Security Watch

Who's Digging Through Your Files?

Corporations need to be more transparent with consumers about how and when their private files are accessed.

Privacy
There's increasing pressure from Congress to offer some solution to the issues surrounding the ChoicePoint breach. ChoicePoint itself acknowledged that federal legislation would be better than existing standards.

One way to mitigate this is to inform consumers whenever their private information is accessed. This could be done via a monthly, or even more frequent, report. If you're the one examining these records, you'll be more likely to determine if illegal or invalid access has been granted by the holder of your information. Alert by one individual may lead to the discovery of a plot to abuse many.

Such a report, some have suggested, could be similar to credit card or bank statements; but both of those fail to report very important access information. For example, credit card statements don't report declined transactions, nor do they report the holds that a hotel places on your card while you're staying there. They also don't indicate how a transaction occurs, so you won't know if a purchase was phoned-in via your Internet Visa card (many people keep one credit card strictly for Internet transactions.) Bank statements fail to report that your debit card was swiped but no transaction occurred, or that your PIN was changed.

With identity fraud now so frequent, corporations that collect customer information need to rethink not only the way they handle that data, but also the way they deal with the owner of the data. Loyalty programs, buying clubs and member organizations are all prime targets and run a very high risk of customer backlash should they fall victim to an attack.

I believe there's an opportunity to retain consumer confidence, but at the expense of disclosing to consumers how their information is being used. But will this happen before—or after—consumers say "Enough!"?

Governance
Anthony Greco, 18, of upstate New York, became the first American to be arrested for using instant messaging networks to send spam.

Here's hoping they throw the book at him. If spamming isn't treated as a crime, we're going to completely lose our ability to be online. This guy is alleged to have sent 1.5 million messages to users of MySpace.com; we can only imagine how much of the recipients' bandwidth was consumed and time wasted.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular