These work by the "seed" or the person hosting the files registering on websites, known as

trackers, which serve as a point of contact between the original seeds and the people who leech off of them. Users can also download parts of files from their "peers". Users who obtain the whole file(s) are then labelled as seeds and will upload the completed file to users. In and of itself, torrents are a simple and effective method of sharing files, however this is a double-edged sword as people upload "camrips" Camera rips, and then later "dvdrips" copies of DVD's purchased of movies and music.

Which brings us to the crux of the matter:

As an act of prevention, or perhaps as a measure or controlling modern society, many Internet Service Providers (ISP's) are now jumping on a bandwagon, where artists from industry such as game designing, music and film, can report people seeding their files (which by the way we must remind ourselves is their property) and the ISP can issue notice and then cut off Internet access to the building that is perpetrating the crime. When people are allowed to view what it is we are downloading, I personally believe that constitutes as a breach of privacy, no matter whether "we" as a populace are downloading illegal files or downloading legitimate files which we own the rights to. Others who feel the same have created programs, called peer guardians, which screen what you are downloading via peer to peer programs. However, if these are set to become a standard fixture, where we have to download third party programs just to protect our privacy, then our liberal democracy has just lost a lot of what made it a "liberal" democracy in the first place.

On the flip side, we have the artists that freely distribute what they make and request nothing in return. They accept donations but are made purely out of goodwill to the people. ] For example, I will use a peer guardian program named very simply "PeerGuardian" and "PeerGuardian2". Made by Phoenix Labs, it is freely distributed by their website, and taken straight from their site

"Like PeerGuardian?

Consider donating or clicking on an interesting banner to help pay for our servers and further the development of PeerGuardian and other Phoenix Labs software." - Phoenix Labs. As we can see, the makers of PeerGuardian, Phoenix Labs, make no demands for money, however if you enjoy the services that they provide, they request a donation to assist with running costs, or for you to click on banners made by sponsors, that pay them $X /month or year or provide them with some other form of compensation, such as web hosting in exchange for advertising on their site.

Another example of this goodwill idea is the Terra Bite lounge. This is a cafe/lounge that has a voluntary payment system that relies upon the integrity of its customers to make money. They provide a good service, and they request that the customers pay them however much they feel is appropriate. For example perhaps they may pay them the average price seen in other cafe's for a coffee. It is also left to the integrity of the customer to decide -when- payment will be made for the goods and services provided by the Terra Bite lounge. I must stress the fact that the Terra Bite is not a charity, they still expect payment in the end of their services. This is explained upon the press release for the Terra Bite's upcoming website.

"We are not a Charity."

Terra Bite is a cafe/deli with a voluntary payment system. We don't ask for charity. We believe we have better coffee and much better food than the cafe chains. All we ask is that those who can pay what they would elsewhere. It's a convenience for both sides: regular customers can choose to pay once a week for their daily coffee; we get to eliminate all the cash handling and get a highly efficient operation that allows us to benefit the public, without asking for charity.

We also offer free wifi, free console games, and a better reading selection.

There is really no reason to go to the chains: patrons can do exactly what they do at the chains, get better coffee and food, with a better experience -- and they can feel like they have done something good, which they have. " -Terra Bite founder Ervin Peretz. The question that I believe everyone is asking, is "why, in this digital age, can we not have freedom to download what we will, and purchase what we will?" Perhaps it's time we overcome this lack of trust in the rest of society for the ideals set out by men like Ervin Peretz, I am sure that given time, this would cut things like piracy of software and media to next to none, while the industries still make their money, for example the ability to download a song, and if you like it, perhaps pay a dollar to the artists for the song that you so enjoy.

Cutting the piracy also means cutting out the lack of privacy, being in a society built on trust. I don't see this as being a short term thing though, it would have to be a trust built up over time, but then also, it could work out favourably for the companies and artists making the things currently being pirated.

But wait! One of my friends tells me: hey, don't like FB. Instead, I have added you on a business networking website (insert_name_here). Doesn't matter where it was.

I say, great - ignoring the fact that he's added me there, I go and register. But there is a personality there, registered under my real name, my real employment history, and...guess what...it's a premium member. I see that someone's paying 10$ monthly just to pretend it's me!

Being rich and anonymous, I was really annoyed to see that someone thinks it's worth it. Okay, I was really annoyed, but also determined to fix that.

Having discovered a fake profile,

1. Alert the site operators that the fake profile is online.

   I'm not an expert, so I wrote something like this: „Hi, there's my fake profile online. I've discovered it today since my business acquaintance has alerted me. If you don't believe me, I can send you an email from my business address. Please remove it. Thanx.;)". It took them over a week to remove that fake thing. I was clicking angrily on it for few days, and then it disappeared. After that, I just got the message "Thanks. We removed it". As if nothing happened.

2. Alert people you already know from real life, and that use the same service.

   I have gathered several contacts the very first day, and they have accepted my invites. Soon enough, the real ME was established on the networking website. Good thing: despite the fact that the fake profile had a satisfactory number of views, it did not have connections.

3. Restrict visibility settings on all public profiles you have.

   Even prior to this relatively harmless ID theft experience, I was reluctant to share too much info online. People list projects, lifestyles, residences, towns they've visited...oh, why...I'm too old-fashioned to see the use of that abundance of information. At the end of the day, the challenge in life is the incertainty it brings. Will I hire the right person...hmmm..if I like their CV...they may be a match (oh, please!). If someone's interested in you, bits of information will suffice. People who approach you with a good reason deserve to be in your network. Serial networkers were never of my interest. In my young days, I've collected a few, but then erased them quickly.

4. Don't befriend whom you don't know.

   I know, me-too, I have lots of shirtless profiles of male "friends" on facebook, from Ukraine to USA, and it looks damn good. Makes me feel wanted. There are hundreds of them. I got them from other good-looking women, and they've spread over our networks like viruses. But maybe those „studs" are mean guys who are just waiting for me to publish some indecent photo...and forward it to my mum...uh-oh! Well, my brother refused to add me as a friend for a long time, because he thought I'll forward his drunk party photos to our parents. I'm still resisting...for now!

5. Status message: Anonymous and bulletproof

   (And rich, if possible). Ok, ok. Privacy is a cool thing. On my profiles, there's always one and the same boring photo. With sunglasses, preferably. Noone knows it's me. In fact, even long-lost friends who Googled me couldn't be sure that they've found the right person. Even when they do find me, it still remains boring. I rarely respond to private messages, I rarely share what's really happening in my life. I leave crazy status updates like "I feel rich", "I feel bulletproof" and so on. I leave real things to reality!

6. There's charm in the unknown

   I never found out who created my fake profile. Wish I could just declare to all my business partners that I don't know how to start a computer. But I cannot afford myself to have Angelina Jolie's privileges. So, I continue to walk the fine line between being a real person and being an online person. I still don't Google my name so often. Instead, I'm putting real-name profiles slowly into hibernation, and creating a brand new me. When your nickname is more famous than the real you, it's perfection! So, good luck!

As the above adage highlights the secure management and handling of information is only part of the issue. Being able to prove that you are in deed in full compliance with all relevant regulations and standards is the real crux of the matter.

