David's Web Page
Page Four - How you can protect private information on your home computer.

Home

Page One - Photos of Dachau Concentration Camp Memorial | Page Two - Photos of Neuschwanstein Castle | Page Three - Photos of Venice | Page Four - How you can protect private information on your home computer.

Running head:  INFORMATION TECHNOLOGY ABUSE:  PRIVACY ISSUES

 

 

 

 

Information Technology Abuse:  Privacy Issues

 

 David Rittenhouse

 

University of Maryland University College

 

Software and Hardware Concepts - IFSM 310

 

April 6, 2002

 

 

 

 

 

Abstract

 

 

This paper presents an overview of current privacy issues, discusses potential methods in which an individuals privacy may be jeopardized, and examines specific countermeasures that can be used to protect private information.  The focus of this paper is primarily the privacy of individuals using personal computers in a home environment and on the Internet. 

 

All software applications referenced herein have been tested by this writer on the Windows 98 Second Edition operating system.  Other operating systems may not be compatible with all applications mentioned.

 

The Basis and Need for Privacy Protection

            The issue of privacy is a great concern of American citizens.  A Dell sponsored survey conducted in August 2000 by Harris Interactive, revealed that loss of personal privacy ranked as an issue of higher concern for Americans than the issues of crime, health care, or the environment (E-consumer confidence study, 2000).

The United States Constitution does not expressly list a right to privacy.  However, several of the rights that are specifically guaranteed in the Bill of Rights, inherently assume that a privacy right exists.  For example; the Fourth Amendments guarantee that citizens will be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures implies that privacy is a matter of right.  The Fifth Amendments guarantee that a citizen shall not be compelled in any criminal case to be a witness against himself indisputably suggests that the right to keep information private was obvious to all.  Two drafters of the U.S. Constitution, Alexander Hamilton and James Madison, affirmatively demonstrated their right to privacy by publishing The Federalist Papers anonymously (as cited in Crispo & Grosso, 1998).  In recent times, this foundational principle of American law was referred to by the United States Supreme Court as privacy guaranteed by the Fourth Amendment (Scalia, 2001).  The Privacy Act of 1974, as well as laws banning tampering with U.S. Mail, and stalking, are all expressions of the belief that privacy is a citizens right and violation of that right produces unfavorable consequences for the individual and for society as a whole.

            The reasons underlying laws protecting privacy are numerous.  Psychologically, humans have a fundamental need for personal space, and peace of mind that their privacy in that space will not be interfered with.  One of the most frequent comments heard from burglary victims is how violated they feel that someone was going through their belongings.  Even people who do not consider privacy to be a significant concern and feel that they have nothing to hide typically use curtains on their bedroom windows and send mail sealed in envelopes rather than postal cards.  Sociologically, people can function better together if boundaries protecting privacy exist.  Without privacy, individuals are far less likely to report organized crimes because of the fear of reprisal.  Without privacy, individuals are far less likely to pursue AIDS testing, or treatment for other medical conditions that would make them unable to purchase insurance or subject them to ostracism.  Philosophically, privacy is an assertion of human individuality.  It is a statement that I have the right to control this and to decide if it is disclosed to others or not.  It is an assertion of ownership that states, This belongs to me.  Politically, privacy serves as catalyst for free expression.  Few, if any, citizens would wish to attend any political rally where their car license plate numbers would be recorded and they would be subjected to suspicion or investigation (Kelly, 2002; Lindsay, 2002).  Legally, privacy is a matter of necessity to avoid the consequences of abuse or mishandling of personal information.  The spectrum of potential consequences ranges from identity theft and ruined credit (Identity theft, 2001) to being a victim of stalking and murder (Amy Boyer, 2002; Rebecca Schaeffer, 2002).

Potential Threats to Privacy and Methods Employed

            Personal information is sought by a wide diversity of agencies and individuals each using differing methods.  These groups, and the methods they employ, will be examined below.

Individuals:

            This group would include co-workers, family members, and hackers/crackers.  Their motivation for accessing personal information could range from professional jealousy, curiosity, mistrust, or malicious/criminal intent.  The methods employed by individuals are primarily exploitation of inherent system weaknesses, social engineering tactics - such as simply asking for information that allows access, or use of specialized software tools such as monitoring programs, password cracking programs or trojan horse programs.  One of the most well known home computer monitoring programs called Spector from www.spectorsoft.com sells for under $70.  Hundreds of password cracking and trojan programs are freely available on Internet on sites such as http://www.infosyssec.net/infosyssec/tools2.htm.  In recent years, password-cracking tools have evolved from tools that required a user to have an intricate understanding of computer systems into more simplified tools that are very user friendly.  The freeware password-cracking tool called Cain from http://www.oxid.it/ is an example of this simplified type.  Within minutes of installation, Cain can reveal passwords for screensavers, Internet dial-up logons, internal networks, and other passwords that have been used on a Windows based computer system.  When this writer first tested Cain, it correctly identified the password that would allow access to make changes on his personal web page.

Businesses:

            This group includes any business that utilizes tools to gather, analyze, and maintain personal information about individuals without the individuals knowledge or consent.  The techniques used include data mining to correlate data and deduce previously unknown facts about individuals, using web page cookies to gather data surreptitiously, and offering software spyware programs to the public which contain hidden functions to send information secretly back to the manufacturer.  Programs classified as spyware are too numerous to list, but include such popular programs as: RealPlayer, Download Accelerator, Comet Cursor, PK zip, Cute FTP, Gozilla, and Kazaa.  One extensive list of spyware infested programs can be viewed at: http://www.fcenter.ru/Software/Miscellaneous/Spyware/spywarelist.txt.  Microsoft uses a tracking device called a Globally Unique Identifier (GUID) in its Windows Media Player application.  Alternatively referred to as a super cookie, it can be used to secretly track the web surfing habits of a particular user.  In addition to data gathering for dubious purposes, businesses can also constitute a threat to individual privacy by mishandling information they control.  Two recent examples of this were the disclosure of the names of 600 Prozac users by pharmaceutical company Eli Lilly (Lilly, 2001), and the disclosure of 400 organ donor names by the University of Minnesota (Release, 2002).

Government Agencies:

            This group could include any state or federal agency which does not take its information management responsibilities seriously, however, the majority of privacy issues stem from just four federal agencies; the Internal Revenue Service (IRS), Central Intelligence Agency (CIA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI). 

The IRS and CIA have both had highly publicized incidents where they failed to safeguard the private information within their possession.  According to Representative Ganske (1997), IRS employees have been repeatedly caught improperly using information in the custody of the agency, but the General Accounting Office found that only 2.3% of those caught were actually fired.  As recently as March of 2002, the CIA was embarrassed by having its network mapped and the names, phone numbers and e-mail addresses of numerous agents posted on the Internet.  The situation with the CIA was further exacerbated by the fact that this occurred after the September 11th terrorist attacks, and was accomplished in merely two days using freely accessible and unclassified information found on the Internet (Townsend, 2002).  

While the IRS and CIA may cause privacy concerns by mishandling information, it is the information gathering methods of the NSA and FBI that sometimes places those agencies at odds with individual privacy.  Agencies of the U.S. Federal Government have long used technology to gather information on citizens.  The first telephone wiretap in the United States occurred in 1885 only four years after the introduction of the telephone (Gutter, 2002).  According to Justice Stevens (1989) of the U.S. Supreme Court, the FBI had amassed records on 24 million people as of 1989.   In comparison, the CNN special report Cold war (1999) disclosed that the former East German Stasi, or secret police, amassed records on only 6 million people.  The FBIs use of secretly installed keystroke logging software was recently made public by the case of Nicodemo S. Scarfo (United States v. Scarfo, 2002).  In that case, the FBI obtained court approval to covertly enter Mr. Scarfos premises and install software that recorded every keystroke made on Mr. Scarfos computer including his typed passwords.  Another information-gathering tool utilized by the FBI is DCS-1000 (formerly called CARNIVORE). This system consists of hardware connected to an Internet service providers equipment that allows the FBI to intercept all e-mail traffic sent or received by a specific individual without their knowledge.  Unlike traditional telephone wiretaps, which must be narrowly focused, to intercept specific targeted conversations, DCS-1000 searches and intercepts all communications of an individual (Kerr, 2000).  Title 18, section 2518(4) of the United States Code gives Internet service providers no choice in cooperating with electronic surveillance.  In November of 2001, an FBI response to a Freedom of Information Act request, admitted the existence of an enhanced CARNIVORE project called Magic Lantern - a remotely installable key logger that can be sent to a computer via e-mail (Sullivan, 2002).  

