chapter 10 privacy and other social issues. old florida saying only two things in the water after...
TRANSCRIPT
Arthur C. Clarke, science fiction author
Any sufficiently advanced technology is
indistinguishable from magic.
Copyright © 2003, Addison-Wesley
The FUD Factor
Fear, uncertainty, and doubt What you do not know can hurt
you The gators in Upper Myakka Lake The lowlifes on the Web
Online access opens new opportunities
A little knowledge is your best defense
Copyright © 2003, Addison-Wesley
What Is Privacy?
Freedom from observation, intrusion, or attention of others
Society’s needs sometimes trump individual privacy
Privacy rights are not absolute Balance needed
Individual rights Society’s need
Copyright © 2003, Addison-Wesley
Some Privacy Issues and Tools
Issues Industrial espionage Information theft Data modification Software
modification Pirated software Snooping Tracking Identity theft
Perpetrators &Tools Hackers Script kiddies Viruses and worms Cookies Backdoors Denial of service Packet sniffers IP spoofing TEMPEST
Copyright © 2003, Addison-Wesley
Privacy and the Law
No constitutional right to privacy The word “privacy” is not in the Constitution Congress has passed numerous laws
Not particularly effective Issue is pace of change
Privacy is a function of culture Privacy means different things in
different countries and regions Serious problem on global Internet
Copyright © 2003, Addison-Wesley
Figure 10.1 Some U.S. privacy laws.
YearTitle
Intent
1970 Fair Credit Reporting Act
Limits the distribution of credit reports to those who need to know.
1974 Privacy Act Establishes the right to be informed about personal information on government databases.
1978 Right to Financial Privacy Act
Prohibits the federal government from examining personal financial accounts without due cause.
1986 Electronic Communications Privacy Act
Prohibits the federal government from monitoring personal e-mail without a subpoena.
1988 Video Privacy Protection Act
Prohibits disclosing video rental records without customer consent or a court order.
2001 Patriot Act Streamlines federal surveillance guidelines to simplify tracking possible terrorists.
Copyright © 2003, Addison-Wesley
Collecting Personal Information
Notice/awareness You must be told when and why
Choice/consent Opt-in or opt-out
Access/participation You can access and suggest corrections
Integrity/security Collecting party is responsible
Enforcement/redress You can seek legal remedies
Copyright © 2003, Addison-Wesley
Figure 10.4 Dell displays the BBB seal.
Seal of approval BBB TRUSTe WebTrust
Enhances Web site’s credibility
Copyright © 2003, Addison-Wesley
Collecting Personal Information
Often voluntary Filling out a form Registering for a prize Supermarket “Rewards” cards
Legal, involuntary sources Demographics Change of address Various directories Government records
Copyright © 2003, Addison-Wesley
Completing the Picture
Aggregation Combining data from multiple sources Complete dossier Demographics
Finding missing pieces Browser supplied data – TCP/IP Public forums – monitoring Samurai
Copyright © 2003, Addison-Wesley
Capturing Clickstream Data
Record of individual’s Internet activity Web sites and newsgroups visited Incoming and outgoing e-mail addresses
Tracking Secretly collecting clickstream data ISP in perfect position to track you
All transactions go through ISP Using cookies Using Web bugs
Copyright © 2003, Addison-Wesley
Figure 10.6 Tracking with cookies.
Client requests Acme page
Acme returns page
Client requests embedded banner from Gotcha
Gotcha returns banner and cookie
Cookies
Clientbrowser
Acme'sWeb server
Gotcha'sWeb server
Web page
Gotcha'sdatabase
Gotcha'scookies
Gotcha's<IMG>
1
2
3
4
Request page
Return page
Request bannerReturn cookies
Return bannerReturn another cookie
Copyright © 2003, Addison-Wesley
Figure 10.7 A cookie from DoubleClick.
