Introduction
Invading the privacy of businesses, institutions, and people, social engineering creates criminal acts using telephones, illegally accessing private information via computer accounts called "hacking", stealing bank account information, as well as eavesdropping are social engineering crimes. Two types of social engineering exist, including, human and technological based (Peltier, 2010). Social engineering uses deception, manipulating people into giving them personal information including social security and bank account numbers (Halles, 2008). Social engineers use tactics to extract private information including appealing to people's vanity, authority, look, over peoples' shoulders while entering pin numbers, and eaves drop. In his article, "Mitigating the Social Engineering Threat" C. Perrin sums social engineering as:
"Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques; essentially a fancier, more technical way of lying. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim (2010)".
Monitoring Social Engineering
Hands on methods exist for securing and monitoring against criminal social engineers attempting invading personal computer information and invading user privacy. Make it a practice to store restricted, sensitive, and private information in computers sparingly. Good passwords mean not using anything personal such as pet names, birthdays, or parts of social security numbers. Assuring private Internet transmissions requires using secure transmissions such as VPN-virtual private networks (PC Magazine, 2010) and https-hypertext transfer protocol. Internet and email use opens users to invasion of privacy and requires caution. Keep information "encrypted" on mobile devices like laptops and the new computer cell phones, storing the unencrypted information elsewhere. Archive information on managed security systems protecting privacy. According to SearchSecurity.com:
"Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate (2011).
Numerous ramifications arise with social engineering attacks on privacy whether victims are people, businesses, and institutions. With identity theft, legal responsibilities may accrue as well as loss of reputation and trust, and denial of services. The cost to remedy private information attacks remains an expensive ordeal.
Technology Secures Privacy
Using the Internet often requires filling out applications to access web sites like Face Book and other social networking options growing more popular as the global community continues adding to the millions of web users. Lengthy privacy policies provide a false sense of security about the information asked for by web sites and given by the user. "These statements are rarely read, are often confusing, and can’t hope to capture the complexity of modern data-handling practices. As a result, experts say, consumers typically have little meaningful choice about the online use of their personal information — whether their birth dates, addresses, credit card numbers, or Web-browsing habits", writes David Cherian in his article, "IBM Survey Says Software Development is All About Mobile Device in the Future (2010).
As fast as information technology advances so does the ability of thieves invading computers and stealing private information from people, businesses, and institutions. In the 21st century, according to Ted Cate of the U.S. Technology and Privacy Advisory Committee, safeguarding technical privacy, "…is enhanced by strong technological protections (such as encryption, firewalls, passwords, and audit trails), but it is also a product of training, personnel screening, oversight, and enforcement as well (2004)".
Using "ciphertext", sensitive and private information changes into a language no one readily understands. According to Search Security, "Encryption/decryption is especially important in wireless communications. This is because wireless circuits are easier to tap than their hard-wired counter parts. Nevertheless, encryption/decryption is a good idea when carrying out any kind of sensitive transaction, such as a credit-card purchase
online, or the discussion of a company secret between different departments in the organization. The stronger the cipher -- that is, the harder it is for unauthorized people to break it -- the better, in general. However, as the strength of encryption/decryption increases, so does the cost (2011)".
In computer use, technological software allows opting to hide and thus, protect information by encryption code. Encryption and decryption (changing the information back to its original form) keeps information such as credit card purchases or even corporate secrets between departments from unauthorized eyes. With this kind of technical protection of private information, the more difficult the cipher (code), the more difficult breaking the code becomes, and the more difficult the design of the encryption, the more costly to purchase.
The firewall program protects unwanted intrusion into a computer while accessing the Internet. Firewalls either, come already built into computers or they install using software technology. Some firewall systems allow setting particular parameters that filter out everything unless programmed to allow or deny access. Passwords are software systems applied to programs allowing users protection against anyone accessing information without knowledge of the password.
According to Webopedia, an audit trail keeps a record "showing who has accessed a computer system and what operations he or she has performed during a given period of time (2011)". Used in accounting programs, this protects information by allowing viewing whom, and what time accessing accounts happen. It also allows restoring lost information.
Meant for privacy protection of Internet user, privacy protection software limits information available to third parties. One type privacy software conceals individual computer IP address ensuring protection from identity theft. Other software erases Internet usage as well as hides users (Wallach, 2009).
