactions placed through ATMs and credit cards are all recorded. Then there’s the Internet, which provides endless possibilities for information gathering. Collectively, data from across databases can be gathered and analysed through data mining to extract useful information.
Ultimately, although personal privacy is sacrificed, a system that combines databases will have a multitude of uses in fighting terrorism and other related issues. The reason for this falls upon the common good and utilitarian perspectives. Although privacy of individuals is decreased, the potential for preventing future disasters is invaluable. In the case of September 11th, the FBI, CIA, and other related intelligence agencies were helpless in preventing the disaster because they simply either had too much or too little information to go by.
In either case, a collective database system would be a valuable asset. Firstly, if the system were integrated with both federal and commercial systems, intelligence agencies would have an overwhelming amount of information. Secondly, since there’s so much information data mining is a must. OLAP, or OnLine Analytical Processing, is synonymous with data mining.
The drawbacks of the system relate to abuse and misuse, the human factor. If the system is controlled only by designated and qualified individuals, not simply any federal authority, then the cost to privacy is somewhat minimised. Assuming there are the right controls in place to monitor the uses of the system, the degradation to personal privacy is kept at a minimum. In the end, such system has so much potential that the cost of personal privacy is an acceptable price to pay.
This notion of fixing a security flaw after it becomes a problem won’t work on the Internet. Attacks can be automated,and they can propagate to unskilled attacks quickly and easily. It is not enough to react to fraud after its been demostrated to work, we have to be proactive and deal with fruad before it happens.
We have to think about protecting data that can cause harm, rather than about protecting all data. We desperately need a core of privacy, but that word will be redefined year by year by agile citizens. We'll learn to pick and choose a few secrets.
Conclusion
In conclusion, we all know without some privacy, we couldn't stay human. But we'll be better equipped to defend a core of essential privacy if our overall civilization is open enough to let us catch the Peeping Toms and power abusers.
Better, more intrusive technology is going to limit our ability to stay anonymous. In 5 or 10 years, you'll have eyeglasses that scan any face on the street, look it up on the Internet, and provide captions as you walk by. This will be a return to the village of our ancestors, where they recognized everyone they saw. No one will be a total stranger.
Different security technologies have important place in an overall security solution. Privacy violations can easily lead to fraud, whatever data can be exploited, someone will tri it, computers or no computers.
As Whitfield Diffie has said ‘No right of private conversation was enumerated in the constitution’ we don’t suppose it occurred to anyone at that time that it could be prevented.
The ability to have a private conversation, like the ability to keep your thoughts in your head, was a natural consequence of how the world worked. Technology had demolished that world view, powerful directional microphones can pick up conversation hundreds of yards away.
It is plausible that we could soon be living in a world without expectation of privacy, anywhere or at anytime.
References
Bibliography
Secret and lies
Bruce Schneier 2003
Published by
John Wiley & Sons Ltd