Digital Crime and Digital Terrorism - Essay Example

Digital Crime and Digital Terrorism Digital Crime and Digital Terrorism Countries can reach the top echelons, not only based on their economic and social status, but also based how it is protected. A country’s various armed forces along with intelligence as well as other internal agencies will only coordinate to protect it from varied forms of threat. A country could face threat from other countries as well as terror groups through weapon based attacks, and in the contemporary times through cyber attacks. In those scenarios, a country’s strong security apparatus will only be able to preempt those attacks, and also optimally manage it when the attack gets initiated. U.S., which have faced terrorists’ attacks and other security threats in the recent past have also initiated these steps. Although, these constructive initiatives were to protect the people of America, certain sections of the population have raised opposition mainly regarding the privacy related issues. Their view is, these measures sometimes infringes upon the privacy of citizens and compromises their lives, social standing, economic status, etc, leading to a lot of physical and mental problems for them. This paper will first discuss US’s government initiatives to protect its vital digital assets, then will discuss how it is crucial to protect both personal privacy as well as classified national security information, and finally will discuss how these classified assets could be breached and the safeguards that can be taken. Security and Privacy The United States government’s classification and protection system for certain crucial information is established with the aid of number of legal regulations and executive orders. That is, all the important information and all the related documents, files, etc., pertaining to national security are classified and protected from getting into wrong hands in the form of USA-PATRIOT Act, Homeland Security Act, FISA, etc. USA-PATRIOT Act (manufactured acronym for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) was passed in 2001 due to the initiatives of the former US President, George Bush, and it provides for a lot of security measures particularly for digital assets. In 2011, President Barack Obama strengthened this act by signing a four-year extension for three key provisions found in the Act, particularly related to digital terrorism. That is, the “roving wiretap” power allows the “federal authorities to listen in on conversations of foreign suspects even when they change phones or locations”. (Mascaro, 2011). While the “library provision” gives “the government access to the personal records of terrorism suspects” and finally the “lone wolf” provision gives the authorities power to mount surveillance on all types of foreigners, who do not have affiliation with any terrorist groups, but is suspected of terror related actions. (Mascaro, 2011). Although, allowing government surveillance in a way intrudes into the private space of the individuals, it tries to protect America and its citizens. That is, this law protects national security information and at the same time tries to elicit information from potential culprits, which could be detrimental to the national security. Likewise, the Homeland Security Act tries to protect national security information, which is in digital form. It strengthened the penalties for computer abuse and fraud crimes, specifically allowing the death penalty for any abuse (i.e., hacking) that results in serious physical injury or death, regardless of the intention of the hacker. (Mitrano, 2003). FISA or Foreign Intelligence Surveillance Act, passed in 1978, provides a legal framework for the use of electronic surveillance regarding foreign intelligence gathering. It authorizes electronic surveillance as well as physical searches on potential targets, without a court order. Although, all these security related measures has inbuilt scope for privacy breaches, it provides safeguards to national security information and national interests. Although the word "privacy" in relation to national security is not explicitly mentioned in the US Constitution, there are constitutional regulations or limits to prevent ‘unwarranted’ governments breach of individual’s privacy. The Fourth Amendment to the Constitution of the United States ensures that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” (“Bill of Rights”, n. d). However, conflict in interests happens, when this amendment ‘conflicts’ with FISA. While FISA authorizes physical searches, Fourth Amendment restricts it. With the amendment of FISA in 1995, FISA court was given the authorization to conduct physical searches as well as electronic surveillance, based on the minimal level of suspicion. So, the amended FISA gave the power to conduct searches outside the parameters of the Fourth Amendment. Although, this exception could cause privacy related problems, it can to be used with caution. Protection of privacy should be fully integrated with all the security related initiatives. The coexistence between security and privacy needs to be actualized in both the government as well as the commercial establishments. Securing important files, data and sensitive information is paramount for the success and even survival of organizations. As there is major scope for the theft or leakage of these critical Assets, all the routes, through which it could happen needs to be sealed. Among the many routes, it is through the employees’ nefarious activities, security could be compromised. So, tracking the employees mainly on the digital or virtual front is a key aspect, but that aspect can bring privacy related issues. In the guise of tracking the employees, the suspected employees’ phone calls, emails, and online transactions could be tracked. However, that could lead to privacy concerns from various stakeholders. For the coexistence to happen without compromising security and privacy issues, all the security related apparatus need to be made foolproof, without any chance of breach. That is, without the