Privacy and Security

By Dave Paulsen

dave@reststop.net

Copyright© 1995, Dave Paulsen and ComputorLink Magazine

Privacy and security are two topics that can’t help but come up when Cybernauts and (especially) would-be Cybernauts discuss the effects of global communication and information transfer. In part because of the ease and speed with which information can be changed and transmitted, people rightly worry about others that may have criminal intent. Much less plausible are the Orwellian scenes of Big Brother inspecting every byte you send, at least as long as we continue to exercise our right to keep the government from encroaching on our privacy rights.

Privacy

Some of the assumptions that cover privacy in Cyberspace and are a part of the net.culture are as follows:

Your electronic mailbox is your private reading room in Cyberspace. It’s a room you arrange to your liking, and has real expenses associated with it in hardware and software costs, fees, and time. Intrusion into your space is unwarranted and use of your resources without permission is rude at best. This is why unsolicited e-mail in the form of advertisements are so unwelcome in Cyberspace, not because the Internet is anti-commercial.

Correspondence is considered private and confidential except in pre-agreed situations such as mail lists. Public forums such as newsgroups don’t fall under the same guidelines, so make sure you know where you’re posting. It is, however, generally considered extremely bad form to post a private e-mail message you have received into a newsgroup without the author’s permission. One exception to this is the posting of unsolicited e-mail ads to alt.current-events.net-abuse.

Cash transactions for hard goods or information, or to repay your Dad the money he loaned you, should be possible without compromising your anonymity or personal profile, or having a transcript of the transaction sent directly to the IRS. Some of the current e-cash schemes such as DigiCash have this concept at their core. Both privacy and security concerns are taken care of with properly implemented e-cash implementations.

The mere act of encrypting a message or file does not imply that one is attempting to hide illegal activity. Since e-mail often passes through several intermediate systems on its way to the recipient, mushy love notes, messages to support groups, or the latest company expansion plans or design documents often need to be kept from prying eyes. Which brings up the issue of...

Security

In the real and imperfect world populated by humans, the pragmatic approach to protecting yourself electronically means taking some personal responsibility in Cyberspace just like in the rest of the world. It is, ultimately, your responsibility to ensure certain safeguards on your information. Since there are already laws to protect the feeble-minded, I’ll assume you’re willing to put forth the effort and thought necessary to exercise some basically common-sense precautions.

Just as you wouldn’t give out the access code to you bank ATM card, or choose a code like “CASH”, the passwords you use in Cyberspace should be created and protected with the same care. Choose a password that will not be susceptible to a dictionary attack and that does not pertain to any of your easily obtainable public information, such as the name of your spouse, children, or the street you live on. Adding a non-alphabetic character to your password such as a number or punctuation symbol is also effective.

The means to protect your privacy, secure your data, and to authenticate the sender of messages and data is readily available and fairly easy to use. A public domain program called PGP (Pretty Good Privacy) is an implementation of public-key encryption that has yet to be broken. The current version is 2.6.2 and there is also a commercially supported version available from Via-Crypt in Phoenix, AZ.

In Conclusion...

The fact remains that information is quickly and easily available. Misuse of the information is where existing criminal statutes should come into play. Some people worry that the misuse of their privacy, and the security of their information in Cyberspace is not covered by existing laws because the medium is different, the means of access is different, and therefore existing laws don’t apply. While I’m not a lawyer, they seem to be missing the point that the concepts are the same and therefore the intent of the laws are unchanged.

Theft of intellectual work is still theft whether someone copies a book and republishes it with a press or in an electronically available format. If you’re worried that someone may change your information, fraud is already a criminal offense. Unsolicited e-mail and inappropriate postings to newsgroups are no different than junk faxes, which are already illegal in many locals. Lets simply retain the rights we have in the rest of society.

As long as you maintain the same degree of caution in Cyberspace as you do elsewhere, such as locking your door when you leave, and not leaving sensitive or compromising information laying out in the open, misuse becomes quite hard, and criminal intent becomes easier to prove.

Questions or comments about these Web pages? Send e-mail to
dave@reststop.net