Modern electronic devices have a memory. Unfortunately, where your personal privacy is concerned, that can be a very bad deal indeed. In this column I want to explain how what you might have thought was a "convenience" or "feature" of your electronic gadgetry can detract greatly from your privacy. I can only scratch the surface here, so at the end of the column I'll suggest how you can learn more.

Telephone: Redial

Perhaps the most insidious threat to your privacy comes from the innocuous "redial" button on nearly every modem telephone handset. Suppose you're in a restaurant with a group of friends, and you decide to make a personal call that you would prefer to keep absolutely private. Unfortunately, the number you just dialed is likely to be stored in the phoneís "redial" memory. All a nosy friend needs to do is pretend to make a call from the same phone and simply push the "redial" button to connect to the person with whom you just talked. A simple solution is to place a 000-0000 or similar nonsense call before you leave any public phone. If this sounds like paranoia, read on!

Other Phone "Features"

In order to make a few extra bucks here and there, your local telephone company offers a host of features. Even if you donít subscribe to them, they are often available from almost any telephone for a small fee - usually from 30 cents to 75 cents for each use. If I want to know the phone number of the last person who called my house, I simply push *69, which costs 75 cents. (The activation codes in this article may not be the same for every city, so read the front pages of your phone book carefully.) A recorded message tells me the date, time, and phone number of the last call made to my house. This is a great feature if you want to know the phone number of the person - or student - who just made a crank call. It is not a great feature if you want the call you received to be private.

Naturally, these "features" offered by your local phone company can be disabled - also for a per-call cost. If you remember in time, you can preface your call with a *67; this makes your call "anonymous," and no identifiable phone number is attached. By the way, if you know a phone number, you can use one of the various "people finder" services on the Web to do a "reverse look-up" that will usually tell you the name and address that belong to the phone number. (See http://www.lycos. com/peoplefind/, for example.)

Telemarketers, finance companies, bill collectors, and intelligent "stalkers" usually make nothing but "anonymous" calls. Of course, for something like $3 a month, you can have a feature called "Anonymous Call Rejection" installed on your phone. By the way, in my city there is no way to make all outgoing calls anonymous; you must do it on a call-by-call basis. The "auto-dialers" used by the telemarketers can make every call anonymous; they just enter the *67 code prior to dialing your number. Do you get the feeling that this situation is similar to the police radar guns doing battle with the radar detectors?

Telephone: Answering Machines

In case you haven't bothered to read the manual for your new answering machine, you can probably dial in, enter a code, and pick up your messages from any phone in the world. All it takes is the code or PIN number. If you haven't changed this code, it is preset from the factory to a very common number that a lot of people already know or could guess. I had a "brand X" answering machine that was preset to a simple three-digit number. This answering machine broke, so I replaced it with a really high-tech "brand Y" machine. The new machine's code or PIN number was a simple two-digit number. And both answering machines were preset with the same number! (Here's a riddle: What two-digit number is identical to a three-digit number?) Given a phone with a redial button and an hour or two, I could easily learn your two-digit code; it would take fewer than 100 calls to your house. Read the manual and change your code or PIN number - immediately. And if your machine has a two-digit code, don't put much faith in your privacy, especially if you get a lot of hangups in a short period of time.

Cellular Phones

I recently had to replace my big, heavy, plain, tougher-than-nails analog cellular phone with a new digital "Nokia" brand phone. (I use the real brand name for this highly popular cell phone because doing so will not compromise your security.) My new cell phone has a memory for both the last five "dialed calls" and the last five "received calls." In addition, it has an alphanumeric memory. That is, you can program the phone with an "ABC" code, like "FREDhome" and a number. Just hit the "ABC" memory button, and you can scroll through my list of people and their numbers. Here's where your privacy could be compromised: anyone could pick up your cell phone and scroll through your "ABC" memory and list, by name, the last five calls you received or made. Naturally, the "security options" menu selection has all the appropriate choices, such as "Auto phone lock," "Change lock code," and "Restrict calls." You have attended to these matters, haven't you?

Computer Passwords and E-Mail

Having been the sysop or administrator of about half a dozen e-mail servers, I can say with some certainty that at least 25% of the people who use these systems never get around to changing the original password assigned to them. Another 25% pick really obvious passwords, such as their initials, the name of a pet, their birthday, and so on. Rarely do people follow the advice of experts who say to pick a password with eight randomly mixed letters and numbers, say, "xg2mp-3j9." System administrators usually give neophyte users easy passwords like "abc" "123" or their initials. (Mine would be "RV.") Unfortunately, lots and lots of users just keep on using these obvious passwords and never get around to changing them.