With the multitude and often duplicity of current laws, regulations and standards, it can be very bewildering just knowing where to start. If you have cross border and jurisdictional transactions, the issues become even cloudier.

Here are some of the issues and best practices pertaining to information security, management and compliance from a documentary evidence perspective.

Logging Requirements

Fortunately, IT does offer a number of options to ease the burden of regulatory compliance and associated creation and management of substantiating evidence. One of the easiest to implement strategies is the development of customized logging procedures, practices and policies.

The beauty with IT logging processes is that for the large part their mechanics are automatable. The reviewing of logs will require some degree of manual involvement. However, log creation and review processes performed in conjunction with data management techniques present us with many filters that are useful in producing a higher degree of granular inspection and control than is possible by manual observation and review alone.

The secret to the effective and efficient use of these procedures lies in both the plan and procedures you develop taking the specifics or your requirements into account and the consistent adherence to the documented review, analysis, response to anomalies, retention and final destruction procedures thereby developed.

Here are a few of the laws, regulations and standards that you may need to take into consideration:

• The US Health Insurance Portability and Accountability Act (HIPAA) along with the US Federal Information Security Management Act (FISMA) are of particular importance here. Others US laws of note in the area of information security include Sarbanes-Oxley (SOX) Act, Gramm-Leach-Bliley Act (GLBA). Various states also have a number of individual breach notice laws that will apply differently in their various jurisdictions.
• Canada's Personal Information Protection and Electronic Data Act (PIPEDA)
• The EU's Data Protection Directive along with the European Community Directive Data Privacy Principles (ECDDPP) need evaluating in any assessment(s) undertaken by individual(s) and/or organization(s) currently conducting or hoping to conduct business with organization9s) and/or individual(s), resident or domicile in the EU or jurisdiction thereof
• The Australian Federal Privacy Act (1988) and the subsequent Australian Federal Privacy Act December 2001 Amendments with the provisions pertaining to personally identifiable health related information being of particular note
• The Australian Federal Telecommunications Act 1997, The Australian Federal Corporations Act 2001 and The Australian Federal Spam Act 2003 also merit consideration when developing logging policies pertaining to activities conducted within or with Australian institutions, organizations or individuals
• Local breach notice laws exit in many regional and municipal areas and will therefore need consulting where applicable
• Payment Card Industry (PCI) Data Security Standard (DSS) is a global set of standards more or less adopted by financial institutions and merchants in regards to payment via payment card systems

The Global Perspective

With the multiplicity of these laws, a number of organizations with a more “global” perspective formed to assist with the establishment of greater standards and consistency globally include:

Organisation for Economic Cooperation and Development (OECD) - The OECD is an international organisation that sets policies in areas where multilateral consensus is advantageous for individual countries to make progress in a global economy. The eight basic principles put forth by the OECD are:

1. Collection Limitation - Data must be collected lawfully & fairly with subject's knowledge & consent
2. Data Quality - All data collected and retained must be accurate, complete, current, and relevant for its intended use
3. Purpose Specification - The purpose for the collection of the data should be specified & remain unchanged
4. Use Limitation - Any data collected is not to be used for any purpose other than that originally stated & agreed
5. Security Safeguards - Data collected and held must be protected against unauthorised access, modification, or disclosure
6. Openness Principle - Data Policies should exist and a data controller should be clearly identified
7. Individual Participation - The subject of the data can review, challenge, and enforce correction of their data
8. Accountability - The data controller is responsible for ensuring the above principles are met

Other Agencies and Bodies

Other leading privacy agencies and bodies around the world that incorporate the following basic principles, provisions and functionalities either in law or in statue, Opt-out Policy, Opt-in Policy, Additional Personal Privacy Legislation, Wiretaps, Pen Register and Trap and Trace, include:

• Better Business Bureau Online (BBB Online) (USA)
• TRUSTe (USA)
• Communications Assistance for Law Enforcement Agencies (CALEA) (USA)

Resources and Advice

The US National Institute of Standards and Technology (NIST) - NIST are a very good reference source for information and resources involving security, privacy and compliance issues. They have a number (more than 100) free to download special publication dealing with all aspects of information technologies.

One area in which NIST makes public statements is in the area of recommended technologies. NIST will provide indications that certain technologies and standards conform to their recommendations and so will provide advice in terms of supporting or not supporting specific technologies in lieu of superior alternatives.

An example of a technology that NIST once supported but have now withdrawn their support in favor of a replacement technology is in the area of encryption. NIST have now officially withdrawn their support of the 58-bit Digital Encryption Standard (DES) and now recommend Triple DES; also known as Triple Data Encryption Algorithm (TDEA) or the stronger faster Advanced Encryption Standard (AES) algorithm.

Regarding logs and logging procedures and practices the NIST publication NIST 800-92, Guide to Computer Security Log Management is a great resource as it details many ways to establish, evolve and maintain efficient effective log management structures. Topics covered in this publication include log generation, analysis, storage and monitoring. It can be downloaded free of charge from here.

Log Review and Analysis

The reasons as to why you must regularly review and analyze those logs that you record and maintain include regulatory compliance requirements as well as to enhance your information security, privacy and availability overall.

Through persistent, regular, consistent log, review and analysis you will uncover many otherwise undetected activities capable of negatively affecting you or your organization. Some examples of common issues that I regularly find through the log review and audit process include policy violations, application processing errors, fraud, security incidents and operational functionality and efficiency issues.

Policy Development Guidelines

With so many laws and standards having similar requirements regarding logging and log review and analysis procedures a carefully constructed logging plan implemented via a comprehensive log policy that incorporates all of these various elements into a single united logging procedures and practices policy is the best approach to take.

Do not try to satisfy each set of individual regulatory, statutory, or standards requirements piecemeal style. That is, your best plan of attack is to develop a comprehensive policy, which contains a general logging practices and procedures directive and additional specific requirements clauses as supplemental special recommendations on an individual basis for areas that warrant such treatment.

The importance and cost-effectiveness of developing a risk-oriented policy can often be the easiest means to expedite the implementation of procedures and policies where none currently exists or those that do exist are dated or inadequate.

Expediency in the matter of developing, implementing and then further finessing your logging and information control policies is critical in rapidly reducing the potentially negative impacts any immediate exposure to risk factors would cause due to the lack of such a policy.

PCI DSS Compliance

Without doubt, Payment Card Industry (PCI) Data Security Standard (DSS) compliance and ratification (PCI DSS) is the major concern of all who process credit card payments. This sector is of utmost criticality for online business and “offline” transactions alike with “offline” being defined as transactions other than customer initiated Internet-based transaction processing.

In essential requirements for PCI DSS compliance are contained in Section 10 of the PCI DSS standard and detail those actions required (not mandatory) to monitor network activities and cardholder data access events. The best bit here is that the majority of the audit logs generated in compliance with these stipulations also confirm to the requirements of the majority of aspects in this regard required by other laws and regulations.

IMPORTANT TIP - Getting your house in order regarding PCI DSS compliance will have the beneficial side effect of simultaneously fulfilling the majority of the auditing and logging requirements from other areas. Thereby leaving you to custom plug the gaps as your circumstance dictate.

The bean counters love this approach as it addresses their area of immediate concern first - CASH FLOW. Nobody said you have to reveal your full motivations for this approach.

“Work smarter and not just harder” is something my mother always says. Once again, she is right.

