[People who are interested in subscribing to
this newsletter should contact John
Sheridan @ [EMAIL PROTECTED] WEN]
Mfg.Trust is a monthly feature of the
NCMS InfraGard Manufacturing Industry Association
Infrastructure assurance for manufacturers.
Powered by NCMS.
<><><><><><><><><><>
This month - YOUR PRIVACY
Your personal privacy as it relates to information technology
<><><><><><><><><><>
Editor's Preface:
The NCMS InfraGard Manufacturing Industry Association's vision of
infrastructure assurance is a comprehensive process, backed by a plan, and
implemented by good people. People, process, and technology must work
together to succeed in business. Nowadays, many people choose to use
sophisticated information technology tools in our personal lives. So, even
if you are web shopping at home, or subscribing to email magazines, these
same precepts apply. You need some personal rules or processes to live by.
We encourage you to plan for your personal privacy, to take control of the
issue as it affects you personally. You can use the materials here and on
our resource page (http://trust.ncms.org) to consider the options, and
develop a personal level of disclosure that makes you comfortable. Of
course, "what makes people comfortable" varies enormously. You need to weigh
the costs and benefits for yourself.
This month's feature will address your personal privacy as it relates to
information technology. That's just one slice. The October 2001 Identity
Theft article covered another important aspect of privacy. Last month's
article on Industrial Strength Authentication is completely relevant to your
personal affairs. You can go to our web site (http://trust.ncms.org, select
Publications Index) to review the excellent web resources there. Corporate
Privacy practices (they affect you too) will be addressed in a future
article, so for now we'll bypass both the 1998 European Union Privacy Laws
and the U.S. HR 2975 - PATRIOT Act. Each is complex.
NCMS is dedicated to helping manufacturers develop robust systems (people,
process, and technology) that assure uninterrupted production. We hope you
find these resources useful both in your personal and business lives. Aware
and educated private citizens are also aware and educated employees!
John Sheridan ([EMAIL PROTECTED] )
<><><><><><><><><><>
YOUR PRIVACY
<><><><><><><><><><>
"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized." - Amendment IV, The United States
Constitution (1791)
You should be able to exercise control over how personal information you
provide will be used. If you provide personal information for one purpose,
you should be able to stop that personal information being used for other
unrelated purposes. Government regulators and responsible businesses are
converging on this very general norm, but it is very difficult to get any
sort of widespread agreement on critical implementation details.
What about personal information that you do not "willingly" or "knowingly"
provide? In their November 5th cover story, Business Week reports, "...Polls
taken since September 11 show that 86% of Americans are in favor of wider
use of facial-recognition systems; 81% want closer monitoring of banking and
credit-card transactions; and 68% support a national ID card. This quest for
"safety" will come at an incalculable cost to personal privacy." These
developments could wind up having profound implications for our democracy.
Privacy involves the most fundamental issue in governance: the relationship
of the individual to the state. By reducing our commitment to privacy, we
risk changing what it means to be Americans.
<><><><><><><><><><>
"Quid pro Quo" Privacy
The fight over privacy is often waged between two extremes: the government's
need to know vs. the individual's right to privacy. But some European
governments and companies are exploring a compromise path, in which
consumers voluntarily submit to greater data-gathering to get something they
want in return. Call it quid-pro-quo privacy.
Schiphol International Airport in Amsterdam is offering frequent fliers a
special deal: Give up a bit of personal privacy by submitting to an iris
scan, and breeze through passport control. Privacy groups complain that all
such systems create huge databases of information that governments could tap
without the knowledge or consent of citizens. Yet, participation is
voluntary (actually, there is also a fee for this service).
<><><><><><><><><><>
Banking - Does It Belong Online?
An individual's financial information is probably one of the most private
possessions one could have. This data contains so much confidential
information that if it were delivered into the wrong hands it could spell
disaster. There are currently about 4,100+ individual financial institutions
around the world utilizing some type of Internet Banking application.
Banks primarily rely on a system or a group of systems known as 'host
processors'. These host processors are responsible for the storage of all
financial information. When these host processors were originally developed,
Internet Banking was not an issue. Oops!! The full story is on our resources
page at http://trust.ncms.org. Be particularly careful with your online
banking, which is literally a rich target for crime. Ask lots of questions
of your bank, and expect these online banking systems to change / improve
over time.
<><><><><><><><><><>
Don't Get Sentimentally Attached to Your Computer Password
Computer passwords are intended to aid your privacy by certifying your
identity on a network. But people become sentimentally attached to them or
leave them taped underneath their keyboards or on their monitors, accessible
for both casual and truly malicious misuse.
Jennifer Lee reports in her NY Times article (link below), "The problem is
that computer passwords have evolved into the personality test of a
networked society, as millions of people try to sum up their essence through
a few taps on the keyboard. As psychologists know, people and personalities
are often very predictable in the aggregate, and thus so are passwords a
reality that malevolent computer hackers often take advantage of."
