Presentation is loading. Please wait.

Presentation is loading. Please wait.

EE579T/10 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 10:Legal and Ethical Issues Prof. Richard A. Stanley.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "EE579T/10 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 10:Legal and Ethical Issues Prof. Richard A. Stanley."— Presentation transcript:

1 EE579T/10 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 10:Legal and Ethical Issues Prof. Richard A. Stanley

2 EE579T/10 #2 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Thought for the Day “If you’re gonna do the crime, be prepared to do the time.” Anonymous

3 EE579T/10 #3 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Overview of Tonight’s Class Review last week’s lesson Look at network security in the news Legal and ethical issues

4 EE579T/10 #4 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Last Week in Review There is a set methodology to follow to gain network access (but this isn’t a cookie-cutter sort of approach) The methodology follows from the architecture and the software of the network The types of attacks vary widely, and new ones are constantly being developed Basic countermeasures and sound auditing will go a long ways towards securing the network

5 EE579T/10 #5 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Hacker of Last Week Abraham Abdallah –Brooklyn, NY bus boy who stole identity of 217 of Forbes 400 richest folk –Indicted for violation of 18 USC 1341, 1343 1341: Frauds and Swindles 1343: Fraud by Wire, Radio, or Television –What does this mean? –Is identity theft not an issue here?

6 EE579T/10 #6 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Network Security Last Week- 1 Microsoft Explorer 6.0 upgrade will include enhanced privacy features –Increased control over how much personal information is collected when users visit particular Web sites –Platform for Privacy Preferences (P3P) –Five privacy settings will be included, some allowing users whether to accept cookies. PGP inventor says encryption flaw minor

7 EE579T/10 #7 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Network Security Last Week- 2 Microsoft certificates hijacked –Imposter duped VeriSign into issuing a pair of digital certificates in Microsoft's name. –Danger exists that imposter could post a virus on the Net that would appear to be a legitimate posting authenticated by Microsoft –Executable content like Active X and Office macros are the most vulnerable

8 EE579T/10 #8 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Network Security Last Week- 3 Lion worm –Scans Internet looking for Linux computers with a known vulnerability –Worm steals password file, sending it to a China.com site –Utility developed to detect the Lion's presence in infected systems

9 EE579T/10 #9 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Network Security and the Law

10 EE579T/10 #10 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What You Need to Know What is illegal What are the elements of proof What constitutes evidence How to protect the evidence Whom to call When to call them What to tell them

11 EE579T/10 #11 Spring 2001 © 2000, 2001, Richard A. Stanley WPI U. S. Law Criminal –Charges brought by state in name of the people –No private prosecutions (cf. U.K. law) –No double jeopardy (what does this mean?) –Penalties: incarceration, death and/or fines Civil –Action brought by one party against another –Penalties: deprivation of property

12 EE579T/10 #12 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Who Does What? Law enforcement agencies –Investigate crimes, collect evidence Prosecutors –Evaluate evidence, decide whether to prosecute –Represent state in criminal matters Courts –Hear evidence, reach conclusion on guilt Defense attorneys –Represent the accused

13 EE579T/10 #13 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Basis of U.S. Law English Common Law (except Louisiana) –Statutes (enacted by legislatures) –Case law –Precedents State/local vs. Federal law –Jurisdiction –Pre-emption

14 EE579T/10 #14 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Why Do You Care? Computer crime is one of -- if not THE -- fastest growing crime categories “That’s where the money is” Fraud loss in Southern NY area alone, Jan ‘95 to Jan ‘00: nearly $400,000,000 This isn’t just “victimless, white-collar crime:” nearly 2/3 of those arrested were carrying automatic weapons

15 EE579T/10 #15 Spring 2001 © 2000, 2001, Richard A. Stanley WPI It Isn’t Just Crime If you operate a network service, you face civil liability if civil codes are violated –Copyright protection –Trademark protection –Other intellectual property Pressure from various entities –Privacy –Content

16 EE579T/10 #16 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Knowing what is illegal is key Example: until late 1998, it was NOT illegal in the U.S. to steal someone else’s identity Where you are defines what is illegal –OK to use another name in US if not to defraud –Illegal in U.K. You WILL be involved in this if you are involved in computer security

17 EE579T/10 #17 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Caution! You are NOT a law enforcement officer! You need to know about computer law to be an effective computer security person, just as you need to know about motor vehicle law to be an effective driver Ignorance is not an excuse

18 EE579T/10 #18 Spring 2001 © 2000, 2001, Richard A. Stanley WPI A Quick Taxonomy of the Law Just like engineering, they have a language 18 USC § 2319 decodes as “Title 18, United States Code, Section 2319” State laws have their own abbreviations, but follow the same pattern: –In New York: PL = Penal Law –In Mass: MGL = Mass. General Laws –In Conn: CGS = Conn. General Statutes, etc.

