Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall.

Published byCameron Miller Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall."— Presentation transcript:

1 1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall

2 2 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack

3 3 Figure 12-1: Laws Governing Hacking U.S. National Laws  Title 18, Section 1030 Enabling Legislation  Computer Fraud and Abuse Act of 1986  National Information Infrastructure Protection Act of 1996  Homeland Security Act of 2002 Prohibitions  Criminalizes intentional access of protected computers without authorization or in excess of authorization (Hacking)

4 4 Figure 12-1: Laws Governing Hacking U.S. National Laws  Title 18, Section 1030 Prohibitions  Criminalizes the transmission of a program, information, code, or command that intentionally causes damage without authorization of a protected computer (Denial-of-Service and Viruses)

5 5 Figure 12-1: Laws Governing Hacking U.S. National Laws  Title 18, Section 1030 Punishment  For first offenses, usually 1-5 years; usually 10 years for second offenses  For theft of sensitive government information, 10 years, with 20 years for repeat offense  For attacks that harm or kill people, up to life in prison

6 6 Figure 12-1: Laws Governing Hacking U.S. National Laws  Title 47 Electronic Communications Privacy Act of 1986 (ECMA) Prohibits the reading of information in transit and in storage after receipt  Other federal laws for fraud, etc.

7 7 Figure 12-1: Laws Governing Hacking U.S. State Laws  Federal laws only protect some computers  State laws for purely intrastate crimes vary widely

8 8 Figure 12-1: Laws Governing Hacking Laws Around the World Vary  The general situation: lack of solid laws in many countries  Cybercrime Treaty of 2001  Signatories must agree to create computer abuse laws and copyright protection  Nations must agree to work together to prosecute attackers

9 9 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack

10 10 Figure 12-2: Consumer Privacy Introduction  Scott McNealy of SUN Microsystems: “You have zero privacy now. Get over it!”  But privacy is strong in European Union countries and some other countries

11 11 Figure 12-2: Consumer Privacy Credit Card Fraud and Identity Theft  Widespread Concern (Gartner) One in 20 consumers had suffered credit card number theft in 2002 One in 50 consumers had suffered identity theft in 2002 Only about a fifth of this is online, but online theft is growing the most rapidly

12 12 Figure 12-2: Consumer Privacy Credit Card Fraud and Identity Theft  Carders steal credit card numbers  Many merchants fail to protect credit card numbers  Carders test and sell credit card numbers  Merchants also suffer fraud from consumers and carders  Identity theft: Set up accounts in person’s name Victim may not discover identity theft until long afterward

13 13 Figure 12-2: Consumer Privacy Tracking Customer Behavior  Within a website and sometimes across websites  Some information is especially sensitive (health, political leanings, etc.)  Access to data and analysis tools are revolutionizing the ability to learn about people

14 14 Figure 12-2: Consumer Privacy Tracking Customer Behavior  What consumers wish for Disclosure of policies  What information will be collected?  How the information will be used by the firm collecting customer data?  Whether and with whom the information will be shared

15 15 Figure 12-2: Consumer Privacy Tracking Customer Behavior  What consumers wish for Ability of consumer to see and correct inaccurate personal information Limiting collection and analysis to operational business needs  Limiting these needs Opt in: No use unless customer explicitly agrees

16 16 Figure 12-2: Consumer Privacy Corporate Responses  Privacy disclosure statements  TrustE certifies corporate privacy behavior  Platform for Privacy Preferences (P3P); Standard format for privacy questions  Federal Trade Commission Enforces privacy statements Imposes fines and required long-term auditing Does not specify what should be in the privacy statement

17 17 Figure 12-2: Consumer Privacy Corporate Responses  Opt out: Customer must take action to stop data collection and sharing  No opt: No way to stop data collection and sharing  Passport and Liberty Alliance Identity management services Register once, giving personal information Give out to merchants selectively

18 18 Figure 12-2: Consumer Privacy Consumer Reactions  Checking privacy disclosure statements (rare)  Not accepting cookies (rarer)  Anonymous websurfing services (extremely rare)

