Law Ethics and Privacy

Question 1

Technology and other safeguards for cyber security are largely defensive in nature. The only way they can impact a threat source is by increasing the work factor for an attacker. Can laws be used to reduce the magnitude of threats?

A) YES, laws can provide criminal sanctions agains those who commit cyber crime

B) NO, cyber crime has increased even as new laws have been put in place

Answer 1

A) YES

P3L3

Question 2

Cyber crime is a big problem. According to a recent report, what is an estimate of the cost of cybercrime for the United States?

A) 10 billion dollars
B) over 100 billion dollars

Answer 2

B) Over 100 billion dollars

P3L3

Question 3

The Computer Fraud and Abuse Act (CFAA) was used to prosecute the creator of the Melissa virus and he was sentenced in a federal prison and fined by using its provisions. What abuse was perpetrated by the Virus?

A) Data stored on computers was destroyed

B) Denial of service attacks that made computers unusable

Answer 3

B) Denial of service attacks that make computers unusable

P3L3

Question 4

Several people have argued about the overly general and vague language of the CFAA. For example, how exactly is unauthorized access defined? In one case, a company sued its competitor because the competitor’s employees create a trial subscription and downloaded data that was available to its subscribers. Do you think this is a violation of unauthorized access?

A) No, because the data was publicly available

B) Yes, because it potentially can cause financial loss to the company that sued its competition

Answer 4

A) No, because the data was publicly available

P3L3

Question 5

The DCMA includes exclusions for researchers, but companies have threatened to sue researchers who wanted to publish work related to circumvention of anti-piracy technologies. Which of these is an example of such a threat under the DCMA:

A) Prof. Ed Felten’s research on audio watermarking removal by RIAA

B) A research project done by MIT students that found vulnerabilities in the MBTA

Answer 5

A) Prof. Ed Felten’s research on audio watermarking removal by RIAA

P3L3

Question 6

By mistake, a friend sends sensitive health data in an email to you (wrong attachment). You should not read the information in the attached document because:

A) Professional code of ethics requires you to respect the privacy of others

B) You can be liable under CFAA

Answer 6

A) Professional code of ethics requires you to respect privacy of others

P3L3

Question 7

US_CERT follows a responsible disclosure process for vulnerabilities reported to it. Such a process must:

A) Make vulnerability information available to everyone who may be affected by it immediately

B) Provide a certain period of time for the vendor of the vulnerable system to develop a patch

Answer 7

B) Provide a certain period of time for the vendor of the vulnerable system to develop a patch

Question 8

A 2015 Pew survey of American adults’ attitudes about privacy. What percentage feel that it is important that they be able to control who gets information about them

A) 50%
B) 25%
C) 90%

Answer 8

C) 90%

P3L3

Question 9

In 2014, the European Court of Justice ruled that EU citizens have the “right to be forgotten” on the internet. For example, Google must not return links to information that can be shown to be “inaccurate, inadequate, irrelevant, or excessive”. Which one of the following is an example of information that Google decided not to return as a search result to meet the ECJ ruling?

A) Story about criminal conviction that was quashed on appeal

B) A doctor requesting removal of links to newspaper stories about botched procedures performed by him

Answer 9

A) Story about criminal conviction that was quashed on appeal

P3L3

Question 10

The Electronic Frontier Foundation (EFF) ranks websites with privacy scores based on how they deal with issues related to privacy. It gate AT&T one of the lowest scores (1 out of 5 scores). What explains this low score?

A) Does not disclose data retention policies

B) Does not use industry best-practices

C) Does not tell users about government data demands

Answer 10

A) does not disclose data retention policies

and

C) Does not tell users about government data demands

P3L3

Question 11

Does Google’s privacy policy disclose data retention policy?

Answer 11

No

P3L3

Question 12

Poor privacy is good for bad guys because they can use information about you to craft:

A) targeted phishing attacks

B) Gain access to your online accounts

Answer 12

A & B

P3L3

Question 13

The FTC charged Fandango, the online move ticket purchasing company, for not protecting user privacy. This action was taken because Fandango:

A) Shared user data without informing users

B) Did not secure user data

Answer 13

B) did not secure user data

P3L3

Question 14

If a company tracks your activities based on your machine’s IP address, on possible defense against it is to:

A) Disable cookies

B) Use Tor

Answer 14

B) Use Tor

P3L3