Print
Discuss
Send to friend
RSS feedsDo you ever get the feeling that someone's watching over you? Well, if you use a computer you might just be right.
While you should be able to go about your lawful business as you see fit, both online and offline, there is no cast-iron constitutional right to privacy in this country. We are unblessed instead with a collection of piecemeal legislation that taken together is rather better than nothing but falls considerably short of outright protection. Paranoid? If you are felling a little jittery, maybe you shouldn't read on...
Two-way traffic
Surfing the web may feel like a one-way street but the truth is somewhat different: what comes in can also get out. Next time you're busy online, double-click that little icon of two flickering computers next to the clock on your Windows Taskbar. You'll see that a good deal of data is being sent as well as received.
Now, this is perfectly normal - your browser or email program has to make its presence and wishes known to the machine at the other end of the connection - but there's no easy way to monitor precisely what's slipping out of your PC. The danger is that someone, somewhere is sucking out stuff they shouldn't.
A famous example occurred late last year when it was discovered that the popular RealJukebox multimedia player scoured your hard drive for personal data - your name, email address, how many MP3 files you had, and what kind of music you listened to - and siphoned it back to base. A grovelling apology from the red-handed distributor soon followed, but a lot of trust went up in smoke.
Watch your back
Almost any program has the potential to do the dirty with your data. Indeed, some are specifically designed for this purpose. Best known is the charmingly named Back Orifice (www.bo2k.com), which opens up your entire computer to the outside world. Nice it is not, at least in the wrong hands, which is where it invariably ends up.
While you are hardly likely to download and install it yourself, Back Orifice is widely distributed in disguise across the internet and it could worm its way on to your system via an email attachment. So be on your guard for suspicious messages and make sure that you have good antivirus protection in place. Also, be extremely careful when accepting files from strangers in any kind of internet chat forum.
Flame proof
A big corporate office with internet access will always have a firewall in place to protect the network from attack and damage - and small offices should try to follow this practice.
A firewall is simply a software barrier that gives your network administrator control over precisely what kind of information passes between your desktop computer and the outside world. Thus, email will get the thumbs up while you may find that you can't download programs or connect to chat rooms.
These days, it's also perfectly possible - and prudent too, if you use the internet frequently - to install a personal firewall on your home PC. Once in place, the program will warn you whenever somebody tries to access your computer on the sly. It can at first be a little disconcerting to see how many potential hackers are out there with nothing but time on their hands, but it's equally satisfying to see them thwarted.
Norton Personal Firewall is distributed by Symantec and costs £40. Call 01628 592222 or visit www.symantec.co.uk.
McAfee Firewall is distributed by Network Associates and costs £30. Call 0800 092 7160 or visit http://software.mcafee.com/products.
Sues you, sir
If you think that your IT department is overly neurotic about email, or if you think your employees' email isn't your responsibility, consider this. Norwich Union was successfully sued by Western Provident in 1997, because members of staff circulated defamatory rumours on the company's internal network. Internal, mark you - not a word of this slander was in the public domain - but still Western Provident won damages to the tune of £450,000.
From that day forth, it was clear that an employer could be held liable for any libel originated by an employee on company equipment in company time.
Paranoia swept across industry and contracts of employment were hastily re-written to protect companies from the actions of their workers. Pay due heed also to the lesson learned at a Rolls-Royce plant, where several employees were sacked for having pornography on their office PCs. The issue here was not so much who had what, or where it came from or how or why, but merely that the company's network had been used to distribute the offending material.
Legal e-agle
But is it fair? Legally speaking, it's hard to be definitive. The exponential increase in the use of email and web access at work has not been accompanied by any internet-specific legislation, and this has left businesses floundering in a swamp of legal uncertainty.
The next major shakeup happens later this year when the Human Rights Act, which redresses the balance in favour of the individual, becomes law in the UK. For the first time, we will all have a clear and firm right to privacy. So where does that leave us right now?
