September 2003 — Editorial
Print this articleClick here to receive your FREE subscription to T.H.E. Journal
Security and Privacy of Information
Security threats to technology systems continue to grow, with more than 76,000 security incidents identified in the first six months of this year compared to about 82,000 for all of 2002. Users are increasingly demanding authorized access and use only, while most companies report having at least the fundamentals of IT security in place, including firewalls (81%), antivirus software (79%) or using virus protection access management and other security applications (71%). It is estimated that an average of 5.4% of IT budgets will be spent on security in 2003. Many tools are helping to manage access and determine what's on the network, but in no way has the problem been solved. Many serious consequences have resulted due to the lack of security, including:
Identity theft. Individuals are buying millions of dollars worth of merchandise using other people's credit cards. As stated in InformationWeek (Aug. 4, 2003), about 7 million individuals found themselves guilty of identity theft, an increase of nearly 80% over the 1.9% rate reported in February 2002. According to research and advisory firm Gartner Inc., only one in 700 of these thieves may be identified because this crime is often misclassified. A presidential commission has recommended that the U.S. Postal Service (USPS) work with the Department of Homeland Security to develop sender identification technology such as personalized stamps that embed digital identification information. However, civil liberties groups and others are objecting to what's being called "intelligent mail" for all users. USPS has not accepted the commission's report, but d'es intend to award a contract in November for mobile data-collection devices that could serve as intelligent mail scanners.
Student access to data. Loaded with course grades, credit card numbers, home addresses and social security numbers, educational records hold particular fascination for hackers, most of whom are curious students. According to the National Center for Education Statistics, 99% of all public schools have access to the Internet. Most schools rely solely on teacher monitoring and a student honor code. Many schools even allow students to manage their own accounts, register for classes and pay tuition online. Thus, data such as student and alumni records, social security numbers, credit card numbers and other personal information must be secured.
Abundance of spam. Unsolicited e-mail advertisements, commonly known as spam, are estimated to cost about $875 for each employee per year. One statistic states that 49% of users spend from 40 minutes to almost four hours a week deleting spam. Many users are installing anti-spam software, but legally there is very little that can be done against spammers directly. Several bills are being discussed in Congress, but bickering between Democrats and Republicans is delaying the process. Conversely, the European Union has declared that an e-mail account is more private than a mailbox, and a business needs explicit permission before sending an e-mail message.
Filtering devices. Filtering software is being installed in more networks and on more computers, but it is also raising some questions as to what, when and how to filter. For example, librarians are challenging the way filters are used, while school administrators have transferred their decision-making authority to private companies with little public disclosure and credibility for their decisions. Therefore, override capabilities should be made available to educators.