The NSA uses a much larger system for interception of communications data.  It is called ECHELON, and consists of a global network of satellites and monitoring stations that screen all telephonic, e-mail, and facsimile transmissions (European Parliament, 2001).  Obviously, processing all such data would be impossible, however, the system does not process all of the data, but rather carefully screens it for specific keywords and phrases, and captures only transmissions that meet pre-defined criteria.  All of the captured data is then analyzed to extract pertinent information.  Both CARNIVORE and ECHELON have evoked grass-roots protest movements (Brown, 2000 and Ferguson, 1999).

Another method of government information gathering that could possibly pose a privacy risk is monitoring of TEMPEST emanations.  These electronic signals are created by a computer monitor, and can be intercepted and used to re-create the screen image.  This technology requires sensitive reception equipment that must be in close physical proximity to the computer being observed. Such reception equipment is illegal for individuals to possess, use, or sell in the United States (Atkinson, 2000).

Countermeasures to Protect Privacy

            Protection of the private information on a computer can be most effectively accomplished by establishing layered security for the system containing the information.  This involves establishing first-line, second-line, third-line (etc.) defenses, and considering the consequences if those defenses should fail. 

First Layer: Good Privacy Protection Habits

            The weakest link in protecting the data on any computer system is the user.  The most sophisticated security system in the world cannot protect the privacy of information if good privacy protection habits are not adhered to. 

An individual seeking to protect privacy should first and foremost develop the habit of non-disclosure.  Simply because forms or applications request private information does not mean that divulging the information should be automatic.  Generous use of Not Applicable or N/A is a prudent habit to develop.  A more proactive approach to handling excessive demands for personal information is to actively pursue a campaign of disinformation.  Simply altering a few characters of a name, zip code, or social security number when inputting data on Internet forms causes information to be associated with the fictitious identity thus, defeating data mining and profiling techniques.

Another important privacy protection habit is educating oneself to the specific weaknesses associated with the hardware, operating system, and applications that are used.

One example of a hardware weakness would be the TEMPEST emanations discussed above.  TEMPEST monitoring can be prevented by using certain software to control the emanations (Kuhn & Anderson, 1998) or alternatively, users can jam the emanations by placing a second computer within the same room and forcing its monitor to generate an electrical smokescreen of characters by using a screensaver similar to the one used in the movie The MATRIX (Jansson, 2001).

  Few users of the Windows operating system understand how the system stores their personal information.  Three notable examples of Windows information storage problems are the autocomplete feature of the Windows registry, Windows Applog files, and Windows temporary files.

The autocomplete feature is seen when typing personal data into fill-in boxes on the Internet.  After a user has typed a few characters, the autocomplete feature creates a drop-down box that contains the remainder of a zip code or other data.  Many users never contemplate how their computer knew what information was needed to fill in the desired blank.  They are shocked to find that their social security number, bank account number, passwords, birthday, address, mothers maiden name, and credit card numbers are all stored on their computer.  The countermeasure to clear out this information and disable this feature requires only nine clicks of the mouse.  From the Internet Explorer Tools menu, click: Internet Options| Content tab| autocomplete button, then uncheck all three boxes and click the two buttons to clear forms and clear passwords, then click OK to close the two open dialog boxes.

  Applog files are located within the Windows system folder and used by Windows to keep a record of which programs are used most frequently.  Windows uses this information if a user selects the defragmentation option to rearrange your program files so that your programs start faster.  Deletion of the Applog folders contents prevents that record from being examined to determine a users computer usage habits.

Windows temporary files can create a privacy concern if they contain personal information and are not securely deleted.   One way this can occur is if a user edits a text document in Microsoft Word and then clicks the save icon.  Using the save icon immediately creates a temporary file containing information from the old (pre-saved) version of the text document.  Windows may store this temporary file in any available space on the computers hard drive.  When the user turns off the computer, the temporary file is deleted by its storage space being marked as available for future data to be recorded.  However, the files contents are not actually erased from the hard drive.  The information from the old document can be recovered using specialized software, if no new data has been written to the old documents storage location on the hard drive.  A simple protection measure that avoids the problem of old document contents being invisibly stored, is to use the save as command on Microsoft Words File Menu instead of the save icon.  The save as command allows a user to change the file name each time the file is saved, thus preserving the old (pre-saved) versions of the document in a visible form and making them easier to securely delete (Bascom, 1997).

