COMPUTERS AND INFORMATION

PROCESSING (CSC134)

Chapter 9

Security, Privacy and Ethics

Topics

Privacy: how to protect privacy and personal responsibility

Security: threats to computer security, computer criminal, computer crime, and measure of protections

Cybersecurity

Ethics issue
Learning Objectives
1. Identify the most significant concerns for effective implementation of computer
technology.
2. Discuss cybercrimes including creation of malicious programs such as viruses,
worms, Trojan horse, and zombies as well as denial of service attacks, Internet
scams, identity theft, cyberbullying, rogue Wi-Fi hotspots, and data manipulation.
3. Detail ways to protect computer security including restricting access, encrypting
data, anticipating disasters, and preventing data loss.
4. Discuss the primary privacy issues of accuracy, property, and access.
5. Describe the impact of large databases, private networks, the Internet, and the
Web on privacy.
6. Discuss online identity and major laws on privacy.
7. Discuss computer ethics including copyright law, software piracy, digital rights
management, the Digital Millennium Copyright Act, as well as plagiarism and ways
to identify plagiarism.
Introduction
• The ubiquitous use of computers and technology prompts
some very important questions about the use of personal data
and our right to privacy.
• This chapter covers issues
related to the impact of
technology on people and
how to protect ourselves
on the Web.
 People
Technology has had a very positive impact on people,
but some of the impact could be negative.
Most significant concerns:
• Privacy – What are the threats to personal privacy and how can we
protect ourselves?
• Security – How can access to sensitive information be controlled and
how can we secure hardware and software?
• Ethics – How do the actions of individual users and companies affect
society?
Privacy
• Privacy – concerns the collection and use of data about individuals or
companies to deny or restrict the collection, use, and dissemination of
information about them
• Huge databases store data online
• Three primary privacy issues:
• Accuracy – responsibility of those who collect data
• Must be secure and correct
• Property – who owns data and who has rights to software
• Access – responsibility of those who control data and use of data
Treats - Large Databases
Large organizations compile information about us daily

• Big Data is exploding and ever-growing

• 90% of the data collected has been collected over the last 2 years
• Data collectors include
• Government agencies
• Telephone companies
• Credit card companies
• Supermarket scanners
• Financial institutions
• Search engines
• Social networking sites
• Information Resellers/Brokers
• Collect and sell personal data
• Create electronic profiles
Treats - Large Databases (Cont.)
• Personal information is a marketable commodity, which raises many
issues:
• Collecting public, but personally identifying information (e.g., Google’s Street View)
• Spreading information without personal consent, leading to identity theft
• Spreading inaccurate information
• Mistaken identity

• Freedom of Information Act

• Entitlement to look at your records held by government agencies
Treats - Private Networks
Employee monitoring software
• Employers can monitor e-mail legally
• A proposed law could prohibit this type of electronic monitoring or at
least require the employer to notify the employee first
Treats - Online Identity

• The information that people voluntarily post about themselves

online
• Archiving and search features of the Web make it available
indefinitely
• Major Laws on Privacy
• Gramm-Leach-Bliley Act protects personal financial information
• Health Insurance Portability and Accountability Act (HIPAA) protects
medical records
• Family Educational Rights and Privacy Act (FERPA) resists disclosure of
educational records
Treats - The Internet and the Web
• Illusion of anonymity
• People are not concerned about privacy when surfing the Internet or when
sending e-mail
• When browsing the web, critical information is stored on the hard drive
in these locations:
A. History Files
B. Temporary Internet Files
• Browser cache
C. Cookies
D. Privacy Mode
E. Privacy Threats
A. History Files
History Files
• Include locations or addresses of sites
you have recently visited
B. Temporary Internet Files
Temporary Internet Files / Browser Cache
• Saved files from visited websites
• Offers quick re-display when you return
to the site
 B. Cookies
• Cookies are small data files that are
deposited on your hard disk from web
sites you have visited
• First-party cookies are generated only by
websites you are visiting
• Third-party cookies are generated by an
advertising company that is affiliated with the
website
• Also known as tracking cookies that keep track of
your Internet activities through 3rd party cookies
• Refer to the accompanying graphic displaying how to
block 3rd party cookies
 B. Cookies
Web sites use cookies for a variety of reasons:

Allow for Store users’

personalization passwords

Assist with Track how often

online shopping users visit a site

Target
advertisements
C. Privacy Modes
• Ensures your browsing activity is not
recorded on your hard drive
• Incognito Mode
• Google Chrome
• Private Browsing
• Safari
D. Privacy Threats
• Web bugs
• Invisible images or HTML code hidden within an
e-mail message or web page
• When a user opens the message information is
sent back to the source of the bug
• Spyware
• Wide range of programs that are designed to
secretly record and report Internet activities,
add Internet ad cookies
• Computer monitoring software
• Invasive and dangerous
• Keystroke Loggers
• Record activities and keystrokes
• Anti-Spyware programs
• Detect and remove privacy threats
 Information Privacy

Page 242
18
Figure 5-23
Security
Involves protecting individuals or organizations from theft and danger
A digital security risk is any event or action that could cause a loss of or damage to a
computer or mobile device hardware, software, data, information, or processing
capability
• Hackers
• Gain unauthorized access with malicious intent
• Not all hackers are illegal
• Any illegal act involving the use of a computer or related devices generally is referred to
as a computer crime
• A cybercrime is an online or Internet-based illegal act

Cybercrime / Computer Crime

• Criminal offense that involves a computer and a network
• Effects over 400 million people annually
• Costs over $400 billion each year
Cyber Crime
Cyber Crime
• Denial of Service
• (DoS) attack attempts to slow down or stop a computer system or network by
flooding it with requests for information or data
• Rogue Wi-Fi hotspots
• Imitate free Wi-Fi networks and capture any and all information sent by the
users to legitimate sites including usernames and passwords
• Data manipulation
• Finding entry into someone’s computer network and leaving a prankster’s
message
Internet Scams
A fraudulent or deceptive act or operation to trick someone into
providing personal information or spending money for little or no
return
• Identity Theft
• Illegal assumption of someone’s identity for purpose of economic gain
• Cyber-bullying
• Use of the Internet, cell phones, or other devices to send or post
content intended to harm
• Phishing
• Attempts to trick Internet users into thinking a fake but official-looking
website is legitimate
Types of Internet Scams
 Malicious Programs - Malware
• Malicious Programs or Malware
• Designed by crackers, computer criminals, to
damage or disrupt a computer system
• Consists of programs that act without a user’s
knowledge and deliberately alter the operations of
computers and mobile devices
• Computer Fraud and Abuse Act makes spreading a
virus a federal offense
• 3 most common programs
• Viruses – migrate through networks and attach to
different programs
• Worms – fills the computer with self-replicating
information
• Trojan horse – programs disguised as something else
• Zombies are computers infected by a virus, worm, or
Trojan Horse
 Cybersecurity
• Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks.
• It's also known as information technology security or electronic information security.
• Can be divided into a few common categories.
• Network security is the practice of securing a computer network from intruders
• Application security focuses on keeping software and devices free of threats.
• Information security protects the integrity and privacy of data, both in storage and in transit.
• Operational security includes the processes and decisions for handling and protecting data
assets.
• Disaster recovery and business continuity define how an organization responds to a cyber-
security incident or any other event that causes the loss of operations or data.
• End-user education addresses the most unpredictable cyber-security factor: people. Anyone can
accidentally introduce a virus to an otherwise secure system by failing to follow good security
practices.
Cyber safety tips
• Update your software and operating system: get benefit from the latest security patches.

• Use anti-virus software: will detect and removes threats. Keep software updated for protection.

• Use strong passwords: Ensure your passwords are not easily guessable.

• Do not open email attachments from unknown senders: These could be infected with malware.

• Do not click on links in emails from unknown senders or unfamiliar websites: This is a common
way that malware is spread.

• Avoid using unsecure WiFi networks in public places: Unsecure networks leave vulnerable to man-
in-the-middle attacks.
 Software Theft
• Software theft occurs when someone:
Illegally registers
Steals software Intentionally Illegally copies a
and/or activates
media erases programs program
a program

• Many manufacturers incorporate an activation process into their programs to

ensure the software is not installed on more computers than legally licensed
• During the product activation, which is conducted either online or by phone,
users provide the software product’s identification number to associate the
software with the computer or mobile device on which the software is
installed
Page 228 27
 Software Theft
• A license agreement is the right to use software

Pages 228 – 229

28
Figure 5-13
 Information Theft
• Information theft
occurs when someone
steals personal or
confidential
information
• Encryption is a process
of converting data that
is readable by humans
into encoded
characters to prevent
unauthorized access
Page 229 29
 Information Theft
• A digital signature is an encrypted code
that a person, website, or organization
attaches to an electronic message to verify
the identity of the message sender
• Often used to ensure that an impostor is not
participating in an Internet transaction
• A digital certificate is a notice that
guarantees a user or a website is legitimate
• A website that uses encryption techniques
to secure its data is known as a secure site

Page 231 30
 Hardware Theft, Vandalism, and
Failure
Hardware theft is
the act of stealing
digital equipment

