collage of money, charts, student working and graduating

Cyber Security Awareness

By Deanna Sharpe

October was declared National Cyber Security Awareness Month in 2005.  Since then, considerable effort has been made to educate the public on avoiding being snagged in a phishing scheme or attacked by hackers or identity thieves. Eight years later, we are discovering technological advances may pose new and surprising threats to privacy and security that can be, well, just a bit spooky.  This article focuses on three emerging areas of consumer concern.  

Cyberspace has footprints.  Where do you go on the internet?  To search for information or products?  Purchase and download music or movies?  Connect with others?  Have you noticed that the ads on the sites you visit seem to be uncannily related to your activities, interests and lifestyle?  Marketers can’t read your mind but they can track your cyber footprints.  Some web sites send tiny text files called “cookies” to your computer to record your web movement.  Clickstream data helps marketers discern the products that are likely to interest a user.  For example, someone who frequents web pages related to fishing will tend to have ads for fishing gear pop up on web visits, even when on sites unrelated to fishing, such as a local news site.  Search data tracked by major search engines such as Google or Yahoo! also reveal your interests to marketers.  Purchase data gathered from cookies, user registration, or past purchases give major online retailers such as Amazon a more direct way to customize ads and to offer you products similar to those purchased before. These data collection methods still preserve some distance between the individual and the market. A somewhat more invasive method is use of personal demographic, interest, and affiliation data gathered from your postings on social network sites such as Twitter and Facebook to guide the ads directed to you.[i]

Advertising supports web site operations, so, opting out altogether is not possible.  But, consumers can reduce the amount of targeted ads received.  Privacy controls on web browsers can be tightened to limit or forbid cookies, pop-ups, or access to location information.  The Network Advertising Initiative, a self-regulatory association of digital advertising companies, provides consumers an opt-out tool on their web site[ii] Web site privacy policies can be checked.  Many major web companies such as Google and Yahoo! allow customers to customize their account usage and access.  Others, such as Facebook disclose to customers how their data will be used and allow the customer to choose to participate or not[iii].  Consumer privacy on the web is an evolving issue and distinctions between public and private consumer data is debated.  Insofar as possible, consumers concerned about privacy should “cover their footprint” by actively limiting ability of third-parties to track their web moves.

Who’s looking at you?Marketers might not be the only ones with eyes on you.  Many household appliances now use digital technology to acquire, store and transmit usage data or allow owners to control operation from a remote location.  Although it is convenient to have your television link directly to Netflix and remember your favorite stations or to be able to be sure your home’s doors are locked when you are at work, all of those links out may unwittingly give others access in.  In a recent ABC News article, Adam Levin described several ways that common household products could be co-opted for spying via their digital technology and network linages[iv].  A computer security firm demonstrated it could hack digital television sets, accessing settings and personal data and installing malware.  Webcams could be switched to watch viewers.  Although some television manufacturers have taken steps to remedy the security flaw, it is not clear that all have done so.  Cable boxes are being designed that would use cameras and motion sensors to detect user characteristics to custom tailor broadcast advertisements.  Teens, for example, would get clothes and sports drinks ads, whereas young children would see toy ads.  Household appliances as mundane as toasters, clock radios or clothes dryers that are wired to report performance data to manufacturers and give owners remote control capability could also let criminals know the home’s location and the owner’s habits.  Also vulnerable to cyber hijack are internet-linked lighting systems, heating and air conditioning systems and security alarms.  As we know, personal data stored on smartphones, tablets, and computers can be hacked.  And, perhaps scariest of all, hackers have demonstrated that the function of pacemakers, implanted defibrillators and insulin pumps can be altered by malfeasants in ways that could be fatal. 

At present, consumer’s best defense is to be aware of vulnerabilities.  Realize that what they can access, hackers can potentially access. When using appliances that connect to the internet, confirm what type of data are gathered by whom and ascertain whether or not and to what extent data transfer can be restricted or secured.  The old-fashioned system of letting a trusted neighbor know when you will be away is still useful when protecting property.  Vigilant monitoring of utility bills and credit reports is important as well.

