Cyber-Crime and Privacy
In the modern world of communication and information technology, cyber-crime and privacy have become the issues that affect everybody. Individuals, organizations and governments can become victims of cyber hackers. Criminals use cyberspace for their criminal activities nationally and internationally. The Internet users are searching for applicable tools to protect their privacy using different laws and international approaches. This study aims to understand the level of cyber-criminality in order to protect digital privacy. Personal data is of great value for individuals and institutions that need protection. This research proposal contributes to the understanding of criminal law and implementation it into the practice. The problem of cyber-security and privacy has become a field of study that explores and find out techniques introduced in the fields of sociology, law, criminology, political sciences, and economics. A thesis statement: in order to increase the Internet security, find and punish cyber criminals, changes should be made in law.
Digital Networks and Cyber-Crime
Nowadays, the development of digital networks brings with it cyber-crime. More and more people and their activity move to digital networks. Because of this, the Internet users become more vulnerable to cyber-attacks. Cyber-criminals use innovative features targeting their victims. New challenges related to cyber-crime require the development of new law enforcement methods that can protect the privacy of digital data. In order to protect individuals and society from criminal behaviors, the online world should understand criminal behavior and new security risks. The task of cyber-crime security is not just to develop new laws, but also redesign of digital architectures. Technologists and policy makers should find new methods to reshape the digital network environment. In cyber space, the attacks may come from different locations that are hard to identify. Cyber-attacks can come from various locations. Clough argues that the virtual environment requires users and policy makers to rethink the way of privacy.
The research asserts that the design of hardware and software is an essential device that regulates the online activity. Architecture is one of the most powerful tools for regulating network activity. However, most people reject the attempts to regulate their freedom. Officials see the threat of cyber-security as a matter that should be ruled by the certain laws. They offer the cyber-security model that will implement the centralization of control and greater monitoring of traffic. Clough pointed out that interconnectedness; anonymity and accessibility to the information facilitate the activities of older crimes and gives the opportunity to develop new more sophisticated crimes. Currently, the government tends to prevent such crimes as economic espionage, computer fraud, misappropriation of trade secrets, and dissemination of programs. New forms of identity theft demand more powerful forms of securitization that can make digital networks more secure.
Many experts claim that it is difficult to identify whether a specific activity is a cyber-crime. For example, it is hard to differentiate illegitimate from legitimate access to data. Activities like peer-to-peer technology do not give a clear understanding whether these developments are legal or illegal. A society needs more narrow laws that identify the boundaries between legal and illegal actions. The authorities are searching for the enforcement of criminal law relating to cyber-crime. The problem is that with changing methods of cyber-activities the policy-makers do not implement new law enforcement. The legal settings of conventional law enforcement are ill-equipped because they are based on offline crime. The present system lacks online measures to protect users from illegal behaviors. A network environment has become extremely complex and it requires new approaches to protecting the Internet users from cyber-attacks. The goal of privacy and helpful measures is to minimize the risk of cyber-attacks and secure the digital environment.
An Increased Vulnerability to Cyber-Attacks
The innovation and implication of new technology make individuals and organizations more vulnerable to cyber-attacks. Nowadays, the Internet has become an integral part of economic, political, social, and cultural life that increases the vulnerability of users. Individual users, business, and government are more frequently targeted by the threatening attacks than ever before. Some observers consider that the expansion of the Internet has multiplied vulnerabilities of users, even in their homes. In the modern environment, all spheres of life became digital. Thus, people and organizations are dependent on the online information what increase accidents of cyber-attacks by individuals and criminal groups who use sophisticated methods of cyber threats. Cyber-attacks create numerous dangers to users, such as fraud, intellectual property loss, operational disruption, and others.
Despite of multiple efforts to protect the population from cyber-attacks little has been done to achieve this. Annually, the U.S. government spends billions of dollars on the protective measures that do not make a big change. Cyber-attackers are hard to identify and prevent their criminal actions. Knight argues that cyber-attacks do not only threaten individuals and organizations, they slow down the economic development of the country because cyber-criminals steel essential information. The theft of the most important technologies is one of the main risks related to cyber-attacks. This criminal activity may have further strategic implications. Technology executives become more vulnerable to modern attack strategies that ruin technological innovations. Many studies suggest that large institutions and organizations lack effective strategies concerning cyber-security. Most of them are simply throwing money to the protective measures without any positive outcomes. Companies’ owners complain that security measures reduce productivity and profit by the limited ability of employees to share information.
Cyber-attackers understand that no system can protect from their attacks. Even the most protected computer networks can be vulnerable to sophisticated cyber-attacks. The risk of cyber-attacks cannot be eliminated even by the most effective management. Clough assumes that cyber-attacks can be treated as armed attacks. New era of cyber conflicts requires new approaches and strategies that can reinforce security of users and their data. The United States has successfully developed hardware that aims to eliminate cyber-attacks. However, if the security control is poorly developed no devices can protect users from cyber-attacks. Moreover, there can be a threat that cyber-attackers can use the same hardware. Modern advances in wireless communications can become dangerous for their privacy and security without appropriate protection.