Jennifer's eye-opening article will tell you which passwords are most
popular with middle-aged women, and young males. Take a look before you
select your next password.
<><><><><><><><><><>
Customer Data Means Money
With more than 200 million adults and more than 18 million businesses in the
United States, you can buy data on just about every kind of industry,
product, habit, trend, and interest. All that information can be filtered
and analyzed, massaged and repackaged in just about any manner that suits
your needs. Most of the consumer information available for sale is compiled
from public sources that are easy to locate, and most of the data is used to
create mailing lists that fuel the direct marketing of products and
services. Individual feelings vary widely on this topic, and emotions run
high. If you wish to exercise your "right to be left alone" see Junkbusters
(link below).
On the other hand, a new national survey (see Privacy Resources page at
http://trust.ncms.org for links to details) of commercial Internet sites
suggests that online privacy practices and policies are "continuing to
evolve, and, by at least some criteria, to improve." Among the most
important findings:
* Web sites are collecting less information,
* Privacy notices are more prevalent, more prominent and more complete,
and more sites offer choice,
* P3P adoption is off to a rapid start (see text below), but seal programs
are growing relatively slowly.
Responsible companies do search for the right balance between delivering the
service customers want and the privacy they expect. On the commercial side,
IBM is one of the earlier large companies to appoint a Chief Privacy
Officer. "The evolution of e-business has made privacy and data protection
one of the biggest challenges for enterprises today," said Dr. Michael
Waidner institute executive at the IBM Privacy Institute (link below).
"Companies today are increasingly looking to design and offer personalized
services to their customers. We believe that technology will play a critical
role in enabling personalized services while protecting individual privacy."
<><><><><><><><><><>
Privacy on the Internet
The news in privacy protection this year is Platform for Privacy Preferences
(P3P), the standard created by the World Wide Web Consortium that lets Web
surfers screen Web-site privacy policies and prevent their PCs from sending
private information about themselves.
Microsoft built P3P into Internet Explorer 6.0, letting users select their
privacy preferences from a menu. For instance, they can tell the browser to
prevent Web sites from loading cookies onto their PCs. The browser also
warns users when Web sites don't live up to their privacy parameters. It has
been predicted that three-fourths of the top 100 U.S. Web sites will become
P3P-compliant in 2002.
With an estimated 10 million to 15 million copies of Internet Explorer 6.0
already in use, consumer awareness of privacy issues could heighten
dramatically in coming months. See the resources page at
http://trust.ncms.org for information on consumer and commercial privacy
products available.
<><><><><><><><><><>
Safire Warning on National ID - The "Discredit Card"
NY Times columnist William Safire editorializes convincingly, "...The
universal use and likely abuse of the national ID -- a discredit card --
will trigger questions like: When did you begin subscribing to these
publications and why were you visiting that spicy or seditious Web site? Why
are you afraid to show us your papers on demand? Why are you paying cash?
What do you have to hide?" (The link below is free, but you must register to
read the editorial. You can decide if that is too invasive.)
<><><><><><><><><><>
In Summary
The protection of your privacy while interacting in personal or business
commercial transactions will always be a matter of earned trust. Ultimately,
if you give information to someone, they have it and can give it to someone
else (or someone can take it from them!). Our attitudes are shaped by how
much we trust the government, the bank, the doctor, the grocery store, or
anyone else we interact with.
"Those that would sacrifice their freedom for safety will find they inherit
neither." - Ben Franklin
<><><><><><><><><><>
Links:
Privacy in an Age of Terror, (Cover Story) Business Week; New York; November
5, 2001; Mike France and Heather Green in New York, with Jim Kerstetter in
San Mateo, Calif., Jane Black and Alex Salkever in New York, and Dan Carney
in Washington;
http://www.businessweek.com/magazine/content/01_45/b3756001.htm
And the Password Is . . . Waterloo, by Jennifer Lee, NY Times, 12/28/2001
http://www.nytimes.com/2001/12/27/technology/circuits/27PASS.html?todayshead
lines
IBM has formed the IBM Privacy Institute and the IBM Privacy Management
Council to focus exclusively on privacy and data protection challenges
facing its enterprise customers and the marketplace.
http://www.ibm.com/news/us/2001/11/121.html
Junkbusters: Materials on fighting junk mail, spam, telemarketing calls and
other privacy invasive marketing. Also tools to protect privacy.
http://www.junkbusters.org
Safire Warning on National ID - The "Discredit Card"
http://www.nytimes.com/2001/12/24/opinion/24SAFI.html
(There is no charge for this NY Times editorial, but you must register to
read it. You can decide if that is too invasive.)
<><><><><><><><><><>
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
