^macro[html_start;No more hide-and-seek;No more hide-and-seek;No more hide-and-seek] ^macro[pagehead;img/library.gif] ^macro[leftcol] ^macro[centercol;

No more hide-and-seek

Source: Business Standard
Date: August 21, 2003

Cyber Crime Some months ago, Indian mobile service providers (MSP) started to experimentally offer location information. Post-paid subscribers in metros saw their locations displayed on their phones. This is obviously useful for somebody in an unfamiliar place .

But the new service caused heated, if uninformed, debates about loss of privacy. Adulterers worried if spouses would finally nail their lies. Office-goers on goof-offs worried about getting caught cheating on their bosses.

In reality, the service only highlighted the fact that mobile users are easily traced. GSM technology depends on tracking — simcards announce their location continuously.

In fact, the unique 15-digit IMEI (international mobile equipment identity) number of every handset (dial #06# to see yours) also announces its location. An MSP always knows where each subscriber is and the exact instrument that is in use.

Once GPS-enabled cellphones become common, MSPs will know locations to within 10 feet. An IMEI number can be changed by specialised software. Reprogramming IMEIs are sometimes required in case of MSP changes, since many MSPs offer bundled handsets cleared to work only on specific networks.

But “cloning”, as this is known, is illegal in many countries, unless done with the consent of the manufacturer. There is also, interestingly enough, legislation in many countries (including the US) to promote transition to “always-on” GPS-enabled phones by simply making them mandatory. It may become illegal, circa 2007, to use a non-GPS-enabled cellphone.

The next logical step would be to insist that anybody in a certain category, (house-owners, truck drivers, convicted criminals, mad scientists, mountain climbers, enemies of the state) must carry a GPS-enabled cellphone. That would make life a lot easier for emergency services personnel and warm the cockles of every totalitarian heart.

In mobile services, user-location is essential. It isn’t so in conventional Net services. But ISPs always track subscribers. Security services can insist on access to those records when suspecting cybercrime or acts of terrorism. One understands the need for such surveillance, though most legislation in this domain goes well beyond the limits of the required.

A lot of other people apart from ISPs and security services would love to know surfer-patterns. Interested parties range from marketeers and advertisers searching for focused audiences, to hackers looking for credit card numbers.

Tracking started with cookies — small text files dumped onto hard disks whenever users registered to specific sites. The site picks up the cookie on a repeat visit and speeds up access. Cookies are commonly used in webmail services. Most are harmless.

This spyware is a logical but nasty development. It is among the most pernicious category of web tools, blurring the distinction with viruses. It is also more common than vanilla cookies.

Spyware consists of active programs on surfers’ hard drives and continuously transmits information back to homesites. The nastier programs look for passwords, credit card numbers and pins and keystroke-patterns. Much spyware writes itself into Windows registries and programs can resist being cleared or detected, just as viruses do.

Spyware doesn’t necessarily announce itself. Some downloads surreptitiously when a “tainted” site is visited. Others are bundled with freeware such as downloadable programs like peer-to-peer client Kazaa, and download utility Gozilla.

Even Internet Explorer version 6 has bundled spyware in the form of Alexa. Disclosure consists of a disclaimer in the fine print of the end-user licence agreement (EULA).

Apart from invasion of privacy and hacking possibilities, spyware retards efficiency by hogging bandwidth. Firewalls and anti-spyware utilities (like Zone Alarm and Ad-Aware) can deal with it but most people don’t know enough to even check and see how badly they are afflicted.

A simple solution would be to make it legally mandatory for Spyware to announce its presence with onscreen messages whenever it’s active. Disclosure would increase awareness, just as locational information sensitises mobile users. But it has been fiercely resisted. Big Brother’s little siblings are all watching and they don’t want you to know!

Original article at: http://www.business-standard.com

^macro[showdigestcomments;^uri[];No more hide-and-seek]
] ^macro[html_end]