The continued success of the Internet is, in many ways, dependent upon the trust that individuals, businesses, and governments place in it. For that trust to exist, user information transmitted over computer networks must be safe from thieves, hackers, and others who would gain access to and make use of sensitive information without permission.
Consumers have repeatedly shown they will not conclude commercial transactions over the Internet, unless they are confident of the security and privacy [4] of their personal information. Recent surveys by GartnerG2 and BusinessWeek/Harris suggest that 75% of U.S. Internet users fear going online for this reason, and that 70% of those who are already online harbor concerns about privacy that keep them from transacting commerce on the Internet. Yet, even as concerns about these vital issues proliferate, no single solution can suffice.
Consider privacy, where consumer expectations vary considerably, based on a number of factors. Privacy expectations for a voluntary, online commercial transaction are very different from those that accompany a demand by a government entity.
The key difference is choice. When an individual is required by law to submit his Social Security number or tax return to a government entity, that information should receive greater protection than that disclosed in a private business transaction. In the latter case, an individual is free to choose the online entity whose privacy polices match his needs. When consumers “vote with their feet,” businesses quickly take notice.
For e-commerce to flourish, businesses also need to provide personalized products and services so that consumers get what they want without suffering “information overload.” Knowing this, successful e-business marketers must gather information about the wants and needs of their customers in the same way as traditional marketers. Policymakers also must remember that online “trust” encompasses two distinct concepts: security, so that an individual’s private information will not be obtained through illegal hacking, and confidence that the private information collected for one transaction will not be used in ways the information provider did not anticipate or expect.
Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions.
Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathematical formula, modern encryption technology makes it possible to protect sensitive information with an electronic lock that bars thieves, hackers, and industrial spies.
In light of the recent tragic events of 9-11, security in all its forms (including security against cyber intrusion and attack) is more important than ever. Strong encryption technology plays a key role in such security, helping individuals, businesses, and governments protect sensitive or personal information against willful or malicious theft. Not surprisingly, then, nations have increasingly adopted policies that encourage the widespread availability of encryption tools for consumers. At the same time, they have successfully worked to permit law enforcement to access encrypted communications in certain critical instances, while rejecting calls for encryption products to be undermined through the building of “back-door” government keys.
A firewall is essentially a filter that controls access from the Internet into a computer network, blocking the entry of communications or files that are unauthorized or potentially harmful. By controlling Internet “traffic” in a network, firewalls protect individuals and organizations against unwanted intrusions, without slowing down the efficiency of the computer or network’s operations. They also limit intrusions to one part of a network from causing damage to other parts, thereby helping to prevent large-scale system shutdowns brought on by cyber attacks. Not surprisingly, then, firewalls have become a key component of computer systems today, and their architecture comprises some of the most state-of-the-art e-commerce technology available in today’s marketplace.
But, computer security, or cyber security, is more than encryption, and it requires more than a onetime fix. It is an ongoing process requiring the adoption of strong security policies, the deployment of proven cyber security software and appliances-such as antivirus, firewalls, intrusion detection, public key infrastructure (PKI), and vulnerability management, as well as encryption-and, in the case of larger organizations, the existence of trained security professionals. These professionals, in turn, must be continually retrained in order to ensure that they are able to address and combat the evolving nature of cyber threats.
Strong security tools alone, however, cannot protect users against threats in each and every instance. Dedicated hackers and criminals will always seek new ways of circumventing even the most effective security technologies. That is why it is critical that strong laws be put in place to deter such activities. In particular, where needed, laws should make it illegal to defeat, hack, or interfere with computer security measures, and penalties for these crimes should be substantial.
As is the case with copyright laws, however, strong words in a statute are not enough. Effective antihacking and computer security laws must:
- Provide deterrent civil and criminal penalties
- Be backed by vigorous enforcement by governments (including through adequate funding of such enforcement).
- Allow private parties to pursue fast and inexpensive remedies when their cyber security has been illegally breached