PCI DSS Compliance Logging Requirements

Here are some of the computer, network and Internet activities that you will need to log in order to satisfy PCI DSS compliance requirements grouped by activity and class:

Synchronization

Synchronization procedure and mechanisms relating to all computer, system, network and Internet activities need thorough documentation. Not only must time synchronization data accompany all logs it must be included with specificity to every individual itemized event included in the log

Authentication Mechanisms

Current computer, system and network authentication mechanisms need thorough documentation along with additional log information detailing such criteria as changes to authentication mechanisms, invalid authentication events, password changes, administrative authentication-related activities.

Audit Logs

Events requiring documentation and logging here include access to audit logs, any modifications to audit logs and audit logging procedures, the clearing and destruction of audit logs for all components of the network including individual computers, server computers and networking devices as well as the services offered (e.g. Internet).

Cardholder Data

You must thoroughly document cardholder data access, processes, procedures and security initiatives. This includes details of those who are explicitly authorized to access cardholder data and those are not specifically authorized to access to cardholder information. Details concerning the assets and resources involved in these processes must also require inclusion.

Cardholder data related logs must include access to cardholder data events including valid and invalid events along with maintenance and formal audit access events. Other types of cardholder data related events that need logging include cardholder data storage, updating and maintenance, valid and invalid cardholder data applications access events.

System-Level Objects

You must log all system-level object events including creation, deletion, modifications and read-only events. This includes system-level events at the machine-level including workstations and clustered computer resources as well as the datacenter.

Common Network and Cardholder Access Events

All cardholder data access and/or network access events must contain user identifier, event type, event date and time, attempt result (success/failure), event origin, resource identity attributes such as the data file name, system component, computer,network, application, modifications, administrative activities etc.

Log Generation and Management

It is a sad fact that the majority of IT personnel are not cognizant of, nor do they fully understand the issues, implications and ramifications concerning authentication, logging, computers, networking, network monitoring and security logging, accounting and auditing practices.

To compound this further most compliance personal do not have an IT background and often make the fatal assumption that those in IT log everything and retain the logs generated forever. The logistics of this type of approach are unrealistic since the volumes of data generated from a log everything/keep everything approach would rapidly bury an organization.

Another area that different management areas do not fully appreciate is that for the larger part IT must have sufficient appropriate documentation detailing precisely what is required before those requirements are achievable.

Assuming that IT knows all about every other department's logging requirements is unrealistic. It is essential to inform IT of the logging requirements of other departments if IT is to develop policies appropriate for satisfying organization-wide logging requirements. All logging and reporting activities require resources at the individual computer level as well as the network and organization levels.

A direct result of these factors is that, more times than not, inadequate noncompliant logging procedures and policies become implemented into production environments.

Developing a Log Policy

Here are a few tips to assist you in the development of a log management policy or log management component of your larger log policy.

• General Comprehension - Understand and define the general logging requirements of all sectors of your organization and the types of they logs require. You do not have to fill in all of the nitty-gritty detail at this point.
• Define Specifics - Meet with those responsible for specific areas and discuss in more detail the nature and specifics of their requirements including the types of data and report formats each department needs, the data types that are necessary to achieve organization-wide compliance and the data that each department would require should a breach occur. Discuss matters concerning the feasibility of collecting, collating and storing the logs and reports generated.
• Fiscal Matters - It is best to begin addressing fiscal aspects and concerns now. Without doubt, other departments will be very willing to burden IT with as much of their workload as possible. With IT producing the extra logs and reports in order to satisfy every other department's requirements it is only reasonable to expect that additional resources may be required.
• Analysis - Analyze these results and determine what areas are common for all. Also, define those areas that are common to most and those that are specific to one or two departments only.
• Evaluate - Examine your current logging procedures and analyze the data types currently collected. Note those aspects of the above requirements you already satisfy. Produce a list of the “missing” factors.
• Plan - Define mechanisms to incorporate collection and collation of these “missing” factors compatible with your system's current capabilities.
• Test - Implement a trial run. Collect and collate this data then generate the appropriate reports for each department.
• Determine Satisfaction - Meet with the other departments and discuss your trial reports. Determine if these reports are satisfactory. Have the other departments produce a report detailing areas of the trial reports that need amending.
• Amend and Retest - Incorporate the amendments into a new trial run.
• Reevaluate - Repeat the cycle until satisfaction is unanimous with all departments
• Review Regularly - Regularly review your data collection, collation and report generation procedures and policies to ensure complete alignment with all departments concerned.
• Review Currency - Regularly evaluate the currency component of your current logging practices and policies. Make sure the other departments do likewise. Make sure that all departments notify you immediately of any changes to their policy or requirements.

You cannot begin to develop procedures to satisfy another department's logging requirements if they do not inform you of these changes.

Where Logs Help

Here are some different type of logs and some of the areas in which they are useful.

• Networking Devices Logs - Logs from switches, wireless access points, routers and firewalls can identify intrusion attempts (by hackers for example) as well as connectivity issues such as legitimate authorized users not being able to gain access to assets and resources they are entitled to access.
• Network Access Logs - These logs contain much information concerning network and network metrics as well as authorized and unauthorized access events, which can be very helpful in planning upgrades and network infrastructure changes. You will also find information relating to abuse of privileges and hacking attempts here.
• User Account Logs - User account logs can help in the identification of brute-force password attacks and inappropriate changes in user account privileges.
• Email Logs - Here you will find information that is helpful in the identification of many malicious, unauthorized and undesirable activities. A dramatic increase in inbound email traffic is often the first indicator of an email-based attack. Abnormally large volumes of outbound email traffic can point to a data leakage.
• Application Logs - Will provide information about date, time and identity of client file access. They are a very useful source of information in identifying unauthorized access events as well as fraud and other malicious acts.

Summary

Through a well thought-out and tested network, systems and applications log policy, and the procedures and practices contained within, you will be able to comply with the relevant laws, regulations and standards as well as supporting and improving your organization's bottom line through early detection of errors, fraud, non-compliance penalties and a host of other negatively impacting events.

• Recent Events - First up I present a number of recent events involving breaches of security pertaining to personally identifiable information.
• Concepts and Strategies - A discussion of the key concepts and factors pertinent to the irreversible destruction of information then follows. I then outline a number of simple step-by-step plans to implement these strategies for various media types.
• Quick Reference Guide - Finally, you will find a quick reference guide listing the various types and formats of information storage that you may occasionally need to destroy.

Recent Events

Recent incidents of careless handling and management of personally identifiable information (PII) abound. For instance, the discovery of a stack of boxes belonging to First Magnus Financial outside a University of Phoenix building in Fort Lauderdale, Florida, USA in February, 2008 containing files and paper records holding Social Security numbers, credit card information, names, addresses and other personally identifiable information (PII).

In Australia, another recent incident involved a movie hire chain that had disposed of reams of paper records via the public refuse disposal system. The records contained much PII from customers, employees and job applicants. It ended up at a landfill. Persons unknown retrieved it and not long later, it found its way into the possession of some identity fraud criminals. Police recovered it when investing a number of individuals suspected of identity fraud.

A 2008 report by the National Health Service (NHS) in the UK found that no less than nine NHS trusts had recently lost patient information because of insecure practices regarding laptop computers, external hard drives, USB drives and optical media.

