CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Security

Insecurity in the digital world

Internet attorney Eric J. Sinrod examines what's become the soft underbelly of our increasingly electronic era.

More and more, we are going paperless, with all sorts of information stored electronically.

Of course, there are many advantages to maintaining information in electronic form. But this column is not about the favorable aspects of electronic data retention.

Rather, I want to examine what's become the soft underbelly of the digital world. I am talking about you, your private data, and how easily that data can go missing or can be used against you.

Sure, we all hear about potential privacy and security breaches in the abstract. This, however, is not an academic ivory tower exercise. Your personally identifiable information is vulnerable here and now. Let's consider two extremely recent examples to drive the point home.

In the United Kingdom, two computer disks containing personally identifiable details on all families in the country with children under 16 have disappeared. As a consequence, the names, addresses, dates of birth, bank account details and national insurance numbers on 25 million people on the two disks are unaccounted for. While no fraudulent or criminal activity has been detected yet, with respect to this vast array of missing data, time will tell whether the information has fallen into the wrong hands.

How did this happen? Apparently, the disks were sent from one government office to another, in a package that was not recorded or registered. That inspires confidence, doesn't it?

This was not some sort of stealth operation designed to penetrate electronically the inner sanctum of sensitive databases. Rather, the disks containing the information simply were sent through a governmental postal system and have not been seen since, more than a month later.

Thus, as governments and businesses gather increasingly more personally identifiable data on individuals, we are reminded of how easily that information literally can walk out the door without proper oversight and protection.

Of course, stealth security breaches also occur, as demonstrated by very recent attacks. The first such attack was directed at more than 400 people at financial institutions. Each of them was sent a individually tailored e-mail that claimed to be a complaint from the Department of Justice.

The second attack occurred just hours later. This one claimed to be from the Better Business Bureau. The true concern of these attacks is that the e-mails from both included malicious attachments that can enable remote access to a person's computer. With such access, personal and sensitive information of the computer user can be compromised.

These types of attacks, by their nature, are somewhat more difficult to uncover than mass phishing attacks, precisely because they are directed to the individual names of recipients. Social-networking sites can provide sufficient identification of people to whom perpetrators can direct these attacks.

Governments and businesses must do their very best to safeguard personally identifiable information of citizens and customers. Yet, even with best efforts, not all mistakes and breaches can be prevented. We truly are living in an age of digital insecurity.