The third seminar in the Information Technology & Society series at ATLAS covered “The Dark Side of Information and Communication Technology”. To start, ATLAS Associate Director Jill Van Matre gave a brief history of web based attacks and nuisance from 1978 when the first spam message was sent to the present where spam represents 95% of all email sent. Van Matre was followed by ATLAS Director and professor of computer science John Bennett who gave the bulk of the presentation. Bennett mixed in some basic practical tips for keeping one’s identity secure and avoiding fraud online with some explanation of exactly how encryption and other data security methods work.
The lecture was attended by about 50 people with relatively few students – which was unfortunate both because 18 to 29 year olds are the most likely to have their identities stolen (29% of all identity thefts) and due to the excellent spread of free food sponsored by the Van Heyst Group. To start, Bennett gave an overview of the types of malware encountered online (e.g. adware, Trojan horse, virus, worm) as well some statistics on identity theft. Along with affecting younger people more often, which Bennett hypothesized was due to the younger generation’s “sacrifice of privacy for connectivity”, identity theft also varies significantly by geography. Identity theft is most common in Arizona with 148 thefts per 100,000 people and least common in Vermont with only 28.5 (Colorado ranks 6th with 92.5). Bennett, a victim of identity theft himself, noted that the lifetime probability of identity theft is about 1%.
On the practical side, Bennett’s recommendations included:
- If your identity is stolen be sure to report it to the three major credit agencies (Equifax, Experian, Transunion), the FTC, the Social Security Administration and the police.
- Take card style hotel keys with you when you check out because in some cases your credit card information is stored on the key.
- Never give your passwords to anyone – and if you think you might be tempted to give it out make the password obscene and disgusting such that you would be embarrassed to share it.
- Also, never write down passwords (but Bennett did concede if you need to write it down it is better to do so on paper than to store it on your computer)
The talk turned a little more theoretical as Bennett explained how encryption, a method for sending files securely over the Internet, works in applications like ecommerce. The basic principal is there are two keys that must be applied to the message for it to be readable – a secret key which only you (or really your computer) know and a public key which is known by whoever is receiving the message. Most current encryption is based on the RSA algorithm in which your secret key is a pair of very large prime numbers and your public key is the product of these two numbers (it is actually slightly more complex).
Bennett recommended considering encryption for both files on your computer and email. Without encryption, data is left open both to scammers and government eavesdropping. There is no protection of privacy – electronic or otherwise — in the constitution and almost no form of communication is guaranteed private by law, excepting conversations with clergy and some other specific professionals. If you are interested in programs for encrypting files and/or emails on your computer, visit the PGP website. Finally, Bennett touched on the expanding use of biometrics for security (e.g. fingerprint scans, retinal scans) which although unique to an individual can feel intrusive.
The ATLAS Institute Speaker Series is supported by a generous gift from Dr. Idit Caperton and daughter Anat Harel. Additional support is provided by The Van Heyst Group and Silicon Flatirons Center for Law, Technology, and Entrepreneurship. The next seminar on December 8 will be presented by CU law professor Paul Ohm and cover privacy from a legal perspective. In the meantime, I am off to Vermont where I will only talk to clergy to whom I will never mention my obscene passwords.