It is all very worrying in deed. Here is what to do to prevent any of the personally identifiable information (PII) that may be in your custody from escaping into the wrong hands.

Information Disposal Concepts and Strategies

As always, start by breaking the topic of generally disposing of information into a number of self-contained subcomponents. Create a number of smaller easy to manage categories that have members whose preferred method of destruction is the same. This will make it easier for people to identify exactly what it is that is required of them in any given situation.

Physical Classification

Try to group items based on physical attributes such as paper, hard drives, flash memory, USB devices, optical storage, peripheral device cache memory, magnetic tapes, computers, handhelds and communications devices such as cell phones and smart phones (iPhone, BlackBerry etc).

Information Disposal Policy

Develop and implement an information disposal policy detailing the procedures that all concerned must follow.

Clearly subdivide the various containers that hold any information that you do not want “leaked”. Define the scope that each component of your information disposal policy covers. For example, make headings such as “Paper Records Disposal Procedures” or “Computer Hardware Disposal Procedure” and “Mobile Devices Disposal Procedures”.

Define Responsibility

Responsibility for the security or personally identifiable information lies with the holder or keeper, if you will, of that information. This means everybody including the cleaner. If the cleaner is not trusted with this information, then do not throw it in the bin where they must access it in the discharge of their normal duties - taking out the trash.

Information Destruction Documentation Procedures

For many devices that have residual value and those that require permanent and irrecoverable destruction, develop a documentation of destruction procedure. Irrecoverable destruction of a device means more than irrecoverable destruction of the information it may have contained. It means that the device and all of its components will never ever function again, no matter how hard anyone tries.

For example, this would include recording the serial numbers of devices such as hard drives and USB flash drives. Details of the irreversible erasure procedures conducted and by whom. The degaussing process and final physical destruction of the device will all need detailing along with the appropriate time information. Then record the ultimate fate of the destroyed device or components.

Toxic Waste

You have now ensured that no data is recoverable from these devices but your responsibilities do not end here. Most components of information systems including the media that the information is stored on contain considerable quantities of toxic materials. This factor needs addressing appropriately, when the time comes for their final disposal.

Education

Develop as part of your information disposal policy appropriate fact finding, user education and information dispersal strategies and programs. You will need to push as well as to pull here. Pull to learn what they do or do not know. Push to make sure everyone is adequately informed and familiar with required policy.

The biggest job will be educating everyone that you have an information disposal policy that sets forth all of the does and don'ts. Make sure that everybody understands to compliance with this policy is not voluntary, it is mandatory.

Legislative regulations exist that make it so. Your job is to ensure compliance from your own and everybody else's behavioral practices in this regard. Technically, we call this Information Disposal Practices Dispersal (IDPD).

Repetition is a key component in all aware-raising campaigns. The education of yourself and your users regarding appropriate information destruction and disposal techniques, practices and policy is no different. So develop a multi-phase plan that presents your message multiple times in a number of different formats cyclically over an extended time-period to ensure that it never becomes “stale”.

Communication

Communicate your information disposal policy and its contents clearly and repeatedly using a variety of different communications channels and media. Memos, notice boards and emails are handy here.

Printed materials such as summary check sheets highlighting the procedure for information destruction for each category are essential. Always include contact details at the top and bottom of who to contact if there is any doubt.

Degaussing

Named after Carl Friedrich Gauss, an early researcher in the field of magnetism, degaussing is the process of decreasing or eliminating an unwanted magnetic field.

Because of a property called magnetic hysteresis it is generally not possible to reduce a magnetic field completely to zero. As a result degaussing typically induces a very small "known" field referred to as bias.

Data is stored in magnetic media, such as hard drives, floppy disks and magnetic tape, by making very small areas called magnetic domains change their magnetic alignment to be in the direction of an applied magnetic field.

The object of degaussing is to leave these domains in random patterns with no preference to orientation, thereby rendering previous data unrecoverable. Although some domains will remain nonrandomized after degaussing, they will be by far, too few to permit data reconstruction. The degausser generates a magnetic field in order to degauss magnetic storage media and it may be AC powered, DC powered or a very strong permanent magnet.

Modern monitors use an automatic degausser at startup so you can place a floppy disk against the monitor screen when you turn it on or push the manual degauss button on the monitor and you will find that the data becomes corrupted and very difficult to recover.

Security-In-Depth

The following procedure is far more secure than simply using one technique by itself. This is a basic fundamental concept of security called security-in-depth. It is applicable to all systems at all levels. An old saying that comes to mind expresses this philosophy of this best. “Don't put all of your eggs in one basket”

ALWAYS use multifactor processes or multi-process systems.

Magnetic Storage Media Information Destruction

The recommended practice for irrecoverable erasure and degaussing of magnetic media is as part of a three-cycle process.

1. In the first cycle, you overwrite the media with a randomized pattern of ones and zeros three times. Then you degauss the media.
2. The second cycle will then overwrite the media with irrelevant but real data three times. This could be a set of MP3 or WAV files, followed by document files (PDF, word docs, text files) and then another set of files such as streaming media, jpeg or mpeg files (pictures movies etc.). Some companies will use a set of images of extreme resolution in an uncompressed format. This has the effect of writing data to more than 90% of the discs magnetic domains. Now you repeat your degaussing procedure using a different degaussing device or method (DC instead of AC or permanent magnet).
3. Finally, the last cycle will overwrite the disc another three times with randomized data. Then comes the final degaussing cycle after which the media is ready for permanent physical destruction.

“Why go to such extremes?” you may ask. Well, the answer lies with the toxic composition of information technology systems and media.

Today you will find that there are regulatory requirements concerning the appropriate disposal and probable recycling of the materials used to make your storage media. Thus, you need to be very sure that there is no hope in hell that anything is recoverable from your waste after it leaves your control.

Remember that you are still responsible for the ultimate nondisclosure of all personally identifiable information, company secrets or your own secrets. If they get out, you will be wearing the consequences. By using the above procedure, you do not need to worry about the actions or irregular practices of others.

To illustrate further I recently brought a dozen hard drives on eBay. In every case, their entire contents were readable. Being a little on the paranoid side I always perform the secure irrecoverable information destruction procedure as outlined above. I do not want any of the previous owner's malware coming my way.

The previous owners had merely deleted the files prior to selling them. When the operating system deletes a file it only changes the flag marking that location on the drive as being available for writing new data. It does not overwrite or securely delete the old data.

Electronically Stored Information Destruction

There are many ways in which to destroy electronically stored information. Not all are equal in effectiveness, completeness or reliability. Remember the toxicity issues. Here are some of your options:

Physical Destruction

Use the above magnetic media information destruction process and then physically destroy the device. Sledgehammers and blowtorches do a good job once the device has been electrically and magnetic cleansed.

Degaussing

Use degaussing as outlined above for devices and media slated for retirement. If you intend to reuse the media, then degaussing is probably the best single option. It is often your best option in terms of speed and in prolonging the life of the media particularly when erasure by overwriting involves mechanical processes. All mechanical processes such as spinning hard drive platters or tape reels by their very nature cause wear and tear. Degaussing is magnetic and hence produces negligible physical wear and tear. You can only overwrite USB flash drives so many times before they fail. This is why it is a bad idea to be continually defragmenting USB flash drives.

