MISUSE OF INFORMATION

Organisations gather information from a wide variety of sources including employees, suppliers, customers and competitors.  When information is voluntarily provided to an organisation, it is usually for a specific purpose, e.g. for hospitals, clinics, insurance agencies etc.

Measures should therefore be in place to ensure that information is not misused. However, security breaches are common.  Also, the use of information for purposes other than that which it was originally intended for is also common.  Some countries have legislation that seeks to protect individuals from the potential misuse of information, such as:

1. Information should be used only for the purpose for which it was provided

2. The individual has the right to examine the contents of any personal record representing the individual.

3. The information must be accurate.

4. Security measures must be put into place to protect information.

5. The privacy of the individual must be protected.

COMPUTER CRIMES

Computers have given employees new tools that makes their jobs easier and allowed them to do things that was not possible before.  Unfortunately, this is also true for criminals. 

Defn: A computer crime is any illegal action where the data on a computer is accessed without permission.

This access doesn't have to result in loss of data or even data modifications. The worst computer crime occurs when there are no indications that data was accessed. Computer crime is often committed by hackers and crackers,  but increasingly organized crime groups have realized the relative ease of stealing data with relative low-level of risk.

Defn: A hacker is a person who breaks into computers and computer networks, either for profit or just to prove that they can.

Defn: A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs.

Computer crimes include the following:

1. Unauthorised Access - This usually involves 'hacking' or 'cracking'.   Some hackers see their activities as a form of game-playing, where they try to match their skills against other hackers,  others have more destructive intentions such as breaking into an organisation's computer system  to commit acts like 'electronic vandalism' (e.g. deleting files, corrupting software, and changing critical data). 

2. Electronic Eavesdropping - This is the use of electronic devices to monitor electronic communications between 2 or more groups without permission from either group.  It includes computer data communications, voice, fax, landlines and mobile phones (e.g. the wire-tapping fiasco).  This results in invasion of the privacy of individuals and organisations.

3. Industrial Espionage - Occurs when an organisation tries to gain an advantage on their competitors by illegally gaining access to information about marketing strategies, research & development, expansion plans etc.  In the past, this was done by break-ins, illegal photograhing of documents and insiders passing out information.  Now it can be acheived by hacking into the organisation's databases and viewing the informaiton.

4. Surveillance - Computer surveillance involves the use of technology to gather information from the user and from the computer without the user's knowledge.  This can result in : i. loss of privacy of the user, ii. lack of security and iii. misuse of information (usually for monetary gain).  There are several techniques for surveillance:

a. Monitoring with utility software - all data that passes in and out of a network  or an individual's computer can be monitored. This is also known as 'packet sniffing', where a packet is the message being checked.  Messages can be monitored by utility software (such as Packet Analyzer)or by using a computer on a network which can observe all packets passing through the network.

b. Hardware devices - by use of devices called 'bugs' or a 'keystroke logger' which is implanted into a keyboard.

c. Monitoring from a distance - done by the use of commercially available equipment which can receive and process the radiation emittedby the monitor.  Data being displayed on the screen at the moment can then be observed without the knowledge of the user.

5. Copyright and Piracy

Defn: Copyright is the name given to the protection law of the rights of the person(s) responsible for creating items such as text, a piece of music, a painting or a computer program. 

Consider the application Microsoft Word, which was written and improved by hundreds of programmers.  If someone else were to copy the program code or steal it, it would be both unfair and illegal. A copyright law (enforced by the Intellectual Properties Affairs office in a  country) would make it a criminal offence to be caught copying or stealing software. 

Defn: Software piracy is the theft of computer programs and the unauthorised distribution and use of these programs.

The main types of piracy include:

a. Copying software (and its packaging) to look like the original product

b. Copying and selling recordable CD-ROMs that contained pirated software

c. Downloading software from the Internet

d. Use of software on two or more computers on a network if the license does not allow it.

6. Propaganda - Propaganda is the manipulation of public opinion. It is generally carried out through media that is capable of reaching a large amount of people and effectively persuading them for or against a cause. Computer systems can distribute information in such a manner that can be either beneficial or harmful material.  An example of propaganda is using the Internet to sway public support of one party group or another in an attempt to discredit the opposing  groups during an election (an electronic form of an election campaigns).