Thursday, December 29, 2011

Securing Patient Data

There are new privacy concerns that were triggered by the continuous increase in data breaches at health care providers. There were some studies conducted to pinpoint the main cause of this exasperating situation. There were some that put the blame on insufficient funding for security, while others said that the sudden surge in data breaches is due to devices that were either lost or stolen. The first reason could be explained by the government’s priorities in distributing funds, but it is not good to hear that there is human error, or that health care professionals are not well informed about securing patient data.

Almost all private and public organizations are now using mobile technology in their daily operations. People in these organizations use smartphones or tablets to conveniently manage data because doctors and other health care professionals discovered the convenience of using these gadgets for electronic health records. These tools, however, do not possess the much needed, necessary security. Because they do not have enough background, some doctors are using these gadgets without taking advantage of the use of encryption technology, or even passwords.

A spokesperson from the American Health Information Management Association saw the need for education and awareness. He said that training sessions on the use of mobile technology in relation to data management are already being implemented. But he also added that these are not as effective as education and awareness. There must be better involvement if health professionals are to have the sufficient awareness of patient data security.

It is surprising to note that at present, 4 out of 10 health care professionals surveyed believe that patient data accessed by mobile devices is secured. An added surprise comes from knowing that 81% of them are using these devices to collect, store and transmit patient records. But the shocking detail is that almost one-half of the participants surveyed revealed that their organizations do not have any data security mechanism at all.

Image: winnond / FreeDigitalPhotos.net

Monday, December 26, 2011

Still on Health Record Breaches

The number of hospitals in the United States that are adopting electronic medical records is continuously growing, but according to a study from the Ponemon Institute, insufficient funding for security has also triggered a surge in patient data breaches. A recorded 32% increase in data breach incidents from 2010 to 2011 tends to support such a claim. Hospitals say that there should be enough funding from the agency concerned in order to ensure patient privacy.

Converted into cost, the health care industry lost an estimated $6.5 billion just last year alone. Nearly one-half of the health organizations that were surveyed said that the major cause of this was lost or stolen devices. The survey included 72 hospitals and health care providers, but the names of the organizations were kept private.

Observers see that the condition is getting worse, mainly because security seems to not be given any major importance. They also anticipate that it will not get better given the policy of providing incentives to doctors and hospitals that implement digital health records. More patient records will be exposed to theft with the compensation budget that reaches up to $27.4 billion. Health care organizations then rush to speed up health records, but there is no corresponding needed security.

Another study showed that more than 50 percent of the organizations surveyed blame insufficient funding as the reason for such breaches. There are existing data breach notification laws that order organizations to report to the Health and Human Services Department those breaches that involve more than 500 people. The agency then makes a list of those affected and posts these violations on its website.

There are laws on federal privacy that health care providers and employer-sponsored group health plans are obliged to comply with. These laws require periodic audits to be conducted by the Health and Human Services Department. This is to carry out security risk reviews and assess security and breach notification policies. This mechanism ensures that organizations have their privacy, security and breach notification policies in place.

Image: Salvatore Vuono / FreeDigitalPhotos.net

Monday, December 19, 2011

Anti-Hacking Laws Must be Updated

Lawmakers are busy looking into the 1986 anti-hacking law primarily because it no is no longer up to date with the current online “culture”. Without the needed changes, the law would punish even innocent web surfers. But those concerned with its updating are very careful because changing the penalties might not sink the law’s teeth in legitimate criminals. Revising the Computer Fraud and Abuse Act should not set aside the civil liberties of users while seeing to it that cyber-criminals are prosecuted.

One important revision that has to be made is in the power of government to penalize users who violate a website’s terms of service agreements. A law school professor openly said that the present state of the law is harsh. He added that it threatens the civil liberties of Americans who simply give false information on Facebook and other sites.

The professor gave some typical examples in his written testimony of how millions of users give fake information. He wrote that a user could be held criminally responsible for simply writing that he goes to the gym every day when in fact, he goes there only once a month. He added that the millions of users who supply false information about their height, weight or age could be considered criminals. He also mentioned a study that suggested 8 out of 10 users provide false information in their profiles. Incredible, but there are millions of Americans out there who are cyber-criminals!

One critic deemed it necessary for lawmakers to spell out what the law actually means, particularly with the phrase “exceeds authorized access”. This will set the limits of employers to penalize those employees who break terms of service agreements. The same critic also said that the revisions should make those federal employees who are handling confidential information answerable.

Such initial steps and suggestions would narrow down the prosecution threats to those breaches committed by government employees. A letter was co-signed by organizations that have been known to protect consumers and citizens. They laid down their common concern of defending people who break site service contracts by “accident”.

Friday, December 16, 2011

Online Job Hunting Scams

You should read about these phishing scams that you might run into, so you could have the understanding on how to handle them. If you want to find a job online, be cautious of those that encourage you to send personal information. There are many online criminals that hide behind legitimate job sites just so they can appear legitimate too. Some of them will use familiar-looking logos and convincing words that could attract your attention. The truth is that they will only lead you to fake websites that appear to be owned by legitimate companies.

Aside from asking for personal information, another method of operation is charging fees for services that they do not really provide. Many people have been victims of this kind of scam where they paid for services that are nonexistent. This idea of online fraud is so effective that more victims are coming forward to present their complaints. These criminals are not easy to catch because they “close down” their operations after a while and then leave without a trace.

If you are an online job seeker, it would help if you bear in mind these few tips that would help to protect you. Do not give any personal information unless it is related to work. Be alert when a prospective employer asks for your social security number, date of birth, home address, etc. It is strongly advised that you should not give out this kind of information over the phone, through email, or via fax.

It is said that your resume is one of your most valuable “assets” in job hunting. It carries with it such vital information about you that it has to be kept private. Never give away your resume unless you have a compelling reason. When posting your resume online, opt for a job site that has a clear privacy policy. Choose one that validates recruiters before permitting them to gain access to your records.

It is a good practice to verify a prospective employer or recruiter. Look for the company’s contact number and find out if it really exists. If you find it necessary, you can even visit the company yourself during regular work hours. Only after verifying the company’s legitimacy should you give consent to a background check if they ask for one.

Image: photostock / FreeDigitalPhotos.net

Wednesday, December 14, 2011

Fake E-Card Scam, Beware

Have you noticed that more users are becoming victims of phishing scams? New phishing scams crop up whenever there is an event that is getting the attention of a large number of people. It could be a natural disaster, an election, or even developments in the world financial system. It is best to make yourself aware of how scammers entice their victims to give in to their tricks.

Beware of fake e-cards, especially during the holiday season. In reality, these e-cards may be a phishing scam, spam, a spyware installer, or a virus. E-cards are links that are sent to you, which you can click on to open the “greeting card”. Needless to say, once you click on the link, you are actually opening the “website” where your greeting card was created. This is where the danger of downloading something that could be very destructive is.