Future Trends
Advances in technology providing protection against theft of private information necessary for setting up web site accounts and using social networking sites like Twitter, Face Book, and My Space, continue developing in technology. "Privacy threats go hand in hand with living in the digital age," writes Adam Christensen, Social Media Manager of the website, SustainableCitiesCollective.com. Entire computer files and disk encryption offers one of the best defenses against hacking into private and sensitive information in personal, company, and institution records.
In his article, "Cybersecurity: Building Safeguarding Systems Based on Privacy-Protecting Technologies", Christensen advises Internet users provide as little personal information as possible when filling out membership applications by giving "information in small, controllable pieces–just enough to get things done but not a byte more (2011)".
Using electronic communications and media ever increasingly, the more people continue revealing private information with no way to control who sees it. The future of safeguarding the increasingly used information technology in the 21st century brings new protective programming system designs. One such program make it "possible to build Web services and electronic ID systems that get just enough information to authenticate peoples' identities, qualifications and permissions but no more (Christensen, 2011).
Testing of this state-of-the art privacy-protection-system provides participants with electronic IDs kept on a smart card or cell phone. Using the ID determines and confirms the user identity without giving his or her name or other private information. The idea of this system called Attribute Based Credentials can protect underage computer users trying to access chat with monitoring through the ID if he or she is age appropriate. This is just one use proposed for this emerging technology.
Long-range goals of the privacy protection system look to similar methods in protecting national security access. The focus with ID software, "…is providing just enough information to authenticate peoples’ identities, qualifications and permissions–but no more (Christensen, 2011)".
Using the new smart phones for accessing the Internet requires privacy protection software built inside the small computers. Depending on the phone type, the user programs the security options for blocking information while making calls, accessing websites, and storing information. As the industry continues developing even more complex "smart phone", newer and more effective privacy options continue making this information technology safer for privacy.
According to Technical Trends website article, "Kaspersky MS9 secure date in Smartphone" if a smart phone containing confidential data becomes lost or stolen, the newest Kaspersky Mobile Security 9 allows keeps it private and the GPS (Global Positioning System) locates the device (2011).
Companies Leading Trends
Privacy-protection systems including the Attribute-Based Credentials ID program technology comes from IBM and Microsoft (Christensen, 2011). IBM and other leaders in the computer industry continue putting focus on mobile technology (Cherian, 2010) with security applications protecting the privacy of users. The true trend leaders in privacy and technology come from research in some of the nation's top higher education institutions.
Stanford Law School Center for Internet and Society continues research, emulating humans using voice and animation technology. The design creates a virtual person explaining the user privacy implications for entering information for example, in a personal health record. The "nurse" explains how the implications and trade offs from sharing the private data with doctors, family members, druggists, and insurance companies. According to the research, humans respond more to human images (Cherian, 2010).
Looking at privacy issues and the web, Princeton computer science looks to re-engineer web browsing for "greater privacy. Altering the software design of the browser with a specially designed window, prevent tracking user activity. The research design moves more toward a "mainstream" anonymous browsing mode. Other nationwide research uses human behavior and perception for improving online privacy. The overwhelming task requires approaching the situation from different perspectives (Cherian, 2010).
Scientists at Carnegie Mellon University continue developing 'privacy nudges' by accessing computer science methods for learning, scrutinizing computer texting methods, processing natural languages, and behavior economics. According to Cherian, "The goal is to design software that essentially sits over your shoulder and provides real-time reminders — short on-screen messages — that the information you’re about to send has privacy implications (2010)".
Seemingly innocent but a classic example of disclosing information used by marketing profilers and potential identity thieves is typing in birthdays on social networking site like Face Book hoping to receive many wishes for the day. Developing software able to "advise" a computer user "before" the birthday entry provides a better chance preventing this type of privacy glitch with an on-screen mild alert nudge (Cherian, 2010).
Regulatory Issues
Internet use providing information as terms for accessing web sites continues causing concerns for people, businesses, and institutions and the U.S. Department of Commerce recognizes the growing problem. According to policymakers of the National Telecommunications and Information Administration, the two ongoing options for pro-active measures to curb this trend include "rules and tools". Enacting and imposing new standards calls for U.S. Congress and the Federal Trade Commission (FTC) regulating the use of Internet user's personal information such as banning "click stream", or web browsing history "in employment or health insurance decisions (Cherian, 2010).
