from left to right: the panelists Robert Schifreen, Clive Room, Dave Evans, Stephen Trewick. To the right is Bobbie Johnson of the Guardian
I went to the Dana Centre last night, for Stolen Identity: a discussion of how to protect yourself from thefts of data and identity online.
Four experts briefly gave their perspective on the topic. Then the audience was split into four groups. The speakers rotated around the groups, spending 15 minutes with each. This enabled us to discuss issues with them in reasonable depth. Here are the key points I noted from the discussions
Dave Evans, Senior Data Protection Practice Manager, Information Commissioner's Office
Dave
and his colleagues have recently published advice for people using social networking sites.
- I am using an Act written before most
people had ever even received an e-mail (the Data Protection Act 1998)
to deal with the complex issues thrown up by social networking sites
such as Facebook and Bebo. If people voluntarily declare information
about themselves on a site like FaceBook are they ceding their right to
privacy in relation to that data?
- Any
organisation collecting personal data using equipment based in the UK
is subject to the Data Protection Act. Facebook, e-bay and similar
sites use cookies based on your computer to collect personal
information about you. The Information Commissioner views this as
constituting using UK based equipment because your computer is UK
based. None of these sites has challenged this assumption and the
Information Commissioner does handle complaints received against
these organisations.
- Social networking sites have a legal
responsibility to keep your data secure. They also have a
responsibility to make sure that their services are set up in ways that
don't endanger people and their data
Detective Sergeant Stephen Truick, Metropolitan Police Fraud alert/ e-response unit
Half of Stephen's job is concerned with working with companies to trying to design out existing frauds. The other half involves helping victims of internet fraud.
Stephen was the scariest of the four speakers, he spends his time looking at the dark side of the internet and this showed through in his answers to our questions:
- Internet fraud is definitely on the increase, I get 600 e-mails a day of people from people reporting new frauds to me, despite never having publicised the e-mail address. The volume of e-mails reporting frauds has doubled over the past two years.
- In my previous job I dealt with with sex offenders.
The techniques internet fraudsters use are similar to those used by sex offenders.
- The
early hackers were testosterone fueled geeks hacking into computers to
show they could do it and to impress their girlfriends. Nowadays computer fraud is big business.
cybercriminals recruit brains from universities and pay them a
fortune.
- I
would close the internet down tomorrow if I had the chance. I've seen
people lose their life savings from internet fraud, and driven to
suicide. When
I retire I am going to live in France and I won't have a computer or an internet connection.
- Why would you want to put any data about yourself on facebook? I have set up three
false identites on Facebook. One was of an 18 year old girl, using a picture of an attractive girl I obtained from the internet. I received 400 requests to be
my friend. Some of the stuff those people send to that fake girl is frightening.
- It
is easy to spoof someone's e-mail. I could send you all e-mails that
looked as if you had sent them to yourself.
Robert
Schifreen, IT security Consultant
Robert was the first person in the world to face a jury trial for
computer hacking, in the late 1980s. At the time there was no law in the 1980's to say that you could not hack into someone else's computer. He was charged under forgery legislation and the case went to the House of Lords at the cost of
£2million. They ruled that forgery law did not cover computer hacking. As a direct result of the case the Computer Misuse Act 1990 was introduced.
- There is no magic recipe for keeping yourself and your data secure online. I can't say to you all 'do these three things and you will be OK'. It depends on you and your situation. There is no
software you can buy to give you piece of mind.
- Shops will sell you powerful equipment for your home like wireless routers. They won't tell you that unless
you set up a password on the router any passer by could park outside your house and hack into the
administration of your router. They could block you out of your own network. Worse still they could download illegal pornography from the internet and it would appear to have been downloaded by you.
- Encryption
and back up are the solution to most data security problems. You can
encrypt your data on a standards Microsoft Windows environment on
your PC, using EFS. The problem is that if you back up the data and
then try to restore it in a different computer it won't restore
unless you have remembered to back up the encryption keys
- You should tick the box on your Facebook profile that restricts access to view your site to people you have accepted as a friend.
Clive
Room, Marketing expert, Portcullis
Portcullis are the company who built an
application that enabled a BBC documentary to show how easy it was to
hack FaceBook and harvest people's personal data.
- Don't give your real birthday to social network sites. Give a false one. The only reason to give facebook your
birthday is to get e-birthday cards from your friends. If you really
want that then give the same day but change the year. I am twenty five years old on FaceBook.
- Marketeers want your data so that they can reach you. A friend split up with his girlfriend
recently and altered his status on Facebook to single. Straight away an advert was displayed on his site from a dating agency for people in their mid-thirties. If you buy a pregnancy test in a supermarket then nine-months later you will be sent adverts for nappies.
- I attended a recent conference on information security recently where an
IT manager proudly announced that his organisation had banned the use of
FaceBook, Bebo and My Space. But later speakers
described how they had saved a fortune by recruiting people through Facebook, and by using Facebook as a marketing tool.
- Depending on your line of business, a professional not using
services like LinkedIn and FaceBook may miss out on networking and
career opportunities. You need to balance your professional use of the
tool with your personal privacy. Think about what you want to reveal
about yourself and what you don't want to reveal.