So how do you avoid fake e-cards? More often than not, scammers send fake e-cards using reputable companies in order to appear more convincing. On your end, you must be alert to recognize the sender of the e-card. If you do not know the sender, do not trust the e-card. If you are familiar with the company that sent it to you, it is obvious that you have your own way of telling that the email is not a fraud.

You must check the display name and the sender’s email address. When you are in doubt as to the sender or the intent of the email, never click on any links. Most importantly, do not download anything, even if the source seems legitimate. When it comes to a file attachments, do not open or download any attachment unless you are sure of its origin.

In case you happened to open a seemingly legitimate website that has an end-user agreement, take the time to read all of it. Of course, it will take a lot of time to read all that fine print, but it is a must. You might be agreeing to install something that you do not want, like spyware.

Tuesday, December 13, 2011

Cookies No More

The Federal Trade Commission (or FTC) is in the process of improving internet privacy protection. If the plan goes through, this time it will be brought to a new level. This will be done without prejudice to innovation on the internet, but with enhanced consumer protection. Among other things, the proposal by the FTC includes innovative functions such as “do not track” and several others.

When internet technology was significantly developed, online activities of consumers started to be tracked by the use of “cookies”. To do this, websites send cookies to the consumer’s computer, making it easy for data miners to easily know consumer behavior online. Having gathered enough information, companies can then target specific products and services to online consumers. It is not easy for consumers to guard themselves against this because only very few of them know how to turn off cookies. They have to painstakingly find out the browser’s privacy settings so that they can opt out of cookies. However, this is easier said than done, even for the experienced user.

Some consumers might find data mining beneficial to them since they can get special offers and discounts if they continually buy the same product. But this is only true to some, because most consumers consider targeted advertisements annoying and threatening to their privacy. That is why authorities never give up in finding ways to protect consumers from these types of unwelcome ads.

The FTC wanted to make things easier for the “opt out” issue through the issued proposal. Once approved, consumers can opt out of cookies at anytime they like and, if they wish, turn it off permanently. Users are already fed up with being presented with very long privacy policies. Aside from this, the terms used are hard to understand except for users who have some knowledge of legal jargon. In the FTC’s scheme, consumers would be allowed to know who is following their online activities. More significantly, they will be given the power to permanently decline cookies.

Consumer watchdogs and companies that maintain websites can use this proposal to come together and plan concrete steps that need to be taken. Then they could zero in on some guidelines for consumer protection without hindering innovation on the web.

Image: piyato / FreeDigitalPhotos.net

Thursday, December 8, 2011

Here Comes the New Privacy Threat

A new security risk was discovered and has roused concerns among smart phone users. Security researcher Trevor Eckhart posted a 17-minute video which gave details of unknown software that is installed. It was shown that this software can log numerous details about what the user does with his or her mobile device. The software, particularly known as Carrier IQ, logs all text messages, Google searches and phone numbers entered in by the user. This data is then automatically reported to the mobile phone carrier. In addition to this, the software can log the URL of websites searched by the phone owner, even if he or she is using “https” URLs that encrypt data.

There are several mobile devices running on Android operating systems that come with the software installed by default. Eckhart said that it operates without being noticed or without the user’s knowledge. He added that even if the user does become aware of it, the software cannot be stopped. It is the kind of software that is often used in malware and Eckhart called it a “rootkit”.

When Eckhart was able to get hold of the training materials posted on the software’s website, he was able to discover more about Carrier IQ. Thinking that the company might take the files offline, he immediately copied these training materials. He was correct because the said files became unavailable shortly after he posted his analysis online.

A cease and desist letter was sent by the company to Eckhart, claiming that he infringed on copyrights by publishing its training manuals online. The company also claimed that his allegations about the software were vague and false. Furthermore, it demanded that the researcher turn over all the contact information of all those who obtained copies of the files.

In addition to this, Carrier IQ demanded that he replace his analysis with a statement renouncing his research. The company even drafted the statement for Eckhart and sent it to him so it could be posted. The company was bent on taking legal action against the researcher. However, Eckhart found support from the digital rights group Electronic Frontier Foundation, or EFF. The company then decided not to proceed with the actions.

Image: jscreationzs / FreeDigitalPhotos.net

Friday, December 2, 2011

Tech Toys and Kids' Safety

Christmas is near and for sure, many parents will be giving their kids tech toys. These are some of the hottest items on children’s wish lists: smartphones, tablets, and computers. Parents will gladly say “yes” and then be happy watching their kids click or tap away on their newest treasured possession. However, just as some parents would not think of giving their children a bike without a helmet, technology gifts should also come with safeguards.

Tens of thousands of parents do not realize the need to child-proof these devices. As these open the worldwide web to children, parents should make sure that their kids do not stumble upon the unsavory side of the internet. Kids have impressionable young minds and there are lots of “bad” things online that are not meant for them to see.

Without the needed protection, children might open a Pandora’s Box with their tech toys. There are those millions of x-rated web pages, violent videos, websites with disturbing topics from gambling to guns, and many more. Parents should not take their children’s safety for granted; instead they should look for software that could help filter the good from the bad.

There is a lot of available internet safety software for kids. Some are made for PCs and Macs, while others are suitable for specific mobile devices such as iPods, iPhones, and iPod Touch. There is nothing wrong with giving tech toys to kids this Christmas. The thing is that parents have to bear in mind that internet for kids should always be paired with safety.

Make your kids happy this Christmas by fulfilling their digital wishes. But before finally wrapping the gift, why don’t you install the software that will protect him? After all, kids of this generation cannot do away with being connected online. Keeping the line of communication open between parents and children can help the children understand why they need protection. They have to accept that not all sites on the internet are appropriate for them.

Image: Stuart Miles / FreeDigitalPhotos.net

Tuesday, November 29, 2011

When Buying Gadgets for Children

Parents, in this age of technology, have to always keep themselves ahead of their kids. This is necessary in order to see to it that their children stay safe and protected in their online activities. Children at school have discovered how to use phones and web enabled devices to cheat during tests. Teachers do not find it easy to stop this combined effort among children who avoid, and even break, school rules and regulations. There are some children who teach other kids how to get around filters on school computers. Teachers get themselves updated with technology along with their students so that this behavior will not remain unnoticed and unchecked.

Parents who really don’t care about being involved with their children’s online activities are in danger. Children nowadays own gadgets that allow them to get connected online anytime and anywhere. If they are not properly guided, these tech gadgets will lead them to become victims of cyber bullying, cyber sex, identity theft, and other risks. Parents, especially mothers, must try to understand what kind of technology their kids bring home.

When a child asks for a new device, game, or phone, parents should not buy it right away. They have to discuss the matter before finally giving in to their child’s request. They can start by asking their child specific questions about the device. For sure, by asking the right questions, they can get an impression about the gadget and have a “feel” for it. From here, they can come to a decision whether it would be safe to let their child have it. Parents can also do their own research about the gadget either online or at a store.