19 19 Figure 12-2: Consumer Privacy U.S. Privacy Laws  No general law  Health Information Portability and Accountability Act (HIPPA) of 1996 Protects privacy in hospitals and health organizations Focuses on protected information that identifies a patient

20 20 Figure 12-2: Consumer Privacy U.S. Privacy Laws  Gramm-Leach-Bliley Act (GLBA) of 1999 Protects financial data Allows considerable information sharing Opt out can stop some information sharing

21 21 Figure 12-2: Consumer Privacy U.S. Privacy Laws  Children’s Online Privacy Protection Act of 1998 Protects the collection of personal data from children under 13 Applies in child-oriented sites and any site that suspects a user is under 13 No protection for older children  Registration for Kids.US domain is controlled  State privacy laws vary widely

22 22 Figure 12-2: Consumer Privacy International Laws  European Union Charter of Fundamental Rights Right to protection of personal information Personal information must be processed for specific legitimate purposes Right to see and correct data Compliance overseen by independent authority

23 23 Figure 12-2: Consumer Privacy International Laws  E.U. Data Protection Directive of 1995 Opt out with opt in for sensitive information Access for review and rectification Independent oversight agency Data can be sent out of an EU country only to countries with “adequate” protections

24 24 Figure 12-2: Consumer Privacy International Laws  Safe harbor Rules that U.S. firms must agree to follow to get personal data out of Europe Are GLBA rules to be considered in financial industries? E.U. is resisting.

25 25 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack

26 26 Figure 12-3: Employee Workplace Monitoring Monitoring Trends  American Management Association survey  E-mail monitoring use from 15% to 46% between 1997 and 2001  Internet connections in 2001: 63% monitored  In 2001, 76% had disciplined an employee; 31% had terminated an employee

27 27 Figure 12-3: Employee Workplace Monitoring Why Monitor?  Loss of productivity because of personal Internet and e-mail use Significant personal Internet and e-mail use is occurring Employees and companies generally agree that a small amount of personal use is acceptable Biggest concern is abnormally heavy personal use Some employees are addicted to personal use

28 28 Figure 12-3: Employee Workplace Monitoring Why Monitor?  Harassment Title VII of the Civil Rights Act of 1964: sexual and racial harassment Pornography, other adult content are fairly common Monitoring for keywords can reduce pornography and harassment and provide a legal defense

29 29 Figure 12-3: Employee Workplace Monitoring Why Monitor?  Viruses and other malware due to unauthorized software  Trade secrets: Both sending and receiving must be stopped  Commercially damaging communication behavior: Can harm reputation, generate lawsuits, and run afoul of stock manipulation laws

30 30 Figure 12-3: Employee Workplace Monitoring The Legal Basis for Monitoring  Electronic Privacy Communications Act of 1986 Allows reading of communications by service provider (firm) Allows reading if subject agrees (make condition of employment)  Employee has no right to privacy when using corporate computers

31 31 Figure 12-3: Employee Workplace Monitoring The Legal Basis for Monitoring  In United States, at-will employees can be disciplined, dismissed easily  Must not discriminate by selective monitoring  Unions often limit disciplining, agreement to be monitored  In multinational firms, stronger privacy and employment rules might exist

32 32 Figure 12-3: Employee Workplace Monitoring Should a Firm Monitor?  Danger of backlash  Are the negative consequences worth the gain?

33 33 Figure 12-3: Employee Workplace Monitoring Computer and Internet Use Policy Should Specify the Following  No expectation of privacy  Business use only  No unauthorized software  No pornography and harassment  Damaging communication behavior  Punishment for violating the policy Employee Training in Policy is Crucial

34 34 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack

35 35 Figure 12-4: Government Surveillance U.S. Tradition of Protection from Improper Searches  No privacy protection in Constitution  Fourth Amendment: No unreasonable searches and seizures Can search only with probable cause Can only search specific things  FBI misuse of data collection during Hoover’s leadership

36 36 Figure 12-4: Government Surveillance Telephone Surveillance  Wiretapping Federal Wiretap Act of 1968 for domestic crimes Foreign Intelligence Surveillance Act of 1978 (FISA) for international terrorists and agents of foreign governments Need warrant with probable cause and inability to get information by other means

