IT FOCUS - Surfing to a world of hi-tech danger.

Do you ever get the feeling someone’s watching over you? Well, if you use a computer you might just be right.

While you should be able to go about your lawful business as you see fit, both online and offline, there is no cast-iron constitutional right to privacy in this country. We are unblessed instead with a collection of piecemeal legislation that taken together is rather better than nothing, but falls considerably short of outright protection. Paranoid? If you are felling a little jittery, maybe you shouldn’t read on…

Two-way traffic

Surfing the web may feel like a one-way street but the truth is somewhat different: what comes in can also get out. Next time you’re busy online, double-click that little icon of two flickering computers next to the clock on your Windows Taskbar. You’ll see that a good deal of data is being sent as well as received.

Now, this is perfectly normal – your browser or email program has to make its presence and wishes known to the machine at the other end of the connection – but there’s no easy way to monitor precisely what’s slipping out of your PC. The danger is that someone, somewhere is sucking out stuff they shouldn’t.

A famous example occurred late last year when it was discovered that the popular RealJukebox multimedia player scoured your hard drive for personal data – your name, e-mail address, how many MP3 files you had, and what kind of music you listened to – and siphoned it back to base. A grovelling apology from the red-faced distributor soon followed, but a lot of trust went up in smoke.

Watch your back

Almost any program has the potential to do the dirty with your data. Indeed, some are specifically designed for this purpose. Best known is the charmingly named Back Orifice (www.bo2k.com), which opens up your entire computer to the outside world. Nice it is not, at least in the wrong hands, which is where it invariably ends up.

While you are hardly likely to download and install it yourself, Back Orifice is widely distributed in disguise across the internet and it could worm its way on to your system via an e-mail attachment.

So be on your guard for suspicious messages and make sure that you have good antivirus protection in place. Also, be extremely careful when accepting files from strangers in any kind of internet chat forum.

Flame proof

A big corporate office with internet access will always have a firewall in place to protect the network from attack and damage – and small offices should try to follow this practice.

A firewall is simply a software barrier that gives your network administrator control over precisely what kind of information passes between your desktop computer and the outside world.

Thus, e-mail will get the thumbs up while you may find that you can’t download programs or connect to chat rooms.

These days, it’s also perfectly possible – and prudent too, if you use the internet frequently – to install a personal firewall on your home PC. Once in place, the program will warn you whenever somebody tries to access your computer on the sly. It can at first be a little disconcerting to see how many potential hackers are out there with nothing but time on their hands, but it’s equally satisfying to see them thwarted.

Sues you, sir

If you think that your IT department is overly neurotic about e-mail, or if you think your employees’ e-mail isn’t your responsibility, consider this. Norwich Union was successfully sued in 1997 by Western Provident, because members of staff circulated defamatory rumours on the company’s internal network. Internal, mark you – not a word of this slander was in the public domain – but still Western Provident won damages to the tune of £450,000.

From that day forth, it was clear that an employer could be held liable for any libel originated by an employee on company equipment in company time.

Paranoia swept across industry and contracts of employment were hastily re-written to protect companies from the actions of their workers.

Legal e-agle

Is it fair? Legally speaking, it’s hard to be definitive. The exponential increase in the use of e-mail and web access at work has not been accompanied by any internet-specific legislation, and this has left businesses floundering in a swamp of legal uncertainty.

The next major shake-up happens later this year when the Human Rights Act, which redresses the balance in favour of the individual, becomes law in the UK.

For the first time, we will all have a clear and firm right to privacy. So where does that leave us right now?

Robin Bynoe, a lawyer with London firm Charles Russell, recognises that some companies have gone too far. ‘You see some very draconian terms and conditions nowadays where employers assume the right to read every e-mail, whether public or private, business or personal. But this may well be found to be unlawful under the terms of the Act,’ he said.

‘Of course, you also find employers with inadequate conditions of employment who nevertheless read their employees’ e-mails, and again this may be a breach of your human rights.’

It will undoubtedly take case law to sort out the specific details.

Meanwhile, there’s a very firm culture in this country that you’re entitled to send and receive private e-mails at work, just as you are to make personal telephone calls. But, as seen in the Norwich Union case, you risk committing your employer to legal liability even in informal messages.

One of the ways around this is to permit employees to send personal e-mails but only if they use a private web-based account, like Hotmail. This makes a formal distinction between personal and business messages.

Sound advice.

The Internet Service Providers Association (www.ispa.org.uk) represents the views and interests of most UK-based ISPs.

Its privacy policy is summed up thus: ‘Where services involve the collection of personal information, such as names and addresses, from individuals (data subjects), members must make it clear to data subjects the purpose for which such information will be used.

‘Members must also identify the data user (if different from the member or data subject) and give the data subject the opportunity to object to such usage.’

In other words, check the small print in your ISP’s agreement to see what it’s doing with your data.

One particularly contentious area is the voluntary ‘good guidance’ agreement between ISPs and the Association of Chief Police Officers.

If the police have you under suspicion or investigation, they are entitled to ask your ISP to release personal information – and your ISP will almost certainly oblige. No warrant is required.

Tim Pearson, a council member at ISPA, believes society has been happy with the interception of mail and phone calls in exceptional circumstances.

‘Extending these powers to the internet is logical and not unreasonable, and is really a matter more for society than for us as an industry.

Web woolliness

How often do you fill out forms on websites and wonder just what becomes of your data?

The good news is that you’re covered by the Data Protection Act. This requires that a company must tell you what it plans to do with your data at the time of asking for it, and it can’t suddenly change the rules without telling you. But who reads the Data Protection Act?

There are already worrying signs that failed start-ups may be flogging private customer information to their creditors. After all, this is their biggest – and in some cases only – asset.

We would suggest you read privacy agreements carefully, particularly when you are required to submit address, telephone number, credit card number or other sacrosanct information. Perhaps also be a little selective about who you sign up with.

There are no guarantees your data will be completely safe in all circumstances, but the bigger names in the online business certainly have too much to lose to play free and loose with your details.