Off Hours: Privacy protection not easy to come by in digital world

I had to call on my friend, Dave The Destroyer, the other day. In spite of up-to-date antivirus protection for my computer, a Trojan horse slipped through.
The invader was detected and quarantined, but it remained a problem by constantly trying to break free. And each time it tried to free itself, anything I might be doing was temporarily interrupted. I tried to deal with it, but in the end, I was forced to admit defeat and call my computer-geek pal, David Gill.
Designed to remain hidden, a Trojan horse is a software application sneaked onto a computer for malicious purposes. Also called malware and spyware, Trojans differ from worms and viruses in that they generally do not replicate themselves and spread to other computers. They can disrupt, impede or manipulate our ability to do certain things, but their primary purpose is to burrow in and steal data.
They’re often slipped into a PC by an otherwise legitimate business, to send back information about purchases or browsing habits so they can be targeted in future sales pitches.
Incredibly, it’s not illegal for unknown parties to sneak this spyware into our computers, nor to collect and sell the information collected about our activities.
Trojans and their ilk are insidious and pervasive. Often, we don’t even know when spyware has infected our computer — when we do, it’s almost impossible to know what damage has been done and what other problems may have been introduced.
Once in place, they can be extremely difficult to get rid of. Sometimes, the only fix is just to erase everything — yes, everything — and reinstall the operating system. That wasn’t necessary in my case, but as David worked to clear my system, he gave me the full-on lecture about privacy, data security and the Internet.
In a nutshell, what he said is that it’s a battlefield. There are vast and powerful forces that want to steal our private information and use it for their own purposes. Data concerning our Internet activity is now of monetary value, so there’s a never-ending variety of new ways being developed to get it. The Electronic Communications Privacy Act, our primary legal protection, was written and passed almost a quarter century ago, way before data mining and the invasive Trojans of today existed.
Trojans are also a tool for crime. Identity thieves use them to access personal data stored on home or business computers — passwords, credit card info, account information. Or they may serve as a “backdoor” application, opening network ports to allow others access to our computers and the information stored on them. Spammers do this to create what is called a “botnet,” using our computers, e-mail lists and Internet connections to distribute their pitch.
Whatever the intent, Trojans require interaction with a third-party hacker to fulfill their purpose, someone (or some company, government or organization) who has specifically targeted the purloined data.
The information collected by Trojans and online services is valuable, bought by outfits that aggregate and filter it, then resell the details. They break out ethnic, religious, and other classifications, matching names or purchases or site preferences to a wide variety of market demographics. Each transaction completed on an Internet site may be reported to, say, insurance companies — which might then deny us coverage after concluding the sky-diving trip we bought is risky behavior, or that buying plus-sized clothes means we do not eat healthily.
A recent Georgetown University study surveyed 7,500 of the busiest Internet sites to determine how many collected data on visitors, how many provided visitors with a detailed privacy policy and a choice about the gleaning of collected information, and to what extent the privacy disclosures reflected fair information practices. They found that 93 percent of those sites collected personal identifying data from visitors; almost 57 percent collected demographic data, as well; and only 6.6 percent collected no personal data. Just 13 percent of the sites contained all five elements deemed essential to fair information practices: notice of the data collection, choice, access to collected data, input regarding the security of mined data, and contact information.
The government is another collector of such information. It routinely pressures Internet service providers for a broad array of customer data. In 2006, the U.S. Attorney demanded and received the book purchase records of 54,000 Amazon.com customers. In 2007, it was discovered that AT&T routed 100 percent of all Internet traffic it handled directly to the National Security Agency.
Of course, the government wants us to believe that it’s all in the name of “homeland security,” but the record shows that the folks in charge of such matters are error-prone even when in possession of accurate and direct information. Do we want any decisions about us to be based on what we buy or look at on the ’net, or what jokes we receive and forward in our e-mail? In 2007, a majority of the almost 6,000 respondents to a UPI poll on that question said no, the government should not be allowed to suspend privacy laws for U.S. citizens in the name of fighting terror.
For the most part, the agencies and elected representatives we might look to for increased online privacy protection are either part of the problem, clueless, or bought and paid for. And without a comprehensive and balanced legal framework related to online security, fraud, abuse and the invasion of privacy are a continuous threat to all computer users.
So, until something changes, it’s up to individual users to maintain, fight for and defend their digital rights. Of course, that starts with every computer having a good commercial firewall, antivirus protection and programs targeting Trojans — not to mention caution in what we download. But it also takes reading the small print when we shop or browse online. Determine the privacy policy of each site or company visited or transacted with and express a preference about what they might do with your data.
• Steve Bailey of Boulder Creek has spent plenty of time in recreational activities. Contact him at sb*****@cr****.com.