37 37 Figure 12-4: Government Surveillance Telephone Surveillance  Pen registers and trap and trace orders Pen registers: List of outgoing telephone numbers called Trap and trace: List of incoming telephone numbers Not as intrusive as wiretap because content of the call is not captured

38 38 Figure 12-4: Government Surveillance Telephone Surveillance  Pen registers and trap and trace orders Electronic Communications Privacy Act of 1986 allows Must be based on information to be collected being likely to be relevant to ongoing investigation (weak) Judge cannot turn down warrant

39 39 Figure 12-4: Government Surveillance Telephone Surveillance  Communications Assistance for Law Enforcement Act of 1994 Requires communication providers to install the technology needed to be able to provide data in response to warrants  Patriot Act of 2001 Extends roving wiretaps to FISA—follow the target across media Get billing information from telecommunications providers

40 40 Figure 12-4: Government Surveillance Internet Surveillance  Extends pen register and trap and trace to Internet traffic  Same weak justification as for telephone traffic  But much more intrusive: e-mail addresses, URLs (which can be visited), etc.

41 41 Figure 12-4: Government Surveillance Carnivore  Monitoring computer placed at ISP  FBI installs Carnivore computer, collects information  Can limit filtering to restrictions of warrant  No accountability through audit trails

42 42 Figure 12-4: Government Surveillance The Possible Future of Government Surveillance  Intrusive airport security through face scanning  Possible national ID cards  New ability to gather and analyze information from many databases

43 43 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack

44 44 Figure 12-5: Cyberwar and Cyberterror Threats  Attacking the IT infrastructure  Using computers to attack the physical infrastructure (electrical power, sewage, etc.)  Using the Internet to coordinate attacks

45 45 Figure 12-5: Cyberwar and Cyberterror Cyberwar  Conducted by governments  Direct damage  Disrupting command and control  Intelligence gathering  Propaganda  Industrial espionage  Integrating cyberwar into war-fighting doctrines

46 46 Figure 12-5: Cyberwar and Cyberterror Cyberterrorism  By semi-organized or organized groups  Psychological focus Indirect economic impacts (for example, losses because of reduced travel after September 11, 2001, terrorist attacks) Goals are publicity and recruitment  Indiscriminate damage

47 47 Figure 12-5: Cyberwar and Cyberterror Cyberterrorism  Hacktivism—politically motivated attacks by unorganized or loosely organized groups  Who is a terrorist? Spectrum from activism to full cyberterror

48 48 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack

49 49 Figure 12-5: Cyberwar and Cyberterror Building a National and International Response Strategy  National governments Coordinated responses Intelligence gathering Research and training Economic incentives  Private enterprise Importance of hardening individual firms Requiring hardening to meet responsibilities

50 50 Figure 12-5: Cyberwar and Cyberterror Hardening the Internet  Hardening the telecommunications infrastructure with decentralization and other methods  International cooperation is needed because of worldwide attackers  Hardening the underlying telecommunications system  Adding security to dialogs with VPNs

51 51 Figure 12-5: Cyberwar and Cyberterror Hardening the Internet  Hardening Internet protocols IETF is making progress by adding confidentiality, authentication, and other protections to core Internet protocols Generally not using digital certificates in a public key infrastructure for strong authentication

52 52 Figure 12-5: Cyberwar and Cyberterror Hardening the Internet  Making the Internet forensic ISPs might be forced to collect and retain data for long periods of time ISPs might be forced to do egress filtering to stop attacks at the source The cost to ISPs would be high

Download ppt "1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall."

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.

Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.

Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
1 The Broader Picture Chapter 12 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall.

1 The Broader Picture Chapter 12 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.

Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.
Global Information Systems

Global Information Systems
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Legislation Who governs e-commerce?. E-commerce is regulated by laws and guidelines. These aim to ensure that sites operate effectively and that online.

Legislation Who governs e-commerce?. E-commerce is regulated by laws and guidelines. These aim to ensure that sites operate effectively and that online.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

Similar presentations

Ads by Google