This paper examines hacker culture and the security and privacy policy concerns that come about as a result of network systems being hacked and privacy of the subscribers violated not only by outside individuals but also by the corporations themselves. It looks at and compares privacy policies of three companies operating in the same industry. It also focuses on how corporations are continually intruding into their users’ privacy in the effort to get ahead of their competition.
Keywords: hacking culture, cyber security, privacy policies
HACKER CULTURE AND RELATED CYBER SECURITY ISSUES
Introduction
According to Levy (2010, p. 4), two types of companies exist in the world, those aware they have been hacked and those that do not have a clue. Hacking is defined as the act of taking advantage of vulnerabilities in computer systems and exploiting them for various reasons, be it for personal gain or civil protest. There are other meanings of the word hack but it has come to be used generally to refer to computer systems exploitation. A hacker is a person who uses their computer skills to exploit computer systems of organizations, individuals and governments. There are two types of hackers; white hats and black hats (Levy, 2010, p. 9). White hat hackers are computer systems security experts while their counterparts the black hats are considered criminals due to the illegal hacking they undertake.
Hacking culture is a notion supported by both white hats and black hats. It involves the idea of software that is open and free to anyone. Hackers believe that software source code ought to be open to everyone to study, copy, modify and even distribute at will. Hacking culture has contributed a lot to computing development, as hackers from around the world share information on software tweaks, improvements and even vulnerabilities. A good outcome of this openness is that hackers have come to collaborate on projects, resulting in better software. On the other hand however, hacker culture eats into the revenue of computer and related organizations. This comes about as a result of hackers sharing secrets on vulnerabilities in systems, sharing passwords for premium services and even often taking down systems, costing these organizations millions in revenue and damages. For this reason, there are not many organizations supporting hacker culture.
Hacking causes a great concern to cyber security. Most governments and corporations consider computer hackers a threat to cyber security. Cyber security refers to how protected information on computers and networks is. Information is the key to all activities surrounding governance, business and even hacking. Governments know how to utilize and distribute resources from the information they have of their populations. Businesses acquire competitive advantage just by the information they have of their market and competitors. The only reasons computer wizards hack into systems is for information. While much of information is public, the most important information in organizations is kept private. National security is kept by maintaining intelligence information as state secrets (Levy, 2010, p. 72). Businesses developing prototypes do not want their competitors to know about it; else they lose their competitive advantage. It is this secret information that hackers thrive to get their hands on.
This paper will focus on how hacking culture affects cyber security of organizations and of other people linked to these systems. Through the years, organizations have tried to develop secure privacy policies to the benefit of their networks’ users. They have taken lessons learnt in the past and tried to protect themselves from the ever growing threat of hacking culture. There has, however emerged another internal challenge to cyber security. Organizations, in the process of innovating themselves in order to acquire a bigger market share, have let down some of their guards which seem to be strenuous to users and introduced some extensive features to their systems leaving users more than ever vulnerable to hacking.
It is therefore necessary to examine the extent to which an organization can compromise on their cyber security to make more money and keep their users on their computer systems. Also, how is hacking culture taking advantage of this lapse in security, therefore threatening the stability of organizations and individuals involved?
PRIVACY POLICIES OF ORGANIZATIONS
In examining how privacy policies of organizations are exposing users to the threat of hackers getting hold of their private information, we take into consideration three companies with extensive online presence and a large number of users. These companies are:
Google Incorporated,
Facebook Incorporated and
PayPal Incorporated.
Even though these three companies have different functions, they always intersect at the internet. The Internet is an industry on its own, and its ease of connectivity makes it the perfect medium for hacking. These three companies operate on this medium. Each of these companies has received criticism at one point about their privacy policies. They have been hacked into and their users have suffered at the hands of hackers at one point. How these companies change their privacy policies for the better or for the worse is subject to this discussion.
Google is an internet company established in 1998 to solve the problem of internet search. After succeeding in search, Google has moved to software, mobile technology, cloud computing, maps, advertising and a number of other internet based technology fields of business. Google search is the world’s most used internet service due to its ease of use and success in finding anything on the internet.
Google aims at making the world’s information available and well organized to be useful to users (Google Privacy Policy, 2012). Their privacy policy is very wide, dealing with varied issues which include:
What information they collect and how they collect it from users. This section goes on to explain different ways in which user’s information ends up in Google servers. The section is very detailed.
How Google uses the information it gets from users. They explain how user’s information is used while they are using Google services. For example, Google search uses users’ information previously obtained, to predict what will be most appropriate answers to queries based on previous clicks and searches on the same platform. Google does this by recording the information to a Google account, which they require users to have.
Transparency and peoples’ choices regarding their own privacy settings.