Some parents will find this to be time consuming, but it is worth the effort. The cyber world offers tremendous benefits to the lives of children, but without proper guidance and control, it could compromise their safety and security. Parents should take on this responsibility, which cannot be taken for granted. Parental control is the key in kids’ internet safety. Parents should be comfortable with technology so that their children do not become slaves to it.

Image: Salvatore Vuono / FreeDigitalPhotos.net

Sunday, November 27, 2011

Smart Phones for Financial Transactions

Internet technology has made financial transactions easier and more readily available. Businessmen have extensively used the internet in their dealings. They are no longer confined to their offices in order to communicate with clients. More importantly, they can complete their financial transactions even during business travels or vacations. They no longer have to make frequent visits to the bank or have face-to-face meetings with their associates.

In earlier days, most of these transactions were done using desktop computers. Later, laptops and notebooks became more popular and transactions were made even more convenient. They can effortlessly keep track of their financial records from almost anywhere. Today, smart phones are slowly gaining popularity among businessmen. It used to be that these gadgets were used mainly in social networking, more particularly Facebook and Twitter.

A recent survey showed that the number of people using their smart phones to transmit personal and financial information is increasing. These pieces of information are uploaded mostly for online banking, shopping or social networking. There are about 17% of smart phone owners who use their device for money matters. This fact has called the attention of online criminals who take advantage of these circumstances to make money at the expense of businessmen.

Observers have said that accessing the web with the use of a mobile device is both fun and time saving. Obviously, criminals are also on the lookout for every opportunity to see how they can fit their activities into the situation. That is why it is very important for businessmen to remain vigilant. There is a new modus operandi by online criminals that is hidden in the guise of “the good guy”.

The recent rise in demand for smart phones and mobile and web applications has given online criminals the right signal. They are now using malicious software, or malware, in order to take control of users’ accounts. Hiding behind online application stores, these crooks would entice smart phone users to download rouge apps. A user does not notice that he is also downloading a program that would allow the criminal to take control of his or her phone. The rouge app would allow the criminals to eventually gain access to all personal and payment data stored on the phone.

Smart phone users have to be very careful when deciding to use their devices for accessing the web. Moreover, they should be selective about applications that they are going to download. They should learn lessons from those who were surprised when they saw their monthly bills. There were some who were made to pay for premium calls that they did not make. After all, smart phone users are expected to be smarter than online criminals, right?

Image: jannoon028 / FreeDigitalPhotos.net

Thursday, November 24, 2011

Clickjacking and Internet Safety

The fast pace of development of new internet technology is aimed at improving user online experiences. To make online communication complete with audio and video, microphones and webcams are always available. Web browsers make use of every new feature that is being rolled out to them, either for free or for a price. There are even social networking sites where people share their thoughts, including their likes and dislikes.

Sadly, online criminals are always looking for ways on how they can use these new tools for their benefit. Legitimate programs and products are now being attacked by these criminals in the guise of similar beneficial tools. There was a newly launched subtle but disastrous attack called “clickjacking”, or, in technical terms, known as user interface (UI) redressing. It basically tricks and lures users to initiate some unwanted actions.

Facebook’s Like and Share features have been used in this attack. These two legitimate buttons are made transparent and placed over what appear to be genuine pages. The pages seem “real” so that users are tricked into clicking those buttons. The users do not realize that they were actually “liking” rogue pages or posting spam on their walls. Another tactic that criminals use is invisible iframes where users are tricked into clicking some buttons to enable access to their own webcams and microphones. An incident of this sort called the “webcam spying attack” happened sometime in 2006. Now this one seems more severe because it could produce destructive results.

Clickjacking was first discovered by a Stanford University computer science student. His was a confirmation of a similar experience by a nameless researcher in earlier years. The method is a combination of legitimate web programming features and social engineering. The Stanford student found out that Adobe’s Flash Player is susceptible to such attacks. He notified the company, which promptly responded by fixing the fault that would allow webcam spying.

Image: basketman / FreeDigitalPhotos.net

Saturday, November 19, 2011

The Philippines and Cyber Crime

The Philippines should not waste any time in implementing its cyber crime laws that would successfully deter organized crime syndicates. A top Philippine National Police (PNP) official disclosed recently that the country appears to be a favorite refuge for these cyber criminals. The groups have been known for their involvement in cyber pornography, illegal online gambling, cyber sex dens, credit card fraud, and identity theft. The official added that criminals find it easy to be one step ahead of the “weak laws and poor technical know-how of law enforcers”.

It was reported that cyber crime mafias, who are mostly foreigners, are increasingly making the Philippines their base of operations. The top official admitted that the PNP at present has no organizational and technical capability to battle cyber crimes. Syndicates use modern technology, while law enforcers lag behind in terms of training and equipment. To remedy the situation, he asked for support for urgent organizational and technical capability improvement where such is needed.

The detention of a foreign national hacker in the country uncovered the existing network of cyber crime. There are mafias working behind the scenes of illegitimate online gambling and credit card fraud operations in the country. The activities of these groups seem limitless as evidenced by the fast expansion of their circle of influence.

A 38-year old Korean national hacker was arrested by the Anti-Transnational and Cyber Crime Division of the Criminal Investigation and Detection Group (CIDG). His name is included in the file of those wanted by Interpol for large-scale internet fraud. His group has already hacked the servers of the Philippines’ top telecommunication companies. Further investigations exposed that the group has already invaded the accounts of some private corporations.

Although the CIDG made seven successful raids of the group’s illegal online casinos, the capability of the country to oppose cyber crime has not improved. The situation is aggravated by reports that Filipinos are being used as “e-mules” for transnational money laundering and credit card fraud operations. It seems that cyber criminals can avoid Philippine laws so effortlessly that they choose to build their safe haven there more than anywhere else.

Image: chanpipat / FreeDigitalPhotos.net

Thursday, November 17, 2011

Safety Tips for the Holidays

The Christmas season is just around the corner and holiday shopping has already started. Retailers consider this part of the year as the best time to make profits. Identity thieves also find this season the most opportune time for them to make lots of money. Here are some tips to keep the thieves away and to see to it that they do not enjoy the holidays at your expense.

When making payments with the cashier, be alert of skimming. Open your eyes as the store clerk takes your card and swipes it through a device by the register. Be sure that that the machine is really the credit card reader and not something else. There is a device used that allows a thief to copy the information from the card’s magnetic strip and take away your information. Needless to say, purchases can then be charged against your card.

Compared with debit cards, credit cards are more secure and protected. When using a credit card, you can be safer if you use the same card for all of your holiday shopping. This will make tracking your every transaction as well as finding any suspicious activity easier. The best thing to do, of course, is to use cash because none of your personal information is associated it.

When using more than one credit card for your purchases, make sure that you regularly check each card’s activity. Check if all transactions that appear were made by you. If you find any discrepancy, do not waste a minute in contacting the card issuer so that you can file a dispute on the charge.