One notable example of an application weakness, which could inadvertently disclose information, would be Microsoft Words retention of deleted text.  Many users are aware that Microsoft Word has a feature allowing deleted text to be undeleted with the undo icon, but they never contemplate how this task is accomplished.  Text that has been deleted in a Microsoft Word document is actually not erased at all.  It is merely coded to not appear when viewed or printed; similar to the way other non-printing characters like paragraph indentations or page breaks do not appear.  The deleted text can be viewed by using the Edit program in MS DOS.  Preventing this type of leak is as simple as cutting and pasting the Word documents text into a new Word document before sending it to anyone (Banks, 2000).

For anyone concerned about maintaining his or her privacy, password discipline should also be habitual.  Being unfamiliar with password cracking methods, many computer users make mistakes that are very common.  A 1999 survey by Network Computing magazine revealed that two thirds of people use the same password for multiple accounts (Colkin, 1999).  Consequently, if a malicious person can get a user to set-up an access password for a fraudulent web business, then the odds are great that they can also access that users e-mail or other accounts with the password given.  Another common mistake is selecting insecure passwords.  Passwords should be a minimum of 8 to 10 characters long and be composed of a combination of numerals, punctuation marks, and upper and lower case letters.  Passwords should never be the name of a person, a birth date, sequential numbers, or any word from a dictionary of any language.  Password cracking programs using a dictionary attack can easily guess a password by trying every word in an entire dictionary.  This process takes only seconds to complete on computers using Pentium (or faster) processors.  One method of password selection would be to incorporate a strategy of obfuscation.  For example; if a user records a CD with dozens of full length classic e-book texts such as: War and Peace, Les Miserables, The complete works of Shakespeare, etc. and chooses a few letters from a word at the end of one sentence and a few letters from the beginning of the next sentence as a password, this would result in a strong password with upper case, lower case, and punctuation characters.  Simply inserting this CD and using a mouse to navigate to the correct e-book location, highlight the characters, and then copy and paste them wherever a password was required, would prevent a key logger from detecting anything because the keyboard would never be used.  Anyone who read the CD would not see anything but a collection of lengthy e-books, and if the CD were ever inadvertently lost, the e-book containing the password characters could be easily re-downloaded from the Internet.

Second Layer: Physical Barriers

            Of all the various privacy protection methods, barriers are the easiest to implement.  Barrier security is founded upon the premise that reducing the number of people, who have access to a computer system, simultaneously reduces the likelihood that the system will be subjected to unauthorized access.  The physical location of a computer storing personal information should be in a lockable room.  Users possessing the resources to have more than one computer should consider isolating one computer from the Internet and storing financial records or other private information on the isolated system.  The most proficient hacker/cracker in the world cannot access a system with which they have absolutely no contact.

Third Layer:  Firewalls, Web Filters, and Tracking Detection

Firewalls: Any computer system that accesses the Internet should be equipped with a firewall to enable the user to detect and prevent unauthorized access to the computer through the Internet connection.  This writer uses the Norton Internet Security Suite from www.symantec.com as his primary firewall.  This application  provides an integrated system for intrusion attempt detection, blocking advertisements on the Internet, anti-virus scanning, and privacy filtering to prevent private information like credit card numbers from being sent out to the Internet.  An alternative free firewall application called Zone Alarm can be obtained from http://www.zonelabs.com/ .

Web Filters:  Internet browser applications keep a record of which site was just visited (in case the user hits the back button).  This information can be obtained and recorded by websites.  Therefore, if a person visits a website where anarchy, AIDS, or atheism are discussed and then proceeds to online shopping sites where they complete order forms, or otherwise divulge their identity, this tracking could lead to an undesired disclosure of information about their interests. An online demonstration of this disclosure can be viewed at: http://privacy.net/ .  To control the information a browser discloses a tool called The Proxomitron is available from: http://thewebfairy.com/prox/ .  For users who prefer not to have web filtering software installed on their computer, a similar result can be achieved by utilizing online web filtering tools such as Anonymizer at: http://www.anonymizer.com/ or Rewebber at: http://www.rewebber.de/ .

Tracking Detection:  Because website tracking occurs invisibly it is difficult to detect which websites may be keeping an ongoing record of a users activities.  One free product that makes this information available to a user is the Privacy Companion from http://www.idcide.com/pages/per_intro.htm .  Home computer tracking programs, such as the previously mentioned Spector, can be detected and deactivated by performing a scan using a product called Whos Watching Me that is available from www.trapware.com .

