Law, Ethics, and Privacy Flashcards
Cybercrime
broadly describes criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity
connotation of involving networks, whereas computer crime may or may not involve networks
Role of computers in crimes
Computers as targets
Computers as storage devices
Computers as communication tools
US Computer Fraud and Abuse Act (CFAA)
Defines criminal sanctions against various types of abuse
Unauthorized access to computer containing:
- -data protected for national defense
- -banking or financial information
Unauthorized access, use, modification, destruction, disclosure of computer or information on a system operated by or on behalf of US govt.
Accessing without permission a protected computer (any computer connected to the Internet)
Transmitting code that causes damage to computers (malware)
Trafficking in computer passwords
Cybercrimes
Illegal access
Illegal interception
Data interference
System interference
Misuse of devices
Computer-related forgery
Offenses related to child pornography
Infringement of copyright and related rights
Attempt and aiding or abetting
Difficulties for law enforcement agencies
Proper investigation requires sophisticated grasp of technology
Lack of resources (not enough computer processing power, communications capacity, or storage capacity)
Global nature of cybercrime and lack of cooperation with remote law enforcement agencies
Intellectual property
any intangible asset that consists of human knowledge and ideas. Examples include software, data, novels, sound recordings, the design of a new type of mousetrap, cure for a disease.
Three types of intellectual property and infringment
Patents
–unauthorized making, using, or selling
Trademarks
–unauthorized use or colorable imitation
Copyrights
-unauthorized use
Infringement
the invasion of the rights secured by copyrights, trademarks, or patents
Intellectual property relevant to Network and Computer Security
Software
- programs produced by vendors of commercial software, shareware, proprietary software created by org for internal use, software produced by individuals
- copyright available
- some cases, patent protection available
Databases
- data collected and organized in a fashion that has potential commercial value
- copyright
Digital content
-audio files, video files, multimedia, courseware, Web site content
Algorithms
-RSA public key cryptosystem, patented from 1980 until expiration in 2000
Digital Millennium Copyright Act
Intellectual property: music, software piracy
Digital objects can be copyrighted.
It is a crime to circumvent or disable anti piracy functionality built into an object.
It is a crime to manufacture, sell, and distribute devices that disable anti piracy functionality or copy objects.
Research, educational exclusions (e.g., libraries can make up to three copies for lending).
RIAA lawsuits & P2P music sharing – electronic frontier foundation
Digital Rights Management
Systems and procedures that ensure that holders of digital rights are clearly identified and receive the stipulated payment for their works
Privacy
A user’s ability to control how data pertaining to him/her can be collected, used and shared by someone else.
What is private?
Financial statements, credit card statements, banking records etc. Health/medical conditions Legal matters Biometrics (e.g., fingerprints) Political beliefs School and employer records Web browsing habits? What do we search, what do we browse? Websites we visit? Communication (emails and calls) Past history (right to be forgotten
What is not private?
Where I live? My citizenship?
I am registered to vote? (US)
My salary (state employee because Georgia Tech is a public university)
Threats to Privacy
Traffic analysis (we know who you talk to)
Surveillance (scale and magnitude – cameras everywhere, Snowden disclosures)
Linking and making inferences (big data, data mining, analytics)
Social media (we know your friends)
Tracking of web browsing (cookies)
Location aware applications (we know where you have been)
Sometimes we are willing parties (loyalty cards in stores)
Privacy Threats to Online Tracking Info
Collection of information about you (e.g., tracking) – with or without your consent?
Usage – only used for specified purpose you agreed to?
Information retention – how long can they keep it?
Information disclosure and sharing – disclosed to only authorized or agreed to parties?
Privacy policy changes – can information collector/holder change to a more lax policy without your agreement?
Information security – identity and access management, monitoring, secure against various threats we discussed.
Privacy Enhancing Technologies
Tor (network traffic analysis would not allow someone to know where we are coming from)
Onion routing is the basic idea
- -With the help of a directory service, get a set of nodes
- -Random set and order
- -Alice prepares a message and creates onion layers with encryption
Pseudo-anonymity (fake or fictional identities), multiple identities etc.
Aggregation, privacy enhancing transformations (generalization, anonymizing, diverse data values etc.)
Difference between law and ethics
Individual standard vs. societal
No external arbiter and enforcement unlike law
Examples – What do you do when you discover a vulnerability in a commercial product? Ethical disclosure?
Code of ethical conduct (IEEE, ACM, university)
Ethical issues arise in these contexts as the result of computers
Repositories and processors of information
Producers of new forms and types of assets
Instruments of acts
Symbols of intimidation and deception
Code of conducts themes
dignity and worth of other people
personal integrity and honesty
responsibility for work
confidentiality of information
public safety, health, and welfare
participation in professional societies to improve standards of the profession
the notion that public knowledge and access to technology is equivalent to social power