Applicable Tools to Protect Privacy
In order to protect privacy from cyber-attacks, the authorities should find applicable tools to maintain this. Any legislation that deals with cyber-security faces many challenges. The laws are designed to protect users from identity theft, but not IP loss. Yar reported that in 2012, the Senate attempted to pass Stop Online Privacy Act and Protect IP Act but more than 100 organizations and cyber-security professionals were against it. These companies, including Facebook and Google stood to halt these acts because they limited copyright content of users. Many organizations concerned that the courts would limit copyright infringement of the websites regardless of their purpose and intentions. Legislative initiatives should find more self-policing mechanisms that should educate users about their illegal activities.
The government has proposed various bills to protect users from cyber-crimes, such as, for example, Lieberman-Carper-Collins Bill and Rockefeller-Snowe Bill. They offer the private sector to collaborate with the government on developing unique standards for privacy. Many bills proposed private-sector defenses for certain kinds of cyber-attacks. Some Senators (e.g. McCain) proposed to organize a committee, which can develop comprehensive legislation to protect privacy of the users. Other policy makers proposed companies to send letters describing their cyber-security practices. For example, Rockefeller-Snowe bill would allow the president to shut down of the private Internet in case of emergency. Debates still continue because of different views and opinions of the policy makers.
Some scholars propose landowners to use reasonable care for customers’ safety. For example, banks have a duty to keep customers’ personal information confidential and secure. The absence of cyber-security reform is a serious problem that should be solved in the nearest future. It could encourage industry to define a reasonable standard of cyber-security protection. It could also reduce costs. Standards and regulations of cyber-security legislation can impact on the organizational security investment decisions. Admittedly, the cooperation between national and international can shape the cyber regulatory environment. President Obama noticed that his administration will not dictate private companies what to do in case of cyber-attacks. However, many scholars and policy makers hope that he will change his mind one day.
Public-Private Partnership for Cyber-Security
Along with risk mitigation and regulatory intervention, public-private partnership is of the greatest importance for protecting privacy of critical infrastructure. In order to prevent cyber-attacks and maintain privacy, government and the private sector should work together. The Senate Homeland Security and Governmental Affairs Committee pointed out that today private-public sector lacks joint programs for cyber-security. Yar assumes that private-public sector needs more advanced models for privacy and cyber-security. Many experts consider that private sector has more protection than a public one. For this reason, they can share information in order to provide more effective measures for better cooperation. Private organizations are usually better informed and more adaptable for cyber-attacks and protection of their networks. They are better positioned to protect their systems and users from cyber-attacks. Brenner reported that there is much confusion between public and private sectors as for the effective partnership.
The research asserts that many private firms hire consultant security firms while public organizations use only primitive actions that are not helpful in providing quality security. They need more active defense mechanism. Self-help approach is mostly implemented in private organizations. However, many authorities call for government to work more closely to better manage cyber-attacks. After a severe cyber-attack in 2007 Estonia, for example, has developed solutions a state-sponsored cyber militia to defend its networks from the cyber-attacks. Thus, states should establish organizations aimed to protecting their cyber-space using international experience and practice. Due to its long history, Estonia has much experience in defensing its country from the Soviet Union and succeeds in cyber-attacks protection. Cyber militia can be a good solution for many other countries because it acts of their own free volition. This organization consists of volunteers and has no government obligations. The United States can take similar actions in order to protect its cyber-space utilizing other countries’ experiences.
The Law of Cyber Peace
Modern cyber-attacks can be viewed as non-combatant activity that directly affects destructions and deaths. Regulatory responses to cyber-attacks, however, lack legal attention. Knight assumes that cyber-attack can be analogous to the electromagnetic pulse of a nuclear weapon. For example, an attack against the electronic power industries and telecommunications can have catastrophic consequences, almost the same as the use of power weapon. Legal framework can be an effective tool to prevent a catastrophe. Public concern about cyber-security proves that the utility of international law is a must in securing cyber-space. Most of private organizations remain outside the development of the cyber-security legislation. It creates the risk for other stakeholders. Many studies suggest that states should invest resources and extradite cyber-attackers from their countries according to their national law. The USA works with other states to eliminate the danger of cyber-attacks providing initiatives of the utility of international law.
According to Brenner, direct legal intervention has often appeared ineffective at enhancing cyber-security because of the absence of collective actions. Many nations stay outside the collective protective activity. Legal decisions should be developed in the international level in order to protect nations from a mutual enemy. The U.S. criminal statutes can implement into the development of a privacy system for managing cyber-attacks. For example, the USA criminalizes violations against malicious interference with satellites, international wire communications and radio. These actions can control cyber-attacks and promote cyber peace. The research asserts that executive order and statutes could develop instrumental decisions to better manage privacy and cyber-security. In order to keep cyber peace, criminals who violate people and organizations online should be found and punished. This practice may become the only effective strategy in combating with cyber-0crime.
