Topic#3 - WordPress.com · Surveillance technologies ! Database Surveillance: Blacklist databases &...

Anonymity, Security, and Privacy

Chapter 5 in “Ethical & Social Issues in the Information Age”, 5th edition.

Topic#3

By: Dr. Najla Al-Nabhan & Ms. Asma AlKhamis

A Modified Grading Method }  Participation & Assignments [Tutorial]: 10 % }  Quizzes: 5% }  Midterm Exam: 25% è 20% (one midterm)

}  Project: 15% }  Presentation & Workshop: 10%

}  Final Exam: 40%

The Outline

Ethical and Social...J.M.Kizza 3

}  Introduction }  Anonymity }  Security }  Privacy }  Ethical and Social Issues

Introduction


}  Information has increased in value }  The demand for information is high due to:

}  High digitalization of information and increasing bandwidth. }  Declining costs of digital communication. }  Increased miniaturization/mobility of portable

computers and other communications equipment. }  Greater public awareness by the news media of the

potential abuse of digital communication, especially the Internet.

}  The danger for misuse is real

Anonymity


}  What is “Anonymity” ? }  Absence of identity }  The state of being nameless, having no identity.

}  It is extremely difficult for anybody to live a meaningful life while one is totally anonymous.

}  There are two common types of anonymity: }  Pseudo identity. }  Untraceable identity.

Anonymity


}  Pseudo Identity }  An individual is identified by a certain pseudonym, code, or

number (similar to a writer’s pen name). }  The most common variant of anonymity.

}  Untraceable Identity }  One is not known by any name including pseudo names.

Anonymity on the Internet


}  The nature of the Internet, with its lack of political, cultural, religious, and judicial boundaries, has created opportunities for all faceless people to come out in the open.

}  In particular, the Internet provides two channels through which anonymous acts can be carried out:

1.  Anonymous servers : (by encryption) ¨  2 types of anonymous servers : Anonymous & Pseudonymous.

2.  Anonymous users: }  All anonymity types are not 100 % anonymous. }  Anybody with a basic knowledge of computing networking would know,

there is always a possibility to find those who misuse the Internet.

Anonymity on the Internet


1. Anonymous Servers (a) Full anonymity servers, where no identifying information is

forwarded in packet headers (b) Pseudonymous servers, which put pseudonym in forwarded

packet headers, keeping the real identity behind a pseudonym.

2. Anonymous Users - Another Internet channel to assure anonymity is for users to assume

pseudonyms and use internet services such as chat rooms and social online networks anonymously.

-  Sensitive and sometimes highly personal information has been posted to popular user groups, news groups, and online social networks chat rooms.

-  Some networking protocols, such as (SMTP), accept messages to servers with arbitrary field information.

Advantages & Disadvantages of Anonymity


- Anonymity has its good and bad sides. Advantages: }  Checking unhealthy activities within an organization. }  National security. }  Some relationships and security of some people. Disadvantages: }  Criminals can use it to their advantage, especially in

online social networks.

Anonymity vs. Single Identity


Legal View of Anonymity


}  Society may not be safe, if a lot of criminals use anonymity to hide their criminal activities.

}  It brings suffering in social relations in society. (?) }  It is necessary, either for a local authority or national

legislatures, to pass laws that regulate when and who can use anonymity legally.

}  Currently, there are serious debates on the freedoms of individuals on the Internet and how these freedoms can be protected.


Security

}  In general, Security can be considered a means to prevent unauthorized:

}  access, }  use, }  alteration, }  and theft or physical damage

to a property.

Information Security


}  It involves these three elements: 1.  Confidentiality - to prevent

unauthorized disclosure of information to third parties.

}  Important! disclosure of personal information such as medical, financial, academic, and criminal records.

2.  Integrity - to prevent unauthorized

modification of files. }  Includes system, information, and personnel integrity.

3.  Availability -: to prevent unauthorized withholding of information from those who need it when they need it.

}  Denial of Service Attack (DoS)

Physical Access Controls


}  Physical Security Barriers }  The area surrounding the facility can be secured using

locks and keys, window breakage detectors, infrared and ultrasonic detectors, interior microwave systems, animal like dogs, and human barriers like security guards and others.