Low-Level Formatting

Once is not enough and should always be in combination with other techniques. If you are going to reuse the media yourself then a three pass low-level reformat is an option but the formatting tool needs to be of reliably high quality. Performing a full disc low-level butterfly reformat is better than standard formatting processes but takes considerably longer.

Overwriting (also known as wiping)

Overwriting is only reliable in combination with other techniques such as degaussing. By itself, it is probably the least reliable of all of these methods.

The reason for this is that a thorough and methodical approach in conducting a three-pass overwrite cycle is essential. This is something that the Department of Defense (DoD) can ensure through military discipline a luxury we do not have in the civilian world.

Repeatedly performing this procedure numerous times, a day is not something to look forward to with any great anticipation. Human nature being as it is shortcuts and slackness will rapidly become the norm. It is also a lengthy process and hence not cost-effective.

Destruction of Paper Records

Cross shredding is the preferred method here. If cross shredders are not available throughout your organization then you can collect all paper materials including delivery and transport identifiers and packaging for centralized cross shredding.

This is infinitely cheaper than the consequences and bad publicity arising from breaches of personally identifiable information security. People are very sensitive about their own personal information and not very forgiving or sympathetic to those breaching their trust.

Communication Devices Information Destruction

Removing the battery will not destroy the data stored within. You must thoroughly remove data from all mobile communications devices such as cell phones, smart phones, PDA/Phones etc. Develop procedures and policies for doing this. Instruct all concerned in these procedures.

Schedule periodic “refresher” courses and updates which stress the seriousness of breaches of personally identifiable information resultant from improper disposal of these devices.

Decommissioning and Retiring Assets

Assume that all such devices including older computers, workstations, servers, laptops etc contain personally identifiable information and act accordingly. Irreversibly remove all data from the about to be decommissioned asset. Develop appropriate policies and procedures along with suitable education programs.

Quick Reference Guide

It is a good idea to provide everyone with a quick reference guide. Not everybody remembers everything forever. I have listed below a sample quick reference list below that you can use in any way you wish.

• PC with hard drive - Erase irreversibly, degauss, physically destroy if appropriate
• External hard drive - Erase irreversibly, degauss, physically destroy if appropriate
• USB Drive - Erase irreversibly, physically destroy if appropriate
• Thumb Drive - Erase irreversibly, physically destroy if appropriate
• Memory Sticks - Erase irreversibly, physically destroy if appropriate
• Fax Machine - Erase irreversibly, physically destroy if appropriate
• Printer - Erase irreversibly, physically destroy if appropriate
• Copier - Erase irreversibly, physically destroy if appropriate
• Optical Discs - Physically destroy if appropriate
• Floppy Disks - Erase irreversibly, degauss, physically destroy if appropriate
• Tapes - Erase irreversibly, degauss, physically destroy if appropriate
• Handhelds (PDAs etc) - Erase irreversibly, physically destroy if appropriate
• Cell Phones - Erase irreversibly, physically destroy if appropriate
• Smart Phones - Erase irreversibly, physically destroy if appropriate
• Paper - Cross Shred

Attention: Documentary evidence of destruction is required. See information disposal policy for details.

Some say that security is a state of mind and for the most part, they are correct. Yet it is more than that. Security is having confidence that private matters stay private and public matters are public affairs.

The biggest problem is that whenever conducting private matters over a public medium such as the Internet keeping it private is no easy matter to achieve. Here is how to do it.

First Line Defenses

Your first line of defense will be your antimalware software. You have an antivirus suite to keep malicious code at bay and antispyware to prevent keystroke logging.

Firewalls, intrusion prevention and intrusion detection devices and software to regulate network traffic flow and to stop prevent intruders from gaining access to your network as well as to warn you of attempts to breach your perimeter security.

You cannot conduct business or social affairs in isolation so you create a demilitarized zone (DMZ) to allow visitors access to your public face, usually in the form of a website. You might even establish dedicated email and blog services in your DMZ to facilitate smoother user-friendly communications.

Whenever you partake in communications outside of your secured sites using a publicly accessible medium such as the Internet you know your privacy and security are non-existent and want to do something about it. Enter the CIA.

CIA: Confidentiality, Integrity and Authenticity

The foundation stones of all secure private communications are the three pillars of confidentiality, integrity and authenticity also known as the CIA of security.

Confidentiality - Confidentiality ensures that the conversation remains private (confidential). Encryption technologies are the standard means to assuring message confidentiality.

Integrity - Integrity to ensure that the contents of the communication remain free from interference or corruption (the message remains intact). Hashing algorithms and the digests they produce are the most common means of assuring the message's integrity.

Authenticity - Authenticity to ensure that all parties to the conversation are who they are say they are (verification that the remote party is in deed the remote party you intend to converse with). Digital certificates are the most common means of verifying the authenticity of all and parties.

Secure Sockets Layer (SSL)

The most common means of securing a website and allowing parties to connect over a secure HTTPS connection is by using SSL technologies to provide authentication and message encryption. The process is as follows:

• The first step is to obtain an SSL certificate consisting of a public key and a private key. This can be “in house” or by way of a commercial certification authority such as VeriSign or Thwarte. You use the public key to encrypt information and the private key to decrypt it.
• A browser is pointed to a secured domain or website
• The Secure Sockets Layer handshake authenticates the server and the client
• An encryption method is established
• A unique session key is created
• The parties begin to communicate via a secure session that guarantees message privacy (confidentiality) and message integrity between authenticated parties

Other Common Uses of Cryptographic Technologies

Other technologies commonly used to deliver confidential, authenticated sessions with data integrity assured include:

• SSH is commonly used for secure encrypted remote access sessions
• OpenPGP is often used for file encryption with Email content encryption the most common
• VPN/IPSec for secure private networking over public media

Other uses of cryptography include full volume encryption of hard disk drives to protect data in the event of physical theft; digital rights management (DRM) schemes, key generation for digital fingerprint and authentication systems

As with all technologies, it is important that any cryptographic technologies that you use be correctly: installed, configured, administered, maintained and regularly tested, verified and updated when necessary.

With people regularly communicating outside or beyond their firewall protected local environments it is important that we ensure we pay due attention to the CIA of security. We must be proactive in order to protect ourselves and our organizations as well as our personal information and our assets (computers etc.).

Facebook, a recently-developed social network platform, successfully entered the market with its new approach: the introduction to the industry of embedded applications. When I first joined Facebook, there were not so much applications as there are now and I randomly added as much as I can, ranging from iLike (music playlists), Superlatives (“most” adjectives, ranking application), Mesmo TV (TV trivia), What Color are You (personality test), Greenbook (an environment advocacy) and others. At start, I was personally having fun with these applications. With Superlatives, I get to vote for my friends as the Most Likely to Be Addicted to American Idol and the Most Likely to Get Out of Trouble By Smiling while also getting votes as Most Likely to Be Creative and Most Likely to Pass Out After Midnight. Mesmo TV is addicting and got me answering trivia questions about popular TV shows until around 3 in the morning. You get to see your standing and scores as compared with other people in your network probably that's why it gets more exciting.

