Protecting People and Information MIS Chapter 8 Jack G. Zheng May 29th 2008
Intellectual Property refers to creations of the mind (inventions, literary and artistic works, and symbols, names, images, and designs) used in commerce Two categories2 Industrial property inventions (patents), trademarks, industrial designs, and geographic indications of source Copyright literary and artistic works such as novels, poems and plays, films, musical works, drawings, paintings, photographs and sculptures, and architectural designs. 1, 2 Source: World Intellectual Property Organization, http://www.wipo.int
Intellectual Property Fair use doctrine may use copyrighted material in certain situations Pirated software the unauthorized use, duplication, distribution or sale of copyrighted software Counterfeit software software that is manufactured to look like the real thing and sold as such Fair use: TV recording Teaching in class
IP and Open Source Which way (protection vs. open sharing) is best to advance software industry?
Privacy "… the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.“ Dr. Alan Westin, “Privacy and Freedom” (book), 1967
Privacy and Web Customer database Adware Cookie Profiles Behavior patterns (purchasing, searching and navigation) Clickstream Adware Example: 180 search assistant Trojan horse Spyware Cookie A small text file containing user information on the local computer Show customer data flash (the Matrix, TIA-total information awareness) Show cookie example
Privacy and Email Email usually are not protected and are left open for potential scanning Gmail scans content of emails and puts in related ads1 July 1st 2004, “Court Limits Privacy Of E-Mail Messages”2 “A company that provides e-mail service has the right to copy and read any message bound for its customers” Spam Unsolicited email 1http://www.privacyrights.org/ar/GmailAGadvisory.htm 2http://www.washingtonpost.com/wp-dyn/articles/A19211-2004Jun30.html
Internet Fraud Identity theft Phishing (fishing) Forging of identity for the purpose of fraud Phishing (fishing) Deceptively to get people’s information Faked website to get user information Advance Fee Fraud Nigeria email scams … Washington mutual customer data update case/ebay … What are other types? How to identify and deal with it? Topic paper.
Privacy and Employees Workplace PC monitoring Read the handout and discuss Legislation had been approved by the state Senate (California) in May 2004, employers would be required to give written notice explaining what types of electronic activities they monitor, from e-mail to the use of GPS locator devices in company cars and phones
Security
Security Threats In-house security Hacking Computer virus and worm Employee misconduct Hacking Unauthorized access to, or use of the computer, information and systems Hacker Computer virus and worm Virus is the software with malicious intent to cause damage Worm is a self-propagating virus DoS (Denial-of-Service Attack) floods a server with so many requests for service that it slows down or crashes Threat sources: see more in extended module H
Security Management Myth Truth Security is about technology: software and hardware Truth Security is also about policy: awareness, alertness and enforcement
Security Precautions (1) Authentication and authorization Authentication is the process to identify a person (who) Authorization is the process to identify privileges (what and how) Authentication methods What you know: Password What you have (loosely): ID cards, Certificate What you have (tightly): Biometrics Show example of certificate And http://news.zdnet.com/2100-1009-5586249.html
Security Precautions (2) Encryption Symmetric encryption Asymmetric (public key) encryption SSL (secure socket layer) Firewall Software/hardware that can selectively block computer communications Anti-virus software Intrusion detection Show example of SSL (https://)
Good Resources Ethics in computing Napster on CNN Special Privacy http://ethics.csc.ncsu.edu/ Napster on CNN Special www.cnn.com/SPECIALS/2001/napster/ Privacy http://www.privacy.org/ Computer virus information http://securityresponse.symantec.com/