Evolving Technologies: Are We Ready?
Ever since the invention of computers, telephones and other electronic devices, man has been trying to make them more secure, private, smaller. The need for faster and more efficient devices has made us wonder about how we can continue to safeguard our privacy, and at the same time, develop new technology in a secure world. People and computer users tend to think of networking as something new. The modern day computer industry owes its existence to early inventions such as the telegraph, telephone and the teletypewriter (Cashman, 2002). This paper will discuss the ever- converging technologies of computers, telecommunication and other electronic devices and how they have presented our society with security and privacy issues.
The Early Years of Computers and Telecommunications
Today’s telephone network could not exist without vast computing resources to process calls, route traffic, and track telephone bills. Conversely, the existence of a worldwide telephone network allows computers to connect to one another so that the machines may exchange information (Derfler and Freed, 1998). Computer telephony integration (CTI) is the linking of telephones and computers to gain productivity. Many small businesses use PC-based CTI to set up private voice mailboxes for their employees. A PC equipped with a voice synthesis card and the appropriate software answers incoming calls and gives callers the choice of leaving a voice message.
Security Becomes a Concern
In the early days of computing, data security wasn’t a major concern. Mainframe computers systems required a closed, air-conditioned environment, and they generally weren’t connected to the outside world. To steal data from a mainframe computer, you would need physical access to the computer itself. During the 1980s, several trends combined to make data security a major concern. First, computers became the hub of most modern business. They became the storehouse for inventory, payroll, employee information, design, and manufacturing documents, and, as such, a juicy target for possible theft. Second, the trend towards networking and open communication led computer makers to adopt common standards for data communication and storage. Finally, large mainframes became connected to other computers through a networking system, either by a LAN or modem. Sensitive corporate data came within the reach of anyone clever enough to access it.
The Emergence of “Hacking”
In the 1980s, a new type of criminal—the hacker—emerged. Originally used to describe anyone who worked with computers, the term is now almost exclusively applied to people who break into computer systems. Many hackers do it for profit or for hire as a form of corporate or international espionage. But many others break into computers systems purely for the challenge. Many older computers were designed with few security measures beyond password protection. If an administrator didn’t change the maintenance password, a savvy hacker had an unobstructed ride into the system. Password protection alone is no longer sufficient for managing access. Administrators have to work with managers to ensure that only those individuals with a current need to access information appear on the authorization list.
Attacks on the Internet and E-Commerce
As companies began to communicate payroll, trade secrets, and other important information across networks, the country needed a more sophisticated way to transmit this information, other than via modem to modem connections. Situations such as this provided the impetus for the growth of the Internet (Business Data Networks & Security, 2007). While the Internet has been important to U.S. organizations since the early 1990s, it is now of considerable interest to worldwide commerce. The Internet was originally created as an open network of trusted users. Doors could be, and were, left open for the good of all members of the community. Unfortunately, as with most modern societies, such trust has been exploited by the unscrupulous; thus a different ethic is now required, even among the original users of the Internet.
Corporate network policy makers realized that a small percentage of individuals would likely attempt to break systems security with mischievous or malicious intent (TCP/IP, 1998).
Healthcare Information at Risk
Privacy and security should be discussed in the same conversation. Many issues posing as questions of privacy can turn out to be matters of security, health, policy, insurance or self-presentation (American Scientific, 2009). Security is not the only public issue posing as privacy. Many issues of medical and genetic privacy, for instance, are really issues of money and insurance. Medical records of all kinds are shifting from largely paper-based systems to electronic health records (EHRs), which should improve the quality of care and reduce cost (American Scientific, 2009). In the U.S. a Nationwide Health Information Network (NHIN) is being developed as a "network of networks." Its key goal is establishing electronic formats that will make records of all kinds compatible and thus easier to transport across networks and across the country (American Scientific, 2009).
