Student ID: 70999660

Year: 2007
Bsc (Hons) Management (Singapore Programme)

1
Can Websites be trusted?

Introduction

The information age is an age where physical products feature less prominently and
society is actively trading and creating information and data. The internet is one of
the main medium of facilitation for such information transfer and is increasingly
important as an increasing amount of people globally become users of the internet.
Websites are a collection of inter-connected web pages that are stored and run from
servers and are the graphical interfaces of the internet and it is through them that
users find information meaningful and fit for manipulation. Websites can provide
information for research or entertainment, but websites can also cause damage to
users by introducing viruses or siphoning of personal data.

Due to the risks posed by surfing websites, we need to determine if we can trust
websites. The American Heritage Dictionary defines trust as the firm reliance on the
ability, character and integrity of a person or something. The following sections will
attempt to show the various shortcomings of websites as well as the effectiveness of
web security and protective measures that will determine if the overall risks are
insignificant enough to be compensated for by trust.

Problems that affect websites’ integrity

a. Cybercrime
One of the major issues that undermine both the security and trust of websites is
cybercrime (Furnell, 2002). Since almost anyone can access the internet and there is
no one agency that is responsible for the security of the entire internet, cybercrime
can be easily perpetuated. Some main categories of abuse and computer crime that
affect websites as listed by the U.K. Audit Commission (1994) are:
1. Fraud where certain users manipulate or misuse data for their own benefits;
2. Theft of data and identity;
3. Hacking which is to gain unauthorized access to computer systems or web
servers;
4. Introducing pornographic materials;
5. Virus which is a program commonly found and distributed through emails and
websites that can cause damage to computer systems.

In addition to the abovementioned, there are also other abuses such as defacement
of websites and as well as phishing where users are redirected or led to a fake
website that requires them to provide personal data such as their bank account
number, one such case as reported by Reuters (2003) is that of DBS Hong Kong
where bank customers are led to a duplicate DBS iBanking website in order to
extract their account information.

Hackers are people who exploit vulnerabilities of web servers or computer systems in
order to gain unauthorized access as in the case of AT&T where hackers break into
the system and stole the data of customers (InformationWeek, 2006).
1
Due to the complex nature of human beings, it is difficult to apply the issue of trust on employees and
therefore I will focus on the relation of trust and websites instead.
b. Invasion of privacy
Many website companies can monitor and collect information from users, including
children who surf their websites, thus leading to an invasion of their privacy. They do
so by using web cookies to track users, by observing the habitual patterns of users
whenever they click a link or simply by asking users to fill up some online forms. One
such case is that of Facebook, a social networking website that tried to use a tracking
tool to gather data about its users but instead gained the ire of the users
(StarTribune, 2007). There are cases when users had their personal information
which is stored online stolen and people buying information such as someone else’s
social security number from online information firms (Sullivan, 2006). Information
such as someone’s name or residence can be easily googled and traced just by
keying in other information such as the target’s secondary school name.

c. Negligence of website users

There are many negligent users who unwittingly allowed others to use their
passwords to accounts such as their online bank accounts by sharing or losing their
passwords. Some even leave important personal information on webblogs or forums,
thus allowing for future exploitation. There are also employees of firms who provide
data and passwords to external users who are impersonating as their colleagues.

d. The misinformation in websites

Misinformation in websites is also a serious problem and it can be as simple as a
truncation of several sentences in online news websites to mislead users into
adopting a different perception. Even government websites such as those of Iran and
North Korea might not present factual information as governments can try to
manipulate information for their own goals. An example is the webpage of the official
governmental website of North Korea (http://www.korea-dpr.com/unification.htm)
which insinuates that the USA is controlling South Korea. There are also websites
and webblogs that contribute to the proliferation of non-factual or ridiculous
information such as conspiracy theories and rumours (Bucher, 2002).

Users will become less trusting when they become victims of cybercrime or had their
privacy being encroached upon.

Vulnerabilities and failings of web legislation and security

To make up for the shortcomings of websites, legislations and computer security

software/programs exist in order to increase the security of websites and to protect
users.

The “Child Online Privacy Protection Act” (1998) of USA is a legislation that attempts
to protect the children’s privacy and from pornography online. Unfortunately, there
are little other legislations that prevent such companies from collecting users’
information and it is up to the company’s own discretion on whether they will protect
the users’ information or to release it to other parties. Legislations such as the
“Computer Misuse Act” (1990) of UK make activities such as the spreading of virus
and identity theft online criminal offences. However, such laws are also difficult to be
enforced as it is difficult to monitor who is engaging in identity theft over the net, what
constitutes as cybercrime or to arrest the perpetrators of such a cybercrime who are
residing in another country. In addition, there are still many countries that do not have
a proper national body or their laws are insufficient to protect the privacy of internet.

The security of web servers consists of programs such as anti-virus softwares,

firewalls, data encryption and password authentication. Almost every computer
manufactured will be installed with anti-virus softwares and website users are
constantly downloading the latest web security programs. If website users trust
websites, there’ll be no need to take such protective measures. However there are
many new viruses that constantly outpace the anti-virus firms’ attempts to neutralize
them and will attack web servers before they can be stopped. Furthermore, skilled
hackers can code programs to exploit vulnerabilities in firewalls and encryption
programs in order to break into secured web servers. There are only so many firms
that develop web security programs against the hundreds of thousands if not millions
of hackers around the world.