19 EE579T/10 #19 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Basic Theorem It is not permissible to break the law in order to enforce it –IRC sessions and law enforcement –Automatic actions to counter hacking –Eavesdropping (but not always) Depending on your point of view, this is a basic preservation of constitutional liberty or a gift to law breakers. But it is the law!

20 EE579T/10 #20 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What is illegal? Can’t cover everything, so will concentrate on US federal law, with added local & foreign examples US Code can be found on the Web at: www4.law.cornell.edu/uscode Title 18 is the criminal title: it defines federal crimes and criminal procedure All the laws of the United States are found (somewhere) in the Code

21 EE579T/10 #21 Spring 2001 © 2000, 2001, Richard A. Stanley WPI US Code Overview - 1  Title 1 General Provisions Title 1  Title 2 The Congress Title 2  Title 3 The President Title 3  Title 4 Flag and Seal, Seat Of Government, and the States Title 4  Title 5 Government Organization and Employees Title 5  Title 6 Surety Bonds (repealed) Title 6  Title 7 Agriculture Title 7  Title 8 Aliens and Nationality Title 8  Title 9 Arbitration Title 9  Title 10 Armed Forces Title 10

22 EE579T/10 #22 Spring 2001 © 2000, 2001, Richard A. Stanley WPI US Code Overview -2  Title 11 Bankruptcy Title 11  Title 12 Banks and Banking Title 12  Title 13 Census Title 13  Title 14 Coast Guard Title 14  Title 15 Commerce and Trade Title 15  Title 16 Conservation Title 16  Title 17 Copyrights Title 17  Title 18 Crimes and Criminal Procedure Title 18  Title 19 Customs Duties Title 19  Title 20 Education Title 20

23 EE579T/10 #23 Spring 2001 © 2000, 2001, Richard A. Stanley WPI US Code Overview -3  Title 21 Food and Drugs Title 21  Title 22 Foreign Relations and Intercourse Title 22  Title 23 Highways Title 23  Title 24 Hospitals and Asylums Title 24  Title 25 Indians Title 25  Title 26 Internal Revenue Code Title 26  Title 27 Intoxicating Liquors Title 27  Title 28 Judiciary and Judicial Procedure Title 28  Title 29 Labor Title 29  Title 30 Mineral Lands and Mining Title 30

24 EE579T/10 #24 Spring 2001 © 2000, 2001, Richard A. Stanley WPI US Code Overview -4  Title 31 Money and Finance Title 31  Title 32 National Guard Title 32  Title 33 Navigation and Navigable Waters Title 33  Title 34 Navy (repealed) Title 34  Title 35 Patents Title 35  Title 36 Patriotic Societies and Observances Title 36  Title 37 Pay and Allowances Of the Uniformed Services Title 37  Title 38 Veterans' Benefits Title 38  Title 39 Postal Service Title 39  Title 40 Public Buildings, Property, and Works Title 40

25 EE579T/10 #25 Spring 2001 © 2000, 2001, Richard A. Stanley WPI US Code Overview -5  Title 41 Public Contracts Title 41  Title 42 The Public Health and Welfare Title 42  Title 43 Public Lands Title 43  Title 44 Public Printing and Documents Title 44  Title 45 Railroads Title 45  Title 46 Shipping Title 46  Title 47 Telegraphs, Telephones, and Radiotelegraphs Title 47  Title 48 Territories and Insular Possessions Title 48  Title 49 Transportation Title 49  Title 50 War and National Defense Title 50

26 EE579T/10 #26 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Where You Stand Depends on Where You Sit What is illegal depends on: –where the crime occurred –who has jurisdiction this is not always determined by geography (e.g., bank robbery is always a federal crime in the U.S.A.) there may be overlapping jurisdiction prosecutors may decide to proceed in one jurisdiction because of penalties available