Modem e-mail and other password-protected computer software enable you to change your password whenever you want, and even the system administrator cannot view your personally selected password. Of course, you have to take an active role here and do a little work to change your password. But here's where your prvacy could be compromised: any system administrator can "reset" your password. In other words, if I am the administrator, I can call up your "user information" panel, and, though I cannot see your password, I can reset it to "abc." Then, of course, I could immediately read all of your new and archived e-mail files. If a system administrator ever sends you a message that says anything like "The computer has just reset your password to the default of 'abc,"' start worrying! Fortunately, the "sysops" I know take so much pride in the integrity of their systems that they would rather go off line than do any such thing.

There is another aspect of your e-mail privacy that I should mention briefly, and that is the "out box." Most of us spend so much time keeping our "in box" read and pared down to size that we forget that the system also remembers the outgoing mail for as long as the default time period on the server - often 60 days! If you want to remove all traces of your work, you must clear out both the inbox and the outbox.

Computer Operating Systems

In order to make your use of a computer easier, a modern computer operating system (OS) does a lot of work for you behind the scenes. If your privacy is at stake, you might wish that your computer did fewer of these things.

For example, your computer has both a "clipboard" and a "scrapbook" memory. (I'll use the Macintosh terms since I haven't had time to check out all these problems on the various versions of the Windows OS.) Whenever you use a computer's "cut" or "copy" function, you save what you cut or copied to either a temporary "clipboard file" that goes away when you turn the computer off or to a "scrapbook" file that archives the cut or copied text forever. Suppose you're at a conference or in a large computer lab, do some work on a public computer, and then just walk away from the computer. Even after you quit or exit a word processor or other program, the computer's OS will probably still remember the last items you cut or copied from within whatever program you were using. Turning the computer off before you leave will clear the short-term "clipboard" type memory, but it will not clear out the archived or "scrapbook" memory.

The following story illustrates another problem with machine memory and privacy. Indeed, it was this incident that prompted me to write this column. I recently attended a large high-tech conference, and the conference sponsors had set up a lab of about a dozen very capable Internetconnected computers so conference-goers could access their home e-mail systems. All the conference's public computers were conveniently running Web browsers, such as Netscape or Internet Explorer. Of course, I took advantage of the conference computers to stay in touch with my e-mail at work. I quickly noticed, however, that most users before me had failed to sign off properly from their home e-mail systems. Even those previous users who had properly signed off from their e-mail servers had failed to clear out all the other computer memory locations: the Web browser's "Go: Last" memory, the Web browser's "Bookmark memory," the computer's "Scrapbook memory," and so on. The previous users had left the computer equivalent of a "paper trail" leading to everything they had just done. It was a little scary and surrealistic.

I recently did a little "action research" in our university's main public-access computer lab. Of the five machines I randomly sampled, two were left in a state that let me read the personal e-mail messages of the previous user, and one let me read the last documents created in a word processing program and view the last websites visited. Only two machines were devoid of all remnants of the previous user. (I did not actually read the previous user's e-mail; I just accessed the file list and read the "subject" lines. One archived e-mail message had the subject line "**LOVE**" which prompted my discretion.)

Another incident that prompted me to write this column occurred when a small group of fifth-graders managed to obtain unauthorized access to a teacher file and e-mail server. The fifth-graders took advantage of a Macintosh "Apple" menu option titled "Recent Servers." Macs have three such memories: Recent Servers, Recent Documents, and Recent Applications. As an OS convenience, the Mac remembers the last five or so of these things. Just select a "RecentÖ" menu option, and you can go backward in time. Not a good deal if you don't want someone to go where you just went or read what you just wrote! Since this incident I have started systematically to remove these OS features from all student machines over which I have any jurisdiction.

Encrypted E-Mail

If you really want to protect the privacy of your e-mail messages and verify that documents you receive are genuine and have not been tampered with, two common solutions are PGP (pretty good privacy) and S-MIME (a "secure" Internet mail protocol). There is a very readable FAQ (Frequently Asked Questions) page on PGP at http://www.pgp.net/pgpnet/ pgp-faq/faq-0l.html#l.l. Personal PGP is available from PGP, Inc., at http:// www.pgp.com/products/PGP50-fab.cgi. You can read all about S-MIME at http://www.zdwebopedia.com/S_MIME.htm. Verisign, Inc., is a major vendor of S-MIME products and can be reached at http://www.verisign.com. There are also many shareware products that offer encryption, but for all but the most sophisticated users, I heartily suggest you deal with a company that can offer you the tech support you might need. At first, the whole idea of encryption is very difficult to grasp, so read a lot and take your time.

Your words, data, ideas, emotions, finances, and correspondence are yours alone. You should have the ability to share such personal things only with the people you choose. As an American, you have this fight; citizens in many foreign countries do not. Look carefully at the expanded header on the top of the next e-mail message you receive; you will notice that the mail went through many unknown computer systems before it reached yours. I hope this column makes you a little more cautious.
 
 

(Riddle answer: 00 and 000. Nothing equals nothing.)

ROYAL VAN HORN is a professor of education at the University of North Florida, Jacksonville (e-mail: rvanhorn@unf.edu).