In-Depth

Security Briefs

Hate sites and corporate liability; weak PDA data protection

• By Mathew Schwartz
• 06/09/2004

As Violence and Hate Sites Rise on the Web, So Do Enterprise Liability Concerns

Worldwide, the number of hate sites or sites advocating violence has increased by 26 percent in the past four months. Over the past four years, the number of such sites has grown 300 percent, from 2,756 in 2000 to 10,926 as of April 2004.

Those results come from researchers at security vendor SurfControl, which sells Web and e-mail content and filtering software.

Alarmingly, “we’ve begun to see a convergence of sites promoting violence and those advocating hate,” says Susan Larson, SurfControl’s vice president for global content.

Recent events seem to be driving the proliferation of such Web sites, including debates over gay marriage and the opening of Mel Gibson’s film, “The Passion of the Christ.” SurfControl notes “some new sites use the Gibson movie as a launching pad to express hatred of non-Christian religious groups. One site depicts the incident of a brutally slain homosexual as morally justifiable, while another anti-Semitic site targets national political figures, including President George W. Bush, as so-called ‘Jewish Mafia.’”

Legal territory is hazy when it comes to the liability organizations face for contributing to a hostile-seeming work environment. Still, there are risks. Witness the alleged dissemination of racist jokes in corporate e-mail at the Lancaster, Penn., printing plant of R.R. Donnelley and Son, and the subsequent $500 million lawsuit filed against the company in 1995, still pending in the courts. Of course, the lawsuit charged that employees were propagating hateful material—which is not the same as an employee stumbling upon a hate site.

Still, “in this sort of climate online, it becomes more important than ever for employers to manage Web access,” says Larson.

For companies that want to filter the hate sites their employees might see, there are software options, including products from a number of companies, including Secure Computing, SurfControl, and Websense.

- - -

Survey Says Business PDAs Aren’t Secure

Most business users’ PDAs are relatively unsecured, according to the “2004 United States PDA Business Usage Survey” conducted by Los Angeles-based Pepperdine University.

The university’s Graziadio School of Business and Management surveyed 230 U.S. business professionals selected at random who use PDAs regularly. The survey was sponsored by Pointsec Mobile Technologies (a subsidiary of information security company Protect Data).

Though over 80 percent of those surveyed say they carry “somewhat valuable” or “extremely valuable” information on their PDA, half don’t have any security features enabled except for the password challenge that appears when the PDA is powered on. Roughly 4 in 10 access corporate networks using their PDA.

Of the executives interviewed, 60 percent say the loss of their PDA could have a significant impact on their business. Yet storing sensitive data on a PDA without strong encryption means attackers can easily recover that data from a PDA; log-on passwords are no impediment for experienced attackers. A quarter of all respondents say they’ve lost or had a PDA stolen.

Lack of strong encryption and corporate PDA adds up to an enterprise security risk. “Clearly, unprotected PDAs are putting employers—whether corporate or organizational—at risk,” notes Thomas Blitz, president of Pointsec Mobile Technologies. “What’s more, despite the risk, many corporate executives still perceive security to be a less-than-critical PDA purchase consideration.”