}  Electronic Access Controls } With advances in technology, we are moving away,

though not totally, from the physical barriers to more invasive electronic controls

}  Include card access control systems & firewalls, passwords...

Firewalls…


}  It is hardware or software used to isolate the sensitive portions of an information system facility from the outside world and limit the potential damage that can be done by a malicious intruder.

}  Three types of firewalls: }  Packet Filters: packet-level filters. }  Proxy - individual client requests conform to the pre-set

conditions, then the firewall acts on the request

What does Proxy Mean?


Source: https://en.wikipedia.org/wiki/Proxy_server

Passwords


}  password is a string of usually six or more to verify a user to an information system facility, usually digital system.

}  Password security greatly depends on the password owner }  Four “never” cardinal rules:

1.  Never publicize a password. 2.  Never write a password down anywhere. 3.  Never choose a password that is easy to guess. 4.  Never keep the same password for an extended period of

time. }  Password security is :

}  important to individuals whose files are stored on a system + }  vital to the system as a whole.. Why?

èSystem security is the responsibility of every individual user of the system.

Information Security Controls


}  Information security includes the integrity, Confidentiality , and availability of information }  At the servers, including information in files and databases }  and in transition between servers and between clients and

servers.

}  The security of information can be ensured in a number of ways. The most common are: }  Cryptography for information transmission }  Authentication and }  Audit trails at the information source and information destination

servers.

Cryptography


}  Cryptography is the science of writing and reading coded messages, forms the basis for all secure transmission.

}  Encryption }  Encryption is a method that protects the communications

channel from sniffers }  Sniffers: programs written for and installed on the

communication channels to eavesdrop on network traffic, examining all traffic on selected network segments.

}  Cryptography uses an encryption algorithm and key to transform data at the source, called plaintext; turn it into an encrypted form called ciphertext, usually an unintelligible form.

2 Types of Encryption Methods :


Authentication


}  Verifying the identity of a user

}  Authentication is a process whereby the system gathers and builds up information about the user to assure that the user is genuine.

}  Difficult, especially in the internet (remote users).

}  In data communication: ensuring the digital message recipient of the identity of the sender and the integrity of the message.

Authentication: Digital Signatures


}  In computer systems, authentication protocols based on cryptography use either secret-key or public-key schemes to create an encrypted message digest that is appended to a document as a digital signature.

Authentication Methods


}  Authentication of users or user surrogates is usually based on checking one or more of the following user items }  Username }  Password }  Retinal images }  Fingerprints }  Physical location }  Identity cards

Implementing Security


}  A strong authentication method is the one that includes : }  Something you “know”,

}  Username, Passwords

}  Something you “own”, and }  ATM card, Employee card..

}  Something you “are”. }  Biometrics: fingerprint,

Operational Security


}  Operation security involves policies and guidelines that organizations, and employees, must do to secure the assets of the organization and its members.

}  These policy guidelines are spelt out in a document we call a security policy.

}  It also includes guidelines for security recovery and response in case of a security incident.

Part II: The Privacy



Privacy

}  Privacy is a human value consisting of four elements (or rights):

}  Right to control external influences on individual information:

1.  Solitude - right to be alone 2.  Anonymity – right to have no public identity 3.  Intimacy – right not to be monitored

}  Right to control personal information: 4.  Reserve – right to control one’s information


Types of Privacy

1.  Personal Privacy: involves the privacy of personal attributes.

2.  Informational Privacy: concerns the protection of unauthorized access to information itself.

}  It includes: Personal information , financial information , Medical information, and the Internet.

3.  Institutional Privacy: institutions and organizations want their data private. Why?


Value of Privacy }  Privacy has traditionally been perceived as valuable.

}  Privacy has even gained more importance in the information age because it guards an individual’s personal identity, preserves individual autonomy, and makes social relationships possible.


Value of Privacy }  We consider three attributes of privacy: 1.  Personal identity: safeguard personal identity

2.  Autonomy: preserve individual autonomy in decision-making:

}  Less known information, more autonomy

3.  Social relationships: support social relationships

Privacy Implications of Database System

}  Information Gathering: }  Have you paid enough attention to the number of junk mail,

telephone calls during dinner, and junk emails you have been getting?