Information users share with other people
Information that Google shares. Google claims not to share any personal information with a few exceptions which include in case of personal consent and for legal reasons..
Users’ information security. Google encrypts users’ information and offers a two level verification to their Google accounts.
The privacy policy applies to all Google products and services except fo theose with separate privacy policy of their own.
Google works with regulatory authorities to deal with privacy issues they cannot solve by themselves.
Google requires users to open up Google accounts to use some of their services such as mail, docs, calendar and groups, while for other services such as search they do not require one to have an account.
Facebook Incorporated
Facebook is an internet company founded in 2004. It is the biggest social networking service on the internet, recording half a billion people using it in 2011. Social networking is forming connections with other people in the same network and sharing information about themselves and about other people on their networks. Facebook’s privacy policy is importance here because the company handles a lot of personal information, some public while most of it is meant to be private even though in some cases, that is not so. As a social networking site, its privacy policy is always in competition with new features aimed at making the site more social, which, in some cases means compromising on the privacy of users.
Facebook’s privacy policy is largely similar to Google in structure but different in content. It mostly describes how users’ information is acquired and used, and how this information is visible on the internet. Here’s a summary of these policies:
Facebook collects information users give on sign up to the service and that which they choose to share, especially on status updates and comments. Information collected at sign up includes name, age, gender and email address. This information is used by Facebook to, for instance, show age appropriate advertisement on user’s pages.
Information shared about you by your Facebook friends is also taken into account. This may include photo tags, location tags and status update tags.
Facebook also collects information about you from applications and websites users allow to post on their wall. This information may include trends of how a user acts, what they read, their interests, their religious affiliations and so on. Users have an option of disallowing third parties from accessing their accounts.
Public information. This is information that the user chooses to keep public and the information that is always public. Users can choose some things to be public or not, such as relationship status, age and some status updates. Some information is made public by default by Facebook. This includes user’s name, profile pictures, network of friends and user name and user ID. Users can opt out of networks they do not feel comfortable being in.
Even though Facebook has an elaborate privacy policy, it can be noted that most features that may compromise on the privacy of users are opt-out features instead of being opt-in features. This means that when Facebook introduces a new feature, it is made a default to all users, whether the users want it or not. It is left to the user to disable the feature if they do not want it. Most users will however not note this and will continue using Facebook unknowingly exposing them to privacy violation (Facebook Privacy Policy, 2012).
Paypal Incorporated
PayPal is an online payment service provider. It was founded in 2000. Being the biggest online payment system it hosts very vital user information such as user’s credit or debit card numbers, transaction history, amount of money available to users at a certain point and the ability to facilitate purchase of products on the internet. PayPal’s privacy and security policy is very important to users because while Google and Facebook store personal information such as likes and dislikes of users, PayPal hosts information about the financial history of users. This is by far the most sensitive information to have on the internet. Its privacy policy is tighter than the other two companies but still has some compromising features.
PayPal collects basic information from users from sign up. Name, email address and phone number are required to open an account but to transact using PayPal, users are required to provide credit card, debit card or bank information. Security measures are also made a necessity with questions being enforced for times when a user loses a password and requires a replacement.
Transaction information is recorded when users make transactions. Information such as the users IP address is recorded and any other information that could be helpful in identifying users’ devices. This helps PayPal to know when there is a possible unauthorized transaction.
PayPal collects information about users from third parties such as credit referencing agencies to verify that the user’s information is correct as provided and that the card being used has not been reported stolen or lost. PayPal also does background checks on users and businesses to eliminate cases of fraudulent transactions.
PayPal will also conduct credit checks on consumers who owe them money and reserves the right to do constant review and in some cases close a user’s account.
PayPal will do additional verification when necessary. They may ask users to provide more information to show their linkage to the account. This occurs for several transactions that may be deemed necessary for additional verification.
PayPal will not disclose user information to third parties. The information they collect is used to improve customer service.
PRIVACY POLICY FAULTS AND VULNERABILITY TO HACKING
All organizations have policy faults now and then, but it is how the organizations manage these faults that matters. Hackers will take advantage of any vulnerability they find in the system. It is important for organizations to involve the hacker community in protecting their information and that of their consumers (Levy, 2010, p. 453). There have been a few cases of system intrusion by hackers on a system wide level and on a personal level of users.
While these three companies have had their systems’ vulnerability checked to the larger extent, there still remains some “holes” in the system. Facebook’s contacts issue was one of them. When users synchronized their smart phones to Facebook, in addition to Facebook contacts being put into the phone, the Facebook application copied all other existing contacts on the device and exported them to the user’s profile, by default. These contacts were then available to all Facebook friends who could access the user’s profile. This was a violation of privacy as users did not choose it, it was chosen for them (Epstein, 2011).