27 EE579T/10 #27 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Other Criminal Laws Criminal Code of Canada: www.efc.ca/pages/law/cc/cc/html Mass. General Laws: www.state.ma.us/legis/laws/mgl

28 EE579T/10 #28 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What the laws will tell you What is prohibited, often in excruciating detail What must be proven to prove the crime (often by inference) What the penalty is for violating the law

29 EE579T/10 #29 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Language is Important Regulations are not laws -- they describe details of how to comply with the law Annotations in laws trace the history of the law’s development--what was illegal yesterday may not be illegal today (e.g. Prohibition), and vice versa You need a lawyer or a law enforcement agent to help with the details

30 EE579T/10 #30 Spring 2001 © 2000, 2001, Richard A. Stanley WPI How Do Regulations Fit? Regulations provide detailed information on how laws are to be applied –Code of Federal Regulations (CFR) [44 USC § 1510] –Code of Massachusetts Regulations (CMR) –Similar taxonomy to statutes Regulations are not laws, but failure to observe their requirements can often lead to serious problems In some cases, violation of a regulation is a violation of a statute

31 EE579T/10 #31 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Some facts about law enforcement For the most part, law enforcement agents are intelligent, honest, and hard-working Pay scales are far below private industry, so finding agents with technology skills is hard, especially CURRENT technology They want to do a good job -- taking criminals off the street is what they do You need their help, and they need yours.

32 EE579T/10 #32 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Prosecutorial Peculiarities All crimes are not prosecuted The likelihood of prosecution depends on –Magnitude of the crime –Likelihood of conviction Will the jury understand the crime? How good is the evidence? You can improve probability of prosecution by knowing what you are doing and keeping the evidence sound Prosecutors get performance reviews, too

33 EE579T/10 #33 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Agency Snapshots - 1 FBI –Federal Bureau of Investigation –Part of US Department of Justice –Charged with enforcement of federal laws –Other counterparts Canada: RCMP Germany: Bundeskriminalpolizei Many nations have no counterpart

34 EE579T/10 #34 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Agency Snapshots - 2 USSS –United States Secret Service –Best known for protecting the President –Part of the Treasury Department –Primary jurisdiction in counterfeiting (all sorts), currency and electronic crime –Foreign counterparts: no exact ones. RCMP in Canada has many of same roles

35 EE579T/10 #35 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Agency Snapshots - 3 US Customs Service –Responsible for collecting duties and preventing smuggling –Primary enforcement agency protecting US borders –If you bring it into the US, it is their business –Part of the Treasury Department –Nearly every nation has an equivalent agency

36 EE579T/10 #36 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What About Unauthorized Computer Access?

37 EE579T/10 #37 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Unauthorized Computer Access Federal law –18 USC § 1030 -- Fraud, use of computers for economic espionage, computer intrusions Massachusetts law –266 MGL § 33A. Intent to defraud commercial computer service; penalties –266 MGL § 120F. Unauthorized access to computer system; penalties Canadian Law –Criminal Code of Canada, 342.1

38 EE579T/10 #38 Spring 2001 © 2000, 2001, Richard A. Stanley WPI 18 USC § 1030 Knowing, intentional unauthorized access or access beyond authorization is a crime, depending on the computer and what is accessed Trafficking in computer access information a crime Severe punishments provided –As much as 10 years imprisonment

39 EE579T/10 #39 Spring 2001 © 2000, 2001, Richard A. Stanley WPI MGL CHAPTER 266. CRIMES AGAINST PROPERTY. Chapter 266: Section 120F. Unauthorized access to computer system; penalties. Section 120F. Whoever, without authorization, knowingly accesses a computer system by any means, or after gaining access to a computer system by any means knows that such access is not authorized and fails to terminate such access, shall be punished by imprisonment in the house of correction for not more than thirty days or by a fine of not more than one thousand dollars, or both. The requirement of a password or other authentication to gain access shall constitute notice that access is limited to authorized users.

40 EE579T/10 #40 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Criminal Code of Canada 342.1 (1) Every one who, fraudulently and without colour of right, (a) obtains, directly or indirectly, any computer service, (b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system, (c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or (d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction.

41 EE579T/10 #41 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What is Evidence? 18 USC § 3482. Evidence and witnesses - (Rule) SEE FEDERAL RULES OF CRIMINAL PROCEDURE Competency and privileges of witnesses and admissibility of evidence governed by principles of common law, Rule 26 Can you see the utility of a good attorney here?

