Your day might start out something like this: You drive to the airport, passing through several tollbooths equipped with video cameras and an E-ZPass billing system. When you get to the airport, you show your ID at the check-in counter and hand your bags over to the attendant. You then shuffle-through a security checkpoint with x-ray machines and metal detectors before boarding your plane.
When you finally arrive at Chicago's Midway airport, you retrieve your bags and catch a cab into town. But once you get to your hotel, you realize that you left your PDA in the cab—and it has your to-do list for the week and all key account information. (You shouldn't be too embarrassed, though. Security software specialist Pointsec Mobile Technologies says that 85,000 cell phones and 21,000 handheld computers were left in Chicago taxis during a six-month period last year.)
After settling in your room, you head out through the lobby for your first appointment. That's when the hotel's video surveillance network begins assembling a detailed profile of you via a system of facial-recognition algorithms.
And all of this before lunch.
IS ALL OF THIS NECESSARY?
Most people seem willing to accept any technology designed to protect them from terrorism.But the industry falls short of protecting what's become a growing reliance on mobile devices.
Market research by Frost & Sullivan suggests that corporate IT departments realize the problem, noting that "security is the biggest roadblock to adopting wireless technologies." But adding consumers into the mix seriously complicates the issue. A survey by Pointsec reveals that more than one-third of mobile products aren't protected by a password or any type of lock.
So who's stealing data from your non-secure smartphones and PDAs? The problem ranges from neighbors " piggybacking" onto an unsecured Internet wireless network to much more sophisticated and malicious security threats (Fig. 1).
A recent FBI/Computer Security Institute study revealed that insiders—company employees—commit 70% of the computer intrusions and system hacks that damage businesses, lifting data from a company's database using a handheld device like a BlackBerry. Employees easily can drag-and-drop information from a company's network onto a handheld device. However, employees also can inadvertently introduce viruses from a device to just about any unencrypted home PC, according to SecureWave, an international provider of endpoint security software.
Part of the problem in protecting valuable information stored on a company's database is controlling the influx of USB devices on home-based PCs and networks. Market analysts estimate that nearly 15 million home wireless networks exist in the U.S., and they expect this number to more than triple by 2010.
The Feds have their own problems. A new study by the Center for Democracy & Technology (CDT), "Digital Search & Seizure: Updating Privacy Protections to Keep Pace with Technology," reveals that technology is making government surveillance easier, not harder. The study also says that stronger protectionsare needed in order for people to retain their privacy.
"The government complains that new technology makes its job more difficult, but the fact is that digital technology has vastly augmented the government's powers, even without legal changes like those in the U.S. Patriot Act," says Jim Dempsey, CDT policy director and the principal author of the report (see "It's The Law... Maybe" at Drill Deeper 12377 at www.electronicdesign.com). Dempsey says Internet technology's capacity to collect and store data increases every day, as does the volume of personal information people willingly surrender to take advantage of new services.
The CDT report suggests that two popular technologies—Web-based email and location awareness— inadvertently give the government unprecedented access to personal data. But few laws on the books to protect personal business data that's sent from corporations to the wireless handhelds of executives and other employees.
There's a patchwork of proposed legislation, yet little is being done at the legislative level to control or manage these technologies. In fact, Dempsey says the gap between the law and technology widens every day. "What makes even more troubling," he says, "is most users of these new technologies don't realize they are putting their privacy in jeopardy."
Employers aren't much help, even as they attempt to enhance their security. SafeNet, a global information security firm, found in a survey that more organizations require longer or more complicated passwords and a higher frequency of password changes. Also, nearly half (47%) of the survey's total respondents have between five and 10 passwords to access business applications. Thus, the likelihood of employees writing down or forgetting a password because of its length, complexity, or frequent changes increases sharply. SafeNet also found that about a third of the employees it surveyed share their passwords.
Reprints
