The Web: Online privacy under attack

By GENE J. KOPROWSKI   |   Feb. 23, 2005 at 11:33 AM
share with facebook
share with twitter

CHICAGO, Feb. 23 (UPI) -- Personal privacy is under siege online, with employers perusing e-mail their employees send from the office desktop computer or personal digital assistant, while at home consumer computers being bombarded with spyware -- software programs from unscrupulous marketers that secretly track their patterns on the Internet.

In response, the House of Representatives is moving forward with legislation to protect consumers against some forms of cyber trespass.

"This is on the fast track," Rep. Joe Barton, R-Texas, said on the House floor late last month.

The issue of online privacy invasion is broad and complicated.

"There can be no expectation of privacy when using e-mail or IM (instant messaging) at the office -- not even with Yahoo or other public accounts," said Ted Demopoulos, a consultant and founder of Demopoulos Associates in Durham, N.H. "Anything that goes over the network can and may be monitored -- it's that simple."

Employers are intruding at the office because they are trying to limit their legal liability and manage their public reputations, experts told UPI's The Web. They do not want rogue employees sending sexually explicit, pornographic or otherwise obnoxious messages to co-workers, clients or others over the Internet from the company's domain name.

E-mail "poses a liability risk and can cause considerable damage to a company's reputation if not handled correctly," said Roger Matus, chief executive officer of Audiotrieve LLC, a maker of e-mail filters, located in Boxborough, Mass.

Matus said his company recently released a study of the e-mails seized by the Federal Energy Regulatory Commission's investigation of Enron Corp. The messages were made available by the government. About 4 percent of the Enron e-mails reviewed in the study contained offensive material and about 20 percent featured personal or private content.

"We found that one out of every 25 messages contained offensive or inappropriate content," Matus said. "Nearly one in five was personal in nature. I read many of these messages and a few of them were quite amazing."

Last week at Demo, the famed computer technology-innovation conference, Audiotrieve disclosed it was developing a product that will automatically review e-mail messages and help employers manage their liability for outbound e-mail. Right now, many IT departments at major companies manually monitor e-mail to and from employees.

"Already, 30.7 percent of companies with more than 1,000 employees employ staff to read and monitor employee e-mail," Matus said. "This is a fascinating area because employees seem to have no idea that e-mail does not provide any privacy."

There are other potent threats to online privacy as well. The First U.S. Circuit Court of Appeals in Boston last year ruled Internet Service Providers can review consumers' e-mail as long as it is in storage on a server and not in transit to a user. As a result of this case, many computer industry executives think Americans might have to change forever the way they regard privacy when it comes to the Internet.

The case, the United States vs. Councilman, concerned allegations that executives from an ISP were intercepting messages sent to consumers from Amazon.com in order to see what kinds of used books they were purchasing or seeking. An executive at the ISP was indicted, but acquitted, in the matter.

The problem of spyware secretly tracking activity on the hard-drives of consumers' home computers persists. Late last year, a court entered a preliminary injunction against Seismic Entertainment and Smartbot.net. The two firms had agreed to obey a court order requiring them to cease forcing software onto the computers of Internet users. The Federal Trade Commission now has access to the records of those alleged spyware companies, which did not admit any wrongdoing.

The Center for Democracy and Technology in Washington, D.C., is calling on Congress to pass what it calls baseline privacy protections for consumers that will stop spyware and other threats to online privacy. CDT representatives testified before Rep. Barton's panel, the House Committee on Energy and Commerce, which is considering the measure.

The bill, H.R. 29, called the Securely Protect Yourself Against Cyber Trespass Act, was approved for full-committee consideration Feb. 16 by voice vote. If passed, the bill will increase penalties for purveyors of illicit spyware.

The problem of workplace privacy -- or lack thereof -- is likely to persist, however. To protect their privacy at the office, when sending personal e-mail to family or friends, employees are starting to use their own technology.

"The only way to truly expect privacy is to use a PDA or another outside network," said John Baschab, president of Impact Innovations Group, an IT services firm in Dallas.

Some experts think PDAs do not provide a completely foolproof method, however.

"Even if they use a cell phone or a Blackberry, the employer is free to use any surveillance means at their disposal," said Randall Palm, chief technology and information security director for the Computing Technology Industry Association.

For those who cannot afford a PDA, or do not have the freedom to go offsite -- and out of range of the electronic eavesdropping equipment used by some employers on their corporate campuses -- relying on the free e-mail offered by Google and Yahoo may offer a temporary solution.

"Intercepting outside e-mail services, such as Google or Hotmail, is difficult because the IT staff must trap network traffic, instead of simply reviewing e-mail," Baschab said.

Legal experts told The Web that employees should only have a "limited expectation of privacy" if they send personal e-mails from private e-mail accounts at their workplace.

The spying by some employers is deemed to be very extensive by computer security experts.

"Monitoring software allows employers to record all activities of computer users," said Robert Siciliano, a computer-security and ID-theft expert in Boston. The software automatically delivers logs to employers via e-mail, "including e-mail sent; Web sites visited' file operations; every keystroke, username and password, and online chat conversation. Screen snapshots, at set intervals, (are) just like a surveillance camera directly pointed at the computer monitor."

--

Gene Koprowski is a 2004 Winner of a Lilly Foundation Award for journalism for this column for United Press International. He covers telecommunications technologies for UPI Science News. E-mail: sciencemail@upi.com

Related UPI Stories
Topics: Joe Barton
Trending Stories