Cyber-Crime, Identity Theft

and Privacy Legislation

Compiled by: Mark E. S. Bernard, CISM, PA, Privacy & Security Consultant,

Apollo Computer Consultants Inc., www.apollo-cc.com Date: 2004/02/17

AGENDA

Cyber-Crime

ID Theft

Headlines

Consumer confidence

Privacy Legislation

Summation

CYBER-CRIME

All credits to Powell 2000

RECENT THREATS

As new more advanced

technology finds its way to the

market place law makers need

to keep up.

CYBER-CRIME DEFINED

(1) Crimes in which the computer

is the target of the criminal

activity;

(2) Crimes in which the computer

is a tool used to commit the

crime, and;

(3) Crimes in which the use of the

computer is an incidental

aspect of the commission of

the crime.

2003 SURVEYS

(1). Asset misappropriation reported from 60% of participants (PWC)

(2). Theft of proprietary information cost $70 Million (CSI/FBI)

(3). Denial of services cost $66 Million (CSI/FBI)

(4). Financial fraud cost $10 Million (CSI/FBI)

CYBER-CRIMES 2003 & 2004

0

5

10

15

20

25

30

35

Asset

Mis

appropria

tio

n

Fin

ancia

l

Mis

appropia

tio

n

Corruptio

n &

Brib

ery

Money

Launderin

g

Cyber C

rim

e

Industria

l

Espio

nage

Product P

iracy

NOW

FUTURE

(1) Virus 82%

(2) Insider abuse 80%

(3) Laptop 59%

(4) Unauthorized insider 45%

(5) Denial of service 42%

(6) System penetration 36%

(7) Theft of proprietary info 21%

(8) Sabotage 21%

(9) Financial fraud 15%

(10) Telecom fraud 10%

All credits to 2003 2003 CSI/FBI

% 0F 490 RESPONDENTS

All credits to 2003 PWC

CORPORATE ACCOUNTING

All credits to Bennett

INTERNATIONAL HEADLINES

Enron

- Enron Treasurer gets 5 years

- Arthur Anderson charged for obstruction of justice

- Canadian CIBC to pay 80 Million in fines

- Three Merrill Lynch Executives indicted

WorldCom

- Inflated annual profits

- Improperly accounting of 3.9 Billion expenses

- Accumulated 30 Billion in bad debt

- Largest Corporate bankruptcy in US history

CORPORATE REFORM

All credits to Bennett

INTERNATIONAL HEADLINES

Council of Europe

- Business is the prime target of Cyber-Crime

- However, public authorities and even private citizens are vulnerable too!

- Florida man faces charges of identity theft

- Feds charge 3 in massive credit fraud scheme

IDENTITY THEFT

All credits to Bennett 2001

2003 CANADIAN HEADLINES

- Sept 2003 Student buys BMO computers for resale on eBay, but discover client data on the hard-drives

- Sept 2003 Revenue Canada losses 120,000

Canadians private information

- March 2003 B.C. warns of identity theft

2003 RCMP/CSIS REPORT

- 2003 CSIS report states that payment card fraud

- 2003 CSIS report sates that organized crime is involved

- 2003 one new position added to Maritime region

- 1999 RCMP report states that Cyber-Crime’s #1 concern is Identity Theft

- 2003 Two new positions added to Maritime Tech-Crime Unit

2004 CANADIAN HEADLINES

- Music Industry hunts Canadian pirates

- Ontario asks consumers to get smart

about identity theft

- Canada, USA, Australia crack down on web site fraud

E-COMMERCE IN CANADA

2000

• 6.9% of households purchased goods over the Internet with or without

online payment

• 3.3 Million purchases were made at a value of 417 Million Dollars

• On average each household made 4 purchases at an average total value of

$517.00

• 60% was spent in Canada while 40% was spent outside of Canada

2001

• While purchases increased 73% to 7.2 Billion doubling importance from

0.2% to 0.4% of total operating revenue

• The proportion of businesses purchasing over the Internet increased to 18%

• Business-to-Business exceeded Business-to-Customer by a 4 to 1 ratio

• In 2000 63% businesses used the Internet accounting for 90% of online

economic activity

All credits to Statistics Canada

NB ECONOMICS - OCT 2003

- NB's economy has grow to 2.6%

as of Oct 16th, 2003 & will hit

3.0% in 2004

- NB Exports to the US are in excess

of $10 Billion annually

- 1 in 5 Americans are victims of ID

Theft that's 5.4 Million Americans

All credits to RBC

ID THEFT IN CANADA

Victims 2002 2003 % Economics 2002 2003 Increase

ON 4,031 5,772 43.19% ON $7,188,125.90 $12,682,218.64 $5,494,092.74

BC 1,046 1,829 74.86% BC $1,221,733.15 $1,808,318.45 $586,585.30

AB 635 1,079 69.92% AB $767,110.16 $1,282,716.71 $515,606.55

MB 196 195 -0.51% MB $187,843.92 $194,718.93 $6,875.01

SK 106 202 90.57% SK $84,937.37 $687,992.85 $603,055.48

UNKNOWN 144 34 -76.39% UNKNOWN $12,855.00 $5,640.02 -$7,214.98

NB 131 200 52.67% NB $150,016.54 $261,206.11 $111,189.57

NS 185 223 20.54% NS $222,516.14 $273,347.29 $50,831.15

NF 46 94 104.35% NF $27,480.20 $115,993.06 $88,512.86

PE 16 14 -12.50% PE $7,083.42 $2,150.00 -$4,933.42

NT 2 2 0.00% NT $0.00 $0.00 $0.00

QC 1,646 3,711 125.46% QC $1,916,011.64 $4,246,801.90 $2,330,790.26

YT 2 2 0.00% YT $0.00 $0.00 $0.00

NU 1 2 100.00% NU $1,100.00 $3,000.00 $1,900.00

TOTALS: 8,187 13,359 63.17% TOTALS: $11,786,813.44 $21,564,103.96 $9,777,290.52

ALL CREDITS RCMP PHONEBUSTERS

ONLINE SHOPPING MEN VS WOMEN

All credits to The Conference Board.