}  Information gathering is a very serious business that is increasingly involving a growing number of players that traditionally governments gathering mostly defensive information on weapon systems.

}  Who has your name on a list and what they're doing with it?



Information Gathering, Databases, and Privacy

}  With globalization and the Internet, the doors to the information gathering field have been cast open.

}  Now individuals, companies and organization, and of course governments are all competing, sometimes for the same information.

}  Who has your name on a list and what they're doing with it?

}  companies you have done business with. }  Individuals }  Government agencies

Surveillance technologies

}  Database Surveillance: Blacklist databases & data theft

}  Internet Surveillance: Tracking users’ info through cookies

}  Video Surveillance: CCTV cameras to discourage criminals

}  Satellite Surveillance: GPS takes images of our personal lives

}  Mobile Surveillance: 3G mobiles with video camera & internet

}  ID Cards Surveillance: ID cards include microchips with personal & biometric info of user’s authentication

33


Information Gathering, Databases, and Privacy

}  The U.S. Graham-Leach-Bliley Financial Services Modernization Act - protect the customer through three requirements that the institutions must disclose to us:

}  Privacy Policy: through which the institution is bound to tell us the types of information the institution collects and has about us and how it uses that information.

}  Right to Opt-Out: through which the institution is bound to explain our recourse to prevent the transfer of our data to third party beneficiaries.

}  Safeguards: through which the institution must put in place policies to prevent fraudulent access to confidential financial information.


Privacy Violations }  Intrusion – wrongful entry ( hacking) }  Misuse of information

}  we involuntarily give off personal information }  businesses collect it

}  Interception of information }  eavesdropping

}  Surveillance }  Information matching using unrelated databases -

usually illegally


Privacy Protection

} Is it possible?

} Rapid advances in computer technology, and in particular the advent of the Internet, have all created an environment where detailed information on individuals and products can very easily and cheaply be: moved, merged, marched, compared and shared.

} Guidelines and structures that safeguard and protected privacy rights.


Privacy Protection } These structures and guideline, on the average fall

under the following categories (see pages 92-94): }  Technical - through the use of software and other technical

based safeguards and also education of users and consumers to carry out self-regulation.

}  contractual –through which information like electronic publication and how such information is disseminated are given contractual and technological protection against unauthorized reproduction or distribution.

}  legal – through the enactment of laws by national legislatures and enforcement of such laws by the law enforcement agencies.

}  Through individual efforts (be vigilant)


Ethical and Social Issues }  The ethics of privacy - with the advent of the Internet

and electronic messages, confidentiality is a great concern. }  Computer technology has raised more privacy questions than

it has found answers to

}  The ethics of security - the Internet is an insecure communications channel when it is used by a criminal.

Is it computers problem?

}  You may be tempted to say that computers are not really the problem or the cause of the problem.

}  It is individuals and organizations that are creating, gathering, exchanging, and using information.

}  Computers, according to this argument are simply tools.

}  If someone to be blamed, it is the people who use computers, not the computers themselves.

39 Dr. Hassan Abdullah lecture note

Role of Computer Professionals

}  Computer professionals can play an important role, individually and collectively.

}  First and foremost, individual professionals must not wash their hands off privacy issues.

}  A computer professional can point out privacy matters to clients or employers when building databases containing sensitive information.


Role of Computer Professionals – cont.

}  The original ACM Code of Professional Conduct (passed by the ACM Council in 1973) specified that: An ACM member, whenever dealing with data concerning individuals shall always consider the principle of the individuals‘ privacy and seek the following: }  To minimize the data collected. }  To limit authorized access to the data. }  To provide proper security for the data. }  To determine the required retention period of the data. }  To ensure proper disposal of the data.


Role of Computer Professionals – cont.

}  The Guidelines ACM Code of Ethics explain that: "It is the responsibility of the professionals to maintain the privacy and integrity of data describing individuals".

}  This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals.


Discussion Questions

}  Discuss the importance of anonymity on the Internet

}  Define security and privacy. Why are both important in the information age?

}  What is the difference between privacy and confidentiality?

}  Discuss the technical, contractual, and legal guidelines for privacy protection.

43

Date post:	09-Aug-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Topic#3 - WordPress.com · Surveillance technologies ! Database Surveillance: Blacklist databases &...

Documents