How would you advise the average computer user to protect himself?

If I were at home, for instance, and I wanted to have internet access, there would be some essential tools that I would have that aren't sold with the computer that you buy.

First thing I'd do is evaluate carefully whether I wanted broadband with connections like the cable modem or a DSL connection. Those are fine services, but they come with some additional configuration challenges that maybe the average person wouldn't be aware of. If they're not properly configured, those are the kinds of connections to the internet which I refer to often as the "dirty" public wire. Those connections need to have something that stands in the way as a gatekeeper between you and that public environment.

So I would buy a personal firewall of some sort that would provide me a couple of services. One, it would let me see clearly who was knocking at my door through that connection. That's another thing that the public surprisingly is not aware of. The internet isn't something you plug into and feed data into and accept from people who have directed it to you. It is a random connection that gets lots of random interaction. A firewall can clearly show you where those random hits against your particular address are coming from, what they are.

I would also be careful to manage my desktop and the data on my system to limit the kind of data I would have in my system. I'd also be careful in my habits on the internet. I'd be careful where I'd go. I'd be more responsible and understand that environment better than just ad hoc travelling around on that environment.



She was a victim via the internet of "identity theft" in 1996. Another woman assumed Frank's identity and rang up over $50,000 in credit card debt.

Assuming that there will never be sufficient public controls or communal control to prevent [identity theft], what does the individual do?

The individual can do certain things to minimize their risk, but I have to tell you, there's nothing that you can do to guarantee it. There are certain things you can do that involve just being more aware. For example, getting your credit report and looking at it at least twice a year, and seeing if there's any fraud on it. That is the first thing to do--make sure that you get it quarterly and see what's on there.

Because we're finding out that there's so much criminal identity theft, now I'm telling people to go and do a criminal background search on themselves at least once a year. Find out if someone has a murder arrest in your name. That happened to one of my clients last year. He had no idea for two years that there was a murder arrest, and he couldn't get a job.

He was officially a convicted murderer?

He wasn't a convicted murderer. He was supposedly arrested for murder. When his Social Security number was mixed with another Social Security number, the name was wrong. But when he applied for jobs, he kept getting denied employment, because it was coming up that he had been arrested for murder. I'm still dealing with that case right now.

But I'm telling people to get your background searched and see if someone is committing a crime in your name. I get probably a dozen calls a month just from criminal identity theft and maybe a hundred calls a month on financial identity theft.

So the first thing you can do is to get your credit report. The second thing is to shred all your information that you have offline. For example, if you get a bank statement and it's got your Social Security number, shred it. Don't keep any information around, because people can go and do what we call "dumpster diving." They go through your trash and they fish out what they want.

They can do it at work. Be careful at work. Does your badge have your Social Security number on it? In other words, make sure that you limit the use of your Social Security number. Don't carry it around with you. Don't give out personal information online. . . .

And another thing we tell people to do is to even shred information that's on your computer. Confidential information should be encrypted, and any information that you want to get off your computer, you have to shred, because if you delete it, it does not just delete.

Another thing you should do is make sure that you don't give confidential information by cell phone, or by a remote phone, or on the internet unless it's encrypted. Put up firewalls so someone can't come in and steal your information from your computer.



Chief of the U.S. Justice Department's Computer Crime and Intellectual Property Section.

What does an individual with a little PC and an internet account do to protect a Social Security number and various other personal data? And what does a corporation or a company do to install appropriate firewalls?

. . . If you are going to navigate in the internet world, you don't have to be an engineer, but it is smart to understand something about how the communication system operates. There are different ways of connecting to the internet. Some are faster. Some are more secure. Some have more controls. . . . What I would suggest is, "Don't just look at fast, don't just look at cheap. Also look at safe." This will require you to get a little familiar with the technology. . . . Do a little bit of reading, and talk to friends who are technologically sophisticated, and get some good advice about privacy and security on networks.

If you are a company and you have financial reasons for wanting to secure your network, then it's very, very important to think about personnel security and some background checks. The cheapest contractor may not be the most secure contractor. There are trade-offs.