10 PRIVACY AND SECURITY CHAPTER Just because something is on a computer doesn’t mean it’s safe from fire, theft, or disaster. Every time a person interacts with a computer, information is exchanged; at a checkout line, getting a license, etc. How can you protect your information? There are ethical questions raised by the incorporation of computers into our society: Environmental consequences Health risks Business ethics Privacy Copyright violation

Competencies (Page 1 of 2) Discuss the privacy issues related to the presence of large databases, private networks, the Internet, and the Web Describe the major privacy laws and the Code of Fair Information Practice Describe the security threats posted by computer criminals, computer crime, and other hazards Page 270

Competencies (Page 2 of 2) Discuss ways that individuals and organizations protect their security Describe the common types of physical and mental risks associated with computer use and ways to protect yourself against these risks Discuss what the computer industry is doing, and what you can do to protect the environment Page 270

Information Systems hardware data connectivity people procedures software Page 272

Information Systems Concerns for People Privacy – What are the threats to personal privacy and how can we protect our selves? Security – How can access to sensitive information be controlled and how can we secure hardware and software? Ergonomics – What are the physical and mental risks to technology and how can these risks be eliminated or controlled? Environment – What can individuals and organizations do to minimize the impact of technology? Privacy – What are the threats to personal privacy and how can we protect ourselves? Security – How can access to sensitive information be controlled and how can we secure hardware and software? Ergonomics – What are the physical and mental risks to technology and how can these risks be eliminated or controlled? Environment – What can individuals and organizations do to minimize the impact of technology on our environment? Let’s look at the definition of computer ethics and privacy first Page 272

Private Networks Employers monitor e-mail Legally done Snoopware Software Online services right to censor content Screen and reject messages Terminate user accounts Currently legal for employers to monitor electronic mail; survey reported 75% do so using snoopware Snoopware records virtually everything you do on your computer Most online services reserve the right to censor content; libel, obscenity, or offensive material Can terminate your account for unacceptable “behavior” towards company Return Page 276

Security and Computer Criminals Threats to computer security are criminals, computer crime, and hazards Computer criminals are of five types: Employees Outside users Hackers and crackers Organized crime Terrorists Computer crime – illegal action in which the perpetrator uses special knowledge of computer technology Computer criminals – those using computer technology to engage in illegal action, five types Employees – the largest category; may be trying to steal hardware, software, proprietary information and could be doing this out of resentment and trying to get back at the company Outside users – could include employees and clients or suppliers having access to a company’s computer system; could obtain confidential passwords “Hackers” and “crackers” – hackers gain unauthorized access to computer systems “for fun” but crackers have malicious intent including stealing information or introducing a “bomb,” a destructive computer program Organized crime – tracking illegal enterprises, forgery, counterfeiting Terrorists – could potentially crash satellites and wage economic warfare by disrupting navigation and communication systems Concerned with security – on and off the Internet Most people don’t realize that security involves theft by employees as well as deliberate thefts from viruses, electronic break-ins, etc. Re-emphasize ethics as an integral part of security – what belongs to the company, belongs to the company (computer time, software, floppies, getting into area in computer where you don’t need to be) If you do happen to go somewhere in network or Internet you really didn’t intend to go, back out right away Tell your supervisor of the error and document what happened (how you got there, whom you told, and when you told the person) Page 282

Computer Crime Number of Computers Crimes Going Up Malicious Programs Viruses Worms Trojan horse Denial of service (DoS) Internet Scams Theft Hardware or software Data Computer time Data Manipulation Computer Fraud and Abuse Act of 1986 $1.5 trillion estimated to be lost in the past year from computer crime Computer crime can take various forms: Creation of malicious programs – called malware which is short for malicious software Viruses – (**Use link to show table of common viruses when talking about viruses) migrate through networks and operating systems and most attach themselves to different programs and databases; can alter and/or delete files; can damage system components Worms – (**Use link to show table of common worm types when talking about worms) a special type of virus Doesn’t attach to a program Fills the computer with self-replicating information or can be a carrier of a more traditional virus Trojan house – programs that are disguised as something else; like worms they are carriers of viruses; can be innocently downloaded from the Internet Denial of service attacks – denies service from ISPs by flooding a computer or network with requests for information and data Internet scams – a fraudulent or deceptive act or operation to trick someone into spending money Theft – hardware, software, data, computer time Data manipulation – unauthorized use of data – law states that it’s a crime for an unauthorized person to even view data using any computer across state lines Page 283