The Need for Security Standards in Health Care
With the proliferation of genetic information and far-reaching electronic networks on the horizon, legislation protecting health privacy is essential. This is the problem in the U.S., because comprehensive laws do not currently exist. The closest thing to a national safeguard is the 1996 Health Insurance Portability and Accountability ACT (HIPPA) and the 2003 Privacy Rule attached to it (American Scientific, 2009). This privacy rule spells out the permissible uses and disclosures of individual health information by providers, plans and records clearinghouses.
The U.S. government and other institutions like IOM (Institute of Medicine) have been promoting the use of EHRs for the last decade. In 2005, the U.S. Department of Health and Human Services (DHHS) commissioned an organization, the Certification Commission for Healthcare Commission (CCHIT), to credential EHR programs (Electronic Health Records 2005). There is a big loophole, however; the Privacy Rule applies only to entities that handle health claims data electronically (American Scientific, 2009). Unlike a government hospital, the private sector cannot enforce the mass transition to digital information gathering. Other issues must be resolved. For example, should privacy rules be set for systems that scan electronics records and advise clinicians on possible drug interactions so that the systems do not divulge actual drugs taken? Should health care providers see an electronic notation in a patient’s file indicating that certain health information has been made unavailable at the patient’s request? And in such case, will doctors have a way to lift those restrictions if the person needs emergency care? So, as you can see, electronic health care security involves more than just access. There is some concern now at some hospitals as to who owns the electronic files that currently exist. The use of biometrics raises important privacy concerns. Who owns the data—the individual or the service provider?
The Government Offers New Tools
Another security and privacy concern involves The Department of Homeland Security design of a license to identify U.S. citizens as they approach the nation’s borders. (American Scientific, 2009). The new license comes equipped with radio frequency identification (RFID) tags that can be read through a wallet, pocket or purse from as far away as 30 feet (American Scientific, 2009). Because the tags were designed to be powerful tracking devices and they typically incorporate little security, people wearing or carrying them are vulnerable to surreptitious surveillance and profiling.
Can the Government Guarantee My Privacy?
The “tip of the iceberg” is the development of miniature electronic devices and biometric tools to keep track of everyday movements and to monitor facial and body types with just a facial scan. The public is fearful of this invasion of privacy. The stigma of discrimination and complications could originate from the release of people’s health history. How to strike the right balance between broad and narrow disclosure remains unclear. We are moving toward an extremely rough course of merging computers not only with telecommunications, but now with human intellect. The benefits of electronic record-keeping are obvious. These records could save the life of an unconscious person suddenly involved in an accident where vital medical or insurance information is required. Nevertheless, as we are reminded about the tragedy of 9/11, we have to remember, “the right to bear witness, to track and report on the activities of government,” just as the government collects information on us, is the key to preserving our freedom and to prevent attacks on American soil. Are we ready? You be the judge!!
Lacy E. Boyd, Jr.
Lacy E. Boyd, Jr. was a Radioman in the U.S. Navy where he obtained his first experience with technology. His experience in the corporate world was with Western Electric in telecommunication, Xerox Corporation and Lexmark International. Boyd worked as an Engineer and also developed Computer Systems Solutions for customers. He has an AS degree in Electronic Engineering and a BS in Business Information Systems and he is currently working as an adjunct faculty member at a local college in Indianapolis. The courses he teaches are Health Information Technology and Information Systems Engineering. Boyd also has a consulting business: Grand Systems Computer Consultants. Lacy Boyd can be reached at Grandsystems@aol.com
American Scientific (2009). New York, NY. Scientific America Inc.
Frank J. Derfler, Jr. & Les Freed (1998). How Networks Work. Fourth Edition, Indianapolis, In : Macmillan.
Kevin Washburn and Jim Evans (1997). tcp/ip Running a Successful Network second edition, Addison Wesley.
Mathew Strebe and Charles Perkins (2000). Firewalls 24 seven San Francisco, Sybex Inc.
Gunter, Cashman (2002). Integrating Technology in the Classroom 2nd edition Boston, MA. Thomas Learning.
PC TODAY (October 2004). Lincoln, NE. Sandhills Publishing.