Chapter 5 – Information and the Internet

Obtaining, processing, using and forgetting information is part of everyone’s daily routine (not only) in the cyber world.

If information is missing or inaccurate, the decisions that rely on it will also be wrong or incorrect. And we would certainly not want someone to gain unauthorised access to our confidential information, or for someone to alter our information undetected.

1. Introduction

Obtaining, processing, using and forgetting information is part of everyone’s daily routine (not only) in the cyber world. If information is missing or inaccurate, the decisions that rely on it will also be wrong or incorrect. We would certainly not like it if someone unauthorised accessed our confidential information or changed the information without us noticing.

Let’s look at the specific properties of information (not only) in cyber space so that we know how to avoid the most common problems.

2. Credibility of information obtained

Much of the information we obtain is direct, first-hand knowledge, often based on our own previous experience. So we can be pretty sure that, for example, fire burns and things fall down. But a lot of information is passed on to us by someone else who has obtained the information from a source, or who has received it from someone else – for example, a reporter passes on information to a press office, from where the media pick it up and pass it on to their readers. This is how we get information about natural disasters or celebrity weddings on the Internet, even though we were not present at the scene of the event.

It is not easy to judge the credibility of the information we receive, because it always depends on the specific author. The information received may be incomplete (something is forgotten), it may be misunderstood (translation errors, ignorance of the subject), it may be deliberately manipulated (only the appropriate part of the information is conveyed) or the author may be unable to convey the information correctly (inability to formulate the idea). We should also be aware that, due to the nature of the Internet, anyone can spread information here – from serious reporters, through groups promoting their truth, to outright liars.

Hoax and fake news

Hoax – As the Internet has grown, so too has the spread of misleading or false messages, typically sent by email, that attempt to confuse the recipient (from saving unadopted puppies to asking the recipients to delete important files on their own computer) and convince them to forward the message. Fake news – Unfortunately, today, there are also information sources that deliberately publish false or misleading information to manipulate opinion, influence the market, etc.

The only way to verify the credibility of the information is to verify it from different sources or to have a long-term knowledge of the author, whose credibility can be assessed by looking at the information published by him or her, which we know directly and can thus assess their credibility.

3. Access to information

However, not all information is entirely public and available to anyone. Some information can only be accessed through personal connections, job titles or admission to study. It is not possible to treat this information in a completely arbitrary way without getting into a dispute with the provider.

The basic requirement we mentioned in the chapter Basic principles and motivation is confidentiality, i.e. it is necessary to ensure that the information is only accessible to defined persons. Organisations do this by classifying information, so that each piece of information is tagged with a category that determines who is allowed to read it. It is basically the same as someone in our private lives saying “I’ll tell you something interesting, but promise you won’t tell anyone” or “It’s just between the five of us”.

Typical classification of information

For simplicity, it is recommended to classify information into three categories:

Public information is available to anyone (tram departure times).

Internal information is available only to organisation members (building operating rules).

Confidential information is available only to named persons (pay slips).

Note that for non-public information, it is necessary to verify the identity of the accessor (authentication) and his/her authorisation to access the information (authorisation).

This is to ensure that the information does not fall into the hands of unauthorised persons, otherwise its confidentiality is breached. Cyberspace is no longer just about verbal communication but also about various cyber methods of transmitting information – by email, copying it onto a portable medium (flash drive), posting it on the web, making it available in data storage, etc.

We are always guided by the requirements of the person who made the information available to us, specified the classification of the information and defined what we may or may not do with the information and where it may be stored. Of course, it is a good idea to think this way about information that does not have a specific classification – you probably would not tell a random passer-by your phone number, address or annual income without hesitation. In any case, it is not a bad idea to follow the rule of minimum access here (see the chapter Who I am and what I am allowed to do) and only share information with those who really need it.

4. Availability of information

It is also useful to be able to access information whenever we need it. For example, a train search engine that does not work or a damaged memory card in your phone that contains the contacts of everyone you know will make the information you need unavailable.

There are, of course, many more ways in which the availability of information can be disrupted – it can be accidentally deleted, contaminated in a cyber-attack, the carrier medium can fail, the power supply can fail, etc.

5. Changing information

The human brain has limits, so it does not always remember all information correctly – it often forgets details over time or recalls others, so you could say that the information it remembers changes over time. This is why minutes are taken at important meetings.

In the world of computers, we are better at remembering information, but we still need to be sure that the information – for example, the minutes of a meeting – has not changed in any way since it was entered. We have already seen this requirement in the chapter Basic principles and motivation, which refers to integrity.

