People First Party lawmaker Chou Hsi-wei (周錫瑋) revealed yesterday that a Chinese company has been marketing to advertisers 2.25 million e-mail addresses originating in Taiwan. As many of the addresses ended in "gov.tw," denoting government institutions, the legislator voiced concern over Taiwan's preparedness in fighting cybercrime.
"The government should look into this case and improve the security level of electronic communications systems in government agencies," said Chou.
At a press conference yesterday, Chou showed reporters the e-mail advertisement he received. It was from a Chinese company called "Silver Star Internet Information Company," and the legislator confirmed the source and contents of the ad by calling up the phone number provided.
The company advertised the sale of e-mail addresses originating from the U.S., Hong Kong, India, Russia, Canada, Japan, England, France, Germany, Australia, Taiwan, and others. The ad offered a package of 2.25 million Taiwan e-mail addresses for US$100.
E-mail addresses for the National Nano Device Laboratories, the National Science Council (國科會), the Mainland Affairs Council, the Legislature, the Ministry of Economic Affairs, and individual government officials were part of the package, which gave Chou cause for concern.
"A report from the International Computer Security Association indicates that e-mail has become the major channel for spreading computer viruses since 2000," Chou said. "E-mail may also enable computer hackers to steal the passwords of e-mail accounts or intercept e-mail transmissions. Any of these illicit activities would cause serious problems.
"Therefore, the government should enhance education on information security when promoting 'e-Taiwan' or 'e-government' projects" to reduce the risk of using the Internet," Chou urged.
Shieh Shiuh-pyng, department chairman of National Chiao Tung University's Department of Computer Science and Information Engineering, was not as worried as Chou about the advertisement. He stated that the leak of e-mail addresses would not endanger information security, but the government did have to be on guard against computer viruses and junk mail.
"It's not surprising that the company collected the e-mail addresses since many government agencies display them on their Web sites," Shieh said.
The professor was more concerned about addresses of individuals being available. He said, "Personal e-mail addresses should be protected by legislation."
Shieh cited the U.S. as a model for protecting personal information on the net. "In the U.S., credit card companies will ask customers if they're willing to have their personal information, such as phone number and address, given to other companies," Shieh argued.
"The information of customers who check the 'no' box is protected by law, which is the direction in which Taiwan should proceed regarding personal information protection," the professor said.
Quelle: Taiwan news