Thieves can also do some ATM tricks to carry out their actions. Follow the security and safety instructions that can be found posted on ATMs. Some thieves can manipulate a machine so that the card can be captured inside it. If this happens, be sure not to leave without reporting the matter to the bank or to any authorized ATM representative. The thief might just be watching, waiting for you to go, so he or she can get the card, stealing your PIN by using a small, previously hidden camera.

Look for secure websites when doing online transactions. One with the “https” in its URL address is secure. This assures you that your personal information is treated with care. Using special technology, your personal details cannot be stolen by computer hackers. It is best if you set limits to the amount of personal information that you provide online. The less personal information you upload, the less you become vulnerable to identity thieves.

You can enjoy your holiday shopping any way you want it, just always keep in mind that identity thieves are always “around the corner”. Do your best to stay safe and secure and get the best use of your money.

Tuesday, November 15, 2011

Parents for Internet Safety

How can young people be protected online? Who should be responsible for their safety? These are some questions that parents and government are trying to find answers for. In the midst of debates about online safety for children, the fact remains that children need to be protected. Today’s internet technology gives so much freedom to children. They can have online access at home, on the street, or in the schools. This easy access exposes children to potential harm because of their eagerness to interact with the technology.

Various observations were shared with each other by concerned groups during a free discussion. A study found that 60% of 12- to 15-year-old children use the internet on their own. The prime danger for them is their exposure to pornography. Their curiosity could start with access to sites that show indecent images. They would then keep looking for more, until they finally end up on pornographic sites.

This age group of young teens is the most vulnerable, which is why they need to be protected. At the same time, these children need the internet to gain access to the vast wealth of knowledge that it offers. To solve this dilemma, there should be some sort of regulation for children’s interaction with the online community. It appears that parents are the most appropriate agents of regulation. Sophisticated technology that aims to protect children can never replace the parents’ influence on their children.

Parents only need to be more educated on how to deal with their children’s online safety. One way of doing this is through a partnership with the schools. Digital literacy can be made part of the formal curriculum, and it could also involve parents. Along with this is the need to put in resources for parental education. This could start by making parents aware that their children’s internet use involves risks. This is very important because it would be difficult for parents to regulate their children if they are not aware of the dangers.

Aside from schools, a concerted effort of other institutions is needed. There are charities, companies, and legislators, all of which could share resources and expertise. Online protection of children cannot be left to trial and error among themselves. While the internet can be our children’s vast resource of good information, parents must always be on guard to protect them.

Image: photostock / FreeDigitalPhotos.net

Thursday, November 10, 2011

Counter Attack Against Cyber Attack

A greater part of the world’s inhabitants today are on the internet because of different reasons. There are those who understand that social networking can be a helpful tool for persons, organizations, schools, institutions, businesses, governments, etc. Along with this are the billions of devices organized via an array of wired and wireless networks. Internet users can utilize small gadgets that are hand held or they can take advantage of bigger devices that have the capability to get connected to the whole planet. Today, more than ever, it is very easy to communicate with anybody, anywhere else in the world.

In the back of these benefits of internet technology are those corrupt individuals who use the very same technology to carry out their own plans. Currently, there is a very high risk of networks becoming victims of cyber attacks. There is spying, malware, denial-of-service, cyber war, and terrorism that hide behind these interconnected systems. This is one issue that needs to be solved not only by efforts of individual networks but by the cooperation of all.

Network security is becoming increasingly necessary, and researchers in Germany have proposed a new approach to it. They believe that to effectively reduce cyber attacks, rewards should be given to those organizations that support their own network security. Their research showed that organizations who have already applied this approach have greatly reduced the spread of malware and other problems. Internet and computer-based communications today are generally done anonymously. This opens the door for systems to become even more susceptible to cyber attacks and harassment.

The researchers explained that an international or national agreement could start a coordinated rewards system. They also recommend that funding should be given to organizations that are exceedingly exposed to cyber attacks. They added that network security on susceptible sites should be improved in order to deter the spread of malicious software. This is generally what cyber criminals apply to create bot-nets for attacking corporate networks and other desirable sites.

Only very few parties have invested in their own cyber attack protection. This has benefited them, although it has added to their cost. The whole internet community is also in some way benefited. The researchers believe that orchestrating a reward system would encourage both small and large networks to become involved. They suggest a scaled reward system that could motivate networks to make sure that their systems are protected.

Image: jscreationzs / FreeDigitalPhotos.net

Monday, November 7, 2011

Is Your Network Secure?

A greater part of the world’s inhabitants today are on the internet because of different reasons. There are those who understand that social networking can be a helpful tool for persons, organizations, schools, institutions, businesses, governments, etc. Along with this are the billions of devices organized via an array of wired and wireless networks. Internet users can utilize small gadgets that are hand held or they can take advantage of bigger devices that have the capability to get connected to the whole planet. Today, more than ever, it is very easy to communicate with anybody, anywhere else in the world.

In the back of these benefits of internet technology are those corrupt individuals who use the very same technology to carry out their own plans. Currently, there is a very high risk of networks becoming victims of cyber attacks. There is spying, malware, denial-of-service, cyber war, and terrorism that hide behind these interconnected systems. This is one issue that needs to be solved not only by efforts of individual networks but by the cooperation of all.

Network security is becoming increasingly necessary, and researchers in Germany have proposed a new approach to it. They believe that to effectively reduce cyber attacks, rewards should be given to those organizations that support their own network security. Their research showed that organizations who have already applied this approach have greatly reduced the spread of malware and other problems. Internet and computer-based communications today are generally done anonymously. This opens the door for systems to become even more susceptible to cyber attacks and harassment.

The researchers explained that an international or national agreement could start a coordinated rewards system. They also recommend that funding should be given to organizations that are exceedingly exposed to cyber attacks. They added that network security on susceptible sites should be improved in order to deter the spread of malicious software. This is generally what cyber criminals apply to create bot-nets for attacking corporate networks and other desirable sites.

Only very few parties have invested in their own cyber attack protection. This has benefited them, although it has added to their cost. The whole internet community is also in some way benefited. The researchers believe that orchestrating a reward system would encourage both small and large networks to become involved. They suggest a scaled reward system that could motivate networks to make sure that their systems are protected.

Image: jscreationzs / FreeDigitalPhotos.net

Saturday, November 5, 2011

Is Strip Search a Must?

The U.S. Supreme Court might again look into strip searches in jails due to privacy concerns. Reports have surfaced that even those arrested on minor charges are being forced to strip and shower while jail guards watch. The reason given for implementing this policy is that there are prisoners who hide weapons or drugs on (or in) their bodies. However, there is no clarification on whether Justices need first to decide that there is really a cause to suspect such actions. In its present state, the law requires everyone to undergo a strip search before entering the general jail population.

People are asking about which should come first – privacy rights of people in jail or, the need to ensure safety by authorities. A lawyer stood firm by saying that the court should give a definition of what constitutes privacy intrusion. This is particularly true when there is no reason to believe that a prisoner is hiding anything.