Ensuring the integrity of the information stored and transmitted in normal operation is done for you, the user, by the operating system in use and the relevant communication applications, such as the email client (using various mechanisms such as parity bits, cyclic self-correcting codes, fingerprints, and so on). If a problem is detected, an attempt is made to correct it, if possible, or the individual devices arrange to retry the data transfer separately. If the integrity problem persists, the user will be informed that the information, or for example the file containing the information, is corrupt and could not be read.

If we want to avoid even a deliberate violation of integrity, which in the real world is equivalent to forging a document, we have no choice but to use an electronic signature – in addition to identifying the author, it allows us to verify that the information is in an unaltered form (for more information, see the Encryption and electronic signature chapter).

Ransomware

Cyber criminals sometimes use special types of malicious programs, viruses, which, when executed on a computer, begin to encrypt stored information so that it is no longer readable (accessible) by a legitimate user. The cybercriminal will then offer to decrypt the data for a fee. If this happens to you, it is not a good idea to pay because you do not know if the attacker will actually decrypt the data, and you will be encouraging them to launch further attacks.

The only way to prevent the loss of your own information is to back it up by regularly making a copy of the information and storing it in a safe place. If the information is lost, the last copy made will be used to recover it. For example, you will not lose all the work you have done, but only the last day or hour, depending on the backup interval.

The availability of information on websites or information obtained from other service providers must then be ensured by their operators. Most services on the Internet are backed up because their operators do not want to lose customers as a result of data loss.

6. Provision of information

Suppose we have information that is not classified in any way and we want to share it on the Internet. For example, a plan to go to a concert tonight. If we communicate such information to someone in person, only they can hear it, the rate of further dissemination is limited, they are likely to forget the information the next day, and, if necessary, it is easy to deny that we have ever told someone such a thing. However, in the Internet environment, the situation is completely different.

Information on the Internet is recorded in digital form (in computers, everything is converted to zeros and ones) and is easy to duplicate and spread further. In addition, information of this nature is usually communicated on social networks, which directly supports its spread.

Moreover, information that is once released on the Internet can never be taken back. Even if we delete it from its original location, we cannot affect the copies that have been made in the meantime and are travelling independently on the Internet. So let’s keep this in mind, especially with personal information (photos, statements, etc.), and avoid putting anything on the Internet that we want to delete later.

Similar problems can also occur with different versions of documents – while the original version is already spreading through cyberspace, the new corrected version is only in its original location. That is why we often encounter so-called controlled documentation, where the location of the correct version of the documents is defined.

It is also helpful to know that as employees of an organisation, we should not speak on behalf of the organisation to the public (for example, to journalists) because this activity is reserved for spokespersons, chancellors, etc. These people, unlike us, have a clear idea of what the organisation wishes to communicate and how. Therefore, if we receive an enquiry from the public, we should always pass it on to the appropriate person.

7. Summary

We have to work with information every day, so we need to learn how to handle it properly. First of all, we need to assess the credibility of the information we receive, based on the knowledge of the author. A little bit of thinking can help reveal obvious inconsistencies.

Information already available may be classified, in which case further communication may be restricted. It is therefore important to know who we are allowed to share information with. We should always make information about our employer available to the public through a designated person – a spokesperson.

When transferring or storing information for an extended period, we must be sure that it has not been changed and that the information we have is the same as the original. We use a variety of technical methods to do this, the most common of which is an electronic signature, which allows us to check that no changes have been made since it was signed.

All the information we need must be available when we need it. For services such as websites and web applications, we need to rely on suppliers, and for critical information, it is a good idea to have contractual availability. We need to regularly back up the information we have locally so that we can use the copy we have made if there is a problem – disk failure, accidental deletion of data, malicious applications, etc.

We should also be aware of the specific characteristics of the cyber world, mainly the ease with which information can be disseminated and the near impossibility of revoking or removing it.

Virtual tour

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
mdocs-f23d4887cc59eaf5d74998a5389151af	session	This cookie is associated with the site's document system and is used to store information needed to manage and display documents.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
pll_language	1 year	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
qtrans_front_language	1 year	This cookie is set by qTranslate WordPress plugin. The cookie is used to manage the preferred language of the visitor.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_1HP1PTTJR4	2 years	The _ga_1HP1PTTJR4 cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
sid	1 month	The sid cookie contains digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	13 months	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	13 months	This cookie is set by Microsoft to recognise unique web browsers that visit its websites. It is used for personalised advertising, web analytics and other operations.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by Google and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Univerzita Tomáše Bati ve Zlíně