The Crazy Business of Internet Peeping, Privacy, and Anonymity
By Royal Van Horn
Illustration © 1998 by Mario Noche
|
||
The Crazy Business of Internet Peeping, Privacy, and Anonymity By Royal Van Horn Illustration © 1998 by Mario Noche | ||
I HAVE BEEN told that the same people who make radar guns for the police department make radar detectors. This way, they can establish a sort of leapfrog marketing plan. Develop a new laser gun for speed traps, then develop a new laser gun detector for drivers, then another new gun, then another new detector, and so on. Unfortunately, a similar craziness seems to be infecting the Internet with regard to "peeping" software, your privacy, and your anonymity.
New peeping software takes several forms and can be used on a network or just to monitor a particular computer. I recently received an e-mail forwarded from someone I don't even know about two programs from Computer Software Services in Boca Raton, Florida. The two programs were E-mail Plus and Screen Capture. Once installed on any computer, E-mail Plus hides inside the computer and sends an exact copy of any incoming or outgoing e-mail or any other text to wherever you want it to go, presumably to your own computer. Screen Capture is like a remote surveillance camera for your computer. Once installed, it also hides and silently takes a picture of the computer screen every so many seconds. When allocated 50 MB of disk space, Screen Capture can record screens every 30 seconds for about 40 hours of computer use.
Here are some users' comments that were included in the e-mail promotion. "I recently purchased the online version of this software from you because I wanted to know if my husband was cheating on me. Sure enough, he was. I got the proof I needed in less than 24 hours." "My two daughters are 8 and 10 and love to get on the Internet. I do not always have the time to look over their shoulders, so now I feel reassured that even though I cannot be there every minute, I know every minute what they have been doing." "Helps me keep my employees honest and on task." These are just three examples of how the program might be used, but it's easy to envision others.
Peeping can also be done on a grander scale. The 10 July 2000 issue of Network World ran a lengthy article titled "Peeping Tools: Nine Tools That Can Snoop on Your Employees." All the tools reviewed operate in a network environment, and most are designed for Microsoft Windows and NT environments. The tools can do such things as look for objectionable file types on all the disk drives on all the computers on your network. An example of this type of peeping tool is Antigame Plus. Currently, this software can detect 10,850 different games and either remove them automatically or alert the system administrator to their presence.
Another powerful network peeping tool is Superscout, sold by a company called Surf Control. Superscout can be used to track every website a user visits. It can also block access to whatever are deemed to be objectionable sites, such as "adult" sites. Like most such software, it can send the system administrator a message via e-mail whenever a user visits a site classified in an objectionable category. Or it can simply block access to such sites. Surf Control has a subscription service, so you don't even have to worry about classifying websites into categories: the producers will do it for you. If you subscribe to Surf Control's Web4Business site listing, you can even allow users to visit, say, all education sites but block access to business sites, sports sites, music sites, and so on. This is an industry-specific list, so that an automotive company, for example, could block access to any sites associated with other industries.
An example of a third variety of peeping software is Message Inspector from Elron Software. The program examines all network traffic, looking for offending words or file types. For example, the software could watch for words that are sexually explicit or that relate to sports, gambling, drug trafficking, or any other activity you might wish to clamp down on. Once an offending message is encountered, the software can either block the message, simply and silently log the message, or send it to a supervisor for approval and only then deliver the message as if no one had ever received a copy. The software can also watch for objectionable file types such as audio files.
While on this topic, I should also mention that even if your desktop computer and local network are free of peeping tools, you are still not entirely anonymous. Every time you visit a website, the computers at that site can and often do collect information about you. Minimally, a website can find out the time of day in your city (and thus time zone/region), the kind of computer you are using, your IP address, your e-mail address, and the address and location of the person who owns your domain name, in my case the University of North Florida. Knowing these things implies that the remote website also knows where I work, my work address, my work phone number, and so on. Knowing this much information about me, a person could go to my university's website and find out additional information.
The fact that others know so much information about you is not necessarily bad. For one thing, it allows you to have a custom interface at a remote website, and it allows remote websites to send you information and to offer you promotions that are more likely to appeal to you. This is called "targeted marketing," which may be an improvement on "mass marketing."