Robin Bynoe, a lawyer with London firm Charles Russell, recognises that some companies have gone too far. "You see some very draconian terms and conditions nowadays where employers assume the right to read every email, whether public or private, business or personal. But this may well be found to be unlawful under the terms of the Act," he said.
"Of course, you also find employers with inadequate conditions of employment who nevertheless read their employees' emails, and again this may be a breach of your human rights."
It will undoubtedly take case law - that is, people prepared to fight for their privacy rights in court and thereby set 'legal precedents'- to sort out the specifics.
"The Act is drafted in the usual Euro waffle," adds Robin. "For instance, it says that you have a right to private communications - unless the state happens to decide that, in the interests of national security, you don't. We'll have to see how the courts deal with this let-out clause.
Meanwhile, there's a very firm culture in this country that you're entitled to send and receive private emails at work, just as you are to make personal telephone calls. But, as seen in the Norwich Union case, you risk committing your employer to legal liability even in informal messages. One of the ways around this is to permit employees to send personal emails but only if they use a private web-based account, like Hotmail. This makes a formal distinction between personal and business messages."
Sound advice, we feel.
Cop a load of this
The Internet Service Providers Association (www.ispa.org.uk) represents the views and interests of most UK-based ISPs. Its privacy policy is pithily summed up thus: "Where services involve the collection of personal information, such as names and addresses, from individuals (data subjects), members must make it clear to data subjects the purpose for which such information will be used.
"Members must also identify the data user (if different from the member or data subject) and give the data subject the opportunity to object to such usage."
In other words, check the small print in your ISP's agreement to see what it's doing with your data.
One particularly contentious area is the voluntary 'good guidance' agreement between ISPs and the Association of Chief Police Officers. If the police have you under suspicion or investigation, they are entitled to ask your ISP to release personal information - and your ISP will almost certainly oblige. No warrant is required.
We asked Tim Pearson, a council member at ISPA, to comment. He said: "Our view is that society as a whole has been happy with the current state of affairs where phone calls and the post may, in exceptional circumstances, be intercepted and monitored. Extending these powers to the internet is logical and not unreasonable, and is really a matter more for society than for us as an industry."
However, he stresses that only the most basic information - generally your name and address - gets passed on under this agreement, not any record of your online activity.
You should also be aware your ISP is duty-bound to remove any illegal material on your website if it receives a complaint from the Internet Watch Foundation (www.iwf.org.uk).
Web woolliness
How often do you fill out forms on websites - and how often do you wonder just what becomes of your data?
The good news is that you're covered by the Data Protection Act. This requires that a company must tell you what it plans to do with your data at the time of asking for it, and it can't suddenly change the rules without telling you (for the nitty-gritty, go to www.dataprotection.gov.uk). But it's easy to couch privacy policies in impenetrable, imprecise or ambiguous jargon, and who reads these things anyway?
Now, far be it from us to cast aspersions on the credibility or motivation of dotcom enterprises that seek to sign up millions of members in days, but there are already worrying signs that failed startups may be flogging private customer information to their creditors. After all, this is their biggest - and in some cases only - asset.
We would suggest that you always read privacy agreements carefully, particularly when you are required to submit your address, telephone number, credit card number or other sacrosanct information. Perhaps also be a little selective about who you sign up with.
There are no guarantees that your data will be completely safe in all circumstances, but the bigger names in the online business certainly have too much to lose to play free and loose with your details.
In Part 2: we look at the contentious Regulation of Investigatory Power Bill, privacy software and cyber rights - and give you tips on how to protect yourself from snooping eyes.
See also:
Visa is planning to announce 10 new rules to boost the security of online transactions carried out every day by its 21,000 members. 16 Aug 2000
The end of last week saw further exploitation of UK company websites by what is a recurring threat in the IT world - the hacker. Five companies were hacked last week, but not by bored 'script kiddies', or those who do it just for fun. Three of the hacks were executed by GForce, a group which aims to raise awareness of the Indian government's treatment of Kashmir nationals. 11 Aug 2000All Hacking
del.icio.us
Digg this
reddit!
