1. Introduction to MIS Chapter 14 MIS Impact on Society Copyright 1994-1996 by Jerry Post

2. The IT Environment Operations Tactics Strategy Government Consumers Employees Culture Businesses Privacy Education Company

3. Horror Stories §Security Pacific--Oct. 1978 l Stanley Mark Rifkin l Electronic Funds Transfer l $10.2 million l Switzerland l Soviet Diamonds l Came back to U.S. §Equity Funding--1973 l The Impossible Dream l Stock Manipulation Insurance Loans Fake computer records

4. Horror Stories §Clifford Stoll--1989 l The Cuckoo’s Egg l Berkeley Labs l Unix--account not balance l Monitor, false information l Track to East German spy §Old Techniques l Salami slice l Bank deposit slips l Trojan Horse l Virus §Robert Morris--1989 l Graduate Student l Unix “Worm” l Internet--tied up for 3 days

5. Privacy credit cards organizations loans & licenses financial permits census transportation data financial regulatory employment environmental subscriptions education purchases phone criminal record complaints finger prints medical records

6. Privacy Problems §TRW--1991 l Norwich, VT l Listed everyone delinquent on property taxes §Terry Dean Rogan l Lost wallet l Impersonator, 2 murders and 2 robberies l NCIC database l Rogan arrested 5 times in 14 months l Sued and won $55,000 from LA §Employees l 26 million monitored electronically l 10 million pay based on statistics

7. Privacy Problems §San Francisco Chronicle-- 1991 l Person found 12 others using her SSN l Someone got 16 credit cards from another’s SSN, charged $10,000 l Someone discovered unemployment benefits had already been collected by 5 others §Jeffrey McFadden--1989 l SSN and DoB for William Kalin from military records l Got fake Kentucky ID l Wrote $6000 in bad checks l Kalin spent 2 days in jail l Sued McFadden, won $10,000

8. Privacy Laws §Minimal in US l Credit reports Right to add comments 1994 disputes settled in 30 days 1994 some limits on access to data l Bork Bill--can’t release video rental data l Educational data--limited availability l 1994 limits on selling state/local data §Europe l France and some other controls l European Union, controls but undecided l 1995 EU Privacy Controls

9. Telecommuting Advantages Decreased overhead. Flexibility in part-time workers. Disadvantages Harder to evaluate workers. Harder to manage workers. The Firm Advantages Reduced commuting costs. Flexible schedule. Disadvantages Loss of personal contacts. Distractions. Employees Suburban work centers

10. Electronic Transactions Consumer Vendor (data) Customer chooses product, sends ID or digital cash number. NetBill (1) Price, product decryption key, customer code are sent to third party. NetBill (2) Accounts are debited and credited. Product key is sent to customer. Trusted Party Conversion to “real” money. Bank Digital Cash (B) “Cash” amount is verified and added to vendor account. Digital Cash (A) Consumer purchases a cash value that can be used only once.

11. Threats to Information §Accidents & Disasters §Employees §Consultants §Business Partnerships §Outsiders §PCs & Viruses Employees & Consultants Links to business partners Virus hiding in game software Outside hackers

12. Security Categories §Physical attack & disasters l Backup--off-site l Cold/Shell site l Hot site l Disaster tests l Personal computers! §Logical l Unauthorized disclosure l Unauthorized modification l Unauthorized withholding $$

13. Virus Game Program 01 23 05 06 77 03 3A 7F 3C 5D 83 94 19 2C 2E A2 87 62 02 8E FA EA 12 79 54 29 3F 4F 73 9F 1 23 1.User runs program that contains hidden virus 2.Virus copies itself into other programs on the computer 3.Virus spreads until a certain date, henit deletes files, etcetera. Virus code Infected Disk

14. Virus Damage Dataquest, Inc; Computerworld 12/2/91 National Computer Security Association; Computerworld 5/6/96

15. Manual v Automated Data §Amount of data §Identification of users §Difficult to detect changes §Speed l Search l Copy §Statistical Inference §Communication Lines

16. User Identification §Passwords l Dial up service found 30% of people used same word l People choose obvious l Post-It notes §Hints l Don’t use real words l Don’t use personal names l Include non-alphabetic l Change often l Use at least 6 characters §Alternatives: Biometrics l Finger/hand print l Voice recognition l Retina/blood vessels l DNA ? §Password generator cards §Comments l Don’t have to remember l Reasonably accurate l Price is dropping l Nothing is perfect

17. Security Controls §Access Control l Ownership of data l Read, Write, Execute, Delete l Dial-back modems §Security Monitoring l Access logs l Violations l Lock-outs §Alternatives l Audits l Physical Access l Employee screening §Encryption l Single Key (DES) l Dual Key (RSA)

18. Encryption: Dual Key Makiko Takao Message Public Keys Makiko 29 Takao 17 Message Encrypted Private Key 13 Private Key 37 Use Takao’s Public key Use Takao’s Private key Makiko sends message to Takao that only he can read.

19. Dual Key: Authentication Makiko Takao Public Keys Makiko 29 Takao 17 Private Key 13 Private Key 37 Use Takao’s Public key Use Takao’s Private key Takao sends message to Makiko: His key guarantees it came from him. Her key prevents anyone else from reading message. Message Encrypt+T Encrypt+T+M Encrypt+M Use Makiko’s Public key Use Makiko’s Private key Transmission

20. Clipper Chip Encrypted conversation Escrow keys Clipper chip in phones Intercept Decrypted conversation Judicial or government office

21. Computer Use in Healthcare