Free flow of Internet information collecting and analyzing online data, according to policy experts in the regulatory field, becomes more an economic imperative as evolution of the Internet proceeds. Lawmakers want to keep a balance on protecting privacy yet, allow the economic benefits the web affords entrepreneurs.
Particular to the Internet, the legal impact on privacy and information technology (IT) in the 21st century, requires ongoing and stricter legislation. The dynamics of information technology using computers in public locations, home, and office requires security awareness affecting every person, no matter the age. The legal system itself faces new challenges in the IT spectrum. According to, "The Future of Law: Facing The Challenges of Information Technology:"
"Just as has always been the case in many hi-tech industries, research and development initiatives will become far more important in the legal world, not just for commercial organizations seeking to achieve competitive advantage and good practice in their sectors but also in Government and in the court system, where it will be increasingly important for IT to be (and be seen to be) used efficiently, productively, and competitively too (in international terms) (Susskind, 1996)".
Understanding the characteristics of the dangers arising from Internet use and awareness of the legal boundaries, protecting privacy, protecting children, protecting Internet copyrights, and everyone's identity, provides proactive measures for safeguarding Internet use. Familiarizing and understanding IT laws as well as educating people about making computer use secure according to Securitysearch.com, "Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate (2011)".
According to Elena S.T. Villamor's article, "Social Engineering in Today's Society" education and preparedness supersede any existing law. Politicians continue debating the issue and, in particular, the lack of Internet social engineering laws against stealing private information. She lists three laws meant to deter social engineering include:
The CDA or The Communications Decency Act of 1996 declaring the illegality of sexually explicit stuff.
The COPA or The Child Online Protection Act of 1998 which became the more definite version of the CDA but, just like its predecessor, it was also deemed unconstitutional.
The CIPA or Children’s Internet Protection Act of 2000 dictates that libraries and schools that receive federal technology funds should install software that blocks pornography on their computers (2008).
"Social engineering has, indeed, evolved and its effect can now be felt by everyone. Only education and law would promote preparedness and security among citizens. So it should be every citizen’s goal to be aware of both tools", says Villamor (2008).
The legal impact on IT protects, defines, and outlines the future of computer safety and using IT within the boundaries of the law. Anywhere computer use dominates, the ongoing need calls for understanding the rules and regulations protecting financial, medical, and personal information of individuals, families, businesses, and even nations.
Global Implications
Basic to Internet use globally, are privacy concerns. America's copyright laws (often abused by Internet users) are the same as Britain. The issue focus varies from nation to nation according to Larry Greenmeir in his Scientific American article, "International Report: What Impact Is Technology Having on Privacy (2008)". Applying old privacy laws, no matter what part of the world with citizens using the Internet, do not fit modern technology. China and Japan already have laws controlling social networking "scams" like phishing. Leading the concern in the Middle East, the elite want privacy laws enacted.
Conclusion
Invading the privacy of businesses, institutions, and people, social engineering creates criminal acts using telephones, illegally accessing private information via computer accounts called "hacking", stealing bank account information, as well as eavesdropping are social engineering crimes. Hands on methods exist for securing and monitoring against criminal social engineers attempting invading personal computer information and invading user privacy.
Numerous ramifications arise with social engineering attacks on privacy whether victims are people, businesses, and institutions. Using the Internet often requires filling out applications to access web sites like Face Book and other social networking options growing more popular as the global community continues adding to the millions of web users. As fast as information technology advances so does the ability of thieves invading computers and stealing private information from people, businesses, and institutions. Using "ciphertext", sensitive and private information changes into a language no one readily understands. The firewall program protects unwanted intrusion into a computer while accessing the Internet. Meant for privacy protection of Internet user, privacy protection software limits information available to third parties.
In his article, "Cybersecurity: Building Safeguarding Systems Based on Privacy-Protecting Technologies", Christensen advises Internet users provide as little personal information as possible when filling out membership applications by giving "information in small, controllable pieces–just enough to get things done but not a byte more (2011)". Using electronic communications and media ever increasingly, the more people continue revealing private information with no way to control who sees it.