Ghostly images of hidden treasure.  How many data files, books, music, pictures, videos, financial or work-related digital records do you have stored online?  What are those digital assets worth?  In a recent survey, McAfee, an internet security provider, discovered that United States internet users valued their digital assets at $55,000 on average, about $18,000 more than the average worldwide[v].  These assets included both original and purchased digital products such as graphic arts, books, music, as well as social-media account content.  What would happen to those assets if you died?  Unlike physical assets or those with paper records, digital assets can be invisible to the executor of your estate and vulnerable to loss. 

Digital estate planning is an emerging area of concern.  No federal laws govern passage of online assets at death or grant post-mortem access to social-media or email accounts.  At the state level, only Connecticut, Rhode Island, Indiana, Oklahoma, and Idaho have any form of digital estate law[vi].  Although efforts are underway to develop uniform state law, that will take time to develop.  Meanwhile, individuals must take specific action to protect and pass digital assets for preservation or sale. National Underwriter’s Tools and Techniques of Estate Planning[vii], provides some guidance in digital estate planning:

  1. Create a written inventory of all digital assets that have value.  Consider files that might have commercial value such as blogs, domain names, graphic designs, or media files, personal online financial accounts and files that have importance to family such as photo and video records.
  2.  Work with legal counsel and provide authority for another to take action regarding digital assets in estate documents such as in a power of attorney, a will or trust.
  3. Maintain a current and inclusive list of usernames and passwords for all digital accounts in a secure location.   Depending on individual desires and circumstances, this location could be with a lawyer, within a safe deposit box, a trusted friend or family member, or other secure location.
  4. Realize the nature of each digital asset may affect potential for transfer.  For example, access to and use of electronic books and music downloads is typically limited to the original purchaser and not transferrable. 
  5. To protect privacy, tight restrictions exist regarding who can access accounts and under what circumstances. License agreement terms can differ among service providers and must be read carefully.  Terms for Google’s Gmail accounts state access “may” be given “in rare cases” to an “authorized representative” of the decedent, but the final decision rests with Google[viii].  MSN Hotmail will provide content of a deceased user’s account on a data DVD to the deceased’s next of kin once Microsoft receives required supporting documentation.[ix] Facebook allows a verified family member to either “memoralize” or remove the deceased person’s account.[x]  

As this important area of law continues to develop, it will be essential for individuals and families to watch legal developments in their own state and to be proactive in planning eventual transfer of valuable digital assets.  Clearly, as technology continues to advance, consumer vigilance remains important in protecting privacy and insuring protection of all forms of assets – digital as well as physical. The time-honored admonition “buyer beware” must be extend to “web user beware” as well. 

[i] Pumphrey, C.  (2013).  How do advertisers show me custom ads?  Retrieved October 6, 2013 from http://computer.howstuffworks.com/advertiser-custom-ads.htm

[ii] Network Adversiting Organization (2012).  Consumer opt-out.  Retrieved October 6, 2013 from http://www.networkadvertising.org/choices/#completed.

[iii] Specific policies of each service provider regarding use of customer data for advertising purposes would need to be checked for terms. For example, Google’s policy may be accessed at http://www.networkadvertising.org/choices/#completed; Yahool!’s at http://info.yahoo.com/privacy/us/yahoo/opt_out/targeting/; and Facebook’s at https://www.facebook.com/full_data_use_policy#personalizedads

[iv] Levin, A. (2013, August 18) 9 household products that may be spying on you.  ABC News.  Retreived October 6, 2013 from http://abcnews.go.com/Business/household-products-spying/story?id=19974898

[v] Coulter, F. (2011, September 27).  McAfee Reveals average intenet user has more than $37,000 in underprotected ‘digial assets’.  McAfee, Inc.  Retreived October 6, 2013 from http://www.mcafee.com/us/about/news/2011/q3/20110927-01.aspx

[vi] More details regarding existing digital estate planning law at the state level can be found at Digital Estate Resource’s web site:  http://www.digitalestateresource.com/law/

[vii] Leimberg, S. R., Ellis, J. H., Eisner, L., Kandell, S. N., Miller, R. G., Polacek, T. C., & Rosenbloom, M. S. (2013).  The Tools and Techniques of Estate Planning, 16th Edition.  Erlanger, KY:  The National Underwriter Company.

[viii] For Google’s Gmail policy, see https://support.google.com/mail/answer/14300?hl=en.

[x] For Facebook’s policies regarding treatment of the account of a deceased person, see http://www.facebook.com/help/150486848354038.