Forth Layer: Trojan, Key Logger, and Spyware Detection

If the first three layers of defense fail and unauthorized access to the computer does occur, it is important to be aware of the intrusion so that it can be dealt with as quickly as possible.  Specialized detection software is needed for this purpose because trojan, key logging, and spyware programs can be designed to run invisibly and will appear neither in the Windows system tray, nor in the task manager window that appears when CTRL-ALT-DEL is pressed once. Two free programs that assist in the detection of intruders are Regmon which provides a real-time display of all changes to the Windows registry, and FileMonitor which displays all file opening and closing activity as it is occurring.  These two programs are available from:

www.sysinternals.com .

Trojan Detection: One extremely useful program for trojan detection is called Trojan Monitor and is a component of a program called The Cleaner from: www.moosoft.com .  Trojan monitor constantly watches all of the critical system files and registry settings and will immediately sound an audible alarm and generate a flashing warning signal if any program attempts to modify these settings.  Trojan monitor will then identify the specific setting that is causing the alarm and give a user the option of whether or not to allow the change to proceed.  A high quality freeware alternative for trojan scanning and removal is a product called Trojan First Aid Kit (TFAK) available from http://www.wilders.org/free_tools.htm .

Spyware Detection:  The leader in spyware detection is a program called Ad-Aware.  It is freely available from www.lavasoftUSA.com , and the program offers a live update feature to keep its list of spyware programs current.  In a matter of minutes, Ad-Aware can scan the contents of an entire computer, identify any spyware programs, and offer to delete them.  As a secondary means of confirming a suspected files status, an online spyware database is available for searching at: www.spychecker.com .

Key Logger Detection:  An old, but free, program called Hook Protect from http://www.softsecurity.com/products/hookprot/hookprot.html scans a computer for any signs of monitoring software.  A similar, but more recent, Key Logging detection program is called Anti-Key logger from www.anti-keyloggers.com .

Fifth Layer: Minimize Exposed Information

In the event that all of the foregoing methods fail and an intrusion of the computer does occur, it would be wise to limit the information to which the intruder can have access.  This fall-back position would include techniques to securely delete unneeded sensitive information and encrypt sensitive information that must be retained on the system.

Secure Deletion:  The Windows operating system does not delete files.  Even the action of emptying the recycle bin does not cause the files to be destroyed.  Emptying the recycle bin merely marks the memory space storing a document as available for recording future data.  It is not until the data is overwritten many times that it actually becomes unrecoverable. Several programs exist to allow users to accomplish actual deletion of files containing sensitive information.  A few of these are listed below:

BC Wipe is a multi-function secure deletion tool available from: www.jetico.com .  It clears and overwrites the Windows swap file (WIN386.SWP), file slack space, and the unused space on a hard drive.  All of these areas can potentially contain private information (File Slack Defined, 2000; Windows Swap File defined, 2000).  The BC-Wipe program offers various options for data deletion ranging from a fast single overwrite up to capabilities that meet U.S. Department of Defense data destruction requirements for classified information.

Clean System Directory from http://www.theabsolute.net/sware/  is a free application that allows users to remove dynamic linked library files (.dll) that were left behind when their corresponding applications were uninstalled.  From a privacy standpoint, the removal of these files prevents someone from examining the Windows system folder and determining what programs were previously installed.

Clean Up! is a free program from  The Strangely Green Chicken Company at: http://free.prohosting.com/~sgould/cleanup/README.html#Download .  With only a single mouse click, it searches for and deletes files containing private information about Internet activity.  This programs deleted files include the Index.dat files that contain a cumulative list of every website visited. A user attempting to simply delete the Index.dat files without such a program will discover that Windows blocks user access to these files.

Empty Temp Folders from: http://danish-shareware.dk/soft/emptemp/ is a free multi-function application which allows users to selectively delete cookies, Internet history items, and temporary files, in addition to clearing the Windows clipboard, and finding broken links to files that have been deleted.  Finding and deleting broken links to deleted files, is one of the loose ends that can disclose a users activities on a computer.

Properties Plus from http://www.ne.jp/asahi/cool/kish/ is a free program that allows a user to alter the Time/Date stamp that Windows places on every file.  This Time/Date information can be used not only to see when a user created, modified, or last accessed a particular file, but by analyzing the Time/Date stamps of files in conjunction, a detailed usage pattern can be deduced.  A manual method to achieve Time/Date stamp modifications is to copy a file from one hard drive to another, and then copy the file back again.  However, the manual method only resets the dates and times to when the file was re-copied.