All About Applications

I came to know about all of my applications through invitations in my Facebook inbox from friends, recommending a certain application. For instance, Haikoo Zoo, allows its users to adopt a virtual pet which can interact with your friends' pets. Upon clicking on the accept button (or a more personalized button saying “Adopt a Pet!”), you will be transferred to an application page on which you can modify settings on that specific application. You can choose whether such application will be visible on your profile page, in your Mini-Feeds, and so on. Applications are added to your account and can be accessed through your profile page whenever you feel like updating them or whenever you're running out of fun things-to-do-online.

In the Philippines, especially among the teens, Facebook is just one of the many social networking sites that got them hooked. Social networking started during the early years of the internet. Even before Friendster, MySpace, and Multiply, there were the basic forms of social networking such as instant messaging, message boards and forums. These were the media through which people online interact with each other. Social networking has now taken a more creative form, more popularly through personal account and profile pages, offering the ability to meet new friends and connect with existing ones, blog, and share photos which made these sites a major online force for teens and college students. Just like the typical social networking sites, Facebook offers to its members the option to choose the degree to which they wish to interact with others or to which others may be able to interact with them.

Facebook opened its doors to third-party developers, giving them the opportunity to promote their applications and products within Facebook. For example, there were these India-based brothers, Jayant and Rajat Agarwalla, who first created a web site for playing an online version of the word game Scrabble, just because they love the game. This web site attracted about 3,000 regular players and one user suggested that they launch a Facebook version of the game, which they did 10 days after. With their computer skills and without actually wanting it in the first place, the brothers were suddenly owners of one of Facebook's biggest hits: Scrabulous. More than half a million Facebook users play this game daily.

Free May Not Be Really Free

Most, if not all, of these social networking platforms offer free membership. I don't recall myself joining something that I would have to pay to be able to meet new friends across the globe although there are platforms, allowing its users to opt for a premium membership. Livejournal, for example, is a social networking site with its primary features such as blogs and discussion forums. Years back, membership was only open by invitation or by purchasing an account, hence it was a really limited network. Having a Livejournal account then was like having an elite status among the internet users. When Livejournal finally gave access to the general public, I registered for an account and that started my “blogaholic” days and nights. It was virtually unlimited; you can post as much as you like, with or without pictures, with our without sense, embed other items such as videos. Practically, just like any other social online networks, it is an express-and-advertise yourself site. For a free service, it was actually great. For those really addicted, Livejournal has given them the opportunity to buy a premium account which, in the basic sense, allows the user to embed their Livejournal page in an outside server. There were more page templates available to premium members. There was a point in time when I wanted to have a premium account out of sheer boredom with the “regular” account.

Facebook is primarily “a social utility which connects you with the people around you.” Giving free memberships, it has attracted an overwhelming number of teens and students, most of whom depends on their parents and family relatives for financial support. Because it implies no financial obligation on the part of the members, this social networking site (and other similar platforms, like Friendster) immensely became a part of the lives of teens.

But being free is not good at all. Though you reap some benefits for free, you are being a source of revenue for these sites, without you actually wanting it in the first place, much less knowing about this. A web site, like Friendster and Facebook, certainly needs revenues for site maintenance and other business expenses. Where do they get this, considering that they don't ask for membership fees? That's where the third-party developers come in, along with the advertisers.

The X Deal

Facebook launched a new platform to give advertisers a deeper level of free access to its, according to Facebook's press release, more than 67 million active users by providing them the ability to write applications that can be shared from person to person. What Facebook hopes is that the advertiser applications will generate more traffic, adding ad inventory for Facebook's paid advertising through the pages generated by the apps, which will cost nothing to the companies adding them to the site.

Most web sites generate revenues from online advertising. Advertising has taken different forms in response to the highly modernized communication medium: the Internet. Basic forms of online advertisement took the form of advertising banners and pop-ups. At some point in my online experience, these banners and pop-ups implied nuisances and sources of scams and computer viruses. Since transfer and distribution is really fast online, it was rather difficult to monitor and regulate what is legitimate advertising and what is not. Anti-virus softwares and internet browers provided solutions to these issues: block pop-ups and virus scanners. However, what if these are legitimate advertisements? They are altogether lumped with the scams and they never reach its target audience. The advertising industry then has to come up with another tool and Facebook was just in perfect timing.

In a nutshell, Facebook allows advertisers to create applications and launch it on the platform. Why would advertisers do that? What do they get from it? Well, technically, our private lives. Probably most social networking users don't know that they are giving away their personal information, for advertisers to locate their correct target market and for Facebook to increase its traffic, increasing its possibility for more advertisers. What is really at stake for the users is their privacy.

To specifically illustrate, Facebook offers an application called “Top Lawyer.” Upon adding this application, I already gave out my preference for the law profession and interest in the legal realm. Advertisers are then automatically notified of this and ad banners on my page will consist of anything related to law, for example, law schools, law books, legal services, and so on.

Even without these applications, these social networking sites still strip off a part of its members' personal information and preferences. Every member on a social network has a profile page wherein you can browse personal information about him or her. A typical profile page includes age, location, and status. Additional information may be provided by the user, like school, hobbies, interests. Filling out these fields is equivalent to allowing advertisers to know who you are. User demographics are very vital to advertisers because this is where efficient and effective advertising takes place.

Working Together

Users post their personal information on their profile page, primarily for their family, friends and co-workers to locate them online and connect with them. These information are made accessible (or if I may put it, sold) by the social networking sites to advertisers. Advertisers then place their ads accordingly on certain pages depending on the personal information they have obtained. Advertisers are paid by the number of clicks, meaning that for every click on the banner link, they get paid a certain amount of money.

Advertisers get their revenues from sales, social networking sites get their revenues from advertisers, users don't get revenues but they do get free membership in these social networking sites. It sounds like a balanced working relationship, everyone being content with their share. But keep in mind that most members are not familiar with this set up. Most of them just enjoy the privileges offered by the social networking platforms, connect and interact with other people, without any knowledge that their personal information are being “used” to generate profits for the social networking sites and advertisers. This poses a serious privacy issue because members give out information on these platforms primarily to locate and connect with other members, and is not in any way similar to answering a marketing survey or attending a focus group discussion. In the traditional advertising industry, giving out personal information and preferences, and even giving comments and suggestions, are highly compensated. In a social networking utility, members advertise themselves and their preference in exchange for membership privileges and other online benefits.

Protect Your Character

Another danger related to the influx of these social networking sites is identity theft. Back when Friendster was still at its heightened popularity, I have friends who discovered they have another account aside from the one they personally signed up for. This usually happens to celebrities and public personalities but a private individual is not at all free from the possibility of identity theft. A novice freelance female model, searching for job opportunities, posts numerous of her solo pictures in the hope of meeting a talent scout who would help her land a print ad contract. She also puts up in her profile the music or food she likes, her favorite movies, her educational background, and even her hometown. All her pictures were being downloaded by a random girl, who has frustrations over her weight and to get that satisfaction of being admired by other people, she creates a fake account, posing as that freeelance model. All of these attained without any difficulty, without any barrier, without any limitation. Random girl remains unknown. If freelance model finds out about this account, what really is her remedy? How does she prove she is the real freelance model? At the very most, she can ask the site operators to disable the fake account but personally going after random girl, maybe for damages or lost earnings, is quite an impossibility.

