Oroke Kenneth Augustine

PRIVACY-SECURITY & COMPUTER BREACH

INTRODUCTION

Information Technology (IT) has a central role in commerce, industry, government, medicine, education, entertainment and society at large. The Internet presents an exceptional platform where users can share as well as extract a wide variety of information. The speed and ability to communicate with people is fostered by the Internet, a worldwide network that is used to send communiqués and provide access to the world-wide web. The Internet of Things is a network that enables users to attain superior value and service by exchanging data. Now more than ever, our digital footprints are experiencing exponential growth. Like any other technologies, the problematic implications and negative impacts of IT on our society are numerous. The benefits of the Web have come at some cost, one being loss of privacy. It poses and creates some problems related to ethics which can be classified into three main types of ethical issues: personal privacy, access right, and harmful actions. Moreover, we are more susceptible to identity fraud and data breaches.

High-profile cyber-attacks and actual atrocities like hacking, copyright infringement, unwarranted mass-surveillance, child pornography, and child grooming have focused the world's attention on topics surrounding data protection, encryption, privacy and surveillance as never before. These headline-grabbing events overlay a rising background level of data leakage from governments, businesses and other organisations, families and individuals. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise.

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. Though, the boundaries and content of what is considered private share common themes, it differs among cultures and individuals. The domain of privacy partially overlaps security (confidentiality), which can include the concepts of appropriate use, as well as protection of information.

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and/or valuable asset, such as a person, dwelling, community, item, nation, or organization.

Computer crime also known as Cybercrime, is crime that involves a computer and a network in which the computer may have been used in the commission of a crime, or it may be the target. It was defined by Debarati Halder and K. Jaishankar as: “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including but not limited to Chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)”.

EFFECTS OF DATA BREACH

A data breach incident is an unauthorized access to sensitive, protected, or confidential data resulting in the compromise or potential compromise of confidentiality, integrity, and availability of the affected data. Sensitive, protected, or confidential data may include personal health information, personal identifiable information, trade secrets or intellectual property, and/or personal financial data. Those seeking illegal access to online information and communications, and those attempting to safeguard it, remain locked into an ongoing arms race. Every year brings its crop of damaging hacks, brought about by an evolving arsenal of cyber-attack techniques, which the security industry strives to defend with existing tools while gathering intelligence on new vulnerabilities. Users are also part of the problem, as their careless or malicious online behaviour can create exploitable opportunities for hackers, or directly result in security breaches.

Online data breaches have been in existence for as long as the internet has existed, but there is a risk that they may get to epidemic proportions as cyber fraud is among the fastest growing forms of crime in the world. Internet Privacy should be about the protection of sensitive and private information, at times called Personally Identifiable Information (PII), from inappropriate or unauthorized disclosure. Lack of internet privacy and ethics has caused quite a number of negative impacts destroying reliability and integrity of computer-based information, compromising confidentiality of users and many more.

High-profile US retailers Target and Home Depot were among many organizations that lost customer data and credit card information. In other companies, cyber criminals stole money from accounts, carried out industrial espionage and in some cases even took over company systems and demanded ransom money to unlock them. When measured for both the targeted organizations and the affected individuals, the impact of data breach incidents is significant. The release by Ponemon Institute in May 2014 shows that the average cost per incident was estimated to be approximately $5.9 million for organizations in the United States. The most severe impact of data breach for individuals is identity theft, resulting in approximately $16 billion stolen from 12.7 million identity fraud victims in 2014. In 2005, an earlier study estimated that the combined financial impact of identity theft was $56 billion.

As a result, computer usage policies has been used by many universities, organizations in an attempt to protect themselves. These policies attempt to prevent misuse by explaining correct and incorrect usage of systems. However, many users of the policies are unfamiliar with these policies. Further, many universities simply fail to cover computer security and computer misuse topics within their curriculum. Previous researches suggested that many information systems programs provide little or no coverage of this increasingly important topic.

Governments and businesses around the world are searching for better cyber defence strategies. Various exercise have been held on cyber-security. The European Network and Information Security Agency held a cyber-security exercise in October 2014, involving 29 countries and more than 200 organizations, including government bodies, telecoms companies, energy suppliers, financial institutions and Internet service providers. The tests included simulating more than 2,000 separate incidents: denial of service attacks, website de-facements, access to sensitive information and attacks on critical infrastructure. Software and hardware failures were judged the biggest security threats.

The growing threat to individuals is beginning to claim attention in national and international community. In many countries around the world, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would pose false information, from who steal, deny access to, or even destroy valuable information.

Self-protection is not sufficient to make cyberspace a safe place to conduct business. The rule of law must also be enforced. Countries where legal protections are inadequate will become increasingly less able to compete in the new economy. As cyber-crime increasingly breaches national borders, nations perceived as havens run the risk of having their electronic messages blocked by the network. National governments should examine their current statutes to determine whether they are sufficient to combat such kinds of crimes. Until now, only few nations have amended their laws to cover computer crimes that need to be addressed. Other countries begin to implement some initiatives, and it is clear that a great deal of additional work and efforts are needed before organizations and individuals can be confident that cyber criminals will think twice before attacking valued systems and information.