RegCleaner (not to be confused with Microsofts unsupported product RegClean) is a free program available from www.jv16.org .  Many programs leave behind telltale registry entries when they are uninstalled. Although not specifically designed as a privacy tool per se, this product enables a user to search out and eliminate all references to previously installed programs, thus, denying this information to anyone later examining the computer.  An unintended consequence of this cleaning is that it allows many shareware programs to be repeatedly reinstalled after their expiration dates, since these programs use these hidden registry-leftovers to identify which computers have previously installed the shareware.

Encryption:  The leading encryption product for home use is Pretty Good Privacy (PGP) from: http://www.pgpi.org/ .  However, use of this product is somewhat complicated and can cause it to go unused resulting in no privacy protection whatsoever.  After examining various encryption products, it is this writers view that Silver Key from: www.bestcrypto.com/products/skey/  is  vastly easier to use and sufficiently secure.  It costs only $19.95 and allows drag and drop encryption of complete folders using the state-of-the-art AES encryption algorithm.  A freeware version called Iron Key is also available.  It is similarly quick and easy to use, but can only encrypt one file at a time and uses the DES encryption algorithm that was cracked in 22 hours and 15 minutes at a 1999 contest sponsored by RSA Security (Crume, 2000).

One disadvantage of encryption is that an encrypted file, folder, or hard drive can be tantamount to a red flag identifying information as sensitive.  An alternative to encryption that does not have this problem is steganography.  Steganography is concealment of private information within an image or sound file (Andrews, n.d.).  A program using this technology called EyeMage is free from: http://www.proporta.com/apps/Windows/eyemageiie_windows.zip .  EyeMages graphical interface makes the encoding/decoding process so very simple that a small child could easily use it.

Sixth Layer: Scorched Earth Policy

In certain rare circumstances, the cost of disclosure for private information might outweigh the cost of the computer on which the data is stored.  Diagrams of not-yet patented inventions, soon-to-be published research results, and confidential client files of doctors or attorneys are just a few types of materials for which unauthorized disclosure could be catastrophic.  In these situations, extreme failsafe protection might be needed.  Methods for this could range from the use of harmless tricks to put the computers software in limbo, to more extreme methods that prevent data disclosure by permanent destruction of the computers hardware.  In any instance where data is critical enough to warrant this degree of protection, it is assumed that a user will have properly backed up the data in an alternate secure location.

Pre-Windows Loop:  By a simple modification of the Autoexec.bat file, a user can place a computer into an endless loop that prevents Windows from loading.  An instructional CD by Canadian Tom (Yeoman, 2001) lists the following as a method to accomplish this.  

In the autoexec.bat file insert each the following on a separate line:

echo off

cls

:loop

echo Unauthorized Access Attempt Detected ! System Halted.

pause

goto loop

 

Restarting the computer (which is the well-known bypass method for Windows screensaver passwords) will not bypass this loop.  Pressing the specific key combination disclosed on the CD will discontinue the loop cycle and allow Windows to load.  A significant benefit of a pre-Windows loop is that its password is a combination of keys which is difficult to guess and which cannot be ascertained by keystroke logging programs which start only after Windows is loaded.

Windows Self Shut-off:  This method is employed by the creation of a desktop shortcut that forces Windows to shut off and placing the shortcut within the Windows startup sequence.  If an unauthorized user attempts to start the computer, Windows will shut itself off during the startup sequence and access to the system will be delayed or denied completely depending upon the intruders level of expertise with Windows. This shortcut can be created and removed as follows: Right click on an unoccupied space of the Windows desktop. Select New|shortcut. Enter the command line data: c:\windows\rundll.exe user.exe,exitwindows (without the quotes), and then drag and drop the new shortcut into the Start Menus  Programs|Startup folder.  To deactivate this shutdown sequence, press F-5 during the startup to initiate a safe mode startup, then delete the shortcut from its location in the startup folder.

Booby Traps:  One method of preventing an unauthorized person from having free reign to perform a methodical search of a computer system is to make use of live virii to create a land-mine effect.  As a quick search of the Internet demonstrates, virii can be freely downloaded from Internet sources such as http://www.hackerscenter.com/Virus/Download/ .  These virii can be interspersed among the files and folders containing critical information, and will present no danger to the computer system as long as they are not clicked or executed. However, an anti-virus program with real-time file protection might detect the virii and quarantine them, which would negate their purpose.  For this reason, this method would require that anti-virus software be deactivated when the computer is unattended.

