1 Copyright © 2003 Prentice Hall, IncSlides created by Bob Koziel

Copyright © 2003 Prentice Hall, Inc 2 Tips for using the slide show Use MS Power Point XP to view the presentation. Earlier versions will not show the animations correctly. Slides with : Click the slide to view all of its sections and animations. Some slides need to be clicked several times. will appear once the last object on the slide has appeared. Click to go to the next slide. represents an Internet link that will take you to the Web site when you click on it. Internet connection required. Clicking on the or icon will take you to the previous or the next slide. Slides with videos or sounds: Click on the picture to view videos or listen to sounds. NEXT SLIDE I NEXT SLIDE Copyright © 2003 Prentice Hall, Inc

3 Chapter 12 Privacy and Encryption COMPUTERS IN YOUR FUTURE 2004 COMPUTERS IN YOUR FUTURE 2004 by Bryan Pfaffenberger and Bill Daley Chapter 12 Privacy and Encryption What You Will Learn NEXT SLIDE The threat of privacy due to the sale of sensitive personal information on the Internet Definition of anonymity and how it is abused by users Technological developments and how they are eroding privacy and anonymity Reasons why employers are monitoring employees’ computer usage How public-key encryption threatens U.S. security, both foreign and domestic The U.S. government’s proposed key recovery plan and how it threatens the growth of Internet commerce

Copyright © 2003 Prentice Hall, Inc 4 NEXT SLIDE Identity Theft Identity theft is one of the fastest growing crimes in the United States and Canada. Identity theft occurs when enough information about an individual is obtained to open a credit card account in their name and charge items to that account. Examples of information needed are name, address, social security number, and other personal information. Laws limit liability to $50 for each fraudulent charge. An individual’s credit report is affected by identity theft.

Copyright © 2003 Prentice Hall, Inc 5 NEXT SLIDE Privacy in Cyberspace Privacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information. The Internet is eroding privacy through the selling of information collected through registration forms on Web sites. Few laws regulate selling personal information. Technology is not only making it easier to invade someone’s privacy, but it is also providing a means to protect against privacy invasion.

Copyright © 2003 Prentice Hall, Inc 6 NEXT SLIDE Encryption Encryption refers to the coding of information so that it is only readable by the intended recipient. It is used in electronic commerce transactions and . Encryption provides a way to use the Internet in a safe, secure way. It could be used misused by criminals and terrorists.

Copyright © 2003 Prentice Hall, Inc 7 NEXT SLIDE Anonymity Anonymity is the ability to convey a message without disclosing one’s identity. It can be abused because it frees people from accountability. Defamation is the act of injuring someone’s reputation by making false statements. Libel occurs when malicious statements are made in writing.

Copyright © 2003 Prentice Hall, Inc 8 NEXT SLIDE How Is Technology Eroding Privacy and Anonymity? Computers and the Internet enable marketing firms, snoops, and government officials to collect information in ways that are hidden from view. Hidden information technologies used on the Internet are:  Cookies  Global Unique Identifiers (GUIDs)

Copyright © 2003 Prentice Hall, Inc 9 NEXT SLIDE Cookies Cookies are small files that are written to an individual’s hard drive whenever a Web site is visited. Legitimate purposes of cookies include recording information for future use. Example: retail sites using “shopping carts.” Questionable practices include banner ad companies tracking a user’s browsing actions and placing banner ads on Web sites based on those actions.

Copyright © 2003 Prentice Hall, Inc 10 NEXT SLIDE Example of Cookies

Copyright © 2003 Prentice Hall, Inc 11 NEXT SLIDE Global Unique Identifiers (GUIDs) A GUID is a unique identification number generated by hardware or a program. It is used to send user information back to the site that created it.

Copyright © 2003 Prentice Hall, Inc 12 NEXT SLIDE Protecting Your Privacy Online 1.Browse anonymously– Use Web sites such as or Disable cookies on your Web browser. 3.Use free addresses for information placed on Web sites. 4.Don’t divulge personal information to online strangers. 5.Make sure registration forms have a privacy policy statement.

Copyright © 2003 Prentice Hall, Inc 13 NEXT SLIDE Privacy at Work Employees are given and Internet access at work. Companies are concerned about employees’ wasting time surfing the net and sending personal . Three-quarters of large corporations monitor employees’ phone calls, , Web browsing habits, and computer files. Laws do not protect employees from being monitored.

Copyright © 2003 Prentice Hall, Inc 14 NEXT SLIDE Things to Remember at Work 1.Do not use the employer’s phone for personal calls. 2.Do not use the employer’s for personal messages. 3.Assume everything you do at work is being monitored.

