On August 26, a news release from the Korea Communications Commission (KCC) said that an SK communications server was hacked and 3.5 million members’ personal information leaked. And according to the statistical release from KCC, the personal data of 20 million users were leaked last year. In 2008, there was a case in which one major company, Hanarotelecom, sold customers’ information to telemarketing companies for profit. Due to these cases, people could not shake off their anxiety about data production. Therefore, The University Life will cover stories in a series on personal information protection in the September and October issues.
When we join Facebook, it is not necessary to enter a resident registration (RR) number, however; when we join Korean websites, we have to include all personal information including RR number, address, and phone number. Moreover, many websites demand users to consent on using personal information. If you refuse to consent, you cannot join that website. The question is can our personal data can be kept safe? Personal information covers everything. According to the Internet Law Subparagraph 6 of Article 2 of Chapter 1, personal information shall mean the information pertaining to any living person, which contains code, letter, voice, sound and image, etc. That makes it possible to identify such individuals by his/her name and RR number, etc.
Leaks and Defense on Social Life
However, in daily life, a lot of personal information was leaked for three reasons: black hack, insider trading, and carelessness of controller. Many people may have an experience about personal data exposure. One student in the Department of Philosophy at Kyung Hee University (KHU) said, “I recently had an unpleasant experience. A message about a loan was sent to me constantly from a corporation that I never heard of.” Like her experience, many people have been damaged spiritually as well as financially by leaks. A recent statistical release from the Internet Statistics Information System (ISIS) of KCC said that 77,147 people asked for counseling for harm recovery. The number is highest reported yet and it has been increasingly sharply since 2009.
So what are the government’s efforts to protect people’s privacy? It reorganized a new version of the Data Protection Act which promulgated on March 29, 2011 and will come into force on September 30, 2011. What is the difference between the former and new law? Professor Park, Whon-il, Kyung Hee University Law School, answered the question: “The new Act will make important changes in data protection as follows: sensitive data and universal identifiers like the RR number, as regulated by law, will be prohibited in principle without the specific consent of data subjects or authorization by the law.” According to the Preamble to the Constitution, the purpose of this Data Protection Act is to build a safe and sound environment for the information and communication networks, as well as to protect personal information in order to improve the citizen’s lives and enhance the public welfare.
Also, cross border agencies are now paying attention to privacy and they co-operate in order to enhance adequate levels of data production. The Asia Pacific Privacy Authorities (APPA) is one of the global agencies which is targeting for data protection. In particular, the APPA held its 35th APPA Conference at Jeju Island from June 1-3, 2011 and Professor Park, Whon-il, was one of the speakers at the APPA forum. Professor Park spoke about “How to the Tame Global Internet Service Provider (ISP)” and he said, “The world has its attention on personal information protection, especially on the Internet.” As stated above, global agencies are conducting an official discussion in order to protect personal data.
As we have seen, the Korean government changed the internet law and cross border agencies are paying more attention to privacy as well as cooperating to enhance protection. So what are university students doing for data protection?
Case #1: Computer Emergency Response Team (CERT) of University
Have you heard the story about undergraduates doing straw hacking to protect data from black-hackers? The university Internet server is too weak and can be easily hacked. “We regularly do straw hacking in order to find weak points in the campus intranet network. Each university stores an enormous of personal information about students and their parents. So once the university server is hacked, I do not want to see the end,” said Son, Young-nam, chief of the Union of the Underground University for CERT (U3). Likewise, U3 has made constant efforts to keep the campus server safe since 2006. Eleven universities such as Chungbuk National University, Seoul Women’s University, and Chosun University belong to U3.
U3 performs straw hacks and analyzes the weak spots. It is then reported to the school computerization department. Each inspection needs 2 weeks and U3 does it in one-year intervals. Son said, “Last year, we hacked one university server, and then all student and faculty personal information leaked very easily. I was surprised at how powerless the server was! So we reported it immediately to school authorities.”
It seems like U3 is doing a rewarding job. When have their efforts been the most fruitful? “I felt worth living when I heard about the school accepting U3’s criticisms and reinforcing the server. It will be really helpful for protecting students’ personal information,” Son said happily.
Case #2: Korea University Clubs for Information Security (KUCIS)
From 2006, KCC and the Korea Internet Security Agency (KISA) choose information security clubs annually and conducted technical training at those clubs. In 2011, 42 clubs will be selected by KCC and KISA.
NET at KHU is one of the 42 clubs. From 2003 until now, NET has been selected by KISA and has been given training in information security as well as morals from security experts. “Through the training course, we feel we have grown. Also when we listen to a lecture on security affairs from the famous corporation, AhnLab, in the workshop held by KISA, the lecture made us dream to be a security expert,” said Lee, Jung-sub, chief, NET, a club in the College of Electronic Information Engineering at KHU. CAT-Security, one club at Catholic University of Korea, received the grand prize from KISA. As first prize, they got an opportunity to participate a security contest held in Los Angeles in the United States from August 3-9, 2011. “When I attended the Defcon contest, I felt that most people in the U.S. pay attention to data protection. I thought how wonderful it would be if Korea’s youngsters had an interest in the protection of personal information,” said Park, Se-young, a chief of CAT-Security.
Those two students emphasized personal effort in order to protect private data. “To protect personal information, it is most important that people should be careful to protect their information such as their RR number,” they both said.
A proverb says, “The beacon does not shine on its own base.” Maybe you are the one who could be exposed and suffer losses due to low protection. We should be aware as an independent internet user. Students had better be aware in order to protect their fundamental right to privacy. So, is there anything we can do in daily life? Rule number one: make your password more creatively and cherish your personal information. Do not sell your data in order to get free gifts on the Internet. Your information is more important than a gift. Rule number two: download security programs that security companies offer. Moreover, upgrade your security programs. There is nothing more important than prevention. So students, be aware of information exposure!