In addition to virii, programs can also be easily located on the Internet that will temporarily protect data by deleting a computers hard drive partitions (DEBUG script, 2001), file allocation table, or CMOS settings (Woolham, n.d.).  Programs such as this can be exceedingly small.  To illustrate; the following program consists of merely thirteen lines, yet will destroy a computers file allocation table when executed from a text file using the debug function of DOS:

 

f 200 L200 0 
a 100 
mov ax,301 
mov bx,200 
mov cx,1 
mov dx,0080 
int 13 
int 3 
rcx 
ae 
n anyname.com 
w 
q

 

 

            Use of Hardware Self-destruct Mechanisms: Computer storage media consists primarily of magnetically charged particles located on disks within a hard drive.  For this reason, any strong magnetic field can rapidly destroy large amounts of stored data.  Devices known as degaussers are routinely used for this purpose.  For less than $100 a degausser can be purchased from www.datadev.com/ .  This device is small enough to be hidden inside a computers casing adjacent to the hard drive and can be wired to operate from a computers power supply with only minor modifications.

Conclusion

            As technology continues to advance, so do the methods in which an individuals private information may be procured and misused.  The solution to avoiding the dystopian future portrayed in the novel 1984 (Orwell, 1949) lies not in a Unabomber-like attitude of seclusion from all technology, but rather in assuming the responsibility for educating ourselves about protection of privacy, and taking prudent privacy protection measures. This exemplifies the saying that Freedom is not free.   It may be that in an age where terrorism is so prevalent, some degree of surveillance is a necessary evil, but forsaking our freedoms cannot protect freedom.

A watched people are not free; especially where they must pay the salaries of their watchers.

 

In the course of researching and writing this paper, this writer has grown even more aware of how complicated privacy protection methods can prove to be.  The task of attempting to write a cogent explanation of Windows processes that are normally hidden from view, has provided this writer with an appreciation of how difficult this subject can be for new users.  To keep abreast of new privacy threats spawned from advances in technology seems an almost insurmountable task, but it is one that is necessary if freedom is to survive the information age.

 

References

Amy Boyer. (updated March 2002), Retrieved March 10, 2002 from: http://www.amyboyer.org/

Andrews, R. (n.d.) Steganography resources. Retrieved March 11, 2002 from:

http://www.privacyexposed.com/resources/steganog.htm

Atkinson, J. M. (2000). Tempest 101. Retrieved March 29, 2002 from:

            http://www.tscm.com/TSCM101tempest.html

Bascom, S. (1997). Why a normal delete is not sufficient. Retrieved April 3, 2002 from:

http://www.stack.nl/~galactus/remailers/why-real-delete.html

Banks, M. A. (2000). PC confidential. San Francisco: Sybex.

Brown, L. (2000). StopCarnivore.org  Retrieved March 27, 2002 from:

            http://www.stopcarnivore.org/contact.htm

 Cold war, the. (1999, April). CNN Interactive Special Report. Retrieved March 17, 2002 from:

http://www.cnn.com/SPECIALS/cold.war/experience/spies/spy.files/intelligence/stasi.html

Colkin, E. (1999, June 25). Security is a second thought, survey says. TechWeb.

            Retrieved March 17, 2002 from:

http://content.techweb.com/wire/story/0699pcexpo/TWB19990625S0005

Crispo N.S. & Grosso M. (1998, July).  Supermajority votes on taxes and constitutional

amendments will promote public consensus and voter confidence while slowing the trend toward governing by referendum.  Florida Tax Watch.  Retrieved March 5, 2002 from: http://www.floridataxwatch.org/supermaj.html

Crume, J. (2000). Inside internet security: what hackers dont want you to know. London:

Addison Wesley.

DEBUG script to clear partition sector of hard drive. (2001) Micro Firmware Support site

 Retrieved March 19, 2002 from: http://www.firmware.com/support/bios/hdclear.htm

E-consumer confidence study. (2000, August). National Consumer League. Retrieved March 8,

2002 from: http://www.nclnet.org/downloads/results.pdf

European parliament temporary committee on the ECHELON interception system

(2001, May 4). Retrieved March 26, 2002 from:

 http://www.burojansen.nl/europarl_draft.pdf

Ferguson, S. (1999, October 20). Overloading big brother. The Village Voice.

