chapter 10 privacy and other social issues. old florida saying only two things in the water after...

Chapter 10

Privacy and Other Social Issues

Old Florida saying

Only two things in the water after dark.

Gators and gator food.

Arthur C. Clarke, science fiction author

Any sufficiently advanced technology is

indistinguishable from magic.

Copyright © 2003, Addison-Wesley

The FUD Factor

Fear, uncertainty, and doubt What you do not know can hurt

you The gators in Upper Myakka Lake The lowlifes on the Web

Online access opens new opportunities

A little knowledge is your best defense

Scott McNealy, CEO, Sun Microsystems, Inc.

You have zero privacy.Get over it.


What Is Privacy?

Freedom from observation, intrusion, or attention of others

Society’s needs sometimes trump individual privacy

Privacy rights are not absolute Balance needed

Individual rights Society’s need


Some Privacy Issues and Tools

Issues Industrial espionage Information theft Data modification Software

modification Pirated software Snooping Tracking Identity theft

Perpetrators &Tools Hackers Script kiddies Viruses and worms Cookies Backdoors Denial of service Packet sniffers IP spoofing TEMPEST


Privacy and the Law

No constitutional right to privacy The word “privacy” is not in the Constitution Congress has passed numerous laws

Not particularly effective Issue is pace of change

Privacy is a function of culture Privacy means different things in

different countries and regions Serious problem on global Internet


Figure 10.1 Some U.S. privacy laws.

YearTitle

Intent

1970 Fair Credit Reporting Act

Limits the distribution of credit reports to those who need to know.

1974 Privacy Act Establishes the right to be informed about personal information on government databases.

1978 Right to Financial Privacy Act

Prohibits the federal government from examining personal financial accounts without due cause.

1986 Electronic Communications Privacy Act

Prohibits the federal government from monitoring personal e-mail without a subpoena.

1988 Video Privacy Protection Act

Prohibits disclosing video rental records without customer consent or a court order.

2001 Patriot Act Streamlines federal surveillance guidelines to simplify tracking possible terrorists.


Collecting Personal Information

Notice/awareness You must be told when and why

Choice/consent Opt-in or opt-out

Access/participation You can access and suggest corrections

Integrity/security Collecting party is responsible

Enforcement/redress You can seek legal remedies


Figure 10. 3 Amazon.com’s privacy policy.


Figure 10.4 Dell displays the BBB seal.

Seal of approval BBB TRUSTe WebTrust

Enhances Web site’s credibility


Collecting Personal Information

Often voluntary Filling out a form Registering for a prize Supermarket “Rewards” cards

Legal, involuntary sources Demographics Change of address Various directories Government records


Figure 10.5 Online personal information.


Completing the Picture

Aggregation Combining data from multiple sources Complete dossier Demographics

Finding missing pieces Browser supplied data – TCP/IP Public forums – monitoring Samurai


Capturing Clickstream Data

Record of individual’s Internet activity Web sites and newsgroups visited Incoming and outgoing e-mail addresses

Tracking Secretly collecting clickstream data ISP in perfect position to track you

All transactions go through ISP Using cookies Using Web bugs


Figure 10.6 Tracking with cookies.

Client requests Acme page

Acme returns page

Client requests embedded banner from Gotcha

Gotcha returns banner and cookie

Cookies

Clientbrowser

Acme'sWeb server

Gotcha'sWeb server

Web page

Gotcha'sdatabase

Gotcha'scookies

Gotcha's<IMG>

1

2

3

4

Request page

Return page

Request bannerReturn cookies

Return bannerReturn another cookie


Figure 10.7 A cookie from DoubleClick.

“Gotcha” and DoubleClick sell aggregated data


Tracking with Web Bugs

Web bug – single-pixel clear GIF Image reference buried in HTML Browser requests image Server returns bug plus cookie Request provides clickstream data Difficult to spot a Web bug

Web bug in HTML formatted e-mail Secret return receipt


Figure 10.8 A demonstration Web bug.

This Web bug is designed to be seen


Figure 10.9 A Web bug buried in an e-mail message.

Again, this one is designed to be seen


Some Useful Sites

Tracking http://privacy.net/track

Illustration of how a company can track you http://www.acxiom.com/infobase

Consumer, business, and telephone data A sense of what is available

Cookies http://www.cookiecentral.com

Everything you want to know about cookies


Surveillance and Monitoring

Surveillance Continual observation Tampa – facial scanning at Super Bowl Packet sniffing

Monitoring The act of watching someone or

something E-mail Web bugs Workplace monitoring is legal


Surveillance and Monitoring Tools

Spyware Sends collected data over back channel

Snoopware Records target’s online activities Retrieved later

Screen shots, logs, keystrokes Other surveillance/monitoring sources

OnStar and GPS tracking E-ZPass systems Phone calls and credit card purchases


Spam

Electronic junk mail Hackers dislike spammers

Flame attacks Spammers use anonymous remailers

Mailing list sources Online personal information services Dictionary attack software

Do not respond in any way!


Anonymous Remailers

Some good FAQs http://www.andrebacard.com/remail

.html An example

http://www.anonymizer.com What they know about you Not an endorsement


Figure 10.10 This banner ad mimics a dialog box. Do not click OK.

Fake banner ads like this one are very annoying Spawner – spawns its own pop-up ads Mouse-trapper

Turns off browser’s Back button Disable pop-ups ad’s close button No way to close ad – must reboot

Spam is a source of spawners and mouse-trappers


Fraud

The crime of obtaining money or some other benefit by deliberate deception.

We will consider Identity theft Credit card fraud Scammers and con artists Financial swindles


Identity Theft

The act of using another person’s identity to surf the web, make purchases, etc. Not necessarily online

Dumpster diving Shred those credit card offers

Protect your social security number Protect your credit card number

The Web simplifies identity theft


Credit Card Fraud

As old as credit cards Cost of doing business Can be controlled, but not eliminated

Not necessarily online SSL reduces risk Greatest risk

Attack on merchant’s database Attractive target


Scammers and Con Artists

Social engineering – ask for credit card Pyramid schemes or Ponzi schemes

Cash flow depends on new participants Dialer programs

Scam Web site terminates ISP connection Establish expensive long-distance connection

Rogue Web sites Clones and misspelled URLs

Auction fraud Shill bidding


Financial Swindles

Stock fraud Pump-and-dump

Buy cheap stock Hype it online – chat rooms Dump it when price goes up

Popular organized crime tool Fee for credit card or loan Requests for social security or credit

card number


Pornography and Gambling

Online pornography is thriving business Worldwide distribution Free speech and free press protected by US

Constitution Prosecution difficult

Porn napping Taking over lapsed or innocent URLs

Gambling, or gaming Legal in most states and offshore

Who do you call? The police?


Protecting Your Online Privacy

Implement appropriate security measures Get a copy of your credit report Use:

Junk e-mail account Anonymous remailer Stealth surfing service Common sense

Deal with recognized, trusted e-retailers Keep important numbers and passwords secret Use good passwords If your computer acts strangely, find out why

chapter 10 privacy and other social issues. old florida saying only two things in the water after...

Documents