Other Hazards Natural hazards Civil strife and terrorism Fires & floods Winds Hurricanes Tornadoes Earthquakes Civil strife and terrorism Wars Riots Terrorist acts Technological failures Voltage surge Use surge protector Human errors There are plenty of other hazards to computer systems besides criminals Natural hazards include fires, floods, winds, hurricanes, etc. Civil strife – wars, riots, etc. are real risks Technological failures – voltage surges or spikes Human errors – data entry are commonplace mistakes; programming, faulty design mistakes Page 287

Measures to Protect Computer Security Encrypting messages Restricting access Anticipating disasters Backing up data Encrypted e-mail Security involves protecting information, hardware, and software from unauthorized use, damage from intrusions, sabotage, and natural disasters Security growing field; currently have courses on Network security as well as Encryption – coding messages to prevent people from reading your messages Restricting access through passwords and firewalls Anticipating disasters – companies and individuals should prepare Physical security – protecting hardware Data security – protecting software and data from unauthorized tampering or damage And have a disaster recovery plan – describing ways to continue operating until normal computer operations can be restored; can create special emergency facilities called hot sites which are fully equipped backup computer centers or cold sites if hardware must be installed to be utilized Use physical backups – off-site storage using tapes or disks in case of loss of equipment (World Trade Center; Mississippi floods for example; hurricanes in Gulf states; fires in California and national parks) Return Page 287

Ergonomics (Page 1 of 3) Study of human factors related to things people use Physical Health Eyestrain and headache Back and neck pain Repetitive strain injury The study of human factors related to things people use; concerned with fitting job to worker rather than worker to job Take regular breaks (like every hour or two) from computer monitor to avoid eye strain, back strain, or even vibrations from the system. Avoid monitors that flicker; ensure adequate monitor brightness By keeping all objects on which you are working at the same distance, you avoid eye strain, neck strain or arm/wrist injury Keep equipment (keyboard and monitor) at comfortable level – get a chair that adjusts or rearrange your equipment Avoid repetitive strain injury (RSI) by again having your equipment comfortable to ease the stress on tendons and muscles in your arms, wrists, back, and neck Billions of dollars in claims and productivity losses every year Page 238

Ergonomics (Page 2 of 3) Recommendations for the ideal microcomputer work environment Page 291

Ergonomics (Page 3 of 3) Computer technology offers ways of improving productivity but can create irritants other than physical Noise Electronic monitoring Technostress Stress associated with computer use Computers tend to emit very low frequency noise that can be stressful and/or damaging to some people. Some printers emit considerable noise. Networking of peripherals (requiring fewer printers) and the advances in technology have helped cut out a lot of this; however, still a factor to be considered. Workers electronically monitored have more health problems Recently researchers have discovered what a common sense manager already knew: human monitoring yields more productivity than electronic monitoring Capabilities of microprocessor stimulate manufacturers to load on the features, which often results in a product that is difficult to use. Trend is towards including fewer features and only those that are needed for particular job Technostress – tension that arises when trying to adapt to computers Return Page 292

The Environment Microcomputers use most of the electricity in work environment. Turn off when not using (like evenings or weekends) They account for 5% of the electricity used Most systems now come with energy-saving screens that go into “sleep mode” when not used for period of time The EPA (Environmental Protection Agency) has created the Energy Star program to discourage waste in the microcomputer industry Goal to reduce power required Organized the Green PC concept Look for energy star that indicates PC is working to follow guidelines established by EPA. What are characteristics of “Green PC”? The Green PC System Unit –energy saving microprocessor, eliminates cooling fan, has sleep mode Display – flat panels, power-down monitors, screen-saver software that clears the display when not in use Manufacturing – use of fewer harmful chemicals Page 293

Personal Responsibility to Help Protect the Environment What can you do? Conserve Recycle Educate What can you do to protect the environment as a computer user? Page 294

A Look to the Future Presence Technology Presence technology alerts you that someone is trying to reach you People can locate you People can tell which device is best to contact you Could become a standard feature of new cars, phones, and appliances Ask students to discuss the advantages and disadvantages of presence technology Is it always good to be found? Page 295

Discussion Questions Discuss the relationship between databases and privacy. Discuss the Code of Fair Information Act. Why has this act not been made into law? Discuss the various kinds of computer criminals. What are the principal measures used to protect computer security? What is encryption? How is it used by corporations and individuals What is ergonomics? How does computer use impact mental health? Physical health? Have students turn to the end of Chapter 10 in their textbooks to view the same “Open-Ended” questions/statements Page 302