Consumer Information Security Workshop
May 20 - 21, 2002

The security of consumers’ home computers is an issue of growing importance. The terms "virus," "worm," and "Trojan horse" have gained new meanings as "Melissa," "ILOVEYOU," and "Code Red" infected computers across the globe. News of hackers’ "exploits" make front page news. At the same time, more and more consumers access the Internet through "always on" DSL or cable Internet connections, which allow quick access to Internet content but also may be vulnerable to attack even when the consumer is not actively using the Internet. As consumers use their computers as repositories for sensitive information such as passwords, financial records, and health information, the potential destruction or disclosure of that information is cause for concern.

Another aspect of consumer security is whether consumers’ personal information held by businesses is secure. When consumers interact with businesses – whether to check a bank account balance, register to receive information, or purchase a product or service – those businesses become custodians of consumers’ personal information. An employee processing a consumer’s payment or a consumer checking his or her account balance may want access to this information, but at the same time businesses face the challenge of securing it from access by external threats such as hackers or even by unauthorized insiders. Should a hacker gain access to a business’ customer credit card database, for example, that intrusion may not only have serious consequences for that particular business and the consumer’s financial well-being, but may also affect consumers’ confidence and willingness to engage in e-commerce generally.

This workshop provides an opportunity for the Commission to explore information security issues that affect consumers. The questions to be addressed at the workshop would include: