Privacy+and+Security

= Privacy and Security = toc

How privacy and security issues affect the LIS profession
LIS professionals, by current definition, in part, provide advice and training to the public on internet use and protocol. LIS professionals have provided access to patrons under ordinary circumstances and during emergencies when library facilities were made available to refugees after Hurricane Katrina. LIS facilities which provide internet access to patrons also need to be proactive in informing patrons of phishing scams which could lead to objectionable sites or sites distributing malware, and of member-access sites which could be hacked, compromising user security. Understanding security and privacy issues is necessary in order to provide more than merely adequate service to patrons and the community, and to protect the facility's own network and site. Facilities with servers that access the internet need to be aware of the latest threats to security for their users and their users' information.

The beginning
The first computer "bug" was actually a moth stuck between the relays of Harvard's Mark II. It was noted by Naval Commander Grace Hopper on 9 September, 1945. With the development of Jon von Neumann's theory of self-replicating programs in 1949, and subsequent electrical hacks such as phone taps, the way was opened for trojans, worms and other malicious programming. At some point between 1950 and 1970, Xerox's Palo Alto research center coined the term, "worm," to describe a program that searched for non-functioning systems. 1983, the term, "computer virus," was originated by Fred Cohen, to describe a program that attacks other programs, changing either the victim program or itself, in the same way a natural virus attacks and alters body chemistry. He describes the infection of computers, and their cure, in his [|"Computer Viruses - Theory and Experiments,"] 1984. Computer security has been active since then in fighting off the ever-changing, always-increasing threat to safe computing.

At risk
Scammers hit people where they feel it the most. For some, it may be the promise of a lottery win; for others, the thought that a long-overdue government pay-out will finally be dispersed. Other scams involve phishing expeditions to discover a user's screen-name, password and security confirmation details by falsely claiming that a site will close their account unless they provide these details. Malware and computer viruses might be spread by sending out lurid file downloads such as "Bloody_Photos_Ghadhafi_Death.rar", which contained a virus that infected the computers of the people who opened it. Some scams play on sympathies by promising details of an emotional story but, instead, bring visitors to multi-step sites that request the visitor, in one of those steps, to fill out an on-line survey, gaining revenue for the spammer. All of these scams and phishing expeditions attempt to play on a user's emotions - the desire to see justice (Ghadhafi's death,) outrage at injustice ("Girl commits suicide after father posts on her Facebook page,") and personal security or well-being (" To prevent your account from closing, you will have to update it below so we will know that it's presently a used account.")

In order to protect users of facility computers, and to protect facility computers from malware and viruses, LIS professionals need to be informed of the latest scams and phishing expeditions and, to inform patrons. One way to do this is to follow security blogs, such as the Sophos blog, Naked Security, which inform followers of the latest scams going around. Print out and post the most relevant information: ex: "Do not open a file called 'Bloody_Photos_Ghadhafi_Death.rar' - it will download a virus to the computer."

For a narrower set of users, privacy is a concern. Patrons who have been, or are being, stalked; under-aged patrons; public persons wishing to have some privacy in their leisure, should be aware that Facebook, in particular, follows an "Opt-out" procedure. Instead of allowing users to choose for their activities to be publicly broadcast to friends and subscribers, Facebook and its various game applications, automatically opt users in. User activities are posted on a side-bar beside the games,giving the person's name, the game they are playing, and when that game was started. In order to opt out, a user must go into security settings and opt out of each application separately. Instead of making this information readily and easily available, Facebook users must hunt down instructions, often using search engines because there is no obvious information link over Facebook. In the end, the instructions are simple, if tedious. Go to each application in turn, click the "edit" that shows up on mouse-over, remove whatever commands are not "required" to access a favorite web game.

Servers
If a facility has a server which attaches to the internet, scammers and outright criminals bent on getting personal information may make an attack against the server. Cyber-criminals are a growing class who seek financial gain from malicious attacks. Servers have been hacked to publish the names, addresses and other information about law enforcement (Kaelin); Google has been hacked (Zetter), and a telecom operator owned by the Indian government (Saxena), among others. Personal, private information has been captured and spread, pages defaced, e-mail accounts compromised. Sometimes, hackers take advantage of a weakness in a browser or software application; other times, they surmount difficulties through intelligence, help from other hackers (Sententia), and a desire to shame, embarrass, take revenge upon, or otherwise compromise their target. Hackers blog to each other, they instruct, they make videos showing how to hack. It isn't confined to sleazy dives and shadowy corners.

Have anti-virus protection, and pay attention to the bulletins and alerts which are sent out. These companies are in the business of identifying and combating malicious attacks. Install the latest security patches as directed and, be sure they are properly installed. Do not install what you do not need - each layer in a server represents another avenue of attack. The fewer layers, the less chance of an application with a hole for hackers to get through. Disable what you do not need - FTP, publicly accessible directory function, any extensions which are not in use. Log all requests to access your server as these records may help identify suspicious activity. Study up on other steps to take in order to keep your server, your facility, and your patrons' information, secure. (Mitchell)

If an attack occurs and information is compromised, inform the people who may be affected: employees, patrons, other facilities which may be connected to your network. Advise them on ways in which they can change passwords or might secure information.

In-text references:
Kaelin, L. (2011). [|Anonymous hacks Boston Police, publishes officer details]. TechSpot: Technological News and Analysis. Zetter, K. (2010). [|Threat Level blog], Wired. Saxena, A. (2011). [|BSNL Website Hacked By Pakistan Cyber Army: Report]. Medianama. Sententia, Meus blog. (2008). [| Hacking 101: Hacking using IP address (of the victim)]. Mitchell, C. (2007). [|Securing websites]. Sophos technical paper.

Outside links:
[|Computer History Museum - a timeline of computer history] Carey, L. (2008). [|Moths to Bugs, Bugs to Viruses, What Next? Computer Viruses and Anti Virus Protection]. ezine @rticles. Sophos video: [|How to Steal an Identity] (3:27) (2009). YouTube. Eman01996. [|How to hack, For Beginners]. (6:12) (2009). YouTube.

Wellbee poster is public domain and can be found at the Center for Disease Control's [|Public Health Image Library (PHIL)] - search for number 7224. Loose Lips Might Sink Ships was sponsored by the House of Seagram's. Artist: Essarge. Published in New York by Seagram's Distiller's. Retrieved from [|CrazyWebsites].