For every account holder, it is important to keep in mind that once you sign up and login, you are opening yourself out for the public to see and know you. Default setting is accessibility to everyone. Make sure to immediately modify this setting depending on what you think would be best for you. Don't post information that is way too personal such as your home address, phone number, mobile number, places where you hangout, credit card information, etc. Be wary before adding, accepting, confirming anything that pop-ups on your screen. Remember that things may be really different from what you see from the monitor.

It may seem that a social utility such as Facebook would not create such danger to your personal life but there are real-life cases where it has been the means of perpetuating crimes such as prostitution, child abuse, rape, theft, and so on. A simple poser would really tick you off when it comes to that point where he or she literally copies everything from you everyday. Maybe it's about time to be careful in dealing with these social networking sites because there are ethical implications involved. Before publishing a blog, whether raving or ranting, it's better to think twice first. Law professors, after all, have indeed invaded Facebook as well.

But they forgot to tell us some things! They omitted telling us that an irritating tracking system had been developed parallel to the Internet. The same tracking system that allows malevolent and “bad” coders-hackers to take advantage of specific problems of hardware and software and take over your computer, access vital information and files of your system (access ALSO means DELETION), or simply flood you with spam forever. All this allows otherwise totally legal organizations and companies such as RIAA and similar “patent like” interest protectors, accessing and monitoring files on the internet. So…what they tell us…and are trying to make us believe is the following simple equation:

Illegal content = Bad
Privacy Violation= Umm ... ok!

The worst thing is that the general idea is to be subjected to us in the way of a voluntary privacy violation, so that there's actually no violation. How many times have you ever read the Terms and Conditions of an on-line application setup?

Here you will find some of the best ways to Anonymous browsing, made easy, in order to keep these peeping Toms off your private information and files.

1. Youhide
   A very simple site and one of the most simple ways to surf anonymously on the web. Makes a use of a proxy server and keeps your anonymity fully intact. Also has some extra features to use while surfing anonymously, such as the Removal of Cookies, Ads and scripts.
2. Proxify
   Proxify is a web-based anonymous proxy service that allows you to web-surf securely and anonymously. Just enter a URL (address) in the form and you'll be ready to. Special features for subscribers.
3. Proxy 4 Free
   A pretty cool sum of proxy servers lists that are for use in any way and keep your surfing on the internet totally anonymous.
4. Proxy
   A very cool site allowing you not only to surf the web and by the same time keeping your anonymity, but also with various useful articles and information about your Right to Anonymity, ways Proxy Servers work etc.
5. Torpark
   A browser based on Mozilla's Firefox, implementing a nice simple system that allows you to invisibly connect to a proxy server, then browse to the web page you want. No hustle at all and almost the best way! Made by a group called Hacktivismo and totally free!

Every time a person fills out a contest entry, sweepstakes form, survey application or joins an online community, then chances are the personal information that is used to complete these things are sold, rented or shared with second and third parties without our knowledge.

Most reputable companies or websites will have a privacy statement that explains clearly how they will use the personal information that they collect from their members or customers. Not all websites or companies are reputable, so it is extremely wise to read their privacy statements before handing over any revealing or personal information about you to strangers.

The following websites are extremely useful to help stop big brother from snooping into your personal business and private lives.

1. PGP

   PGP provides cryptographic privacy and authentication that is designed to protect email sent and received between two or more parties from being compromised by outside sources. This is an awesome email encryption program that really works great and is especially useful for sending and receiving important business email.

2. GuerrillaMail

   An excellent way to stop potentially a bunch of unwanted spam from clogging up your inbox is to use GuerrillaMail, so to get a disposable email address to use anytime your personal email address in required. The email expires in 15 minutes, just long enough to send or receive whatever is desired.

3. PookMail

   Stop sharing your real email address with every website that ask for it, but instead make up an imaginary email address using this website. Using this service for a while I have noticed a noticeable difference in the amount of spam that I have been receiving…considerably less. The email associated with your account is cleared every 24 hours allowing you to remain anonymous and still have fun.

4. Anonymous Speech

   Every time you send or receive a traditional email there are companies, governments and private individuals tracking your every move and storing these emails on both public and private servers. Anonymous Speech has an extremely secure email service that continues to provide outstanding email protection long after the email has been sent or received. This company does not share their client's personal information or email access with anyone and that does include government agencies and corporate entities. This program will not disappoint anyone who wants to remain anonymous when surfing the web.

5. Obviously

   This is an outstanding Do-It-Yourself website that shows you how to stop those pesky telemarketing phone calls and how to remove your personal information from marketing mailing lists, so to stop junk mail.

6. Double Click

   This company is the nerve center of digital marketing as the company self describes its self, but in reality, Double Click has probably collected some personal information about every person using the Internet at some point and time. They sell personal information collected to third parties for marketing purposes and the company will share the information that they collect on you with judicial or other government subpoenas, warrants or orders. Have your name and information removed from Double Click servers using the link above.

7. The Cloak

   Hide your web surfing activities from prying eyes and snoops while using this website to surf the net anonymously. The encrypted connection hides your identity from the sites that you are visiting using an http and https anonymous proxy. Your privacy is personal - get it.

8. BeHidden

   Here is another anonymous web surfing search engine that protects the surfer's person identity and web activities from being compromised by nosy webmasters, corporations, and governments. Also, BeHidden can be used to send anonymous email, so to further protect your identity. Awesome site!

9. Government Public Records Database

   Access the same databases as law enforcement and government officials do, so to request a copy of your FBI file. Yes it is true, the FBI compiles records concerning private citizens within the United States and you may be one of the people that the FBI has been watching. Excellent website tool for business operators, too.

10. Snarfed

    This is an outstanding blog about protecting your privacy when shopping on the Internet and what type of disposable credit or debit cards to use and how they work. Not all-disposable credit cards are made equally as some card programs will protect you better than others will. There is a lot of information here on this blog about privacy issues and there is a little something on here for everyone.

Remember, every time that you fill-out a contest or sweepstakes entry form or complete a survey your personal information is being collected and stored in some stranger's computer server somewhere. Each time a person joins another social network ( MySpace, Facebook ) or signs up to participate in an online forum; your personal information is being collected.

What or how these companies use your personal and private information depends on the company doing the collecting. Before doing business with or disclosing your personal information to, be sure to read the company's or website's privacy statement carefully, before disclosing anything to them. If the company or website does not have a privacy statement or the privacy statement looks suspicious, then avoid disclosing anything about you or anyone else to these types of companies and/or websites.

The Japanese outdoor game show starts off with lots of contestants, who are to pass through several obstacles using their physical and mental skills. Some of the obstacles are seemingly impossible to finish while some just depends on gut feel and luck to overcome. I have no idea why a certain local station stopped televising such amusing show but just recently, another local station started showing new episodes. But I still liked the original Takeshi's Castle, with the original Filipino hosts. I even planned on buying a copy from the local television station just to bring back the giddy 90s feeling.

That plan never pushed through. And I am thankful it didn't because now I don't have to spend big bucks just to see my favorite show again. Another thanks to YouTube .

YouTube is the most famous video website where you can view, upload, and share videos across the Internet and even mobile devices. YouTube has a wide sphere of categories covered, such as current events, music videos, press releases, videos on hobbies and interests, or even your own home original videos. This giant leader was developed as a corollary effect of our evolved technology and generation.