42 EE579T/10 #42 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Presumption of integrity 31.3 For the purposes of subsection 31.2(1), in the absence of evidence to the contrary, the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven (a) by evidence capable of supporting a finding that at all material times the computer system or other similar device used by the electronic documents system was operating properly or, if it was not, the fact of its not operating properly did not affect the integrity of the electronic document and there are no other reasonable grounds to doubt the integrity of the electronic documents system; (b) if it is established that the electronic document was recorded or stored by a party who is adverse in interest to the party seeking to introduce it; or (c) if it is established that the electronic document was recorded or stored in the usual and ordinary course of business by a person who is not a party and who did not record or store it under the control of the party seeking to introduce it. Criminal Code of Canada

43 EE579T/10 #43 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Some Other Computer Crimes 18 USC § 471 -- Counterfeiting US notes 18 USC § 1028 -- Identity theft 18 USC § 1029 -- Fraud and related activity in connection with access devices 18 USC § 2252 -- Kiddy pornography 18 USC § 2318 -- Counterfeit computer labels, program documentation, packaging 18 USC § 2319 -- Copyright infringment

44 EE579T/10 #44 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Identity Fraud Deals with “false identification document” –Making, transfer, use, possession all crimes –Identity documents covered Any identification document issued under by or under the authority of the United States –Includes federal, state, local, foreign government, international quasi-governmental organization –Birth certificate, driver’s license, personal ID card –Penalties up to 15 years imprisonment

45 EE579T/10 #45 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What To Do? Know the applicable law where you operate When you determine a violation has probably occurred: –Save the audit logs and any other documentary evidence of the offense –Notify your supervisor –Call the authorities –Keep your suspicions close hold

46 EE579T/10 #46 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Whom to Call? First, call the local police –Describe what you think you have –Ask for advice –Announce intention to call federal law agency Call the feds –FBI –USSS

47 EE579T/10 #47 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Before You Call Get to know the cognizant law enforcement agents, local and federal Find out if you can help them –Low investment, high payoff –They’ll be more responsive if they know you Don’t cry wolf –Be sure you know what you are talking about –Have the information to support your claim

48 EE579T/10 #48 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Above All... Be certain your organization intends to pursue the criminal case to the end; otherwise, you are wasting everyone’s time and they won’t thank you Keep your mouth shut except to the police; the libel laws are still in full effect Don’t forget you don’t carry the badge Don’t talk down to the police

49 EE579T/10 #49 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Policy again Be sure you have written policy for your employees about what is and what is not permitted, and make sure you can show they have read it Don’t exceed your authority Don’t be unreasonable Don’t be capricious -- the same penalty for the same infraction should be the rule

50 EE579T/10 #50 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Legal Issues in Computer Security Copyrights [17 USC] –Protect expression of ideas, not the idea itself –Gives author exclusive rights to copy & sell –Can cover “any tangible medium of expression” –Work must be original to the author –Subject to “fair use” –Marking required –Lasts for 50 years after death of last author

51 EE579T/10 #51 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Copyrights Again Copyright valid without registration, but registering helps insure protection Infringement resolved in the courts U. S. Govt. works in public domain, but not all governments (cf. Crown Copyright) Programs can be copyrighted, but… Copyright limits distribution, not use

52 EE579T/10 #52 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Copyright Requirements Create the work Mark the work with copyright notice File a copyright form Distribute the work

53 EE579T/10 #53 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Copyright Infringement Basic statute is 17 USC § 506 –Title 17 deals with copyrights –Section 506 treats remedies for infringement –For legal consistency, penalties are in the criminal title, Title 18 Up to 3 years imprisonment, first offense Up to 6 years imprisonment, second or subsequent offense

54 EE579T/10 #54 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Patents Protect inventions [35 USC] Object patented must be “nonobvious” Patent goes to first to invent (in U.S.) Requirements for patent –Search for prior art –Patent Office determination that it is novel –Issuance of patent

55 EE579T/10 #55 Spring 2001 © 2000, 2001, Richard A. Stanley WPI More on Patents Valid for 20 years since US ratification of GATT harmonization, earlier 17 years, not generally renewable Requires disclosure of all working details A patent is a public document Infringement must be opposed. Claims: –This isn’t infringement –The patent is invalid –The invention is not novel –The infringer invented first

