[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 29 July, 2003, 23:59 GMT 00:59 UK
The leaky net
By Mark Ward
BBC News Online technology correspondent

In everyday life, with a few simple precautions, you can keep your personal details private.

By using cash, taking public transport, using a pre-paid mobile and avoiding the internet most of your movements will go unseen.

You will not fade away entirely, but the time and trouble it will take someone to find out what you have been doing will make you a lot less visible.

Person online at home, BBC
Using the net can expose your personal data
But on the net, almost no matter what you do, you leave behind scraps of information about what you have been doing.

Information about the computer you are using, the sites you visit, where files were downloaded to and information you type into forms will be noted.

If you take no precautions in the offline world, you may leave the same scraps but they are harder to piece together, search through and compare.

On the net, by contrast, it is relatively straightforward.

"It is simply the incredible potential for automation of searches and cross-matching and coming up with new profiles that mean people tend to leave so many more traces online than they leave offline," said Ian Brown, director of net think-tank the Foundation for Information Policy Research.

You leave tracks because someone, possibly you, is being charged for what you do online and the people providing the service need to know where to send the bill.

Leaking information

Some of this information, about which web pages you visit, does not persist for very long.

As time goes on, without access to the computer you used to go online, it becomes harder and harder to reconstruct what you did in cyberspace.

In stark contrast to this stands all the information you provide to websites when registering to use them or buying goods from them.

A former hacker known as Kuji recommends people scrutinise privacy agreements to see what will happen to any personal information they surrender.

Log in screen, BBC
Be careful what information you pass over
Sometimes firms try to squeeze more cash out of their website by selling on valuable information about you, your buying habits and your e-mail address.

Lax security often means this information is not very well protected.

"Every time a form is filled in on the net, no matter what the web site declares, there is a possibility of that information leaking to unauthorised viewers," said Kuji.

Websites are supposed to keep information about you only for as long as they need it to generate a bill.

Sadly many websites retain information about what you bought, where it was sent and how you paid. By storing the data they become a target for criminals keen to get credit card numbers.

In February 2003 crackers broke into the database operated by Omaha-based Data Processors International and got away with eight million credit card numbers. It was just the latest in a long list of similar break-ins.

Stolen life

Identity thieves also target organisations which do not do a good job of protecting their customers' personal information.

Identity theft is a huge and growing problem.

Last year in the UK more than 42,000 people suffered some form of identity theft, according to a report by the Fraud Advisory Panel.

In total this crime cost people 62.5m and individually took people more than 300 hours to reverse the damage done.

Much of this identity theft was due to tricks such as skimming, which involves the stealing of credit card numbers by running them through a device which captures the information held in the card's magnetic strip.

CCTV camera, BBC
Surveillance offline can be more obvious
The Panel's report said many more sophisticated frauds involved the use of information held by net service firms and other data providers.

Many spammers pummel online databases with thousands of requests in an attempt to build up files on users. Others simply bribe the holders of this information to release it.

In the US poor security by many government offices has exposed hundreds of thousands of people to possible identity theft.

In particular the US Department of Motor Vehicles has proved very leaky not least because federal law demands social security numbers, addresses and driver's licence information be publicly accessible.

The state of Virginia has now started issuing special passports to proven victims of identity theft to prove they really are who they say they are.

A spokeswoman for the Information Commissioner, the UK's data protection watchdog, said the net did not present more problems for holders of personal information, but she said if any breach did occur it could seriously affect a lot of people very quickly.

Many consumer and campaigning groups regularly report on the poor privacy of websites and try to shame them into doing a better job.

There are some tips for protecting yourself on the net:

  • Maintain several net identities and use disposable e-mail accounts to limit the damage if the address gets sold or passed on to spammers or vandals.

  • Give out personal information on the net as rarely as possible. Be suspicious of e-mail messages or even sites which ask you to re-enter login, credit card or other information to check your status.

    Kuji said: "I regularly enter incorrect information into forms so in the event that the site is compromised, the attacker will not gain access to more personal databases such as credit and banking systems as they will not know the correct info."




  • RELATED INTERNET LINKS:
    The BBC is not responsible for the content of external internet sites


    PRODUCTS AND SERVICES

    News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
    UK | Business | Entertainment | Science/Nature | Technology | Health
    Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
    Americas Africa Europe Middle East South Asia Asia Pacific