Chapter 10: Privacy, Security, and Ethics
Introduction The ubiquitous use of computers and technology prompts some very important questions about the use of personal data and our right to privacy. This chapter covers issues related to the impact of technology on people and how to protect ourselves on the Web.
People Privacy – What are the threats to personal privacy and how can we protect ourselves? Security – How can access to sensitive information be controlled and how can we secure hardware and software? Ethics – How do the actions of individual users and companies affect society?
Privacy Privacy – Keep your data secret Privacy is the right for an individual to be free from uninvited attention and inspection Every computer user should be aware of ethical matters, including how databases and networks are used and the major privacy laws Privacy – collection and use of data about individuals Accuracy – responsibility of those who collect data Secure Correct Property – who owns data and who has rights to software Access – responsibility of those who control data and use of data Technology moving faster than law can adapt
Security Security is the protection of assets. Computer criminals: Three main aspects of security are Protection Detection Reaction. Computer criminals: Employees Outside users Hackers and crackers Organized crime Terrorists Computer crime – illegal action in which the perpetrator uses special knowledge of computer technology Computer criminals – those using computer technology to engage in illegal action, five types Employees – the largest category; may be trying to steal hardware, software, proprietary information and could be doing this out of resentment and trying to get back at the company Outside users – could include employees and clients or suppliers having access to a company’s computer system; could obtain confidential passwords (key term) “Hackers” and “crackers” – hackers gain unauthorized access to computer systems “for fun”, crackers on the other hand, create and share programs designed to gain unauthorized access to computer systems. Their motives are malicious and can be very destructive and costly. Organized crime – tracking illegal enterprises, forgery, counterfeiting Terrorists – could potentially crash satellites and wage economic warfare by disrupting navigation and communication systems Concerned with security – on and off the Internet Most people don’t realize that security involves theft by employees as well as deliberate thefts from viruses, electronic break-ins, etc. Re-emphasize ethics as an integral part of security – what belongs to the company, belongs to the company (computer time, software, floppies, getting into area in computer where you don’t need to be) If you do happen to go somewhere in network or Internet you really didn’t intend to go, back out right away Tell your supervisor of the error and document what happened (how you got there, whom you told, and when you told the person)
Computer Crimes have tripled in the past two years! Malicious Programs Viruses(Vital Information under Siege) Worms Trojan horse Denial of service (DoS) attacks Phishing- Fake URL Computer crime can take various forms: Creation of malicious programs – called malware (key term)which is short for malicious software Viruses (key term)– (**Use link to show table of common viruses when talking about viruses) migrate through networks and operating systems and most attach themselves to different programs and databases; can alter and/or delete files; can damage system components; Computer Abuse Amendments Act (key term) makes spreading a virus a federal offense Worms (key term) – a special type of virus Doesn’t attach to a program Fills the computer with self-replicating information or can be a carrier of a more traditional virus Trojan horse – programs that are disguised as something else; like worms they are carriers of viruses; can be innocently downloaded from the Internet Zombies – computers infected by a virus, worm, or Trojan hoorse that allows them to be remotely controlled Denial of service attacks – denies service from ISPs by flooding a computer or network with requests for information and data Internet scams (key term) – (**Use link to show table of common Internet scams when talking about Internet scams) a fraudulent or deceptive act or operation to trick someone into spending money Theft – hardware, software, data, computer time; unauthorized copying of programs for personal gain is called software piracy (key term). The Software Copyright Act (key term) allows only the program owner to make backup copies of programs. Data manipulation – Computer Fraud and Abuse Act – law states that it’s a crime for an unauthorized person to even view data using any computer across state lines
Measures to Protect Computer Restricting access Encrypting data Anticipating disasters Preventing data loss Security involves protecting information, hardware, and software from unauthorized use, damage from intrusions, sabotage, and natural disasters Security growing field; currently have courses on Network security as well as Encryption – coding messages to prevent people from reading your messages Restricting access through passwords and firewalls (key term) Anticipating disasters – companies and individuals should prepare Physical security (key term)– protecting hardware Data security (key term)– protecting software and data from unauthorized tampering or damage And have a disaster recovery plan (key term)– describing ways to continue operating until normal computer operations can be restored; can create special emergency facilities called hot sites which are fully equipped backup computer centers or cold sites if hardware must be installed to be utilized Use physical backups – off-site storage using tapes or disks in case of loss of equipment (World Trade Center; Mississippi floods for example; hurricanes in Gulf states; fires in California and national parks)
Restricting Access Biometric scanning Passwords Firewalls Fingerprint scanners Iris (eye) scanners Passwords Firewalls Computers should be protected from unauthorized access Biometric scanning Fingerprint scanners Iris scanners Passwords Dictionary attack – attempts to gain unauthorized access Firewalls – a security buffer between a corporation’s private network and all external networks Return
Encrypting Data- Cryptography Encryption & Decryption is the process of exchanging coded information between sender and receiver Encrypting is the process of converting plain text to cipher text Decrypting is the process of converting plain text to cipher text Return
Ethics Copyright Software piracy Plagiarism Gives content creators the right to control the use and distribution of their work Software piracy Unauthorized copying and distribution Digital Millenium Copyright Act Digital rights management (DRM) Plagiarism Standards of moral conduct Computer ethics Guidelines for the morally acceptable use of computers Users are entitled to ethical treatment Copyright is a legal concept that gives content creators the right to control use and distribution of their work Piracy – the unauthorized copying and distribution of software Digital Millennium Copyright Act – the right of the owner to make a backup copy Digital rights management – prevents copyright violations Plagiarism – representing some other person’s work and ideas as your own without giving credit to the original person’s work and ideas as your own