Website users should take a more cautious approach and try not to enter into
websites if the description seems dubious, they need to constantly update their anti-
virus softwares and be aware of the latest viruses. They should also clear their web
cookies frequently and always get a newer version of firewall in order to minimize
their risks as low as possible.

The report “Leap of Faith: Using the Internet Despite the Dangers” (2005)2 for
Consumer Reports WebWatch provides supportive evidences for the points
mentioned above. In the report, it was found that there’s a substantial level of
skepticism and decline in trust of websites and concerns of the respondents range
from security issues of online transaction websites to websites that contain
misinformation and/or pornographic contents.

Conclusion

From the above sections, it is clear that most website users are constantly being
threatened by agents of cybercrime and the intrusion into their privacy. In addition,
due to the weak development and difficulty in the enforcement of laws regulating the
matters of privacy and cybercrime over the web globally as well as the failings of web
security; internet users run the risk of insufficient legal and web security protection.

All these factors seriously undermine the trust that website users can afford to place
on websites as there is way too much risk that trust can possibly compensate for. It is
analogous to a scenario where you may trust a stranger who offers to bring you to a
pub for a free drink but if the stranger is holding onto a gun in his hand, then it is
difficult to trust him as the risk involved is far too much higher as compared to the first
scenario than you can accept. In conclusion, users should be more guarded as
websites generally cannot be trusted.

Bibliography

2
Please refer to the report at http://www.consumerwebwatch.org/pdfs/princeton.pdf for more details of
the report.
1. Anderson J.P. (1980), Computer Security Threat Monitoring and Surveillance,
James P. AndersonCo., Fort Washington, PA.
2. Bucher, Hans-Juergen (April 2002) “Crisis Communication and the Internet:
Risk and Trust in a Global Media.”, First Monday, volume 7, number 4,
http://firstmonday.org/issues/issue7_4/bucher/index.html [accessed 1st
December 2007]
3. Children Online Privacy Protection Act 1998, U.S.A.
http://www.ftc.gov/ogc/coppa1.htm [accessed 3rd December 2007]
4. Computer Misuse Act 1990 (c. 18), U.K.
http://www.legislation.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm
[accessed 3rd December 2007]
5. Computer Misuse Act 1998 (c. 50a), Singapore.
http://statutes.agc.gov.sg/non_version/cgi-bin/cgi_retrieve.pl?&actno=Reved-
50A&date=latest&method=part. [accessed 3rd December 2007]
6. Furnell, S. (2002) Cybercrime Vandalizing the Information Society, Pearson
Education Limited.
7. Gelman, R. B., & McCandlish, S. (1998) Protecting yourself online: The
definitive resource on safety, freedom, and privacy in cyberspace. San
Francisco: HarperEdge.
8. Greenemeier, L. (2006) “AT&T Hack Highlights Web Site Vulnerabilities”
InformationWeek,
http://www.informationweek.com/news/showArticle.jhtml?articleID=19250050
0 [accessed 28th November 2007]
9. Lallana, Emmanuel C. & Margaret N.UY. (2003) The Information Age, UNDP-
APDIP, http://www.apdip.net/publications/iespprimers/eprimer-infoage.pdf
[accessed 25th November 2007]
10. Laudon K C and Laudon J P (2006) Essentials of Business Information
Systems, 7th Edition, Pearson Pentic-Hall.
11. Liketke, M. (2007) “Facebook moves to correct social faux pas”,
StarTribune.com, http://www.startribune.com/business/12185121.html
[accessed 6th December 2007]
12. Luhmann, N. (1998) “Familiarity, confidence, trust: problems and alternative.”,
in D Gambetta (ed) Trust: making and breaking cooperative relationships,
Oxford: Basil Blackwell.
13. Nissenbaum, H. (1999) “Can trust be secured online? A theoretical
perspective.” Etica e Politica, 1(2), 1-15.
14. Princeton Survey Research Associates International (2005), “Leap of Faith:
Using the Internet Despite the Dangers.”, Consumer Reports WebWatch,
http://www.consumerwebwatch.org/pdfs/princeton.pdf [accessed 27th
November 2007]
15. Reuters. (2003) “Another bank spoof phishes for data”, Reuters,
http://news.zdnet.co.uk/security/0,1000000189,39118802,00.htm [accessed
27th November 2007]
16. Terry Johal (2004) “Controlling the Internet: The use of legislation and its
effectiveness in Singapore.”, Proceedings, 15th Biennial Conference of the
Asian Studies Association of Australia, Canberra,
http://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN0214
71.pdf [accessed 25th November 2007]
17. trust. (n.d.). The American Heritage® Dictionary of the English Language,
Fourth Edition, Dictionary.com website:
http://dictionary.reference.com/browse/trust [accessed 23rd November 2007]
18. Sullivan. B. (2006) “Online privacy fears are real: More people are tracking
you than you think”, MSNBC, http://www.msnbc.msn.com/id/3078835/
[accessed 29th November 2007]
19. U.K. Audit Commission. (1994) “Opportunity makes a thief”, Audit
Commission Publications, U.K.
20. Democratic People's Republic of Korea (North Korea) Official Webpage,
http://www.korea-dpr.com/unification.htm [accessed 3rd December 2007]
21. website. (n.d.). The American Heritage® Dictionary of the English Language,
Fourth Edition. Dictionary.com website:
http://dictionary.reference.com/browse/website [accessed 23rd November
2007]