CONSUMER CONFIDENCE

eBusiness

2000 $657 Billion

2004 $6.8 Trillion

2003 $18.5 Billion during

holidays aloneAll credits to The Conference Board.

THE PRIVACY FACTS

European Union demanded adequate data protection for trade purposes

e-Commerce has been suffering because of low consumer protection

Technology has out paced law

Consumers need to have control over their private information in the

market place and until now had no laws to support their rights

PRIVACY LEGISLATION

Canadian Privacy Act 1984

Australia Privacy Act 1988

European Union Directive 95/46 EC 1995

USA Children’s Online Privacy Protection Act. 1998

United Kingdom Data Protection Act 1998

Canada, Bill C-6; Personal Information Protection

and Electronic Documents Act 2000

USA, Safe-Harbor Privacy Principles 2000

THE PRIVACY COMMISSIONER

OF CANADA

http://www.privcom.gc.ca

PIPEDA IMPLEMENTATION

STAGE ONE JAN 1, 2001

Federally regulated organizations such as banks, telecommunications and transportation companies

STAGE TWO JAN 1, 2002

The act extends to personal health information

STAGE THREE JAN 1, 2004

The act extends to the collection, use or disclosure of personal information in the course of any commercial activity within a province

PIPEDA PRINCIPLES

ACCOUNTABILITY

IDENTIFYING PURPOSES

CONSENT

LIMITED COLLECTION

LIMITED USE, DISCLOSURE AND RETENTION

ACCURACY

SAFEGUARDS

OPENNESS

INDIVIDUAL ACCESS

PROVIDE RECOURSE

PERSONALLY IDENTIFIABLE INFORMATION DEFINED

Defined by the American Institute of Certified Public Accountants (AICPA)

and the Canadian Institute of Chartered Accountants (CICA)

Personally Identifiable Information (PII) is any information relating to an

identified or identifiable individual.

“Sensitive information”

medical or health conditions

racial or ethnic origin

political opinions

religious or philosophical beliefs

trade union membership

sexual preferences.

customer's name address

telephone number

social security/insurance

other government identification numbers

employer

credit card numbers

personal or family financial information

personal or family medical information

employment history

history of purchases or other transactions

credit records and similar information.

HUMAN RESOURSE OR BUSINESS

RELATED COMPLAINTS?

HR

22%

B

78%

HR related complaints

account for 22% of over all

investigations completed

Business related complaints

account for 78% of over all

investigations

POST-INVESTIGATIONS REQUIRING

FURHER ACTION - HR?

NWF

40%

UR

0%WFR

16%

MF

4%

WF

38%

NJ

2%

D

0%Further action 56%

Not requiring further

action 42%

POST-INVESTIGATIONS REQUIRING

FURHER ACTION - BIZ?

UR

1%

NJ

3%

D

1%

MF

7%

WF

39%

NWF

36%

WFR

13% Further action 56%

Not requiring further

action 39%

Energy

6%Transportati

on

12%

Telecommu

nications

27%

Financial

54%

Commercial

Enterprise

1%

PCO FINDINGS BY INDUSTRY

PCO FINDINGS

-10

0

10

20

30

40

50

UR NWF WF WFR MF NJ D

Financial

Telecommunications

Transportation

Commercial Enterprise

Energy

PCO FINDINGS BY

CLASSIFICATION & INDUSTRY

Action

required

91%

No action

required

9%

FINANCIAL INDUSTRY POST-

INVESTIGATION ACTION REQUIRED?

PIPEDA - FEDERAL COURT

Who owns your e-mail?

One of the Privacy

Commissioners investigations

has made it all the way to

federal court

PIPEDA - FEDERAL COURT

Music Swapping and the right to

privacy

ISP’s need to protect consumers

privacy in compliance with

PIPEDA

PIPEDA does provide a

provision for law breakers

Will consumers confidence and

privacy rights outweigh the law?

CONSUMER CONFIDENCE

GREW IN 2003

Usage is up from 57% to 61%

Internet users trust of online

transactions went up from 27.5% to 33%

21% more users in 2003 have indicated

that they trust online transactions

All credits to The Conference Board.

SUMMATION

Cyber-Crime is real and its happening right here in New Brunswick

just look at the indicators

Technology has out paced legislation and criminals are benefiting

from it

Private business needs to take this seriously

Good privacy practices are good for business and good for our

economy

6 of 10

Thank you!

For additional information on this subject please contact:

Mark.Bernard.CISM@apollo-cc.com

Privacy & Security Assurance Professionals

www.apollo-cc.com

6 of 10