need to track the customer’s personal details, all the critical assets can be secured using various IT tools from data protection system to antivirus filters. Along with this aspect, there can be coexistence, if the government authorities incorporate ethics and does not involve in privacy breaches for ulterior motives. So, security and privacy can be balanced effectively. Security Breaches There are number of reasons why all federal intelligence agencies and the national laboratories have been unable to prevent the theft of key digital assets. The first reason is, when the critical assets are not kept under ‘safe environment’ inside the laboratories, it can be easily taken away or tampered by the culprits. That is, if the culprits have access to the secure locations of the information system through power, knowledge, etc, they could easily infiltrate it and take away the data. In case, if the locations are ‘protected’ by physical structures and weak passwords, then the culprits can decipher the passwords and can enter the locations. This stealing of data or crucial and critical assets can also happen if the transfer of data from one location to another is not done in a foolproof way. This can happen, if the classified communication and other transfer of classified data are done through unsafe E-mail and network systems. (Schneier, 2005). And also, if the data is transferred in an unencrypted form, the data can be easily accessed. The important data which is accessed or robbed or pilfered can be used by the culprits, in a very damaging way. This serious problem can be solved if the government establishments as well as key commercial enterprises in association with the security agencies follow a series of effective steps. Safeguards One of the first steps government establishments and other enterprises can take is to constantly monitor the employees during the recruitment process and also when the employees works. “Agencies shall develop, document, and implement policies and procedures for the selection, orientation, and supervision of employees and contractors who have access to agency IT resources. The objective is maintained and to promote an awareness of security matters” (“Information Technology Security Standards”, 2005). Employees could enter an organization with ulterior motives. To eliminate this possibility, authorities have to conduct detailed background checks about the prospective employees. Even after the recruitment, there should be constant vigil on the employees, till more than hundred percent trust, develops about them. They should not be given access to all the secure installations, and if they are given, they should be monitored through Closed Circuit TV Camera systems, trackers, etc. The other issue of Virus infiltration as well as spyware, malware infiltrations can be managed by the authorities if they actualize a fail-safe Virus safeguards. These safeguards should not only prevent Virus and other detrimental infiltrations, but should be able to detect after the infiltration has taken place and importantly should be able to remove it completely without any ‘imprints’, including signature currency. In addition, all software used by the officials has to be “approved by an authorized agency authority and shall incorporate all provided security patches that are appropriate to the environment in which it is operating” (“Information Technology Security Standards”, 2005). Apart from these above measures, which focuses on preemption inside the facilities, adequate steps also has to be taken to prevent any infiltration or data theft during the data sharing or transferring process. For that, government establishments as well as other associated parties, before initiating the data transferring process, have to sign a service level agreement (SLA). "Secure data storage is defined as the protection of data content and changes in data state from its original storage on electronic media by using encryption processes" (“Information Technology Security Standards”, 2005). Under this agreement, the first step is to increase the protection levels for the data to be transferred or sharing, by using a strong encryption process. When the data is encrypted strongly, only the intended receiver can open and access the data, restricting any detrimental parties from accessing and pilfering it. Conclusion All government establishments and even some commercial organizations work in unison to protect the territorial integrity of the country, and protect it from destructive actions of detrimental forces. This unison of many entities to protect U.S. has been aided by various technology tools, importantly information technology (IT) tools from the mid 20th century. With more and more advanced IT tools being developed specifically for security purposes, it has become crucial for the authorities to utilize these tools effectively and also ethically, without violating the citizens’ privacy. In addition, if the entities focus on all the probable security breaches, and come up with appropriate IT based strategies, it can further optimize the security apparatus. Thus, if all government entities and commercial corporations use more automated and proactive management strategies in relation to the security environment, it will translate to heightened security cover for the country. References “Bill of Rights: Amendment IV.” (n. d.). Cornell University Law School. Retrieved from: http://www.law.cornell.edu/constitution/constitution.billofrights.html “Information Technology Security Standards.” (2005). Washington State Department of Information Services. Retrieved from: http://isb.wa.gov/policies/portfolio/401S.doc Mascaro, L. (2011, May 27). “Patriot Act provisions extended just in time.” Los Angeles Times. Retrieved from: http://articles.latimes.com/2011/may/27/nation/la-na-patriot-act- 20110527 Mitrano, T. (2003). Civil Privacy and National Security Legislation: A Three-Dimensional View. EDUCAUSE Review, 38 (6): 52–62. Schneier, B. (2003). Beyond fear: thinking sensibly about security in an uncertain world. New York: Springer. Read More