Privacy is primarily a personal concern; it is the assurance to individuals that personal information will be used properly and protected against improper access. Security is primarily a business concern; it is a system of safeguards designed to protect a computer system and data from deliberate or accidental damage or access by unauthorized persons.
Concern has been growing about possible invasion of privacy by computer misuse. Computer technology may include methods of information use that outstrip the current ethical and legal standards for their use. Even so, there are some privacy laws: (1) The Fair Credit Reporting Act, passed in 1970, gives individuals the right to gain access to records kept about them by credit bureaus—and to challenge the records that may be inaccurate. (2) The Freedom of Information Act, also passed in 1970, gives ordinary people the right to have access to data about them gathered by federal agencies. This sometimes requires a lawsuit, may be time-consuming, and may result in heavily censored photocopies. (3) The Federal Privacy Act, passed in 1974, prohibits secret personal files, stipulates that individuals must be allowed to know the content and use of files about them, and extends the restrictions beyond government agencies to include private contractors dealing with the government. Government organizations may not launch "fishing expeditions" to collect data about individuals; they must justify the effort.
Three problems that might compromise computer security are: (1) Computer crime—use of computers to steal money, goods, information, or computer time. (2) Piracy—stealing or unauthorized copying of programs or software. [3) Industrial espionage—stealing of computer industry trade secrets.
Computer crime includes various activities; among them are the following: (1) Theft of computer time ranges from the trivial—people using their employers' computers for games or personal use—to the serious, such as people using their employers computers to operate their own businesses. (2) Manipulation of computer programs or data ranges from changing grades in college computer files to altering important instructions in a business system for personal gain. Two tricks of data manipulation are the Trojan Horse, which is adding instructions to someone else's program so it works normally but also does additional illegal things, and data diddling in which data is modified before it goes into a computer file. (3) Theft of data includes using microcomputers to break into large data banks and data bases. It also includes embezzlement; one trick, called the salami method, is to take from many acounts only a few cents ("slices") that will not be missed but that will add up to quite a large sum.
Piracy is illegal copying of software. It includes the copying of commercially developed software by private individuals, who give or sell copies to their friends. Many manufacturers build in software protection codes to prevent duplication, but these codes can be cracked. Piracy also describes the activity of programmers who steal programs they write for their employers. Programs legally belong to the employers of the programmers who develop them.
The U.S. Supreme Court has ruled that software can be patented. The Copyright Act of 1976 states that flowcharts, source code, and object code are copyrightable.
Shareware is software such as word processors, spreadsheets, and the like, that people may purchchase for a very small fee (for example, $5). If they like it, they can send the author more money for it, which entitles the buyers to updates and other information.
Industrial espionage is the misappropriation of company trade secrets, either by theft or by more subtle means. Legitimate ways for a business to gather intelligence include getting reports from its sales force as well as from published sources about the competition. However, photographing a competitor's factory layout or breaking into another company's data bases is espionage.
Copying of software is unfortunately widespread, but it is unethical because software writers are cheated out of the rewards they deserve for their work. Moreover, software manufacturers are forced to charge higher prices for the products they do sell.
Passes and passwords are two security measures to prevent unauthorized computer access. A pass, such as a badge or a card, perhaps with magnetized coding, may be required of authorized employers by computer room security guards. The new field of biometrics—the measurement and use of individual characteristics such as fingerprints as unique identifiers—may provide new forms of identification systems. Every computer system also should require special passwords—secret words or numbers that must be keyed into the system before it will operate. Passwords should not be obvious, should be at least six characters long, and should be changed randomly and frequently.
Technical controls can improve security against unauthorized system entry: (1) Security dial-back devices, which call back the caller, assuming the correct password has been submitted, and connect him or her to the computer, may eliminate the problems of access by former employees and by hackers. Hackers used to mean "computer enthusiasts" but now seems to apply to people who invade other people's files and data bases. (2) Encryption devices scramble or encode data sent over telecommunications lines so it can be decoded only by an authorized person. The Data Encryption Standard (DES), endorsed by the American National Standards Institute, is one such code. (3) Some software has built-in access restrictions to limit users to certain parts of a program. (4) Software may have a user profile— information about regular users, such as job, budget number and access privileges, which can be checked if there is a problem. (5) Such software can also provide an audit trail—a means by which audi-1 tors can see who has had access to what parts of the data.
Text 7.