Privacy issues that cannot be ignored

You don’t have to be a wild-eyed civil libertarian to be legitimately concerned about privacy issues. Particularly if you’re running a corporate network, it’s a really good idea to think about privacy. Some reasons:

Global privacy regulations. Companies with global networks are likely to run into stringent privacy regulations that define the degree to which personal information may be revealed to third parties, especially in European Union countries, as well as Canada and Japan.

Case in point: The EU is investigating whether the Society for Worldwide Interbank Financial Telecommunications (SWIFT) broke the law by providing the U.S. government with financial data. (SWIFT, which is overseen by the Belgian Central Bank, operates a secure electronic messaging service used by about 7,800 financial institutions in 200 countries.) Even enterprises less expansive than SWIFT are likely to transport sensitive personal data. In the event of a privacy breach — intentional or otherwise — individuals whose information is disclosed may have grounds for suit.

Black hat privacy breaches. A few weeks back I wrote about the unidentified bad guys who exploited legally required wiretaps in the Vodafone cellular network in Greece in 2004 and 2005 to eavesdrop on calls by Greek Premier Costas Caramanlis, the mayor of Athens and senior state security officials — along with senior military officers, human rights activists, journalists, Arab businessmen and the U.S. Embassy.

This is not great news for anyone conducting confidential business and who might incorporate public services (DSL or wireless) as part of their global enterprise network.

And the risk is not limited to international networks: U.S. laws — in particular the Communications Assistance for Law Enforcement Act — require the same backdoor wiretapping that was exploited in Greece and could be exploited here. As I’ve said before, building “tappability” into networks is a really bad idea.

Government-mandated turnover of information. As if black hats, stringent privacy laws and disgruntled employees weren’t enough to worry about, governments in countries such as China and the United States have the ability to force turnover of sensitive data. Just ask Chinese journalist Li Yuanlong, who was recently sentenced to 10 years in jail by the Chinese government for criticizing government and Communist Party policies — and whose e-mail providers (Hotmail and Yahoo) were required to provide critical information leading to his arrest.

Think it can’t happen here? Think again. Since 9/11 the government has requested turnover of sensitive information by the telcos, airlines and banks. As AT&T and its peers are discovering, such requests put companies in a fierce double-bind: Not obeying a government request can put a company in legal jeopardy, but obeying the request opens up the company to multimillion-dollar lawsuits.

For a road map on how to protect your organization, see next week’s column.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)