Cyber security has become a matter of urgency as the people behind the attacks have a significant head start. Internet privacy and online security are vital issues since they affect everyone who interacts online. With cases of cyber bullying, hacking and identity theft on the rise, it is apparent that joint responsibility is needed to minimize the risks; a combination of individual and collective action is required. Internet privacy and internet security entails user education, technological tools, as well as administrative policies and procedures. It is the responsibility of organizations and individuals to protect users, data, and systems from a range of threats.

IMPORTANCE OF CYBER SECURITY

Despite the best efforts of government agencies and cyber security experts, Cyber-crime is only likely to increase because its growth is being driven by the expanding number of services available online and the increasing sophistication of cyber criminals who are engaged in a cat-and-mouse game with security experts.

Technical innovation has created new online dangers. For example, many companies have migrated their data to third-party cloud providers and this has created a centralization of data and therefore more opportunities for criminals to misappropriate critical information from a single target attack. Similarly, there are more mobile services than ever and this has opened up corporate systems to more users—multiplying the opportunities to penetrate security measures.

The development of an Internet of Things, which enables communication between machines, raises the possibility of appliances being manipulated by hackers. Much of the world's critical infrastructure, controlling services such as power generation, transport and utilities, already depends on M2M. Protecting the networks that carry the communications that control these services is vital, especially since decision making is often done without human involvement. Some of the measures put in place to secure the cyberspace are listed below:

1. INTERNATIONAL EFFORTS ON LEGISLATION

The UK intelligence agency, Government Communications Headquarters (GCHQ), which provides advice and services to protect national voice and data networks, estimates 81 percent of UK businesses have experienced some kind of security breach. In order to help them combat it, the organization has published detailed guidance for businesses called “10 Steps to Cyber Security”, where the critical first step is to establish an information risk management regime that identifies the security risks it faces and the policy for dealing with them.

Governments are tightening laws to ensure organizations take greater responsibility for cyber security and report cyber breaches. The reporting of breaches is important as it enables government agencies to take action to strengthen security, allows individuals to mitigate harm and encourages organizations to adopt effective security measures.

In an effort to reduce cyber-crimes, 47 states in the United States have enacted laws that require security breaches involving personal data to be reported. The US Congress is also considering various proposals, including one from the Obama Administration, concerning a national breach notification law. The Data Security and Breach Notification Act of 2015 is a companion to the Consumer Privacy Bill of Rights Act of 2015 unveiled by President Obama, governing the collection and dissemination of consumer data.

Furthermore, under guidance from the US Securities and Exchange Commission, public companies are required to disclose the material risks they face from cyber-attacks and include specific detail to enable an investor to assess the magnitude of those risks.

The European Union and several of its member states have introduced similar regulations, some of which are specific to particular industries, with the result to make organizations operating across different legal jurisdictions comply with the different laws.

Also, the EU is developing a proposal for a General Data Protection Regulation to replace and harmonize current data protection legislation. The new regime would require organizations to report data breaches promptly to both the competent authorities and the affected individuals.

While ensuring compliance with the relevant legal requirements, these plans can be seen as an effective way to reduce the risks of financial losses and damage to an organization's reputation as preparing for a breach in security will be particularly important to organizations when incidents can result in fines, legal action or measures by government agencies.

2. ENCRYPTION TECHNOLOGY TO MINIMIZE HARMFUL ACTIONS ON INTERNET

Encryption, is used to scramble/encode a message into an unreadable format which is decrypted by the recipient using a key that converts it back into a readable form. Such encryption is widely used in online banking transactions, stock trading, Internet shopping, in ATMs, and many more. Also on webpages, data transmissions, encryption system commonly implemented to protect data is Secure Sockets Layer (SSL). This encryption can be easily identified by its web page address which starts with “https:” in place of usual “http:”

New Advanced Encryption Standard (AES) has been adopted by the U.S. government. Rijndael, an algorithm developed by two Belgian cryptographers, is designed to better safeguard government data than the older standard and works on multiple hardware and software platforms. This new technique is particularly important when data passes through shared systems or insecure network segments where multiple people may have access to the information.

Another protection method against computer crimes is called firewalls. Internet firewall is essentially one or more systems that control access between computer networks. The firewall controls access to the network from outside users, and it also controls the transfer of information from the inside network to outside world (Internet).

With these techniques, people can send/receive data in privacy, so that no body on the Internet can interfere. Furthermore, they can also be used to prevent any modification of transaction or message on the computer networks (Internet).

CONCLUSION

Every individual has moral right to privacy and this is frequently and increasingly at issue when information systems are used. Computer security though not a moral right or moral value has been argued to be morally necessary to protect correlated rights and interests: privacy rights, property rights, freedom rights, human life and health and national security. It was argued that computer security can also work to undermine rights. Analysing privacy and security issues in computing ethically can help computer professionals and users recognize and resolve moral dilemmas which can yield ethical policies and guidelines for the use of information technology. In addition, it has been recognized in computer ethics that both the use of information systems and their design require moral reflection, as system designs reflect moral values and involve moral choices. For example, a system can be designed to protect privacy, but it can also be designed to give free access to personal information to third parties. This fact is taken up in value-sensitive design, an approach to the design of information systems that attempts to account for values in a principled fashion. Ideally, ethical reflection on information technology should not wait until products hit the market, but should be built in from the beginning by making it part of the design process.