Also on the horizon are cell phones that know within 30 feet where you are at any given time. Your cell phone company already knows to which local cell phone tower you are usually connected. New cell phones will soon have embedded GPS (global positioning system) chips that enable this new "track the whereabouts of the user" feature. If you use a cell phone, in a year or so you can expect to get e-mail messages that read something like, "Did you know that there's a Baskin-Robbins ice cream parlor just a block from where you live? Here is a certificate for a free single-scoop cone at your neighborhood store, located in the such-and-such shopping center." Obviously, if they know where your cell phone is at 3 a.m., they can be pretty sure where you are spending the night!
AS YOU can easily see, Big Brother might indeed be watching. But what can you do about it? You might want to consider using an "anonymizer." An anonymizer is a website that offers a variety of services, but the most common is masking your Internet address and the Internet address of the websites you visit. In this way, the remote website cannot find out personal information about you, and your boss can't track the websites you are visiting. In other words, you can surf the Web anonymously.
A well-developed and full-featured anonymizer, such as http://www.anonymizer.com, also offers a variety of other services. For example, you can arrange for anonymous Internet Relay Chat (IRC), anonymous e-mail, and anonymous telephony and video conferencing. This last feature would allow a user to visit a porn site that offered live streaming video pornography without being detected. At the high end of services provided by an anonymizer is a subscription service usually called "secure tunneling." This is CIA-strength privacy. With secure tunneling, outgoing information is encrypted and travels out of your computer in a way that is difficult to intercept. Your message is then stored on a remote server in encrypted form so that it is nearly impossible to read. When your intended recipient picks up e-mail from the server, it is unencrypted, and the original file is destroyed.
I suspect that we have a few students in our high schools who know about anonymizers and use them to reach websites that are normally blocked by the school's "child guard" Internet-blocking software. Of course, somebody might be smart enough to block access to websites that offer anonymizer services. (That's a hint!)
If you are really concerned about your privacy, you should also know how your computer deletes files from your hard drive. Whenever you trash or recycle a file, the file isn't gone. Instead, it is simply placed in another folder called trash or recycle. When you empty the trash or recycle folder, the file is still not destroyed. Rather, the pointer to it on the disk drive's directory track is deleted. This lets the computer know that the next time it needs some drive space it can write over the space where the file you "deleted" still resides.
Therein lies the problem. For example, suppose you're given a new computer by your computer department. You delete all the files on your old computer and turn it in. Although the disk drive's directory doesn't know where your old files are, they are nonetheless still there. Furthermore, anyone with a disk utility program that can rebuild damaged drives can reconstruct your hard drive's directory information and thus "reclaim" your files. To eliminate this potential privacy problem, you can either do a low-level formatting of the drive or use a "file shredding" utility that automatically writes gibberish over the files you delete. If you are a teacher or professor with a lot of unit or semester tests on your old drive, I suspect you might have cause to worry -- especially if you have some computer-savvy students who could conceivably get their hands on your hand-me-down computer.
Personally and professionally, I find this whole business revolting. I am fortunate to work in a university environment where privacy, "freedom of speech," and unfettered Internet access are pretty much givens. Others may be less fortunate. I was prompted to write this column after learning of a large school system with a district policy that faculty, staff, and student e-mail can and will be monitored or read. This district's policy also forbids employees from using school e-mail for personal business. I guess it's okay to phone home, but it's not okay to e-mail home.
I recommend that teachers in such school districts or in districts that use "peeping" software work through their local unions to adopt a district policy that ensures the right to privacy. Teachers who have lost the right to e-mail privacy should make getting it back a top priority!
In the end, e-mail should be just like the U.S. mail. It should be governed by the same rules and conventions. People should not be able to electronically "steam open" your mail and read it. The argument that, since e-mail runs on the district's network and servers, the district has the right to read your mail is absurd. It would be akin to the U.S. Postal Service arguing that, since your mail is hauled in its trucks, its employees are entitled to read it.
A final issue is the kind of behavior that adults in a school model for their students. Obviously, modeling a policy that says, "I will respect your privacy, and I expect you to respect mine" is the best -- and perhaps the only -- ethical and practical stance to take.
PDK Home | Site Map
Kappan Professional
Journal
Last updated 9 November 2000
URL: http://www.pdkintl.org/kappan/kvan0011.htm
Copyright 2000 Phi
Delta Kappa International