GAZETTE

JANUARY/FEBRUARY 1991

Whether maintenance is per-

formed on site or on-line, by means

of a modem and on-line computer

diagnostics, the problem is that the

data stored is accessible to the

maintenance engineer or mechanic

who is performing the repair or

maintenance. Such a person can

readily access and copy all one's

clients' stored confidential data,

and if so minded make improper or

even fraudulent use of same.

It would appear that there is a

legal responsibility on a solicitor to

take reasonable steps to ensure

that the confidential information

stored on computer is not disclosed

to unauthorised persons. The pro-

blem is how is this to be achieved

as it is unrealistic to expect one's

clients to sign a general waiver.

However, one should make sure

that at least one's maintenance

contract includes a covenant

regarding confidential data and

unauthorised disclosure by the

company's employees.

As communication is becoming

a widely used microcomputer ap-

plication, the risk of unauthorised

access to one's data is becoming a

very real problem. Most of the

communications software available

today allows one to put one's

computer into an "auto-answer"

mode, wh i ch means it will

automatically answer any phone

call it receives. In this way anybody

with the phone number of your

computer can, theoretically, access

all the data files and programs on

your computer from a remote

location. This is how on-line com-

puter diagnostics works.

. . . t he re is a l egal res-

ponsibility on a solicitor t o take

reasonable steps t o ensure t hat

t he con f i den t i al i n f o rma t i on

s t ored on compu t er is not

d i s c l o s ed t o u n a u t h o r i s ed

per sons ."

However, communications soft-

ware programs nowadays do have

password protection so that only

those with the correct password

are able to gain access to hardware

and software data on the phone. If

a person has a working knowledge

of the password scheme and the

operating system, such a person

can of course obtain access to

one's data.

In fact it is now possible for data

to be removed from computers

from outside the building. The

radiation emitted from a VDU is

sufficiently powerful to be received

by anyone using an ordinary

television set, a standard television

aerial and a frequency modulator a

hundred metres away. This can be

done even where an office is full of

VDUs because the frequency signal

from each is different.

Finding information on a hard

disk is easy. There is a Public

Domain software program called

Whereis available that will search

through all the directories on disk

to find a specific file. Once an

unauthorised person has gained

access to one's computer he can

carry out a search for anything that

might be of interest in the

directories, and download that in-

formation. Even a particular word

or phrase can be searched for on an

entire disk. Files and directories

can, however, be hidden. Attributes

such as "hidden" and "read only"

can be assigned to programs and

data.

Utilities are also available on the

market which enable one to create

"secret" directories. In order for

these schemes to be effective, the

utilities used to hide the files and

data have to be removed from user

access: likewise directory utilities

which will show hidden files have

to be removed from user access.

Security packages, which in-

clude password assignments for all

users and encrypt or scramble data

files are available. These packages

do have drawbacks viz: —

(a) reduced processing speed;

(b) increased administrative tasks

e.g. assigning passwords, user

access, data file security, data

file security levels.

(c) pre-planning and determination

of who shall have access to

what on the hard disk.

(d) assignment of a hierarchy of

security levels for files depend-

ing on the sensitivity of the

data stored on them, and the

availability thereof to certain

users;

(e) regular monitoring of the

passwords assigned, and the

hierarchy of security levels, is

essential;

(f) the very real risk of forgetting

the password!; and

(g) inconvenience.

They do, however, provide the

highest level of data security

available for microcomputers.

There is software and hardware

on the market which will only allow

access to users at specific times;

that will make certain directories,

files, etc. unavailable to certain

staff or will only allow certain staff

access to certain files and prevent

them changing those files.

Electronic keys, or dongles, are

another form of security devjce.

These are hardware units which

slot into a 'key-ring' connected to

the printer port and allow use of the

computer to key carrying personnel

only.

There is another device which is

a combination of smartcards and

signature recognition pads. This

involves the person requiring

access to the system slotting his

smartcard into a receiver and then

signing an electronic pad. The

smartcard contains a three dimen-

sional image of the person's

signature which the control com-

puter uses to check against the one

WENTWORTH - Lr.

Grand Canal St.

• C. 2,250 Sq Ft Adj. Merrion Sq

• Superb Finish (Incl. Carpets etc.)

• Flexible lease term

• On Site Carparking

Joint Agents:

Sherry

fitzGerald

S 616198

6