Using the new smart phones for accessing the Internet requires privacy protection software built inside the small computers. Long-range goals of the privacy protection system look to similar methods in protecting national security access. According to Technical Trends website article, "Kaspersky MS9 secure date in Smartphone" if a smart phone containing confidential data becomes lost or stolen, the newest Kaspersky Mobile Security 9 allows keeps it private and the GPS (Global Positioning System) locates the device (2011).
The true trend leaders in privacy and technology come from research in some of the nation's top higher education institutions. Stanford Law School Center for Internet and Society continues research, emulating humans using voice and animation technology. Looking at privacy issues and the web, Princeton computer science looks to re-engineer web browsing for "greater privacy. Scientists at Carnegie Mellon University continue developing 'privacy nudges' by accessing computer science methods for learning, scrutinizing computer texting methods, processing natural languages, and behavior economics.
The legal impact on IT protects, defines, and outlines the future of computer safety and using IT within the boundaries of the law. Basic to Internet use globally, are privacy concerns.
References
Business Law Expertise (2011). Information technology–protecting IT. Retrieved March 2011
from http://www.epiphanylaw.com/business-law/protect-your-business/information-technology-protecting-it.html
Cate, F. (2004). Safeguarding privacy in the fight against terrorism. Technology and Privacy
Advisory Committee: Retrieved March 2011 from
http://www.fredhcate.com/Publications/TAPAC_Report%20Final.pdf
Cherian, D. (2010). IBM survey says software development is all about mobile device in the
future. New York Times. Retrieved March 2011
http://www.groundreport.com/Business/IBM-Survey-Says-Software-Development-Is-All-About-/2930123
Christensen, A. (2011). Cybersecurity: Building safeguarding systems based on privacy-
protecting technologies. Retrieved March 2011 from
http://sustainablecitiescollective.com/adamchristensen/20103/cybersecurity-how-give-just-right-amount-e-information
Greenemeir, L. (2008). International report: What impact is technology having on privacy
around the world. Scientific American. Retrieved March 2011 from
http://www.scientificamerican.com/article.cfm?id=international-report-technology
Hallas, J. (2008). Key elements of social engineering. The Privacy Commission. Retrieved
March 2011 from
http://www.privacycom.org/content/social-engineering/key-elements-social-engineering
High Beam Research. (2011). Authentication deviceDevice offers security for MCU-based
systems. Product News Network. Retrieved March 2011 from
http://www.highbeam.com/doc/1G1-250983526.html?key=01-42160D517E1A11691A02011A04684B2E224E324D3417295C30420B61651B617F137019731B7B1D6B39
Lohr, S. (2010). Redrawing the route to online privacy.Retrieved March 2011 from
http://www.nytimes.com/2010/02/28/technology/internet/28unbox.html
PC Magazine, (2011). Definition of vpn. Retrieved March 2011 from
http://www.pcmag.com/encyclopedia_term/0,2542,t%3DVPN&i%3D54123,00.asp
Peltier, T.R. (2011).Social Engineering: Concepts and solutions. Retrieved March 2011 from
http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm
Perrin, C. (2010).Mitigating the social engineering threat.
Retrieved March 2011 from
http://www.techrepublic.com/blog/security/mitigating-the-social-engineering-threat/3443
Robinson, S. (2003). U.S. information security law. Part I.
Retrieved March 2011 from
http://www.symantec.com/connect/articles/us-information-security-law-part-1
SearchSecurity.com (2011). Social engineering.
Retrieved March 2011 from
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci531120,00.html
Susskind, R. (1996). The future of law: Facing the challenges of information technology. Oxford
University Press © 1996. Retrieved March 2011 from
http://library.books24x7.com.ezproxy1.apus.edu/book/id_2145/viewer.asp?bookid=2145&chunkid=441487686
Technology Trends (2011). Kaspersky MS9 secure date in Smartphone.
Retrieved March 2011 from
http://www.trendingtech.info/technology/kaspersky-ms9-secure-data-in-smartphone/
Villamor, E.S.T., (2008). Social engineering in today's society. Retrieved March 2011 from
http://socyberty.com/sociology/social-engineering-in-today%E2%80%99s-society/
Wallach, D. (2009). Internet privacy protection software. Retrieved March 2011 from
http://www.apgpro.com/
Webopedia. (2011). Retrieved March 2011 from
http://www.webopedia.com/TERM/A/audit_trail.html