There is another recent case of a person getting in hot water for using freely available wireless Internet. We reported on similar cases in the past.
This time it is in the little town of Sparta, Michigan. Each day, around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car, and browse the Internet from the convenience of his car and without entering the coffee shop. His daily routine became suspicious to Police Chief Andrew Milanowski who approached him and asked what he was doing. Peterson, not realizing that his response may get him in trouble, admitted that he was using the coffee shop’s Internet access.
Milanowski didn’t immediately cite or arrest Peterson because he wasn’t certain that a crime had been committed. However, after doing some research, he found out that under Michigan’s “Fraudulent access to computers, computer systems, and computer networks” law, Peterson’s conduct is a felony punishable by five years in prison and a $10,000 fine.
The prosecution of Peterson under the Michigan law, originally enacted in 1979 and modified in 2000 to cover wireless networks, is the first time that such conduct has been charged, according to Kent County Assistant Prosecutor Lynn Hopkins.
The good news for Peterson is that he won’t be going to prison for freeloading. Because he has no prior record, Peterson will have to pay a $400 fine, do 40 hours of community service and enroll in the county’s diversion program.
Many information security professionals find it difficult to put a number on the cost of a breach and thus justify requesting more funds in their budget. Here’s a useful piece of information for them - the TJX companies reported that in the first quarter of FY08 (Feb - Apr 2007) the breach cost them $17 million. The main components of the price tag were investigating the incident, upgrading the company’s network security, communicating with its customers, and legal fees.
Note that this cost covers only the three months for the reporting quarter and does exclude lost goodwill which is very hard to estimate but surely the damage to TJX’s reputation is significant. The company estimates that the costs for the next quarter would be similar. But this is not all. In a statement TJX said,
Beyond these costs, TJX does not yet have enough information to reasonably estimate the losses it may incur arising from this intrusion, including exposure to payment card companies and banks, exposure in various legal proceedings that are pending or may arise, and related fees and expenses, and other potential liabilities and other costs and expenses.
With the increasing number of lawsuits against TJX the cost will surely increase.
Many computer users try very hard to find the perfect software to protect their privacy and the security of their information by setting up encrypted drives, biometric authentication, or similar technological measures. What many people forget to do is set up a simple and very effective privacy protection - the monitor screen filter.
It is not uncommon to sit in a cafe or on the airplane and see a busy businessman or a lawyer busily staring at their laptop screen. Unfortunately, what is also uncommon is the fact that you can easily read what is on their screen, especially with the modern high-contrast laptop screens. I am not aware of statistics but there must be instances of confidential legal or business information being lost due to “shoulder surfing” while it is displayed on somebody’s screen and seen by others.
There is really no software solution to this. Fortunately, there is a very simple and relatively inexpensive tool that all users who display sensitive information on their laptop (or on their desktop, if they share office space with other people) should consider - screen privacy filter. This may be the best $50-$100 spend on information security and privacy.