A car dealer who was arrested when he failed to pay fines asked for legal assistance. He said that jail guards forced him to strip naked two times. He added that they told him to open his mouth and lift his genitals while they watched. To check if he was hiding something inside his body, he was made to bend over and cough.

Privacy advocates are questioning the rationale for the searches, which are primarily to deter smuggling. A justice official said that current studies show that most contraband that get into jails and prisons are brought in through the guards. If this is true, then there is no urgent reason why strip searches should be handled as invasively as they are now done. The question of “routine” strip searches following visits is not new. This was ruled on by the court more than 30 years ago.

Another aspect of the hearings that needs to be corrected is the process of questioning. It should focus less on how close guards can get to naked inmates, which is how the questioning is being conducted at present. Justices allegedly give more attention to this detail rather than on the specific case at hand. Also, there should be a clear difference defined between major and minor cases. Past records show that there were people being arrested for minor offenses while they were high on drugs. These cases need to be dealt with differently, as there is a need for closer searches than the usual.

Image: Arvind Balaraman / FreeDigitalPhotos.net

Monday, October 31, 2011

Will Self Regulation Succeed?

Privacy problems have weighed down the internet for many years. In spite of the efforts to impose privacy laws, internet technology changes so rapidly that it quickly out-dates these legislations. It only takes a year or two after implementation before the privacy law is rendered “useless” by technology. There has to be a strategy that will always keep in pace with the present situation. Among other approaches, self regulation is the best solution to privacy problems.

Self regulation is the imposing on oneself some privacy related initiatives so as to avoid privacy invasion. It is restraining, even without the law, the use of collected personal information by companies or groups that gather such information. It is a deliberate action that follows a clear set of guidelines regarding how a certain company can protect privacy. This action could be joined in by website advertisers, ISPs, data brokers, social networking sites, apps providers, etc.


The U.S. started implementing self regulation programs in 1997. Since that time, this idea has been promoted by way of spreading information about it and encouraging websites to make it their obligation. However, past experiences showed that not one self-regulatory effort sustained success. Some were initiated but failed in one or more substantive ways. Others never got the opportunity to show what they had planned to offer before they disappeared. Though it is believed that self regulation can, in fact, be the answer to privacy problems, improvements in its implementation are needed. There is a strong view that consumers themselves have the greatest responsibility in defending their own privacy.

The majority of past self regulation programs, according to observation and evaluation, were poorly designed. Most of these did not saturate the market well, which means that many consumers did not really know they were there at all. There were websites that made profit their top priority and used self regulation only as a cover up.

There was one more thing that hampered the success of self regulation in the past. This was the lack of significant and independent involvement among privacy and consumer advocates in its development and oversight. The oversight of self regulation that is financed by industry could not be successful because industry would not want it to be successful. When privacy standards are profit-driven, they are bound to fail because money becomes more significant than privacy.

Image: Salvatore Vuono / FreeDigitalPhotos.net

Saturday, October 29, 2011

Forget About Privacy

Social networking has become very popular, and it encourages more users to share personal information, even to those whom they do not know. These individuals want to expand their circle of “friends”, so they literally make themselves available to the internet community as a whole. Privacy protection no longer receives as high a priority as it used to have. As more modern technology becomes available, information sharing becomes easier and more exciting.

There are some unfamiliar facts behind Facebook users. Facebook has about 800 million users, and they can be classified into three categories. There are those users who sign on at least once a day. The second group is made up of those who sign on at least once a week. The last and third group includes those members who use it less often. There is a recently conducted telephone survey by Facebook of 2,000 adult respondents. This survey tried to look into how people view privacy in contrast with social networking.

The survey results showed that the more users make use of Facebook, the less they become concerned about privacy invasion. One respondent frankly said that he is not disturbed if people know about his online preferences or habits. This user admitted that he frequently uses Facebook more that once a day. He signs on either to get updates on his friends, or to play a popular Facebook-based game.

People who go online less often are more concerned about their privacy than those who log on more frequently. This was clearly shown in the results of the aforementioned survey. Respondents were asked if they were “very concerned” about their privacy. Taking the results together, the following were the figures gathered. Those who less frequently use Facebook comprised the highest number, at 39% of the respondents. One of the interesting results is that only 25% of those who use Facebook at least once a day said that they were “very concerned”.

Privacy concerns are the “offspring” of people who use Facebook more often. As they visit the networking site more often, they tend to share more information on the web. The availability of this kind of data online attracts many data mining companies. One can safely say that the tendency of users to easily share their information will continue. This is because social networks present more easy-to-use and stimulating features. Also, the social nature of man motivates him to connect with other people, sometimes without thinking of the consequences.


Image: Nutdanai Apikhomboonwaroot / FreeDigitalPhotos.net

Wednesday, October 26, 2011

Police DNA Profiling and Privacy

DNA technology has been beneficial in many fields of human society. The use of DNA in crime investigation has helped police departments for a number of years. From the unheard of to celebrated cases, identifying criminals through their DNA has made police officers’ work a lot easier. There is a recent privacy concern involving DNA profile collection. The police have cited privacy concerns about the move by officials to maintain a database of their officers’ own DNA.

Police officials have ordered the DNA testing of law enforcement personnel to rule out speculations that a police officer committed a sophisticated crime. The background of this unpopular order was the death of eight women in Louisiana in 2009. These deaths were labeled as serial killings, and the rumors spread when investigations showed the high degree of “workmanship” of the criminal. This resulted in all police officers in Louisiana agreeing to undergo testing. It finally turned out that the killer was not one of them.

To some officers, DNA collection is not something that could put their privacy at risk. They say that having a DNA file of police officers will save much time in conducting crime scene investigations as it would be easier to identify unknown genetic materials found at the scenes.

However, others feel that handing over DNA should not be done as easy as that. There are a lot of privacy concerns that should be clarified before officers give in to DNA testing. Those who are not sold on the idea say that there have to be safeguards put into place. It should be made clear to the DNA owner what would happen to it, making sure that it is treated with the utmost care.

Police unions have also issued their stand regarding this matter. The union officials have reminded their members about the possible consequences of allowing their DNA to be profiled. They said that there are yet no restrictions as to the storage of the DNA, so there is a high possibility of misuse and privacy problems.

In other parts of the world, countries like the United Kingdom and Australia have been maintaining DNA files of their officers for several years. It was the U.K. government that started such a system of keeping a database of criminal suspects way back in 1995. This same system was adopted by the U.S., which is believed to have the world’s largest DNA database of criminals today.

Image: jscreationzs / FreeDigitalPhotos.net

Monday, October 24, 2011

Silk Web from Amazon

Collecting users’ personal information by websites is an old issue. It has existed for a long time, and it started off as a normal part of one’s online activity. For example, it was usual to supply your name and email address when you visited certain websites. Social networking sites would even ask users to provide even more sensitive personal information. Users freely shared this information to many web sites, without any idea of privacy implications.