Another common feature with privacy concerns is facial recognition. It is a feature that goes through users’ photos and tags people through their facial resemblance to past photo tags and profile photos. Facebook introduced this feature as a default into their network. It was met by a lot of criticism from users since it was not an option for them but was forced on them. This feature violates users’ privacy and exposes certain groups such as children to the danger of predators stocking them on Facebook, who can now know how they look and even tell where they leave, from the help of another default feature from Facebook: Facebook places. Google learnt a lesson from this and made their facial recognition technology opt-in in their social networking service, Google plus.
Some applications on Facebook also turn out to be violating to the users who accept to use them. Due to the complicated and lengthy nature of Facebook’s privacy policy, most users do not keep track of what applications they are allowing to access their information. This has led to numerous theft of information. Even though this fact has been known for some time, Facebook has done very little in terms of regulating third party applications, only coming in to correct a problem after the damage has been done to users. The big number of Facebook users can explain why there are so many privacy issues with the service. However, most of Facebook’s privacy issues have been brought about by its constant need to advance social technology and push the boundaries of what people share on the site.
Google is not purview to privacy violations. There have been recent concerns of how Google tracks search patterns and to what extent they are willing to intrude into users’ privacy to acquire information to improve their search engine. This information, in the wrong hands could cause devastating problems to users of this service. The most recent controversy is the hack by Google on the Safari browser to monitor search patterns of the users and focus personalized advertising at the users of Apple’s Safari browser (Baker, 2012, para 2). Microsoft also reported the same was going on with their Internet Explorer browser. These are just some of the privacy violations that have been observed and there may be others underneath the systems billions of people use. There is an increase in violations of privacy by companies, causing concerns on how to regulate these giants that are exploiting the “small people” who are their subscribers.
REDUCING PRIVACY INTRUSION
We have observed that there are many sources of privacy intrusions; key among them are hackers and corporations. Most people view hackers as the biggest threat to privacy rights, however, from recent developments it is reasonable to say that corporations are the biggest exploiters of privacy as they seek to forward their business with little concern for private citizens’ right of privacy. There are several precautions that can be taken to reduce the threat of privacy violations. These include:
a) Legislation by government on how to deal with privacy intrusions. Government should put in place measures to protect its citizens’ privacy. Even though this might be a challenge with the amount of money used in lobbying by these companies, the needs of citizens ought to come first.
b) Companies use the opt-in approach. Before companies roll out new technology, they should focus their efforts to market the feature and convince users to utilize the feature. This will leave the users comfortable as they will have used it at their will. This also protects children from features that are unsuitable for them.
c) Tighter system security. For the threat from the hacking community organizations ought to invest in tighter security measures that protect their consumers from being exploited by criminal hackers.
d) Educating users on how to protect themselves. Organizations should educate users on how to protect themselves from hackers after their information. The more educated users are on who to and who not to share their information with, the less the number of privacy intrusions, companies will experience.
e) Dialogue with the hacking community. Hacker culture has seen the development of some amazing technology. As so, it should not be ignored, rather it should be embraced. If hackers, government and corporations form dialogue, there will be a certain reduced cases of hacking into user systems.
CONCLUSION
Hacking culture is a substantial issue. Hackers are emerging everyday from our institutions of higher learning with even more skills than their predecessors possessed. If the issue is not addressed soon, there will be an increased amount of security breaches associated with systems hacking. This means that even more people will be prone to the danger of their accounts being stolen and personal information being used in inappropriate ways. Dialogue will be important in increasing the number of white hat hackers and reducing the number of black hat hackers. Adoption, to some extent, of open source software by corporations will go a long way in reducing hacker related security breaches.
There has also emerged another threat to privacy rights of internet users: the internet technology companies. There has been controversy after controversy of breach of privacy rights by these companies. This needs to be addressed by the government mostly because it is its duty to protect the common man and has the authority and capability to do so.
Facebook Privacy Policy (2012). Retrieved from http://www.facebook.com/about/privacy/your-
info
Google Privacy Policy (2012). Retrieved from http://www.google.com/about/company/
Epstein, Z. (2011). Facebook stole every contact and phone number in your phone- here's how to
undo the damage. BGR. Retrieved from http://www.bgr.com/2011/08/12/facebook-stole-
every-contact-and-phone-number-in-your-phone-heres-how-to-undo-the-damage/
Baker, L. (2012). FTC Probe Google after Safari Privacy Controversy: Report. Huffington Post.
Retrieved from http://www.huffingtonpost.com/2012/03/17/ftc-google-safari-
privacy_n_1354839.html
Levy, S. (2010). Hackers: Heroes of the Computer Revolution. California: O’Reilly
