Robert Bruen's review of "The Hundredth Window" by Charles Jennings and Lori Fena. IEEE Cipher, E38 August 4, 2000."

The Hundredth Window
Charles Jennings and Lori Fena
The Free Press 2000
278 pages. Two appendices, index, glossary
2000. ISBN ISBN 0-684-83944-X. LoC QA76.9.A25 J456 2000. $26.00

Reviewed by: Robert Bruen August 4, 2000.

The Hundredth Window is the one that the crackers get through after you have secured the other 99 windows, highlighting the difficult job of those who try to secure computer systems and networks. The authors founded TRUSTe, an organization dedicated to privacy issues. It monitors web sites, giving out seals of approval to those who meet their pro-privacy standards.

Privacy is one of the most important issues facing us today. Some of us feel that it has already been lost while others are fighting to maintain it. Both camps generally agree that monitoring the attacks on privacy an stepping up the awareness campaign are crucial. There are a number of books appearing that deal with privacy issues, each with its own perspective. Jennings and Fena appeal to a wide audience, not a technical audience, and do not use scare tactics. Instead they explain an aspect of the problem, then offer suggestions
on to cope with it.

Their focus is the loss of privacy through the web, choosing to call the first chapter "The Invasion of the Data Snatchers". The main unit within this loss of privacy is the PII (Personally Identifiable Information), those little factoids about you that can be traced to you, such as your birthday, you social security number, your address, etc. It also includes things like your financial status, your favorite movies, when you drove through that tollbooth and whether you have AIDS or have visited a psychiatrist. It might even include what you said to that psychiatrist. Imagine at a divorce hearing having your spouse's lawyer produce a record of your liquor purchases to prove that you are unfit parent. PII can be thought of as the virtual you. It is nice if it results in you getting a discount coupon on some consumer item that you wanted in the mail, unsolicited, because that company knew that fact about you. It is not so nice when that same piece of your PII is damaging to you. Unfortunately there is no distinction anymore, factoids are just factoids.

The suggestion has been made that we can longer expect privacy, but instead we have to manage our privacy, in part because it is a commodity bough and sold in the marketplace. The problem is that we do not have control of it nor do we reap the benefits derived from its sale, unless you include that discount coupon. The authors provide many techniques to get hold of some control, much it through awareness. For example, when visiting a web site do you see a privacy policy posted? If you do, is a one that you agree with? Other suggestions include information on the failure of security in web shopping carts, web sites that do not maintain good security practices and web sites that will sell whatever they can discover about you.

The Hundredth Window is inexpensive, a quick read, with some marketing for TRUSTe. I liked the book and recommend it for those who, for whatever reason, need to learn that there is actually a problem with our loss of privacy as well as those who want to keep up to date on the issue.