|
VI. Is There Any Privacy Left?
This information accurate Fall, 1997 only.
Just as there are laws against tapping your neighbor's
phone or rifling through his office file drawer, there are
laws intended to prohibit computer invasion. A federal
law provides for a fine with or without imprisonment.
This doesn't stop hackers from attacking though. No
one can say for sure how many computers are accessed
by unauthorized outsiders, mainly because
administrators whose networks have been
compromised are hesitant to admit it.
If criminal penalties aren't enough to deter renegades
from breaking into systems, the victims can sue for
civil damages. There are a number of grounds for a
civil suit. One is negligence.
It might seem odd to claim that intentional conduct like intruding into a computer system could be called
negligence, but if damages result, there may be a case. Even though many hackers are motivated by the
thrill of breaking into a "secure" system and are not interested in causing damage, damage may still
occur.
When an intruder dials into a system and gains access by defeating its security, his actions may be
labeled as simple trespass. Trespass can also apply to improper use of systems meant for free access,
such as public Bulletin Boards or Web servers. It is trespass if a user acts beyond the intended function
of the system, such as uploading files or changing data. In some well-publicized cases, hackers changed
the Web pages of US government agencies and British political parties. While their actions may have
looked like harmless "pranks," taxpayer dollars were spent to analyze the break-in, create security
measures for future protection, and secure other areas from attack.
Businesses are also hurt by electronic intruders. The clean-up and heightened security costs are
absorbed by the consumer. Some theorize that a number of these break-ins go beyond the work of
random thrill-seeking hackers; and they believe that paid computer jockeys are conducting industrial
espionage. Today's business competitors, local and overseas, are taking advantage of the ex-Legion of
Doom members now old enough to want a Lexus.
Unless your home computer is set up to accept incoming calls, it is probably safe from intrusion. But a
determined hacker can attack in other ways. There are an increasing number of computers amassing
huge databases of information. These databases' content range from lifelong medical histories for
insurance companies to employee earnings. Credit card company computers log the spending habits of
millions of consumers. These institutions try to keep security tight because they know that they are
prime targets. But they are not necessarily the first to know when they have a security problem.
The spread of information on the Internet can be unpredictable as well as uncontrollable. Tsutomu
Shimomura, a computer security expert, wrote about the problem of sharing computer weaknesses in
his 1996 book, Takedown. Frustrated with CERN's
desultory movements toward notification regarding the methods of a skilled and malicious hacker he
wrote: "It was likely that within a month the details of the break-in would be widespread in the computer
underground anyway, making copycat attacks inevitable. The only people who wouldn't know about it
would be those responsible for actually protecting the security of the computers on the Internet."
Some groups take a "learn-as-you-go" attitude toward security, so individuals must be circumspect.
Until just this year, the Social Security Administration was providing semi-private information to
anybody that could type nine numbers.
Is there recourse if somebody accesses your private information on a computer other than your own?
Generally before you can sue someone you have to be able to show damages. But the real challenge in
such a case is amassing the evidence to prove wrongdoing. And since the perpetrator is most likely
broke, the effort may ultimately be fruitless.
Privacy on the Internet is a quirky issue. Many people mistakenly believe that what they write in email is
private. This is not true and it is absolutely false when it comes to email on a computer owned by your
employer. Employees can have no expectation of privacy, even if the email is written over a lunch break
or outside work hours.
Even if you are writing from a private account, your Internet Service Provider (or online community
such as CompuServe or AOL) can read any of your email and may even be making backup copies as a
matter of course. All it takes is the consent of the System Administrator for the FBI or other law
enforcement to gain access to all the email you have ever written. All of this can be done without your
permission or even your knowledge.
Does the law protect the individual on the Internet? It sometimes doesn't seem so. This is partly because
people don't have the money to fight protracted legal battles or lobby for protective legislation. Also,
computer-related privacy issues are cloudy and untested, and both citizens and courts are reluctant to
swim the murky waters.
Many Americans take their civil rights for granted and assume they are protected. But the average
law-enforcement agent is far behind the computer-awareness curve, and the judicial system is equally
lagging.
The Internet is often referred to as a "New Frontier" and likened to the rowdy days of the Old West. As
hackneyed as the metaphor has become, it is apt. Imposing order through the application of law is still a
new concept. As yet, the new marshal has not stridden into town, and because of the nature of the
community, he is unlikely to appear in any recognizable garb. The strongest force to appear on the
Internet to date has been the community voice. This means that everyone, from the America Online
surfer to the Government Security Administrator, is the collective town marshal. Internet voices can be
used to uphold a public standard which values privacy. But this can only be true as long as everyone is
realistic enough to recognize that, as on city streets, privacy is not absolute.
Timothy J. Walton is a civil litigator in California who has been exploring issues
associated with computer law for several years. A Web page of his devoted to Internet privacy law was featured in Internet World Magazine's "Best of 1996" issue.
What They've Got on You
What You Can Call Your Own
Is There Any Privacy Left?
[ Next Page
| Skip It
| Next 5
| Prev
| Random ]
Want to join the ring? Get the
info.