Internet Insecurity

My colleague Joel Stein let drop a while back that he was working on a book proposal. I found it a bit frustrating that he wouldn't tell me the topic. Joel had been traveling a lot lately too--to Iceland to interview Bjork; to Hollywood for the Oscars--but he was stingy with details. Where was he going? Whom was he hanging with, and how much money was he spending? I've also wondered what kind of websites he surfs. And, O.K., I wouldn't mind reading his e-mail.

So I did.

Joel went out of town recently, which allowed me to duck into his office and install spying software on his hard drive. You can buy commercial spyware these days, but I used VNC, which can be downloaded free. VNC was designed to help people link their own computers. But it also worked as a cheap and easy way for me to keep tabs on Joel. Soon after loading VNC onto my computer, I was rifling through Joel's hard drive.

That book proposal? With a few mouse clicks, it appeared on Joel's screen--and on mine. (Adventures in Monogamy, a 12-chapter comic romp starring...Joel. Mystery solved.) It was also easy to pore over his expense reports, checking out whom he took to dinner in L.A., and what he thinks passes for a legitimate expense. Has Bjork even recorded $112.76 worth of CDs?

Then I--or should I say Joel?--hit the Internet. The great thing about controlling another person's computer is that you can surf the Web as if you were him or her. When you go to a site, his or her IP address--a kind of digital fingerprint--is the one that gets left behind, not yours.

I was going to mess with Joel. Stop by a few investing message boards, and have him break securities law by pumping stocks. Get him trapped by one of those FBI agents who patrol kiddie chat rooms, looking for predators. But in an effort to keep Joel

When Joel returned, I could look over his shoulder as he surfed the Net. It was weird but oddly riveting to see his cursor click, click, click its way across my screen. But in the end, there were no busty babes, no Catholic school girls looking for trouble. He actually spent most of his time on CNN.com .

Then he started opening his e-mail. The first was from our boss, about Joel's next column. I liked being a snoop in the loop. Another was from Joel's girlfriend's brother asking Joel to score free concert tickets. Then a chain e-mail from a few of our co-workers, with snarky comments about someone else on our floor they evidently don't like. Ah, isn't this what computer spying is all about?

I also had Joel's Social Security number, the keys to the kingdom. Those digits would be enough on some websites to get me a driver's license in his name--and to start a full-scale identity theft. Before long, I could be ruining his credit rating, draining his bank accounts, and--well, you get the idea.

Too bad my editors, darn them, insisted that I tell Joel what I was doing. (I can't help thinking he trashed some good stuff before I started spying.) Not that it would have been difficult to really spy on Joel at his home computer. I could have sent him spyware wrapped in an e-greeting card, programmed to install itself when he opened the card. He'd never know.

It has been two years since Sun Microsystems CEO Scott McNealy delivered his famous warning: "You have zero privacy [on the Internet] anyway. Get over it." Privacy advocates resisted that pessimistic assessment at the time. But since then, hardly a week goes by without a news story suggesting McNealy was on to something. Russian hackers breaking into e-commerce sites to steal credit-card numbers. Rings of Nigerian identity thieves. Cyberstalkers.

Just last week, Microsoft conceded that all versions of Windows 2000, and early "beta" versions of its new XP operating system due out this fall, have a "serious vulnerability" that lets hackers take control of victims' machines. Microsoft, which is making patches available for Windows 2000, has urged consumers to "take action immediately" to fix the glitch. And it is promising to cure the problem before XP's rollout.

Internet users are well aware they are trading off privacy when they dial up their modems. In a recent TIME/CNN poll conducted by Yankelovich Partners, 61% of respondents said they were "very concerned" or "somewhat concerned" that information about their Internet usage was being collected without their knowledge.

Yet websites that track users' movements are the least of it. Privacy advocates and law enforcement are homing in on nine areas--from spyware to identity theft--where they say the Internet's threat to privacy is the greatest. Here are the nine, followed by 10 ways individuals can defend themselves (see box):

1 Someone Might Use the Internet to Steal Your Identity
When police arrested Brooklyn, N.Y., busboy Abraham Abdallah in March, he had Forbes magazine's issue on the 400 richest people in America, plus Social Security numbers, credit-card numbers, bank-account information and mothers' maiden names of an A list of intended victims drawn from the issue, including Steven Spielberg, Oprah Winfrey and Martha Stewart. Abdallah is accused of using websites, e-mail and off-line methods to try to steal the celebrities' identities and make off with millions in assets. One scheme that was caught in time: he allegedly sent an e-mail purporting to come from Siebel Systems founder Thomas Siebel to Merrill, Lynch, directing that $10 million be transferred to an offshore account. (Abdallah, who has yet to be indicted on federal charges, denied all wrongdoing at the time of his arrest.)