            Retrieved March 19, 2002 from: http://www.villagevoice.com/issues/9942/ferguson.php

File Slack Defined. (2000). New Technologies, Inc. Retrieved March 7, 2002 from:

            http://www.forensics-intl.com/def6.html

Ganske, G. (1997, April 21).  Privacy protection against IRS snoopy habits passed.  Weekly

Report from Representative Ganske.  Retrieved March 10, 2002 from:  http://www.house.gov/ganske/wk042197.htm

Gutter, R. (2002, January 23).  A survey of recent threats to privacy rights.  SANS Institute.

Retrieved March 20, 2002 from: http://rr.sans.org/privacy/survey.php

Identity theft: the growing problem of wrongful criminal records. (2001).  Presented at the

SEARCH National Conference on Privacy, Technology and Criminal Justice Information, Washington, DC. Retrieved February 28, 2002 from: http://www.privacyrights.org/ar/wcr.htm

Jansson, M. (2001). MATRIX code emulator screensaver [Computer program]. Retrieved

March 02, 2002 from: http://www.chaossoft.com/matrix.shtml

Kelly, S. (2002, March 13). Cities Share Protestor Files. The Denver Post. Retrieved

April 3, 2002 from:

http://www.denverpost.com/cda/article/detail/0,1040,53%257E459002%257E36%257E%257E,00.html

Kerr, D. M. (2000, September 6). Congressional statement on CARNIVORE diagnostic tool.

Federal Bureau of Investigation. Retrieved March 21, 2002 from:

http://www.fbi.gov/congress/congress00/kerr090600.htm

Kuhn, M. G. & Anderson, R. J. (1998). Soft TEMPEST: hidden data transmission using

electromagnetic emanations. University of Cambridge. Retrieved March 30, 2002 from:

http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/ih98-tempest.pdf

Lilly gaffe: theyve got prozac. (July 5, 2001).  Associated Press. Retrieved March 8,2002 from:

http://www.wired.com/news/privacy/0,1848,45036,00.html 

Lindsay, S. (2002, March 29). ACLU sues city on behalf of targets of 'spy files'

Rocky Mountain News. Retrieved April 2, 2002 from:

http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_1056956,00.html

Orwell, G. [Blair, Eric] (1949). 1984. Retrieved March 29, 2002 from:

http://www.msxnet.org/orwell/

Rebecca Schaeffer, the stalking and murder of. (2002).  E-online. Retrieved March 20, 2002

from: http://www.eonline.com/On/Holly/Greatest/Facts/schaeffer.html

Release of organ donor data prompts change. (2002 February 16).  CNN.com./SCI-TECH.

Retrieved March 10, 2002 from: http://www.cnn.com/2002/TECH/internet/02/16/organ.donor.data.idg/index.html

Scalia, J. JUSTICE. (2001, July). Kyllo vs. United States. 533 U.S. ___ (2001), 2001 WL

636207.  Retrieved March 5, 2002 from:

http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=search&court=US&case=/us/000/99%2D8508.html

Stevens, J. JUSTICE (1989, March 22). U.S. Dept. of Justice v. Reporters Committee.

            Retrieved March 17, 2002 from:

http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&vol=489&invol=749

Sullivan, B. (2002, November 20). FBI software cracks encryption wall. MSNBC

            Retrieved March 25, 2002 from: http://www.msnbc.com/news/660096.asp?cp1=1

Townsend, K. (2002, March).  Matta maps the CIAs network.  ISM Digest.  Retrieved

March 20, 2002 from: http://www.internetworld.co.uk/IW/vRoot/articles/article.cfm?objectid=92398498-765E-4B1D-B097AF5422F0763F

United States v. Scarfo, Criminal No. 00-404 (D.N.J.)  (updated 2002, March 1) Electronic

Privacy Information Center Report. Retrieved March 19, 2002 from:

             http://www.epic.org/crypto/scarfo.html

Windows swap file defined. (2000). New Technologies, Inc. Retrieved March 7, 2002 from:

            http://www.forensics-intl.com/def7.html

Woolham, S. (n.d.). WipeCMOS. [Computer Program] Retrieved March 29, 2002

from: http://geocities.com/sjwoolham/

Yeoman, T. (2001). Windows power users guide to becoming a control freak [CD-ROM]

Retrieved March 19, 2002 from: http://www.softkits.com/controlf/

 

For additional Info on Tempest Click Here to read a recent article.