Copyright © 2003 Prentice Hall, Inc 15 NEXT SLIDE Encryption Basics A readable message is called plaintext. An encryption key is a formula used to make plaintext unreadable. The coded message is called ciphertext. An encryption technique called rot-13 is used in chat rooms and Usenet discussions. Symmetric key encryption algorithms are encryption techniques that use the same key to encrypt and decrypt a message. Data Encryption Standard (DES) is a commonly used encryption system.

Copyright © 2003 Prentice Hall, Inc 16 The Problem of Key Interception Rot-13 is not a secure encryption system. Symmetric key encryption systems are vulnerable to key interception, or having their key stolen. Banks and military agencies use a complex encryption system called strong encryption. NEXT SLIDE

Copyright © 2003 Prentice Hall, Inc 17 NEXT SLIDE Public Key Encryption Public key encryption uses two different keys.  Public key is the encryption key.  Private key is the decryption key. They are used in e-commerce transactions. A secure channel for information is provided when the keys are used. The encryption keys are computationally intensive, they place a heavy burden on the CPU. They are vulnerable to cryptanalysis, or code breaking. Key length is the length (in bits) of an encryption key.

Copyright © 2003 Prentice Hall, Inc 18 Public Key Encryption Algorithms Numerous public key encryption algorithms have been developed.  Diffie-Hellman algorithm  RSA encryption algorithm  Fortezza NEXT SLIDE

Copyright © 2003 Prentice Hall, Inc 19 Digital Signatures and Certificates Digital signatures are a technique used to guarantee that a message has not been tampered with. Digital certificates are a technique used to validate one’s identity. Digital signatures are used with non-encrypted and encrypted messages. A hash key, a mathematical value, is used to describe the message’s content. Digital certificates can be obtained from a certificate authority (CA). NEXT SLIDE

Copyright © 2003 Prentice Hall, Inc 20 Public Key Infrastructure (PKI) A public key infrastructure is a uniform set of encryption standards that specify how public key encryption, digital signatures, and digital certificates should be implemented. NEXT SLIDE

Copyright © 2003 Prentice Hall, Inc 21 NEXT SLIDE Public Security Issues of Strong Encryption Encryption can be used for illegal means as well as legitimate means. Encryption will devastate law enforcement’s ability to fight crime. Public key encryption can also be used in telephone conversations. Law enforcement agencies are asking for laws enabling them to eavesdrop on encrypted messages.  Clipper Chip  Key escrow plan  Key recovery

Copyright © 2003 Prentice Hall, Inc 22 The Academic Angle U.S cryptographic researchers lead the world in cryptography. Companies are pressuring the researchers to not publish their research. Copyright management infrastructures (CMIs) enable vendors of digital media to track and control the use and copying of their products. The Digital Millennium Copyright Act (DMCA) imposes stiff penalties for anyone divulging information about how CMI works. NEXT SLIDE

Copyright © 2003 Prentice Hall, Inc 23 NEXT SLIDE Chapter 12 Summary 1.Sensitive personal information is for sale on the Internet. 2.Web sites collect personal information without informing their visitors. 3.Anonymity is the ability to convey a message without disclosing one’s identity. 4.Cookies provide a way for Web sites to record one’s browsing activities. 5.GUIDs make anonymous usage of the Internet difficult. 6.Many employers monitor their employees phone calls, , Web browsing habits, and computer files. 1.Sensitive personal information is for sale on the Internet. 2.Web sites collect personal information without informing their visitors. 3.Anonymity is the ability to convey a message without disclosing one’s identity. 4.Cookies provide a way for Web sites to record one’s browsing activities. 5.GUIDs make anonymous usage of the Internet difficult. 6.Many employers monitor their employees phone calls, , Web browsing habits, and computer files.

Copyright © 2003 Prentice Hall, Inc 24 NEXT SLIDE Chapter 12 Summary cont. 7.Public key encryption uses an encryption key and a decryption key. 8.Security agencies fear that public key encryption will prevent them from detecting illegal activities. 9.The longer the key length, the stronger the encryption. 10.A public key infrastructure is a set of uniform encryption standards. 7.Public key encryption uses an encryption key and a decryption key. 8.Security agencies fear that public key encryption will prevent them from detecting illegal activities. 9.The longer the key length, the stronger the encryption. 10.A public key infrastructure is a set of uniform encryption standards.

Copyright © 2003 Prentice Hall, Inc 25 THE END