Hardware vandalism
is the act of defacing
or destroying digital
equipment
Page 233 31
Measures to Protect Computer Security
Principle measures to ensure
computer security
• Restricting access
• Encrypting data
• Anticipating disasters
• Physical security
• Data security
• Disaster recovery plan
• Preventing data loss
Restricting Access
• Biometric scanning Fingerprint
Face
recognition
• Fingerprint scanners reader
system
• Iris (eye) scanners
• Passwords
• Dictionary attack Hand
Voice
geometry
• Uses software to try thousands system verification
of common words sequentially system
in an attempt to gain
unauthorized access to a user’s
account
Signature Iris recognition
verification system system
 Restricting Access
• A passphrase is a private combination of words, often containing mixed capitalization
and punctuation, associated with a user name that allows access to certain computer
resources
• A PIN (personal identification number), sometimes called a passcode, is a numeric
password, either assigned by a company or selected by a user
• A possessed object is any item that you must possess, or carry with you, in order to gain
access to a computer or computer facility (badges, cards, keys and etc)
• A biometric device authenticates a person’s identity by translating a personal
characteristic into a digital code that is compared with a digital code in a computer or
mobile device verifying a physical or behavioral characteristic

Pages 223 - 224 34

 Automated Security Tasks
Ways to perform and automate important security tasks
• Security Suites
• Provide a collection of utility programs designed to protect your
privacy and security
• Firewalls
• Security buffer between a corporation’s provide network and all
external networks
• Password Managers
• Helps to create strong passwords
 Encryption
Coding information to make it unreadable, except to
those who have the encryption key
• E-mail encryption protects emails
• File encryption protects files
• Web site encryption uses HTTPS protocol for
protection
• HTTPS – hypertext transfer protocol secured
• Virtual private networks (VPNs)
• Encrypts connects between company networks and
their remote users
• Wireless network encryption restricts access to
authorized users
• WPA2 – Wi-Fi Protected Access
Anticipating Disasters
• Anticipating Disasters
• Physical Security protects hardware
• Data Security protects software and data from unauthorized tampering or
damage
• Disaster Recovery Plan describes ways to continue operating in the event of a
disaster
Preventing Data Loss
• Preventing Data Loss
• Frequent backups
• Redundant data storage
• Store off-site in case of loss of equipment
• A backup is a duplicate of a file, program, or media that can be
used if the original is lost, damaged, or destroyed
• To back up a file means to make a copy of it
• Off-site backups are stored in a location separate from the
computer or mobile device site
Making IT Work for You ~
Cloud-Based Backup

• Cloud-based backup
services such as
Carbonite provide
cloud-based backup
services.
Ethics
Standards of moral conduct
Computer Ethics – guidelines for the morally
acceptable use of computers
• Copyright
• Gives content creators the right to control the use and
distribution of their work
• Paintings, books, music, films, video games
• Software piracy
• Unauthorized copying and distribution of software
• Digital rights management (DRM) controls access to
electronic media
• Digital Millennium Copyright Act protects against piracy
 Ethics and Society
• Green computing involves reducing the electricity and environmental waste
while using computers, mobile devices, and related technologies

Page 241
41
Figure 5-22
Plagiarism
Representing some other person’s work and ideas as your own
without giving credit to the original person’s work and ideas
 Computer Addiction
• Computer addiction occurs when the computer consumes someone’s entire
social life
• Symptoms of users include:

Craves Overjoyed Unable to stop

computer when at the computer
time computer activity

Irritable when Neglects Problems at

not at the family and work or
computer friends school
43
 Drone – Uses in various area
Remote sensing
• Drones can use Lidar to measure the height of crops. Lidar is a remote sensing technology that measures distance by illuminating an object with a laser
(near-infrared or UV) and then measuring what is reflected back.
Commercial aerial surveillance
• Drones dramatically reduce the cost associated with gathering action or aerial footage that up until now would require expensive equipment like
booms and dollies or even helicopters or other manned aircraft.
Oil, gas, and mineral exploration
• Drones can be used to gather geological information to help geophysicists identify and better approximate the location and presence of minerals, oil,
and natural gas.
Disaster relief
• Drone can be used to help locate and save life in the midst of natural disasters.

Real estate and construction

• Drones have made it possible to survey land and gather information at job sites. Realtors, developers, and builders have also begun using drones to
gather video and imagery for home and building inspections and marketing materials to assist the selling process.
Recreational use
• Attaching a camera to drone is a lot of fun for gathering beautiful imagery and video around the world around.
 Drone – Advantages and Disadvantages

Advantages Disadvantages

• Drones are quite easy when you want to • A Drone flying nearby you/ your area
fly for surveillance purpose. does not guarantee a safety, it can be a
• Some of its applications are quite helpful terrorist activity.
in disaster management activities. • Drones coming on the way of passenger
• It can be used for transportation and flight makes it quite dangerous for the
delivery society/people.
• In war time, there is no risk of losing the • Flying drones in public area is dangerous
Pilot. and can hurt anyone.
• Can go to place, where it is difficult for a • UNCLEAR LEGISLATION • Some drone
human being to reach. (for some users may find themselves in violation of
application) laws that they knew nothing about. •
Drones also pose a great risk of abuse.
A Look to the Future ~
The End of Anonymity

• Most forums and comment areas on websites allow users to

post messages anonymously
• Some use this for abusive and threatening comments
• Online harassment
• Cyberbullying
• Stalking
• Damaging reputations
• How do you feel?
End of Chapter 9