As more personal data became available, targeted advertising was “invented” by online companies. They have built a user’s profile out of this accumulated data, especially regarding users’ product preferences. Without delay, privacy advocates told users to be more selective with the information that they share. Serious consumer education was done, but it was not enough to stop privacy issues and problems from getting worse.

As part of self-regulation, many websites provided their privacy policies without hiding anything. Clear options were given to users when it came to the sharing of personal information. There are companies that honestly tell their users why this information is being collected. This, however, did not stop some companies from introducing more subtle ways of gathering data.

A technology that may be new today is that of Amazon’s Silk Web Browser. This is not exactly new because Opera has used the same technology for a number of years. The Silk Web Browser is intended to be used with Amazon’s tablet, the Kindle Fire. This greatly improves the speed of internet surfing where users can experience optimized speed which is much better than their previous browsers. On its own servers, Amazon optimizes and compresses every page that users visit. This greatly increases speed and accelerates load times.

Privacy concerns again come onto the scene because of this. Obviously, Amazon can collect and store information about users’ surfing habits. Every page that they visit goes through Amazon’s servers – not one can escape. Amazon can then keep track of the kinds of sites visited, how much time users spend on them, and what they do there.

Because of privacy issues, Amazon was asked by Congress to answer some questions that they posed. Amazon initially explained that data collected will be anonymous. If users prefer not to use the feature, they can simply turn it off at anytime. This means that users will still be the ones to choose whether or not they will share their information with Amazon. If they want surfing at faster speeds, they can share the information. If they don’t mind the slower speeds, Amazon gives them the freedom to choose not to share.

Image: Tina Phillips / FreeDigitalPhotos.net

Friday, October 21, 2011

On Keeping Private

The presence of social networking has already spread through the internet. Among them are the three giants – Facebook, Twitter, and Google+. These have become well-known for their “Like”, “Follow” and “+1” buttons, respectively. Users can now read over a web page and click “Like”. This can be done with almost anything online. In short, many people do like what they read on the web. The problem is that users can be “followed” from every page that contains these sharing buttons even if they do not click them. The users then become targets of advertisements and, worse than this, they could lose a lot of privacy.

Users are being tracked without their knowledge and of course, without their consent. Information sharing technology is now so easy that codes can be embedded in almost every web page. One can observe its use by social networking companies. They do this by embedding codes with the file sharing buttons in a web page. Unknown to the user, the code works as he or she visits the page, recording his or her “presence”, and building a profile of his or her product preferences. In due time, the user becomes a target for advertisements based on the nature of pages that he or she usually opens.

Thanks should go out to Firefox and its new product extension, Priv3, that will allow your visits to be tracked by websites only when you permit them. This tool comes in handy when you are using Firefox. With this, those embedded codes will become powerless. This means that you can surf the web wherever you want without worrying about being tracked. Your presence will not be recorded unless you hit the “Like” button on Facebook or you tweet it with Twitter. Facebook or Twitter will only know that you have been on a particular page only if you hit the share buttons.

Users are guaranteed the same satisfaction even if they use Priv3. This capability will not affect one’s enjoyment of these networking sites. Priv3 is a technology that can go around many of those “blocks” in order to ensure the same high quality of enjoyment for users. Third party sites cannot track your online activities even if you keep logged on to social networking sites. It is because Priv3 prevents them from doing so unless you intentionally give permission. Priv3 comes free for everyone in order to keep their privacy.

Image: tungphoto / FreeDigitalPhotos.net

Thursday, October 20, 2011

It's Time to be Anonymous

Internet users who have experience with using a proxy server have proven its many different benefits. One of these benefits is in terms of speed. My personal experience in this area helped me to better enjoy my online experience. After encountering problems with speed in uploading my blogs, I used an anonymous proxy, and it solved the problem.

At this time, more good things can come from using anonymous proxies, specifically bypassing filters. Basically, since a great deal of the spyware and junk that is sent to your computer is blocked, it saves you from the usual problems that users encounter. Although this can be remedied by using technical expertise, it is very burdensome to encounter the same problem over and over again.

Anonymous proxies also help in protecting personal information. Once personal information is gathered by sites, it can be used for marketing purposes. You can be saved from this problem because with an anonymous proxy, websites are blocked from gathering your personal information.

Sometimes there are corporations, institutions or schools that use filters to block users from viewing certain sites. This filter can be bypassed by an anonymous proxy. In order to do this, the anonymous proxy downloads the site onto its server. The user can then download the “blocked” site from the proxy server to his browser, thus getting around the “wall”.

Slow loading websites can easily find their way with a proxy. There are instances when the problem is not in the web hosting company. There are users, especially those with some technical expertise, that change their DNS server address but still can’t load the site faster. When this happens, the real culprit is narrowed down to the internet provider itself, due to bandwidth or network related problems. Luckily, this can be solved by using a proxy server.

The use of a proxy server is not yet popular with many internet users. A lot of them think that it requires some special skills to effectively take advantage of its usefulness. There is a need for more user education, or at least for the sharing of experiences. Little by little, more people will learn about its good uses and apply a proxy server to their advantage.

Image: renjith krishnan / FreeDigitalPhotos.net

Sunday, October 16, 2011

Still on Children's Online Privacy

The problems regarding privacy have always been disturbing and lawmakers are looking for more ways to better protect children. The law, at present, has specified provisions that protect children when they surf online. Businesses are required to follow special rules concerning the collection and use of children’s personal information online. Still, lawmakers have a diverging stand on this issue. Those in the U.S. House Energy and Commerce are taking two sides on whether there is a need to craft special protection for kids 13 to 17 years old.

The 1998 Children’s Online Privacy Protection Act (COPPA) has special provisions on child protection. It contains special requirements for websites that allow children under the age of 13 to access them. These websites cannot allow access if they do not have parental permission. They must have a parent’s permission before they can collect, use or disclose a child’s personal information. The Federal Trade Commission (FTC) sees the need to revise the meaning of personal information. The present state of technology should by now include Geo-location data and other identifiers, such as cookies.

When it comes to covering teenagers, there is also a divided opinion as to the extension of coverage under COPPA. In order to broaden its privacy legislation, privacy advocates are saying that Congress should include special protection for teens. There are at least two state representatives who proposed a more radical legislation. They want to bar websites from tracking all children when they surf online.

Also, the idea of a “web eraser” was brought up. This older proposition required businesses to provide a mechanism that allows teens to erase their online tracks. With this mechanism, all of the personal information a teenager would leave when they browse would be deleted as soon as they logged out of the site. This is extremely useful, especially in social networking sites, where teens give out most of their personal information.

Teenagers usually make online mistakes by providing too much personal information in the sites that they visit. They are surprised when these mistakes haunt them months, or even years later. A privacy advocate group sees this as their basis for saying that kids need more protection than they have right now.

