Perspective: Insecurity in the digital world

perspective More and more, we are going paperless, with all sorts of information stored electronically.

Of course, there are many advantages to maintaining information in electronic form. But this column is not about the favorable aspects of electronic data retention.

Rather, I want to examine what's become the soft underbelly of the digital world. I am talking about you, your private data, and how easily that data can go missing or can be used against you.

Sure, we all hear about potential privacy and security breaches in the abstract. This, however, is not an academic ivory tower exercise. Your personally identifiable information is vulnerable here and now. Let's consider two extremely recent examples to drive the point home.

In the United Kingdom, two computer disks containing personally identifiable details on all families in the country with children under 16 have disappeared. As a consequence, the names, addresses, dates of birth, bank account details and national insurance numbers on 25 million people on the two disks are unaccounted for. While no fraudulent or criminal activity has been detected yet, with respect to this vast array of missing data, time will tell whether the information has fallen into the wrong hands.

How did this happen? Apparently, the disks were sent from one government office to another, in a package that was not recorded or registered. That inspires confidence, doesn't it?

This was not some sort of stealth operation designed to penetrate electronically the inner sanctum of sensitive databases. Rather, the disks containing the information simply were sent through a governmental postal system and have not been seen since, more than a month later.

Thus, as governments and businesses gather increasingly more personally identifiable data on individuals, we are reminded of how easily that information literally can walk out the door without proper oversight and protection.

Of course, stealth security breaches also occur, as demonstrated by very recent attacks. The first such attack was directed at more than 400 people at financial institutions. Each of them was sent a individually tailored e-mail that claimed to be a complaint from the Department of Justice.

The second attack occurred just hours later. This one claimed to be from the Better Business Bureau. The true concern of these attacks is that the e-mails from both included malicious attachments that can enable remote access to a person's computer. With such access, personal and sensitive information of the computer user can be compromised.

These types of attacks, by their nature, are somewhat more difficult to uncover than mass phishing attacks, precisely because they are directed to the individual names of recipients. Social-networking sites can provide sufficient identification of people to whom perpetrators can direct these attacks.

Governments and businesses must do their very best to safeguard personally identifiable information of citizens and customers. Yet, even with best efforts, not all mistakes and breaches can be prevented. We truly are living in an age of digital insecurity.

Biography
Eric J. Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual-property disputes. To receive his weekly columns, send an e-mail to ejsinrod@duanemorris.com with "Subscribe" in the subject line. This column is prepared and published for informational purposes only, and it should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

More Perspectives

More from News.com on this story's topics

Security threats

Create an email alert | RSS feed

Government

Create an email alert | RSS feed

See more CNET content tagged:
insecurity, personally identifiable information, attack, e-mail, security