Today, anyone can shoot a video, edit, and share them with anyone in the world. Even my 11-year old brother can edit a home video taken by him using a camera phone. It's not what you'd expect to see in a movie but it is surely a great progress of human activity to find out that a kid can now make a simple video snippet through user-friendly softwares without even having to take full-blown academic courses. YouTube is one provider of easy use and access of short videos.

In our fast-paced techie world today, internet users (those who are familiar with internet features such as blogs, online forums, online stores, instant messaging, etc.) are indeed faced with an overwhelming number of unique innovations of the internet but most of them overlook the fact that they risk themselves as possible victims of copyright infringement or privacy violation though it is quite possible as well that they are violators of copyright and privacy laws. While some are actually aware of these laws and rights guaranteed under such, there are still a large number of internet users who are not accorded with enough knowledge that there are rules and laws in their use and access of the Internet.

For several years now, YouTube has been faced with notices, complaints, and suits concerning copyright infringement. Copyright issues suddenly were the hottest issue within the online video market. Advocate groups of intellectual property law put forward that YouTube and similar sites, by providing a network of video database, is encouraging its users to violate copyright laws.

In defense, YouTube claims that it is protected under the "safe-harbor" provisions of the Digital Millenium Copyright Act (DMCA) of 1998 passed by the 105th Congress of the United States of America. YouTube further provides in its policy wherein a copyright holder may send a copyright infringement notification to the company so that they can take action, discontinue the copyrighted material, and prevent the continued violation of copyright.

A copyright holder, who feels that there is an ongoing need to remove potentially infringing content, may also sign up for its Content Verification Program, which electronically notifies the company, removing any room for error, and significantly increases the speed at which they are able to remove any infringing content.

In the early 1990s, when the internet just boomed, movie and recording industries were the first ones to take active participation in making internet content providers responsible for any copyright infringement. Hollywood argued that internet companies should be held liable if it carries any illegal materials, whether they know it or not. This never happened.

Around 1995, Hollywood faced a strong rival, the ones who introduced the concept of internet, the Bell companies. Hollywood stood for copyright protection while Bell emphasized freedom of expression ideas on the internet. Conflict between these two viewpoints ensued. An impasse was reached in 1997, which forced both parties to submit to a compromise, after a balancing of interests by US Congress: the Online Copyright Liability Limitation Act which was the predecessor of Title II of DMCA (Section 512 of US Copyright Code).

Under such law, “user-generated content” companies are shielded away from liability by a “notice and take down” system. To illustrate, Universal Music Group may notify YouTube regarding a Black Eyed Peas music video, over which they have copyright, uploaded on the YouTube network and that they did not consent to the unregulated coverage and use of such video.

Upon demand, YouTube must take down the video expeditiously. And to be in “safe harbor,” YouTube must have not been aware that the infringing material was there. But under Section 512 (c) (1) (A)(ii), YouTube, in the absence of such actual knowledge of the presence of the infringing material, must also have not been aware of any fact or circumstance from which infringing activity is apparent.

We come to the question: isn't YouTube aware that its users are actually capable of bringing in pirated content into their arena? Aren't previous notifications satisfactory substantiation to alert YouTube of infringing activity as to be considered “facts or circumstances from which infringing activity is apparent”?

The principle of “fair use” has likewise come up in the course of defending YouTube business model. According to Electronic Frontier Foundation, an advocate for the public on digital rights issues, fair use is a limitation on the exclusive rights of copyright holders. The US Copyright Act gives copyright holders the exclusive right to reproduce works for a limited time period. Fair use is a limitation on this right. A use which is considered "fair" does not infringe copyright, even if it involves one of the exclusive rights of copyright holders.

Fair use allows consumers to make a copy of part or all of a copyrighted work, even where the copyright holder has not given permission or objects to your use of the work. The public's right to make fair use of copyrighted works is a long-established and integral part of US copyright law. Courts have used fair use as the means of balancing the competing principles underlying copyright law since 1841. Fair use also reconciles a tension that would otherwise exist between copyright law and the First Amendment's guarantee of freedom of expression.

Fair use is not clearly defined under the law. Hence, cases are decided upon facts and circumstances surrounding them. Under Section 107 of the Copyright Code, four factors are taken into consideration by the courts in determining whether a use of the material is “fair”:

1. Purpose and character of the use (courts are in favor of it being fair if it's for noncommercial purpose);
2. nature of the copyrighted work (a particular use is more likely to be fair where the copied work is factual rather than creative);
3. Amount and substantiality of the portion used in relation to the copyrighted work as a whole (court will balance this factor toward a finding of fair use where the amount taken is small or insignificant in proportion to the overall work);
4. Effect of the use upon the potential market for or value of the copyrighted work (if the court finds the newly created work is not a substitute product for the copyrighted work, it will be more likely to weigh this factor in favor of fair use)

The US Supreme Court has described fair use as "the guarantee of breathing space for new expression within the confines of Copyright law".

DMCA and fair-use principle may have saved YouTube from being legally responsible for hundreds of video clips posted by its users daily without the permission of copyright owners but are these measures sufficient to put an end to accounts of copyright infringement in general?

There is no certainty as to the demise of copyright infringement. It seems that infringement is being redefined today with the advance of science and technology as well as culture and arts. The information highway is an open field for artists wherein they can showcase their talents without having to pay for a fee for bandwidth and webspace.

Fairly enough, YouTube is coming up with possible solutions to create better safeguards against pirated content. Aside from affording copyright holders immediate action upon substantial notification, YouTube is likewise opening its doors to partnership deals with other media companies.

At present, the video-sharing site has successfully contracted with leading content providers such as CBS, BBC, Universal Music Group, Sony Music Group, Warner Music Group, EMI Group, NBA, and The Sundance Channel. These arrangements allow YouTube to carry materials copyrighted by such media conglomerates without risking itself to be charged for copyright infringement even under DMCA.

It is not exactly the same as spyware as this is software that has been stealth installed onto a user's computer to collect marketing data and which can sometimes result in undesirable operation. No, the problem of social is that users often post things such as favorite movies, shows, or other things that might make them the target of unwanted marketing attempts. As there is no expectation of privacy on the Internet, posting personal information to social networking sites like Facebook or Myspace such as your social security number or data of birth may be useful tools to identity thieves and may be avoided, but other information, called digital media to some is a bonanza for marketers and advertising looking for people who may be their target audience.

It seems that the rule long applied to the Internet elsewhere will soon apply to social networking sites like Facebook and Myspace as well. If you are not comfortable sharing this information, you probably do not want to put it out there on the Internet where it can easily be found by typing it into a search engine, which will be made even easier by several of the more popular sites making their data discoverable by search engines.

While the data found and provided by social bookmarking sites can give criminals as well as marketers a wealth of information that makes both of their jobs easier, privacy groups have voiced their concerns and have pushed the industry to find ways to improve the security of social networking sites. Social networking site dangers can often be avoided by not putting out certain types of information such as job, marital status or sexual orientation. Not only that it will cut down on the unwanted junk mail and e-mails your receive. Then again, you can always use the same option I do and not use the sites. They seemed pointless to me to begin with.