Image: photostock / FreeDigitalPhotos.net

Saturday, October 15, 2011

Users Will "Like" Facebook's Vanity Page

Among the names in social networking, Facebook is considered a giant. To give users an improved experience, it continuously introduces new features in its service. Sometimes, privacy issues get in the way, but the company manages to address these issues promptly. Millions of its users are satisfied, although sometimes, it receives criticisms from others. Nonetheless, Facebook keeps on discovering new ways of enhancing social networking, and it is succeeding. Just very recently, it rolled out its newest addition of making pages more accessible to its subscribers.

Facebook calls the newest addition a “vanity” or customized URL. As the name suggests, this page can be created by the user himself. Actually, this is not very new because it has been around for quite some time. However, it previously required the user to have at least 25 “Likes” on his or her newly created page before it could be registered. This was done in order to make sure that the page meets the standards of a suitable page.

For users who do not want a unique URL that is difficult to remember, the vanity URL is a great option. This type of page was once most wanted by those who promoted a cause or a brand. With this easier-to-remember option, the user can now select a shorter and unique username.

Users noticed that there was no prior announcement made of Facebook’s lifting or removing the 25-Like limit. One YouTube user discovered the change while he was trying to register using the Username registration process. Those who have existing pages with a small number of “Likes” will surely approve of this development. At present, the registration process no longer considers how many “Likes” they do or do not have.

This is the answer for users who work with brands, charities and other organizations. They can now easily share the pages that they have created “without having to share an ugly link”. In the end, Facebook will be the one that is benefited because it will increase participation on its service.

Image: watcharakun / FreeDigitalPhotos.net

Saturday, October 8, 2011

GPS Vehicle Tracking Systems - Two Sides of the Story

For alleged violation of privacy, there is another case of an employee suing his former employer. Through the New York Civil Liberties Union, a state training manager, who was fired for time sheet violations, filed a lawsuit against the Labor Department. The fired employee, in his complaint, said that he was tracked with a GPS device that was placed in his personal car. According to a NYCLU lawyer, such use of GPS technology is an “unprecedented degree of government intrusion”.

The employee was quick to explain why he was fired from his post. He said that some employees were pressured to attend a prayer breakfast sponsored by a Governor. He was punished because he was the one who stood up for these employees. The Department of Labor belied his claims and said that the real cause was his improper filing of time sheets.

Why did the employee point out the use of the tracking device as his basis for complaint? The device was placed in his car so that his activities at work could be tracked. This came about after allegations arose that he claimed pay for hours when he was not doing his job. The period of surveillance was only supposed to cover his official working time. What happened was that the observation continued during evenings and weekends. On top of this, the employee’s vacation with his family did not escape the GPS device.

Because there were hints of abuse, an assistant attorney general explained that the employee’s alleged misbehavior at work is enough to merit tracking. The main purpose was to establish proof that the employee indeed committed a continuing misconduct. He, himself, claimed that he worked odd hours at his job. In order to find out if he was working these odd hours, there was a need to track him.

There was a ruling of a top court in New York in 2009 that before tracking a suspect, police must first get a court warrant. To get it, they must establish probable cause that without such action, the truth would be hard to come out. Now the courts are asking some questions as to the legal use of a GPS tracking device. How about if the device would only be used in the duration of an employee’s work hours?

Image: sixninepixels / FreeDigitalPhotos.net

Tuesday, October 4, 2011

Is It Unconstitutional?

It seems that there is an issue building up regarding teacher-student communications. In Missouri, a state law prohibits teachers from having private communications with students over the internet. This triggered a teachers’ association to file a lawsuit naming the state, the governor and the attorney-general as defendants.

A Senator from Missouri defended the new state law, saying that it does not violate free speech or any other rights. These were the grounds stated in the teachers’ complaint, filed by the Missouri State Teachers’ Association. The Senator said that the law doesn’t stop any means of communication. It only prohibits private communication between educators and students who are minors. Teachers and students are allowed to communicate over the internet only if parents, administrators and the general public can view the internet site.

With the adoption of the law, schools are required to fine tune their policies to comply with the law. Teachers, through their association, reacted negatively, and said that banning this kind of contact is unconstitutional. Trying to explain their opposition, the teachers cited the vagueness and broadness of the act. According to them, there are no clear boundaries between which conduct is permitted and which is not. They added that the law seems to curtail the exercise of the First Amendment rights, including that of free speech and association among others.

The Senator who sponsored the bill wondered why the teachers are now against it. She said that these teachers even helped with the drafting of some of the language in the act. She commented that the teachers seem to be suing over their own work. In response, a spokesperson of the teachers’ association defended the group and explained how the opposition came about. He said that the teachers did not review the final language of the social media provisions.

Actually, this prohibition is just a part of the larger bill that is intended to prevent sexual abuse by teachers on students. Such incidence is sometimes rooted in a private relationship between them that eventually goes overboard. On the teachers’ side, they contend that the majority of their private online contact with students is education-related. In general, this kind of relationship can be helpful, especially for shy students or those who have difficulty with assignments.

Image: digitalart / FreeDigitalPhotos.net

Monday, October 3, 2011

It's Better to Remain Anonymous

The issue of anonymity has not yet ended, especially for people who are placed under surveillance. It is possible that the scope will expand and include the anonymity of people in public places. The legality of using GPS devices in surveillance has triggered a controversy. This prompted the U.S. Supreme Court to hear arguments and look into the possibility of expanding the range of privacy.

One of the cases that used a GPS device without warrant was that of a suspected drug dealer. The police placed the device in his car and tracked his movements for a month. Collected data was used to convict him of conspiring to sell cocaine. Because there was no valid warrant, it is possible that it was a case of unreasonable search. There is the issue of whether the police action constituted a breach of the Fourth Amendment of the Constitution.

Americans might be expecting an end to their anonymity if the Court upholds the decision that such kinds of searches are legal. There is no need to say that people have enjoyed the privilege of, or rather the right to, privacy. Regardless of location, people can now be placed under surveillance as others would see fit, at any time. This is based on the premise that the fact that a person is in a public place, he is no longer “private”. Also, the use of existing tracking technology is not being done to curtail privacy, but to make surveillance more effective.

In August 2010, a U.S. Court of Appeals Judge issued a contradictory opinion. According to him, a reasonable person would not want all his public movements being watched all the time. He further said that surveillance technology has improved considerably, especially with the present GPS capability. Americans are expecting that the Court would accept the Judge’s logic so that they can still enjoy the same degree of anonymity.

For example, in the past, the police used beepers to follow a car. With GPS technology, it is much easier and convenient to track a person. Today, anyone can be placed under surveillance 24 hours a day, seven days a week, without the need to physically follow his or her movements. It can be expected that one day, a person’s privacy will most likely be measured in terms new surveillance limits.

