Topic 3 : Security and Privacy.

1-Find an example of a privacy breach that was reported in the Australian or international news in the last 6 months. What were the consequences? i.e. legal, political, financial, personal etc. What action was taken in response to the privacy breach?

·        Case Outline:

The Target Corporation is an American retailing company, founded in 1902 and headquartered in Minneapolis, Minnesota. It is the second-largest discount retailer in the United States, Wal-Mart being the largest.

On Dec 19, 2013 the Target company released the statement  confirming a data privacy breach, saying that 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.As per matter of fact

On Jan 10, 2014 Target said that the thieves who stole massive amounts of credit and debit card information during the holiday season also swept up names, addresses and phone numbers of 70 million customers, information that could put victims at greater risk for identity theft.

As per matter of fact the breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.

KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.  Multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.

According to business week article issued on 13th March 2014,the fact was ,

In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.

·        Consequences:

1.       As a consequence the Target Company had to face legal charge. More than 90 lawsuits have been filed against Target by customers and banks for negligence and compensatory damages that’s on top of other costs, which analysts estimate could run into the billions.

2.       Target’s profit for the holiday shopping period fell 46 percent from the same quarter the year before; the number of transactions suffered its biggest decline since the retailer began reporting the statistic in 2008.

3.       Target company’ share prices started to fall considerably

4.       In Cowen & Co.’s Consumer Tracking Survey, conducted quarterly and for the first time since Target’s security breach news in mid-December, it found “meaningful decreases” in year-over-year customer satisfaction with both the total shopping experience and customer service in March. Satisfaction with the overall shopping experience at Target was down almost 2 percentage points in March, with declines “most acute” among middle-and-upper-income shoppers, analyst Faye Landes said, adding the higher-income shoppers are “key cohorts for Target”

·        Actions taken in response Privacy breach

As soon as the incident was made known to target they made it publicly announced. Further Target Chairman, President, and Chief Executive Officer Gregg Steinhafel issued an e-mailed statement in which he told actions taken in detail; he said “Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of the final analysis.”

Target spokeswoman Sarah VanNevel said the company is “taking extra steps” to win back shoppers

2-Case Study: ‘Dark Scenario’ based on the fictitious Data Mining Corporation (DMC)

Ø  What AMI technologies are identified in the case?

Ambient Intelligence has been defined as the field to study and create embodiments for smart environments that not only react to human events through sensing, interpretation and service provision, but also learn and adapt their operation and services to the users over time. These relates to the technologies that are sensitive and responsive to the presence of humans. For example, sensors that switches on lights when a human enters a room.in the case of Data Mining Corporation a lot of ambient technologies are identified which are listed below,

ü  Location implants

ü  Sensor networks in home and in cars

ü  Surveillance system

ü  High capacity optical storage devices

ü  Backup devices

ü  Mobile phones

ü  Security system

Ø  What drives DMC’s officers to take the actions they took?

DMC’s officers decided and got instructions from their management to hide information of data theft from police and from their clients. Although this action was not ethical but it would have been very damaging for the company. Major fears which drove them to take this action involved,

ü  Fear of losing trust of the clients and giving them image that profiles of company’s own employees is not reliable

ü  Fear of bad publicity

ü  Fear of decline in share prices

ü  Fear of damage to plans of TSE listing

ü  If clients of the company would have come to know that their data is not secure then they would have withdrawn their business and DMC and it would have caused disastrous for the company.

Ø  DMC is the clear market leader in the aggregation of AMI data. Are there any comparisons you can make to technology companies today?

Yahoo and Google are not specifically  engaged in aggregation of AMI data but they have vast amount of data on its users profiles, it can use this data in tracing the trends and behaviour of its users in sending them relevant utilities information which can best help their users to cater their needs according to their likes and moods. For example Google can track the information about its users from its different utilities it provides like

·         Google Plus ,

·         Google Talk,

·         Google Map ,

·         Search pattern on Google Search

·         Google News , type of articles selected,

, and can then target tem to send advertisements of games or shopping or their new features as per the taste of the consumer. The same fact that Google hold enormous amount of data about their users was also explained by the Marrisa Mayer in her interview we read in doing last topic’s blogs.

Ø  How realistic is the description of governments using the technology and prohibiting immigration from states with no AMI data aggregation information?

In my view,  in a way Government use of technology and prohibiting immigration from states with no AMI data aggregation information system is realistic as the AMI data profile of the people coming into states helps Government find out that the people coming to STATES are not threat to the security of the country. Government need to know the plans of the people what they intend to do in states what is their background, what are their aims, and most importantly if they are threat in any way to the country.

On the other hand this may also be regarded as the discrimination as prohibiting someone from entering states only on the reason that their data history is not available on AMI data network seems illogical and it  hampers self-esteem of the individuals.

Ø  What would be the impact of this digital divide?

A digital divide is an economic inequality between groups, broadly construed, in terms of access to, use of, or knowledge of information and communication technologies (ICT). The divide within countries, (such as the digital divide in the United States) may refer to inequalities between individuals, households, businesses, and geographic areas at different socioeconomic and other demographic levels, while the divide between countries is referred to as the global digital divide, which designates nations as the units of analysis and examines the gap between developing and developed countries on an international scale.

 This digital divide causes a significant problem in many struggling parts of the world.  The parts of the world that have a predominant amount of internet access is the western world, the United States, Europe and Northern Asia, where as access is more restricted in the poorer less developed parts of the world such as Africa, India and southern parts of Asia.  These poorer nations are unable to afford the initial startup cost to be able to invest into technology to allow their nation to be able to have and maintain internet access.   This puts these countries at a competitive and economic disadvantage.  This is due to the fact that it impacts on society at many levels.  By a country not having internet access, it means that schools are unable to teach IT skills and take advantage of the vast amount of information available on the web.    With a lack of IT skills people from these countries are unable to compete at an international level.

In contrast the richer countries benefit from more highly trained people who will in turn enable higher economic growth.   In urban areas more people seem to have internet access as opposed to rural areas causing yet another divide.   Also countries that don’t have internet access are unable to carry out e-commerce and e-business putting their companies at a significant disadvantage with in the global market.

Ø  List some of the ‘unintended consequences’ described in the case.

Some of the unintended consequences involved, identity theft cases, people’s credit cards showed unauthorized uses as their bills showed the things they haven’t bought, a lot of companies and people got blackmailed with threats of releasing information. Consequently DMC had to face the legal charges due to negligence in securing the data and hiding the fact of data theft, their share prices started to fall and their clients lost confidence in them.

REFERENCES:

• http://krebsonsecurity.com/tag/target-data-breach/
• http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html
• http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1
• http://airlab.stanford.edu/
• http://www.ntia.doc.gov/ntiahome/fallingthru.html.
•  http://www.econ.yale.edu/growth_pdf/cdp881.pdf.
• http://www.dividedbytechnology.co.uk/impacts.html