------------------------------------------------------------------------------
MC logo
Ch. 13: Privacy and Security
[^] Chapter Outlines
------------------------------------------------------------------------------
<<Ch. 12: Computers and Society Ch. 14: Spreadsheets>>
  1. Privacy.
    1. Folks generally prefer to keep personal information from parties who are unknown or untrusted.
    2. People disclose in order to receive something.
      1. Cash or discounts.
      2. Consideration for a loan, position, reimbursement, etc.
      3. Proper medical treatment.
    3. People expect to give information voluntarily.
    4. People expect the receiver to use the information only for the declared purpose.
    5. Transactions generate information.
      1. What was purchased, who purchased it, when.
      2. Cash is usually anonymous; not other payments.
      3. Both sides of the purchase have the information, but a store can collect a larger volume than an individual.
    6. Modern technology is hard on privacy.
      1. Fewer cash transactions.
        1. People don't expect them anymore.
        2. Impossible online.
      2. Greater ability to collect and analyze data from transactions.
        1. Transaction is usually recorded on a computer.
        2. Computer files are easily transferred, therefore data can be sold.
        3. Credit card numbers allow one person's transactions to be related.
        4. Online systems may collect data which you are not aware.
      3. Discrete surveillance cameras and microphones.
    7. Sources of threat.
      1. Government, legitimate business, snoops or thieves.
      2. Information taken without consent.
      3. Information taken with consent, then misused.
      4. Information unnecessarily required by government.
    8. HEW fair information principles.
      1. The existence of a database containing personal information must not be kept secret.
      2. You can find out what is recorded about you, and how that information will be used.
      3. You may forbid information gathered for one purpose to be used for another.
      4. You may correct or amend your record.
      5. The database owner is responsible for the accuracy and security of the data.
    9. OECD fair information principles.
      1. Expanded version of HEW.
      2. Adds “accountability,” but does not talk about means.
    10. Legalities.
      1. US uses several narrow federal acts, plus a few state laws.
      2. EU has a comprehensive law based on the OECD guidelines.
      3. Voluntary privacy policies: enforcement through embarrassment.
    11. Opt-in v. opt-out.
      1. The default setting on your permission to use data.
      2. Marketers prefer opt-out.
      3. Privacy mavens prefer opt-in.
      4. If most folks cared, it would not be an issue.
    12. Links. Choose your paranoia level.
      1. Association for Computing Machinery (US)
      2. Electronic Frontiers Foundation
      3. The Direct Marketing Association
  2. Security.
    1. Cookies.
      1. Cookies are returned to the domain which first sent them.
      2. Since images are separated downloads, cookies can be created and returned by any image.
      3. Images may be loaded from a different place than the page viewed.
      4. An advertiser who places ads on other site's pages can track your progress through these pages.
      5. A small transparent image won't be noticed at all.
      6. Most browsers have an option to discard third-party cookies.
      7. Cookies are files on the hard drive which you can remove.

    2. Identity theft.
      1. Fraudulently claim to be someone else.
      2. Usually due to information theft.
      3. Could be due to misuse or sale of legitimately-collected information.
    3. Taking care.
      1. Use anti-virus and firewall software.
      2. Adjust your cookie settings.
      3. Avoid phishing scams.
    4. Encryption.
      1. Used to prevent unauthorized parties from receiving your information.
      2. Often used for net transmission.
      3. Sometimes used for files.
      4. Terms
        1. cryptosystem: the combination of encryption and decryption methods.
        2. plaintext or cleartext: the unencrypted message.
        3. cyphertext: the encrypted message.
      5. Computer encryption is numeric.
        1. The message is represented in ASCII or other coding scheme.
        2. The characters are grouped.
        3. The characters in a group are appended make a number.
        4. The encryption and decryption works on these numbers.
      6. Classical cryptosystems.
        1. Encryption and decryption with the same key.
        2. Problem on net: how do you transmit the key?
        3. XOR operation used in symmetric systems.
          11001001 ⊕ 01011110 = 10010111
          10010111 ⊕ 01011110 = 11001001
          1. Same bits produce zero.
          2. Different bits produce one.
          3. Property: abb = a.
          4. How to think of it: The one bits in the key mean to invert, the zero bits mean to keep the same.
      7. Public-Key cryptosystems.
        1. Encryption and decryption keys differ.
        2. The two keys must be produced at the same time.
        3. Encryption key usually published; called the public key.
        4. Decryption key kept secret: the private key.
        5. Message can only be decrypted by one who knows the private key.
        6. Standard technique: RSA encryption.
        7. Strong encryption
      8. Practical systems use public-key to hide a private key, then proceed using the private key.
      9. Political concerns.
        1. Strong encryption makes legal wiretaps and spying much more difficult.
        2. Proposed requirements for software writers:
          1. Back door: Must include means to tap plaintext before encryption.
          2. Key escrow: Must store decrypt keys with the government. Usually, two keys would be needed to decrypt, and would be held by separate agencies.
        3. Use of back door or escrowed key would require a court order.
        4. Obvious potential for abuse by authorities.
        5. Escrowed keys or backdoor passwords held by govt. are obvious hacker targets.
    5. Backup
      1. Data on computers is important.
      2. Many terrible things can happen to that data.
        1. Hardware failure.
        2. Software errors.
        3. Operator errors.
        4. Vandalism or sabotage.
        5. Physical accident: fire, flood, etc.
      3. Make backup copies which can be restored later.
        1. Perform the copy periodically. Businesses: daily or more often.
        2. Omit:
          1. Software and other things you can reinstall from the original media.
          2. Things unchanged since a previous backup.
          3. Temporary files and anything else you don't care about keeping.
        3. Tapes, writable CDs, over-the-net.
        4. Best to keep copies remote from originals.
<<Ch. 12: Computers and Society Ch. 14: Spreadsheets>>