Home > Encyclopedia of Business and Finance > Privacy and Security

Personal privacy and security are foundational principles of our society. Yet how much actual privacy do we have? And how secure is the information we believe to be private? The integration of the computer into almost every corner of our lives has greatly affected our personal privacy and security. Databases across the country collect little pieces of data about us every time we use our credit cards, make a telephone call, and send or receive e-mail. In addition, health care records, insurance records, Social Security records, and so forth are all kept in computer files. This computer technology makes records and data easier to compile, combine, and circulate. Therefore, it is important to consider the effects of computerization on individual privacy, corporate security, and legislation.

INDIVIDUAL PRIVACY

Jeffrey Rothfeder's 1992 book, Privacy for Sale, illuminates the ways in which computers have changed our lives. Today, most of us depend on technology more than we realize. Although not everyone owns a cellular telephone, global pager, or personal digital assistant (PDA), most people do have credit cards, bank cards, and Social Security numbers. But the piles of files that are maintained when we pay for dinner with a credit card, withdraw cash using an automated teller machine (ATM), and use our Social Security number as identification when cashing a check are just the tip of the iceberg. Health care records, pharmacy databanks, and employment files also provide millions of people with the opportunity to peek into our lives.

Before computerization, most of this information was filed away in dark, musty filing cabinets, never to see the light of day without a

certain amount of physical effort. However, to day this information is stored electronically in databases that are interconnected through a wide variety of networks. Your privacy—or the lack thereof—can be just a few mouse clicks away. Privacy advocates assert that electronic record keeping of any information threatens basic American liberties and rights to privacy. Some argue that any machines that have memory— such as answering machines or cellular telephones—are potential privacy concerns.

In addition, computers can be used as vehicles for harassment. The term "spam" was originally used in cyberspace to refer to unrelated or unnecessary (junk) postings to electronic newsgroups and bulletin boards. Eventually, the term was used as a verbto refer to junk e-mail(e.g., "I've been spammed!"). Some states have enacted laws to decrease the amount of on-line harassment. For example, in 1992 Arizona established an antiharassment law that makes it illegal to make threatening or harassing statements via electronic communications. Also in 1992, Michigan passed a stalking law that defined repeated and unwanted electronic messages as harassment. In 1995, Connecticut extended its existing harassment laws to include computer-related communications. Ironically, the corporate and governmental entities that maintain many of the databases that are used to collect information are also vulnerable to their own privacy and security issues.

CORPORATE SECURITY

Today, people in business and industry greatly depend on computer technology for nearly every aspect of their daily activities. From typical desktop applications such as word processing and spreadsheets to fax machines, e-mail, and integrated inventory databases, networks have connected corporations across the world to share information and communicate. It is estimated that 200 million e-mail message are sent each day; that's more than 8 million an hour or nearly 140,000 each second! These messages travel through high-speed Internet connections all across the world, making stops (just for nanoseconds) and leaving a trail of messages along the way. These connections facilitate communication, but they also allow outside access to sensitive computer files.

This vulnerability is expensive; nearly 40 percent of all large corporations and even some governmental agencies have experienced virtual break-ins through network connections. Of these break-ins, 30 percent occurred despite the company's use of a firewall—a software program designed to allow only internal access by authorized personnel. Many corporations and government agencies maintain databases that contain personal information about employees, customers, and clients. Although the legal system has not kept pace with the Information Age, legislation has been passed to help promote both individual and organizational privacy and security in cyber-space.

LEGISLATION

No one organization, agency, institution, or country owns or maintains the entire Internet; it is a series of linked networks. Collectively, they work together to support the massive amounts of information that are available worldwide. There are also no set rules or regulations or even standards by which Internet communications are evaluated. However, several groups have formed to address the social and legal issues involving cyberspace. The Electronic Frontier Foundation (EFF) was established in 1990 to focus on civil liberties (www.eff.org). The purpose of this group is to protect the First Amendment right to freedom of speech. In 1992, the Internet Society (ISOC) began as an international organization to develop and implement standards for the Internet as well as to maintain historical and statistical databases of Internet usage (www.isoc.org).

The laws related to computer technology are still in their infancy. However, several laws have been enacted to protect privacy and security. For example, the Privacy Protection Act of 1996 (42 U.S.C. 2000) imposes controls on the databanks owned by federal agencies. Any database maintaining personal information cannot be distributed to other federal agencies without going through proper legal channels. In addition, the Family Education Rights and Privacy Act (FERPA) protects the dissemination of student information.

In addition to "taking" information through database access, security issues also include deleting information through database access. Improper use and invasion of privacy through harmful access occurs when people knowingly damage or destroy computer programs by deleting information or installing computer viruses (programs designed to run in the background of a computer's memory, silently destroying data). This improper use is addressed under the Computer Fraud and Abuse Act of 1986 (18 U.S.C.1030), which prohibits the improper use of "federal interest" computers—computers that communicate and share information across state lines or internationally. Today, any computer that is connected to the Internet (even through a local network provider) is considered a federal interest computer and subject to the Computer Fraud and Abuse Act. In addition, the Electronic Communications Privacy Act (18 U.S.C. 2510) makes it a crime to use a computer system to view or tamper with other people's private messages (e-mail, data files, etc.) stored in an on-line system.

Jurisdictional issues—the power of a court to hear a case—are also a concern, considering the lack of boundaries in cyberspace. For example, if a person living in California uses a computer system based in Nebraska to access information owned by a corporation in Chicago to learn more about an individual living in New York, which court will hear the case? This scenario becomes even more convoluted if we modify the story to take place in countries instead of states. These laws by no means provide total privacy and security protection; they merely define criminal acts and set the parameters for prosecuting those who have violated them. New laws are continually proposed; you can access these bills and keep up to date on the related debates in Congress by accessing the Library of Congress web site at http://lcWeb.loc.gov/.

CONCLUSIONS

In summary, it is apparent that cyberspace has become and will continue to be a major concern to both individual and organizational privacy and security. Although legislation is beginning to become more substantial, it severely lags behind the pace of technology, forcing the burden of responsibility on the individual. To maintain your personal privacy and security, experts suggest following certain guidelines when using credit cards and communication devices (including telephones and computers):

• When subscribing to an Internet service provider (ISP), give them only the necessary information to process your account. Optional information will be kept in a database and potentially connected to your account for identification purposes.
• Do not, under any circumstances, share your password or personal identification number (PIN) with anyone. Also, if given the option to create your own passwords, do not use words or numbers that someone could know (home address, phone number, date of birth, anniversary) or find (Social Security number).
• If you want to surf the Web without leaving behind a personal trail, use an anonymous connection such as an open computer lab at a school, university, or library.
• Never use your credit card to purchase goods or services on-line; avoid similar transactions over the telephone (especially cordless phones and cell phones).
• Don't create your own personal Webpage that lists everything about yourself unless you really want everyone to know everything about you.

In conclusion, we can never be sure how much actual privacy we have. The extent of the Internet and interconnected databases is far too great to determine who knows what or how much. However, we do have some control over the security of our private information—if we choose not to share it!