L23 - Law, Ethics, and Privacy

Question 1

Technology and other safeguards for cyber security are largely defensive in nature. The only way they can impact a threat source is by increasing the work factor for an attacker. Can laws be used to reduce the magnitude of threats?

a) Yes, laws can provide criminal sanctions against those who commit cyber crime
b) No, cyber crime has increased even as new laws have been put in place

Answer 1

a) Yes, laws can provide criminal sanctions against those who commit cyber crime

Question 2

Cyber crime is a big problem. According to a recent report, what is an estimate of the cost of cybercrime for the United States?

a) 10 billions of dollars
b) Over 100 billion dollars

Answer 2

b) Over 100 billion dollars

Question 3

The Computer Fraud and Abuse Act was used to prosecute the creator of the Melissa virus and he was sentenced in federal prison and fined by using its provisions. What abuse was perpetrated by the Melissa virus?

a) Data stored on computer was destroyed
b) Denial-of-service attacks that made computers unusable

Answer 3

b) Denial-of-service attacks that made computers unusable

Question 4

Several people have argued about the overly general and vague language of the CFAA. For example, how exactly is unauthorized access defined? In one case, a company sued its competitor because the competitor’s employees created a trial subscription and downloaded data that was available to its subscribers. Do you think this is a violation of unauthorized access?

a) No, the data was publicly available
b) Yes, because it potentially can cause financial loss to the company that sued its competition

Answer 4

a) No, the data was publicly available

Question 5

The DMCA includes exclusions for researchers but companies have threatened to sue researchers who wanted to publish work related to circumvention of anti-piracy technologies, Which of these is an example of such a threat under DMCA?

a) Prof Ed Felten’s research on audio watermarking removal by RIAA
b) A research project done by MIT students that found vulnerabilities in the Boston Massachusetts Bay Transit Authority (MBTA)

Answer 5

a) Prof Ed Felten’s research on audio watermarking removal by RIAA

Question 6

By mistake, a friend sends sensitive health data in an email to you (wrong attachment). You should not read the information in the attached document because…

a) Professional code of ethics requires you to respect privacy of others.
b) You can be liable under CFAA

Answer 6

a) Professional code of ethics requires you to respect privacy of others.

Question 7

US_CERT follows a responsible disclosure process for vulnerabilities reported to it. Such a process must…

a) Make the vulnerability information available to everyone who may be affected by it immediately
b) Provide a certain period of time for the vendor of the vulnerable system to develop a patch

Answer 7

b) Provide a certain period of time for the vendor of the vulnerable system to develop a patch

Question 8

A 2015 Pew surveyed American adults’ attitudes about privacy. What percentage feel that it is important that they be able to control who gets information about them?

a) About 50%
b) About 25%
c) Over 90%

Answer 8

c) Over 90%

Question 9

Which one is an example of information that Google decided not to return as a search result to meet the ECJ ruling?

a) Story about criminal conviction that was quashed on appeal
b) A doctor requesting removal of links to newspaper stories about botched procedures performed by him

Answer 9

a) Story about criminal conviction that was quashed on appeal

Question 10

The Electronic Frontier Foundation (EFF) ranks websites with privacy scores based on how they deal with issues related to privacy. It gave AT&T one of the lowest scores (1 out of 5 stars). What explains this low score?

a) Does not disclose data retention policies
b) Does not use industry best-practices
c) Does not tell users about government data demands

Answer 10

A and C

Question 11

Does Google privacy policy disclose data retention policy?

a) Yes
b) No

Answer 11

b) No

Question 12

Poor privacy is good for bad guys because they can use information about you to craft…

a) Targeted phishing attacks
b) Gain access to your online accounts

Answer 12

All of the above

Question 13

The FTC charged Fandango for not protecting user privacy. This action was taken because Fandango…

a) Shared user data without informing users
b) Did not secure user data

Answer 13

b) Did not secure user data

Question 14

If a company tracks your activities based on your machine’s IP address. One possible defense against it is…

a) Disable cookies
b) Use Tor

Answer 14

b) Use Tor