56 EE579T/10 #56 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Patents and Software Software can be patented Easier to patent a process in which software forms a part, but then use of the software outside the process is not covered Not much case law yet

57 EE579T/10 #57 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Patent Infringement Is a civil, not a criminal matter –Cf. Copyright violations Remedies provided –35 USC § 271 defines infringement –35 USC § 281 provides for civil remedy –35 USC § 284 et seq. provide for damages If you participate in infringement, you could be a defendant

58 EE579T/10 #58 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Trade Secrets Gives a competitive edge over others Must always be kept secret Applies well to software Hard to enforce (e.g. reverse engineering)

59 EE579T/10 #59 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Who Owns Intellectual Property? Generally, if you were paid to produce it by your employer, they own the property If you produce it on your own time, but use skills learned on the job, they may still own the property Intellectual property agreements Employment contracts

60 EE579T/10 #60 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Some Related Statutes Freedom of Information Reform Act of 1986 [5 USC § 552] –Requires disclosure of Executive Branch data except in cases of national security or personal privacy –Significant impact on computer security Privacy Act of 1974 [5 USC § 552] Fair Credit Reporting Act [15 USC § 1681] –Places limits on data collected on individuals and uses to which data can be put –Consumer right to know contents of own files

61 EE579T/10 #61 Spring 2001 © 2000, 2001, Richard A. Stanley WPI More to Think About Censorship Privacy Actions of others Responsibility to report crimes Public approbation vs. legal action Whose laws apply? –Cf. eBay and Nazi memorabilia in France

62 EE579T/10 #62 Spring 2001 © 2000, 2001, Richard A. Stanley WPI More Legal Considerations What if… –One of your employees is using your network to do something illegal? –Someone outside the organization is using your network resources for illicit purposes? –Your system is broken into and important information goes missing or becomes public?

63 EE579T/10 #63 Spring 2001 © 2000, 2001, Richard A. Stanley WPI What Is Your Responsibility? For intellectual property? For personal data? For financial data? For proper operation of the network? How and where are these things defined?

64 EE579T/10 #64 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethics Concerns Information Management –Data acquisition –Access –Stewardship Information Security –Ownership of intellectual property –Crime –Liability and reliability

65 EE579T/10 #65 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethical Issues Ethics and the law are not the same Ethic is an objectively defined standard of right or wrong Ethical standards tend to be idealistic Set of ethical principles is an ethical system

66 EE579T/10 #66 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Law Versus Ethics Formal, written Interpreted by courts Established by legislature Applies to everyone Conflict, “right” resolved by courts Enforceable Unwritten principles Interpreted by indiv. Presented by religions, philosophers, etc. Personal choice No external arbiter of “right” or conflict Limited enforcement LAWETHICS

67 EE579T/10 #67 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethics Overview Complex Ethics and religion Ethics not universal Ethics does not provide unique, immutable answers –Ethical pluralism –Very unlike scientific view of “truth” –Rarely a higher authority

68 EE579T/10 #68 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethical Reasoning How to approach an ethical issue? –Understand the situation –Know several theories of ethical reasoning –List the ethical principles involved –Determine which principles outweigh the others First and third are key Easy to go off at half cock

69 EE579T/10 #69 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethical Principles--Examples Teleology –Focus on consequences –Egoism: benefits to person taking the action –Utilitarianism: benefits to entire world Deontology –Focus on sense of duty –Some things are just intrinsically good –Rule-deontology –Act-deontology situation ethics

70 EE579T/10 #70 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethics Case 1 Dave works as a programmer for a large software company. He writes and tests utility programs. His company operates two shifts: during the day, program development and online applications are run; at night batch production jobs are completed. Dave has access to workload data and learns that adding programming work to the night shift runs would not adversely affect performance of the computer to other users. Dave comes back after normal hours to develop a program to manage his own stock portfolio. His drain on the system is minimal; he uses very few expendable supplies such as paper. Is Dave’s behavior ethical?

71 EE579T/10 #71 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Some Values Issues Ownership of resources Effect on others Universalism principle Possibility of detection, punishment Other issues? Which are more important than others?

