Computer Security


Published on

  • Be the first to comment

Computer Security

  1. 1. Computer Security Social Legal and Ethical issues. 08/19/10
  2. 2. Social Legal and Ethical issues <ul><li>Sara Base, A Gift of Fire , Prentice Hall, 2003 </li></ul>08/19/10
  3. 3. Social Legal and Ethical issues <ul><li>The impact of computers and computer systems </li></ul><ul><li>The ATM example </li></ul><ul><li>Unemployment </li></ul><ul><li>Alienation and customer service </li></ul><ul><li>Crime </li></ul><ul><li>Loss of privacy </li></ul><ul><li>Errors </li></ul>08/19/10
  4. 4. Social Legal and Ethical issues <ul><li>General Themes </li></ul><ul><li>Globalization of cyberspace </li></ul><ul><li>Tradeoffs of convenience vs privacy & security </li></ul><ul><li>Personal choices, Business policies and law </li></ul><ul><li>Negative rights or liberties and positive rights or claim rights </li></ul><ul><ul><li>Conflict of negative and positive rights: the claim rights of some may diminish the liberties of others </li></ul></ul><ul><ul><li>Privacy protection regulations vs universal access to information services </li></ul></ul>08/19/10
  5. 5. Social Legal and Ethical issues <ul><li>Main issues </li></ul><ul><li>Privacy & personal information </li></ul><ul><li>Freedom if speech </li></ul><ul><li>Can we trust computers </li></ul><ul><li>Intellectual property </li></ul><ul><li>Computer Crime </li></ul><ul><li>General social issues </li></ul><ul><li>Ethics </li></ul>08/19/10
  6. 6. 1. Privacy & personal information <ul><li>Key aspects </li></ul><ul><li>Freedom from intrusion </li></ul><ul><li>Control information about oneself </li></ul><ul><li>Freedom from surveillance </li></ul>08/19/10
  7. 7. 1. Privacy & personal information <ul><li>“ Big brother is watching you” </li></ul><ul><li>Database security </li></ul>08/19/10
  8. 8. Database security Provisions of Privacy Act of 1974 <ul><li>Restricts data in federal government records to what is “relevant and necessary” to the legal purpose for which it is collected. </li></ul><ul><li>Requires federal agencies to publish a notice of their record systems in the Federal Register </li></ul><ul><li>Allows people to access their records & correct inaccurate information </li></ul><ul><li>Requires procedures to protect the security of the information in the databases </li></ul><ul><li>Prohibits disclosure of information about a person without their consent. </li></ul>08/19/10
  9. 9. The fourth Amendment, US Constitution <ul><li>The right of the people to be secure in their </li></ul><ul><li>persons, houses, paper and effects against </li></ul><ul><li>unreasonable searches and seizures shall not be </li></ul><ul><li>violated , and no Warrants shall issue , but upon </li></ul><ul><li>probable cause , supported by Oath or </li></ul><ul><li>affirmation, and particularly describing the place </li></ul><ul><li>to be searched, and the persons or things to be </li></ul><ul><li>seized. </li></ul>08/19/10
  10. 10. Privacy & personal information <ul><li>Satellite surveillance and thermal imaging </li></ul><ul><li>Automated toll collection and itemized purchase records </li></ul><ul><li>Search and surveillance tools </li></ul><ul><li>Fighting terrorism </li></ul>08/19/10
  11. 11. Databases and marketing <ul><li>Credit bureaus </li></ul><ul><li>Principles for data collection & use </li></ul><ul><ul><li>Collect only data needed </li></ul></ul><ul><ul><li>Inform people when data about them are collected, what is collected … </li></ul></ul><ul><ul><li>Offer a way for people to opt out </li></ul></ul><ul><ul><li>Provide stronger protection for sensitive data </li></ul></ul><ul><ul><li>Keep data only as long as it is needed </li></ul></ul><ul><ul><li>Maintain accuracy and security of data </li></ul></ul><ul><ul><li>Provide a means for people to access and correct data stored about them. </li></ul></ul>08/19/10
  12. 12. Databases and marketing <ul><li>Social Security Numbers and National ID systems </li></ul><ul><li>Personal health and medical records </li></ul><ul><li>Public records: access vs privacy </li></ul>08/19/10
  13. 13. Privacy & personal information <ul><li>Protecting Privacy: law & regulation </li></ul><ul><li>Is their a right to privacy </li></ul><ul><li>The free market view vs the consumer protection view </li></ul><ul><li>Contract and regulations </li></ul><ul><li>Conflicts with freedom of speech </li></ul>08/19/10
  14. 14. 2. Freedom of speech Encryption and interception of communications <ul><li>Wiretapping </li></ul><ul><ul><li>Telephone </li></ul></ul><ul><ul><li>New technologies </li></ul></ul><ul><li>USA Patriot Act 2001: </li></ul><ul><ul><li>Lets the government collect info from financial institutions on any transactions that differs from a customer’s usual pattern, and allows access to the government to many other kinds of personal information without a court order. </li></ul></ul>08/19/10
  15. 15. Freedom if speech Carnivore <ul><li>FBIs system for intercepting email </li></ul><ul><li>FBI must first get a court order to intercept someone’s email </li></ul><ul><li>The Carnivore system is used at the Suspects Internet Service provider and filters all e-mails from that ISP, examining headers to find suspect email. </li></ul>08/19/10
  16. 16. Freedom if speech NSA’s Echelon <ul><li>Echelon is similar to Carnivor, but on an </li></ul><ul><li>international scale. </li></ul><ul><li>Involves a partnership with intelligence </li></ul><ul><li>agencies of Canada, Britain, Australia and New </li></ul><ul><li>Zealand, and operates a huge system of listening </li></ul><ul><li>stations to intercepts satellite communication. </li></ul><ul><ul><li>Targets terrorist and military activities </li></ul></ul>08/19/10
  17. 17. Freedom if speech Cryptography and its uses <ul><li>Use of encryption </li></ul><ul><ul><li>Criminal abuse: “ … unfortunately the same technology can be used by terrorists, drug dealers, … “ </li></ul></ul><ul><ul><li>White House Press, 1994 </li></ul></ul><ul><ul><li>Secrecy and export controls </li></ul></ul><ul><li>Steganography </li></ul>08/19/10
  18. 18. Freedom if speech Secrecy <ul><li>Clipper </li></ul><ul><ul><li>Trust in government </li></ul></ul><ul><ul><li>How much does technology matter </li></ul></ul>08/19/10
  19. 19. 3. Can we trust computers ? <ul><li>What can go wrong! </li></ul><ul><ul><li>Billing errors </li></ul></ul><ul><ul><li>database accuracy </li></ul></ul><ul><ul><li>failures… </li></ul></ul><ul><li>Increasing Reliability and Safety </li></ul><ul><ul><li>Overconfidence </li></ul></ul><ul><ul><li>Redundancy </li></ul></ul><ul><ul><li>Good design </li></ul></ul>08/19/10
  20. 20. <ul><li>Intellectual Property Digital Rights Management </li></ul><ul><li>Problems with new technologies </li></ul><ul><li>Copyright Law </li></ul><ul><li>The fair use doctrine </li></ul><ul><li>Copying Music, Movies, Software Books </li></ul><ul><ul><li>From floppies to the web </li></ul></ul><ul><ul><li>The Napster case </li></ul></ul><ul><ul><li>Beyond Napster </li></ul></ul><ul><li>Software Piracy </li></ul>08/19/10
  21. 21. 4. Intellectual property <ul><li>Ethical issues </li></ul><ul><li>Fuzziness about the ethics </li></ul><ul><li>Arguments used include: </li></ul><ul><ul><li>I cant afford to buy </li></ul></ul><ul><ul><li>The company is a wealthy corporation </li></ul></ul><ul><ul><li>Too expensive anyway </li></ul></ul><ul><ul><li>Making a copy from a friend is an act of generosity </li></ul></ul>08/19/10
  22. 22. 4. Intellectual property <ul><li>The future of copyright </li></ul><ul><li>Doomsday approach: copyright law will disintegrate. </li></ul><ul><li>Balanced solutions will be found by using a new approach and new technologies </li></ul><ul><ul><li>Free software </li></ul></ul><ul><ul><li>Copyright or patent? </li></ul></ul>08/19/10
  23. 23. 5. Computer Crime <ul><li>What is hacking </li></ul><ul><li>The Law </li></ul><ul><ul><li>Catching hackers </li></ul></ul><ul><ul><li>Penalties appropriate to the crime </li></ul></ul><ul><ul><li>Discouraging and punishing “amateur” hackers </li></ul></ul><ul><li>Design secure “hack-free” systems </li></ul><ul><li>Online scams </li></ul><ul><ul><li>Chain letters, sale of counterfeit goods, phony investments </li></ul></ul><ul><ul><li>Collecting credit card numbers, ID and password details </li></ul></ul><ul><li>Fraud, embezzlement, Sabotage </li></ul><ul><li>Identity theft </li></ul>08/19/10
  24. 24. 6. General Social Issues <ul><li>Impact on our society </li></ul><ul><li>Information Have’s and Have-Nots </li></ul><ul><ul><li>The digital divide </li></ul></ul><ul><ul><li>Trends in computer access </li></ul></ul><ul><ul><li>Abdicating responsibility </li></ul></ul><ul><li>Does the Technology create the need for itself? </li></ul><ul><li>“… The Web is alive and filled with life, nearly </li></ul><ul><li>as complex and natural as the primordial swamp…” </li></ul><ul><li>Who benefits most </li></ul><ul><li>Prohibiting bad technologies </li></ul>08/19/10
  25. 25. 7. Ethics <ul><li>What is Ethics? </li></ul><ul><li>The study of what it means to do the “right” thing </li></ul><ul><ul><li>And what is the “right” thing? </li></ul></ul><ul><li>A variety of ethical views </li></ul><ul><ul><li>Deontological theories </li></ul></ul><ul><ul><ul><li>emphasize duty and rules to be followed whether they lead to good or ill consequence </li></ul></ul></ul><ul><ul><li>Utalitarialism </li></ul></ul><ul><ul><ul><li>An example of a consequentialist theory: to increase happiness or “utility” </li></ul></ul></ul><ul><ul><li>Natural rights </li></ul></ul><ul><ul><ul><li>Treat people as ends rather than means, and increase people’s happiness </li></ul></ul></ul><ul><ul><li>No simple answers </li></ul></ul><ul><ul><ul><li>No mathematical solution </li></ul></ul></ul>08/19/10
  26. 26. 7. Ethics <ul><li>What is Ethics? </li></ul><ul><ul><li>Some important distinctions </li></ul></ul><ul><ul><ul><li>Right, Wrong and OK </li></ul></ul></ul><ul><ul><ul><li>Negative and positive rights, or liberties and claim-rights </li></ul></ul></ul><ul><ul><ul><li>Distinguishing wrong and harmful </li></ul></ul></ul><ul><ul><ul><li>Separating goals from constraints </li></ul></ul></ul><ul><ul><ul><li>Personal Preference and Ethics </li></ul></ul></ul><ul><ul><ul><li>Law and Ethics </li></ul></ul></ul><ul><ul><li>Professional codes and Ethics </li></ul></ul><ul><ul><ul><li>Professional organizations have codes for professional conduct </li></ul></ul></ul><ul><ul><ul><li>ACM, IEEE </li></ul></ul></ul>08/19/10