Privacy protection perceptions

By Sami Lais, Computerworld |  Government

What detail of your private life would you least like to see splashed across the Internet? Or added to a database, linked to your name and sold in a mailing list?

Your concern could become a source of amusement to your grandchildren, because by then, "privacy as we know it won't exist," predicts Nick Jones, a London-based research director at Stamford, Conn.-based Gartner Group Inc.

Global Positioning System devices may track your every move. Always-on communications will keep you reachable.

A Matter Of Policy

Policies that govern how security is implemented will determine the future of privacy more than privacy laws or IT itself, say security vendors, analysts and private and federal watchdog agencies.

Organizations may seek to protect personal data, says Andrew Shen, an analyst at the Electronic Privacy Information Center in Washington, but "without the security, they can't guarantee privacy."

Among privacy-protecting technologies, encryption will lead, says Alan Paller, research director at the SANS Institute in Bethesda, Md. Encryption will be "built into the transmission system and hardware," he says.

And authentication will be crucial, says Clint Kreitner, president and CEO of the nonprofit Center for Internet Security (CIS) in Bethesda, Md. For good authentication, "you need to have something, and you need to know something," he says. Smart cards, which have microprocessors for data exchange and require passwords, may see wider use.

Not so with biometrics, says Paller, because an electronic fingerprint can be illegally captured during transmission and reused.

"Connecting any machine that has information assets exposes those assets to compromise, and there are not enough knowledgeable people to fix the holes. IT vendors ship products with a default of security measures open rather than closed," Kreitner says, because otherwise "most customers are not knowledgeable enough to implement the product without great amounts of support."

To plug that knowledge gap, the CIS is developing specific lists of operating system settings that constitute a baseline level of prudent security practices.

Release of the first set of free baseline security practices will be in early April, for Sun Microsystems Inc.'s Solaris operating system. Lawsuits will follow release of the CIS baseline practices, Paller says, that argue that "minimum security practices were well known, you didn't implement them, and your carelessness took down my company."

Security isn't so much a technology issue as it is "a process issue," says Shen. Even if you know how to implement security, "you can't simply put in new software and let it run," he says. "You have to make sure people are maintaining the system."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness