Security Watch
Who's Digging Through Your Files?
Corporations need to be more transparent with consumers about how and when their private files are accessed.
Privacy
There's increasing pressure from
Congress to offer
some solution to the issues surrounding the
ChoicePoint
breach. ChoicePoint itself acknowledged that federal legislation would be
better than existing standards.
One way to mitigate this is to inform consumers whenever their private information
is accessed. This could be done via a monthly, or even more frequent, report.
If you're the one examining these records, you'll be more likely to determine
if illegal or invalid access has been granted by the holder of your information.
Alert by one individual may lead to the discovery of a plot to abuse many.
Such a report, some have suggested, could be similar to credit card or bank
statements; but both of those fail to report very important access information.
For example, credit card statements don't report declined transactions, nor
do they report the holds that a hotel places on your card while you're staying
there. They also don't indicate how a transaction occurs, so you won't know
if a purchase was phoned-in via your Internet Visa card (many people keep one
credit card strictly for Internet transactions.) Bank statements fail to report
that your debit card was swiped but no transaction occurred, or that your PIN
was changed.
With identity fraud now so frequent, corporations that collect customer information
need to rethink not only the way they handle that data, but also the way they
deal with the owner of the data. Loyalty programs, buying clubs and member organizations
are all prime targets and run a very high risk of customer backlash should they
fall victim to an attack.
I believe there's an opportunity to retain consumer confidence, but at the
expense of disclosing to consumers how their information is being used. But
will this happen before—or after—consumers say "Enough!"?
Governance
Anthony Greco, 18, of upstate New York, became the
first American to be arrested for using instant messaging
networks to send spam.
Here's hoping they throw the book at him. If spamming isn't treated as a crime,
we're going to completely lose our ability to be online. This guy is alleged
to have sent 1.5 million messages to users of MySpace.com; we can only imagine
how much of the recipients' bandwidth was consumed and time wasted.
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.