“Gotcha” and DoubleClick sell aggregated data
Copyright © 2003, Addison-Wesley
Tracking with Web Bugs
Web bug – single-pixel clear GIF Image reference buried in HTML Browser requests image Server returns bug plus cookie Request provides clickstream data Difficult to spot a Web bug
Web bug in HTML formatted e-mail Secret return receipt
Copyright © 2003, Addison-Wesley
Figure 10.8 A demonstration Web bug.
This Web bug is designed to be seen
Copyright © 2003, Addison-Wesley
Figure 10.9 A Web bug buried in an e-mail message.
Again, this one is designed to be seen
Copyright © 2003, Addison-Wesley
Some Useful Sites
Tracking http://privacy.net/track
Illustration of how a company can track you http://www.acxiom.com/infobase
Consumer, business, and telephone data A sense of what is available
Cookies http://www.cookiecentral.com
Everything you want to know about cookies
Copyright © 2003, Addison-Wesley
Surveillance and Monitoring
Surveillance Continual observation Tampa – facial scanning at Super Bowl Packet sniffing
Monitoring The act of watching someone or
something E-mail Web bugs Workplace monitoring is legal
Copyright © 2003, Addison-Wesley
Surveillance and Monitoring Tools
Spyware Sends collected data over back channel
Snoopware Records target’s online activities Retrieved later
Screen shots, logs, keystrokes Other surveillance/monitoring sources
OnStar and GPS tracking E-ZPass systems Phone calls and credit card purchases
Copyright © 2003, Addison-Wesley
Spam
Electronic junk mail Hackers dislike spammers
Flame attacks Spammers use anonymous remailers
Mailing list sources Online personal information services Dictionary attack software
Do not respond in any way!
Copyright © 2003, Addison-Wesley
Anonymous Remailers
Some good FAQs http://www.andrebacard.com/remail
.html An example
http://www.anonymizer.com What they know about you Not an endorsement
Copyright © 2003, Addison-Wesley
Figure 10.10 This banner ad mimics a dialog box. Do not click OK.
Fake banner ads like this one are very annoying Spawner – spawns its own pop-up ads Mouse-trapper
Turns off browser’s Back button Disable pop-ups ad’s close button No way to close ad – must reboot
Spam is a source of spawners and mouse-trappers
Copyright © 2003, Addison-Wesley
Fraud
The crime of obtaining money or some other benefit by deliberate deception.
We will consider Identity theft Credit card fraud Scammers and con artists Financial swindles
Copyright © 2003, Addison-Wesley
Identity Theft
The act of using another person’s identity to surf the web, make purchases, etc. Not necessarily online
Dumpster diving Shred those credit card offers
Protect your social security number Protect your credit card number
The Web simplifies identity theft
Copyright © 2003, Addison-Wesley
Credit Card Fraud
As old as credit cards Cost of doing business Can be controlled, but not eliminated
Not necessarily online SSL reduces risk Greatest risk
Attack on merchant’s database Attractive target
Copyright © 2003, Addison-Wesley
Scammers and Con Artists
Social engineering – ask for credit card Pyramid schemes or Ponzi schemes
Cash flow depends on new participants Dialer programs
Scam Web site terminates ISP connection Establish expensive long-distance connection
Rogue Web sites Clones and misspelled URLs
Auction fraud Shill bidding
Copyright © 2003, Addison-Wesley
Financial Swindles
Stock fraud Pump-and-dump
Buy cheap stock Hype it online – chat rooms Dump it when price goes up
Popular organized crime tool Fee for credit card or loan Requests for social security or credit
card number
Copyright © 2003, Addison-Wesley
Pornography and Gambling
Online pornography is thriving business Worldwide distribution Free speech and free press protected by US
Constitution Prosecution difficult
Porn napping Taking over lapsed or innocent URLs
Gambling, or gaming Legal in most states and offshore
Who do you call? The police?
Copyright © 2003, Addison-Wesley
Protecting Your Online Privacy
Implement appropriate security measures Get a copy of your credit report Use:
Junk e-mail account Anonymous remailer Stealth surfing service Common sense
Deal with recognized, trusted e-retailers Keep important numbers and passwords secret Use good passwords If your computer acts strangely, find out why