The Importance of Security Policies and Practices
Cyber-attacks target computer networks, infrastructures, computer information systems, and personal computer devices. Hackers destroy, alter, or steel private information that can cause much damage for individuals, organizations, and even whole countries. Nowadays, cyber-attackers use sophisticated methods and tools in their malicious practices. Many businesses become bankrupts and go out of business. That is why it is important to develop security policies and analyze existing practices. The consequences of cyber-attacks may be as follows:
- Information theft
- Loss of confidentiality
- Loss of availability
- Loss of integrity
Cyber-attacks may occur because of insider and outsider threats. For example, dissatisfied or former employees who are experienced in a certain industry and use the same software and hardware can attack an organization and its systems. Oftentimes, they can easily do it because of insecure design or productivity errors.
Cyber-attacks can be done by individuals or groups. The aim of cyber-attacks is to get money through extortion, theft, selling exploits, and commodity market manipulations. Cyber-attacks can destroy disrupt critical power infrastructures. For example, in 2008, cyber-attackers have disrupted electrical power in the eastern part of the USA along the Atlantic Ocean including part of the Canadian territory. The research asserts that every organization has security policies but practically none of them are effective. The role of companies and organizations is to develop effective policies that can practically protect infrastructures and systems from cyber-attacks. Many studies suggest the following steps in improving security policies and practices:
- The enforcement of security strategies
- To minimize security policies making them affordable and precise
- Policies are supposed to be inclusive, e.g. they should not be very complicated
- Policy language must be online
An important factor in developing security policies is the culture of the local environment. Yar reported that when an organization has an appropriate culture of security protection, the risk for potential threat from cyber-attacks can be considerably reduced. Mutual understanding and decision making can favor organizations and their privacy. Vigilance of all employees helps to avoid malicious attacks. Unfortunately, a culture of security is often associated with managers and with every individual employee who must contribute into the organizational privacy. The reality is that the best decision for developing an effective cyber-security policy is combining management decisions with individual employee’s initiatives.
Perspectives of Cyber-Crime and Privacy
The September 11th terrorist attack was a starting point of broad discussion and developing protection against cyber-terrorist activities, cyber-crime, and cyber-war. Nowadays, from a crime perspective, cyber-crimes that were mentioned above are hard to ignore. The main motive of cyber-attackers is financial profit. While terrorist crimes are fanatical by nature. Observing cyber-crime threats, users alarm for their protection. The legislation in order to protect them should restrict their privacy. Cyber-security policies and practices have demonstrated drastic privacy restrictions. Cyber-criminals violate privacy rights of individual users and organizations. According to privacy laws, citizens in a democratic society such as the United States of America should be protected from an unauthorized access to their personal data. Privacy, in most cases, means a balance between individual rights and those of the government in providing national security.
Online privacy issues include digital rights management, anonymity maintenance, spam deterrence, and cracker disclosure rule adequacy. In the past years the number of violations of privacy rights of employees and online registrants has risen tremendously. Orr argued that because of poor regulation of Internet information, cyber-criminals steel passwords from online users. Institutions, such as the Bank of America and Choice Point, Inc., call for the U.S. government to involve the General Services Administration into the investigation of this matter. As a result, GSA provided recommendations were provided to maintain adequate protection for the safety of employees’ personal information. However, the modern reality does not guarantee 100 percent privacy for online users.
Valuable personal information often become in the hands of third parties. The information can be collected by the hidden Internet tools such as Web bugs and cookies which share information with third parties for surveillance or marketing purposes. There are controversial opinions about cookies. Many experts consider that cookies can be used by malicious users and later utilized against them. For this reason, many users do not trust web sites and they are afraid to share personal information such credit card numbers. The public surveys have indicated that many Internet users are afraid to make shopping online because they fair that their credit cards numbers can be used by other people.
Many experts consider that the government should improve its regulation and trust seals in order to protect privacy of the Internet users. Orr assumes that trust seals are designed to advance privacy for consumers through legislation, particularly through self-regulation by organizations. Different legislation acts that tend to protect privacy of the U.S. citizens are not perfect. For example, the U.S. Health Insurance Portability and Accountability Act of 1996 are considered by many users as a tool that oppresses their privacy. For example, they dislike having their online communications traffic monitored by the government. Privacy concerns enforce the government to develop the Information Ethics. Furthermore, in order to provide users’ privacy theoreticians have developed a number of complex mathematical solutions for providing better security protection over the Internet.
In spite of advances in the modern life such as information and communication technology, they may be very dangerous. The Internet users regardless of their status can become victims of cyber-criminals who aim to steel personal information and use it for their personal purposes. Thus, the issue of cyber-crime and privacy can affect everybody who uses cyber space. A probability to become a victim of cyber-criminals is very high both for individuals and organizations. Cyber-criminals use new sophisticated methods to steel information and personal data. Individuals and business owners along with government institutions need new reliable policies that can guarantee their protection and privacy. However, it is a complicated task because most of existing initiatives and acts do not work because cyber-criminals can be everywhere, even inside the company. Many experts agree that cyber-criminals should be found and punished. It could be the best way to protect the Internet security.