Page 626 - Encyclopedia of Business and Finance
P. 626
eobf_P 7/5/06 3:18 PM Page 603
Privacy and Security
PRIVACY ORGANIZATIONS Pharming (pronounced “farming”) is related to
Privacy advocates assert that electronic record keeping and phishing in that users are misdirected to fraudulent Inter-
transmittal of information threatens basic American liber- net sites where they are asked to provide personal informa-
ties and rights to privacy. In reaction to the growing use of tion such as usernames, passwords, and Social Security
computerized databases, several groups were formed in numbers.
the early 1990s in an effort to support efforts to protect Crimeware is defined as any instance of malware
social and legal privacy issues in cyberspace. (malicious software), adware (advertising software), and
spyware (spying/tracking software). For example, a Trojan
• Electronic Frontier Foundation—established in
keylogger (spyware) can be used to either capture personal
1990 to focus on civil liberties (http://www.eff.org)
information as it is keyed in or redirect users when they
• Privacy International—in 1990 emerged as a global attempt to login to their Internet banking sites. Both
watchdog for a wide variety of privacy issues, phishing and pharming are the focus of the Anti-Phishing
including data matching and medical privacy Working Group (http://www.anti-phishing.org), which is
• Internet Society—begun in 1992 as an international “committed to wiping out Internet scams and fraud.”
organization to develop and implement standards
for the Internet, as well as to maintain historical and
LEGISLATION
statistical databases of Internet usage
Computer crime-related legislation is growing. Several
(http://www.isoc.org)
laws have been enacted to protect privacy and security. For
• Privacy Rights Clearinghouse—founded in 1992 as example, the Privacy Protection Act of 1996 (42 USC
a nonprofit consumer information and advocacy 2000) imposes controls on the databanks owned by fed-
organization (http://www.privacyrights.org) eral agencies. Any database maintaining personal informa-
• Electronic Privacy Information Center (EPIC)— tion cannot be distributed to other federal agencies
established in 1994 to address civil liberties and pri- without going through proper legal channels. In addition,
vacy issues (http://www.epic.org) the Family Education Rights and Privacy Act protects the
dissemination of student information. The proposed
• Privacy.org—A joint project of EPIC and Privacy
Identity Theft Protection Act attempts to limit the use of
International, which serves as an outlet for privacy
Social Security numbers as identifying data and ensure
and security news and information
individuals are notified when their personal data are com-
promised.
SOCIAL ENGINEERING SCAMS
In addition to “taking” information through database
These privacy organizations seek ways to combat social
access, security issues also include deleting information
engineering scams that use the Internet and e-mail. The
from databases. Improper use and invasion of privacy
most popular scams are phishing, pharming, and crime- through harmful access occurs when people knowingly
ware.
damage or destroy computer programs by deleting infor-
Phishing (pronounced “fishing”), which is also know
mation or installing computer viruses (programs designed
as spoofing or carding, is a fraudulent method of stealing
to run in the background of a computer’s memory, silently
personal information. The term phishing is used because destroying data). This improper use is addressed under the
the perpetrators in effect “throw out bait” to unsuspecting
Computer Fraud and Abuse Act of 1986 (18 USC 1030),
individuals. The scam artists create e-mail messages that
which prohibits the improper use of “federal interest”
appear to come from a bank, credit card company, or
computers—computers that communicate and share
other trusted entity. Oftentimes, the scammers will create information across state lines or internationally.
very convincing e-mail messages that include logos or
graphics copied from the real institution’s Internet site. Any computer that is connected to the Internet (even
through a local network provider) is considered a federal
The message requests that the recipients confirm their
interest computer and subject to the Computer Fraud and
personal information (e.g., credit card numbers and
account information) by either replying to the message, or Abuse Act. In addition, the Electronic Communications
more typically, following the provided link to the “com- Privacy Act (18 USC 2510) makes it a crime to use a com-
pany’s” Internet site. The link, of course, is not to the puter system to view or tamper with other people’s private
company’s site, but to a counterfeit site, which also uses messages (e.g., e-mail and data files) stored in an online
appropriate graphics and text in an attempt to appear offi- system.
cial. Some phishing scams indicate that because of recent The Health Insurance Portability and Accountability
suspicious activity, the user’s account will be suspended Act of 1996 ensures health insurance coverage during
until the personal information is confirmed. changes in employment as well as establishes national
ENCYCLOPEDIA OF BUSINESS AND FINANCE, SECOND EDITION 603