Image: Idea go / FreeDigitalPhotos.net

Sunday, October 2, 2011

The Cookie Law and Privacy

The implementation of a cookie law has been enforced by the European Union on its member states. After thorough study, this directive on internet privacy was signed in November 2009. This required websites to give users options before they could install cookies on any individual’s computer.

However, the specific requirement for cookie opt-out has yet to be clarified even after two years of the law’s presence. For those that implemented the changes, the confusion lies on what would really constitute an opt-out requirement. In order to clarify things, a recent meeting was held among the group members, where there was a divided opinion among members. Some said that the user’s action to visit the website is in itself an indication of their agreement with the website’s practices. On the other hand, those who are directly involved with the implementation believe that there should be a clear opt-in process.

Some are not sold to the idea of the directive because it will cause a little disruption to users. Nowadays, websites have sponsors that would automatically store cookies on a visitor’s computer. When the directive is implemented, pop-up windows would recurrently appear on the user’s screen. These windows would be asking permission to store cookies. This becomes very cumbersome for a website that has nine companies. There would be nine pop-up windows that would ask if the user would allow cookies to be stored in his or her computer.

In general, member states are doing their best to meet the requirements of the directive. The Safe Harbor framework has placed the U.S. in the position of doing self-certification. With this, U.S. companies can certify that they meet the EU rules every time they deal with EU customers only. At present, there were about 3,000 companies who were certified, but there are some that need to update their certifications.

Aside from the privacy of internet users, there is the other side of the story. Congress cannot yet see a complete picture of the directive’s impact on online advertisers. This group might get even because there seems to be control of personal freedom and not just users’ privacy. Whatever the final scenario would be still remains to be seen.

Image: aopsan / FreeDigitalPhotos.net

Thursday, September 22, 2011

Privacy Task Force Initiative - Anyone?

Online and data privacy issues have triggered the creation of a Privacy Task Force by Connecticut’s Attorney General. This development was announced last September 15th in response to the rapidly increasing number of internet privacy concerns and data breaches. According to the announcement, the task force’s main focus is on public education regarding data protection requirements.

The Attorney General’s office has recognized the need for an initiative that will directly address these two big issues. Internet and data privacy problems have been affecting consumers and the broad public interest in general. To date, there are at least a dozen ongoing investigations regarding security breaches. Most of these cases resulted in the loss of medical records of patients, insurance records or personal information of customers. There are also those that involve the collection of unauthorized personally identifiable information.

To boost the campaign to protect the privacy of consumers, the office has also asked the help of giant tech companies. While the investigations are ongoing, Google and Facebook have also committed to take part in consumer protection. To some extent, the willingness of these companies to participate in the campaign is gaining success.

On the part of the Task Force, it will take charge of all investigations regarding consumer privacy breaches that are being conducted by the office. It will also be responsible for educating the public and the business community. It will focus on protecting sensitive personal data and informing the affected individuals of the occurrence of data breaches.

The office also hopes to serve as a resource center where individuals and businesses can go to seek assistance. Particularly, those who need assistance either for protecting their own information or that of their customers can just contact the office. It also recognizes the fact that customers are really involved in a challenging and evolving technological environment, and they need assistance to cope with it.

The Task Force is composed of four attorneys who have expertise, interest and experience in data privacy issues. Somehow, this initiative will serve as a model for others to follow. Data protection programs cannot be left alone to the public. There has to be an expert group that will lead them into an awareness about the consequences of data breaches and how they can avoid such situations.

Image: Keattikorn / FreeDigitalPhotos.net

Monday, September 19, 2011

Have You Committed Felony Lately?

Internet users may not be aware that they could be put to jail for falsifying their personal information on the internet. Facebook users, after knowing this, may have to think many times before providing any false information on their account. This may sound absurd, but there have been a number of cases where users were penalized for breach of the terms of use of the websites that they visit.

The U.S. Congress is more likely to expand the scope of laws that pertain to “cybersecurity”. The existence of the so-called Computer Fraud and Abuse Act, which was passed in 1986, seems insufficient. This law mainly deals with the provisions that pertain to computer hacking. Since its inception, the law has been periodically broadened, and it now extends far beyond hacking.

One of its provisions is that it is a criminal act for any user to exceed “authorized access”. This means that users must not go beyond the terms and conditions stipulated by the website’s owner. Once this is broken, the user faces a criminal liability, especially if breaking those terms and conditions are committed within an office environment.

This is a revelation to those who intentionally falsify their information for any reason. Social networking users, more often than not, lie about their names and ages. Once put in place, faking would constitute a crime and would be punishable by law. Many users would be facing penalties once Congress approves the consideration of such acts as felony.

There were a few cases in the past that involved ridiculous disputes that were filed by private parties. It was reported that a company owner sued a former employee for visiting Facebook and sending personal emails using the company’s facility. Another ridiculous case involved a company that prohibited competitors from visiting its site. It ended up with the company suing a competitor for breach of its “terms of use”.

Concerned groups suggest that Congress must plainly define those cases that involve crimes. Even if there is a need to take legal action on real offenders, the law has to be humane. No one would want federal courts to be swamped with cases that involved mere violation of a promise.

Image: jscreationzs / FreeDigitalPhotos.net

Saturday, September 17, 2011

Changes in Public Disclosure Laws

Today’s businesses cannot just take it for granted when their customers’ email addresses are stolen or lost. Such occurrences might already carry with it legal obligation to notify their customers about the data breach. Changes are going on here and there in the privacy arena that serves as a wake-up call to businesses and CIOs.

Major changes are being implemented in the way businesses are held accountable for the safety of personal information. Public disclosure of data breaches is applied on a wider scale so quickly that it seems difficult for many businesses to cope with it. They have one question, and that is “which kind of data legally requires public disclosure?”.

It used to be that businesses and CIOs had only to deal with the problem if “personally identifiable information” was lost or stolen . This means that a company is required to disclose only if it collects information that can identify, or be traced back to a person. This is data that involves, among others, a user’s bank accounts, Social Security numbers, medical information and others. The business has the obligation to inform the owners of any data breach.

When only the names of customers are lost or stolen, the business is not required to notify the customers involved. It would not be the same if together with the stolen names are the customers’ Social Security numbers or their email addresses. With these, there is enough information that could give hackers a better chance at intruding into the privacy of the customers.

Hackers will try all means to figure out the password to an email address. When he or she succeeds, it would open them to the virtual world of the account’s owner. Many users use the same passwords in their email, banking, and social networking accounts despite continuous education. This situation alone explains why businesses should not be lenient when it comes to protecting personally identifiable information.

After the hackers gain access to users’ accounts, it is possible for customers to receive emails from one of their “contacts”. Chances are that users would treat the email as reliable because it comes from one of their associates. But when the customers enter their usernames and passwords, all of their useful information, which could also include those of their contacts, is stolen. This case shows that simple loss of email addresses can pose a great risk. It then becomes an issue of public disclosure on the part of any business community.

Image: sheelamohan / FreeDigitalPhotos.net