72 EE579T/10 #72 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethics Case 2 Donald works for the county health department as a computer records clerk, where he has access to files of patient records. For a scientific study, a researcher -- Ethel -- has been granted access to the medical portion, but the corresponding names, of some records. Ethel finds some information that she would like to use, but she needs the names and addresses in order to contact these people for more information and for permission to do further study. Should Donald give Ethel the names and addresses?

73 EE579T/10 #73 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Some Principles Involved Job responsibility Use Possible misuse Confidentiality Tacit permission Propriety Law

74 EE579T/10 #74 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethics Case 3 Kevin Mitnick, the notorious computer hacker accused of causing millions of dollars in damage to technology companies, has been ordered to get off the lecture circuit or risk going back to prison. The federal probation department sent word through his probation officer that his activities must stop, Mitnick said. “They’re saying I can no longer write or speak about technology issues.” Mitnick said in a telephone interview. “I think it is an abrogation of my First Amendment rights. … Probation is not supposed to be punitive.” Government officials could not be reached for comment. Are Mitnick’s actions ethical? Are the government’s?

75 EE579T/10 #75 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Ethics Case 4 The school computer center

76 EE579T/10 #76 Spring 2001 © 2000, 2001, Richard A. Stanley WPI General Moral Imperatives (ACM Code of Ethics and Professional Conduct) Contribute to society and human well-being Avoid harm to others Be honest and trustworthy Be fair and take action not to discriminate Honor property rights including copyrights and patents Give proper credit for intellectual property Respect the privacy of others Honor confidentiality

77 EE579T/10 #77 Spring 2001 © 2000, 2001, Richard A. Stanley WPI The “P” Word Can or should you have an ethics policy? Why or why not? Are you aware of organizations that do have ethics policies?

78 EE579T/10 #78 Spring 2001 © 2000, 2001, Richard A. Stanley WPI The Other “P” Word Privacy –What is it? –How to protect it? –What do customers and employees expect? –What do they have a right to expect? –Where is the Constitutional right to privacy found?

79 EE579T/10 #79 Spring 2001 © 2000, 2001, Richard A. Stanley WPI Summary Network security involves a close interaction of legal and ethical issues Ethics and the law are not the same There are no hard and fast answers to ethical questions, but there are guidelines It doesn’t hurt to seek others’ opinions, but the ultimate responsibility rests with you

Download ppt "EE579T/10 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 10:Legal and Ethical Issues Prof. Richard A. Stanley."

Similar presentations

Chapter Two LAW and CRIME

Chapter Two LAW and CRIME
BANKRUPTCY CODE What is a code? A collection of written laws gathered, usually covering specific subject matter. A code is a type of legislation designed.

BANKRUPTCY CODE What is a code? A collection of written laws gathered, usually covering specific subject matter. A code is a type of legislation designed.
P OSITIVE L AW C ODIFICATION Harlan Yu Robinson + By: (O R, M AKING THE L AW E ASIER TO U NDERSTAND )

P OSITIVE L AW C ODIFICATION Harlan Yu Robinson + By: (O R, M AKING THE L AW E ASIER TO U NDERSTAND )
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Elements of Crime and Categories of Punishment

Elements of Crime and Categories of Punishment
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Law for Business and Personal Use

Law for Business and Personal Use
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.

Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.
Copyright Myths. If it doesn't have a copyright notice, it's not copyrighted. This was true in the past, but today almost all major nations follow the.

Copyright Myths. "If it doesn't have a copyright notice, it's not copyrighted." This was true in the past, but today almost all major nations follow the.
© 2003 Rule 1.9. Duties to Former Clients (a) A lawyer who has formerly represented a client in a matter shall not thereafter represent another person.

© 2003 Rule 1.9. Duties to Former Clients (a) A lawyer who has formerly represented a client in a matter shall not thereafter represent another person.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
K. Salah1 Legal, Privacy, & Ethical Issues. K. Salah2 Overview Human Controls Applicable to Computer Security The Basic Issues Computer Crime Privacy.

K. Salah1 Legal, Privacy, & Ethical Issues. K. Salah2 Overview Human Controls Applicable to Computer Security The Basic Issues Computer Crime Privacy.
24 Legal and Ethical Considerations. 24 Legal and Ethical Considerations.

24 Legal and Ethical Considerations. 24 Legal and Ethical Considerations.
The Judicial Branch The Criminal Justice Process.

The Judicial Branch The Criminal Justice Process.

Similar presentations

Ads by Google